Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: microsoft/botbuilder-js
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4.23.2
Choose a base ref
...
head repository: microsoft/botbuilder-js
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4.23.3
Choose a head ref
  • 1 commit
  • 203 files changed
  • 7 contributors

Commits on Aug 26, 2025

  1. bump: Update from main for 4.23.3 (#4899) 

    * Fix actions/cache deprecation (#4858)

* fix: Update generators and remove Core Bot templates (#4867)

* Update empty bot templates

* Update echo bot templates

* Remove core bot templates and its references

* Fix unit tests

* chore(deps): bump elliptic from 6.6.0 to 6.6.1 (#4863)

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.6.0 to 6.6.1.
- [Commits](indutny/elliptic@v6.6.0...v6.6.1)

---
updated-dependencies:
- dependency-name: elliptic
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* refactor: [#4759] Migrate off @azure/core-http (#4834)

* Migrate deprecated core-http to new libraries

* Fix ESLint

* Remove unused dependency

* Fix node_modules pathing

* Remove unused folder declaration

* Fix TypeScript modifying .js and .d.ts files

* Fix eslint

* Update elliptic, esbuild, and serialize-javascript (#4862)

* fix: [#4853] ConfigurationBotFrameworkAuthentication errors when initialized with process.env (#4857)

* Fix config options type to support process.env

* Fix eslint

* Fix test:compat

* Allow null value for Configuration parameter (#4856)

* chore(deps): bump axios from 1.7.7 to 1.8.2 (#4869)

Bumps [axios](https://github.com/axios/axios) from 1.7.7 to 1.8.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.7.7...v1.8.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update babel-runtime (#4868)

Co-authored-by: Cecilia Avila <[email protected]>

* fix: Add signInSso cardviewType to SignInCardViewParameters (#4872)

* initial commit

* update api md file

---------

Co-authored-by: bentsai <[email protected]>

* chore(deps): bump tar-fs from 2.1.1 to 2.1.2 (#4871)

Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pbkdf2 version to fix issue (#4891)

* fix: CodeQL issues with severity High (#4892)

* Fix issue in transcriptUtilities

* Fix codeql issue in parameterizedBotFrameworkAuthentication

* Fix codeql issue in jwtTokenValidation

* Fix codeql issue in channelServiceHandler

* Fix condition

* Use same logic in JwtTokenValidation_authenticateRequest

* Fix failing unit test

* port: CQA to support TokenCredential instead of key (#4879)

* Add MSI support for CQA

* Apply minor improvements

* Fix previous implementation wrong error message

* Fix validation of parameters

---------

Co-authored-by: CeciliaAvila <[email protected]>

* chore(deps): bump tmp from 0.2.3 to 0.2.4 (#4895)

Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.3 to 0.2.4.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.4)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump pbkdf2 from 3.1.1 to 3.1.3 (#4888)

Bumps [pbkdf2](https://github.com/crypto-browserify/pbkdf2) from 3.1.1 to 3.1.3.
- [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md)
- [Commits](browserify/pbkdf2@v3.1.1...v3.1.3)

---
updated-dependencies:
- dependency-name: pbkdf2
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: CodeQL issues with Medium and Error severity (#4893)

* Fix codeql issue in channelServiceRoutes

* Fix codeql issue in dialogs tests

* Extend timeout for failing unit test

* Replace console.log with console.error

* feat: Enable configuration of the OpenIdmetadata's refresh interval (#4877)

* Add tokenRefreshInterval to ConnectorClientOptions

* Add unit tests

* Add documentation to new property.

* bump: dependencies to safe versions (#4896)

* Bump dependencies to safe versions

* Add flag to avoid test failing in Node > 22.18

* Add flag to avoid test failing in Node > 22.18 to test:min

* Mark activity as optional in ConversationParameters (#4873)

* fix: [#4840] The use of the package browserify-sign could violate Microsoft crypto policy (#4875)

* Replace crypto-browserify with Web Crypto API

* Fix conflicts in yarn.lock file

* Fix yarn.lock versions

* feat: [#4894] Add support for typescript 5.9 (#4897)

* Update TS and types/node versions

* Fix issue in INodeBuffer

* Update test:consumer testing matrix

* fix: Remaining CodeQL issues (#4898)

* Fix remaining codeQL issues

* Rephrase suppression message in storage

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Joel Mut <[email protected]>
Co-authored-by: Cecilia Avila <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Benjamin Tsai <[email protected]>
Co-authored-by: bentsai <[email protected]>
Co-authored-by: CeciliaAvila <[email protected]>
    @tracyboehrer @sw-joelmut
    @ceciliaavila @dependabot @bentsai10
    7 people authored Aug 26, 2025
    Configuration menu
    Copy the full SHA
    0ca2d23 View commit details
    Browse the repository at this point in the history
Loading