chore(deps): update dependency adaptive-expressions to v4.23.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
adaptive-expressions	4.22.1 → 4.23.3

---

Release Notes

Microsoft/botbuilder-js (adaptive-expressions)

v4.23.3: Bot Framework JS SDK 4.23.3

Compare Source

Notable in this release

• Added supporet for TS 5.9

  Note: In order to support new TS version, we had to drop support for TS 4.7 as it is incompatible with the new node/types version.

• Package updates to resolve security alerts

What's Changed

• fix: Remaining CodeQL issues (microsoft#4898)
• bump: [microsoft#4894] Add support for typescript 5.9 (microsoft#4897)
• fix: [microsoft#4840] The use of the package browserify-sign could violate Microsoft crypto policy (microsoft#4875)
• Mark activity as optional in ConversationParameters (microsoft#4873)
• bump: dependencies to safe versions (microsoft#4896)
• Enable configuration of the OpenIdmetadata's refresh interval (microsoft#4877)
• fix: CodeQL issues with Medium and Error severity (microsoft#4893)
• bump: pbkdf2 from 3.1.1 to 3.1.3 (microsoft#4888)
• port: CQA to support TokenCredential instead of key (microsoft#4879)
• fix: CodeQL issues with severity High (microsoft#4892)
• Bump pbkdf2 version to fix issue (microsoft#4891)
• chore(deps): bump tar-fs from 2.1.1 to 2.1.2 (microsoft#4871)
• fix: Add signInSso cardviewType to SignInCardViewParameters (microsoft#4872)
• Update babel-runtime (microsoft#4868)
• bump: axios from 1.7.7 to 1.8.2 (microsoft#4869)
• Allow null value for Configuration parameter (microsoft#4856)
• fix: [microsoft#4853] ConfigurationBotFrameworkAuthentication errors when initialized with process.env (microsoft#4857)
• Update elliptic, esbuild, and serialize-javascript (microsoft#4862)
• refactor: [microsoft#4759] Migrate off @​azure/core-http (microsoft#4834)
• chore(deps): bump elliptic from 6.6.0 to 6.6.1 (microsoft#4863)
• fix: Update generators and remove Core Bot templates (microsoft#4867)
• Fix actions/cache deprecation (microsoft#4858)

Full Changelog: microsoft/botbuilder-js@4.23.2...4.23.3

v4.23.2: Bot Framework JS SDK 4.23.2

Compare Source

Notable changes in this release

• Node 22 support
• Dependency updates for security alerts
• Federated Credentials for bot-to-channel auth. This is supported for single tenant only.

What's Changed

• port: [#​4632] Support Federated Identity Credential by @​sw-joelmut in microsoft#4765
• port: [#​6841] SkillDialog.InterceptOAuthCardsAsync doesn't support CloudAdapter by @​ceciliaavila in microsoft#4766
• fix: CVE-2024-52798 vulnerability with path-to-regexp by @​JhontSouth in microsoft#4817
• bump: Update d3-format package by @​JhontSouth in microsoft#4842
• fix: Run the coveralls step only for windows by @​ceciliaavila in microsoft#4843
• bump: nanoid from 3.3.6 to 3.3.8 by @​dependabot in microsoft#4812
• feat: Support Sso for SharePoint bot ACEs by @​bentsai10 in microsoft#4806
• port:[#​6879] Bot is not accepting v2 tokens from Bot Framework Emulator - Single Tenant Bots by @​JhontSouth in microsoft#4847
• fix: Upgrade path-to-regexp and find-my-way packages to latest version by @​ceciliaavila in microsoft#4756
• bump: http-proxy-middleware from 2.0.6 to 2.0.7 by @​dependabot in microsoft#4778
• bump: [#​4684] Upgrade Nighwatch by @​sw-joelmut in microsoft#4768
• bump: elliptic from 6.5.7 to 6.6.0 by @​dependabot in microsoft#4780
• bump: [#​4684] Upgrade filenamify using import-sync for esm-only package by @​ceciliaavila in microsoft#4782
• fix: Upgrade cookie dependency to latest version by @​ceciliaavila in microsoft#4771
• bump: [#​4684] Replace nanoid with native module crypto by @​ceciliaavila in microsoft#4769
• bump: Update p-map package by @​JhontSouth in microsoft#4820
• Suppress fake secret in unit test. by @​tracyboehrer in microsoft#4850
• bump: Update chai package by @​JhontSouth in microsoft#4844
• refactor: [#​4684] Replace browserify with tsup by @​sw-joelmut in microsoft#4774
• port: [#​6861]TeamsSSOTokenExchangeMiddleware.DeduplicatedTokenExchangeIdAsync fails on BlobStorage ETag validation by @​ceciliaavila in microsoft#4800
• bump: [#​4684] Update nock dependency to latest version by @​ceciliaavila in microsoft#4760
• bump: rollup from 4.21.0 to 4.22.4 by @​dependabot in microsoft#4755
• bump: [#​4684] Upgrade rimraf dependency to v5 by @​ceciliaavila in microsoft#4761
• bump: [#​4684] Update sinon dependency to latest version by @​ceciliaavila in microsoft#4762

Other

• bump: [#​4684] Update applicationinsights dependency to version 2.x by @​ceciliaavila in microsoft#4758
• fix: [#​4746] Fix INodeBuffer in TypeScript 5.6 and ESNext target by @​sw-joelmut in microsoft#4757
• feat: Add TS 5.6 and ESNext target support by @​sw-joelmut in microsoft#4763
• feat: [#​4684] Consolidate and update browser-echo-bot dependencies by @​sw-joelmut in microsoft#4764
• fix: Workspaces for update-versions script by @​sw-joelmut in microsoft#4783
• port: Add dataset to SearchInvokeValue by @​sw-joelmut in microsoft#4777
• bump: Update ESLint packages and migrate to eslint.config.cjs files by @​JhontSouth in microsoft#4776
• fix: [#​4684] Update INodeSocket type by @​sw-joelmut in microsoft#4767
• Caret ranges for generator SDK version (any v4) by @​tracyboehrer in microsoft#4787
• fix: Upgrade cross-spawn dependency to latest version by @​sw-joelmut in microsoft#4798
• feat: Update versions for generators by @​ceciliaavila in microsoft#4796
• refactor: Fix test:consumer pipeline randomly failing by @​sw-joelmut in microsoft#4793
• fix: [#​4684] ESLint issues in botbuilder-ai by @​ceciliaavila in microsoft#4790
• fix: Update Generators versions: Add missing directory to workspaces by @​ceciliaavila in microsoft#4801
• fix: [#​4684] ESLint issues in botbuilder-azure-blobs by @​ceciliaavila in microsoft#4802
• fix: [#​4684] ESLint issues in botbuilder-lg by @​ceciliaavila in microsoft#4803
• fix: [#​4684] ESLint issues in botbuilder-applicationinsights by @​ceciliaavila in microsoft#4804
• feat: Add support for Node 22 by @​ceciliaavila in microsoft#4808
• fix: [#​4684] ESLint issues in botbuilder-dialogs-adaptive-runtime-core by @​ceciliaavila in microsoft#4809
• fix: [#​4684] ESLint issues in botbuilder-dialogs-adaptive-runtime by @​ceciliaavila in microsoft#4810
• fix: [#​4684] ESLint issues in botbuilder-dialogs-adaptive-runtime-integration libraries by @​ceciliaavila in microsoft#4811
• fix: [#​4684] ESLint issues in botbuilder-dialogs-adaptive-testing by @​sw-joelmut in microsoft#4821
• fix: [#​4684] ESLint issues in botframework-connector by @​sw-joelmut in microsoft#4822
• fix: [#​4684] ESLint issues in botbuilder-testing by @​sw-joelmut in microsoft#4823
• fix: [#​4684] ESLint issues in botbuilder-dialogs-declarative by @​ceciliaavila in microsoft#4813
• fix: [#​4684] ESLint issues in botbuilder-stdlib by @​ceciliaavila in microsoft#4814
• fix: [#​4684] ESLint issues in botframework-config by @​ceciliaavila in microsoft#4815
• fix: [#​4684] ESLint issues in botbuilder-ai-luis by @​sw-joelmut in microsoft#4824
• fix: [#​4684] ESLint issues in botframework-streaming by @​sw-joelmut in microsoft#4825
• fix: [#​4684] ESLint issues in botbuilder-dialogs-adaptive by @​sw-joelmut in microsoft#4826
• fix: [#​4684] ESLint issues in botbuilder-azure by @​sw-joelmut in microsoft#4828
• fix: ESLint issues in bobuilder-core by @​JhontSouth in microsoft#4827
• fix: Remove ESLint config file in bobuilder-ai-qna by @​JhontSouth in microsoft#4829
• fix: ESLint issues in botbuilder by @​JhontSouth in microsoft#4830
• fix: ESLint issues in botbuilder-azure-queues by @​JhontSouth in microsoft#4831
• fix: ESLint issues in botbuilder-dialogs by @​JhontSouth in microsoft#4832
• fix: ESLint issues in adaptive-expressions by @​JhontSouth in microsoft#4833
• fix: [#​4684] ESLint issues in adaptive-expressions-ie11 by @​JhontSouth in microsoft#4835
• fix: ESLint issues in botframework-schema by @​JhontSouth in microsoft#4836
• fix: ESLint issues in bobuilder-ai-orchestrator by @​JhontSouth in microsoft#4837
• fix: ESLint issues in botbuilder-repo-utils by @​JhontSouth in microsoft#4838
• fix: Remove unused resolutions by @​JhontSouth in microsoft#4816
• fix: Remaining ESLint issues by @​sw-joelmut in microsoft#4846
• port: [#​6882] Mock expired token for 'throws exception on expired token' unit test by @​JhontSouth in microsoft#4848

