Skip to content

build: Merge Dependabot Changes into Dev Branch #255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Roopan-Microsoft merged 56 commits into from
Mar 3, 2025
Merged

build: Merge Dependabot Changes into Dev Branch #255

Roopan-Microsoft merged 56 commits into from
Mar 3, 2025

Conversation

@Prasanjeet-Microsoft
Copy link
Contributor

@Prasanjeet-Microsoft Prasanjeet-Microsoft commented Mar 3, 2025

Purpose

  • The purpose of this PR is to merge the updates made by Dependabot into the dev branch. This includes updates to dependencies to ensure the project is using the latest stable versions of its dependencies, addressing any security vulnerabilities or outdated packages.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • I have built and tested the code locally and in a deployed app
  • For frontend changes, I have pulled the latest code from main, built the frontend, and committed all static files.
  • This is a change for all users of this app. No code or asset is specific to my use case or my organization.

  1. Dependency Updates:

    • Verify that the dependencies listed in the PR are up-to-date and correctly reflect the latest stable versions.
    • Ensure that any outdated or vulnerable dependencies have been properly updated.

  2. Compatibility:

    • Check if the updated dependencies do not break the build or introduce any breaking changes.
    • Review whether any dependency updates require adjustments in the codebase to maintain compatibility.

  3. Testing:

    • Run all relevant tests to confirm that the updates do not cause any regressions or issues.
    • Ensure that the project still builds successfully and behaves as expected after the merge.

dependabot bot and others added 30 commits January 2, 2025 03:59
@dependabot
build: bump pydantic-settings from 2.7.0 to 2.7.1
ecbd7bd 
Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.7.0...v2.7.1)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump eslint-plugin-n from 16.6.2 to 17.15.1 in /frontend
c574173 
Bumps [eslint-plugin-n](https://github.com/eslint-community/eslint-plugin-n) from 16.6.2 to 17.15.1.
- [Release notes](https://github.com/eslint-community/eslint-plugin-n/releases)
- [Changelog](https://github.com/eslint-community/eslint-plugin-n/blob/master/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-n@16.6.2...v17.15.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-n
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump @fluentui/react from 8.122.3 to 8.122.4 in /frontend
9093503 
Bumps [@fluentui/react](https://github.com/microsoft/fluentui) from 8.122.3 to 8.122.4.
- [Release notes](https://github.com/microsoft/fluentui/releases)
- [Changelog](https://github.com/microsoft/fluentui/blob/master/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/fluentui/compare/@fluentui/react_v8.122.3...@fluentui/react_v8.122.4)

---
updated-dependencies:
- dependency-name: "@fluentui/react"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #192 from microsoft/dependabot/npm_and_yarn/fronte…
3c4f715 
…nd/dependabotchanges/fluentui/react-8.122.4

build: bump @fluentui/react from 8.122.3 to 8.122.4 in /frontend
@dependabot
build: bump pytest-asyncio from 0.25.0 to 0.25.3
61d4724 
Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) from 0.25.0 to 0.25.3.
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v0.25.0...v0.25.3)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump azure-storage-blob from 12.24.0 to 12.24.1
dd0e7b8 
Bumps [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) from 12.24.0 to 12.24.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-storage-blob_12.24.0...azure-storage-blob_12.24.1)

---
updated-dependencies:
- dependency-name: azure-storage-blob
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump isort from 5.13.2 to 6.0.0
94e4ea7 
Bumps [isort](https://github.com/pycqa/isort) from 5.13.2 to 6.0.0.
- [Release notes](https://github.com/pycqa/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](PyCQA/isort@5.13.2...6.0.0)

---
updated-dependencies:
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump react-dom and @types/react-dom in /frontend
ec3b388 
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) and [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom). These dependencies needed to be updated together.

Updates `react-dom` from 18.3.1 to 19.0.0
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.0.0/packages/react-dom)

Updates `@types/react-dom` from 18.3.5 to 19.0.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom)

---
updated-dependencies:
- dependency-name: react-dom
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: "@types/react-dom"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump @fluentui/react from 8.122.4 to 8.122.9 in /frontend
a79ada9 
Bumps [@fluentui/react](https://github.com/microsoft/fluentui) from 8.122.4 to 8.122.9.
- [Release notes](https://github.com/microsoft/fluentui/releases)
- [Changelog](https://github.com/microsoft/fluentui/blob/master/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/fluentui/compare/@fluentui/react_v8.122.4...@fluentui/react_v8.122.9)

---
updated-dependencies:
- dependency-name: "@fluentui/react"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump vite from 4.5.5 to 6.1.0 in /frontend
81f513e 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 4.5.5 to 6.1.0.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/[email protected]/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #177 from microsoft/dependabot/pip/dependabotchang…
3ffff6c 
…es/pydantic-settings-2.7.1

build: bump pydantic-settings from 2.7.0 to 2.7.1
@Roopan-Microsoft
Merge pull request #180 from microsoft/dependabot/npm_and_yarn/fronte…
64b17c4 
…nd/dependabotchanges/eslint-plugin-n-17.15.1

build: bump eslint-plugin-n from 16.6.2 to 17.15.1 in /frontend
@Roopan-Microsoft
Merge pull request #198 from microsoft/dependabot/pip/dependabotchang…
64351d9 
…es/pytest-asyncio-0.25.3

build: bump pytest-asyncio from 0.25.0 to 0.25.3
@dependabot
build: bump black from 24.10.0 to 25.1.0
6be49e9 
Bumps [black](https://github.com/psf/black) from 24.10.0 to 25.1.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.10.0...25.1.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #200 from microsoft/dependabot/pip/dependabotchang…
fa79e3b 
…es/black-25.1.0

build: bump black from 24.10.0 to 25.1.0
@Roopan-Microsoft
Merge pull request #201 from microsoft/dependabot/pip/dependabotchang…
d5eafc1 
…es/azure-storage-blob-12.24.1

build: bump azure-storage-blob from 12.24.0 to 12.24.1
@Roopan-Microsoft
Merge pull request #204 from microsoft/dependabot/pip/dependabotchang…
f7882db 
…es/isort-6.0.0

build: bump isort from 5.13.2 to 6.0.0
@dependabot
build: bump eslint-plugin-react from 7.37.3 to 7.37.4 in /frontend
3062dcc 
Bumps [eslint-plugin-react](https://github.com/jsx-eslint/eslint-plugin-react) from 7.37.3 to 7.37.4.
- [Release notes](https://github.com/jsx-eslint/eslint-plugin-react/releases)
- [Changelog](https://github.com/jsx-eslint/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](jsx-eslint/eslint-plugin-react@v7.37.3...v7.37.4)

---
updated-dependencies:
- dependency-name: eslint-plugin-react
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #206 from microsoft/dependabot/npm_and_yarn/fronte…
53f6615 
…nd/dependabotchanges/multi-422f831423

build: bump react-dom and @types/react-dom in /frontend
@dependabot
build: bump pymupdf from 1.25.1 to 1.25.3
f5e43a7 
Bumps [pymupdf](https://github.com/pymupdf/pymupdf) from 1.25.1 to 1.25.3.
- [Release notes](https://github.com/pymupdf/pymupdf/releases)
- [Changelog](https://github.com/pymupdf/PyMuPDF/blob/main/changes.txt)
- [Commits](pymupdf/PyMuPDF@1.25.1...1.25.3)

---
updated-dependencies:
- dependency-name: pymupdf
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump langchain from 0.3.13 to 0.3.19
d0af404 
Bumps [langchain](https://github.com/langchain-ai/langchain) from 0.3.13 to 0.3.19.
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain==0.3.13...langchain==0.3.19)

---
updated-dependencies:
- dependency-name: langchain
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #209 from microsoft/dependabot/npm_and_yarn/fronte…
df2d506 
…nd/dependabotchanges/eslint-plugin-react-7.37.4

build: bump eslint-plugin-react from 7.37.3 to 7.37.4 in /frontend
@dependabot
build: bump azure-search-documents from 11.6.0b8 to 11.6.0b9
b2545e9 
Bumps [azure-search-documents](https://github.com/Azure/azure-sdk-for-python) from 11.6.0b8 to 11.6.0b9.
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/search/azure-search-documents/CHANGELOG.md)
- [Commits](Azure/azure-sdk-for-python@azure-search-documents_11.6.0b8...azure-search-documents_11.6.0b9)

---
updated-dependencies:
- dependency-name: azure-search-documents
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #211 from microsoft/dependabot/npm_and_yarn/fronte…
68101d2 
…nd/dependabotchanges/fluentui/react-8.122.9

build: bump @fluentui/react from 8.122.4 to 8.122.9 in /frontend
@dependabot
build: bump docx from 8.5.0 to 9.2.0 in /frontend
575981c 
Bumps [docx](https://github.com/dolanmiu/docx) from 8.5.0 to 9.2.0.
- [Release notes](https://github.com/dolanmiu/docx/releases)
- [Commits](dolanmiu/docx@8.5.0...9.2.0)

---
updated-dependencies:
- dependency-name: docx
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #205 from microsoft/dependabot/pip/dependabotchang…
bfff91d 
…es/azure-search-documents-11.6.0b9

build: bump azure-search-documents from 11.6.0b8 to 11.6.0b9
@dependabot
build: bump @types/node from 22.10.3 to 22.13.4 in /frontend
820e55a 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.10.3 to 22.13.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #228 from microsoft/dependabot/npm_and_yarn/fronte…
ecb8f9a 
…nd/dependabotchanges/types/node-22.13.4

build: bump @types/node from 22.10.3 to 22.13.4 in /frontend
@Roopan-Microsoft
Merge pull request #227 from microsoft/dependabot/npm_and_yarn/fronte…
dcb26e3 
…nd/dependabotchanges/docx-9.2.0

