[JS] bump: (deps): Bump the production group across 1 directory with 7 updates

[dependabot]

#minor
Bumps the production group with 7 updates in the /js directory:

Package	From	To
axios	1.8.4	1.9.0
yaml	2.7.1	2.8.0
dotenv	16.4.7	16.5.0
@microsoft/teams-js	2.35.0	2.37.0
vectra	0.9.0	0.11.1
debug	4.4.0	4.4.1
@azure/identity	4.8.0	4.10.0

Updates axios from 1.8.4 to 1.9.0

Release notes

Sourced from axios's releases.

Release v1.9.0

Release notes:

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
• http: send minimal end multipart boundary (#6661) (987d2e2)
• types: fix autocomplete for adapter config (#6855) (e61a893)

Features

• AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#5707) (80ea756)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Willian Agostini
• George Cheng
• FatahChan
• Ionuț G. Stan

Changelog

Sourced from axios's changelog.

1.9.0 (2025-04-24)

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
• http: send minimal end multipart boundary (#6661) (987d2e2)
• types: fix autocomplete for adapter config (#6855) (e61a893)

Features

• AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#5707) (80ea756)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Willian Agostini
• George Cheng
• FatahChan
• Ionuț G. Stan

Commits

• cdcfd21 chore(release): v1.9.0 (#6891)
• 987d2e2 fix(http): send minimal end multipart boundary (#6661)
• f112edf chore(ci): add PR files guard action; (#6890)
• 61de4c0 chore(ci): update github actions; (#6889)
• c3aba3d chore(ci): add labeler github action; (#6888)
• f7a3b5e fix(headers): fixed support for setting multiple header values from an iterat...
• e61a893 fix(types): fix autocomplete for adapter config (#6855)
• 6c5d4cd fix(core): fix the Axios constructor implementation to treat the config argum...
• dfe8411 fix(fetch): fixed ERR_NETWORK mapping for Safari browsers; (#6767)
• d4f7df4 fix(headers): fix getSetCookie by using 'get' method for caseless access; (...
• Additional commits viewable in compare view

Updates yaml from 2.7.1 to 2.8.0

Release notes

Sourced from yaml's releases.

v2.8.0

• Add node cache for faster alias resolution (#612)
• Re-introduce compatibility with Node.js 14.6 (#614)
• Add --merge option to CLI tool (#611)
• Improve error for tag resolution error on null value (#616)
• Allow empty string as plain scalar representation, for failsafe schema (#616)
• docs: include cli example (#617)

Commits

• c000eb7 2.8.0
• 1e85fc8 style: Apply updated lint rules
• 02f7d5f chore: Refresh lockfile
• 389ca7c docs: include cli example (#617)
• 0f29ce6 feat: Add --merge option to CLI tool (#611)
• e00cab9 fix: Improve error for tag resolution error on null value (#616)
• 2a841cc fix: Allow empty string as plain scalar representation, for failsafe schema (...
• 55c5ef4 feat: Add node cache for faster alias resolution (#612)
• ab17552 Merge pull request #614 from eemeli/engines-compat
• b27c124 ci: Re-introduce tests for Node.js 14.6 and later
• Additional commits viewable in compare view

Updates dotenv from 16.4.7 to 16.5.0

Changelog

Sourced from dotenv's changelog.

16.5.0 (2025-04-07)

Added

• 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP] Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

• Remove _log method. Use _debug #862

Commits

• d39cc9a 16.5.0
• 2f4e407 Merge pull request #863 from Fdawgs/patch-1
• a1eef11 chore(package): add homepage url
• fb7e407 README update
• bf9113f README update
• 9326f05 changelog 🪵
• 2e8da30 changelog 🪵
• 3257b3a changelog 🪵
• c0ca62c changelog 🪵
• 797c5e9 changelog 🪵
• Additional commits viewable in compare view

Updates @microsoft/teams-js from 2.35.0 to 2.37.0

Release notes

Sourced from @​microsoft/teams-js's releases.

2.37.0

Minor changes

• Added forceRefresh optional argument in getEligibilityInfo API.

v2.36.0

Minor changes

• Added canParentManageNAATrustedOrigins capability to check if the parent can manage its list of trusted child origins for Nested App Auth (NAA). The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
• Added getParentOrigin API to read the parent origin for nested app auth
• Added support for ExternalAppCardActionsForDA capability.
• Added support for isDeeplyNestedAuthSupported to check if deeply nested auth is supported.
• Added manageNAATrustedOrigins capability which allows the top-level parent app to register its child app's origin as trusted for nested app auth. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
• Added standalone nested app auth bridge for nested child app
• Removed child messaging proxying by default to avoid security issues. If an app still needs this pattern, it can be activated through the feature flag function activateChildProxyingCommunication which enables child proxying for that app.
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

• Set a unique Teams-JS instance id when Teams-JS library is used and appended this unique id to message request sent to host sdk.
• Disabled default nested app auth bridge injection for nested child app
• Added apiVersion tag in NAA request and removed isNAAChannelRecommended check in isDeeplyNestedAuthSupported api

Changelog

Sourced from @​microsoft/teams-js's changelog.

