Skip to content

chore: fixed security vulnerabilities#260

Merged
Roopan-Microsoft merged 5 commits intomicrosoft:devfrom
Kanchan-Microsoft:main
Sep 17, 2025
Merged

chore: fixed security vulnerabilities#260
Roopan-Microsoft merged 5 commits intomicrosoft:devfrom
Kanchan-Microsoft:main

Conversation

@Kanchan-Microsoft
Copy link
Copy Markdown
Contributor

Purpose

This pull request updates several dependencies to address potential security issues and improve compatibility in both the Python backend and the JavaScript frontend. The main changes involve upgrading the h11, form-data, and nth-check packages to newer versions.

Dependency updates (security and compatibility):

  • Updated the Python h11 package from version 0.14.0 to 0.16.0 in both requirements.txt and pyproject.toml to ensure compatibility with other dependencies and receive the latest fixes.
  • Upgraded the form-data JavaScript package to version 3.0.4 and 4.0.4 in various locations within package-lock.json to address security vulnerabilities and maintain consistency across dependencies.
  • Updated the nth-check JavaScript package from version 1.0.2 to 2.0.1 in multiple locations within package-lock.json to address security concerns and ensure compatibility with other dependencies.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

Prajwal-Microsoft and others added 3 commits August 25, 2025 12:28
docs: add support for reusing existing AI Foundry resources via AZURE_EXISTING_AI_PROJECT_RESOURCE_ID
docs: Troubleshooting document Dev to Main changes
@Roopan-Microsoft Roopan-Microsoft merged commit 4ef04e7 into microsoft:dev Sep 17, 2025
4 checks passed
@github-actions
Copy link
Copy Markdown

🎉 This PR is included in version 1.10.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants