[Snyk] Upgrade botbuilder from 4.22.2 to 4.23.1

[DevangPatelUK]

Snyk has created this PR to upgrade botbuilder from 4.22.2 to 4.23.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	696	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	696	Proof of Concept
	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') SNYK-JS-AZUREIDENTITY-7246760	696	No Known Exploit
	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') SNYK-JS-AZUREMSALNODE-7246761	696	No Known Exploit

Release notes

Package name: botbuilder

• 4.23.1 - 2024-09-23
  

  What's Changed

  • bump: micromatch from 4.0.7 to 4.0.8 in /testing/browser-functional/browser-echo-bot by @ dependabot in #4732
  • bump: micromatch from 4.0.2 to 4.0.8 by @ dependabot in #4733
  • bump: [#4684] Update multiple dependencies inside public libraries to latest version by @ sw-joelmut in #4739
  • bump: webpack from 5.92.0 to 5.94.0 in /testing/browser-functional/browser-echo-bot by @ dependabot in #4736
  • fix: [#4684] Update some dependencies to latest version by @ sw-joelmut in #4737
  • fix: [#4684] Update versions command by @ sw-joelmut in #4742
  • bump: body-parser from 1.20.2 to 1.20.3 by @ dependabot in #4743
  • bump: express from 4.19.2 to 4.20.0 in /testing/browser-functional/browser-echo-bot by @ dependabot in #4744
  • fix: Upgrade express dependency to latest version by @ ceciliaavila in #4747
  • fix: Replace globby with fast-glob by @ JhontSouth in #4745
  • fix: Upgrade send dependency to latest version by @ ceciliaavila in #4749
  • bump: [#4684] Update @ azure/cosmos and @ azure/core-auth dependencies to their latest version by @ sw-joelmut in #4748
  • bump: [#4684] Update multiple dependencies inside internal libraries to latest version by @ sw-joelmut in #4752
• 4.23.0 - 2024-08-28
  

  This is the August 2024 release of the Bot Framework JS SDK. This release contains Node 18 & 20 support, as well as security fixes.

  NOTE
  Due to the update to the last Azure Identity and MSAL.Node packages, Node versions prior to Node 18 are no longer supported. This is because those packages don't support out-of-support Node versions.

  What's Changed

  • bump: [#4550] Add Node 18 and 20 support by @ sw-joelmut in #4726

  • fix: Remove CVE-2022-3517 vulnerability by @ JhontSouth in #4699

  • fix: Remove CVE-2022-25881 vulnerability by updating the http-cache-semantics package by @ sw-joelmut in #4703

  • fix: Remove CVE-2020-8203 vulnerability in lodash.set by @ andres-robinet-sw in #4704

  • fix: Remove CVE-2021-3807 vulnerability by @ JhontSouth in #4705

  • fix: Remove CVE-2022-23539 vulnerability by updating the jsonwebtoken packages by @ sw-joelmut in #4706

  • fix: Remove CVE-2022-3517 vulnerability with minimatch by @ JhontSouth in #4707

  • bump: semver from 5.7.1 to 7.6.2 by @ dependabot in #4710

  • bump: hosted-git-info from 2.8.8 to 2.8.9 by @ dependabot in #4711

  • bump: elliptic from 6.5.3 to 6.5.5 by @ dependabot in #4712

  • fix: Remove CVE-2020-28469 vulnerability by updating the glob-parent package by @ sw-joelmut in #4713

  • fix: Remove remaining vulnerabilities by updating the hosted-git-info, tar, semver, ejs, elliptic packages by @ sw-joelmut in #4714

  • fix: [#4684] Remove unnecessary resolutions by @ sw-joelmut in #4719

  • fix: Remove undefined value in @ azure/msal-node by @ JhontSouth in #4718

  • bump: fast-xml-parser from 4.2.5 to 4.4.1 by @ dependabot in #4721

  • port: [#6813][#6798] Not able to create instance of BlobsTranscriptStore using TokenCredential instead of connectionString and containerName by @ JhontSouth in #4720

  • fix: Remove browser-echo-bot vulnerabilities by @ JhontSouth in #4717

  • fix: CVE-2024-42460 vulnerability with elliptic by @ JhontSouth in #4729

  • bump: axios from 1.7.2 to 1.7.4 by @ dependabot in #4730

  • port: [#6793][#6792] Composer Bot with QnA Intent recognized triggers duplicate QnA queries by @ JhontSouth in #4700

  Full Changelog: 4.22.3...4.23.0

• 4.23.0-rc1 - 2024-08-26
• 4.23.0-dev.20240405 - 2024-04-05
• 4.23.0-dev.20240404 - 2024-04-04
• 4.23.0-dev.20240403 - 2024-04-03
• 4.23.0-dev.20240329 - 2024-03-29
• 4.23.0-dev.20240320 - 2024-03-20
• 4.23.0-dev.20240307 - 2024-03-07
• 4.23.0-dev.20240202 - 2024-02-02
• 4.23.0-dev.20240130 - 2024-01-30
• 4.23.0-dev.20240126 - 2024-01-26
• 4.22.3 - 2024-06-27
  

  This is the June 2024 patch release of the Bot Framework JS SDK. This release contains security updates.

  What's Changed

  • fix: Remove CVE-2020-28469 with with glob-parent 5.1.1 (High) by @ JhontSouth in #4670
  • fix: CodeQL SM04509 issue by @ andres-robinet-sw in #4671
  • bump: Upgrade axios version to ^1.7.2 by @ JhontSouth in #4680
  • fix: Remove CVE-2024-37890 vulnerability by updating the ws package by @ sw-joelmut in #4683
  • fix: Remove CVE-2020-36632 vulnerability by @ JhontSouth in #4687
  • fix: Remove CVE-2022-21680 vulnerability by @ JhontSouth in #4688
  • fix: Remove CVE-2022-21680 vulnerability by @ JhontSouth in #4689
  • fix: Remove CVE-2023-45133 vulnerability by @ JhontSouth in #4691
  • fix: CVE-2020-8203 with lodash.pick by @ andres-robinet-sw in #4692
  • fix: Remove CVE-2020-7774 vulnerability by updating the y18n package by @ sw-joelmut in #4693
  • fix: Remove CVE-2022-0144 vulnerability by @ JhontSouth in #4695
  • fix: Remove CVE-2024-4068 vulnerability by @ JhontSouth in #4696
  • feat: Support Single Tenant authentication through BotFramework-Emulator by @ JhontSouth in #4643
  • refactor: AgentSettings Circular Structure and improve internals by @ sw-joelmut in #4641
  • chore: Moved @ types/jswebtoken (in both places) to dependencies. by @ tracyboehrer in #4646
  • chore: [#4636] Add more information to Tenant parameters by @ sw-joelmut in #4649
  • fix: SM03944 suppression by @ tracyboehrer in #4654
  • Removed unused build assets by @ tracyboehrer in #4658
  • fix: [#4657] bump the npm_and_yarn group across 2 directories with 20 updates by @ JhontSouth in #4663
  • fix: SM04509 suppression by @ tracyboehrer in #4667
  • fix: SM02383 suppression by @ tracyboehrer in #4668
  • fix: [#4483] Switching npm dependency bcrypt to bcryptjs by @ JhontSouth in #4669
• 4.22.2 - 2024-04-15
  

  This is the April 2024 JS SDK patch release. This release contains minor bug fixes and security updates.

  What's Changed

  • fix: add content type header by @ XVincentX in #4587
  • fix: [#4544] JwtTokenExtractor.getIdentity:err! FetchError: request to https://login.botframework.com/v1/.well-known/openidconfiguration by @ ceciliaavila in #4583
  • bump: Update swagger-client to stop using lodash-compat by @ JhontSouth in #4604
  • fix: Removed Copyright from generated code by @ tracyboehrer in #4612
  • fix: [#4584] ChannelAccount cannot accept extensible properties by @ JhontSouth in #4618
  • bump: Update follow-redirects to ^1.15.4 by @ JhontSouth in #4617
  • bump: Update @ azure/msal-node and @ azure/msal-browser by @ JhontSouth in #4619
  • bump: undici from 5.28.2 to 5.28.3 by @ dependabot in #4620
  • bump: axios from 0.21.1 to 0.28.0 by @ dependabot in #4621
  • bump: ip from 1.1.5 to 1.1.9 by @ dependabot in #4622
  • bump: ip from 1.1.5 to 1.1.9 in /testing/browser-functional/browser-echo-bot by @ dependabot in #4623
  • bump: es5-ext from 0.10.53 to 0.10.63 by @ dependabot in #4624
  • fix: [botframework-connector] Use HashSet instead of string array for endorsement by @ crdev13 in #4526
  • bump: tar to 6.1.9 by @ tracyboehrer in #4627
  • bump: axios to 0.21.2 by @ tracyboehrer in #4628
  • chore: Removed autorest gen related by @ tracyboehrer in #4629
  • bump: axios and ws by @ tracyboehrer in #4630
  • bump: follow-redirects from 1.15.5 to 1.15.6 in /testing/browser-functional/browser-echo-bot by @ dependabot in #4633
  • bump: follow-redirects from 1.15.5 to 1.15.6 by @ dependabot in #4634
  • fix: [#4440][Bot node.js] Compile error for accessing "conversation" and "organizer" fields for get meeting details bot API by @ ceciliaavila in #4442
  • bump: express from 4.18.2 to 4.19.2 in /testing/browser-functional/browser-echo-bot by @ dependabot in #4638
  • bump: express from 4.17.3 to 4.19.2 by @ dependabot in