Bot Framework JS SDK 4.23.0
This is the August 2024 release of the Bot Framework JS SDK. This release contains Node 18 & 20 support, as well as security fixes.
NOTE
Due to the update to the last Azure Identity and MSAL.Node packages, Node versions prior to Node 18 are no longer supported. This is because those packages don't support out-of-support Node versions.
What's Changed
-
bump: [#4550] Add Node 18 and 20 support by @sw-joelmut in #4726
-
fix: Remove CVE-2022-3517 vulnerability by @JhontSouth in #4699
-
fix: Remove CVE-2022-25881 vulnerability by updating the http-cache-semantics package by @sw-joelmut in #4703
-
fix: Remove CVE-2020-8203 vulnerability in lodash.set by @andres-robinet-sw in #4704
-
fix: Remove CVE-2021-3807 vulnerability by @JhontSouth in #4705
-
fix: Remove CVE-2022-23539 vulnerability by updating the jsonwebtoken packages by @sw-joelmut in #4706
-
fix: Remove CVE-2022-3517 vulnerability with minimatch by @JhontSouth in #4707
-
bump: semver from 5.7.1 to 7.6.2 by @dependabot in #4710
-
bump: hosted-git-info from 2.8.8 to 2.8.9 by @dependabot in #4711
-
bump: elliptic from 6.5.3 to 6.5.5 by @dependabot in #4712
-
fix: Remove CVE-2020-28469 vulnerability by updating the glob-parent package by @sw-joelmut in #4713
-
fix: Remove remaining vulnerabilities by updating the hosted-git-info, tar, semver, ejs, elliptic packages by @sw-joelmut in #4714
-
fix: [#4684] Remove unnecessary resolutions by @sw-joelmut in #4719
-
fix: Remove undefined value in @azure/msal-node by @JhontSouth in #4718
-
bump: fast-xml-parser from 4.2.5 to 4.4.1 by @dependabot in #4721
-
port: [#6813][#6798] Not able to create instance of BlobsTranscriptStore using TokenCredential instead of connectionString and containerName by @JhontSouth in #4720
-
fix: Remove browser-echo-bot vulnerabilities by @JhontSouth in #4717
-
fix: CVE-2024-42460 vulnerability with elliptic by @JhontSouth in #4729
-
bump: axios from 1.7.2 to 1.7.4 by @dependabot in #4730
-
port: [#6793][#6792] Composer Bot with QnA Intent recognized triggers duplicate QnA queries by @JhontSouth in #4700
Full Changelog: 4.22.3...4.23.0
