[C#] bump: Bump the production group with 2 updates #2605

dependabot · 2025-09-15T19:07:07Z

Updated Azure.Identity from 1.15.0 to 1.16.0.

Release notes

Sourced from Azure.Identity's releases.

1.16.0 1.16.0 (2025-09-09)

Features Added

Added a new DefaultAzureCredential constructor that accepts a custom environment variable name for credential configuration. This provides flexibility beyond the default AZURE_TOKEN_CREDENTIALS environment variable. The constructor accepts any environment variable name and uses the same credential selection logic as the existing AZURE_TOKEN_CREDENTIALS processing.
Added DefaultAzureCredential.DefaultEnvironmentVariableName constant property that returns "AZURE_TOKEN_CREDENTIALS" for convenience when referencing the default environment variable name.
AzureCliCredential, AzurePowerShellCredential, and AzureDeveloperCliCredential now throw an AuthenticationFailedException when the TokenRequestContext includes claims, as these credentials do not support claims challenges. The exception message includes guidance for handling such scenarios.
When AZURE_TOKEN_CREDENTIALS or the equivalent custom environment variable is configured to ManagedIdentityCredential, the DefaultAzureCredential does not issue a probe request and performs retries with exponential backoff.

Bugs Fixed

Fixed AzureDeveloperCliCredential hanging when the AZD_DEBUG environment variable is set by adding the --no-prompt flag to prevent interactive prompts (#52005).
BrokerCredential is now included in the chain when AZURE_TOKEN_CREDENTIALS is set to dev.
Fixed an issue that prevented ManagedIdentityCredential from utilizing the token cache in Workload Identity Federation environments.
Fixed a bug in DefaultAzureCredential that caused the credential chain to be constructed incorrectly when using AZURE_TOKEN_CREDENTIALS in combination with DefaultAzureCredentialOptions.

Other Changes

The BrokerCredential is now always included in the DefaultAzureCredential chain. If the Azure.Identity.Broker package is not referenced, an exception will be thrown when GetToken is called, making its behavior consistent with the rest of the credentials in the chain.
Updated Microsoft.Identity.Client dependency to version 4.76.0.
Updated Microsoft.Identity.Client.Extensions.Msal dependency to version 4.76.0.

Commits viewable in compare view.

Updated Microsoft.Identity.Client from 4.76.0 to 4.77.0.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.77.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…es (#2382) #minor Bumps the development group in /js with 2 updates: [@microsoft/api-extractor](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-extractor) and [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier). Updates `@microsoft/api-extractor` from 7.52.2 to 7.52.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/microsoft/rushstack/blob/main/apps/api-extractor/CHANGELOG.md"><code>@microsoft/api-extractor</code>'s changelog</a>.</em></p> <blockquote> <h2>7.52.3</h2> <p>Fri, 04 Apr 2025 18:34:35 GMT</p> <h3>Patches</h3> <ul> <li>Add support for customizing which TSDoc tags appear in API reports</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/rushstack/commit/a425b63cc061b08d8be5b1772e148b0d41dca0b4"><code>a425b63</code></a> Bump versions [skip ci]</li> <li><a href="https://github.com/microsoft/rushstack/commit/1a9126a371e8e145e3f5e602430bf9e1238e84c9"><code>1a9126a</code></a> Update changelogs [skip ci]</li> <li><a href="https://github.com/microsoft/rushstack/commit/875d3de5bcc158b3c93b47969f1cb95538ca3f68"><code>875d3de</code></a> [api-extractor] Customize which TSDoc tags appear in API reports (<a href="https://github.com/microsoft/rushstack/tree/HEAD/apps/api-extractor/issues/5079">#5079</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/rushstack/commits/@microsoft/api-extractor_v7.52.3/apps/api-extractor">compare view</a></li> </ul> </details> <br /> Updates `eslint-plugin-prettier` from 5.2.5 to 5.2.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prettier/eslint-plugin-prettier/releases">eslint-plugin-prettier's releases</a>.</em></p> <blockquote> <h2>v5.2.6</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/prettier/eslint-plugin-prettier/pull/723">#723</a> <a href="https://github.com/prettier/eslint-plugin-prettier/commit/1451176a82fae991c0f4f74adf80af283c3a01c3"><code>1451176</code></a> Thanks <a href="https://github.com/apps/renovate"><code>@renovate</code></a>! - fix(deps): bump <code>synckit</code> to <code>v0.11.0</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md">eslint-plugin-prettier's changelog</a>.</em></p> <blockquote> <h2>5.2.6</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/prettier/eslint-plugin-prettier/pull/723">#723</a> <a href="https://github.com/prettier/eslint-plugin-prettier/commit/1451176a82fae991c0f4f74adf80af283c3a01c3"><code>1451176</code></a> Thanks <a href="https://github.com/apps/renovate"><code>@renovate</code></a>! - fix(deps): bump <code>synckit</code> to <code>v0.11.0</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prettier/eslint-plugin-prettier/commit/fa9607e92bdb63942c906d3a888fa6308ef9f7f9"><code>fa9607e</code></a> chore: release eslint-plugin-prettier (<a href="https://redirect.github.com/prettier/eslint-plugin-prettier/issues/724">#724</a>)</li> <li><a href="https://github.com/prettier/eslint-plugin-prettier/commit/1451176a82fae991c0f4f74adf80af283c3a01c3"><code>1451176</code></a> fix(deps): update all dependencies (<a href="https://redirect.github.com/prettier/eslint-plugin-prettier/issues/723">#723</a>)</li> <li><a href="https://github.com/prettier/eslint-plugin-prettier/commit/1914ea87a586821cdb09ba7ad9f19644efb91a88"><code>1914ea8</code></a> chore: ignore <code>pnpm</code> for compatibility reason</li> <li>See full diff in <a href="https://github.com/prettier/eslint-plugin-prettier/compare/v5.2.5...v5.2.6">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

## Linked issues closes: #minor ## Details Bump to `v1.10.1` Update dotnet release pipeline to do the following: 1. Strong name sign .dll ![image](https://github.com/user-attachments/assets/e5cbe0ad-3d25-4b34-a3f7-49d3754c5117) 2. Authenticode sign .dll ![image](https://github.com/user-attachments/assets/4be82731-67f2-43a9-a18e-98f9fc7e74db) 3. Sign nuget package ![image](https://github.com/user-attachments/assets/58b5b7f0-ab9a-4f54-9603-8b67a184c3b9) ## Attestation Checklist - [x] My code follows the style guidelines of this project - I have checked for/fixed spelling, linting, and other errors - I have commented my code for clarity - I have made corresponding changes to the documentation (updating the doc strings in the code is sufficient) - My changes generate no new warnings - I have added tests that validates my changes, and provides sufficient test coverage. I have tested with: - Local testing - E2E testing in Teams - New and existing unit tests pass locally with my changes

…nMapping.lightBot (#2408) #minor Bumps [h11](https://github.com/python-hyper/h11) from 0.14.0 to 0.16.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca"><code>1c5b075</code></a> this time for surer</li> <li><a href="https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a"><code>d9c3699</code></a> this time for sure...</li> <li><a href="https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39"><code>d91b9dd</code></a> blacken</li> <li><a href="https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0"><code>5a4683c</code></a> Soothe mypy</li> <li><a href="https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536"><code>9c9567f</code></a> Bump version to 0.16.0</li> <li><a href="https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed"><code>114803a</code></a> Merge commit from fork</li> <li><a href="https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0"><code>9462006</code></a> Bump version to 0.15.0</li> <li><a href="https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685"><code>70a96be</code></a> Merge pull request <a href="https://redirect.github.com/python-hyper/h11/issues/181">#181</a> from Julien00859/Julien00859/get_int_max_str_digits</li> <li><a href="https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c"><code>60782ad</code></a> Reject Content-Length longer 1 billion TB</li> <li><a href="https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f"><code>dff7cc3</code></a> Validate Chunked-Encoding chunk footer</li> <li>Additional commits viewable in <a href="https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h11&package-manager=pip&previous-version=0.14.0&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

@typedef

## Linked issues closes: #minor --------- Co-authored-by: lilydu <lilydu+odspmdb@microsoft.com> Co-authored-by: Corina <14900841+corinagum@users.noreply.github.com>

## Linked issues closes: #2427, #2387 ## Details Fixes for custom feedback loops when using the library for .NET: 1. Setting feedbackLoopType to "custom" on a StreamingChannelData object included as ChannelData in a message Activity response from the bot does not properly enable Teams to be able to fetch a custom feedback form when clicking the feedback buttons. This appears to be related to an issue with how the feedbackLoopType is serialized to the channelData property within the JSON. Currently, feedbackLoopType is included as a property of channelData when serialized. However, according to some [docs](https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/bot-messages-ai-generated-content?tabs=desktop%2Cbotmessage#add-feedback-buttons), the bot framework API seems to expect this to be set like the following within the channelData property: ``` { "feedbackLoop": { "type": "custom" } } ``` 2. Ran into an error when responding to message/fetchTask invoke requests. The network trace in Teams shows the following error in the HTTP response from the invoke: `{"errorCode":1008,"message":"<BotError>Error when processing invoke response: Task or Task Type is missing in Task Module response","standardizedError":{"errorCode":1008,"errorSubCode":1,"errorDescription":"<BotError>Error when processing invoke response: Task or Task Type is missing in Task Module response"}}`. No exception is raised within the Teams AI library when responding. Example of the the handler is below. Adaptive Card included in the attachment has been validated in the Adaptive Card designer, and I did try swapping out a 'known working' card from another task module - same result. #### Change details - Added a custom JsonConverter to properly serialize the feedback loop type on the StreamingChannelData object - Fixed the reference for OnMessageFetchTask in Application.cs from `response` to `result`.

closes: #2461 ## Details While sending text chunks with reference to same citations, duplicate citations are added to Entities which leads to streaming errors. For example, if citation [1] was referenced multiple times in streamed text streamer.QueueTextChunk("This is a sample text referencing first document [1] and second document [2], However the more relevant document appears to be first document [1]."); Total 3 citations are added into the final sent activity. This leads to upstream errors and unexpected results on client. #### Change details - Adjusted citation position handling in `StreamingResponse.cs` to ensure correct alignment with text. - Enhanced duplicate match processing in `CitationUtils.cs` using a `HashSet` to filter duplicates before citation retrieval. - Introduced `Test_SendTextChunk_SendsFinalMessageWithUniqueCitations` in `StreamingResponseTests.cs` to validate unique citations in streamed messages. ✅ My code follows the style guidelines of this project - I have checked for/fixed spelling, linting, and other errors - I have commented my code for clarity - I have made corresponding changes to the documentation (updating the doc strings in the code is sufficient) - My changes generate no new warnings - I have added tests that validates my changes, and provides sufficient test coverage. I have tested with: - Local testing - E2E testing in Teams - New and existing unit tests pass locally with my changes Co-authored-by: Krishna <kris.baba@gmail.com>

…es (#2471) #minor Bumps the development group in /js with 3 updates: [@microsoft/api-extractor](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-extractor), [applicationinsights](https://github.com/microsoft/ApplicationInsights-node.js) and [tsc-watch](https://github.com/gilamran/tsc-watch). Updates `@microsoft/api-extractor` from 7.52.7 to 7.52.8 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/microsoft/rushstack/blob/main/apps/api-extractor/CHANGELOG.md"><code>@microsoft/api-extractor</code>'s changelog</a>.</em></p> <blockquote> <h2>7.52.8</h2> <p>Tue, 13 May 2025 02:09:20 GMT</p> <h3>Patches</h3> <ul> <li>Fixes API extractor error handling when changed APIs are encountered and the "--local" flag is not specified</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/rushstack/commit/fba6858c00c01b15de418f0073dba4f148f6022f"><code>fba6858</code></a> Bump versions [skip ci]</li> <li><a href="https://github.com/microsoft/rushstack/commit/d4e0a6e4a07570e9f3bc0ed31714aca97aacbcba"><code>d4e0a6e</code></a> Update changelogs [skip ci]</li> <li><a href="https://github.com/microsoft/rushstack/commit/d9226f82076663aa2aced9b6caa406e1cad4d1a7"><code>d9226f8</code></a> [api-extractor] Fix error handling when encountering changed APIs (<a href="https://github.com/microsoft/rushstack/tree/HEAD/apps/api-extractor/issues/5226">#5226</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/rushstack/commits/@microsoft/api-extractor_v7.52.8/apps/api-extractor">compare view</a></li> </ul> </details> <br /> Updates `applicationinsights` from 2.9.6 to 2.9.7 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/ApplicationInsights-node.js/commits">compare view</a></li> </ul> </details> <br /> Updates `tsc-watch` from 6.2.1 to 6.3.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gilamran/tsc-watch/blob/master/CHANGELOG.md">tsc-watch's changelog</a>.</em></p> <blockquote> <h2>v6.3.1 - 18/05/2025</h2> <ul> <li>big fix: off-by-one error tsc-watch. thanks to <a href="https://github.com/rodw"><code>@rodw</code></a> for the PR</li> </ul> <h1><code>@gilamran/tsc-watch</code> CHANGELOG</h1> <h2>v6.3.0 - 16/04/2024</h2> <ul> <li>Added <code>--noWatch</code> argument</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/gilamran/tsc-watch/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

## Linked issues closes: #minor (issue number) ## Details Introduces: #2462 #2454

…chainedActions.devOpsBot (#2489) #minor Bumps [h11](https://github.com/python-hyper/h11) from 0.14.0 to 0.16.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca"><code>1c5b075</code></a> this time for surer</li> <li><a href="https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a"><code>d9c3699</code></a> this time for sure...</li> <li><a href="https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39"><code>d91b9dd</code></a> blacken</li> <li><a href="https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0"><code>5a4683c</code></a> Soothe mypy</li> <li><a href="https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536"><code>9c9567f</code></a> Bump version to 0.16.0</li> <li><a href="https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed"><code>114803a</code></a> Merge commit from fork</li> <li><a href="https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0"><code>9462006</code></a> Bump version to 0.15.0</li> <li><a href="https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685"><code>70a96be</code></a> Merge pull request <a href="https://redirect.github.com/python-hyper/h11/issues/181">#181</a> from Julien00859/Julien00859/get_int_max_str_digits</li> <li><a href="https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c"><code>60782ad</code></a> Reject Content-Length longer 1 billion TB</li> <li><a href="https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f"><code>dff7cc3</code></a> Validate Chunked-Encoding chunk footer</li> <li>Additional commits viewable in <a href="https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h11&package-manager=pip&previous-version=0.14.0&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…/js in the development group (#2488) #minor Bumps the development group in /js with 1 update: [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash). Updates `@types/lodash` from 4.17.16 to 4.17.17 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/lodash&package-manager=npm_and_yarn&previous-version=4.17.16&new-version=4.17.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

## Linked issues #minor --------- Co-authored-by: Corina <14900841+corinagum@users.noreply.github.com>

…/samples/06.auth.oauth.messageExtensions (#2499) #minor Bumps [requests](https://github.com/psf/requests) from 2.32.2 to 2.32.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> <h2>v2.32.3</h2> <h2>2.32.3 (2024-05-29)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (<a href="https://redirect.github.com/psf/requests/issues/6716">#6716</a>)</li> <li>Fixed issue where Requests started failing to run on Python versions compiled without the <code>ssl</code> module. (<a href="https://redirect.github.com/psf/requests/issues/6724">#6724</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> <h2>2.32.3 (2024-05-29)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (<a href="https://redirect.github.com/psf/requests/issues/6716">#6716</a>)</li> <li>Fixed issue where Requests started failing to run on Python versions compiled without the <code>ssl</code> module. (<a href="https://redirect.github.com/psf/requests/issues/6724">#6724</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.2...v2.32.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.32.2&new-version=2.32.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…eddings" (#2453) ## Issue Fixes #2465 ## Details Just added a link to community article that walks the developer through the steps of creating and deploying embeddings and models in Azure portal. #### Change details Just added a link to community article that walks the developer through the steps of creating and deploying embeddings and models in Azure portal. Link that I added: https://techcommunity.microsoft.com/blog/startupsatmicrosoftblog/how-to-set-up-and-configure-a-gpt-deployment-using-the-azure-openai-service/3849854 ## Attestation Checklist - [x] My changes follows the style guidelines of this project - [x] I have checked for/fixed spelling, linting, and other errors - [x] My changes generate no new warnings --------- Co-authored-by: Gaurav Keshre <gakeshre@microsoft.com>

#2501) #minor Bumps the production group with 3 updates in the /js directory: [axios](https://github.com/axios/axios), [@microsoft/teams-js](https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js) and [@azure/identity](https://github.com/Azure/azure-sdk-for-js). Updates `axios` from 1.9.0 to 1.10.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.10.0</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>adapter:</strong> pass fetchOptions to fetch function (<a href="https://redirect.github.com/axios/axios/issues/6883">#6883</a>) (<a href="https://github.com/axios/axios/commit/0f50af8e076b7fb403844789bd5e812dedcaf4ed">0f50af8</a>)</li> <li><strong>form-data:</strong> convert boolean values to strings in FormData serialization (<a href="https://redirect.github.com/axios/axios/issues/6917">#6917</a>) (<a href="https://github.com/axios/axios/commit/5064b108de336ff34862650709761b8a96d26be0">5064b10</a>)</li> <li><strong>package:</strong> add module entry point for React Native; (<a href="https://redirect.github.com/axios/axios/issues/6933">#6933</a>) (<a href="https://github.com/axios/axios/commit/3d343b86dc4fd0eea0987059c5af04327c7ae304">3d343b8</a>)</li> </ul> <h3>Features</h3> <ul> <li><strong>types:</strong> improved fetchOptions interface (<a href="https://redirect.github.com/axios/axios/issues/6867">#6867</a>) (<a href="https://github.com/axios/axios/commit/63f1fce233009f5db1abf2586c145825ac98c3d7">63f1fce</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+30/-19 ([#6933](axios/axios#6933) [#6920](axios/axios#6920) [#6893](axios/axios#6893) [#6892](axios/axios#6892) )">Dmitriy Mozgovoy</a></li> <li> <a href="https://github.com/noritaka1166" title="+2/-6 ([#6922](axios/axios#6922) [#6923](axios/axios#6923) )">Noritaka Kobayashi</a></li> <li> <a href="https://github.com/dimitry-lzs" title="+4/-0 ([#6917](axios/axios#6917) )">Dimitrios Lazanas</a></li> <li> <a href="https://github.com/AdrianKnapp" title="+2/-2 ([#6867](axios/axios#6867) )">Adrian Knapp</a></li> <li> <a href="https://github.com/howiezhao" title="+3/-1 ([#6872](axios/axios#6872) )">Howie Zhao</a></li> <li> <a href="https://github.com/warpdev" title="+1/-1 ([#6883](axios/axios#6883) )">Uhyeon Park</a></li> <li> <a href="https://github.com/stscoundrel" title="+1/-1 ([#6913](axios/axios#6913) )">Sampo Silvennoinen</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/axios/axios/compare/v1.9.0...v1.10.0">1.10.0</a> (2025-06-14)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>adapter:</strong> pass fetchOptions to fetch function (<a href="https://redirect.github.com/axios/axios/issues/6883">#6883</a>) (<a href="https://github.com/axios/axios/commit/0f50af8e076b7fb403844789bd5e812dedcaf4ed">0f50af8</a>)</li> <li><strong>form-data:</strong> convert boolean values to strings in FormData serialization (<a href="https://redirect.github.com/axios/axios/issues/6917">#6917</a>) (<a href="https://github.com/axios/axios/commit/5064b108de336ff34862650709761b8a96d26be0">5064b10</a>)</li> <li><strong>package:</strong> add module entry point for React Native; (<a href="https://redirect.github.com/axios/axios/issues/6933">#6933</a>) (<a href="https://github.com/axios/axios/commit/3d343b86dc4fd0eea0987059c5af04327c7ae304">3d343b8</a>)</li> </ul> <h3>Features</h3> <ul> <li><strong>types:</strong> improved fetchOptions interface (<a href="https://redirect.github.com/axios/axios/issues/6867">#6867</a>) (<a href="https://github.com/axios/axios/commit/63f1fce233009f5db1abf2586c145825ac98c3d7">63f1fce</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+30/-19 ([#6933](axios/axios#6933) [#6920](axios/axios#6920) [#6893](axios/axios#6893) [#6892](axios/axios#6892) )">Dmitriy Mozgovoy</a></li> <li> <a href="https://github.com/noritaka1166" title="+2/-6 ([#6922](axios/axios#6922) [#6923](axios/axios#6923) )">Noritaka Kobayashi</a></li> <li> <a href="https://github.com/dimitry-lzs" title="+4/-0 ([#6917](axios/axios#6917) )">Dimitrios Lazanas</a></li> <li> <a href="https://github.com/AdrianKnapp" title="+2/-2 ([#6867](axios/axios#6867) )">Adrian Knapp</a></li> <li> <a href="https://github.com/howiezhao" title="+3/-1 ([#6872](axios/axios#6872) )">Howie Zhao</a></li> <li> <a href="https://github.com/warpdev" title="+1/-1 ([#6883](axios/axios#6883) )">Uhyeon Park</a></li> <li> <a href="https://github.com/stscoundrel" title="+1/-1 ([#6913](axios/axios#6913) )">Sampo Silvennoinen</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/73a836dae75f06055c24561d83cf4ca1c43e2854"><code>73a836d</code></a> chore(release): v1.10.0 (<a href="https://redirect.github.com/axios/axios/issues/6943">#6943</a>)</li> <li><a href="https://github.com/axios/axios/commit/3d343b86dc4fd0eea0987059c5af04327c7ae304"><code>3d343b8</code></a> fix(package): add module entry point for React Native; (<a href="https://redirect.github.com/axios/axios/issues/6933">#6933</a>)</li> <li><a href="https://github.com/axios/axios/commit/0f50af8e076b7fb403844789bd5e812dedcaf4ed"><code>0f50af8</code></a> fix(adapter): pass fetchOptions to fetch function (<a href="https://redirect.github.com/axios/axios/issues/6883">#6883</a>)</li> <li><a href="https://github.com/axios/axios/commit/ee7799e13c0783c0fdfa656613bb1af6f5e53ccd"><code>ee7799e</code></a> refactor: remove unused import in test (<a href="https://redirect.github.com/axios/axios/issues/6922">#6922</a>)</li> <li><a href="https://github.com/axios/axios/commit/eb0a2db04beda089e6bdcb2820f193ed2faecbc3"><code>eb0a2db</code></a> chore: fix typos in test (<a href="https://redirect.github.com/axios/axios/issues/6923">#6923</a>)</li> <li><a href="https://github.com/axios/axios/commit/7d551393c384e58058e04ae954c4cfd929afcd64"><code>7d55139</code></a> docs(readme): improve error descriptions; (<a href="https://redirect.github.com/axios/axios/issues/6920">#6920</a>)</li> <li><a href="https://github.com/axios/axios/commit/f4fc6b8564ab794e67b4d1147167f2ecfc3557a3"><code>f4fc6b8</code></a> chore(sponsor): update sponsor block (<a href="https://redirect.github.com/axios/axios/issues/6921">#6921</a>)</li> <li><a href="https://github.com/axios/axios/commit/5064b108de336ff34862650709761b8a96d26be0"><code>5064b10</code></a> fix(form-data): convert boolean values to strings in FormData serialization (...</li> <li><a href="https://github.com/axios/axios/commit/c7e0fea78716e86694d5023f8f17d174bf064e8a"><code>c7e0fea</code></a> CI: add Node 24 (<a href="https://redirect.github.com/axios/axios/issues/6913">#6913</a>)</li> <li><a href="https://github.com/axios/axios/commit/7ba895c8874f3fdc4e9da992b2b9e34fe5a25b55"><code>7ba895c</code></a> chore(sponsor): update sponsor block (<a href="https://redirect.github.com/axios/axios/issues/6907">#6907</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.9.0...v1.10.0">compare view</a></li> </ul> </details> <br /> Updates `@microsoft/teams-js` from 2.37.0 to 2.39.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/OfficeDev/microsoft-teams-library-js/releases"><code>@microsoft/teams-js</code>'s releases</a>.</em></p> <blockquote> <h2>v.2.39.0</h2> <h3>Minor changes</h3> <ul> <li>Added <code>{copilot.sidePanel}</code> capability that will help copilot to receive more context aware data from the hosts. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see <a href="https://aka.ms/capmatrix">https://aka.ms/capmatrix</a></li> <li>Added a new client version <code>2.1.2</code> to support isDeeplyNestedAuthSupported for Teams Mobile legacy code</li> <li>Bump eslint-plugin-recommend-no-namespaces to v0.1.0</li> </ul> <h2>2.38.0</h2> <h3>Minor changes</h3> <ul> <li>Added <code>renderingSurface</code> property to <code>{app.Page.Context}</code> capability.</li> <li>Bump eslint-plugin-recommend-no-namespaces to v0.1.0</li> </ul> <h3>Patches</h3> <ul> <li>Removed Beta tag from nestedAppAuth.isNAAChannelRecommended API</li> <li>Unblocked apps on Mobile to call <code>dialog.url.submit</code> from dialog by allowing this API from <code>FrameContext.content</code>. There is a bug in Teams mobile that returns <code>frameContext.content in dialog instead of </code>frameContext.task`. Once the bug is fixed, this change will be reverted.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/OfficeDev/microsoft-teams-library-js/blob/main/packages/teams-js/CHANGELOG.md"><code>@microsoft/teams-js</code>'s changelog</a>.</em></p> <blockquote> <h2>2.39.0</h2> <p>Fri, 06 Jun 2025 17:53:12 GMT</p> <h3>Minor changes</h3> <ul> <li>Added <code>{copilot.sidePanel}</code> capability that will help copilot to receive more context aware data from the hosts. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see <a href="https://aka.ms/capmatrix">https://aka.ms/capmatrix</a></li> <li>Added a new client version <code>2.1.2</code> to support isDeeplyNestedAuthSupported for Teams Mobile legacy code</li> <li>Bump eslint-plugin-recommend-no-namespaces to v0.1.0</li> </ul> <h2>2.38.0</h2> <p>Tue, 27 May 2025 21:09:59 GMT</p> <h3>Minor changes</h3> <ul> <li>Added <code>renderingSurface</code> property to <code>{app.Page.Context}</code> capability.</li> <li>Bump eslint-plugin-recommend-no-namespaces to v0.1.0</li> </ul> <h3>Patches</h3> <ul> <li>Removed Beta tag from <code>nestedAppAuth.isNAAChannelRecommended</code> API.</li> <li>Unblocked apps on Mobile to call <code>dialog.url.submit</code> from dialog by allowing this API from <code>FrameContext.content</code>. There is a bug in Teams mobile that returns <code>frameContext.content</code> in dialog instead of <code>frameContext.task</code>. Once the bug is fixed, this change will be reverted.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/413da294e03d6462648a2e023526b2d5b5ee3fda"><code>413da29</code></a> Prerelease 2.39.0 (<a href="https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js/issues/2823">#2823</a>)</li> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/4b510687a1f11b429d6d5a0f4d46391bb62152f5"><code>4b51068</code></a> Merge 2.38.0 release branch to main (<a href="https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js/issues/2819">#2819</a>)</li> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/812f4e380ced63ee0416256524a761cdb549c239"><code>812f4e3</code></a> copilot.sidePanel APIs (<a href="https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js/issues/2806">#2806</a>)</li> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/b41cf307375e5469df05da3db6cb8b9d4b70c824"><code>b41cf30</code></a> Supporting isDeeplyNestedAuthSupported flag for Legacy Teams Mobile Scenario ...</li> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/572c1ac5fdd4d73d3fce01c7017e62e0dd5f103d"><code>572c1ac</code></a> Release 2.37.9 merge to main (<a href="https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js/issues/2810">#2810</a>)</li> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/3632af85988bba5874fbf66b0ff923dd9b784403"><code>3632af8</code></a> Added <code>renderingSurface</code> property to <code>{app.Page.Context}</code> (<a href="https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js/issues/2794">#2794</a>)</li> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/fda12a0176187d82fd34a6d8fec79ad5cfab5a88"><code>fda12a0</code></a> Unblock apps to call dialog.url.submit in mobile (<a href="https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js/issues/2788">#2788</a>)</li> <li><a href="https://github.com/OfficeDev/microsoft-teams-library-js/commit/3ba204c31be66183f9ea12795207be041f0313af"><code>3ba204c</code></a> Remove <code>Beta</code> tag from nestedAppAuth.isNAAChannelRecommended API (<a href="https://github.com/OfficeDev/microsoft-teams-library-js/tree/HEAD/packages/teams-js/issues/2801">#2801</a>)</li> <li>See full diff in <a href="https://github.com/OfficeDev/microsoft-teams-library-js/commits/v2.39.0/packages/teams-js">compare view</a></li> </ul> </details> <br /> Updates `@azure/identity` from 4.10.0 to 4.10.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/c83450378573a50de1b4bd14109c3ceef7fe9f54"><code>c834503</code></a> [Identity] Update release date (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34797">#34797</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/daba2fe62d314ff6e84be57020603a83824c2794"><code>daba2fe</code></a> Sync eng/common directory with azure-sdk-tools for PR 10857 (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34794">#34794</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/f9770ce18e50ac2de4e03ba7ca77921c5b565282"><code>f9770ce</code></a> [identity] Fix return type for workload identity (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34786">#34786</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/7a16c07a81992cf51c028616a9699e6f88bf7190"><code>7a16c07</code></a> [EngSys] automatic rush update --full (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34789">#34789</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/428de88ea19488e9f4cf56dde7c5f849a2af5bed"><code>428de88</code></a> [keyvault] Add attributes to recording (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34785">#34785</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/8db0b42cb00d56deea51e48f1e6fcdc747ed5754"><code>8db0b42</code></a> Centralize node test version definitions for pipelines (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/33490">#33490</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/fa8698bbeee97984c50bc5d17668ab2b98e4f2fd"><code>fa8698b</code></a> [Communication] - SMS - Messaging Connect (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34679">#34679</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/2ba1cea577b2d2486e54753078d5470f07dd7fd0"><code>2ba1cea</code></a> [storage-blob-changefeed] fix test typecheck failure (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34732">#34732</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/002e5724e32fc63a11851e52c497a247be6f3f23"><code>002e572</code></a> Post release automated changes for keyvault releases (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34776">#34776</a>)</li> <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/fbebec644850afd335f62d821c5fe1c67e3d0e3d"><code>fbebec6</code></a> azure ai agents beta4 (<a href="https://redirect.github.com/Azure/azure-sdk-for-js/issues/34771">#34771</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Azure/azure-sdk-for-js/compare/@azure/identity_4.10.0...@azure/identity_4.10.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

…h 5 updates (#2502) #minor Bumps the production group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [danielpalme/ReportGenerator-GitHub-Action](https://github.com/danielpalme/reportgenerator-github-action) | `5.4.5` | `5.4.8` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.6.0` | `4.7.1` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.12.0` | `2.12.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.16` | `3.29.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` | Updates `danielpalme/ReportGenerator-GitHub-Action` from 5.4.5 to 5.4.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/danielpalme/reportgenerator-github-action/releases">danielpalme/ReportGenerator-GitHub-Action's releases</a>.</em></p> <blockquote> <h2>5.4.8</h2> <ul> <li><a href="https://redirect.github.com/danielpalme/reportgenerator-github-action/issues/737">#737</a> Improved lcov support (take FNDA elements into account to determine whether a code element has been covered)</li> <li><a href="https://redirect.github.com/danielpalme/reportgenerator-github-action/issues/741">#741</a> Charts does not render "Full method coverage" elements if coverage information is not available</li> <li>Added new setting "applyMaximumGroupingLevel". This allows to apply the maximum grouping level instead of the default 'By assembly' grouping in HTML reports.</li> </ul> <h2>5.4.7</h2> <p><a href="https://redirect.github.com/danielpalme/reportgenerator-github-action/issues/731">#731</a> Added option to break build when maximum risk hotspots metrics are exceeded</p> <h2>5.4.6</h2> <p><a href="https://redirect.github.com/danielpalme/reportgenerator-github-action/issues/730">#730</a> Added support for the REPORTGENERATOR_LICENSE environment variable in the MSBuild task (contributed by <a href="https://github.com/0xced"><code>@0xced</code></a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/danielpalme/ReportGenerator-GitHub-Action/commit/4c0f60daf67483745c34efdeadd4c4e78a19991e"><code>4c0f60d</code></a> 5.4.8</li> <li><a href="https://github.com/danielpalme/ReportGenerator-GitHub-Action/commit/3f60523236d7e9c35234305c1161b032a5021a2d"><code>3f60523</code></a> Fix CVE-2025-47279</li> <li><a href="https://github.com/danielpalme/ReportGenerator-GitHub-Action/commit/c9576654e2fea2faa7b69e59550b3805bf6a9977"><code>c957665</code></a> 5.4.7</li> <li><a href="https://github.com/danielpalme/ReportGenerator-GitHub-Action/commit/cc137d2b561c02b63ae869ffbe8f68af9d904bf4"><code>cc137d2</code></a> 5.4.6</li> <li><a href="https://github.com/danielpalme/ReportGenerator-GitHub-Action/commit/42e3e23ed571b462ec727ddd851a0e0b4242880d"><code>42e3e23</code></a> fix: use relative path also for reports</li> <li><a href="https://github.com/danielpalme/ReportGenerator-GitHub-Action/commit/8d9e48a66472f628a71c839568e6b0e62f651295"><code>8d9e48a</code></a> Readme</li> <li>See full diff in <a href="https://github.com/danielpalme/reportgenerator-github-action/compare/25b1e0261a9f68d7874dbbace168300558ef68f7...4c0f60daf67483745c34efdeadd4c4e78a19991e">compare view</a></li> </ul> </details> <br /> Updates `actions/dependency-review-action` from 4.6.0 to 4.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.7.1</h2> <ul> <li>Packages added to <code>allow-dependencies-licenses</code> will be allowed even if the package in question has no license information <a href="https://redirect.github.com/actions/dependency-review-action/issues/889">#889</a></li> <li>License expressions (e.g. <code>Ruby OR GPL-2.0</code>) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. <code>Ruby</code>)</li> </ul> <h2>v4.7.0</h2> <ul> <li>Handle complex license expressions (e.g. <code>MIT AND GPL-2.0</code>) in allow lists (fixes <a href="https://redirect.github.com/actions/dependency-review-action/issues/809">#809</a> and probably others)</li> <li>Replace <code>OTHER</code> in package licenses with <code>LicenseRef-clearlydefined-OTHER</code> so that parsing passes</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/da24556b548a50705dd671f47852072ea4c105d9"><code>da24556</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/933">#933</a> from actions/dangoor/471-release</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9af0caf0e50bd16cea055a1319f959e718f9cd5d"><code>9af0caf</code></a> Bump version number for 4.7.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/d8f2df20d5605f0dd46db3bd283002c24e357724"><code>d8f2df2</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/932">#932</a> from actions/907-disallow-expression</li> <li><a href="https://github.com/actions/dependency-review-action/commit/6e9307a3d4e5049e0dd8b5f9d51dfa0544391d3a"><code>6e9307a</code></a> Discard allow list entries that are not SPDX IDs</li> <li><a href="https://github.com/actions/dependency-review-action/commit/8805179dc9a63c54224914839d370dd93bd37b2e"><code>8805179</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/930">#930</a> from actions/889-allow-no-license</li> <li><a href="https://github.com/actions/dependency-review-action/commit/014300b08cd78d8944f631eb3415e4c079cdb3e8"><code>014300b</code></a> Update build</li> <li><a href="https://github.com/actions/dependency-review-action/commit/34486f306eacc0b5ba73c8d12b5af19a58d22364"><code>34486f3</code></a> Check namespaces when excluding license checks</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9b155d6432a2e91d56f1d2ad084483e8cd766a23"><code>9b155d6</code></a> Update build</li> <li><a href="https://github.com/actions/dependency-review-action/commit/f199659a6a39762ca0753d8a2fb41192144f257a"><code>f199659</code></a> Allowing dependencies works with no licenses</li> <li><a href="https://github.com/actions/dependency-review-action/commit/38ecb5b593bf0eb19e335c03f97670f792489a8b"><code>38ecb5b</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/929">#929</a> from actions/dangoor/4.7-release</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/ce3cf9537a52e8119d91fd484ab5b8a807627bf8...da24556b548a50705dd671f47852072ea4c105d9">compare view</a></li> </ul> </details> <br /> Updates `step-security/harden-runner` from 2.12.0 to 2.12.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.12.1</h2> <h2>What's Changed</h2> <ul> <li>Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.</li> <li>Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.12.1">https://github.com/step-security/harden-runner/compare/v2...v2.12.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/002fdce3c6a235733a90a27c80493a3241e56863"><code>002fdce</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/544">#544</a> from step-security/rc-21</li> <li><a href="https://github.com/step-security/harden-runner/commit/2489e3fcb3d00eac3cb27c9b490431a4d26eac58"><code>2489e3f</code></a> Merge branch 'main' into rc-21</li> <li><a href="https://github.com/step-security/harden-runner/commit/75dd441a816c3c7ea21313ec8ff21d9f7b69f534"><code>75dd441</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/555">#555</a> from step-security/dependabot/github_actions/step-sec...</li> <li><a href="https://github.com/step-security/harden-runner/commit/4381ace9c4db180c9cc8ff9a6dd4220f17a95690"><code>4381ace</code></a> Bump step-security/publish-unit-test-result-action from 2.19.0 to 2.20.0</li> <li><a href="https://github.com/step-security/harden-runner/commit/a9da90b635b492e68edb2a24949fcab1e313e9eb"><code>a9da90b</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/553">#553</a> from h0x0er/feat/container-workflows</li> <li><a href="https://github.com/step-security/harden-runner/commit/a60ef21c0c1f49c7ac6c8d65b6f4d16d419789c1"><code>a60ef21</code></a> update</li> <li><a href="https://github.com/step-security/harden-runner/commit/4ad512f16553ff1c022684cc96be0329a7618db8"><code>4ad512f</code></a> Merge branch 'rc-21' into feat/container-workflows</li> <li><a href="https://github.com/step-security/harden-runner/commit/6b41a3923518db2abe77790e47793760b5c47c28"><code>6b41a39</code></a> fixed test case</li> <li><a href="https://github.com/step-security/harden-runner/commit/fa70c45ca9a73bcef023a3e6afac49ffa3007480"><code>fa70c45</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/eb47845632e48a7532e7e363ba78b9bc48c09264"><code>eb47845</code></a> self-hosted: refactored block-policy apply logic</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...002fdce3c6a235733a90a27c80493a3241e56863">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 3.28.16 to 3.29.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.0</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.0/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.28.19</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.28.18</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.18/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.28.17</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.17/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li> </ul> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.0. <a href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li> </ul> <h2>3.28.13 - 24 Mar 2025</h2> <p>No user facing changes.</p> <h2>3.28.12 - 19 Mar 2025</h2> <ul> <li>Dependency caching should now cache more dependencies for Java <code>build-mode: none</code> extractions. This should speed up workflows and avoid inconsistent alerts in some cases.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/ce28f5bb42b7a9f2c824e633a3f6ee835bab6858"><code>ce28f5b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2926">#2926</a> from github/update-v3.29.0-e8799281c</li> <li><a href="https://github.com/github/codeql-action/commit/bc251b7932638a7881a8db15d1aaf0151642af99"><code>bc251b7</code></a> Update changelog for v3.29.0</li> <li><a href="https://github.com/github/codeql-action/commit/e8799281c8dee3b2e1aaed2c059e530fcfdc2d6d"><code>e879928</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2925">#2925</a> from github/update-bundle/codeql-bundle-v2.22.0</li> <li><a href="https://github.com/github/codeql-action/commit/efd43b3097c094d883d91934155f0a32af09dff7"><code>efd43b3</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.22.0</li> <li><a href="https://github.com/github/codeql-action/commit/7cb9b16051842e6c23c8b9fbcf92481f92d0644a"><code>7cb9b16</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2912">#2912</a> from github/henrymercer/bump-minimum-codeql-2.16.6</li> <li><a href="https://github.com/github/codeql-action/commit/3855117ba18b27e082b12e3e92e00d1b52aaa605"><code>3855117</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/f5d4e2a7ca2a5826357748bb8743390a4775946f"><code>f5d4e2a</code></a> Update default bundle to codeql-bundle-v2.22.0</li> <li><a href="https://github.com/github/codeql-action/commit/22deae890c55a1dc3ffba1aa20ad4148284e72d1"><code>22deae8</code></a> Update package-lock.json</li> <li><a href="https://github.com/github/codeql-action/commit/df2a830ca4348a013f4804b56f41795f408f1e4e"><code>df2a830</code></a> Merge branch 'main' into henrymercer/bump-minimum-codeql-2.16.6</li> <li><a href="https://github.com/github/codeql-action/commit/b1e4dc3db58c9601794e22a9f6d28d45461b9dbf"><code>b1e4dc3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2916">#2916</a> from github/dependabot/npm_and_yarn/npm-5cdccdc43f</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/28deaeda66b76a05916b6923827895f2b14ab387...ce28f5bb42b7a9f2c824e633a3f6ee835bab6858">compare view</a></li> </ul> </details> <br /> Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.2</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard <a href="https://github.com/ossf/scorecard/releases/tag/v5.2.0">v5.2.0</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v5.2.1">v5.2.1</a> release notes.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2">https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/05b42c624433fc40578a4040d5cf5e36ddca8cde"><code>05b42c6</code></a> :seedling: bump docker to ghcr v2.4.2 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1548">#1548</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/b225da6b2b97811a123bb34532642f3ad6a4f011"><code>b225da6</code></a> Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1550">#1550</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9399f6f42496e38fbb8dbcf85e17223226a5dafe"><code>9399f6f</code></a> :seedling: Bump the docker-images group across 1 directory with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/e1daa8c5c7ed469dbb0167e261ed1c9fa673a9ae"><code>e1daa8c</code></a> :seedling: Bump the github-actions group across 1 directory with 5 updates (#...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9fe6511b9b36af3b03200e49cf8fb09d261b5402"><code>9fe6511</code></a> :seedling: Bump golang.org/x/net from 0.39.0 to 0.40.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1542">#1542</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/25b9cd9cd11610dcac11e59afed9910714b12129"><code>25b9cd9</code></a> :seedling: Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1547">#1547</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/18cc9b81307fc5ab3c2cd7092955f06dcfdf8c42"><code>18cc9b8</code></a> :seedling: Bump golang.org/x/net from 0.38.0 to 0.39.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1536">#1536</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/db7814227b097a902957aa24d989c6e473613a8e"><code>db78142</code></a> :seedling: Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1538">#1538</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/de386ed459e2f85111697f50fe076d0ea617a32f"><code>de386ed</code></a> :seedling: Bump golang from 1.24.1 to 1.24.2 in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1534">#1534</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/5b7cedba4eccfb66a6277e40cbe18d1d559ecc00"><code>5b7cedb</code></a> :seedling: Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1537">#1537</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

## Linked issues closes: #2148 ## Details Provide a list of your changes here. If you are fixing a bug, please provide steps to reproduce the bug. #### Change details > Describe your changes, with screenshots and code snippets as appropriate **code snippets**: **screenshots**: ## Attestation Checklist - [ ] My code follows the style guidelines of this project - I have checked for/fixed spelling, linting, and other errors - I have commented my code for clarity - I have made corresponding changes to the documentation (updating the doc strings in the code is sufficient) - My changes generate no new warnings - I have added tests that validates my changes, and provides sufficient test coverage. I have tested with: - Local testing - E2E testing in Teams - New and existing unit tests pass locally with my changes ### Additional information > Feel free to add other relevant information below

…essageExtensions.AI-ME (#2505) #minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.19&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

## Linked issues closes: #minor --------- Co-authored-by: lilydu <lilydu+odspmdb@microsoft.com>

#minor Bumps the production group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [github/codeql-action](https://github.com/github/codeql-action). Updates `step-security/harden-runner` from 2.12.1 to 2.12.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.12.2">https://github.com/step-security/harden-runner/compare/v2...v2.12.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/6c439dc8bdf85cadbbce9ed30d1c7b959517bc49"><code>6c439dc</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/562">#562</a> from step-security/rc-22</li> <li><a href="https://github.com/step-security/harden-runner/commit/bf5688696d0b2cf8221eadb38e4232386015763a"><code>bf56886</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/5436dac7b5fa76a1a179168f5f4de86c00e22c84"><code>5436dac</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/88d305a3530acfa6d1939000baaa571e520df9c8"><code>88d305a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/b976878278dbe3bc16039f7165b8faf809c50297"><code>b976878</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/875cc92db280a03598e7492a3e6c165c689f7af6"><code>875cc92</code></a> Update agent</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/002fdce3c6a235733a90a27c80493a3241e56863...6c439dc8bdf85cadbbce9ed30d1c7b959517bc49">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 3.29.0 to 3.29.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.2</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.29.1</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li> </ul> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/181d5eefc20863364f96762470ba6f862bdef56b"><code>181d5ee</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2957">#2957</a> from github/update-v3.29.2-4c57370d0</li> <li><a href="https://github.com/github/codeql-action/commit/c77386a9db782647c8e2575da69a3c950786eaca"><code>c77386a</code></a> Fix changelog PR number</li> <li><a href="https://github.com/github/codeql-action/commit/8d43d4ecec27cc4205b0eaaf2e9b4bf9ee9a305b"><code>8d43d4e</code></a> Update changelog for v3.29.2</li> <li><a href="https://github.com/github/codeql-action/commit/4c57370d0304fbff638216539f81d9163f77712a"><code>4c57370</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2935">#2935</a> from github/mbg/interpret-cq-results</li> <li><a href="https://github.com/github/codeql-action/commit/2830b750e5012e0a57cb63888cd5720f2326ca5c"><code>2830b75</code></a> Add changelog entry</li> <li><a href="https://github.com/github/codeql-action/commit/aa72ddaeada556e7d763c9a0afb01f2c2a365e1c"><code>aa72dda</code></a> Merge branch 'main' into mbg/interpret-cq-results</li> <li><a href="https://github.com/github/codeql-action/commit/65d1e45f0ba420207efc0f1f6d90c63dcbc97551"><code>65d1e45</code></a> Rename <code>SARIF_UPLOAD_ENDPOINT</code> members</li> <li><a href="https://github.com/github/codeql-action/commit/362ebf85dad6ee3df420db2cec285490b289a61f"><code>362ebf8</code></a> Check both SARIF files in <code>quality-queries.yml</code> test</li> <li><a href="https://github.com/github/codeql-action/commit/10a3e4b17dd8a1cee767213c309bd4b1e8251eab"><code>10a3e4b</code></a> Fix formatting</li> <li><a href="https://github.com/github/codeql-action/commit/8593ea65e2bf97ec2caa80fb0e464ed8c42c0fae"><code>8593ea6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2954">#2954</a> from github/mergeback/v3.29.1-to-main-39edc492</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/ce28f5bb42b7a9f2c824e633a3f6ee835bab6858...181d5eefc20863364f96762470ba6f862bdef56b">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

…hainedActions.devOpsBot (#2522) #minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.19&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

## Linked issues closes: #2330 ## Details - Adds urls to ClientCitation objects in 3 languages #### Change details > Describe your changes, with screenshots and code snippets as appropriate **code snippets**: **screenshots**: ## Attestation Checklist - [ Y] My code follows the style guidelines of this project - I have checked for/fixed spelling, linting, and other errors - I have commented my code for clarity - I have made corresponding changes to the documentation (updating the doc strings in the code is sufficient) - My changes generate no new warnings - I have added tests that validates my changes, and provides sufficient test coverage. I have tested with: - Local testing - E2E testing in Teams - New and existing unit tests pass locally with my changes ### Additional information > Feel free to add other relevant information below

…utogen.product-spec-critique (#2538) #minor Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.5 to 3.12.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.12.14</h2> <h2>Bug fixes</h2> <ul> <li> <p>Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:<code>9110#section-15.4.3-3.1</code> -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11270">#11270</a>.</p> </li> <li> <p>Fixed :py:meth:<code>ClientSession.close() <aiohttp.ClientSession.close></code> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11273">#11273</a>.</p> </li> <li> <p>Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11280">#11280</a>.</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added initial trailer parsing logic to Python HTTP parser -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11269">#11269</a>.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li> <p>Clarified exceptions raised by <code>WebSocketResponse.send_frame</code> et al. -- by :user:<code>DoctorJohn</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11234">#11234</a>.</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.12.14 (2025-07-10)</h1> <h2>Bug fixes</h2> <ul> <li> <p>Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:<code>9110#section-15.4.3-3.1</code> -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11270</code>.</p> </li> <li> <p>Fixed :py:meth:<code>ClientSession.close() <aiohttp.ClientSession.close></code> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11273</code>.</p> </li> <li> <p>Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11280</code>.</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added initial trailer parsing logic to Python HTTP parser -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11269</code>.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li>Clarified exceptions raised by <code>WebSocketResponse.send_frame</code> et al. -- by :user:<code>DoctorJohn</code>.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/90b6cf6f3e303309db6d388f1e53d0f30997e1c8"><code>90b6cf6</code></a> Release 3.12.14 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11298">#11298</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/13b20a1b0af87b86816355a9090de191723858fc"><code>13b20a1</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11290">#11290</a>/16703bb9 backport][3.12] Fix file uploads failing with HTTP 422 on...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/edf2abd2609a24cf1e7ac76da986af363aebf210"><code>edf2abd</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11289">#11289</a>/e38220fc backport][3.12] Fix ClientSession.close() hanging with HT...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"><code>e8d774f</code></a> Add trailer parsing logic (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11269">#11269</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11287">#11287</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/03893711d35f3588a7e8891ffbf2b5a6d3319fae"><code>0389371</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11280">#11280</a>/91108c90 backport][3.12] Bump the minimum supported version of aio...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ce3c0a718c6bcec48fbbf3c656cc954b001d4cd4"><code>ce3c0a7</code></a> Bump aiosignal from 1.3.2 to 1.4.0 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11267">#11267</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11279">#11279</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/133e2542d0174691f6956e84b6ccdc7fe2bd03e9"><code>133e254</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11234">#11234</a>/a83597fa backport][3.12] Document exceptions raised by send_frame ...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/4ad78b3d31bde9fdab22aac2692247f9746e8b48"><code>4ad78b3</code></a> Increment version to 3.12.14.dev0 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11216">#11216</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/2ff9b615c8bf0758b496b830438d8e0f11f4f515"><code>2ff9b61</code></a> Release 3.12.13 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11214">#11214</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/fc9b7208836db502afa6d3d7ba99cb31ae972166"><code>fc9b720</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11198">#11198</a>/b151d3fc backport][3.12] Fix auto-created TCPConnector not using s...</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.9.5...v3.12.14">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.9.5&new-version=3.12.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

…auth.messageExtensions (#2539) #minor Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.3 to 3.12.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.12.14</h2> <h2>Bug fixes</h2> <ul> <li> <p>Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:<code>9110#section-15.4.3-3.1</code> -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11270">#11270</a>.</p> </li> <li> <p>Fixed :py:meth:<code>ClientSession.close() <aiohttp.ClientSession.close></code> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11273">#11273</a>.</p> </li> <li> <p>Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11280">#11280</a>.</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added initial trailer parsing logic to Python HTTP parser -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11269">#11269</a>.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li> <p>Clarified exceptions raised by <code>WebSocketResponse.send_frame</code> et al. -- by :user:<code>DoctorJohn</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11234">#11234</a>.</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.12.14 (2025-07-10)</h1> <h2>Bug fixes</h2> <ul> <li> <p>Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:<code>9110#section-15.4.3-3.1</code> -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11270</code>.</p> </li> <li> <p>Fixed :py:meth:<code>ClientSession.close() <aiohttp.ClientSession.close></code> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11273</code>.</p> </li> <li> <p>Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11280</code>.</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added initial trailer parsing logic to Python HTTP parser -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11269</code>.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li>Clarified exceptions raised by <code>WebSocketResponse.send_frame</code> et al. -- by :user:<code>DoctorJohn</code>.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/90b6cf6f3e303309db6d388f1e53d0f30997e1c8"><code>90b6cf6</code></a> Release 3.12.14 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11298">#11298</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/13b20a1b0af87b86816355a9090de191723858fc"><code>13b20a1</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11290">#11290</a>/16703bb9 backport][3.12] Fix file uploads failing with HTTP 422 on...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/edf2abd2609a24cf1e7ac76da986af363aebf210"><code>edf2abd</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11289">#11289</a>/e38220fc backport][3.12] Fix ClientSession.close() hanging with HT...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"><code>e8d774f</code></a> Add trailer parsing logic (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11269">#11269</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11287">#11287</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/03893711d35f3588a7e8891ffbf2b5a6d3319fae"><code>0389371</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11280">#11280</a>/91108c90 backport][3.12] Bump the minimum supported version of aio...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ce3c0a718c6bcec48fbbf3c656cc954b001d4cd4"><code>ce3c0a7</code></a> Bump aiosignal from 1.3.2 to 1.4.0 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11267">#11267</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11279">#11279</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/133e2542d0174691f6956e84b6ccdc7fe2bd03e9"><code>133e254</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11234">#11234</a>/a83597fa backport][3.12] Document exceptions raised by send_frame ...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/4ad78b3d31bde9fdab22aac2692247f9746e8b48"><code>4ad78b3</code></a> Increment version to 3.12.14.dev0 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11216">#11216</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/2ff9b615c8bf0758b496b830438d8e0f11f4f515"><code>2ff9b61</code></a> Release 3.12.13 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11214">#11214</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/fc9b7208836db502afa6d3d7ba99cb31ae972166"><code>fc9b720</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11198">#11198</a>/b151d3fc backport][3.12] Fix auto-created TCPConnector not using s...</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.9.3...v3.12.14">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.9.3&new-version=3.12.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

#minor Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.10.5 to 3.12.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.12.14</h2> <h2>Bug fixes</h2> <ul> <li> <p>Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:<code>9110#section-15.4.3-3.1</code> -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11270">#11270</a>.</p> </li> <li> <p>Fixed :py:meth:<code>ClientSession.close() <aiohttp.ClientSession.close></code> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11273">#11273</a>.</p> </li> <li> <p>Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11280">#11280</a>.</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added initial trailer parsing logic to Python HTTP parser -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11269">#11269</a>.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li> <p>Clarified exceptions raised by <code>WebSocketResponse.send_frame</code> et al. -- by :user:<code>DoctorJohn</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11234">#11234</a>.</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.12.14 (2025-07-10)</h1> <h2>Bug fixes</h2> <ul> <li> <p>Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:<code>9110#section-15.4.3-3.1</code> -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11270</code>.</p> </li> <li> <p>Fixed :py:meth:<code>ClientSession.close() <aiohttp.ClientSession.close></code> hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:<code>bdraco</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11273</code>.</p> </li> <li> <p>Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11280</code>.</p> </li> </ul> <h2>Features</h2> <ul> <li> <p>Added initial trailer parsing logic to Python HTTP parser -- by :user:<code>Dreamsorcerer</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>11269</code>.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li>Clarified exceptions raised by <code>WebSocketResponse.send_frame</code> et al. -- by :user:<code>DoctorJohn</code>.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/90b6cf6f3e303309db6d388f1e53d0f30997e1c8"><code>90b6cf6</code></a> Release 3.12.14 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11298">#11298</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/13b20a1b0af87b86816355a9090de191723858fc"><code>13b20a1</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11290">#11290</a>/16703bb9 backport][3.12] Fix file uploads failing with HTTP 422 on...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/edf2abd2609a24cf1e7ac76da986af363aebf210"><code>edf2abd</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11289">#11289</a>/e38220fc backport][3.12] Fix ClientSession.close() hanging with HT...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"><code>e8d774f</code></a> Add trailer parsing logic (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11269">#11269</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11287">#11287</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/03893711d35f3588a7e8891ffbf2b5a6d3319fae"><code>0389371</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11280">#11280</a>/91108c90 backport][3.12] Bump the minimum supported version of aio...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ce3c0a718c6bcec48fbbf3c656cc954b001d4cd4"><code>ce3c0a7</code></a> Bump aiosignal from 1.3.2 to 1.4.0 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11267">#11267</a>) (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11279">#11279</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/133e2542d0174691f6956e84b6ccdc7fe2bd03e9"><code>133e254</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11234">#11234</a>/a83597fa backport][3.12] Document exceptions raised by send_frame ...</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/4ad78b3d31bde9fdab22aac2692247f9746e8b48"><code>4ad78b3</code></a> Increment version to 3.12.14.dev0 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11216">#11216</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/2ff9b615c8bf0758b496b830438d8e0f11f4f515"><code>2ff9b61</code></a> Release 3.12.13 (<a href="https://redirect.github.com/aio-libs/aiohttp/issues/11214">#11214</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/fc9b7208836db502afa6d3d7ba99cb31ae972166"><code>fc9b720</code></a> [PR <a href="https://redirect.github.com/aio-libs/aiohttp/issues/11198">#11198</a>/b151d3fc backport][3.12] Fix auto-created TCPConnector not using s...</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.10.5...v3.12.14">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.10.5&new-version=3.12.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

