Bot Framework JS SDK 4.22.2

This is the April 2024 JS SDK patch release. This release contains minor bug fixes and security updates.

What's Changed

• fix: add content type header by @XVincentX in #4587
• fix: [#4544] JwtTokenExtractor.getIdentity:err! FetchError: request to https://login.botframework.com/v1/.well-known/openidconfiguration by @ceciliaavila in #4583
• bump: Update swagger-client to stop using lodash-compat by @JhontSouth in #4604
• fix: Removed Copyright from generated code by @tracyboehrer in #4612
• fix: [#4584] ChannelAccount cannot accept extensible properties by @JhontSouth in #4618
• bump: Update follow-redirects to ^1.15.4 by @JhontSouth in #4617
• bump: Update @azure/msal-node and @azure/msal-browser by @JhontSouth in #4619
• bump: undici from 5.28.2 to 5.28.3 by @dependabot in #4620
• bump: axios from 0.21.1 to 0.28.0 by @dependabot in #4621
• bump: ip from 1.1.5 to 1.1.9 by @dependabot in #4622
• bump: ip from 1.1.5 to 1.1.9 in /testing/browser-functional/browser-echo-bot by @dependabot in #4623
• bump: es5-ext from 0.10.53 to 0.10.63 by @dependabot in #4624
• fix: [botframework-connector] Use HashSet instead of string array for endorsement by @crdev13 in #4526
• bump: tar to 6.1.9 by @tracyboehrer in #4627
• bump: axios to 0.21.2 by @tracyboehrer in #4628
• chore: Removed autorest gen related by @tracyboehrer in #4629
• bump: axios and ws by @tracyboehrer in #4630
• bump: follow-redirects from 1.15.5 to 1.15.6 in /testing/browser-functional/browser-echo-bot by @dependabot in #4633
• bump: follow-redirects from 1.15.5 to 1.15.6 by @dependabot in #4634
• fix: [#4440][Bot node.js] Compile error for accessing "conversation" and "organizer" fields for get meeting details bot API by @ceciliaavila in #4442
• bump: express from 4.18.2 to 4.19.2 in /testing/browser-functional/browser-echo-bot by @dependabot in #4638
• bump: express from 4.17.3 to 4.19.2 by @dependabot in #4637
• getValue parity by @tracyboehrer in #4639
• chore: Moved @types/jsonwebtoken to dependencies by @tracyboehrer in #4640
• bump: undici from 5.28.3 to 5.28.4 by @dependabot in #4642

Full Changelog: 4.22.1...4.22.2

Bot Framework JS SDK 4.22.0

This is the January 2024 4.22.0 release for the JS SDK. This contains a security fixes, Sharepoint support, and ASE improvements.

What's Changed

• feat: Add ASE channel validation in #4589

• feat: Add isVisible property to AceData with nanoid in #4606

• feat: Support for SharePoint (Viva) Adaptive Card Extension in #4551

• fix: USGovSingleTenant OAuthEndpoint in #4588

• bump: Update mocha package to avoid vulnerability in #4603

• fix: [#4582] UserAssignedIdentity(WorkloadIdentity) auth fails with 'scope https://api.botframework.com is not valid' in #4607

• fix: Remove old @microsoft/recognizers-text-number version with postinstall scripts in #4608

• fix: [#4544] JwtTokenExtractor.getIdentity:err! FetchError: request to 'login.botframework.com/v1/.well-known/openidconfiguration' in #4583

Proxy notes

The introduction of MSAL in 4.21.0 encountered an issue when used behind a proxy. This version adds an additional way to specify proxy settings. This does require a change to the bot startup code if required.

See this issue for details, and if additional discussion is required: #4544

Bot Framework JS SDK 4.21.4

This is the January 2024 patch release for the JS SDK. This contains a security fix for axios.

What's Changed

• fix: Update axios and fix issue in botframework-connector by @JhontSouth in #4592
• fix: Add HTTP method in fetch request by @JhontSouth in #4593

NOTICE
Node versions 16 and older no longer have long-term support. Bot Framework SDK still supports Node 16, but users of the SDK should transition to at least Node 18 as soon as possible. We will not be able to continue supporting Node 16 and older bots with this SDK.

Bot Framework JS SDK 4.21.3

This is the December 2023 JS release. This release contains improvements to SN+I functionality.

Bot Framework JS SDK 4.21.1

This is the November 2023 Bot Framework JS SDK patch release. This release contains security related updates.

What's Changed

• fix: [#4545] Zod package - botbuilder-dialogs by @sw-joelmut in #4563
• fix: [#4545] Zod package - botbuilder by @sw-joelmut in #4561
• fix: [#4545] Zod package - botbuilder-core by @sw-joelmut in #4562
• chore: bump browserify-sign from 4.2.1 to 4.2.2 by @dependabot in #4553
• chore: bump browserify-sign from 4.2.1 to 4.2.2 in /testing/browser-functional/browser-echo-bot by @dependabot in #4554
• bump: Update babel related dependencies by @sw-joelmut in #4556

Full Changelog: 4.21.0...4.21.1

Bot Framework JS SDK 4.21.0

This is the October 2023 of the JS SDK. This release contains new Teams features and security fixes.

What's Changed

Teams

• port: [#4530] Add support for meeting participants added/removed events by @ceciliaavila in #4538
• port: [#4527][#6655] Implementation of Teams batch APIs by @ceciliaavila in #4535

Other Changes

• fix: [#2782] Migrate to MSAL from adal-node by @sw-joelmut in #4548
• fix: [#2782] Migrate to MSAL from adal-node - Add MSAL support by @ceciliaavila in #4543
• fix: use connectorClientOptions to create ConnectorFactory (#4420) by @k44 in #4421
• chore: bump get-func-name from 2.0.0 to 2.0.2 by @dependabot in #4540
• fix: fix the exchange token interface prarameter by @wenytang-ms in #4536
• chore: bump postcss from 8.3.5 to 8.4.31 by @dependabot in #4541
• chore: bump @babel/traverse from 7.12.1 to 7.23.2 by @dependabot in #4546
• chore(deps): bump @babel/traverse from 7.12.1 to 7.23.2 in /testing/browser-functional/browser-echo-bot by @dependabot in #4547
• feat: [#4349] Add new method to expose same functionality as BotFrameworkAdapter.processActivityDirect by @erquirogasw in #4380

New Contributors

• @wenytang-ms made their first contribution in #4536
• @k44 made their first contribution in #4421

Full Changelog: 4.20.1...4.21.0

Bot Framework JS SDK 4.20.1

What's Changed

• feat: [#4446] Azure Blob Storage should support Identity authentication by @ceciliaavila in #4486
• chore: bump fast-xml-parser from 4.2.2 to 4.2.4 by @dependabot in #4488
• port: [#6577] Can you add a log line for this exception? (#6587) by @erquirogasw in #4439
• feat: Add support for config auth type (fetch & submit) by @corinagum in #4485
• Dropped Node 12 from builds by @tracyboehrer in #4501
• port: [#4481] Outgoing Activity Locale being Overwritten by @ceciliaavila in #4489
• port: [#4482][#6588] UserId not being passed to AzureDiagnostics by @ceciliaavila in #4493
• chore: bump semver from 7.3.8 to 7.5.2 by @dependabot in #4495
• fix: Update restify Dependency in Yeoman Templates to v10.0.0 by @anishprasad01 in #4392
• chore: bump fast-xml-parser from 4.2.4 to 4.2.5 by @dependabot in #4502
• chore: bump semver from 5.7.1 to 5.7.2 in /testing/browser-functional/browser-echo-bot by @dependabot in #4499
• fix: [CVE-2023-26136] Update tough-cookie version by @sw-joelmut in #4508
• chore: bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in #4506
• chore: bump word-wrap from 1.2.3 to 1.2.4 in /testing/browser-functional/browser-echo-bot by @dependabot in #4507
• feat: [#4503] azure-storage deprecation by @ceciliaavila in #4510
• fix: Remove request package from browser-functional by @ceciliaavila in #4512
• fix: Remove request package from botbuilder-core tests by @ceciliaavila in #4514
• fix: Replace chatdown package from botbuilder-core tests by @ceciliaavila in #4516
• fix: Replace Map with WeakMap to avoid memory leak by @ceciliaavila in #4517
• fix: Upgrading restify to fix error on Node version 18+ by @GregBorrelly in #4515
• fix: remove ms-rest-azure package by @ceciliaavila in #4521
• fix: Remove ms-rest package by @ceciliaavila in #4523
• fix: [#4490] Usage of a vulnerable package - Upgrade recognizers-text-number by @ceciliaavila in #4524
• fix: [#4509] botbuilder-ai@4.20.0 is still installing @azure/ms-rest-js@1.11.2 for @azure/cognitiveservices-luis-runtime by @ceciliaavila in #4519
• port: [#4529] Update JwtTokenExtractor by @ceciliaavila in #4531
• fix: [#4520] Upgrade restify to fix error on Node version 18+ by @ceciliaavila in #4528
• fix: [#4525] Replace read-text-file package to avoid using LGPL by @ceciliaavila in #4534