2.37.0

Fri, 02 May 2025 19:11:28 GMT

Minor changes

• Added forceRefresh optional argument in getEligibilityInfo API.

2.36.0

Tue, 01 Apr 2025 18:17:07 GMT

Minor changes

• Added canParentManageNAATrustedOrigins capability to check if the parent can manage its list of trusted child origins for Nested App Auth (NAA). The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
• Added getParentOrigin API to read the parent origin for nested app auth
• Added support for ExternalAppCardActionsForDA capability.
• Added support for isDeeplyNestedAuthSupported to check if deeply nested auth is supported.
• Added manageNAATrustedOrigins capability which allows the top-level parent app to register its child app's origin as trusted for nested app auth. The capability is still awaiting support in one or most host applications. To track availability of this capability across different hosts see https://aka.ms/capmatrix
• Added standalone nested app auth bridge for nested child app
• Removed child messaging proxying by default to avoid security issues. If an app still needs this pattern, it can be activated through the feature flag function activateChildProxyingCommunication which enables child proxying for that app.
• Bump eslint-plugin-recommend-no-namespaces to v0.1.0

Patches

• Set a unique Teams-JS instance id when Teams-JS library is used and appended this unique id to message request sent to host sdk.
• Disabled default nested app auth bridge injection for nested child app
• Added apiVersion tag in NAA request and removed isNAAChannelRecommended check in isDeeplyNestedAuthSupported api

Commits

• 46da1af Prelease of version 2.37.0 (#2795)
• 451b470 Added force refresh parameter to get eligbility info API. (#2784)
• feafb17 Clean up for release 2.36.0 (#2777)
• 7b11048 Setting up for release 2.35.0 (#2748) (#2765)
• e63a266 Added apiVersion tag in NAA request and removed isNAAChannelRecommended c...
• 7db8f73 TJS unique bundle id (#2758)
• 82dcb40 Add support for manageNAATrustedOrigins API (#2768)
• 875f8f7 Standalone NAA(Nested App Auth) bridge for nested child app (#2750)
• 0fe84ba Add canParentManageNAATrustedOrigins capability to check if the parent can...
• 677cd33 Added support for isDeeplyNestedAuthSupported to check if deeply nested aut...
• Additional commits viewable in compare view

Updates vectra from 0.9.0 to 0.11.1

Release notes

Sourced from vectra's releases.

v0.10.0

https://www.npmjs.com/package/vectra

What's Changed

• v4 should be v4() by @​GaureeshAnvekar in Stevenic/vectra#64
• Fixed Typescript error in ItemSelector.ts by @​JoramMillenaar in Stevenic/vectra#60
• Hybrid search support for Vectra - addition of Okapi-BM25 keyword search by @​GaureeshAnvekar in Stevenic/vectra#61

New Contributors

• @​kritlivesync made their first contribution in Stevenic/vectra#17
• @​ispyhumanfly made their first contribution in Stevenic/vectra#16
• @​singhk97 made their first contribution in Stevenic/vectra#19
• @​steveruizok made their first contribution in Stevenic/vectra#26
• @​BMS-geodev made their first contribution in Stevenic/vectra#29
• @​Seyronh made their first contribution in Stevenic/vectra#36
• @​ecwyne made their first contribution in Stevenic/vectra#44
• @​IanGallacher made their first contribution in Stevenic/vectra#55
• @​ReneReiterer made their first contribution in Stevenic/vectra#54
• @​GaureeshAnvekar made their first contribution in Stevenic/vectra#64
• @​JoramMillenaar made their first contribution in Stevenic/vectra#60

Full Changelog: https://github.com/Stevenic/vectra/commits/v0.10.0

Commits

• See full diff in compare view

Updates debug from 4.4.0 to 4.4.1

Release notes

Sourced from debug's releases.

4.4.1

What's Changed

• fix(Issue-996): replace whitespaces in namespaces string with commas globally by @​pdahal-cx in debug-js/debug#997
• fixes #987 fallback to localStorage.DEBUG if debug is not defined by @​lzilioli in debug-js/debug#988

New Contributors

• @​pdahal-cx made their first contribution in debug-js/debug#997
• @​lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

Commits

• 33330fa 4.4.1
• 98df33e remove istanbul
• bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
• a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
• See full diff in compare view

Updates @azure/identity from 4.8.0 to 4.10.0

Commits

• 700cab5 [Identity] May release update (#34353)
• b774a30 Post release automated changes for cosmosdb releases (#34342)
• bd4b22f [Identity] update the DAC chain based on env var AZURE_TOKEN_CREDENTIALS (#34...
• c662c13 Sync eng/common directory with azure-sdk-tools for PR 10532 (#34345)
• 6d307e2 Sync eng/common directory with azure-sdk-tools for PR 10522 (#34191)
• 9bcf955 Update CHANGELOG.md (#34343)
• 6207e62 Sync eng/common directory with azure-sdk-tools for PR 10616 (#34339)
• 66a4365 fix split/merge handling (#34338)
• db60b4d [Cosmos] Bug in fullTextScore method (#34332)
• de7859e Downgrade webpubsub dependency to unblock release (#34311)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.