chore(deps): bump github.com/slack-go/slack from 0.26.0 to 0.27.0

[dependabot]

Bumps github.com/slack-go/slack from 0.26.0 to 0.27.0.

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.27.0

Added

• Support for data_visualization block through DataVisualizationBlock.
• Teamnow preservesenterprise_idandenterprise_namewhen Slack includes Enterprise org details in interaction payloadteam` objects.

Full Changelog: slack-go/slack@v0.26.0...v0.27.0

Changelog

Sourced from github.com/slack-go/slack's changelog.

[0.27.0]

Added

• Block Kit: Add support for data_visualization block through DataVisualizationBlock.
• Interaction payloads: Team now preserves enterprise_id and enterprise_name when Slack includes Enterprise org details in interaction payload team objects.

Commits

• 7609cd3 Bump slack-go/slack to 0.27.0
• 46d27c4 feat: add enterprise fields to interaction team payloads
• c1c5406 feat: add data_visualization block kit support (#1568)
• b08c432 chore(deps): bump actions/checkout from 6 to 7 (#1567)
• 6fd5178 chore: bump golangci-lint to 2.12.2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 28, 2026, 4:15 PM ET / 20:15 UTC.

Summary
This PR bumps the direct Go module dependency github.com/slack-go/slack from v0.26.0 to v0.27.0 and refreshes its go.sum checksums.

Reproducibility: not applicable. this is a dependency bump, not a reported runtime failure. The relevant check is source/diff validation of go.mod, go.sum, and upstream release metadata.

Review metrics: 2 noteworthy metrics.

• Module metadata touched: 2 files modified; 3 additions, 3 deletions. The diff is confined to Go dependency metadata, which keeps the review surface small.
• Direct production dependency: github.com/slack-go/slack v0.26.0 -> v0.27.0. The Slack SDK is used by runtime sync, import, MCP, and search normalization paths, so dependency review should focus there.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🌊 off-meta tidepool
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Wait for CodeQL and release-check to complete before merging.

Risk before merge

• [P1] This is a direct production Slack SDK update, so maintainers should treat Slack message/block parsing and interaction payload behavior as the relevant compatibility surface during normal dependency review.
• [P1] At review time CodeQL and release-check were still pending; I did not run local tests because this review kept the checkout read-only.

Maintainer options:

1. Decide the mitigation before merge
   Merge the narrow go.mod/go.sum bump once the remaining checks and code-owner dependency review are satisfied.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• No ClawSweeper repair is needed; the PR is a clean Dependabot update and the remaining action is normal checks plus code-owner merge judgment.

Security
Cleared: No concrete security or supply-chain concern found; the repo diff only changes the official Slack Go module version and checksum entries.

Review details

Best possible solution:

Merge the narrow go.mod/go.sum bump once the remaining checks and code-owner dependency review are satisfied.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a dependency bump, not a reported runtime failure. The relevant check is source/diff validation of go.mod, go.sum, and upstream release metadata.

Is this the best way to solve the issue?

Yes; updating only go.mod and go.sum is the narrowest maintainable way to take this SDK release, and the PR does not duplicate existing repo behavior or change local API surface.

AGENTS.md: not found in the target repository.

Codex review notes: model internal, reasoning high; reviewed against 905ac75f8337.

Label changes

Label changes:

• add P3: This is a low-risk routine dependency maintenance PR with a narrow module metadata diff and no concrete correctness finding.
• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: Not applicable because this is a Dependabot bot dependency PR; CI and dependency review are the relevant validation gates.

Label justifications:

• P3: This is a low-risk routine dependency maintenance PR with a narrow module metadata diff and no concrete correctness finding.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: Not applicable because this is a Dependabot bot dependency PR; CI and dependency review are the relevant validation gates.

Evidence reviewed

What I checked:

• Current main still uses v0.26.0: go.mod on current main requires github.com/slack-go/slack v0.26.0, so the requested v0.27.0 bump is not already implemented on main. (go.mod:9, 905ac75f8337)
• Latest release still uses v0.26.0: v0.7.3 also has github.com/slack-go/slack v0.26.0, so the dependency update is not shipped in the latest release. (go.mod:9, f5f549466731)
• PR diff is limited to module metadata: The PR modifies only go.mod and go.sum, changing the Slack SDK version and checksums from v0.26.0 to v0.27.0. (go.mod:9, edaec08ce4ca)
• Upstream release scope: The upstream v0.27.0 release was published on 2026-06-27 and adds DataVisualizationBlock support plus enterprise fields on interaction Team payloads. (7609cd3542fc)
• Checks and mergeability: GitHub reported the PR as clean/mergeable; deps, lint, test, docker, and secret scan checks passed while CodeQL and release-check were still pending at review time. (edaec08ce4ca)
• Ownership and dependency history: go.mod history shows recent dependency/release work by steipete, including the prior Slack SDK bump to v0.25.0, and earlier dependency/bootstrap work by vincentkoc. (go.mod:9, f5f549466731)

Likely related people:

• steipete: Recent go.mod and release history includes the v0.7.3 preparation, prior Slack SDK bump work, and multiple Slack API/search fixes touching the affected SDK surface. (role: recent dependency and Slack API area contributor; confidence: high; commits: f5f549466731, 95119f0542f1, ec674989fa4b; files: go.mod, go.sum, internal/slackapi/api.go)
• vincentkoc: Earlier history shows project bootstrap, dependency update work, release-check work, and current assignment on this PR. (role: original and adjacent dependency area contributor; confidence: medium; commits: df45322db90e, 166475ed1deb, 5c32a2758b19; files: go.mod, go.sum, internal/slackapi/api.go)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.