Bump axios, @microsoft/teamsfx and botbuilder in /MSTeams/teams-toolkit/openai-commandbot/OpenAIChatBot/bot

Open dependabot[bot] opened this issue 3 months ago • 0 comments

Bumps axios to 1.12.2 and updates ancestor dependencies axios, @microsoft/teamsfx and botbuilder. These dependencies need to be updated together.

Updates axios from 0.21.4 to 1.12.2

Release notes

Sourced from axios's releases.

Release v1.12.2

Release notes:

Bug Fixes

fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

Dmitriy Mozgovoy

Noritaka Kobayashi

Release v1.12.1

Release notes:

Bug Fixes

types: fixed env config types; (#7020) (b5f26b7)

Contributors to this release

Dmitriy Mozgovoy

Release v1.12.0

Release notes:

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

Ameer Assadi

Emiedonmokumo Dick-Boro

Zeroday BYTE

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.2 (2025-09-14)

Bug Fixes

fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

Dmitriy Mozgovoy

Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

types: fixed env config types; (#7020) (b5f26b7)

Contributors to this release

Dmitriy Mozgovoy

1.12.0 (2025-09-11)

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

... (truncated)

Commits

e5a3336 chore(release): v1.12.2 (#7031)
38726c7 refactor: change if in else to else if (#7028)
cf78825 fix(fetch): use current global fetch instead of cached one when env fetch is ...
c26d00f refactor: remove redundant assignment (#7029)
9fb41a8 chore(ci): add local HTTP server for Karma tests; (#7022)
19f9f36 docs(readme): add custom fetch section; (#7024)
3cac78c chore(release): v1.12.1 (#7021)
b5f26b7 fix(types): fixed env config types; (#7020)
0d8ad6e chore(release): v1.12.0 (#7013)
fd7f404 fix: release pr run
Additional commits viewable in compare view

Updates @microsoft/teamsfx from 2.2.0 to 2.3.3

Commits

6413733 build(release): publish detail
5bbd45b build(release): publish detail
e15b418 Merge pull request #12541 from OfficeDev/long/5.10.0
f9ddb78 build: sdk & adaptivecard release
c3e11c7 build(release): publish detail
88ac04f Merge pull request #12539 from OfficeDev/long/5.10.0
38b1093 build: changelog for 5.10.0
f62e1d6 build: changelog for 5.10.0
74b1058 build: changelog for 5.10.0
4606625 build(release): publish detail
Additional commits viewable in compare view

Updates botbuilder from 4.19.3 to 4.23.3

Release notes

Sourced from botbuilder's releases.

Bot Framework JS SDK 4.23.3

Notable in this release

Added supporet for TS 5.9

Note: In order to support new TS version, we had to drop support for TS 4.7 as it is incompatible with the new node/types version.

Package updates to resolve security alerts

What's Changed

fix: Remaining CodeQL issues (microsoft/botbuilder-js#4898)

bump: [https://redirect.github.com/microsoft/botbuilder-js/issues/4894] Add support for typescript 5.9 (microsoft/botbuilder-js#4897)

fix: [https://redirect.github.com/microsoft/botbuilder-js/issues/4840] The use of the package browserify-sign could violate Microsoft crypto policy (microsoft/botbuilder-js#4875)

Mark activity as optional in ConversationParameters (microsoft/botbuilder-js#4873)

bump: dependencies to safe versions (microsoft/botbuilder-js#4896)

Enable configuration of the OpenIdmetadata's refresh interval (microsoft/botbuilder-js#4877)

fix: CodeQL issues with Medium and Error severity (microsoft/botbuilder-js#4893)

bump: pbkdf2 from 3.1.1 to 3.1.3 (microsoft/botbuilder-js#4888)

port: CQA to support TokenCredential instead of key (microsoft/botbuilder-js#4879)

fix: CodeQL issues with severity High (microsoft/botbuilder-js#4892)

Bump pbkdf2 version to fix issue (microsoft/botbuilder-js#4891)

chore(deps): bump tar-fs from 2.1.1 to 2.1.2 (microsoft/botbuilder-js#4871)

fix: Add signInSso cardviewType to SignInCardViewParameters (microsoft/botbuilder-js#4872)

Update babel-runtime (microsoft/botbuilder-js#4868)

bump: axios from 1.7.7 to 1.8.2 (microsoft/botbuilder-js#4869)

Allow null value for Configuration parameter (microsoft/botbuilder-js#4856)

fix: [https://redirect.github.com/microsoft/botbuilder-js/issues/4853] ConfigurationBotFrameworkAuthentication errors when initialized with process.env (microsoft/botbuilder-js#4857)

Update elliptic, esbuild, and serialize-javascript (microsoft/botbuilder-js#4862)

refactor: [https://redirect.github.com/microsoft/botbuilder-js/issues/4759] Migrate off @azure/core-http (microsoft/botbuilder-js#4834)

chore(deps): bump elliptic from 6.6.0 to 6.6.1 (microsoft/botbuilder-js#4863)

fix: Update generators and remove Core Bot templates (microsoft/botbuilder-js#4867)

Fix actions/cache deprecation (microsoft/botbuilder-js#4858)

Full Changelog: https://github.com/microsoft/botbuilder-js/compare/4.23.2...4.23.3

Bot Framework JS SDK 4.23.2

Notable changes in this release

Node 22 support

Dependency updates for security alerts

Federated Credentials for bot-to-channel auth. This is supported for single tenant only.

What's Changed

port: #4632 Support Federated Identity Credential by @sw-joelmut in microsoft/botbuilder-js#4765

port: #6841 SkillDialog.InterceptOAuthCardsAsync doesn't support CloudAdapter by @ceciliaavila in microsoft/botbuilder-js#4766

fix: CVE-2024-52798 vulnerability with path-to-regexp by @JhontSouth in microsoft/botbuilder-js#4817

bump: Update d3-format package by @JhontSouth in microsoft/botbuilder-js#4842

fix: Run the coveralls step only for windows by @ceciliaavila in microsoft/botbuilder-js#4843

bump: nanoid from 3.3.6 to 3.3.8 by @dependabot in microsoft/botbuilder-js#4812

feat: Support Sso for SharePoint bot ACEs by @bentsai10 in microsoft/botbuilder-js#4806

port:#6879 Bot is not accepting v2 tokens from Bot Framework Emulator - Single Tenant Bots by @JhontSouth in microsoft/botbuilder-js#4847

fix: Upgrade path-to-regexp and find-my-way packages to latest version by @ceciliaavila in microsoft/botbuilder-js#4756

bump: http-proxy-middleware from 2.0.6 to 2.0.7 by @dependabot in microsoft/botbuilder-js#4778

... (truncated)

Commits

0ca2d23 bump: Update from main for 4.23.3 (#4899)
7534989 bump: Update chai package (#4844)
4a9c741 Suppress fake secret in unit test. (#4850)
29ae34b bump: Update p-map package (#4820)
62112c0 port: #6882 Mock expired token for 'throws exception on expired token' unit...
7b1434f fix: Remaining ESLint issues (#4846)
b3b1f65 add the support for every possible issuer in Single Tenant for emulator (#4847)
31c72e9 feat: Support Sso for SharePoint bot ACEs (#4806)
cd05a19 chore(deps): bump nanoid from 3.3.6 to 3.3.8 (#4812)
adca2e0 Run the coveralls step only for windows (#4843)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Sep 30 '25 03:09 dependabot[bot]