Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: botframework-webchat-component, botframework-webchat #342

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: botframework-webchat-component, botframework-webchat #342

wants to merge 1 commit into from

Conversation

DevangPatelUK
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

botframework-webchat-component
from 4.17.0 to 4.18.0 | 8 versions ahead of your current version | 2 months ago
on 2024-07-11
botframework-webchat
from 4.17.0 to 4.18.0 | 8 versions ahead of your current version | 2 months ago
on 2024-07-11

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Information Exposure
SNYK-JS-SANITIZEHTML-6256334		 586 Proof of Concept
Release notes
Package name: botframework-webchat-component from botframework-webchat-component GitHub release notes
Package name: botframework-webchat
  • 4.18.0 - 2024-07-11

    Subresource Integrity

    The CDN URL will be online in about a day after we completed publish to NPM.

    <script
  crossorigin="anonymous"
  integrity="sha384-YCF4860lf811lnrrIBL4pfZ+UqiNit+8lXEhSY3R+dSc+C1rg6UnEQR5avdOTbj0"
  src="https://cdn.botframework.com/botframework-webchat/4.18.0/webchat.js"
></script>
    <script
  crossorigin="anonymous"
  integrity="sha384-RuyQM7i2h9QDvJTm5quFymi0qfuWyIZocRdsgUaPIhlZnAM/Qz1/YnUxH55Dt9Rd"
  src="https://cdn.botframework.com/botframework-webchat/4.18.0/webchat-es5.js"
></script>
    <script
  crossorigin="anonymous"
  integrity="sha384-YXzfTEuq6x+8VEBZcHmPE9rM+NpSTVfRQsU1X0v4drgjp3S4F8d8rnq/anR3WLpj"
  src="https://cdn.botframework.com/botframework-webchat/4.18.0/webchat-minimal.js"
></script>

    Changelog

    [4.18.0] - 2024-07-10

    Added

    • (Experimental) Added initial decorators support, in PR #5205, by @ OEvgeny
      • Introduced internal botframework-webchat-api/decorator import, in PR #5205, by @ OEvgeny
      • Added DecoratorComposer and ActivityDecorator to be used for decorating activity border, in PR #5205, by @ OEvgeny

    Fixed

    • Read deeper into citation objects in order to provide names, in PR #5215, by @ beyackle2
    • Improved performance for useActivityWithRenderer, in PR #5172, by @ OEvgeny
    • Fixes #5162. Improved performance for useActivityTreeWithRenderer, in PR #5163, by @ compulim
    • Fixes #5175. PrecompiledGlobalize.js is emitted instead of .cjs, by @ compulim in PR #5181
    • Improved performance for BasicTranscript, in PR #5183, by @ OEvgeny
    • Fixed potential memory usage issues caused by useActivitiesWithRenderer, in PR #5183, by @ OEvgeny
    • Improved performance for useMemoized, in PR #5190, by @ OEvgeny
    • Fixed send box zoomed in when clicked on mobile Safari, in PR #5192, by @ OEvgeny
    • Added missing support for chat history scroll with keyboard when Fluent send box is focused, in PR #5191, by @ OEvgeny
    • Fixed DTMF command usage sent by telephone keypad, in PR #5198, by @ OEvgeny
    • Fixed decorator import in legacy CommonJS environments, in #5231, by @ OEvgeny

    Changed

  • 4.17.1-main.20240708.c9247bf - 2024-07-08
  • 4.17.1-main.20240625.336dd7c - 2024-06-25
  • 4.17.1-main.20240603.157a8cb - 2024-06-04
  • 4.17.1-main.20240516.aaff0e6 - 2024-05-16
  • 4.17.1-main.20240516.68b8b71 - 2024-05-16
  • 4.17.1-main.20240509.b00b5c9 - 2024-05-09
  • 4.17.1-main.20240508.bf8dbd9 - 2024-05-08
  • 4.17.0 - 2024-05-07

    Subresource Integrity

    The CDN URL will be online in about a day after we completed publish to NPM.

    <script
  crossorigin="anonymous"
  integrity="sha384-JrrxPK4UiMUpQfRYck+TH35vDgpZLtot9HqkG6F/pbubNCnNyRCYEbQ0mXH2z8s2"
  src="https://cdn.botframework.com/botframework-webchat/4.17.0/webchat.js"
></script>
    <script
  crossorigin="anonymous"
  integrity="sha384-N+hZt09yrG7gT/xDkupYZeFnCoFR1S4ig9v3h1liavEgPm9C+Lt4MFPv85gfBp6E"
  src="https://cdn.botframework.com/botframework-webchat/4.17.0/webchat-es5.js"
></script>
    <script
  crossorigin="anonymous"
  integrity="sha384-Z6hLc33tM1RVHGaYJbzrd6XkfxUwB+q4915W9K9ogwYqpIIew3oHhDfEzCfk1JgD"
  src="https://cdn.botframework.com/botframework-webchat/4.17.0/webchat-minimal.js"
></script>

    Changelog

    [4.17.0] - 2024-05-06

    Known issues

    • Web Chat is not loading with error Uncaught TypeError: Super constructor null of anonymous class is not a constructor

    Breaking changes

    • useSendMessage hook is updated to support sending attachments with a message. To reduce complexity, the useSendFiles hook is being deprecated. The hook will be removed on or after 2026-04-03
    • styleOptions.uploadThumbnailHeight and styleOptions.uploadThumbnailWidth must be a number of pixels
    • useSuggestedActions type is updated to align with its actual implementation, by @ OEvgeny, in PR #5122
    • Removed deprecated code: connect*, useRenderActivity, useRenderActivityStatus, useRenderAvatar, in PR #5148, by @ compulim
    • Added named exports in both CommonJS and ES Modules module format, in PR #5148, by @ compulim
    • Removed deprecated useFocusSendBox() hook, please use useFocus('sendBox') instead, in PR #5150, by @ OEvgeny
    • HTML-in-Markdown is now supported. To disable this feature, set styleOptions.markdownRenderHTML to false

    Added

    • Resolves #5083. Added sendAttachmentOn style option to send attachments and text in a single activity, by @ ms-jb and @ compulim, in PR #5123
      • useSendMessage hook is updated to support sending attachments with a message
      • useSendBoxAttachments hook is added to get/set attachments in the send box
    • Resolves #5081. Added uploadAccept and uploadMultiple style options, by @ ms-jb, in PR #5048
    • Added sendBoxMiddleware and sendBoxToolbarMiddleware, by @ compulim, in PR #5120
    • (Experimental) Added botframework-webchat-fluent-theme package for applying Fluent UI theme to Web Chat, by @ compulim and @ OEvgeny
      • Initial commit, in PR #5120
      • Inherits Fluent CSS palette if available, in PR #5122
      • New send box with Fluent look-and-feel, in PR #5122
        • styleOptions.maxMessageLength to specify maximum length of the outgoing message
      • Drag-and-drop file support, in PR #5122
      • Added telephone keypad (DTMF keypad), in PR #5122
      • Fixed botframework-webchat-fluent-theme/package.json to export *.d.[m]ts and default exports, in PR #5131
      • Added support of styleOptions.hideUploadButton, in PR #5132
      • Added styleOptions.hideTelephoneKeypadButton and default to true, in PR #5132
      • Fit-and-finish on suggested actions and telephone keypad, in PR #5132
      • Fixed to keep telephone keypad on-screen on click, in PR #5132
      • Disabled send button and hid message length when telephone keypad is shown, in PR #5136
      • Added dark theme support, in PR #5138
      • Added an information message to the telephone keypad, in PR #5140
      • Added animation to focus indicator and pixel-perfected, in PR #5143
      • Integrated focus management for send box, in PR #5150, by @ OEvgeny
      • Added keyboard navigation support into suggested actions, in PR #5154, by @ OEvgeny
      • Fixes #5166. Fixed "attach file" button in iOS Safari should looks the same as on other platforms, in PR

@snyk-bot
fix: upgrade multiple dependencies with Snyk
4a34084 
Snyk has created this PR to upgrade:
  - botframework-webchat-component from 4.17.0 to 4.18.0.
    See this package in npm: https://www.npmjs.com/package/botframework-webchat-component
  - botframework-webchat from 4.17.0 to 4.18.0.
    See this package in npm: https://www.npmjs.com/package/botframework-webchat

See this project in Snyk:
https://app.snyk.io/org/ibmstudent/project/868cc266-6bfe-4b28-af2d-f6f91e78a089?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@DevangPatelUK @snyk-bot