[JS] bump: (deps): Bump the production group across 1 directory with 9 updates

[dependabot]

Bumps the production group with 9 updates in the /js directory:

Package	From	To
openai	4.77.4	4.104.0
@azure/msal-node	2.16.2	2.16.3
axios	1.8.4	1.11.0
yaml	2.7.1	2.8.1
dotenv	16.4.7	16.6.1
@microsoft/teams-js	2.35.0	2.42.0
vectra	0.9.0	0.11.1
debug	4.4.0	4.4.1
@azure/identity	4.8.0	4.11.1

Updates openai from 4.77.4 to 4.104.0

Release notes

Sourced from openai's releases.

v4.104.0

4.104.0 (2025-05-29)

Full Changelog: v4.103.0...v4.104.0

Features

• api: Config update for pakrym-stream-param (469ad7b)

Bug Fixes

• azure: add /images/edits to deployments endpoints (#1509) (84fc31a)
• client: return binary content from get /containers/{container_id}/files/{file_id}/content (83129d7)

Chores

• deprecate Assistants API (5b34fcd)
• improve publish-npm script --latest tag logic (6207a2a)
• internal: fix release workflows (353349d)

v4.103.0

4.103.0 (2025-05-22)

Full Changelog: v4.102.0...v4.103.0

Features

• api: new streaming helpers for background responses (1ddd6ff)

v4.102.0

4.102.0 (2025-05-21)

Full Changelog: v4.101.0...v4.102.0

Features

• api: add container endpoint (e973476)

v4.101.0

4.101.0 (2025-05-21)

Full Changelog: v4.100.0...v4.101.0

Features

• api: new API tools (fb4014f)

... (truncated)

Changelog

Sourced from openai's changelog.

4.104.0 (2025-05-29)

Full Changelog: v4.103.0...v4.104.0

Features

• api: Config update for pakrym-stream-param (469ad7b)

Bug Fixes

• azure: add /images/edits to deployments endpoints (#1509) (84fc31a)
• client: return binary content from get /containers/{container_id}/files/{file_id}/content (83129d7)

Chores

• deprecate Assistants API (5b34fcd)
• improve publish-npm script --latest tag logic (6207a2a)
• internal: fix release workflows (353349d)

4.103.0 (2025-05-22)

Full Changelog: v4.102.0...v4.103.0

Features

• api: new streaming helpers for background responses (1ddd6ff)

4.102.0 (2025-05-21)

Full Changelog: v4.101.0...v4.102.0

Features

• api: add container endpoint (e973476)

4.101.0 (2025-05-21)

Full Changelog: v4.100.0...v4.101.0

Features

• api: new API tools (fb4014f)

Chores

• docs: grammar improvements (7761cfb)
• internal: version bump (b40e830)

... (truncated)

Commits

• 7704e54 release: 4.104.0
• 8502966 fix(client): return binary content from `get /containers/{container_id}/files...
• 71c3d31 feat(api): Config update for pakrym-stream-param
• 0be23b9 chore: deprecate Assistants API
• 6d3cc5c chore: improve publish-npm script --latest tag logic
• 4b18059 fix(azure): add /images/edits to deployments endpoints (#1509)
• 0e4b982 chore(internal): fix release workflows
• ce9f114 codegen metadata
• f3c6ba8 Merge pull request #1506 from openai/release-please--branches--master--change...
• 00b63f4 release: 4.103.0
• Additional commits viewable in compare view

Updates @azure/msal-node from 2.16.2 to 2.16.3

Commits

• See full diff in compare view

Updates axios from 1.8.4 to 1.11.0

Release notes

Sourced from axios's releases.

Release v1.11.0

Release notes:

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

Release v1.10.0

Release notes:

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

Release v1.9.0

Release notes:

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
• http: send minimal end multipart boundary (#6661) (987d2e2)
• types: fix autocomplete for adapter config (#6855) (e61a893)

... (truncated)

Changelog

Sourced from axios's changelog.

1.11.0 (2025-07-22)

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

1.10.0 (2025-06-14)

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

1.9.0 (2025-04-24)

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)

... (truncated)

Commits

• b76c4ac chore(release): v1.11.0 (#6974)
• e72c193 fix: form-data npm pakcage (#6970)
• 8517aa1 fix(types): resolve type discrepancies between ESM and CJS TypeScript declara...
• a2214ca fix: prevent RangeError when using large Buffers (#6961)
• 6161947 refactor: use spread operator instead of '.apply()' (#6938)
• a1d16dd refactor: use an object spread instead of Object.assign (#6939)
• 07183cd chore(sponsor): update sponsor block (#6952)
• ef36347 docs(CONTRIBUTING): update docs link for accuracy (#6894)
• b29bd6a chore(sponsor): update sponsor block (#6948)
• a406a93 chore(sponsor): update sponsor block (#6937)
• Additional commits viewable in compare view

Updates yaml from 2.7.1 to 2.8.1

Release notes

Sourced from yaml's releases.

v2.8.1

• Preserve empty block literals (#634)

v2.8.0

• Add node cache for faster alias resolution (#612)
• Re-introduce compatibility with Node.js 14.6 (#614)
• Add --merge option to CLI tool (#611)
• Improve error for tag resolution error on null value (#616)
• Allow empty string as plain scalar representation, for failsafe schema (#616)
• docs: include cli example (#617)

Commits

• 1dc3c3b 2.8.1
• 5bbb1cb chore: Add explicit jest-resolve@29 dev dependency to keep Node.js 15 compati...
• b3ba632 chore: Refresh lockfile
• de8a0ab fix: Preserve empty block literals (#634)
• 81eb3bf docs: Update site intro
• ef23196 docs: Update README & docs/CONTRIBUTING
• aa29f42 docs: Note that schema can be a Schema
• cad823e docs: Update instructions on vulnerability reporting
• c000eb7 2.8.0
• 1e85fc8 style: Apply updated lint rules
• Additional commits viewable in compare view

Updates dotenv from 16.4.7 to 16.6.1

Changelog

Sourced from dotenv's changelog.

16.6.1 (2025-06-27)

Changed

• Default quiet to true – hiding the runtime log message (#874)
• NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
• And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@dotenvx/dotenvx').config().

16.6.0 (2025-06-26)

Added

• Default log helpful message [dotenv@16.6.0] injecting env (1) from .env (#870)
• Use { quiet: true } to suppress
• Aligns dotenv more closely with dotenvx.

16.5.0 (2025-04-07)

Added

• 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP] Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

• Remove _log method. Use _debug #862

Commits

• 076ba3b 16.6.1
• 8867fe0 changelog 🪵
• 424c32d Merge pull request #874 from motdotla/default-quiet-to-true
• 5270faf changelog 🪵
• 86ce001 force failure of path.relative in test
• e6799e6 add tests
• ec72534 add to test coverage
• c886084 send coverage to text as well
• a791032 add test
• fa67c02 test quiet: false
• Additional commits viewable in compare view

Updates @microsoft/teams-js from 2.35.0 to 2.42.0

Release notes

Sourced from @​microsoft/teams-js's releases.

v2.42.0

2.42.0

Thu, 07 Aug 2025 02:09:13 GMT

Minor changes

• Added messageId to app context.
• Updated validDomains list to support the catalyst consumer domains
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

• Add Outlook DoD domains to validDomains
• Fixed the typo from NonAdult to NotAdult in LegalAgeGroupClassification Enum.

v2.41.0

Minor changes

• Added view copilot API with function to close the side panel.
• Bumped eslint-plugin-recommend-no-namespaces to v0.1.0

V2.40.0

Minor changes

• Added contextType in TeamsContent interface to {copilot.sidePanel} capability.
• Added TeamsContent interface for {copilot.sidePanel} capability.
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

• Removed message source check but kept origin validation in nested app auth standalone bridge
• Added Outlook OCDI domain to validDomains.json
• Updated valid domains CDN fetch logic to prevent duplicate requests.
• Added responseToEmailId to {copilot.sidePanel.DraftEmailContent} capability.

v2.39.1

Patches

• Added Outlook OCDI domain to validDomains.json
• Updated valid domains CDN fetch logic to prevent duplicate requests.
• Added responseToEmailId to {copilot.sidePanel.DraftEmailContent} capability.
• Removed message source check but kept origin validation in nested app auth standalone bridge
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

v.2.39.0

Minor changes

• Added {copilot.sidePanel} capability that will help copilot to receive more context aware data from the hosts. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
• Added a new client version 2.1.2 to support isDeeplyNestedAuthSupported for Teams Mobile legacy code

... (truncated)

Changelog

Sourced from @​microsoft/teams-js's changelog.

2.42.0

Thu, 07 Aug 2025 04:45:52 GMT

Minor changes

• Updated validDomains list to support the catalyst consumer domains
• Added messageId to app context.
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

• Add Outlook DoD domains to validDomains
• Fixed the typo from NonAdult to NotAdult in LegalAgeGroupClassification Enum.

