Release Core v1.0.6#585
Merged
Merged
Conversation
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.1 to 6.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.4.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.4.2 (2026-04-06)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>) (<a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b">fe28e47</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22159">#22159</a> <a href="https://redirect.github.com/vitejs/vite/issues/22163">#22163</a></li> <li>fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>) (<a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b">ca4da5d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22161">#22161</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045"><code>6b3fad0</code></a> release: v6.4.2</li> <li><a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b"><code>ca4da5d</code></a> fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b"><code>fe28e47</code></a> fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3"><code>5487f4f</code></a> release: v6.4.1</li> <li><a href="https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8"><code>1114b5d</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969">#20969</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103"><code>f12697c</code></a> release: v6.4.0</li> <li><a href="https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a"><code>ca6455e</code></a> feat: allow passing down resolved config to vite's createServer (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932">#20932</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af"><code>0e173d8</code></a> release: v6.3.7</li> <li><a href="https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff"><code>c59a222</code></a> fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940">#20940</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb"><code>3f337c5</code></a> release: v6.3.6</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v6.4.2/packages/vite">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary - `App.Process` calls `Users.Token.GetAsync` on every incoming activity to populate `IContext.IsSignedIn` / `IContext.UserGraphToken`. Profiling shows it adds ~200ms per request and only succeeds for bots with an SSO connection configured -- for everyone else it's a swallowed exception on the hot path. - Adds `AppOptions.AutoUserTokenLookup` (default **true**, preserving existing behaviour). Bots without SSO can opt out by setting it to `false` via the option, the `App.AutoUserTokenLookup` property, or `AppBuilder.AutoUserTokenLookup(false)`. - Measured impact on a non-SSO bot with the flag set to `false`: `App.Process` 213ms -> 12ms cold, ~0ms warm. ## Test plan - [x] Default (`AutoUserTokenLookup = true`): existing SSO bots continue to populate `IContext.IsSignedIn` / `UserGraphToken` -- no behaviour change. - [x] Non-SSO bot with `AutoUserTokenLookup = false`: activities still route end-to-end and `IContext.IsSignedIn` is `false` / `UserGraphToken` is `null` (same as the previous swallowed-exception path). - [x] Verify `AppBuilder.AutoUserTokenLookup(false)` flows through to the constructed `App`. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>4.0.4</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334"><code>e5474fc</code></a> Publish 4.0.4</li> <li><a href="https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903"><code>4516eb5</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d"><code>5eceecd</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238"><code>0db7dd7</code></a> Run benchmark again against latest minimatch version (<a href="https://redirect.github.com/micromatch/picomatch/issues/161">#161</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a"><code>9500377</code></a> docs: clarify what brace expansion syntax is and isn't supported (<a href="https://redirect.github.com/micromatch/picomatch/issues/134">#134</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171"><code>2661f23</code></a> fix typo in globstars.js test name (<a href="https://redirect.github.com/micromatch/picomatch/issues/138">#138</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7"><code>1798b07</code></a> docs: fix <code>makeRe</code> example (<a href="https://redirect.github.com/micromatch/picomatch/issues/143">#143</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8"><code>9d76bc5</code></a> chore: undocument removed options (<a href="https://redirect.github.com/micromatch/picomatch/issues/146">#146</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d"><code>e4d718b</code></a> Remove unused time-require (<a href="https://redirect.github.com/micromatch/picomatch/issues/160">#160</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76"><code>38dffeb</code></a> chore(deps): pin dependencies (<a href="https://redirect.github.com/micromatch/picomatch/issues/158">#158</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Removes [uuid](https://github.com/uuidjs/uuid). It's no longer used after updating ancestor dependency [@microsoft/teams.client](https://github.com/microsoft/teams.ts/tree/HEAD/packages/client). These dependencies need to be updated together. Removes `uuid` Updates `@microsoft/teams.client` from 2.0.0-preview.11 to 2.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/teams.ts/releases">@microsoft/teams.client's releases</a>.</em></p> <blockquote> <h2>v2.0.8</h2> <h2>What's Changed</h2> <ul> <li>Bump version to 2.0.8-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/502">microsoft/teams.ts#502</a></li> <li>Bump hono from 4.12.9 to 4.12.12 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/510">microsoft/teams.ts#510</a></li> <li>Bump <code>@hono/node-server</code> from 1.19.11 to 1.19.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/509">microsoft/teams.ts#509</a></li> <li>Bump vite from 6.4.1 to 6.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/514">microsoft/teams.ts#514</a></li> <li>Bump axios from 1.13.5 to 1.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/518">microsoft/teams.ts#518</a></li> <li>feat: GitHub issue analysis → Teams notification workflow by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/517">microsoft/teams.ts#517</a></li> <li>Merge User-Agent headers when cloning HTTP client by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/508">microsoft/teams.ts#508</a></li> <li>feat: graceful stream cancellation on 403 by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/513">microsoft/teams.ts#513</a></li> <li>Add sovereign cloud support (GCCH, DoD, China) by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/500">microsoft/teams.ts#500</a></li> <li>fix: drain entire queue per flush cycle by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/520">microsoft/teams.ts#520</a></li> <li>fix: resolve missing deps, broken JSON, type errors, and typos in CLI templates by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/521">microsoft/teams.ts#521</a></li> <li>feat: add missing endpoints (Paged Members, Meeting Notifs) & address client gaps by <a href="https://github.com/lilyydu"><code>@lilyydu</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/516">microsoft/teams.ts#516</a></li> <li>fix: surface Graph API error body in GraphError by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/524">microsoft/teams.ts#524</a></li> <li>fix: improve error message when app credentials are missing by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/527">microsoft/teams.ts#527</a></li> <li>Bump hono from 4.12.12 to 4.12.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/528">microsoft/teams.ts#528</a></li> <li>Bump version to 2.0.9-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/531">microsoft/teams.ts#531</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/microsoft/teams.ts/compare/v2.0.7...v2.0.8">https://github.com/microsoft/teams.ts/compare/v2.0.7...v2.0.8</a></p> <h2>v2.0.7</h2> <h2>What's Changed</h2> <ul> <li>Bump version to 2.0.7-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/486">microsoft/teams.ts#486</a></li> <li>Add support for Shared Channels in app templates by <a href="https://github.com/singhk97"><code>@singhk97</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/453">microsoft/teams.ts#453</a></li> <li>Expose Graph Client http client via public getter by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/489">microsoft/teams.ts#489</a></li> <li>Bump handlebars from 4.7.8 to 4.7.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/490">microsoft/teams.ts#490</a></li> <li>Bump yaml from 2.8.2 to 2.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/491">microsoft/teams.ts#491</a></li> <li>Fix HttpServer breaking Azure App Service named pipe ports by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/488">microsoft/teams.ts#488</a></li> <li>Update Adaptive Cards package by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/476">microsoft/teams.ts#476</a></li> <li>Add cancellation token to OnMessage handler in Program.cs template by <a href="https://github.com/rido-min"><code>@rido-min</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/499">microsoft/teams.ts#499</a></li> <li>Fix ExpressAdapter to accept Express app directly by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/504">microsoft/teams.ts#504</a></li> <li>Add OpenDialogData and SubmitData convenience wrappers by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/498">microsoft/teams.ts#498</a></li> <li>Release 2.0.7 by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/501">microsoft/teams.ts#501</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/microsoft/teams.ts/compare/v2.0.6...v2.0.7">https://github.com/microsoft/teams.ts/compare/v2.0.6...v2.0.7</a></p> <h2>v2.0.6</h2> <p>This release has been building up for a while! We are hoping to get back into a regular groove of release features and fixes once more.</p> <p>New Features</p> <ul> <li>HttpServer — New built-in HTTP server, begins deprecating HttpPlugin (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/433">#433</a>)</li> <li>Targeted Messages — Experimental (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/443">#443</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/449">#449</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/468">#468</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/477">#477</a>)</li> <li>Reactions — Message reaction support (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/452">#452</a>)</li> <li>signin/failure handling — New invoke activity for sign-in failures (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/459">#459</a>)</li> <li>Configurable messaging endpoint path (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/483">#483</a>)</li> <li>Overridable base service URL for API Client (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/435">#435</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/microsoft/teams.ts/blob/main/packages/client/CHANGELOG.md">@microsoft/teams.client's changelog</a>.</em></p> <blockquote> <h1><code>@microsoft/teams</code>.client</h1> <h2>2.0.5</h2> <h3>Patch Changes</h3> <ul> <li>Bug fixes and minor improvements</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.5</li> <li><code>@microsoft/teams</code>.common@2.0.5</li> <li><code>@microsoft/teams</code>.graph@2.0.5</li> </ul> </li> </ul> <h2>2.0.4</h2> <h3>Patch Changes</h3> <ul> <li>Fix backward compat issue with TokenCredentials</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.4</li> <li><code>@microsoft/teams</code>.common@2.0.4</li> <li><code>@microsoft/teams</code>.graph@2.0.4</li> </ul> </li> </ul> <h2>2.0.3</h2> <h3>Patch Changes</h3> <ul> <li>Regional oauth support, additional auth mechanisms support, resync graph endpoints</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.3</li> <li><code>@microsoft/teams</code>.common@2.0.3</li> <li><code>@microsoft/teams</code>.graph@2.0.3</li> </ul> </li> </ul> <h2>2.0.2</h2> <h3>Patch Changes</h3> <ul> <li>Number of bug fixes and CLI improvements</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.2</li> <li><code>@microsoft/teams</code>.common@2.0.2</li> <li><code>@microsoft/teams</code>.graph@2.0.2</li> </ul> </li> </ul> <h2>2.0.1</h2> <h3>Patch Changes</h3> <ul> <li>Update templates to use latest instad of preview</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.1</li> <li><code>@microsoft/teams</code>.common@2.0.1</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/teams.ts/commits/HEAD/packages/client">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~microsoft1es">microsoft1es</a>, a new releaser for <code>@microsoft/teams</code>.client since your current version.</p> </details> <br /> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: corinagum <14900841+corinagum@users.noreply.github.com>
- Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.14. - Upgrade NuGet package Microsoft.Kiota.Abstractions to unblock CI <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf"><code>3ec1394</code></a> Release 8.5.14 version</li> <li><a href="https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620"><code>f2bb827</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020"><code>d75953d</code></a> Merge pull request <a href="https://redirect.github.com/postcss/postcss/issues/2084">#2084</a> from 43081j/raw-raws-rawing</li> <li><a href="https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480"><code>68bd213</code></a> fix: always call <code>raw</code> to retrieve raw values</li> <li><a href="https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1"><code>af58cf1</code></a> Release 8.5.13 version</li> <li><a href="https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee"><code>f227dbd</code></a> Temporary ignore pnpm 11 config</li> <li><a href="https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0"><code>d3abd40</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9"><code>dd06c3e</code></a> Revert stringifier changes because of the conflict with postcss-scss</li> <li><a href="https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb"><code>ae889c8</code></a> Try to fix CI</li> <li><a href="https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15"><code>e0093e4</code></a> Move to pnpm 11</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.5.6...8.5.14">compare view</a></li> </ul> </details> <br /> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: corinagum <14900841+corinagum@users.noreply.github.com>
<img width="793" height="978" alt="image" src="https://github.com/user-attachments/assets/aaa004f4-c797-45a7-afb1-362411ad3437" /> As a team, we have decided to use "Discussions" as the main place for new features and questions, and Issues for actual actionable bugs. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
) Fixes #473 ## Summary Two bugs in the streaming path. Parity of [microsoft/teams.ts#553](microsoft/teams.ts#553), but Bug 1 manifests via a different mechanism in C# (`??=`) than in TS. ### Bug 1: `AddStreamFinal()` cannot override existing `ChannelData.StreamType` `MessageActivity.AddStreamFinal()` used null-coalescing assignment: ```csharp ChannelData.StreamType ??= StreamType.Final; ``` In the streaming `Close()` path: 1. `Stream.Update("Thinking...")` accumulates `StreamType.Informative` into `_channelData`. 2. `Close()` calls `WithData(_channelData)`, populating `activity.ChannelData.StreamType = Informative`. 3. `AddStreamFinal()` runs `??=` against `Informative` → **no-op**. The wire `channelData.streamType` stays as `"informative"` on the final message, even though the `streaminfo` entity correctly has `"final"`. **Fix:** direct assignment. The method's contract per its name is to mark the activity as a final stream message, so it must be able to override prior values. > **Note:** This is a minor public-API behavior change. Any caller that pre-set `ChannelData.StreamType` and then called `AddStreamFinal()` expecting their value to persist will now have it overridden. The method's name and contract make the override semantic the obvious one; we judged this acceptable. ### Bug 2: Race condition in `Stream.Close()` `Close()`'s wait loop checked `_id` and `_queue` but not whether `Flush()` was holding `_lock`. During a flush mid-await (queue drained, `SendActivity()` awaits pending), `Close()` would exit the loop and send the final activity, racing the in-flight chunk. **Fix:** also wait while `_lock.CurrentCount == 0` (semaphore held). This is the same primitive already used in `Close()`'s early-return guard on line 88. ## Changes - `Libraries/Microsoft.Teams.Api/Activities/Message/MessageActivity.cs` — `AddStreamFinal()` direct assignment. - `Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/AspNetCorePlugin.Stream.cs` — `Close()` lock-aware wait. - Tests in `MessageActivityTests.cs` and `AspNetCorePluginStreamTests.cs`. ## Test plan - [x] `AddStreamFinal_OverridesExistingStreamType` — `MessageActivity` with `StreamType.Informative` pre-set, `AddStreamFinal()` overrides to `Final`. - [x] `Stream_Close_FinalMessageHasStreamTypeFinal_AfterInformativeUpdate` — full Update→Emit→Close flow asserts final activity has `StreamType.Final` on both `ChannelData` and the `streaminfo` entity. - [x] `Stream_Close_WaitsForInFlightFlushToComplete` — uses a controllable `Send` delegate to block the second flush mid-await; asserts `Close()` does not progress until the lock releases. - [x] All existing `MessageActivityTests` (21 passed) and `AspNetCorePluginStreamTests` (6 passed) still pass on net10.0. (net8.0 testhost not installed locally; CI will cover.) - [x] Full solution builds clean.
Re-port of #390 onto the merged `main:core/` layout. The original PR targeted `next/core`; since that branch was merged into `main` as the `core/` folder (PR #459, with namespaces renamed from `Microsoft.Teams.Bot.*` to `Microsoft.Teams.*`), the work has been redone on this new branch. Closing #390 in favor of this PR. ## Apps changes (`core/src/Microsoft.Teams.Apps/`) - `QuotedReplyEntity` + `QuotedReplyData` (`MessageId` required; `SenderId`/`SenderName`/`Preview`/`Time`/`IsReplyDeleted`/`ValidatedMessageReference` optional) - `ActivityQuotedReplyExtensions`: `GetQuotedMessages()` on `TeamsActivity`, `AddQuote()`/`PrependQuote()` on `MessageActivity` (compile-time gated to message activities) - Register `quotedReply` in `EntityList.FromJsonArray()` type switch and `TeamsActivityJsonContext` source-gen - `Context.ReplyAsync(text)`/`ReplyAsync(activity)` — auto-quotes inbound message - `Context.QuoteAsync(messageId, text/activity)` — `[Experimental("ExperimentalTeamsQuotedReplies")]` - `TeamsActivityBuilder.WithQuote(messageId, text?)` — `[Experimental]` - `NoWarn` on `ExperimentalTeamsQuotedReplies` in `Microsoft.Teams.Apps.csproj` ## Core changes (`core/src/Microsoft.Teams.Core/`) - Remove dead `activity.ReplyToId` URL append in `ConversationClient.SendActivityAsync` - Remove `WithReplyToId()` builder method (replaced by quote entities) - `TeamsActivityBuilder.WithConversationReference` no longer auto-stamps `ReplyToId` from inbound `activity.Id` ## Tests - `QuotedReplyEntityTests` — 19 tests (entity shape, JSON round-trip, extensions, builder, multi-quote scenarios) - Drop `ReplyToId`-related tests in `ConversationClientTests` and `CoreActivityBuilderTests` (URL-append + `WithReplyToId` behavior gone) ## Sample - `core/samples/Quoting/` exercises `ReplyAsync`/`QuoteAsync`/`AddQuote`/`WithQuote` and inbound quote metadata reading - Wired into `core.slnx` ## Deviations from #390 (main:core/ conventions) - **No `Rebase()` calls** — main's `EntityList` has its own `JsonConverter`, so the next/core sync-to-base-`JsonArray` pattern isn't needed - `ReplyAsync` coexists with the existing `Context.Reply()` (which uses `WithConversationReference`) — different semantics, kept side-by-side rather than merged ## Test plan - [x] `dotnet build core/core.slnx` — 0 warnings, 0 errors - [x] `dotnet test core/core.slnx` — 567 tests pass on net8.0 + net10.0 (Apps 171×2, Core 92×2, BotBuilder 41) - [x] E2E in Teams (canary ring per QR rendering gating) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
<img width="800" height="234" alt="image" src="https://github.com/user-attachments/assets/6392526f-6dfd-4b25-88c4-b451ff11351a" /> - Remove `WithReplyToId()`, update `ToQuoteReply()` and mark it `[Obsolete]` - Add `QuotedReplyEntity` with `QuotedReplyData` (`MessageId` required, `SenderId`/`SenderName`/`Preview`/`Time`/`IsReplyDeleted`/`ValidatedMessageReference` optional); register in Entity JSON converter - Add `GetQuotedMessages()` on `MessageActivity` to read inbound quoted reply entities - Add `AddQuote(messageId, text?)` builder on `MessageActivity` (appends quote placeholder + optional text) - Add `PrependQuote(messageId)` on `MessageActivity` (prepends quote placeholder before existing text, used internally by `Reply()`/`Quote()`) - Update `Reply()` to delegate to `Quote()` when `Activity.Id` is set; remove conversation copy (redundant — `AspNetCorePlugin.Send()` handles it) and `;messageid=` stripping (redundant — APX normalizes server-side) - Add `Quote()` on context — sends a message with a quoted message reference prepended to the text. Entity + placeholder only stamped for `MessageActivity`. - Mark all quoted reply types and methods as `[Experimental("ExperimentalTeamsQuotedReplies")]` - Add context-level unit tests for `Reply()` and `Quote()` - Add Samples.Quoting sample exercising all APIs --------- Co-authored-by: Corina Gum <> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prompt preview allows a bot to reference the original targeted message in its reply, so Teams can render a collapsible preview of the user's prompt. When a bot replies to a targeted message (reactive scenarios), the SDK now passes the original message's messageId via a targetedMessageInfo entity in the activity's entities array. For proactive replies, developers can attach the entity themselves with the messageId of the targeted message.
This pull request introduces a new sample project, `McpServer`, which demonstrates how to build a Teams bot that also acts as a Model Context Protocol (MCP) server. This bot exposes several human-in-the-loop tools that allow MCP clients (such as agents or IDEs) to interact with real users via Teams for notifications, questions, and approval workflows. The sample includes all necessary code, configuration, and documentation to run and extend the project. The most important changes are: **New sample project: MCP Server** * Added new sample project `samples/McpServer` to the solution, including project configuration and dependencies. (`core/core.slnx`, `core/samples/McpServer/McpServer.csproj`) [[1]](diffhunk://#diff-19ad97af5c1b7109a9c62f830310091f393489def210b9ec1ffce152b8bf958cR19) [[2]](diffhunk://#diff-090636d840f051f11c7d84302b8778b00fa1057ff975459f00a17cffe516b6daR1-R17) **Core functionality and tools** * Implemented `McpTools` class exposing five MCP tools (`notify`, `ask`, `get_reply`, `request_approval`, `get_approval`) for Teams user interaction, including proactive messaging, question/answer, and approval card workflows. (`core/samples/McpServer/McpTools.cs`) * Added result models with snake_case JSON serialization for all tool responses, ensuring compatibility with MCP clients. (`core/samples/McpServer/Models.cs`) * Added in-memory state management for conversations, pending asks, and approvals, with clear documentation on status values and limitations. (`core/samples/McpServer/State.cs`) **Bot and server wiring** * Created `Program.cs` to wire up Teams bot handlers, MCP endpoint, and shared state, including logic for handling messages, adaptive card actions, and proactive operations. (`core/samples/McpServer/Program.cs`) * Added Adaptive Card factory for approval requests, supporting Approve/Reject workflows via card actions. (`core/samples/McpServer/Cards.cs`) **Documentation and configuration** * Provided comprehensive `README.md` explaining the sample, tool usage, configuration, running instructions, and security considerations. (`core/samples/McpServer/README.md`) * Added sample `appsettings.json` for logging and host configuration. (`core/samples/McpServer/appsettings.json`) --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
## Summary
Addresses security scan finding MCP server mounted without auth. .NET
half of a 2-SDK PR set (TypeScript PR is on the same branch name).
> **Note:** Earlier revisions of this branch also addressed finding MCP
client URL validation. That has been dropped — the SSRF risk against MCP
client URLs is low-likelihood and the default private-network filter
created friction for legitimate on-prem MCP customers. Reverted in
commit `7e1bd722`. The null-safe Logger fix introduced alongside the
original work is preserved.
## MCP server auth
New `McpPluginOptions` class with an opt-in `RequireAuth` delegate. New
overload on the existing extension method:
```csharp
builder.AddTeamsMcp(options =>
{
options.RequireAuth = ctx =>
Task.FromResult(ctx.Request.Headers.Authorization.ToString() == "Bearer ...");
});
```
Delegate signature: `Func<HttpContext, Task<bool>>`. `false`/throw → 401
via an ASP.NET Core middleware path-filtered to `/mcp`. Parameterless
`.AddTeamsMcp()` overload is unchanged (backward compatible). When
`RequireAuth` is unset, a one-time startup warning fires.
## Design doc
`design/mcp-server-auth-options.md`
## E2E verified
- Middleware gating: `/mcp` returns 401 without/wrong auth, 400
("Mcp-Session-Id header is required") on correct bearer (past
middleware)
- Activity path: DevTools chat message accepted (201 on
`/v3/conversations/devtools/activities`); `/devtools` UI unaffected
(200)
- Startup warning fires when `RequireAuth` is unset; silent when set
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Enhance project files by adding PackageId and Description fields to improve clarity and understanding of each package's purpose. Co-authored-by: Copilot <copilot@github.com>
…eams.Core (#491) ## Summary - Removes `<InternalsVisibleTo Include="Microsoft.Teams.Apps" />` and `<InternalsVisibleTo Include="Microsoft.Teams.Apps.BotBuilder" />` from `Microsoft.Teams.Core.csproj` so external SDK consumers see the same surface our own consumer projects do. - Promotes the seven symbols Apps / Apps.BotBuilder were reaching across the friend boundary for: `BotHttpClient`, `BotRequestOptions`, `BotConfig`, `AddBotApplication<TApp>(IServiceCollection, BotConfig)`, `AddBotClient<TClient>`, `ConversationClient.BotHttpClient`, and the `CoreActivity(string)` `[JsonConstructor]` overload (needed for the source generator running in Apps). - Adds an assembly-level CA1054 suppression scoped to `BotHttpClient` — string URL parameters are intentional given how callers compose interpolated, query-bearing, `Uri`-escaped URLs. The two unit-test projects (`Microsoft.Teams.Apps.UnitTests`, `Microsoft.Teams.Core.UnitTests`) keep their friend grants, so the remaining internal plumbing they depend on (`TurnMiddleware`, `BotClientOptions`, `BotAuthenticationHandler`, `MsalConfigurationExtensions`, the `*HttpClientName` constants, `UserTokenClient.AgenticIdentity`, `JwtExtensions.AddBotAuthorization`, `GetLoggerFromServices`, the internal `CoreActivityBuilder` ctors, and `BotConfig.MsalConfigurationSection`) stays internal. ## Test plan - [x] `dotnet build core/core.slnx -c Debug` clean across `net8.0` and `net10.0` - [x] `Microsoft.Teams.Core.UnitTests` — 92 passing per TFM - [x] `Microsoft.Teams.Apps.UnitTests` — 177 passing per TFM - [x] `Microsoft.Teams.Apps.BotBuilder.UnitTests` — 41 passing (net10.0) - [ ] Smoke a sample app end-to-end before merging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This pull request refactors the Teams Bot Core authentication and client registration pipeline to standardize configuration handling, simplify service registration, and remove legacy configuration formats. The main focus is on consolidating configuration to use a single Microsoft.Identity.Web-compatible section (typically `AzureAd`), cleaning up old code paths, and improving the extensibility and maintainability of authentication and client setup. Key changes include: **Configuration Standardization and Documentation:** - Updated the architecture documentation to clarify that only Microsoft.Identity.Web-style configuration (e.g., `AzureAd` section) is supported, and removed references to legacy Bot Framework and Core environment variable formats. The configuration precedence and example have been revised accordingly. - Removed legacy configuration blocks from the TeamsBot sample's launch settings, aligning sample usage with the new configuration standard. **Service Registration and Pipeline Simplification:** - Refactored `AddBotApplication`, `AddConversationClient`, and `AddUserTokenClient` extension methods to use a unified configuration section default (`BotConfig.DefaultSectionName`), and to always set up MSAL services and client registration in a consistent way. - Introduced `EnsureMsalServices` to centralize MSAL and token acquisition pipeline registration, ensuring idempotency and correct configuration binding. **Code Cleanup and Removal of Legacy Paths:** - Removed the `BotClientOptions` class and all related code, as options are now passed directly from `BotConfig` and configuration sections. - Removed all legacy `FromBFConfig` and `FromCoreConfig` methods and associated code from `BotConfig`, so only Microsoft.Identity.Web configuration is supported. **Handler and Option Refactoring:** - Simplified the `BotAuthenticationHandler` constructor and logic to remove support for managed identity options, since these are now handled through standard configuration. --------- Co-authored-by: Rido <rido-min@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
## Summary Consolidates the Legacy (`Libraries/`, `Samples/`, `Tests/`) and Core (`core/`) ADO pipelines into one parameterized CI (`ci.yaml`) and one parameterized CD (`publish.yaml`), with shared `build-test-pack` and parameterized `sign-and-pack` templates. - One CI pipeline file. Always runs; a `DetectChanges` stage gates two parallel build stages (`Build_Legacy`, `Build_Core`) based on changed paths. - One CD pipeline file. Two new runtime parameters: `packageSet` (Legacy|Core) and `publishType` (Internal|Public), covering all four release combinations. - `cd-core.yaml` deleted; `PushToADOFeed` shortcut dropped (all pushes go through `publish.yaml`). - `RELEASE.md` rewritten for the new structure. Design spec: `docs/superpowers/specs/2026-05-12-pipeline-consolidation-design.md` Implementation plan: `docs/superpowers/plans/2026-05-12-pipeline-consolidation.md` ## Pre-merge actions (ADO admin) - [x] Queue **Teams.NET-ESRP** against this branch with `packageSet=Core, publishType=Internal` — verify push to `TeamsSDKPreviews` - [x] Queue **Teams.NET-ESRP** against this branch with `packageSet=Legacy, publishType=Internal` — verify Legacy still works - [x] **Do not** test `Public` from this branch (would trigger ESRP signing + approval against unmerged code) ## Post-merge ADO portal cutover (ADO admin, same-day as merge) - [ ] **Pipelines > BotCore-CD > Delete** — the pipeline points at the now-removed `.azdo/cd-core.yaml` - [ ] **Project Settings > Repositories > Policies > Branch policies** for `main` and each active `releases/*` branch: remove the **BotCore-CD** required-build-validation entry. Keep **Teams.NET-PR** required — it now validates both Legacy and Core via DetectChanges. - [ ] No changes needed to the `teams-net-publish` environment, Teams.NET-PR pipeline definition, or Teams.NET-ESRP pipeline definition — those keep pointing at the same file paths; the new `packageSet` parameter appears automatically in the run dialog. ## Test plan - [ ] This PR's own CI run goes green (PR triggers `Teams.NET-PR`; touches `.azdo/**` so `DetectChanges` fires both `Build_Legacy` and `Build_Core` — both must succeed) - [x] Pre-merge smoke tests above pass - [x] After merge, the next routine preview publish of either package set succeeds --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## Summary - Set `versionHeightOffset` to `-2` in `core/version.json` (was `-1`). - Add `versionHeightOffset: -2` to `core/src/Microsoft.Teams.Apps/version.json` (field was absent). ## Test plan - [x] Verify Nerdbank.GitVersioning resolves the expected version height on `main` builds. - [x] Verify Core package versions produced by CI reflect the new offset.
## Summary
- Adds `Microsoft.Teams.Core.Schema.ConversationExtensions` with a
`ThreadId(this Conversation)` extension method and a
`ToThreadedConversationId(conversationId, messageId)` static validator
(rejects non-numeric / zero `messageId`, strips any existing
`;messageid=` suffix). Ported from
`Libraries/Microsoft.Teams.Api/Conversation.cs`, where they live as
instance/static members on `Conversation`; on core they live as a
separate extension class so `Conversation` stays a pure POCO.
- Replaces the inline `$"{conversationId};messageid={messageId}"`
interpolation in proactive `TeamsBotApplication.ReplyAsync` with the
validating helper.
- Adds `core/samples/Threading/` modeled on `Samples/Samples.Threading/`
to exercise reactive (`context.ReplyAsync` /
`context.SendActivityAsync`) and proactive (`teamsApp.ReplyAsync` /
`ConversationExtensions.ToThreadedConversationId` +
`teamsApp.SendAsync`) paths.
- Includes #493 (Rido), stacked on this PR: adds `Async`-suffixed
methods to `Context` (`SendAsync`, `ReplyAsync`, `TypingAsync`,
`SignInAsync`, `SignOutAsync`) and `TeamsBotApplication` (`SendAsync`,
`ReplyAsync`) with the original names kept as backward-compat redirects;
proactive `Send`/`Reply` accept an optional `AgenticIdentity?` for
user-delegated token acquisition.
## Scope notes
- **`Context.ReplyAsync`** inherits the post-QR (PR #477) behavior on
`main`: delegates to `Quote(Activity.Id, ...)` when the inbound activity
has an id, producing a `<blockquote>`-rendered quoted reply. This PR
doesn't change that delegation.
- **Personal / 1:1 chats**: `test proactive` and `test manual` currently
fail at the service with `BadArgument: Failed to decrypt conversation
id` until the relevant ECS rollout completes. Channel scopes work today.
`core/samples/Threading/README.md` documents this caveat.
## Test plan
- [x] Unit: 12 `ConversationTests` (validator + `ThreadId` extension
method)
- [x] Unit: 3 `TeamsBotApplicationTests` (validator propagates from
proactive `ReplyAsync`)
- [x] Local CI: core-ci pipeline (325 tests on net8.0 + net10.0) + root
build-test-lint / ci.yaml (813 tests + `dotnet pack`); 0 errors
- [x] E2E in Teams: 6 turns covering `test reply`, `test send`, `test
proactive`, `test manual`, `help` across an existing thread, a new
thread, and channel root — all returned 201 with correct routing
(`;messageid=<rootId>` preserved/created appropriately, `ReplyToId` set
on reactive paths only)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Rido <rido-min@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…Offset to -3 (#504) ## Summary - Change `Microsoft.Teams.Apps` prerelease tag from `alpha` to `preview` (`2.1.0-alpha.{height}` → `2.1.0-preview.{height}`) so we move out of the burned `2.1.0-alpha-*` version namespace on the feed. - Remove the now-unneeded `versionHeightOffset` from `core/src/Microsoft.Teams.Apps/version.json` (the prerelease label change starts the height counter on a fresh namespace). - Bump `versionHeightOffset` from `-2` to `-3` in `core/version.json` to keep Core/BotBuilder versions where intended. ## Test plan - [x] Verify `nbgv get-version` on `releases/core` after merge produces `2.1.0-preview-0001` (or expected) for `Microsoft.Teams.Apps`. - [x] Verify Core/BotBuilder package versions are unchanged or as intended after the `-3` offset. - [x] Verify CI publishes the package successfully (no 409 conflict on the new version).
Prompt Preview lets a bot reference the original targeted message in its reply so Teams can render a collapsible preview of the user's prompt above the response. This brings the feature to `core/` with parity to the Libraries implementation in #433. ## Changes - New `TargetedMessageInfoEntity` in `Microsoft.Teams.Apps.Schema.Entities` carrying the `messageId` of the targeted prompt - `AddTargetedMessageInfo` extension on `MessageActivity` and `WithTargetedMessageInfo` on `TeamsActivityBuilder` for proactive use. Both strip existing `quotedReply` entities and matching `<quoted messageId="..."/>` placeholders to prevent collision with Quoted Replies - `Context.SendActivityAsync` auto-populates the entity in the reactive flow when the inbound activity's recipient was marked targeted - Personal-chat guard in `Context.SendActivityAsync` throws `InvalidOperationException` when a targeted send is attempted in a 1:1 conversation (matches Libraries; teams.ts and teams.py have no guard) - `ConversationAccount.IsTargeted`, `WithRecipient(account, bool isTargeted)`, the new entity, and the new builder/extension methods are marked `[Experimental("ExperimentalTeamsTargeted")]`, matching the existing diagnostic on `ActivityClient.CreateTargetedAsync` etc. - New `TargetedMessages` sample bot demonstrating `test send`, `test update`, `test delete`, reactive `summarize`, and `test manual` ## Notes - Setter on `ConversationAccount.IsTargeted` stays `public set` (not mirroring the Libraries `internal set` outlier) to match the uniform setter pattern across `core/` schema types. - The `MessageId` getter on `TargetedMessageInfoEntity` throws `InvalidOperationException` with a descriptive message if accessed after deserialization from JSON that omitted the `messageId` field. `required` enforces initialization in C# code but does not gate the underlying extension-properties dictionary path. ## Test plan - [x] `dotnet build` in `core/` is clean on net8.0 and net10.0 - [x] `dotnet test` in `core/` passes (340 unit tests: 207 Apps + 92 Core + 41 BotBuilder) - [x] Run the new `TargetedMessages` sample and confirm `test send` / `test update` / `test delete` render correctly in a Teams group chat - [x] Confirm `test send` from a personal chat surfaces the 1:1 `InvalidOperationException` 🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary
Removes the `[Experimental("ExperimentalTeamsReactions")]` attributes
from `ReactionClient`, `ReactionType`, `Reaction`, and the `Reactions`
property on `ConversationApiClient`/`ConversationClient`, across both
`Libraries/` and `core/`. Also removes the corresponding `#pragma
warning disable/restore` blocks and `NoWarn` entries in test and sample
`.csproj` files.
The reactions feature is in sync across all three SDKs and the Teams
service — no longer preview.
## Scope
**Attributes removed (5):**
- `Libraries/Microsoft.Teams.Api/Clients/ReactionClient.cs`
- `Libraries/Microsoft.Teams.Api/Messages/Reaction.cs` (`ReactionType`
and `Reaction`)
- `core/src/Microsoft.Teams.Apps/Api/Clients/ReactionClient.cs`
- `core/src/Microsoft.Teams.Apps/Api/Clients/ConversationApiClient.cs`
(`Reactions` property)
**Suppressions removed (8 inline pragma locations + 5 NoWarn entries in
.csproj files):**
- `Libraries/Microsoft.Teams.Api/Clients/ConversationClient.cs` (5
sites)
- `Libraries/Microsoft.Teams.Api/Messages/Message.cs`
-
`Libraries/Microsoft.Teams.Api/Activities/Message/MessageReactionActivity.cs`
(file-level)
- `core/src/Microsoft.Teams.Apps/Api/Clients/ConversationApiClient.cs`
- `.csproj` NoWarn: `Samples/Samples.Reactions`,
`core/test/IntegrationTests`, `core/samples/TeamsBot`,
`Tests/Microsoft.Teams.Api.Tests`, `Tests/Microsoft.Teams.Apps.Tests`
The `Samples.Reactions/Program.cs` already demonstrates add → wait →
delete cycle, so no sample change is needed here.
## Cross-SDK coordination
Part of the cross-SDK Reactions-GA pass. Sibling PRs:
- microsoft/teams.ts — Mark reactions API as GA
- microsoft/teams.py — Mark reactions API as GA
- microsoft/teams-sdk — drop .NET opt-in tip from the reactions guide
## Test plan
- [x] `dotnet build Microsoft.Teams.sln --configuration Release` — 0
errors
- [x] `dotnet build core.slnx --configuration Release` — 0 errors
- [x] `dotnet test Microsoft.Teams.sln` — all suites pass (Apps 146+146,
Api 422, Common 63, AI 17, Graph 3, McpClient 9, AspNetCore 25+25
net8/net10)
- [x] `dotnet test core.slnx` — all suites pass (Apps.UnitTests 213+213,
Core.UnitTests 101+101, BotBuilder.UnitTests 41)
## Versioning
No `version.json` change in this PR. Bump happens as part of the release
flow per RELEASE.md.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
This pull request introduces a new sample Teams bot, `ExtAIBot`, that demonstrates the integration of Microsoft.Extensions.AI with Azure OpenAI and the Model Context Protocol (MCP) for advanced conversational capabilities. The main changes include the implementation of the bot’s core logic, support for streaming responses, per-conversation memory, local and remote tool invocation, and feedback handling. Additionally, supporting infrastructure and documentation are provided. **Key new features and infrastructure:** ### ExtAIBot Sample Implementation * Added the complete `ExtAIBot` sample including core files: `Agent.cs` (conversation logic with streaming, memory, and tool invocation), `LocalTools.cs` (local AI tool definitions), `McpTools.cs` (MCP client and tool wrapping for citations), and `CitationCollector.cs` (parsing and accumulating citations for Teams messages). * Implemented `Program.cs` to wire up the Teams bot, register message and feedback handlers, and delegate AI execution to the `Agent`. ### Feedback Handling Support * Added support for Teams feedback via new invoke names and value types, including `message/fetchTask` and associated data classes in the Teams SDK. * Implemented feedback collection and UI in the sample bot, including Adaptive Card generation for feedback and console logging of user input. ### Configuration and Documentation * Added `appsettings.json` and updated the project file to include all necessary dependencies and references for running the sample. * Provided a comprehensive `README.md` with setup instructions, architecture diagrams, and example interactions to help users understand and run the sample.
…nts (#513) ## Summary - Brings the three core packages (`Microsoft.Teams.Core`, `Microsoft.Teams.Apps`, `Microsoft.Teams.Apps.BotBuilder`) into compliance with the Microsoft NuGet package authoring requirements. - Adds `PackageProjectUrl`, fixes a broken `PackageIcon` packing path in `core/src/Directory.Build.props`, renames `Description` → `PackageDescription`, adds `PackageTags`, and adds MIT license/copyright header comments to each csproj. - Also bumps `versionHeightOffset` in `core/version.json` and `core/src/Microsoft.Teams.Apps/version.json`. ### Compliance gaps addressed | Requirement | Before | After | | --- | --- | --- | | `PackageProjectUrl` | missing | `https://microsoft.github.io/teams-sdk` | | `PackageIcon` packing | broken path (`(MSBuildThisFileDirectory)../../../../bot_icon.png`) | `$(MSBuildThisFileDirectory)../bot_icon.png` | | `PackageDescription` | used `Description` | `PackageDescription` | | `PackageTags` | missing | `microsoft;teams;msteams;copilot;ai;adaptive-cards;apps;bots` | | License header | missing | MIT header comment in each csproj | ### Known follow-up (not in this PR) - `core/bot_icon.png` is 75x75; the authoring spec recommends 100x100 (with clean downscaling to 32/48/64/128). - Strong-name signing (`SignAssembly` + `key.snk`) — not adopted in core yet, matches existing core stance. ## Test plan - [ ] `dotnet pack` the three core projects locally and inspect the produced `.nupkg` to confirm `bot_icon.png` and `README.md` are packed at the root and the metadata fields render correctly. - [ ] Verify the icon shows up on the nuget.org preview / `nuget.exe verify` step in CI. - [ ] CI build passes on the branch. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This pull request primarily refactors and streamlines how activity entity extension methods are organized, accessed, and documented in the Teams SDK core. It consolidates and migrates extension methods for activities (such as quoting, citations, and targeted messages), updates the migration guides and breaking change documentation, and removes the obsolete `AllFeatures` sample. The changes also update sample usage to use the new builder and extension method patterns, and introduce new helper methods for entity access. **Refactoring and consolidation of activity entity extension methods:** * Removed `ActivityQuotedReplyExtensions.cs` and `ActivityTargetedMessageInfoExtensions.cs`, moving their logic into more appropriately named and organized extension classes (such as `MentionEntityExtensions`, `CitationEntityExtensions`, etc.), and updated usages throughout the codebase. [[1]](diffhunk://#diff-5b565cdafa365671ca7c917fabad6d126f7f290e010481b7e2b6404cd74a4cadL1-L82) [[2]](diffhunk://#diff-8bbc57126c4f493e1eac6296888b0b3df8441d36ad8d1784c63d339cdc742554L1-L66) [[3]](diffhunk://#diff-39b57f845e0f83ee2c8d332d8785f93c92128500aa0492ccc442916c8f0db84eR1-R55) [[4]](diffhunk://#diff-22cd31a51c97a37f8bf2cffb4c061f52cb71d0755523954f59cef55883c7d1ebL204-R204) * Introduced new extension methods and helpers for accessing entities (e.g., `GetMentions`, `GetQuotedMessages`, `GetCitation`, etc.) and updated documentation to reflect these changes. [[1]](diffhunk://#diff-8239e4655133747a84cff44bc0444f20907380d344b35e512d70a603ce1a3f8cL180-R198) [[2]](diffhunk://#diff-39b57f845e0f83ee2c8d332d8785f93c92128500aa0492ccc442916c8f0db84eR1-R55) **Sample and usage updates:** * Updated all sample code (`Quoting`, `TeamsBot`) to use the new builder pattern and extension methods for adding quotes and citations, replacing old direct usage of message entities. [[1]](diffhunk://#diff-bd68ef7114703a580af98ae0c650b648dd74909fea6665395b98516956157448L48-R57) [[2]](diffhunk://#diff-bd68ef7114703a580af98ae0c650b648dd74909fea6665395b98516956157448L69-R77) [[3]](diffhunk://#diff-bd68ef7114703a580af98ae0c650b648dd74909fea6665395b98516956157448L102) [[4]](diffhunk://#diff-691809f7a90c5bda6ee5e4335c2c393864a32101545fb0b35c24bc659623361bL113-R132) * Removed the obsolete `AllFeatures` sample project and its related files. [[1]](diffhunk://#diff-c6d02c3a9a28c1afb6380d7f24485630894a3488bd6529f31cca342583be4897L1-L13) [[2]](diffhunk://#diff-7c963be5ba9074d831ef650e68af0360787eb197181c39a12d0661a92c62fbc1L1-L6) [[3]](diffhunk://#diff-166193a2c938377ccf1794248deeb2df8cfafeb883aa6581b316b3fa9e361cdcL1-L28) [[4]](diffhunk://#diff-ea0a609f6688222857d8302f64ba6a7d75aa4ffb1f9a70588b86caacd73dbad1L1-L9) **Documentation improvements:** * Updated the migration guide and breaking changes documentation to clarify the new patterns for activity entity access and construction, including extension method availability and builder usage. [[1]](diffhunk://#diff-8239e4655133747a84cff44bc0444f20907380d344b35e512d70a603ce1a3f8cL180-R198) [[2]](diffhunk://#diff-8239e4655133747a84cff44bc0444f20907380d344b35e512d70a603ce1a3f8cL266-R300) [[3]](diffhunk://#diff-54d546db32e8cde5d5c68b70319c4c57859aaae3b11df4da4b699d389c153644L396-R418) **Project and solution cleanup:** * Removed the `docs/Architecture.md` file from the solution, likely as part of documentation consolidation.
## Summary Enables sovereign cloud (GCC-High, DoD, China) Bot Framework token validation by making the three cloud-dependent values in `JwtExtensions` configurable, mirroring the `IConfiguration` pattern already used by `UserTokenClient`. Three new properties on `BotConfig`, populated by `BotConfig.Resolve`: | Property | Config key | Default | Purpose | |---|---|---|---| | `EntraInstance` | `AzureAd:Instance` | `https://login.microsoftonline.com/` | Entra login instance for validating Entra-issued tokens (standard Microsoft.Identity.Web key, stays in the AzureAd section) | | `OpenIdMetadataUrl` | `BotFramework:OpenIdMetadataUrl` | `https://login.botframework.com/v1/.well-known/openid-configuration` | Bot Framework OIDC metadata endpoint used to fetch signing keys for inbound BF tokens | | `BotTokenIssuer` | `BotFramework:BotTokenIssuer` | `https://api.botframework.com` | Expected `iss` claim on inbound Bot Framework tokens | Bot-Framework-specific keys live in a separate `BotFramework` configuration section so they are not conflated with MSAL's `AzureAd` section. `Instance` remains under `AzureAd` because it is a standard Microsoft.Identity.Web key. Each override is validated as an absolute URI in `BotConfig.Resolve`; malformed values throw `InvalidOperationException` with the `section:key` path so misconfiguration fails fast instead of deferring to a runtime JWT failure. `JwtExtensions.AddTeamsJwtBearer` resolves `BotConfig` once and uses these values in both the issuer-signing-key resolver (`ResolveSigningAuthority`) and the issuer validator (`ValidateTeamsIssuer`). When `IConfiguration` is not registered (manual-credentials callers on a plain `ServiceCollection`), all three fall back to the public-cloud defaults. ## Example sovereign config (USGov) ```json { "AzureAd": { "TenantId": "...", "ClientId": "...", "Instance": "https://login.microsoftonline.us/" }, "BotFramework": { "OpenIdMetadataUrl": "https://login.botframework.azure.us/v1/.well-known/openid-configuration", "BotTokenIssuer": "https://api.botframework.us" } } ``` ## Out of scope - `Authority` fallback for `EntraInstance` is intentionally not implemented. `Instance` is the canonical Microsoft.Identity.Web field and matches the keys Microsoft Learn uses for sovereign cloud configuration. - `BotConfig` source formats other than the `AzureAd` schema are not extended in this PR. - v1.0 `sts.windows.net` issuer validation remains accepted (covers commercial v1.0 tokens). ## Test plan - [x] `dotnet build core/core.slnx` clean (0 warnings, 0 errors) - [x] `dotnet test core/test/Microsoft.Teams.Core.UnitTests` (130 passed) - [x] Default values returned when overrides absent - [x] Configured values used for sovereign US Gov and China clouds - [x] Sovereign BF tokens route to the configured `OpenIdMetadataUrl` for key resolution - [x] Malformed URI in any of the three keys throws `InvalidOperationException` with the section:key path - [x] BotFramework section is read independently of the AzureAd section name - [x] Manual `AddBotAuthentication(clientId, tenantId)` overload does not require `IConfiguration` 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Rido <rido-min@users.noreply.github.com>
….0.0 (#516) Bumps ghcr.io/devcontainers/features/docker-in-docker from 2.17.0 to 3.0.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Rido <rido-min@users.noreply.github.com>
#506) Two small fixes responding to Copilot's post-merge review on #498, plus sample alignment with the public slash-commands spec. ## Changes - **`Context.SendActivityAsync(string text, ...)` now routes through `SendActivityAsync(TeamsActivity, ...)`.** Previously the string overload built the reply directly and called `TeamsBotApplication.SendActivityAsync` itself, bypassing the typed overload's 1:1-chat guard and the reactive Prompt Preview auto-populate hook. The string overload now also preserves `TextFormat = TextFormats.Plain` so the wire payload doesn't silently flip to markdown for existing callers. - **`TargetedMessageInfoEntity` is registered in `TeamsActivityJsonContext`** alongside `QuotedReplyEntity`. Deserialization round-tripped today via reflection fallback, but the registration was missing and would have broken under Native AOT publish. - New tests in `PromptPreviewTests.cs` cover the string-overload paths; new `TargetedMessageInfoEntity_RoundTripsThroughSourceGenContext` in `TargetedMessageInfoEntityTests.cs` pins the JsonContext registration so a future removal would surface immediately. - **`TargetedMessages` sample improvements**: - New `manifest.json` opted into slash commands per the docs spec (microsoft/teams-sdk#2843, MicrosoftDocs/msteams-docs#14182): `bots[].supportsTargetedMessages: true` + `bots[].commandLists[].triggers: ["slash"]`. Uses `manifestVersion: "devPreview"` because those fields are only in the devPreview schema today. - New `README.md` documenting the commands, manifest configuration, and how slash commands surface as targeted-message activities. - New `test inbound` handler demonstrates `Activity.Recipient?.IsTargeted` inbound detection (the same signal slash commands arrive with). ## Test plan - [x] `dotnet build core.slnx` clean on net8.0 and net10.0 - [x] `dotnet test core.slnx` passes (358 tests: 216 Apps + 101 Core + 41 BotBuilder) - [x] `SendActivityAsync_StringOverload_AutoPopulatesTargetedMessageInfo_WhenInboundIsTargeted` exercises the auto-populate hook on the string overload path - [x] `SendActivityAsync_StringOverload_Succeeds_InPersonalChat` documents that the string overload cannot construct a targeted recipient and therefore can't trip the 1:1 guard - [x] `TargetedMessageInfoEntity_RoundTripsThroughSourceGenContext` exercises `TeamsActivityJsonContext.Default.TargetedMessageInfoEntity` (Native AOT regression guard) - [x] `TargetedMessages` sample `manifest.json` validates against the Teams devPreview schema (placeholder `YOUR_BOT_ID` excepted, matching peer-sample convention) - [x] Sample bot's `test inbound` handler verified live in Teams: broadcast branch fires when the inbound is not targeted (the targeted branch will fire once slash commands start delivering with `Recipient.IsTargeted = true`) 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This pull request introduces a new sample bot, `A2ABot`, which demonstrates proactive user handoff between two Teams bots (e.g., Alice and Bob) using the A2A protocol and the A2A .NET SDK. The sample is fully implemented with configuration, code, and documentation, showing how two bots can hand off users to each other and proactively open direct conversations in Teams. The main themes of the changes are the addition of the A2ABot sample, implementation of A2A protocol logic, and comprehensive documentation. **Addition of A2ABot sample and project setup:** * Added new sample project `A2ABot` to the solution, including its own `.csproj` file with dependencies on A2A, Teams SDKs, and Azure OpenAI. [[1]](diffhunk://#diff-19ad97af5c1b7109a9c62f830310091f393489def210b9ec1ffce152b8bf958cR13) [[2]](diffhunk://#diff-3db91520bb40fce7b5a3be0d4c62ca24c6f2c65980dc6270e9f2876f271beadfR1-R26) * Created environment-specific configuration files (e.g., `appsettings.Alice.json`) for easy setup of multiple bot instances. **A2A protocol logic and Teams integration:** * Implemented outbound (`A2AClient.cs`) and inbound (`A2AServer.cs`) A2A handlers to support handoff between bots, including resolving peer AgentCards, sending and receiving handoff messages, and proactively opening 1:1 Teams conversations. [[1]](diffhunk://#diff-9d41f72056b2baf435a7454dcb006e5079e51414f2c17167cb88f8ce859b3649R1-R55) [[2]](diffhunk://#diff-1adf74a85a4cdc7172918b6c49c3e19594d1a6058f791bf63b7059d14a7547bdR1-R85) * Defined supporting types for A2A communication, such as `Config`, `HandoffMessage`, and `AgentCardFactory`. [[1]](diffhunk://#diff-6a29af170dfac36c617e5eab5d4d828a3c9734a8d4407b866aa08d770dca9c15R1-R13) [[2]](diffhunk://#diff-a6b8eb57329120a115be51c84a807c254a33cbc1116de05a07a7fa004961547cR1-R16) [[3]](diffhunk://#diff-405b712de415edd4ec33453a35f45254041503815277db27d9569875575939d2R1-R38) * Implemented the main agent logic (`Agent.cs`), including LLM integration, thread management, and tool for handing off users to peers. * Set up the ASP.NET Core entry point (`Program.cs`) to wire up the bot, A2A endpoints, Teams message handling, and configuration. **Documentation:** * Added a comprehensive `README.md` explaining the sample's architecture, flow, configuration, prerequisites, and caveats for running two bots that hand off users via A2A.