v4.23.1: Bot Framework JS SDK 4.23.1

Compare Source

What's Changed

• bump: micromatch from 4.0.7 to 4.0.8 in /testing/browser-functional/browser-echo-bot by @​dependabot in microsoft#4732
• bump: micromatch from 4.0.2 to 4.0.8 by @​dependabot in microsoft#4733
• bump: [#​4684] Update multiple dependencies inside public libraries to latest version by @​sw-joelmut in microsoft#4739
• bump: webpack from 5.92.0 to 5.94.0 in /testing/browser-functional/browser-echo-bot by @​dependabot in microsoft#4736
• fix: [#​4684] Update some dependencies to latest version by @​sw-joelmut in microsoft#4737
• fix: [#​4684] Update versions command by @​sw-joelmut in microsoft#4742
• bump: body-parser from 1.20.2 to 1.20.3 by @​dependabot in microsoft#4743
• bump: express from 4.19.2 to 4.20.0 in /testing/browser-functional/browser-echo-bot by @​dependabot in microsoft#4744
• fix: Upgrade express dependency to latest version by @​ceciliaavila in microsoft#4747
• fix: Replace globby with fast-glob by @​JhontSouth in microsoft#4745
• fix: Upgrade send dependency to latest version by @​ceciliaavila in microsoft#4749
• bump: [#​4684] Update @​azure/cosmos and @​azure/core-auth dependencies to their latest version by @​sw-joelmut in microsoft#4748
• bump: [#​4684] Update multiple dependencies inside internal libraries to latest version by @​sw-joelmut in microsoft#4752

v4.23.0: Bot Framework JS SDK 4.23.0

Compare Source

This is the August 2024 release of the Bot Framework JS SDK. This release contains Node 18 & 20 support, as well as security fixes.

NOTE
Due to the update to the last Azure Identity and MSAL.Node packages, Node versions prior to Node 18 are no longer supported. This is because those packages don't support out-of-support Node versions.

