build(deps): bump @slack/bolt from 4.6.0 to 4.7.2

[dependabot]

Bumps @slack/bolt from 4.6.0 to 4.7.2.

Release notes

Sourced from @​slack/bolt's releases.

@​slack/bolt@​4.7.0

What's Changed

Bring magic to a conversation with sayStream for streaming messages and show loading status with setStatus. Now available for app.event and app.message listeners:

app.event('app_mention', async ({ sayStream, setStatus }) => {
  setStatus({
    status: 'Thinking...',
    loading_messages: ['Waking up...', 'Loading a witty response...'],
  });
  const stream = sayStream({ buffer_size: 100 });
  await stream.append({ markdown_text: 'Thinking... :thinking_face:\n\n' });
  await stream.append({ markdown_text: 'Here is my response!' });
  await stream.stop();
});

The respond function now accepts thread_ts to publish responses in a thread:

app.action('my_action', async ({ ack, respond }) => {
  await ack();
  await respond({ text: 'Replying in thread!', thread_ts: '1234567890.123456' });
});

Configure ping timeouts, reconnect behavior, and other Socket Mode settings directly through App options:

const app = new App({
  socketMode: true,
  appToken: process.env.SLACK_APP_TOKEN,
  token: process.env.SLACK_BOT_TOKEN,
  clientPingTimeout: 15000,
  serverPingTimeout: 60000,
  pingPongLoggingEnabled: true,
});

👾 Enhancements

• feat: add support for sayStream listener argument in #2841 - Thanks @​WilliamBergamin!
• feat: surface the setStatus argument to listeners if required event details are available in #2843 - Thanks @​WilliamBergamin!
• Add thread_ts to RespondFn type in #2732 - Thanks @​misscoded!
• feat(SocketModeReceiver): expose Socket Mode timeout and reconnect options in #2786 - Thanks @​shivasymbl!
• Enable esModuleInterop in tsconfig in #2719 - Thanks @​misscoded!

🐛 Fixes

... (truncated)

Changelog

Sourced from @​slack/bolt's changelog.

4.7.2

Patch Changes

• 4545150: Require exact ssl_check=1 value to bypass signature verification, preventing truthy but incorrect values from skipping authentication checks.

4.7.1

Patch Changes

• a18c359: fix: correct InvalidCustomPropertyError code and MemoryStore promise handling

Commits

• 81b2b3e chore: release (#2901)
• 4545150 fix: require exact ssl_check=1 value to bypass signature verification (#2899)
• 8318ca5 chore(deps): bump @​slack/socket-mode from 2.0.6 to 2.0.7 (#2900)
• e23efe8 fix: strip smuggled payload from ssl_check requests (#2898)
• ad576a1 ci: upload codecov coverage from Node.js 24.x (#2896)
• a5135ba ci: skip publish step if no release is needed (#2894)
• a24cf85 ci: auto-approve dependabot PRs for example project dependencies (#2893)
• e896807 chore(deps): update @​slack/bolt requirement from ^4.7.0 to ^4.7.1 in /example...
• 7432ca0 chore(deps): update @​slack/bolt requirement from ^4.7.0 to ^4.7.1 in /example...
• 7c61c15 chore(deps): update @​slack/bolt requirement from ^4.7.0 to ^4.7.1 in /example...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​slack/bolt since your current version.