Skip to content

[JS] bump: (deps): Bump the production group across 1 directory with 6 updates #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

[JS] bump: (deps): Bump the production group across 1 directory with 6 updates #7

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 5, 2025
edited
Loading

Bumps the production group with 6 updates in the /js directory:

Package From To
openai 4.77.4 4.97.0
axios 1.8.4 1.9.0
dotenv 16.4.7 16.5.0
@microsoft/teams-js 2.35.0 2.37.0
vectra 0.9.0 0.10.0
@azure/identity 4.8.0 4.9.1

Updates openai from 4.77.4 to 4.97.0

Release notes

Sourced from openai's releases.

v4.97.0

4.97.0 (2025-05-02)

Full Changelog: v4.96.2...v4.97.0

Features

  • api: add image sizes, reasoning encryption (9c2113a)

Chores

  • docs: add missing deprecation warnings (253392c)

Documentation

  • fix "procesing" -> "processing" in realtime examples (#1406) (8717b9f)
  • readme: fix typo (cab3478)

v4.96.2

4.96.2 (2025-04-29)

Full Changelog: v4.96.1...v4.96.2

Bug Fixes

Chores

  • ci: only use depot for staging repos (214da39)
  • ci: run on more branches and use depot runners (ead76fc)

v4.96.1

4.96.1 (2025-04-29)

Full Changelog: v4.96.0...v4.96.1

Bug Fixes

Chores

  • ci: only use depot for staging repos (e80af47)
  • ci: run on more branches and use depot runners (b04a801)

... (truncated)

Changelog

Sourced from openai's changelog.

4.97.0 (2025-05-02)

Full Changelog: v4.96.2...v4.97.0

Features

  • api: add image sizes, reasoning encryption (9c2113a)

Chores

  • docs: add missing deprecation warnings (253392c)

Documentation

  • fix "procesing" -> "processing" in realtime examples (#1406) (8717b9f)
  • readme: fix typo (cab3478)

4.96.2 (2025-04-29)

Full Changelog: v4.96.1...v4.96.2

Bug Fixes

Chores

  • ci: only use depot for staging repos (214da39)
  • ci: run on more branches and use depot runners (ead76fc)

4.96.1 (2025-04-29)

Full Changelog: v4.96.0...v4.96.1

Bug Fixes

Chores

  • ci: only use depot for staging repos (e80af47)
  • ci: run on more branches and use depot runners (b04a801)

4.96.0 (2025-04-23)

Full Changelog: v4.95.1...v4.96.0

... (truncated)

Commits
  • 5bb4543 release: 4.97.0
  • 31cd88f feat(api): add image sizes, reasoning encryption
  • dfbdc65 docs: fix "procesing" -> "processing" in realtime examples (#1406)
  • 995075b chore(docs): add missing deprecation warnings
  • 0989ddc docs(readme): fix typo
  • 37ab638 release: 4.96.2
  • 593fea4 release: 4.96.1
  • 3e7c92c fix(types): export ParseableToolsParams (#1486)
  • 214da39 chore(ci): only use depot for staging repos
  • ead76fc chore(ci): run on more branches and use depot runners
  • Additional commits viewable in compare view

Updates axios from 1.8.4 to 1.9.0

Release notes

Sourced from axios's releases.

Release v1.9.0

Release notes:

Bug Fixes

  • core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#6661) (987d2e2)
  • types: fix autocomplete for adapter config (#6855) (e61a893)

Features

  • AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#5707) (80ea756)

Contributors to this release

Changelog

Sourced from axios's changelog.

1.9.0 (2025-04-24)

Bug Fixes

  • core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#6661) (987d2e2)
  • types: fix autocomplete for adapter config (#6855) (e61a893)

Features

  • AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#5707) (80ea756)

Contributors to this release

Commits
  • cdcfd21 chore(release): v1.9.0 (#6891)
  • 987d2e2 fix(http): send minimal end multipart boundary (#6661)
  • f112edf chore(ci): add PR files guard action; (#6890)
  • 61de4c0 chore(ci): update github actions; (#6889)
  • c3aba3d chore(ci): add labeler github action; (#6888)
  • f7a3b5e fix(headers): fixed support for setting multiple header values from an iterat...
  • e61a893 fix(types): fix autocomplete for adapter config (#6855)
  • 6c5d4cd fix(core): fix the Axios constructor implementation to treat the config argum...
  • dfe8411 fix(fetch): fixed ERR_NETWORK mapping for Safari browsers; (#6767)
  • d4f7df4 fix(headers): fix getSetCookie by using 'get' method for caseless access; (...
  • Additional commits viewable in compare view

Updates dotenv from 16.4.7 to 16.5.0

Changelog

Sourced from dotenv's changelog.

16.5.0 (2025-04-07)

Added

  • 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP] Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

  • Remove _log method. Use _debug #862
Commits

Updates @microsoft/teams-js from 2.35.0 to 2.37.0

Release notes

Sourced from @​microsoft/teams-js's releases.

