chore(deps): bump fast-xml-parser and adaptive-expressions in /samples/react-formcustomizer-customers

[dependabot]

Bumps fast-xml-parser and adaptive-expressions. These dependencies needed to be updated together.
Updates fast-xml-parser from 5.2.1 to 5.5.11

Release notes

Sourced from fast-xml-parser's releases.

performance improvment, increase entity expansion default limit

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call

fix bugs of entity parsing and value parsing

fix: entity expansion limits update strnum package to 2.2.0

fix entity expansion and incorrect replacement and performance

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.5...v5.5.6

support onDangerousProperty

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.3...v5.5.5

update dependecies to fix typings

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.1...v5.5.2

integrate path-expression-matcher

• support path-expression-matcher
• fix: stopNode should not be parsed
• performance improvement for stopNode checking

Separate Builder

XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.

Migration

To migrate to fast-xml-builder;

From

import { XMLBuilder } from "fast-xml-parser";

... (truncated)

Commits

• See full diff in compare view

Updates adaptive-expressions from 4.17.0 to 4.23.3

Release notes

Sourced from adaptive-expressions's releases.

Bot Framework JS SDK 4.23.3

Notable in this release

• Added supporet for TS 5.9

  Note: In order to support new TS version, we had to drop support for TS 4.7 as it is incompatible with the new node/types version.

• Package updates to resolve security alerts

What's Changed

• fix: Remaining CodeQL issues (microsoft/botbuilder-js#4898)
• bump: [https://redirect.github.com/microsoft/botbuilder-js/issues/4894] Add support for typescript 5.9 (microsoft/botbuilder-js#4897)
• fix: [https://redirect.github.com/microsoft/botbuilder-js/issues/4840] The use of the package browserify-sign could violate Microsoft crypto policy (microsoft/botbuilder-js#4875)
• Mark activity as optional in ConversationParameters (microsoft/botbuilder-js#4873)
• bump: dependencies to safe versions (microsoft/botbuilder-js#4896)
• Enable configuration of the OpenIdmetadata's refresh interval (microsoft/botbuilder-js#4877)
• fix: CodeQL issues with Medium and Error severity (microsoft/botbuilder-js#4893)
• bump: pbkdf2 from 3.1.1 to 3.1.3 (microsoft/botbuilder-js#4888)
• port: CQA to support TokenCredential instead of key (microsoft/botbuilder-js#4879)
• fix: CodeQL issues with severity High (microsoft/botbuilder-js#4892)
• Bump pbkdf2 version to fix issue (microsoft/botbuilder-js#4891)
• chore(deps): bump tar-fs from 2.1.1 to 2.1.2 (microsoft/botbuilder-js#4871)
• fix: Add signInSso cardviewType to SignInCardViewParameters (microsoft/botbuilder-js#4872)
• Update babel-runtime (microsoft/botbuilder-js#4868)
• bump: axios from 1.7.7 to 1.8.2 (microsoft/botbuilder-js#4869)
• Allow null value for Configuration parameter (microsoft/botbuilder-js#4856)
• fix: [https://redirect.github.com/microsoft/botbuilder-js/issues/4853] ConfigurationBotFrameworkAuthentication errors when initialized with process.env (microsoft/botbuilder-js#4857)
• Update elliptic, esbuild, and serialize-javascript (microsoft/botbuilder-js#4862)
• refactor: [https://redirect.github.com/microsoft/botbuilder-js/issues/4759] Migrate off @​azure/core-http (microsoft/botbuilder-js#4834)
• chore(deps): bump elliptic from 6.6.0 to 6.6.1 (microsoft/botbuilder-js#4863)
• fix: Update generators and remove Core Bot templates (microsoft/botbuilder-js#4867)
• Fix actions/cache deprecation (microsoft/botbuilder-js#4858)

Full Changelog: microsoft/botbuilder-js@4.23.2...4.23.3

Bot Framework JS SDK 4.23.2

Notable changes in this release

• Node 22 support
• Dependency updates for security alerts
• Federated Credentials for bot-to-channel auth. This is supported for single tenant only.

What's Changed

• port: #4632 Support Federated Identity Credential by @​sw-joelmut in microsoft/botbuilder-js#4765
• port: #6841 SkillDialog.InterceptOAuthCardsAsync doesn't support CloudAdapter by @​ceciliaavila in microsoft/botbuilder-js#4766
• fix: CVE-2024-52798 vulnerability with path-to-regexp by @​JhontSouth in microsoft/botbuilder-js#4817
• bump: Update d3-format package by @​JhontSouth in microsoft/botbuilder-js#4842
• fix: Run the coveralls step only for windows by @​ceciliaavila in microsoft/botbuilder-js#4843
• bump: nanoid from 3.3.6 to 3.3.8 by @​dependabot in microsoft/botbuilder-js#4812
• feat: Support Sso for SharePoint bot ACEs by @​bentsai10 in microsoft/botbuilder-js#4806
• port:#6879 Bot is not accepting v2 tokens from Bot Framework Emulator - Single Tenant Bots by @​JhontSouth in microsoft/botbuilder-js#4847
• fix: Upgrade path-to-regexp and find-my-way packages to latest version by @​ceciliaavila in microsoft/botbuilder-js#4756
• bump: http-proxy-middleware from 2.0.6 to 2.0.7 by @​dependabot in microsoft/botbuilder-js#4778

... (truncated)

Commits

• 0ca2d23 bump: Update from main for 4.23.3 (#4899)
• 7534989 bump: Update chai package (#4844)
• 4a9c741 Suppress fake secret in unit test. (#4850)
• 29ae34b bump: Update p-map package (#4820)
• 62112c0 port: #6882 Mock expired token for 'throws exception on expired token' unit...
• 7b1434f fix: Remaining ESLint issues (#4846)
• b3b1f65 add the support for every possible issuer in Single Tenant for emulator (#4847)
• 31c72e9 feat: Support Sso for SharePoint bot ACEs (#4806)
• cd05a19 chore(deps): bump nanoid from 3.3.6 to 3.3.8 (#4812)
• adca2e0 Run the coveralls step only for windows (#4843)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.