Skip to content

fix: Dependabot package upgrade changes #2032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Priyanka-Microsoft wants to merge 180 commits into
base: dev
Choose a base branch
from
Open

fix: Dependabot package upgrade changes #2032

Priyanka-Microsoft wants to merge 180 commits into from

Conversation

@Priyanka-Microsoft
Copy link
Contributor

@Priyanka-Microsoft Priyanka-Microsoft commented Jan 15, 2026
edited
Loading

Purpose

  • ...
    This pull request primarily updates dependencies across the project to their latest stable versions, including both Python and JavaScript packages, and modernizes the GitHub Actions workflow files by upgrading action versions and improving workflow steps. These changes aim to enhance security, compatibility, and reliability of CI/CD pipelines and the application itself.

Dependency Upgrades

  • Updated JavaScript dependencies in code/frontend/package.json, including major upgrades to react (to v19), @fluentui/react, @fortawesome/react-fontawesome, lodash-es, and development tools such as vitest and prettier. This ensures compatibility with the latest features and bug fixes.
  • Upgraded Python dependencies in pyproject.toml, including azure-functions, streamlit, python-dotenv, azure-storage-blob, semantic-kernel, pydantic, and added rfc3987. Development dependencies like pytest, black, and pre-commit were also updated. [1] [2]
  • Updated Cypress and related dependencies in tests/integration/ui/package-lock.json, along with various type definitions and licenses, improving test automation reliability. [1] [2] [3] [4] [5] [6] [7] [8] [9]

GitHub Actions Workflow Modernization

  • Upgraded all usages of actions/checkout from v5 to v6, actions/download-artifact from v5 to v7, actions/upload-artifact from v4 to v6, and other actions such as actions/setup-python and actions/setup-node to their latest versions in various workflow files. This improves security and maintains support for new features. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]

Workflow Logic Improvements

  • Improved logic in .github/workflows/broken-links-checker.yml for detecting changed markdown files in PRs by replacing the tj-actions/changed-files step with a direct git diff command, and upgraded lycheeverse/lychee-action to v2.7.0 for broken link checking.
  • Added a new Docker login step for the main branch in .github/workflows/build-docker.yml, ensuring proper authentication for registry pushes.
  • Upgraded github/codeql-action/upload-sarif from v3 to v4 in .github/workflows/bicep-audit.yml for improved security alert uploads.

Does this introduce a breaking change?

  • Yes
  • No

How to Test

  • Get the code
git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install
  • Test the code

What to Check

Verify that the following are valid

  • ...