2.37.0

Minor changes

  • Added forceRefresh optional argument in getEligibilityInfo API.

v2.36.0

Minor changes

  • Added canParentManageNAATrustedOrigins capability to check if the parent can manage its list of trusted child origins for Nested App Auth (NAA). The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added getParentOrigin API to read the parent origin for nested app auth
  • Added support for ExternalAppCardActionsForDA capability.
  • Added support for isDeeplyNestedAuthSupported to check if deeply nested auth is supported.
  • Added manageNAATrustedOrigins capability which allows the top-level parent app to register its child app's origin as trusted for nested app auth. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added standalone nested app auth bridge for nested child app
  • Removed child messaging proxying by default to avoid security issues. If an app still needs this pattern, it can be activated through the feature flag function activateChildProxyingCommunication which enables child proxying for that app.
  • Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

  • Set a unique Teams-JS instance id when Teams-JS library is used and appended this unique id to message request sent to host sdk.
  • Disabled default nested app auth bridge injection for nested child app
  • Added apiVersion tag in NAA request and removed isNAAChannelRecommended check in isDeeplyNestedAuthSupported api
Changelog

Sourced from @​microsoft/teams-js's changelog.

2.37.0

Fri, 02 May 2025 19:11:28 GMT

Minor changes

  • Added forceRefresh optional argument in getEligibilityInfo API.

2.36.0

Tue, 01 Apr 2025 18:17:07 GMT

Minor changes

  • Added canParentManageNAATrustedOrigins capability to check if the parent can manage its list of trusted child origins for Nested App Auth (NAA). The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added getParentOrigin API to read the parent origin for nested app auth
  • Added support for ExternalAppCardActionsForDA capability.
  • Added support for isDeeplyNestedAuthSupported to check if deeply nested auth is supported.
  • Added manageNAATrustedOrigins capability which allows the top-level parent app to register its child app's origin as trusted for nested app auth. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
  • Added standalone nested app auth bridge for nested child app
  • Removed child messaging proxying by default to avoid security issues. If an app still needs this pattern, it can be activated through the feature flag function activateChildProxyingCommunication which enables child proxying for that app.
  • Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

  • Set a unique Teams-JS instance id when Teams-JS library is used and appended this unique id to message request sent to host sdk.
  • Disabled default nested app auth bridge injection for nested child app
  • Added apiVersion tag in NAA request and removed isNAAChannelRecommended check in isDeeplyNestedAuthSupported api
Commits
  • 46da1af Prelease of version 2.37.0 (#2795)
  • 451b470 Added force refresh parameter to get eligbility info API. (#2784)
  • feafb17 Clean up for release 2.36.0 (#2777)
  • 7b11048 Setting up for release 2.35.0 (#2748) (#2765)
  • e63a266 Added apiVersion tag in NAA request and removed isNAAChannelRecommended c...
  • 7db8f73 TJS unique bundle id (#2758)
  • 82dcb40 Add support for manageNAATrustedOrigins API (#2768)
  • 875f8f7 Standalone NAA(Nested App Auth) bridge for nested child app (#2750)
  • 0fe84ba Add canParentManageNAATrustedOrigins capability to check if the parent can...
  • 677cd33 Added support for isDeeplyNestedAuthSupported to check if deeply nested aut...
  • Additional commits viewable in compare view

Updates vectra from 0.9.0 to 0.10.0

Release notes

Sourced from vectra's releases.

v0.10.0

https://www.npmjs.com/package/vectra

What's Changed

New Contributors

Full Changelog: https://github.com/Stevenic/vectra/commits/v0.10.0

Commits

Updates @azure/identity from 4.8.0 to 4.9.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
[JS] bump: (deps): Bump the production group across 1 directory with …
f45fbd3 
…6 updates

Bumps the production group with 6 updates in the /js directory:

| Package | From | To |
| --- | --- | --- |
| [openai](https://github.com/openai/openai-node) | `4.77.4` | `4.97.0` |
| [axios](https://github.com/axios/axios) | `1.8.4` | `1.9.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.4.7` | `16.5.0` |
| [@microsoft/teams-js](https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js) | `2.35.0` | `2.37.0` |
| [vectra](https://github.com/Stevenic/vectra) | `0.9.0` | `0.10.0` |
| [@azure/identity](https://github.com/Azure/azure-sdk-for-js) | `4.8.0` | `4.9.1` |



Updates `openai` from 4.77.4 to 4.97.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v4.77.4...v4.97.0)

Updates `axios` from 1.8.4 to 1.9.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.8.4...v1.9.0)

Updates `dotenv` from 16.4.7 to 16.5.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.4.7...v16.5.0)

Updates `@microsoft/teams-js` from 2.35.0 to 2.37.0
- [Release notes](https://github.com/OfficeDev/microsoft-teams-library-js/releases)
- [Changelog](https://github.com/OfficeDev/microsoft-teams-library-js/blob/v2.37.0/packages/teams-js/CHANGELOG.md)
- [Commits](https://github.com/OfficeDev/microsoft-teams-library-js/commits/v2.37.0/packages/teams-js)

Updates `vectra` from 0.9.0 to 0.10.0
- [Release notes](https://github.com/Stevenic/vectra/releases)
- [Commits](https://github.com/Stevenic/vectra/commits/v0.10.0)

Updates `@azure/identity` from 4.8.0 to 4.9.1
- [Release notes](https://github.com/Azure/azure-sdk-for-js/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md)
- [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/identity_4.8.0...@azure/identity_4.9.1)

---
updated-dependencies:
- dependency-name: openai
  dependency-version: 4.97.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: axios
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: dotenv
  dependency-version: 16.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: "@microsoft/teams-js"
  dependency-version: 2.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: vectra
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: "@azure/identity"
  dependency-version: 4.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github May 5, 2025

Reviewers

The following teams could not be added as reviewers: teams-ai-admins. Either the team does not exist or it does not have the correct permissions to be added as a reviewer.

Labels

The following labels could not be found: JS, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github May 19, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this May 19, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/js/production-1edf31c3df branch May 19, 2025 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant