Skip to content

build: Merge Dependabot Changes into Dev Branch #409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 55 commits into from
Apr 25, 2025
Merged

build: Merge Dependabot Changes into Dev Branch #409

merged 55 commits into from
Apr 25, 2025

Conversation

Prasanjeet-Microsoft
Copy link
Contributor

Purpose

  • The purpose of this PR is to merge the updates made by Dependabot into the dev branch. This includes updates to dependencies to ensure the project is using the latest stable versions of its dependencies, addressing any security vulnerabilities or outdated packages

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • I have built and tested the code locally and in a deployed app
  • For frontend changes, I have pulled the latest code from main, built the frontend, and committed all static files.
  • This is a change for all users of this app. No code or asset is specific to my use case or my organization.

  1. Dependency Updates:

    • Verify that the dependencies listed in the PR are up-to-date and correctly reflect the latest stable versions.
    • Ensure that any outdated or vulnerable dependencies have been properly updated.

  2. Compatibility:

    • Check if the updated dependencies do not break the build or introduce any breaking changes.
    • Review whether any dependency updates require adjustments in the codebase to maintain compatibility.

  3. Testing:

    • Run all relevant tests to confirm that the updates do not cause any regressions or issues.
    • Ensure that the project still builds successfully and behaves as expected after the merge.

dependabot bot and others added 30 commits April 1, 2025 22:21
@dependabot
build: bump eslint-config-prettier from 10.0.2 to 10.1.1 in /frontend
1e0ad62 
Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 10.0.2 to 10.1.1.
- [Release notes](https://github.com/prettier/eslint-config-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/eslint-config-prettier@v10.0.2...v10.1.1)

---
updated-dependencies:
- dependency-name: eslint-config-prettier
  dependency-version: 10.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump react-router-dom from 7.2.0 to 7.4.1 in /frontend
4ef838a 
Bumps [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) from 7.2.0 to 7.4.1.
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/[email protected]/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: react-router-dom
  dependency-version: 7.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump @eslint/js from 9.21.0 to 9.23.0 in /frontend
7f5cf49 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.21.0 to 9.23.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.23.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump @eslint/eslintrc from 3.3.0 to 3.3.1 in /frontend
870f940 
Bumps [@eslint/eslintrc](https://github.com/eslint/eslintrc) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/eslint/eslintrc/releases)
- [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md)
- [Commits](eslint/eslintrc@v3.3.0...v3.3.1)

---
updated-dependencies:
- dependency-name: "@eslint/eslintrc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump python-dotenv from 1.0.1 to 1.1.0
2c2dc9d 
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.0.1...v1.1.0)

---
updated-dependencies:
- dependency-name: python-dotenv
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump pytest-asyncio from 0.25.3 to 0.26.0
2111b7e 
Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) from 0.25.3 to 0.26.0.
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v0.25.3...v0.26.0)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-version: 0.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump azure-ai-documentintelligence from 1.0.0 to 1.0.2
65d8f40 
Bumps [azure-ai-documentintelligence](https://github.com/Azure/azure-sdk-for-python) from 1.0.0 to 1.0.2.
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-ai-documentintelligence_1.0.0...azure-ai-documentintelligence_1.0.2)

---
updated-dependencies:
- dependency-name: azure-ai-documentintelligence
  dependency-version: 1.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump aiohttp from 3.11.13 to 3.11.15
8339529 
---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.11.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #344 from microsoft/dependabot/pip/dependabotchang…
a5745d9 
…es/python-dotenv-1.1.0

build: bump python-dotenv from 1.0.1 to 1.1.0
@dependabot
build: bump azure-storage-blob from 12.24.1 to 12.25.1
6013bc0 
Bumps [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) from 12.24.1 to 12.25.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-storage-blob_12.24.1...azure-storage-blob_12.25.1)

---
updated-dependencies:
- dependency-name: azure-storage-blob
  dependency-version: 12.25.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #349 from microsoft/dependabot/pip/dependabotchang…
653dd7e 
…es/azure-ai-documentintelligence-1.0.2

build: bump azure-ai-documentintelligence from 1.0.0 to 1.0.2
@Roopan-Microsoft
Merge pull request #348 from microsoft/dependabot/pip/dependabotchang…
68c16e2 
…es/pytest-asyncio-0.26.0

build: bump pytest-asyncio from 0.25.3 to 0.26.0
@Roopan-Microsoft
Merge pull request #347 from microsoft/dependabot/pip/dependabotchang…
7776bff 
…es/azure-storage-blob-12.25.1

build: bump azure-storage-blob from 12.24.1 to 12.25.1
@Roopan-Microsoft
Merge pull request #346 from microsoft/dependabot/pip/dependabotchang…
ad199eb 
…es/aiohttp-3.11.15

build: bump aiohttp from 3.11.13 to 3.11.15
@dependabot
build: bump pymupdf from 1.25.3 to 1.25.5
6b65f2b 
Bumps [pymupdf](https://github.com/pymupdf/pymupdf) from 1.25.3 to 1.25.5.
- [Release notes](https://github.com/pymupdf/pymupdf/releases)
- [Changelog](https://github.com/pymupdf/PyMuPDF/blob/main/changes.txt)
- [Commits](pymupdf/PyMuPDF@1.25.3...1.25.5)

---
updated-dependencies:
- dependency-name: pymupdf
  dependency-version: 1.25.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump langchain from 0.3.19 to 0.3.22
b3b456f 
Bumps [langchain](https://github.com/langchain-ai/langchain) from 0.3.19 to 0.3.22.
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain==0.3.19...langchain==0.3.22)

---
updated-dependencies:
- dependency-name: langchain
  dependency-version: 0.3.22
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump azure-identity from 1.20.0 to 1.21.0
8fc25a0 
Bumps [azure-identity](https://github.com/Azure/azure-sdk-for-python) from 1.20.0 to 1.21.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.20.0...azure-identity_1.21.0)

---
updated-dependencies:
- dependency-name: azure-identity
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #350 from microsoft/dependabot/pip/dependabotchang…
27a7fb5 
…es/langchain-0.3.22

build: bump langchain from 0.3.19 to 0.3.22
@dependabot
build: bump openai from 1.65.2 to 1.70.0
c37b907 
Bumps [openai](https://github.com/openai/openai-python) from 1.65.2 to 1.70.0.
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v1.65.2...v1.70.0)

---
updated-dependencies:
- dependency-name: openai
  dependency-version: 1.70.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump flake8 from 7.1.2 to 7.2.0
6cceb7f 
Bumps [flake8](https://github.com/pycqa/flake8) from 7.1.2 to 7.2.0.
- [Commits](PyCQA/flake8@7.1.2...7.2.0)

---
updated-dependencies:
- dependency-name: flake8
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #351 from microsoft/dependabot/pip/dependabotchang…
46722ee 
…es/azure-identity-1.21.0

build: bump azure-identity from 1.20.0 to 1.21.0
@Roopan-Microsoft
Merge pull request #352 from microsoft/dependabot/pip/dependabotchang…
8d3b56f 
…es/flake8-7.2.0

build: bump flake8 from 7.1.2 to 7.2.0
@Roopan-Microsoft
Merge pull request #353 from microsoft/dependabot/pip/dependabotchang…
de95ffa 
…es/openai-1.70.0

build: bump openai from 1.65.2 to 1.70.0
@Roopan-Microsoft
Merge pull request #345 from microsoft/dependabot/pip/dependabotchang…
a63b8f5 
…es/pymupdf-1.25.5

build: bump pymupdf from 1.25.3 to 1.25.5
@Roopan-Microsoft
Merge branch 'dependabotchanges' into dependabot/npm_and_yarn/fronten…
2cb93e6 
…d/dependabotchanges/eslint-config-prettier-10.1.1
@Roopan-Microsoft
Merge pull request #340 from microsoft/dependabot/npm_and_yarn/fronte…
e2e3dc6 
…nd/dependabotchanges/eslint-config-prettier-10.1.1

build: bump eslint-config-prettier from 10.0.2 to 10.1.1 in /frontend
@Roopan-Microsoft
Merge branch 'dependabotchanges' into dependabot/npm_and_yarn/fronten…
23f0665 
…d/dependabotchanges/react-router-dom-7.4.1
@Roopan-Microsoft
package lock updated
6d0f6cf
@Roopan-Microsoft
Merge pull request #342 from microsoft/dependabot/npm_and_yarn/fronte…
5ca08f9 
…nd/dependabotchanges/react-router-dom-7.4.1

build: bump react-router-dom from 7.2.0 to 7.4.1 in /frontend
@Roopan-Microsoft
Merge branch 'dependabotchanges' into dependabot/npm_and_yarn/fronten…
60de248 
…d/dependabotchanges/eslint/js-9.23.0
dependabot bot and others added 18 commits April 15, 2025 13:26
@dependabot
build: bump uvicorn from 0.34.0 to 0.34.1 in /src
4e6a65e 
Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.34.0 to 0.34.1.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/docs/release-notes.md)
- [Commits](encode/uvicorn@0.34.0...0.34.1)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump gunicorn from 20.1.0 to 23.0.0 in /src
f113b39 
Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 20.1.0 to 23.0.0.
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@20.1.0...23.0.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-version: 23.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump markdown from 3.4.4 to 3.8 in /src
35ef2fe 
Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.4.4 to 3.8.
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](Python-Markdown/markdown@3.4.4...3.8)

---
updated-dependencies:
- dependency-name: markdown
  dependency-version: '3.8'
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump pytest from 8.3.4 to 8.3.5 in /src
fe753fc 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.4 to 8.3.5.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.3.4...8.3.5)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 8.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump openai from 1.73.0 to 1.74.0 in /src
2aef9b2 
Bumps [openai](https://github.com/openai/openai-python) from 1.73.0 to 1.74.0.
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v1.73.0...v1.74.0)

---
updated-dependencies:
- dependency-name: openai
  dependency-version: 1.74.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build: bump bs4 from 0.0.1 to 0.0.2 in /src
6df85f0 
Bumps bs4 from 0.0.1 to 0.0.2.

---
updated-dependencies:
- dependency-name: bs4
  dependency-version: 0.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
package lock updated
ff191fe
@dependabot
build: bump undici from 5.29.0 to 7.8.0 in /src/frontend
3b48819 
Bumps [undici](https://github.com/nodejs/undici) from 5.29.0 to 7.8.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.29.0...v7.8.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.8.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #397 from microsoft/dependabot/pip/src/dependabotc…
21bd705 
…hanges/uvicorn-0.34.1

build: bump uvicorn from 0.34.0 to 0.34.1 in /src
@Roopan-Microsoft
Merge pull request #398 from microsoft/dependabot/pip/src/dependabotc…
65d4467 
…hanges/gunicorn-23.0.0

build: bump gunicorn from 20.1.0 to 23.0.0 in /src
@Roopan-Microsoft
Merge pull request #399 from microsoft/dependabot/pip/src/dependabotc…
d89d0ae 
…hanges/markdown-3.8

build: bump markdown from 3.4.4 to 3.8 in /src
@Roopan-Microsoft
Merge pull request #401 from microsoft/dependabot/pip/src/dependabotc…
ffdb2cb 
…hanges/openai-1.74.0

build: bump openai from 1.73.0 to 1.74.0 in /src
@Roopan-Microsoft
Merge pull request #400 from microsoft/dependabot/pip/src/dependabotc…
ab9b129 
…hanges/pytest-8.3.5

build: bump pytest from 8.3.4 to 8.3.5 in /src
@Roopan-Microsoft
Merge pull request #402 from microsoft/dependabot/pip/src/dependabotc…
4c21ba9 
…hanges/bs4-0.0.2

build: bump bs4 from 0.0.1 to 0.0.2 in /src
@dependabot
build: bump urllib3 from 2.3.0 to 2.4.0 in /src
a519ea3 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.3.0...2.4.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Roopan-Microsoft
Merge pull request #404 from microsoft/dependabot/npm_and_yarn/src/fr…
516ed6c 
…ontend/dependabotchanges/undici-7.8.0

build: bump undici from 5.29.0 to 7.8.0 in /src/frontend
@Roopan-Microsoft
Merge pull request #403 from microsoft/dependabot/pip/src/dependabotc…
022ecb0 
…hanges/urllib3-2.4.0

build: bump urllib3 from 2.3.0 to 2.4.0 in /src
@Prasanjeet-Microsoft
Regenerated lock file and clean node_modules to resolve Docker build …
78557e8 
…issues
@Roopan-Microsoft Roopan-Microsoft merged commit 72019d0 into dev Apr 25, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Roopan-Microsoft Roopan-Microsoft Roopan-Microsoft approved these changes

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@hunterjam hunterjam Awaiting requested review from hunterjam hunterjam is a code owner

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@malrose07 malrose07 Awaiting requested review from malrose07 malrose07 is a code owner

@blessing-sanusi blessing-sanusi Awaiting requested review from blessing-sanusi blessing-sanusi is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Prasanjeet-Microsoft @Roopan-Microsoft