Other Information

dependabot bot and others added 30 commits December 23, 2024 12:30
@dependabot
build: bump opentelemetry-instrumentation-httpx from 0.48b0 to 0.50b0 (
4a13a57 
…Azure-Samples#1560)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump azure-ai-ml from 1.21.1 to 1.23.0 (Azure-Samples#1559)
fcaa562 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Roopan-Microsoft
Merge branch 'main' into dependabotchanges
0986fe1
@dependabot
build: bump nanoid from 3.3.7 to 3.3.8 in /code/frontend (Azure-Sampl…
e1a9ff3 
…es#1556)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump openai from 1.48.0 to 1.58.1 (Azure-Samples#1578)
4c06a4d 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump pytest from 8.3.3 to 8.3.4 (Azure-Samples#1548)
4f1bf6e 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump streamlit from 1.39.0 to 1.41.1 (Azure-Samples#1579)
1d07939 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump semantic-kernel from 1.3.0 to 1.17.1 (Azure-Samples#1580)
1f3c5d9 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump @types/node from 22.5.5 to 22.10.1 in /code/frontend (Azu…
c61a308 
…re-Samples#1547)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump vite from 5.4.10 to 6.0.1 in /code/frontend (Azure-Sample…
2809781 
…s#1546)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump vitest from 2.1.4 to 2.1.8 in /code/frontend (Azure-Sampl…
0980b69 
…es#1582)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump prettier from 3.3.3 to 3.4.2 in /code/frontend (Azure-Sam…
35d4715 
…ples#1581)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump @vitejs/plugin-react from 4.3.3 to 4.3.4 in /code/frontend (
0233fe4 
Azure-Samples#1531)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump typescript from 5.5.4 to 5.7.2 in /tests/integration/ui (A…
a247d27 
…zure-Samples#1524)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump @fluentui/react-icons from 2.0.265 to 2.0.266 in /code/fr…
b175a5f 
…ontend (Azure-Samples#1521)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump react-router-dom from 6.27.0 to 7.0.1 in /code/frontend (A…
7b872cd 
…zure-Samples#1519)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump cypress from 13.15.2 to 13.17.0 in /tests/integration/ui (A…
a3cbc54 
…zure-Samples#1583)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump @fortawesome/fontawesome-svg-core from 6.6.0 to 6.7.2 in …
e81a965 
…/code/frontend (Azure-Samples#1584)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump typescript from 5.6.2 to 5.7.2 in /code/frontend (Azure-S…
610541b 
…amples#1517)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump tornado from 6.4.1 to 6.4.2 (Azure-Samples#1511)
cbba914 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump cross-spawn from 7.0.3 to 7.0.6 in /tests/integration/ui (A…
060ca4e 
…zure-Samples#1502)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump cross-spawn from 7.0.3 to 7.0.6 in /extensions/teams (Azu…
2cbc462 
…re-Samples#1500)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump aiohttp from 3.10.2 to 3.10.11 (Azure-Samples#1499)
3184090 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump postcss from 8.4.48 to 8.4.49 in /code/frontend (Azure-Sa…
f1f2801 
…mples#1496)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump uuid from 11.0.2 to 11.0.3 in /code/frontend (Azure-Sampl…
033df75 
…es#1472)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump @azure/identity and botbuilder in /extensions/teams (Azur…
9792387 
…e-Samples#1282)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump @fluentui/react from 8.121.8 to 8.122.2 in /code/frontend (
2cad336 
…Azure-Samples#1585)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump actions/checkout from 3 to 4 (Azure-Samples#1586)
ae60417 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump azure-mgmt-cognitiveservices from 13.5.0 to 13.6.0 (Azure…
82df7ec 
…-Samples#1595)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump azure-monitor-opentelemetry from 1.6.2 to 1.6.4 (Azure-Sa…
3b8e540 
…mples#1596)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Priyanka-Microsoft and others added 16 commits November 24, 2025 10:18
@Priyanka-Microsoft
Merge branch 'Azure-Samples:dev' into dev
bc748c0
@Priyanka-Microsoft
rebuild main json to resolve conflict
31eecce
@Priyanka-Microsoft
Merge branch 'Azure-Samples:dev' into dev
d30eceb
@dependabot
build: bump the frontend-deps group in /code/frontend with 13 updates (
2ce031b 
…Azure-Samples#1985)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump the all-actions group with 2 updates (Azure-Samples#1984)
e4daf62 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump the all-backend-deps group with 8 updates (Azure-Samples#…
44fabc1 
…1983)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump cypress from 15.5.0 to 15.7.0 in /tests/integration/ui in…
c200235 
… the frontend-deps group (Azure-Samples#1982)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Priyanka-Microsoft
Merge branch 'Azure-Samples:dev' into dev
94f3122
@Priyanka-Microsoft
Merge branch 'Azure-Samples:dev' into dev
9b2b51c
@dependabot
build: bump the all-backend-deps group with 7 updates (Azure-Samples#…
a5a4131 
…2008)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump the frontend-deps group in /code/frontend with 15 updates (
44dd59c 
…Azure-Samples#2007)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump cypress from 15.7.0 to 15.8.1 in /tests/integration/ui in…
34da5e8 
… the frontend-deps group (Azure-Samples#2006)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build: bump the all-actions group with 2 updates (Azure-Samples#2005)
3ce7f54 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Priyanka-Microsoft
Merge branch 'Azure-Samples:dev' into dev
7716e5c
@Priyanka-Microsoft
conflict resolved
73a3481
@Priyanka-Microsoft
dependatbotchanges
6711c7f
@Priyanka-Microsoft Priyanka-Microsoft changed the title fix: Dependabotchanges fix: Dependabot package upgrade changes Jan 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Fr4nc3 Fr4nc3 Awaiting requested review from Fr4nc3 Fr4nc3 is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@nchandhi nchandhi Awaiting requested review from nchandhi nchandhi is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Priyanka-Microsoft @Roopan-Microsoft @Pavan-Microsoft @Prasanjeet-Microsoft @Harmanpreet-Microsoft