Skip to content
This repository was archived by the owner on Jan 5, 2026. It is now read-only.

Commit 63ebf76

Browse files
tracyboehrersw-joelmutceciliaaviladependabot[bot]bentsai10
authored
bump: Latest JS security updates (#4917)
* bump: Update from main for 4.23.3 (#4899) * Fix actions/cache deprecation (#4858) * fix: Update generators and remove Core Bot templates (#4867) * Update empty bot templates * Update echo bot templates * Remove core bot templates and its references * Fix unit tests * chore(deps): bump elliptic from 6.6.0 to 6.6.1 (#4863) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.6.0 to 6.6.1. - [Commits](indutny/elliptic@v6.6.0...v6.6.1) --- updated-dependencies: - dependency-name: elliptic dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * refactor: [#4759] Migrate off @azure/core-http (#4834) * Migrate deprecated core-http to new libraries * Fix ESLint * Remove unused dependency * Fix node_modules pathing * Remove unused folder declaration * Fix TypeScript modifying .js and .d.ts files * Fix eslint * Update elliptic, esbuild, and serialize-javascript (#4862) * fix: [#4853] ConfigurationBotFrameworkAuthentication errors when initialized with process.env (#4857) * Fix config options type to support process.env * Fix eslint * Fix test:compat * Allow null value for Configuration parameter (#4856) * chore(deps): bump axios from 1.7.7 to 1.8.2 (#4869) Bumps [axios](https://github.com/axios/axios) from 1.7.7 to 1.8.2. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.7...v1.8.2) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update babel-runtime (#4868) Co-authored-by: Cecilia Avila <[email protected]> * fix: Add signInSso cardviewType to SignInCardViewParameters (#4872) * initial commit * update api md file --------- Co-authored-by: bentsai <[email protected]> * chore(deps): bump tar-fs from 2.1.1 to 2.1.2 (#4871) Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2. - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2) --- updated-dependencies: - dependency-name: tar-fs dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pbkdf2 version to fix issue (#4891) * fix: CodeQL issues with severity High (#4892) * Fix issue in transcriptUtilities * Fix codeql issue in parameterizedBotFrameworkAuthentication * Fix codeql issue in jwtTokenValidation * Fix codeql issue in channelServiceHandler * Fix condition * Use same logic in JwtTokenValidation_authenticateRequest * Fix failing unit test * port: CQA to support TokenCredential instead of key (#4879) * Add MSI support for CQA * Apply minor improvements * Fix previous implementation wrong error message * Fix validation of parameters --------- Co-authored-by: CeciliaAvila <[email protected]> * chore(deps): bump tmp from 0.2.3 to 0.2.4 (#4895) Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.3 to 0.2.4. - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.3...v0.2.4) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump pbkdf2 from 3.1.1 to 3.1.3 (#4888) Bumps [pbkdf2](https://github.com/crypto-browserify/pbkdf2) from 3.1.1 to 3.1.3. - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.3) --- updated-dependencies: - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: CodeQL issues with Medium and Error severity (#4893) * Fix codeql issue in channelServiceRoutes * Fix codeql issue in dialogs tests * Extend timeout for failing unit test * Replace console.log with console.error * feat: Enable configuration of the OpenIdmetadata's refresh interval (#4877) * Add tokenRefreshInterval to ConnectorClientOptions * Add unit tests * Add documentation to new property. * bump: dependencies to safe versions (#4896) * Bump dependencies to safe versions * Add flag to avoid test failing in Node > 22.18 * Add flag to avoid test failing in Node > 22.18 to test:min * Mark activity as optional in ConversationParameters (#4873) * fix: [#4840] The use of the package browserify-sign could violate Microsoft crypto policy (#4875) * Replace crypto-browserify with Web Crypto API * Fix conflicts in yarn.lock file * Fix yarn.lock versions * feat: [#4894] Add support for typescript 5.9 (#4897) * Update TS and types/node versions * Fix issue in INodeBuffer * Update test:consumer testing matrix * fix: Remaining CodeQL issues (#4898) * Fix remaining codeQL issues * Rephrase suppression message in storage --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Joel Mut <[email protected]> Co-authored-by: Cecilia Avila <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Benjamin Tsai <[email protected]> Co-authored-by: bentsai <[email protected]> Co-authored-by: CeciliaAvila <[email protected]> * Update Entity mapper to include additionalProperties (#4903) (#4905) Co-authored-by: Cecilia Avila <[email protected]> * bump: axios from 1.8.2 to 1.12.0 (#4904) * chore(deps): bump axios from 1.8.2 to 1.12.0 Bumps [axios](https://github.com/axios/axios) from 1.8.2 to 1.12.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.2...v1.12.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update axios to 1.13.1 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: CeciliaAvila <[email protected]> * chore(deps): bump tar-fs from 2.1.3 to 2.1.4 (#4906) Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.3 to 2.1.4. - [Commits](mafintosh/tar-fs@v2.1.3...v2.1.4) --- updated-dependencies: - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: CeciliaAvila <[email protected]> * chore(deps): bump node-forge from 1.3.1 to 1.3.2 (#4912) Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 (#4913) Bumps [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) from 13.2.0 to 13.2.1. - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) --- updated-dependencies: - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update glob and js-yaml to safe versions (#4911) * chore(deps): bump jws from 3.2.2 to 3.2.3 (#4914) Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * README update (#4916) Co-authored-by: Tracy Boehrer <[email protected]> * Fix schema tests --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Joel Mut <[email protected]> Co-authored-by: Cecilia Avila <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Benjamin Tsai <[email protected]> Co-authored-by: bentsai <[email protected]> Co-authored-by: CeciliaAvila <[email protected]> Co-authored-by: Tracy Boehrer <[email protected]>
1 parent dc9464e commit 63ebf76

File tree

1 file changed

+1
-4
lines changed

1 file changed

+1
-4
lines changed

libraries/tests.schema

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10654,10 +10654,7 @@
1065410654
"title": "ConversationAccount",
1065510655
"type": "object",
1065610656
"required": [
10657-
"conversationType",
10658-
"id",
10659-
"isGroup",
10660-
"name"
10657+
"id"
1066110658
],
1066210659
"properties": {
1066310660
"isGroup": {

0 commit comments

Comments
 (0)