2.41.0

Mon, 21 Jul 2025 20:57:12 GMT

Minor changes

• Added view copilot API with function to close the side panel.
• Bumped eslint-plugin-recommend-no-namespaces to v0.1.0

2.40.0

Mon, 07 Jul 2025 23:19:06 GMT

Minor changes

• Added contextType in TeamsContent interface to {copilot.sidePanel} capability.
• Added TeamsContent interface for {copilot.sidePanel} capability.
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

• Removed message source check but kept origin validation in nested app auth standalone bridge
• Added Outlook OCDI domain to validDomains.json
• Updated valid domains CDN fetch logic to prevent duplicate requests.
• Added responseToEmailId to {copilot.sidePanel.DraftEmailContent} capability.

2.39.0

Fri, 06 Jun 2025 17:53:12 GMT

Minor changes

• Added {copilot.sidePanel} capability that will help copilot to receive more context aware data from the hosts. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
• Added a new client version 2.1.2 to support isDeeplyNestedAuthSupported for Teams Mobile legacy code
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

... (truncated)

Commits

• 0373185 preprelease 2.42.0 (#2872)
• 676bafe Add Outlook DoD domains to validDomains (#2857)
• a2fc52e Updated validDomains list to support the catalyst consumer domains (#2869)
• c2f7832 Fixed the typo from NonAdult to NotAdult in LegalAgeGroupClassification...
• 705be57 Cleanup version 2.41.0 (#2866)
• e023c71 Add messageId to app context (#2865)
• cf605fe Added copilot view API for closing the side panel (#2856)
• e9f0924 Kangxuanye/cleanup release 2.40.0 (#2853)
• d3fa242 "Added contextType in TeamsContent interface to {copilot.sidePanel} cap...
• 06304fd Added TeamsContent to copilot.sidePanel Interface (#2846)
• Additional commits viewable in compare view

Updates vectra from 0.9.0 to 0.11.1

Release notes

Sourced from vectra's releases.

v0.10.0

https://www.npmjs.com/package/vectra

What's Changed

• v4 should be v4() by @​GaureeshAnvekar in Stevenic/vectra#64
• Fixed Typescript error in ItemSelector.ts by @​JoramMillenaar in Stevenic/vectra#60
• Hybrid search support for Vectra - addition of Okapi-BM25 keyword search by @​GaureeshAnvekar in Stevenic/vectra#61

New Contributors

• @​kritlivesync made their first contribution in Stevenic/vectra#17
• @​ispyhumanfly made their first contribution in Stevenic/vectra#16
• @​singhk97 made their first contribution in Stevenic/vectra#19
• @​steveruizok made their first contribution in Stevenic/vectra#26
• @​BMS-geodev made their first contribution in Stevenic/vectra#29
• @​Seyronh made their first contribution in Stevenic/vectra#36
• @​ecwyne made their first contribution in Stevenic/vectra#44
• @​IanGallacher made their first contribution in Stevenic/vectra#55
• @​ReneReiterer made their first contribution in Stevenic/vectra#54
• @​GaureeshAnvekar made their first contribution in Stevenic/vectra#64
• @​JoramMillenaar made their first contribution in Stevenic/vectra#60

Full Changelog: https://github.com/Stevenic/vectra/commits/v0.10.0

Commits

• See full diff in compare view

Updates debug from 4.4.0 to 4.4.1

Release notes

Sourced from debug's releases.

4.4.1

What's Changed

• fix(Issue-996): replace whitespaces in namespaces string with commas globally by @​pdahal-cx in debug-js/debug#997
• fixes #987 fallback to localStorage.DEBUG if debug is not defined by @​lzilioli in debug-js/debug#988

New Contributors

• @​pdahal-cx made their first contribution in debug-js/debug#997
• @​lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

Commits

• 33330fa 4.4.1
• 98df33e remove istanbul
• bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
• a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
• See full diff in compare view

Updates @azure/identity from 4.8.0 to 4.11.1

Commits

• 92a0e89 [Identity] Hot fix change (#35469)
• 6a3e14f Post release automated changes for identity releases (#35449)
• ab420d3 [mgmt] refresh hybridconnectivity (#35422)
• dcac2ed [dev-tool] Support listed dependencies in the API view (#35430)
• 779cba7 [notfication-hubs] Remove the need for BodilessMatcher in the tests with sani...
• ce24eca [Identity] VS Code Package Release (#35446)
• 9313e7f Post release automated changes for identity releases (#35445)
• c883316 [Identity] August release (#35444)
• e7399dc [Monitor OpenTelemetry Exporter][Monitor OpenTelemetry] Release Distro 1.12.0...
• e3e0910 Sync eng/common directory with azure-sdk-tools for PR 11493 (#35441)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: JS, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.