Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[botframework-connector] upgrade and clean up dependencies #4123

Closed
restfulhead opened this issue Feb 21, 2022 · 2 comments · Fixed by #4161
Closed

[botframework-connector] upgrade and clean up dependencies #4123

restfulhead opened this issue Feb 21, 2022 · 2 comments · Fixed by #4161
Assignees
@JuanAr
Labels
feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team.
Milestone
R16

Comments

@restfulhead
Copy link

  1. @azure/identity uses a beta version, @azure/ms-rest-js is also very outdated. This could also have security implications. Suggest to upgrade.
  2. Is it necessary to pin jsonwebtoken to a specific patch version? I suggest to use ^8.0.1 of ~8.0.1 instead of 8.0.1. This would make it more compatible.
  3. There are a few type dependencies, which should be defined as dev dependencies @types/jsonwebtoken and @types/node.

current package.json:

"dependencies": {
    "@azure/identity": "2.0.0-beta.6",
    "@azure/ms-rest-js": "1.9.1",
    "@types/jsonwebtoken": "7.2.8",
    "@types/node": "^10.17.27",
    "adal-node": "0.2.3",
    "axios": "^0.25.0",
    "base64url": "^3.0.0",
    "botbuilder-stdlib": "4.1.6",
    "botframework-schema": "4.1.6",
    "cross-fetch": "^3.0.5",
    "jsonwebtoken": "8.0.1",
    "rsa-pem-from-mod-exp": "^0.8.4",
    "zod": "~1.11.17"
  },
@restfulhead restfulhead added feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team. labels Feb 21, 2022
@mrivera-ms
Copy link
Contributor

Assigning to @JuanAr for investigation.

@mrivera-ms mrivera-ms added this to the R16 milestone Mar 3, 2022
@ceciliaavila
Copy link
Collaborator

@mrivera-ms in progress

@ceciliaavila ceciliaavila mentioned this issue Mar 16, 2022
Merged
tracyboehrer pushed a commit that referenced this issue Sep 19, 2022
@ceciliaavila
fix: [#4123][botframework-connector] upgrade and clean up dependencies (
d05bf77 
#4161)

* Update dependencies

* Upgrade azure/ms-rest-js

* Remove TS 3.3 and 3.4 from consumer-test check

* Adjust jsonwebtoken version

* Downgrade @types/jsonwebtoken to 8.3.5

* Fix merge error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JuanAr JuanAr

Labels
feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team.
Projects
None yet
Milestone
R16
Development

Successfully merging a pull request may close this issue.

fix: [#4123][botframework-connector] upgrade and clean up dependencies microsoft/botbuilder-js
4 participants
@restfulhead @JuanAr @ceciliaavila @mrivera-ms