#minor Updated [Azure.Identity](https://github.com/Azure/azure-sdk-for-net) from 1.13.2 to 1.14.2. <details> <summary>Release notes</summary> _Sourced from [Azure.Identity's releases](https://github.com/Azure/azure-sdk-for-net/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/Azure/azure-sdk-for-net/commits). </details> Updated [Microsoft.Identity.Client](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) from 4.67.2 to 4.74.1. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Identity.Client's releases](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases)._ ## 4.74.1 ### Bug fixes * When you configure MSAL with WithOidcAuthority(), the library now confirms that the issuer returned by the OIDC discovery endpoint matches the expected authority (including CIAM patterns) and throws an exception if it does not. AzureAD/microsoft-authentication-library-for-dotnet#5358 * Re-expose public AuthenticationResult constructor. A public, test-friendly constructor of AuthenticationResult was inadvertently hidden behind [Obsolete] and [EditorBrowsable(Never)]. The constructor is now publicly available again. AzureAD/microsoft-authentication-library-for-dotnet#5392 ## 4.74.0 ### Features * Deprecate ROPC flow in Public Client Applications AzureAD/microsoft-authentication-library-for-dotnet#5355. * AuthenticationResult exposes a new BindingCertificate property that returns the X.509 certificate bound to the access token in mTLS-PoP scenarios. AzureAD/microsoft-authentication-library-for-dotnet#5370. ### Bug fixes * MSAL now honors the DEFAULT_IDENTITY_CLIENT_ID environment variable when acquiring tokens from Azure Machine Learning managed-identity endpoint. AzureAD/microsoft-authentication-library-for-dotnet#5350. ## 4.73.1 ## What's Changed * Deprecate AcquireTokenByIntegratedWindowsAuth API by @ashok672 in AzureAD/microsoft-authentication-library-for-dotnet#5345 * Update native interop to 0.19.2 by @fengga in AzureAD/microsoft-authentication-library-for-dotnet#5362 * update the deprecated openURL(:) api to openURL(:options:completionHandler) by @DharshanBJ in AzureAD/microsoft-authentication-library-for-dotnet#5354 **Full Changelog**: AzureAD/microsoft-authentication-library-for-dotnet@4.73.0...4.73.1 ## 4.73.0 ## What's Changed * Add mac broker console app support by @fengga in AzureAD/microsoft-authentication-library-for-dotnet#5274 * Use HTTP 2 on .NET where possible by @bgavrilMS in AzureAD/microsoft-authentication-library-for-dotnet#5314 * Expose access token cache count by @bgavrilMS in AzureAD/microsoft-authentication-library-for-dotnet#5330 * Add an extensibility API - WithFmiPathForClientAssertion … by @bgavrilMS in AzureAD/microsoft-authentication-library-for-dotnet#5347 * Hide ListOperatingSystemAccounts in intellisense by @ashok672 in AzureAD/microsoft-authentication-library-for-dotnet#5304 * Reworked retry policy functionality & Created IMDS retry policy by @Robbie-Microsoft in AzureAD/microsoft-authentication-library-for-dotnet#5231 **Full Changelog**: AzureAD/microsoft-authentication-library-for-dotnet@4.72.1...4.73.0 ## 4.72.1 4.72.1 ======= ### Bug Fixes - Ensure instance of IMsalHttpClientFactory passed by the user is used for managed identity flows that do not require cert validation. See [Issue #5286](AzureAD/microsoft-authentication-library-for-dotnet#5286) - Fix a URL typo in the API comments. See AzureAD/microsoft-authentication-library-for-dotnet#5277 **Full Changelog**: AzureAD/microsoft-authentication-library-for-dotnet@4.72.0...4.72.1 ## 4.72.0 4.72.0 ======= ### Features - Added MacOs Broker support. See [Issue #5051](AzureAD/microsoft-authentication-library-for-dotnet#5051) ### Bug Fixes - Ensure additional cache parameters are persisted in cache serialization[Issue #5261](AzureAD/microsoft-authentication-library-for-dotnet#5261) ## 4.71.1 ### Bug Fixes - Pass the validate function to the http manager. See [Issue #5242](AzureAD/microsoft-authentication-library-for-dotnet#5242) - Change the resource id param for IMDS. See [Issue #5238](AzureAD/microsoft-authentication-library-for-dotnet#5238) **Full Changelog**: AzureAD/microsoft-authentication-library-for-dotnet@4.71.0...4.71.1 ## 4.71.0 ### Bug Fixes - Enable the Service Fabric flow to get a `httpClient` from the factory with ssl validation callback. See [Issue #5220](AzureAD/microsoft-authentication-library-for-dotnet#5220) Full changelog: [4.70.2 .. 4.71.0](AzureAD/microsoft-authentication-library-for-dotnet@4.70.2...4.71.0) ## 4.70.2 ## What's Changed * Updated MSIv1 Token Revocation's token_sha256_to_refresh param to use sha256's HEX representation by @gladjohn in AzureAD/microsoft-authentication-library-for-dotnet#5229 **Full Changelog**: AzureAD/microsoft-authentication-library-for-dotnet@4.70.1...4.70.2 ## 4.70.1 ## What's Changed * Fix Machine Learning Source to Use "clientid" Instead of "client_id" by @gladjohn in AzureAD/microsoft-authentication-library-for-dotnet#5193 * Fixing IsCommonOrOrganizationsTenant check to not return true for consumers by @trwalke in AzureAD/microsoft-authentication-library-for-dotnet#5195 * Fix logger message to accurately reflect skipCache condition by @gladjohn in AzureAD/microsoft-authentication-library-for-dotnet#5201 * Removing experimental feature Flag from WithFmiPath by @trwalke in AzureAD/microsoft-authentication-library-for-dotnet#5206 * Fix for 5223 - env var to disable ESTS-R by @bgavrilMS in AzureAD/microsoft-authentication-library-for-dotnet#5224 **Full Changelog**: AzureAD/microsoft-authentication-library-for-dotnet@4.70.0...4.70.1 ## 4.70.0 ### Features - Added a .WithAccessTokenSha256ToRefresh() method to AcquireTokenForClientParameterBuilder for ConfidentialClientApplication, allowing finer control over token refresh scenarios. [Issue #5111](AzureAD/microsoft-authentication-library-for-dotnet#5111), PR #5179 - Added `TokenCacheNotificationArgs.NoDistributedCacheUseReason` in order to indicate that the configured serialized cache should not be a distributed cache to prevent issues when acquiring tokens. [Issue #5199](AzureAD/microsoft-authentication-library-for-dotnet#5199) ### Bug Fixes - Removed invalid tenant checks (/organizations or /common) in MTLS flows for AAD/dSTS authorities. [Issue #5093](AzureAD/microsoft-authentication-library-for-dotnet#5093) - Fixed an issue where specifying a null service config region in MTLS scenarios did not correctly throw an exception. [Issue #5181](AzureAD/microsoft-authentication-library-for-dotnet#5181) ## 4.69.1 4.69.1 ========== ### Features - Enabled broker support on the Linux platform. See [Issue #5086](AzureAD/microsoft-authentication-library-for-dotnet#5086) - Added a `WithCertificate(..., bool associateTokensWithCertificateSerialNumber)` overload to enable the use of the certificate's serial number as part of the cache key for tokens. [Issue #5150](AzureAD/microsoft-authentication-library-for-dotnet#5150) ### Bug Fixes - MSAL will now stop replacing "%20" with "+" since it is obsolete. See [Issue #5061](AzureAD/microsoft-authentication-library-for-dotnet#5061) - Exposed client capabilities in AssertionRequestOptions for MSI FIC scenarios [Issue #4948](AzureAD/microsoft-authentication-library-for-dotnet#4948) - Added the missing claims in SignedAssertion when using the AssertionRequestOptions Delegate [Issue #5143](AzureAD/microsoft-authentication-library-for-dotnet#5143) ## 4.68.0 ### Features - Added WithFmiPath() api to support FMI scenarios in MSAL. See [Issue #5110](AzureAD/microsoft-authentication-library-for-dotnet#5110) - MSAL will now pass Client sku and Version to MsalRuntime for MSAL Runtime's client telemetry. See [Issue #5103](AzureAD/microsoft-authentication-library-for-dotnet#5103) ### Bug Fixes - Reordered the condition for ManagedIdentitySource.MachineLearning to be checked after ManagedIdentitySource.AppService instead of before it. See [Issue #5077](AzureAD/microsoft-authentication-library-for-dotnet#5077) - Improved Managed Identity Source Detection Logging for Debugging. See [Issue #5097](AzureAD/microsoft-authentication-library-for-dotnet#5097) - When a 404 error occurs, MSAL will now include the endpoint and authority URLs in the exception message for better debugging. See [Issue #4769](AzureAD/microsoft-authentication-library-for-dotnet#4769) - MSAL will now set `UseShellExecute` to `false` in OpenLinuxBrowser. See [Issue #5075](AzureAD/microsoft-authentication-library-for-dotnet#5075) - Fixed a threading exception when using ExtraQueryParameters. See [Issue #5108](AzureAD/microsoft-authentication-library-for-dotnet#5108) Commits viewable in [compare view](AzureAD/microsoft-authentication-library-for-dotnet@4.67.2...4.74.1). </details> Updated [Microsoft.ML.Tokenizers.Data.Cl100kBase](https://github.com/dotnet/machinelearning) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> _Sourced from [Microsoft.ML.Tokenizers.Data.Cl100kBase's releases](https://github.com/dotnet/machinelearning/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/machinelearning/commits). </details> Updated [Microsoft.ML.Tokenizers.Data.O200kBase](https://github.com/dotnet/machinelearning) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> _Sourced from [Microsoft.ML.Tokenizers.Data.O200kBase's releases](https://github.com/dotnet/machinelearning/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/machinelearning/commits). </details> Updated [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.12.0 to 17.14.1. <details> <summary>Release notes</summary> _Sourced from [Microsoft.NET.Test.Sdk's releases](https://github.com/microsoft/vstest/releases)._ ## 17.14.1 ## What's Changed * Error on unsupported target frameworks to prevent silently not running tests by @nohwnd in microsoft/vstest#15072 and microsoft/vstest#15078 * Revert writing additional properties to TRX by @nohwnd in microsoft/vstest@47eb51b **Full Changelog**: microsoft/vstest@v17.14.0...v17.14.1 ## 17.14.0 ## What's Changed ### .NET versions updated This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does **NOT** prevent you from: - Updating to the latest VS, and running tests from net6.0 test projects. - Updating to the latest .NET SDK, and running tests from net6.0 test projects. It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2. * Drop unsupported frameworks by @nohwnd in microsoft/vstest#10565 ### Changes * Adding Process Query Flag For UWP .NET 9 Support by @adstep in microsoft/vstest#15003 * Fix builds on WinUI and UWP .NET 9 projects by @Sergio0694 in microsoft/vstest#15004 * don't report communication error on discovery abort by @nohwnd in microsoft/vstest#14992 * Add dump minitool to vsix by @nohwnd in microsoft/vstest#14707 * Make test runners long-path aware (#5179) by @peetw in microsoft/vstest#15014 * Fix trace in DataCollectionRequestSender.cs by @stan-sz in microsoft/vstest#15025 * Fix/readme grammar parallelism by @dellch in microsoft/vstest#15030 * Add binding redirects by @nohwnd in microsoft/vstest#15041 * Write props of tests into trx by @nohwnd in microsoft/vstest#14905 ### Internal version updates and fixes * Update io.redist by @nohwnd in microsoft/vstest#13872 * Use preview image for public build by @nohwnd in microsoft/vstest#13888 * Remove xcopy-msbuild by @nohwnd in microsoft/vstest#14138 * Move to macos14 by @nohwnd in microsoft/vstest#14137 * Update diagnose.md by @nohwnd in microsoft/vstest#14776 * hash with sha2 for mutex lock by @nohwnd in microsoft/vstest#14777 * Update test projects for vmr by @nohwnd in microsoft/vstest#14894 * 17.14 branding by @nohwnd in microsoft/vstest#14903 * Update filter.md for NUnit by @OsirisTerje in microsoft/vstest#14987 * Flag netstandard1.x dependencies in source-build by @ViktorHofer in microsoft/vstest#14986 * Use VS dependencies versions from release VS to have archived symbols by @nohwnd in microsoft/vstest#14991 * Remove extra ; by @nohwnd in microsoft/vstest#14995 * Use dependencymodel 6.0.2 by @nohwnd in microsoft/vstest#14996 * Make Testhost packable only on Windows by @mmitche in microsoft/vstest#15001 * Add system text json to vsix by @nohwnd in microsoft/vstest#15034 * Add more files to vsix by @nohwnd in microsoft/vstest#15038 * Remove unnecessary CA2022 suppressions by @Winniexu01 in microsoft/vstest#15035 * Update package project url by @mmitche in microsoft/vstest#15040 ## New Contributors * @OsirisTerje made their first contribution in microsoft/vstest#14987 * @adstep made their first contribution in microsoft/vstest#15003 ... (truncated) ## 17.14.0-preview-25107-01 ## What's Changed ### .NET versions updated This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does **NOT** prevent you from: - Updating to the latest VS, and running tests from net6.0 test projects. - Updating to the latest .NET SDK, and running tests from net6.0 test projects. It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2. * Drop unsupported frameworks by @nohwnd in microsoft/vstest#10565 ### Changes * Adding Process Query Flag For UWP .NET 9 Support by @adstep in microsoft/vstest#15003 * Fix builds on WinUI and UWP .NET 9 projects by @Sergio0694 in microsoft/vstest#15004 * don't report communication error on discovery abort by @nohwnd in microsoft/vstest#14992 * Add dump minitool to vsix by @nohwnd in microsoft/vstest#14707 ### Internal version updates and fixes * Update io.redist by @nohwnd in microsoft/vstest#13872 * Use preview image for public build by @nohwnd in microsoft/vstest#13888 * Remove xcopy-msbuild by @nohwnd in microsoft/vstest#14138 * Move to macos14 by @nohwnd in microsoft/vstest#14137 * Update diagnose.md by @nohwnd in microsoft/vstest#14776 * hash with sha2 for mutex lock by @nohwnd in microsoft/vstest#14777 * Update test projects for vmr by @nohwnd in microsoft/vstest#14894 * 17.14 branding by @nohwnd in microsoft/vstest#14903 * Update filter.md for NUnit by @OsirisTerje in microsoft/vstest#14987 * Flag netstandard1.x dependencies in source-build by @ViktorHofer in microsoft/vstest#14986 * Use VS dependencies versions from release VS to have archived symbols by @nohwnd in microsoft/vstest#14991 * Remove extra ; by @nohwnd in microsoft/vstest#14995 * Use dependencymodel 6.0.2 by @nohwnd in microsoft/vstest#14996 * Make Testhost packable only on Windows by @mmitche in microsoft/vstest#15001 ### Will probably revert before release: * Write props of tests into trx by @nohwnd in microsoft/vstest#14905 ## New Contributors * @OsirisTerje made their first contribution in microsoft/vstest#14987 * @adstep made their first contribution in microsoft/vstest#15003 * @Sergio0694 made their first contribution in microsoft/vstest#15004 **Full Changelog**: microsoft/vstest@v17.13.0...v17.14.0-preview-25107-01 ## 17.13.0 ## What's Changed * Add letter number among valid identifiers in class name by @nohwnd in microsoft/vstest#13868 * Fix formatting in Runner by @mthalman in microsoft/vstest#13871 * Downgrade xunit skip warning to info by @nohwnd in microsoft/vstest#10381 * Add msdia for arm64 into nuget by @nohwnd in microsoft/vstest#10382 * Enable native debugging for vstest.console by @ocitrev in microsoft/vstest#10401 * Fix RFCs links by @Youssef1313 in microsoft/vstest#10424 * Convert to auto property by @nohwnd in microsoft/vstest#10365 * Update Versions.props by @nohwnd in microsoft/vstest#10378 * Enable TSA by @jakubch1 in microsoft/vstest#10385 * Arm64 dia by @nohwnd in microsoft/vstest#10390 * Update source-build team references by @MichaelSimons in microsoft/vstest#10388 * Exclude .signature.p7s from nupkg file count by @ellahathaway in microsoft/vstest#10418 * Set NetCurrent so that it doesn't roll forward automatically by @ViktorHofer in microsoft/vstest#10622 ## New Contributors * @ocitrev made their first contribution in microsoft/vstest#10401 * @Youssef1313 made their first contribution in microsoft/vstest#10424 **Full Changelog**: microsoft/vstest@v17.12.0...v17.13.0 Commits viewable in [compare view](microsoft/vstest@v17.12.0...v17.14.1). </details> Updated [OpenAI](https://github.com/openai/openai-dotnet) from 2.1.0-beta.1 to 2.3.0. <details> <summary>Release notes</summary> _Sourced from [OpenAI's releases](https://github.com/openai/openai-dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/openai/openai-dotnet/commits). </details> Updated [System.Linq.Async](https://github.com/dotnet/reactive) from 6.0.1 to 6.0.3. <details> <summary>Release notes</summary> _Sourced from [System.Linq.Async's releases](https://github.com/dotnet/reactive/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/reactive/commits). </details> Updated [System.Text.Json](https://github.com/dotnet/runtime) from 8.0.5 to 8.0.6. <details> <summary>Release notes</summary> _Sourced from [System.Text.Json's releases](https://github.com/dotnet/runtime/releases)._ ## 8.0.6 [Release](https://github.com/dotnet/core/releases/tag/v8.0.6) Commits viewable in [compare view](dotnet/runtime@v8.0.5...v8.0.6). </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