build: bump docx from 8.5.0 to 9.2.0 in /frontend
@Roopan-Microsoft
Merge pull request #226 from microsoft/dependabot/npm_and_yarn/fronte…
8dd4d65 
…nd/dependabotchanges/vite-6.1.0

build: bump vite from 4.5.5 to 6.1.0 in /frontend
Roopan-Microsoft and others added 21 commits February 18, 2025 16:02
@Roopan-Microsoft
Merge pull request #223 from microsoft/dependabot/pip/dependabotchang…
10f3491 
…es/azure-identity-1.20.0

build: bump azure-identity from 1.17.1 to 1.20.0
@Roopan-Microsoft
Merge pull request #221 from microsoft/dependabot/pip/dependabotchang…
b54f3c0 
…es/pymupdf-1.25.3

build: bump pymupdf from 1.25.1 to 1.25.3
@Roopan-Microsoft
Merge pull request #210 from microsoft/dependabot/npm_and_yarn/fronte…
3b619cf 
…nd/dependabotchanges/plotly.js-3.0.0

build: bump plotly.js from 2.35.3 to 3.0.0 in /frontend
@dependabot
build: bump aiohttp from 3.11.11 to 3.11.12
3758e6b 
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.11.11 to 3.11.12.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.11.11...v3.11.12)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump lint-staged from 15.3.0 to 15.4.3 in /frontend
ebc85cc 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 15.3.0 to 15.4.3.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/master/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v15.3.0...v15.4.3)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump flake8 from 7.1.1 to 7.1.2
ce8a96e 
Bumps [flake8](https://github.com/pycqa/flake8) from 7.1.1 to 7.1.2.
- [Commits](PyCQA/flake8@7.1.1...7.1.2)

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump eslint-plugin-promise from 6.6.0 to 7.2.1 in /frontend
d6a73f9 
Bumps [eslint-plugin-promise](https://github.com/eslint-community/eslint-plugin-promise) from 6.6.0 to 7.2.1.
- [Release notes](https://github.com/eslint-community/eslint-plugin-promise/releases)
- [Changelog](https://github.com/eslint-community/eslint-plugin-promise/blob/main/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-promise@v6.6.0...v7.2.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-promise
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump @types/react-dom from 19.0.3 to 19.0.4 in /frontend
3fe622c 
Bumps [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) from 19.0.3 to 19.0.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom)

---
updated-dependencies:
- dependency-name: "@types/react-dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #229 from microsoft/dependabot/pip/dependabotchang…
76b5620 
…es/aiohttp-3.11.12

build: bump aiohttp from 3.11.11 to 3.11.12
@Roopan-Microsoft
Merge pull request #230 from microsoft/dependabot/npm_and_yarn/fronte…
3ddb03c 
…nd/dependabotchanges/lint-staged-15.4.3

build: bump lint-staged from 15.3.0 to 15.4.3 in /frontend
@Roopan-Microsoft
Merge pull request #231 from microsoft/dependabot/pip/dependabotchang…
892c374 
…es/flake8-7.1.2

build: bump flake8 from 7.1.1 to 7.1.2
@Roopan-Microsoft
Merge pull request #232 from microsoft/dependabot/npm_and_yarn/fronte…
8668d9f 
…nd/dependabotchanges/eslint-plugin-promise-7.2.1

build: bump eslint-plugin-promise from 6.6.0 to 7.2.1 in /frontend
@Roopan-Microsoft
Merge pull request #235 from microsoft/dependabot/npm_and_yarn/fronte…
7c11cf2 
…nd/dependabotchanges/types/react-dom-19.0.4

build: bump @types/react-dom from 19.0.3 to 19.0.4 in /frontend
@dependabot
build: bump prettier from 3.4.2 to 3.5.1 in /frontend
04c3187 
Bumps [prettier](https://github.com/prettier/prettier) from 3.4.2 to 3.5.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.4.2...3.5.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #233 from microsoft/dependabot/npm_and_yarn/fronte…
8405643 
…nd/dependabotchanges/prettier-3.5.1

build: bump prettier from 3.4.2 to 3.5.1 in /frontend
@Harmanpreet-Microsoft
Update docker-build-and-push.yml
b356137
@Prasanjeet-Microsoft
Downgraded packages and fixed dependency issues to resolve compatibil…
f1eb8c7 
…ity conflicts
@Roopan-Microsoft
Merge pull request #240 from microsoft/PSL-US-14431
6fd8137 
fix: Downgrade Packages and Fix Dependency Issues
@Prasanjeet-Microsoft
Updated package-lock.json file
c26e9fc
@Roopan-Microsoft
Merge branch 'dev' into dependabotchanges
27f4726
@Roopan-Microsoft
package lock updated
1625633
@Roopan-Microsoft Roopan-Microsoft merged commit 30cef2f into dev Mar 3, 2025
8 of 9 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2025

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Roopan-Microsoft Roopan-Microsoft Roopan-Microsoft approved these changes

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@hunterjam hunterjam Awaiting requested review from hunterjam

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Prasanjeet-Microsoft @Roopan-Microsoft @Harmanpreet-Microsoft