What's Changed

• bump: [#​4550] Add Node 18 and 20 support by @​sw-joelmut in microsoft#4726

• fix: Remove CVE-2022-3517 vulnerability by @​JhontSouth in microsoft#4699

• fix: Remove CVE-2022-25881 vulnerability by updating the http-cache-semantics package by @​sw-joelmut in microsoft#4703

• fix: Remove CVE-2020-8203 vulnerability in lodash.set by @​andres-robinet-sw in microsoft#4704

• fix: Remove CVE-2021-3807 vulnerability by @​JhontSouth in microsoft#4705

• fix: Remove CVE-2022-23539 vulnerability by updating the jsonwebtoken packages by @​sw-joelmut in microsoft#4706

• fix: Remove CVE-2022-3517 vulnerability with minimatch by @​JhontSouth in microsoft#4707

• bump: semver from 5.7.1 to 7.6.2 by @​dependabot in microsoft#4710

• bump: hosted-git-info from 2.8.8 to 2.8.9 by @​dependabot in microsoft#4711

• bump: elliptic from 6.5.3 to 6.5.5 by @​dependabot in microsoft#4712

• fix: Remove CVE-2020-28469 vulnerability by updating the glob-parent package by @​sw-joelmut in microsoft#4713

• fix: Remove remaining vulnerabilities by updating the hosted-git-info, tar, semver, ejs, elliptic packages by @​sw-joelmut in microsoft#4714

• fix: [#​4684] Remove unnecessary resolutions by @​sw-joelmut in microsoft#4719

• fix: Remove undefined value in @​azure/msal-node by @​JhontSouth in microsoft#4718

• bump: fast-xml-parser from 4.2.5 to 4.4.1 by @​dependabot in microsoft#4721

• port: [#​6813][#​6798] Not able to create instance of BlobsTranscriptStore using TokenCredential instead of connectionString and containerName by @​JhontSouth in microsoft#4720

• fix: Remove browser-echo-bot vulnerabilities by @​JhontSouth in microsoft#4717

• fix: CVE-2024-42460 vulnerability with elliptic by @​JhontSouth in microsoft#4729

• bump: axios from 1.7.2 to 1.7.4 by @​dependabot in microsoft#4730

• port: [#​6793][#​6792] Composer Bot with QnA Intent recognized triggers duplicate QnA queries by @​JhontSouth in microsoft#4700

Full Changelog: microsoft/botbuilder-js@4.22.3...4.23.0

v4.22.3: Bot Framework for JS SDK 4.22.3

Compare Source

This is the June 2024 patch release of the Bot Framework JS SDK. This release contains security updates.

What's Changed

• fix: Remove CVE-2020-28469 with with glob-parent 5.1.1 (High) by @​JhontSouth in microsoft#4670
• fix: CodeQL SM04509 issue by @​andres-robinet-sw in microsoft#4671
• bump: Upgrade axios version to ^1.7.2 by @​JhontSouth in microsoft#4680
• fix: Remove CVE-2024-37890 vulnerability by updating the ws package by @​sw-joelmut in microsoft#4683
• fix: Remove CVE-2020-36632 vulnerability by @​JhontSouth in microsoft#4687
• fix: Remove CVE-2022-21680 vulnerability by @​JhontSouth in microsoft#4688
• fix: Remove CVE-2022-21680 vulnerability by @​JhontSouth in microsoft#4689
• fix: Remove CVE-2023-45133 vulnerability by @​JhontSouth in microsoft#4691
• fix: CVE-2020-8203 with lodash.pick by @​andres-robinet-sw in microsoft#4692
• fix: Remove CVE-2020-7774 vulnerability by updating the y18n package by @​sw-joelmut in microsoft#4693
• fix: Remove CVE-2022-0144 vulnerability by @​JhontSouth in microsoft#4695
• fix: Remove CVE-2024-4068 vulnerability by @​JhontSouth in microsoft#4696
• feat: Support Single Tenant authentication through BotFramework-Emulator by @​JhontSouth in microsoft#4643
• refactor: AgentSettings Circular Structure and improve internals by @​sw-joelmut in microsoft#4641
• chore: Moved @​types/jswebtoken (in both places) to dependencies. by @​tracyboehrer in microsoft#4646
• chore: [#​4636] Add more information to Tenant parameters by @​sw-joelmut in microsoft#4649
• fix: SM03944 suppression by @​tracyboehrer in microsoft#4654
• Removed unused build assets by @​tracyboehrer in microsoft#4658
• fix: [#​4657] bump the npm_and_yarn group across 2 directories with 20 updates by @​JhontSouth in microsoft#4663
• fix: SM04509 suppression by @​tracyboehrer in microsoft#4667
• fix: SM02383 suppression by @​tracyboehrer in microsoft#4668
• fix: [#​4483] Switching npm dependency bcrypt to bcryptjs by @​JhontSouth in microsoft#4669

v4.22.2: Bot Framework JS SDK 4.22.2

Compare Source

This is the April 2024 JS SDK patch release. This release contains minor bug fixes and security updates.

What's Changed

• fix: add content type header by @​XVincentX in microsoft#4587
• fix: [#​4544] JwtTokenExtractor.getIdentity:err! FetchError: request to https://login.botframework.com/v1/.well-known/openidconfiguration by @​ceciliaavila in microsoft#4583
• bump: Update swagger-client to stop using lodash-compat by @​JhontSouth in microsoft#4604
• fix: Removed Copyright from generated code by @​tracyboehrer in microsoft#4612
• fix: [#​4584] ChannelAccount cannot accept extensible properties by @​JhontSouth in microsoft#4618
• bump: Update follow-redirects to ^1.15.4 by @​JhontSouth in microsoft#4617
• bump: Update @​azure/msal-node and @​azure/msal-browser by @​JhontSouth in microsoft#4619
• bump: undici from 5.28.2 to 5.28.3 by @​dependabot in microsoft#4620
• bump: axios from 0.21.1 to 0.28.0 by @​dependabot in microsoft#4621
• bump: ip from 1.1.5 to 1.1.9 by @​dependabot in microsoft#4622
• bump: ip from 1.1.5 to 1.1.9 in /testing/browser-functional/browser-echo-bot by @​dependabot in microsoft#4623
• bump: es5-ext from 0.10.53 to 0.10.63 by @​dependabot in microsoft#4624
• fix: [botframework-connector] Use HashSet instead of string array for endorsement by @​crdev13 in microsoft#4526
• bump: tar to 6.1.9 by @​tracyboehrer in microsoft#4627
• bump: axios to 0.21.2 by @​tracyboehrer in microsoft#4628
• chore: Removed autorest gen related by @​tracyboehrer in microsoft#4629
• bump: axios and ws by @​tracyboehrer in microsoft#4630
• bump: follow-redirects from 1.15.5 to 1.15.6 in /testing/browser-functional/browser-echo-bot by @​dependabot in microsoft#4633
• bump: follow-redirects from 1.15.5 to 1.15.6 by @​dependabot in microsoft#4634
• fix: [#​4440][Bot node.js] Compile error for accessing "conversation" and "organizer" fields for get meeting details bot API by @​ceciliaavila in microsoft#4442
• bump: express from 4.18.2 to 4.19.2 in /testing/browser-functional/browser-echo-bot by @​dependabot in microsoft#4638
• bump: express from 4.17.3 to 4.19.2 by @​dependabot in microsoft#4637
• getValue parity by @​tracyboehrer in microsoft#4639
• chore: Moved @​types/jsonwebtoken to dependencies by @​tracyboehrer in microsoft#4640
• bump: undici from 5.28.3 to 5.28.4 by @​dependabot in microsoft#4642

Full Changelog: microsoft/botbuilder-js@4.22.1...4.22.2

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.