Skip to content

[JS] bump: (deps): Bump the production group in /js with 4 updates #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

[JS] bump: (deps): Bump the production group in /js with 4 updates #2

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 12, 2025
edited
Loading

Bumps the production group in /js with 4 updates: openai, dotenv, @microsoft/teams-js and vectra.

Updates openai from 4.77.4 to 4.93.0

Release notes

Sourced from openai's releases.

v4.93.0

4.93.0 (2025-04-08)

Full Changelog: v4.92.1...v4.93.0

Features

Chores

v4.92.1

4.92.1 (2025-04-07)

Full Changelog: v4.92.0...v4.92.1

Chores

  • internal: only run examples workflow in main repo (#1450) (5e49a7a)

v4.92.0

4.92.0 (2025-04-07)

Full Changelog: v4.91.1...v4.92.0

Features

Bug Fixes

  • api: improve type resolution when importing as a package (#1444) (4aa46d6)
  • client: send X-Stainless-Timeout in seconds (#1442) (aa4206c)
  • embeddings: correctly decode base64 data (#1448) (58128f7)
  • mcp: remove unused tools.ts (#1445) (520a8fa)

Chores

  • internal: add aliases for Record and Array (#1443) (b65391b)

... (truncated)

Changelog

Sourced from openai's changelog.

4.93.0 (2025-04-08)

Full Changelog: v4.92.1...v4.93.0

Features

Chores

4.92.1 (2025-04-07)

Full Changelog: v4.92.0...v4.92.1

Chores

  • internal: only run examples workflow in main repo (#1450) (5e49a7a)

4.92.0 (2025-04-07)

Full Changelog: v4.91.1...v4.92.0

Features

Bug Fixes

  • api: improve type resolution when importing as a package (#1444) (4aa46d6)
  • client: send X-Stainless-Timeout in seconds (#1442) (aa4206c)
  • embeddings: correctly decode base64 data (#1448) (58128f7)
  • mcp: remove unused tools.ts (#1445) (520a8fa)

Chores

  • internal: add aliases for Record and Array (#1443) (b65391b)

4.91.1 (2025-04-01)

Full Changelog: v4.91.0...v4.91.1

... (truncated)

Commits

Updates dotenv from 16.4.7 to 16.5.0

Changelog

Sourced from dotenv's changelog.

16.5.0 (2025-04-07)

Added

  • 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP] Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

  • Remove _log method. Use _debug #862
Commits

Updates @microsoft/teams-js from 2.35.0 to 2.36.0

Release notes

Sourced from @​microsoft/teams-js's releases.

v2.36.0

Minor changes

  • Added canParentManageNAATrustedOrigins capability to check if the parent can manage its list of trusted child origins for Nested App Auth (NAA). The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added getParentOrigin API to read the parent origin for nested app auth
  • Added support for ExternalAppCardActionsForDA capability.
  • Added support for isDeeplyNestedAuthSupported to check if deeply nested auth is supported.
  • Added manageNAATrustedOrigins capability which allows the top-level parent app to register its child app's origin as trusted for nested app auth. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added standalone nested app auth bridge for nested child app
  • Removed child messaging proxying by default to avoid security issues. If an app still needs this pattern, it can be activated through the feature flag function activateChildProxyingCommunication which enables child proxying for that app.
  • Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

  • Set a unique Teams-JS instance id when Teams-JS library is used and appended this unique id to message request sent to host sdk.
  • Disabled default nested app auth bridge injection for nested child app
  • Added apiVersion tag in NAA request and removed isNAAChannelRecommended check in isDeeplyNestedAuthSupported api
Changelog

Sourced from @​microsoft/teams-js's changelog.

2.36.0

Tue, 01 Apr 2025 18:17:07 GMT

Minor changes

  • Added canParentManageNAATrustedOrigins capability to check if the parent can manage its list of trusted child origins for Nested App Auth (NAA). The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added getParentOrigin API to read the parent origin for nested app auth
  • Added support for ExternalAppCardActionsForDA capability.
  • Added support for isDeeplyNestedAuthSupported to check if deeply nested auth is supported.
  • Added manageNAATrustedOrigins capability which allows the top-level parent app to register its child app's origin as trusted for nested app auth. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added standalone nested app auth bridge for nested child app
  • Removed child messaging proxying by default to avoid security issues. If an app still needs this pattern, it can be activated through the feature flag function activateChildProxyingCommunication which enables child proxying for that app.
  • Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

  • Set a unique Teams-JS instance id when Teams-JS library is used and appended this unique id to message request sent to host sdk.
  • Disabled default nested app auth bridge injection for nested child app
  • Added apiVersion tag in NAA request and removed isNAAChannelRecommended check in isDeeplyNestedAuthSupported api
Commits
  • 8b42b7d Setting up for release 2.36.0 (#2771)
  • 7b11048 Setting up for release 2.35.0 (#2748) (#2765)
  • e63a266 Added apiVersion tag in NAA request and removed isNAAChannelRecommended c...
  • 7db8f73 TJS unique bundle id (#2758)
  • 82dcb40 Add support for manageNAATrustedOrigins API (#2768)
  • 875f8f7 Standalone NAA(Nested App Auth) bridge for nested child app (#2750)
  • 0fe84ba Add canParentManageNAATrustedOrigins capability to check if the parent can...
  • 677cd33 Added support for isDeeplyNestedAuthSupported to check if deeply nested aut...
  • 558a98c Disable default nested app auth bridge injection for nested child app (#2762)
  • 6ba186c Added getParentOrigin API to read the parent origin for nested app auth (#2...
  • Additional commits viewable in compare view

Updates vectra from 0.9.0 to 0.10.0

Release notes

Sourced from vectra's releases.

v0.10.0

https://www.npmjs.com/package/vectra

What's Changed

New Contributors

Full Changelog: https://github.com/Stevenic/vectra/commits/v0.10.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
[JS] bump: (deps): Bump the production group in /js with 4 updates
96effff 
Bumps the production group in /js with 4 updates: [openai](https://github.com/openai/openai-node), [dotenv](https://github.com/motdotla/dotenv), [@microsoft/teams-js](https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js) and [vectra](https://github.com/Stevenic/vectra).


Updates `openai` from 4.77.4 to 4.93.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v4.77.4...v4.93.0)

Updates `dotenv` from 16.4.7 to 16.5.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.4.7...v16.5.0)

Updates `@microsoft/teams-js` from 2.35.0 to 2.36.0
- [Release notes](https://github.com/OfficeDev/microsoft-teams-library-js/releases)
- [Changelog](https://github.com/OfficeDev/microsoft-teams-library-js/blob/main/packages/teams-js/CHANGELOG.md)
- [Commits](https://github.com/OfficeDev/microsoft-teams-library-js/commits/v2.36.0/packages/teams-js)

Updates `vectra` from 0.9.0 to 0.10.0
- [Release notes](https://github.com/Stevenic/vectra/releases)
- [Commits](https://github.com/Stevenic/vectra/commits/v0.10.0)

---
updated-dependencies:
- dependency-name: openai
  dependency-version: 4.93.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: dotenv
  dependency-version: 16.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: "@microsoft/teams-js"
  dependency-version: 2.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: vectra
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 12, 2025

Reviewers

The following teams could not be added as reviewers: teams-ai-admins. Either the team does not exist or it does not have the correct permissions to be added as a reviewer.

Labels

The following labels could not be found: JS, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 21, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Apr 21, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/js/production-33b0e03f1a branch April 21, 2025 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant