Dominykas Blyžė

Outdated dependencies in `botbuilder` are starting to rack up vulnerabilities, e.g. https://security.snyk.io/vuln/SNYK-JS-AZUREIDENTITY-7246760, https://security.snyk.io/vuln/SNYK-JS-AZUREMSALNODE-7246761 - `@azure/identity` is two major versions behind, and then there's `[email protected]`. Given that some of these are...

One more vulnerable outdated dependency under `botframework-streaming`: https://security.snyk.io/vuln/SNYK-JS-WS-7266574

Opened #86 - as for GH actions - keep an eye out for https://github.com/nodejs/ci-config-github-actions (once we get that figured out...)

I'm also getting this on a Mac, but not inside a Linux based container. It works on a Mac if I `brew install gpatch`.

I'm trying to understand where things are and whether I can help by making some code contributions. I can seen that there are patches for 1.23.0 in the `patches` folder...

I'm also now thinking about sub-dependencies... Should there be any behaviors prescribed if a dependency is installed from a registry, but it contains a sub-dependency which was originally installed from...

I can see a relevant PR #72 got merged - is there anything I can do to help move this forward?

I'm not working on this, no - I missed the response, but I'm also not able to take this right now, so please do!

I see this has been completed and merged, but nowhere in the docs can I find the location of the official container... can someone point me to it? Happy to...