Skip to content

build: Merge Dependabot Changes into Dev Branch #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Roopan-Microsoft merged 19 commits into from
Mar 4, 2025
Merged

build: Merge Dependabot Changes into Dev Branch #264

Roopan-Microsoft merged 19 commits into from
Mar 4, 2025

Conversation

@Prasanjeet-Microsoft
Copy link
Contributor

@Prasanjeet-Microsoft Prasanjeet-Microsoft commented Mar 4, 2025

Purpose

  • The purpose of this PR is to merge the updates made by Dependabot into the dev branch. This includes updates to dependencies to ensure the project is using the latest stable versions of its dependencies, addressing any security vulnerabilities or outdated packages.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • I have built and tested the code locally and in a deployed app
  • For frontend changes, I have pulled the latest code from main, built the frontend, and committed all static files.
  • This is a change for all users of this app. No code or asset is specific to my use case or my organization.

  1. Dependency Updates:

    • Verify that the dependencies listed in the PR are up-to-date and correctly reflect the latest stable versions.
    • Ensure that any outdated or vulnerable dependencies have been properly updated.

  2. Compatibility:

    • Check if the updated dependencies do not break the build or introduce any breaking changes.
    • Review whether any dependency updates require adjustments in the codebase to maintain compatibility.

  3. Testing:

    • Run all relevant tests to confirm that the updates do not cause any regressions or issues.
    • Ensure that the project still builds successfully and behaves as expected after the merge.

dependabot bot and others added 19 commits March 1, 2025 22:12
@dependabot
build: bump undici from 5.28.5 to 7.4.0 in /frontend
0b58c31 
Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 7.4.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.5...v7.4.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump eslint-config-prettier from 9.1.0 to 10.0.2 in /frontend
7b4c945 
Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 9.1.0 to 10.0.2.
- [Release notes](https://github.com/prettier/eslint-config-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/eslint-config-prettier@v9.1.0...v10.0.2)

---
updated-dependencies:
- dependency-name: eslint-config-prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump globals from 15.15.0 to 16.0.0 in /frontend
15c22be 
Bumps [globals](https://github.com/sindresorhus/globals) from 15.15.0 to 16.0.0.
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v15.15.0...v16.0.0)

---
updated-dependencies:
- dependency-name: globals
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump react-markdown from 9.1.0 to 10.0.0 in /frontend
e610cd1 
Bumps [react-markdown](https://github.com/remarkjs/react-markdown) from 9.1.0 to 10.0.0.
- [Release notes](https://github.com/remarkjs/react-markdown/releases)
- [Changelog](https://github.com/remarkjs/react-markdown/blob/main/changelog.md)
- [Commits](remarkjs/react-markdown@9.1.0...10.0.0)

---
updated-dependencies:
- dependency-name: react-markdown
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump react-router-dom from 6.29.0 to 7.2.0 in /frontend
63a3066 
Bumps [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) from 6.29.0 to 7.2.0.
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/[email protected]/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: react-router-dom
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump pydantic-settings from 2.7.1 to 2.8.1
a7b92f0 
Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.7.1 to 2.8.1.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.7.1...v2.8.1)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump openai from 1.63.2 to 1.65.2
72d6679 
Bumps [openai](https://github.com/openai/openai-python) from 1.63.2 to 1.65.2.
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v1.63.2...v1.65.2)

---
updated-dependencies:
- dependency-name: openai
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump isort from 6.0.0 to 6.0.1
873d48d 
Bumps [isort](https://github.com/PyCQA/isort) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/PyCQA/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](PyCQA/isort@6.0.0...6.0.1)

---
updated-dependencies:
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump aiohttp from 3.11.12 to 3.11.13
dd4474a 
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.11.12 to 3.11.13.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.11.12...v3.11.13)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #245 from microsoft/dependabot/npm_and_yarn/fronte…
860661f 
…nd/dependabotchanges/undici-7.4.0

build: bump undici from 5.28.5 to 7.4.0 in /frontend
@Roopan-Microsoft
Merge pull request #246 from microsoft/dependabot/npm_and_yarn/fronte…
b47b93f 
…nd/dependabotchanges/eslint-config-prettier-10.0.2

build: bump eslint-config-prettier from 9.1.0 to 10.0.2 in /frontend
@Roopan-Microsoft
Merge pull request #248 from microsoft/dependabot/npm_and_yarn/fronte…
d815353 
…nd/dependabotchanges/globals-16.0.0

build: bump globals from 15.15.0 to 16.0.0 in /frontend
@Roopan-Microsoft
Merge pull request #249 from microsoft/dependabot/npm_and_yarn/fronte…
bc8ac8b 
…nd/dependabotchanges/react-markdown-10.0.0

build: bump react-markdown from 9.1.0 to 10.0.0 in /frontend
@Roopan-Microsoft
Merge pull request #251 from microsoft/dependabot/pip/dependabotchang…
039f2e6 
…es/pydantic-settings-2.8.1

build: bump pydantic-settings from 2.7.1 to 2.8.1
@Roopan-Microsoft
Merge pull request #252 from microsoft/dependabot/pip/dependabotchang…
29d6132 
…es/openai-1.65.2

build: bump openai from 1.63.2 to 1.65.2
@Roopan-Microsoft
Merge pull request #253 from microsoft/dependabot/pip/dependabotchang…
350f899 
…es/isort-6.0.1

build: bump isort from 6.0.0 to 6.0.1
@Roopan-Microsoft
Merge pull request #254 from microsoft/dependabot/pip/dependabotchang…
f27cfc7 
…es/aiohttp-3.11.13

build: bump aiohttp from 3.11.12 to 3.11.13
@Roopan-Microsoft
Merge pull request #250 from microsoft/dependabot/npm_and_yarn/fronte…
1d768c4 
…nd/dependabotchanges/react-router-dom-7.2.0

build: bump react-router-dom from 6.29.0 to 7.2.0 in /frontend
@Prasanjeet-Microsoft
updated package-lock.json and fixed frontend code issues
ca131be
@Roopan-Microsoft Roopan-Microsoft merged commit c3ddd0f into dev Mar 4, 2025
5 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2025

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Roopan-Microsoft Roopan-Microsoft Roopan-Microsoft approved these changes

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@hunterjam hunterjam Awaiting requested review from hunterjam

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Prasanjeet-Microsoft @Roopan-Microsoft