New Contributors

• @GregBorrelly made their first contribution in #4515

Full Changelog: 4.20.0...4.20.1

Bot Framework for JS SDK 4.20.0

This is the June 2023 release of the JavaScript SDK. This release contains Teams features and bug/security fixes.

What's Changed

Teams

• feat: Add MeetingTabIconSurface to MeetingSurface capabilities by @corinagum in #4459
• feat: Add support for Teams Adaptive cards in QnA Dialog by @anishprasad01 in #4467
• fix: Teams Meeting Notification interface structure changes by @singhk97 in #4416
• fix: Teams activity handler documentation fix by @singhk97 in #4407
• fix: [#4408] Cloud adapter is not working with teams SSO by @erquirogasw in #4427
• port: [#4463][#6596] TeamsChannelData need OnBehalfOf by @ceciliaavila in #4474

Other

• fix: streaming client should connect under Node.js by @compulim in #4413
• fix: [#4414] JS Linux Functional Test pipeline failing by @ceciliaavila in #4419
• fix: [#4400] Security vulnerabilityCVE-2022-23540, CVE-2022-23539, CVE-2022-23541, CVE-2022-23529 by @erquirogasw in #4409
• fix: Add check to handle bad values in Orchestrator botState.ts by @anishprasad01 in #4425
• fix: Update channelServiceRoutes to add next() parameter to support restify 10.0.0+ by @anishprasad01 in #4429
• fix: [#4452][#4456][#4460][botframework-streaming] Should reject pending requests on disconnection by @compulim in #4461
• fix: [#4455] [botframework-streaming] Tests are not conclusive by @sw-joelmut in #4468
• fix: [#4466] Fix telemetry activityId and conversationId properties by @sw-joelmut in #4471
• chore: bump vm2 from 3.9.11 to 3.9.17 by @dependabot in #4451
• port: [#4464] USER scope variable values do not transfer to skill when SSO is configured by @ceciliaavila in #4472
• port: [#4432] Expired JWT token exception not being handled (#6572) by @ceciliaavila in #4436
• chore: bump json5 from 1.0.1 to 1.0.2 in /testing/browser-functional/browser-echo-bot by @dependabot in #4402
• chore: bump json5 from 1.0.1 to 1.0.2 by @dependabot in #4403
• chore: bump ua-parser-js from 0.7.31 to 0.7.33 in /testing/browser-functional/browser-echo-bot by @dependabot in #4422
• fix: [#4449] CloudAdapter always builds Connector with MicrosoftAppCredentials (never CertificateAppCredentials) -- certificate auth flow broken by @sw-joelmut in #4457
• chore: bump cookiejar from 2.1.2 to 2.1.4 by @dependabot in #4417
• bump: Update tools/nyc dependency by @sw-joelmut in #4475
• port: [#4465][#6560] Allow TokenCredential authentication in CosmosDbPartitionedStorage by @ceciliaavila in #4473
• chore: bump vm2 from 3.9.17 to 3.9.18 by @dependabot in #4478
• fix: Updates fast-xml-parser to address "Prototype Pollution" vulnerability by @giacomorebonato in #4477

New Contributors

• @corinagum made their first contribution in #4459
• @giacomorebonato made their first contribution in #4477

Full Changelog: 4.19.0...4.20.0

Bot Framework JS SDK 4.19.3

Welcome to the March 2023 release of the Bot Framework SDK.

What's Changed

• Streaming client should connect under Node.js #4413
• Update channelServiceRoutes to add next() parameter to support restify 10.0.0+ #4429

Bot Framework JS SDK 4.19.2

Welcome to the February 2023 release of the Bot Framework SDK.

What's Changed

SSO

• Cloud adapter is not working with teams SSO #4427