#minor Updated [Azure.Identity](https://github.com/Azure/azure-sdk-for-net) from 1.13.2 to 1.14.2. <details> <summary>Release notes</summary> _Sourced from [Azure.Identity's releases](https://github.com/Azure/azure-sdk-for-net/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/Azure/azure-sdk-for-net/commits). </details> Updated [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.12.0 to 17.14.1. <details> <summary>Release notes</summary> _Sourced from [Microsoft.NET.Test.Sdk's releases](https://github.com/microsoft/vstest/releases)._ ## 17.14.1 ## What's Changed * Error on unsupported target frameworks to prevent silently not running tests by @nohwnd in microsoft/vstest#15072 and microsoft/vstest#15078 * Revert writing additional properties to TRX by @nohwnd in microsoft/vstest@47eb51b **Full Changelog**: microsoft/vstest@v17.14.0...v17.14.1 ## 17.14.0 ## What's Changed ### .NET versions updated This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does **NOT** prevent you from: - Updating to the latest VS, and running tests from net6.0 test projects. - Updating to the latest .NET SDK, and running tests from net6.0 test projects. It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2. * Drop unsupported frameworks by @nohwnd in microsoft/vstest#10565 ### Changes * Adding Process Query Flag For UWP .NET 9 Support by @adstep in microsoft/vstest#15003 * Fix builds on WinUI and UWP .NET 9 projects by @Sergio0694 in microsoft/vstest#15004 * don't report communication error on discovery abort by @nohwnd in microsoft/vstest#14992 * Add dump minitool to vsix by @nohwnd in microsoft/vstest#14707 * Make test runners long-path aware (#5179) by @peetw in microsoft/vstest#15014 * Fix trace in DataCollectionRequestSender.cs by @stan-sz in microsoft/vstest#15025 * Fix/readme grammar parallelism by @dellch in microsoft/vstest#15030 * Add binding redirects by @nohwnd in microsoft/vstest#15041 * Write props of tests into trx by @nohwnd in microsoft/vstest#14905 ### Internal version updates and fixes * Update io.redist by @nohwnd in microsoft/vstest#13872 * Use preview image for public build by @nohwnd in microsoft/vstest#13888 * Remove xcopy-msbuild by @nohwnd in microsoft/vstest#14138 * Move to macos14 by @nohwnd in microsoft/vstest#14137 * Update diagnose.md by @nohwnd in microsoft/vstest#14776 * hash with sha2 for mutex lock by @nohwnd in microsoft/vstest#14777 * Update test projects for vmr by @nohwnd in microsoft/vstest#14894 * 17.14 branding by @nohwnd in microsoft/vstest#14903 * Update filter.md for NUnit by @OsirisTerje in microsoft/vstest#14987 * Flag netstandard1.x dependencies in source-build by @ViktorHofer in microsoft/vstest#14986 * Use VS dependencies versions from release VS to have archived symbols by @nohwnd in microsoft/vstest#14991 * Remove extra ; by @nohwnd in microsoft/vstest#14995 * Use dependencymodel 6.0.2 by @nohwnd in microsoft/vstest#14996 * Make Testhost packable only on Windows by @mmitche in microsoft/vstest#15001 * Add system text json to vsix by @nohwnd in microsoft/vstest#15034 * Add more files to vsix by @nohwnd in microsoft/vstest#15038 * Remove unnecessary CA2022 suppressions by @Winniexu01 in microsoft/vstest#15035 * Update package project url by @mmitche in microsoft/vstest#15040 ## New Contributors * @OsirisTerje made their first contribution in microsoft/vstest#14987 * @adstep made their first contribution in microsoft/vstest#15003 ... (truncated) ## 17.14.0-preview-25107-01 ## What's Changed ### .NET versions updated This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does **NOT** prevent you from: - Updating to the latest VS, and running tests from net6.0 test projects. - Updating to the latest .NET SDK, and running tests from net6.0 test projects. It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2. * Drop unsupported frameworks by @nohwnd in microsoft/vstest#10565 ### Changes * Adding Process Query Flag For UWP .NET 9 Support by @adstep in microsoft/vstest#15003 * Fix builds on WinUI and UWP .NET 9 projects by @Sergio0694 in microsoft/vstest#15004 * don't report communication error on discovery abort by @nohwnd in microsoft/vstest#14992 * Add dump minitool to vsix by @nohwnd in microsoft/vstest#14707 ### Internal version updates and fixes * Update io.redist by @nohwnd in microsoft/vstest#13872 * Use preview image for public build by @nohwnd in microsoft/vstest#13888 * Remove xcopy-msbuild by @nohwnd in microsoft/vstest#14138 * Move to macos14 by @nohwnd in microsoft/vstest#14137 * Update diagnose.md by @nohwnd in microsoft/vstest#14776 * hash with sha2 for mutex lock by @nohwnd in microsoft/vstest#14777 * Update test projects for vmr by @nohwnd in microsoft/vstest#14894 * 17.14 branding by @nohwnd in microsoft/vstest#14903 * Update filter.md for NUnit by @OsirisTerje in microsoft/vstest#14987 * Flag netstandard1.x dependencies in source-build by @ViktorHofer in microsoft/vstest#14986 * Use VS dependencies versions from release VS to have archived symbols by @nohwnd in microsoft/vstest#14991 * Remove extra ; by @nohwnd in microsoft/vstest#14995 * Use dependencymodel 6.0.2 by @nohwnd in microsoft/vstest#14996 * Make Testhost packable only on Windows by @mmitche in microsoft/vstest#15001 ### Will probably revert before release: * Write props of tests into trx by @nohwnd in microsoft/vstest#14905 ## New Contributors * @OsirisTerje made their first contribution in microsoft/vstest#14987 * @adstep made their first contribution in microsoft/vstest#15003 * @Sergio0694 made their first contribution in microsoft/vstest#15004 **Full Changelog**: microsoft/vstest@v17.13.0...v17.14.0-preview-25107-01 ## 17.13.0 ## What's Changed * Add letter number among valid identifiers in class name by @nohwnd in microsoft/vstest#13868 * Fix formatting in Runner by @mthalman in microsoft/vstest#13871 * Downgrade xunit skip warning to info by @nohwnd in microsoft/vstest#10381 * Add msdia for arm64 into nuget by @nohwnd in microsoft/vstest#10382 * Enable native debugging for vstest.console by @ocitrev in microsoft/vstest#10401 * Fix RFCs links by @Youssef1313 in microsoft/vstest#10424 * Convert to auto property by @nohwnd in microsoft/vstest#10365 * Update Versions.props by @nohwnd in microsoft/vstest#10378 * Enable TSA by @jakubch1 in microsoft/vstest#10385 * Arm64 dia by @nohwnd in microsoft/vstest#10390 * Update source-build team references by @MichaelSimons in microsoft/vstest#10388 * Exclude .signature.p7s from nupkg file count by @ellahathaway in microsoft/vstest#10418 * Set NetCurrent so that it doesn't roll forward automatically by @ViktorHofer in microsoft/vstest#10622 ## New Contributors * @ocitrev made their first contribution in microsoft/vstest#10401 * @Youssef1313 made their first contribution in microsoft/vstest#10424 **Full Changelog**: microsoft/vstest@v17.12.0...v17.13.0 Commits viewable in [compare view](microsoft/vstest@v17.12.0...v17.14.1). </details> Updated [OpenAI](https://github.com/openai/openai-dotnet) from 2.1.0-beta.1 to 2.3.0. <details> <summary>Release notes</summary> _Sourced from [OpenAI's releases](https://github.com/openai/openai-dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/openai/openai-dotnet/commits). </details> Updated [System.Linq.Async](https://github.com/dotnet/reactive) from 6.0.1 to 6.0.3. <details> <summary>Release notes</summary> _Sourced from [System.Linq.Async's releases](https://github.com/dotnet/reactive/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/reactive/commits). </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

#minor Updated [Azure.Identity](https://github.com/Azure/azure-sdk-for-net) from 1.14.2 to 1.15.0. <details> <summary>Release notes</summary> _Sourced from [Azure.Identity's releases](https://github.com/Azure/azure-sdk-for-net/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/Azure/azure-sdk-for-net/commits). </details> Updated [Microsoft.Identity.Client](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) from 4.74.1 to 4.76.0. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Identity.Client's releases](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases)._ ## 4.76.0 ## What's Changed * Removal of `ExperimentalFeatures` flag on `WithMtlsProofOfPossession` API: by @gladjohn in AzureAD/microsoft-authentication-library-for-dotnet#5402 * #5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority by @andkorsh in AzureAD/microsoft-authentication-library-for-dotnet#5401 * Add Service Fabric token revocation support by @gladjohn in AzureAD/microsoft-authentication-library-for-dotnet#5421 * Update NativeInterop package version to 0.19.4 by @ashok672 in AzureAD/microsoft-authentication-library-for-dotnet#5434 * Adding WithExtraBodyParameters api by @trwalke in AzureAD/microsoft-authentication-library-for-dotnet#5389 * Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates by @gladjohn in AzureAD/microsoft-authentication-library-for-dotnet#5409 ## New Contributors * @andkorsh made their first contribution in AzureAD/microsoft-authentication-library-for-dotnet#5401 **Full Changelog**: AzureAD/microsoft-authentication-library-for-dotnet@4.74.1...4.76.0 Commits viewable in [compare view](AzureAD/microsoft-authentication-library-for-dotnet@4.74.1...4.76.0). </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…veCards.a.typeAheadBot (#2585) #minor [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.9.5&new-version=3.12.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

#minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.3 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.2.3...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.2.3&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lily Du <lilydu@microsoft.com>

…deration (#2587) #minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.19&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…auth.messageExtensions (#2588) #minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.19&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ctionMapping.lightBot (#2591) #minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.19&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…wentyQuestions (#2592) #minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.19&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…hainedActions.listBot (#2595) #minor [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.9.5&new-version=3.12.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…auth.bot (#2594) #minor Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> <h2>2.4.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Features</h1> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li> </ul> <h1>Misc</h1> <ul> <li>Switched to uv for installing development dependecies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li> </ul> <h2>2.3.0</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 <https://peps.python.org/pep-0784/></code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) <https://github.com/urllib3/urllib3/issues/3610></code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) <https://github.com/urllib3/urllib3/issues/3612></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) <https://github.com/urllib3/urllib3/issues/3581></code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) <https://github.com/urllib3/urllib3/issues/3615></code>__)</li> </ul> <h1>2.4.0 (2025-04-10)</h1> <h2>Features</h2> <ul> <li>Applied PEP 639 by specifying the license fields in pyproject.toml. (<code>[#3522](urllib3/urllib3#3522) <https://github.com/urllib3/urllib3/issues/3522></code>__)</li> <li>Updated exceptions to save and restore more properties during the pickle/serialization process. (<code>[#3567](urllib3/urllib3#3567) <https://github.com/urllib3/urllib3/issues/3567></code>__)</li> <li>Added <code>verify_flags</code> option to <code>create_urllib3_context</code> with a default of <code>VERIFY_X509_PARTIAL_CHAIN</code> and <code>VERIFY_X509_STRICT</code> for Python 3.13+. (<code>[#3571](urllib3/urllib3#3571) <https://github.com/urllib3/urllib3/issues/3571></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug with partial reads of streaming data in Emscripten. (<code>[#3555](urllib3/urllib3#3555) <https://github.com/urllib3/urllib3/issues/3555></code>__)</li> </ul> <h2>Misc</h2> <ul> <li>Switched to uv for installing development dependecies. (<code>[#3550](urllib3/urllib3#3550) <https://github.com/urllib3/urllib3/issues/3550></code>__)</li> <li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (<code>[#3566](urllib3/urllib3#3566) <https://github.com/urllib3/urllib3/issues/3566></code>__)</li> </ul> <h1>2.3.0 (2024-12-22)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.19&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams-ai/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps Azure.Identity from 1.15.0 to 1.16.0 Bumps Microsoft.Identity.Client from 4.76.0 to 4.77.0 --- updated-dependencies: - dependency-name: Azure.Identity dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: Microsoft.Identity.Client dependency-version: 4.77.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

rido-min · 2025-09-17T21:26:32Z

@dependabot rebase

dependabot · 2025-09-17T21:26:34Z

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

corinagum · 2025-09-19T19:00:42Z

@dependabot recreate

dependabot · 2025-09-19T19:00:46Z

The dependabot.yml entry that created this PR has been deleted so this PR can't be recreated. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

dependabot · 2025-09-19T19:01:00Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot and others added 30 commits April 30, 2025 13:32

[repo] chore: update README for v2 (#2448)

861f76d

## Linked issues closes: #minor --------- Co-authored-by: lilydu <lilydu+odspmdb@microsoft.com> Co-authored-by: Corina <14900841+corinagum@users.noreply.github.com>

[C#] Bump: to v1.11.0 (#2478)

e1fa890

## Linked issues closes: #minor (issue number) ## Details Introduces: #2462 #2454

[JS] feat: rebrand ttk (#2385)

a2947f3

## Linked issues #minor --------- Co-authored-by: Corina <14900841+corinagum@users.noreply.github.com>

[PY] bump: patch to 1.8.1 (#2523)

366b5a0

## Linked issues closes: #minor --------- Co-authored-by: lilydu <lilydu+odspmdb@microsoft.com>

dependabot bot and others added 9 commits September 9, 2025 13:11

dependabot bot added dependencies Pull requests that update a dependency file dotnet Change/fix applies to dotnet. If all three, use the 'JS & dotnet & Python' label labels Sep 15, 2025

dependabot bot requested review from aacebo, corinagum, heyitsaamir, lilyydu, rajan-chari and singhk97 as code owners September 15, 2025 19:07

dependabot bot added dependencies Pull requests that update a dependency file dotnet Change/fix applies to dotnet. If all three, use the 'JS & dotnet & Python' label labels Sep 15, 2025

dependabot bot temporarily deployed to main September 15, 2025 19:07 Inactive

dependabot bot temporarily deployed to main September 15, 2025 19:10 Inactive

rajan-chari added the v1 PR's for v1 label Sep 17, 2025

rido-min force-pushed the main branch from e6e998e to 57ff94f Compare September 17, 2025 21:12

corinagum closed this Sep 19, 2025

dependabot bot deleted the dependabot/nuget/dotnet/packages/Microsoft.TeamsAI/Microsoft.TeamsAI.Tests/production-b147662880 branch September 19, 2025 19:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[C#] bump: Bump the production group with 2 updates #2605

[C#] bump: Bump the production group with 2 updates #2605

Uh oh!

dependabot bot commented on behalf of github Sep 15, 2025

Uh oh!

rido-min commented Sep 17, 2025

Uh oh!

dependabot bot commented on behalf of github Sep 17, 2025

Uh oh!

corinagum commented Sep 19, 2025

Uh oh!

dependabot bot commented on behalf of github Sep 19, 2025

Uh oh!

dependabot bot commented on behalf of github Sep 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

13 participants

Uh oh!

[C#] bump: Bump the production group with 2 updates #2605

[C#] bump: Bump the production group with 2 updates #2605

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 15, 2025

1.16.0

1.16.0 (2025-09-09)

Features Added

Bugs Fixed

Other Changes

4.77.0

Features

Changes

Bug fixes

Uh oh!

rido-min commented Sep 17, 2025

Uh oh!

dependabot bot commented on behalf of github Sep 17, 2025

Uh oh!

corinagum commented Sep 19, 2025

Uh oh!

dependabot bot commented on behalf of github Sep 19, 2025

Uh oh!

dependabot bot commented on behalf of github Sep 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

13 participants