fix: trim messages longer than 3000 chars

[gastonfournier]

About the changes

When trying to send messages longer than 3000 chars we get this error:

[ERROR]  web-api:WebClient:0 failed to match all allowed schemas [json-pointer:/blocks/0/text]
[ERROR]  web-api:WebClient:0 must be less than 3001 characters [json-pointer:/blocks/0/text/text]
[2024-09-23T10:10:15.676] [WARN] addon/slack-app - All (1) Slack client calls failed with the following errors: A platform error occurred: {"ok":false,"error":"invalid_blocks","errors":["failed to match all allowed schemas [json-pointer:/blocks/0/text]","must be less than 3001 characters [json-pointer:/blocks/0/text/text]"],"response_metadata":{"messages":["[ERROR] failed to match all allowed schemas [json-pointer:/blocks/0/text]","[ERROR] must be less than 3001 characters [json-pointer:/blocks/0/text/text]"],"scopes":["incoming-webhook","users:read","channels:read","groups:read","mpim:read","im:read","users:read.email","chat:write"],"acceptedScopes":["chat:write"]}}

This PR trims the text length to 3000 chars.

We also upgrade slack API due to some security fixes: https://github.com/slackapi/node-slack-sdk/releases/tag/%40slack%2Fweb-api%407.3.4

After checking the migration guide to v7 it seems that none of the breaking changes affect us: https://github.com/slackapi/node-slack-sdk/wiki/Migration-Guide-for-web%E2%80%90api-v7

Testing

I did manual test this integration and the fix. The way to reproduce is adding a very long strategy name and sending that as an update on Slack:

Now the event succeeds and we notice on the integration event log that the message was trimmed:

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
unleash-monorepo-frontend	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 23, 2024 7:08pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
unleash-docs	⬜️ Ignored (Inspect)	Visit Preview		Sep 23, 2024 7:08pm

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@slack/web-api	^7.3.4	🟢 4.7	Details Check Score Reason Code-Review 🟢 6 Found 7/11 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/@slack/logger	4.0.0	🟢 4.7	Details Check Score Reason Code-Review 🟢 6 Found 7/11 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/@slack/types	2.14.0	🟢 4.7	Details Check Score Reason Code-Review 🟢 6 Found 7/11 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/@slack/web-api	7.5.0	🟢 4.7	Details Check Score Reason Code-Review 🟢 6 Found 7/11 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/@types/node	22.5.5	🟢 7	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed

Scanned Manifest Files

package.json

• @slack/web-api@^7.3.4
• @slack/web-api@^6.10.0

yarn.lock

• @slack/[email protected]
• @slack/[email protected]
• @slack/[email protected]
• @types/[email protected]
• @slack/[email protected]
• @slack/[email protected]
• @slack/[email protected]
• @types/[email protected]
• [email protected]
• [email protected]
• [email protected]

[nunogois]

Just curious: Is this implementation simpler because this integration is deprecated?

[gastonfournier]

Simpler than what other implementation? I did it here because the "msgFormatter" is kind of generic, it doesn't say anything about Slack, so just for precaution I decided not to modify it. I was thinking "If this is a message formatter inside a Slack folder package by feature, then this might be only for Slack", but because it was not I just err on the safe side.

[nunogois]

Simpler than the one in Slack App. In my head it should be pretty much the same thing, so I was just curious why it wasn't.

[gastonfournier]

Oh, just because the slack-app is using the formatted text also as output for the event, this one is only using it for the push

[nunogois]

There's still a:

this.registerEvent({
    integrationId,
    state,
    stateDetails: stateDetails.join('\n'),
    event: serializeDates(event),
    details: {
        url,
        channels: slackChannels,
        username,
        message: text,
    },
});

here, which means that there's a small inconsistency between Slack and Slack App in the way they register integration events: Slack App will tell us the text was trimmed to 3000 characters, but Slack will just trim it.

It's a small detail, so I think it's fine, but again, was just curious 😄

[gastonfournier]

Oh! Thanks! I didn't understand. This is the PR for consistency: #8230

[gastonfournier]

I just didn't see the message at the bottom

[nunogois]

LGTM - Great job and fantastic use of the integration events feature 👍