## Summary
- Bumps `version.json` from `2.0.7-preview.{height}` to
`2.0.8-preview.{height}` post-2.0.7 release
## Test plan
- [ ] Verify next CI build picks up `2.0.8-preview.x` version
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: singhk97 <115390646+singhk97@users.noreply.github.com>
This pull request introduces several deprecations and minor API adjustments across the Microsoft Teams API codebase. The primary focus is on marking certain properties, methods, and types as obsolete (to be removed by end of summer 2026), particularly in activity and account-related classes. There are also corresponding updates to constructors, serialization logic, and method usages to ensure compatibility and suppress deprecation warnings where necessary. Additionally, some usage of deprecated fields is being removed from application code. **Deprecations and Obsolescence Markings** * Marked several properties and types as `[Obsolete]`, including `RelatesTo` in `Activity`, multiple properties in `MessageActivity` (such as `Speak`, `InputHint`, `Importance`, `Expiration`), the `Id` property in `Attachment`, and the entire `EndOfConversationActivity` and `EndOfConversationCode` classes. These are all scheduled for removal by end of summer 2026. [[1]](diffhunk://#diff-875c3804dbdc89735553c417d023929c307dcfbead113a1b7a1e47871cab636aR59-R62) [[2]](diffhunk://#diff-875c3804dbdc89735553c417d023929c307dcfbead113a1b7a1e47871cab636aR127-R132) [[3]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR26-R31) [[4]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR56) [[5]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR65) [[6]](diffhunk://#diff-9151c814fbd9c905d4ab694534593d3ea239d68233e09908d71cacb7e7ff8902R20) [[7]](diffhunk://#diff-5d3b4f7fef169802c636878afce22853b92fe74a13a0462ab4930fad2b4edaf8R16) [[8]](diffhunk://#diff-5d3b4f7fef169802c636878afce22853b92fe74a13a0462ab4930fad2b4edaf8R35) * Marked several properties in `ConversationClient.CreateRequest` as obsolete, including `IsGroup`, `Bot`, and `TopicName`. [[1]](diffhunk://#diff-aad328d6be5c2acc005e534ddc0a3aae3e50d04e088908e5dc1f24962eac2e57R72-R77) [[2]](diffhunk://#diff-aad328d6be5c2acc005e534ddc0a3aae3e50d04e088908e5dc1f24962eac2e57R86) * Marked the `DeleteAsync` method in `MemberClient` as obsolete. **Deprecation Handling and Suppression** * Added `#pragma warning disable/restore CS0618` blocks throughout the codebase to suppress deprecation warnings when accessing or using obsolete properties and types, especially for `RelatesTo` and `EndOfConversationActivity`. [[1]](diffhunk://#diff-875c3804dbdc89735553c417d023929c307dcfbead113a1b7a1e47871cab636aR182-R184) [[2]](diffhunk://#diff-875c3804dbdc89735553c417d023929c307dcfbead113a1b7a1e47871cab636aR490-R492) [[3]](diffhunk://#diff-7fa90c4296b48d7529f16099722140fbb80a6c32663ef8b0e3f34488cd90c4fbR30-R32) [[4]](diffhunk://#diff-920cb13ff64033134157a73545c9d9090b7704c37e6ec43f830a7de9decd1282R67-R69) [[5]](diffhunk://#diff-920cb13ff64033134157a73545c9d9090b7704c37e6ec43f830a7de9decd1282R125-R131) [[6]](diffhunk://#diff-c163f6c08b3d0e64812ff6b8d265a93e6080cf1b2e4a143a0783d4657684e035R4-R5) [[7]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR94-R108) [[8]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR136-R141) [[9]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR151-R156) [[10]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR249-R263) **API and Serialization Adjustments** * Updated JSON serialization/deserialization logic in `Activity.JsonConverter` to handle the obsolete `EndOfConversationActivity` while suppressing warnings. [[1]](diffhunk://#diff-920cb13ff64033134157a73545c9d9090b7704c37e6ec43f830a7de9decd1282R67-R69) [[2]](diffhunk://#diff-920cb13ff64033134157a73545c9d9090b7704c37e6ec43f830a7de9decd1282R125-R131) * Added a new `Type` property to the `Account` class to indicate account type (e.g., 'person', 'bot', 'channel'), primarily for mention entities. **Removal of Deprecated Usage in App Code** * Removed usage of deprecated fields (`Role`, `IsGroup`, `Bot`, `InputHint`, `RelatesTo`) from application-level code in `App.cs`, `FunctionContext.cs`, and `Context.SignIn.cs` to prepare for future removals and ensure cleaner API usage. [[1]](diffhunk://#diff-37dcc8bb9c3f222673c45d1b99f581b4018f0aa2f92b91892c34a8d26c09f480L198) [[2]](diffhunk://#diff-038090b4dce958c0e716f21cba9d4e6fc1cf9e6beb8a8ddee6f70b0b6a5e284cL77-L89) [[3]](diffhunk://#diff-e07011b4e8cd0d4623a33ceab9466457358d5c9dac2d863185cefe919d7a96a0L77) [[4]](diffhunk://#diff-e07011b4e8cd0d4623a33ceab9466457358d5c9dac2d863185cefe919d7a96a0L88-L89) [[5]](diffhunk://#diff-e07011b4e8cd0d4623a33ceab9466457358d5c9dac2d863185cefe919d7a96a0L104) [[6]](diffhunk://#diff-e07011b4e8cd0d4623a33ceab9466457358d5c9dac2d863185cefe919d7a96a0L140-L141)
This pull request introduces comprehensive design documentation for the new per-turn state management system in the Teams Bot Application SDK, and expands the observability/telemetry design to cover state and OAuth operations. It also clarifies OAuth namespace changes and distributed deduplication strategies, and adds a new `StateBot` sample to the solution. Key changes: **State Management Design and Implementation:** * Added a new design document (`TurnState-Design.md`) describing the turn state system, including `TurnState`, `TurnStateContainer`, `TurnStateLoader`, DI registration, usage patterns, serialization, TTL/expiration, and testing. This enables per-turn, distributed state management for conversations and users, with Redis or other providers. * Added the `samples/StateBot/StateBot.csproj` project to the solution as a sample implementation of state management. **Observability and Telemetry Enhancements:** * Expanded the observability design (`Observability-Design.md`) to document new activity spans and metrics for state operations (`state.load`, `state.save`, `state.delete`) and OAuth flows (e.g., `oauth.signin`, `oauth.token_exchange`, with detailed metric/tag definitions and error handling). [[1]](diffhunk://#diff-47adc22b2131b91d665b879731c507df44d5afc2a181233ff37414c0e8d38371L20-R30) [[2]](diffhunk://#diff-47adc22b2131b91d665b879731c507df44d5afc2a181233ff37414c0e8d38371L34-R47) [[3]](diffhunk://#diff-47adc22b2131b91d665b879731c507df44d5afc2a181233ff37414c0e8d38371L49-R62) [[4]](diffhunk://#diff-47adc22b2131b91d665b879731c507df44d5afc2a181233ff37414c0e8d38371R101-R107) [[5]](diffhunk://#diff-47adc22b2131b91d665b879731c507df44d5afc2a181233ff37414c0e8d38371R139-R152) [[6]](diffhunk://#diff-47adc22b2131b91d665b879731c507df44d5afc2a181233ff37414c0e8d38371R193-R195) **OAuth Flow and Namespace Clarifications:** * Updated OAuth documentation to clarify the new namespace (`Microsoft.Teams.Apps.OAuth`) and reserved state key patterns for internal use, supporting distributed deduplication of token exchanges and pending sign-ins across multiple bot instances. [[1]](diffhunk://#diff-562a097dc2b9fef7d4f1fc6acf7de8560da2b95c55ebaf650680872299d44433L233-R233) [[2]](diffhunk://#diff-562a097dc2b9fef7d4f1fc6acf7de8560da2b95c55ebaf650680872299d44433L328-R328) [[3]](diffhunk://#diff-562a097dc2b9fef7d4f1fc6acf7de8560da2b95c55ebaf650680872299d44433R554-R555) [[4]](diffhunk://#diff-562a097dc2b9fef7d4f1fc6acf7de8560da2b95c55ebaf650680872299d44433R570-R578) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Mehak Bindra <mhk0397@gmail.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…ples/TabApp/Web (#566) Removes [esbuild](https://github.com/evanw/esbuild). It's no longer used after updating ancestor dependencies [esbuild](https://github.com/evanw/esbuild), [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). These dependencies need to be updated together. Removes `esbuild` Updates `@vitejs/plugin-react` from 4.7.0 to 6.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/releases">@vitejs/plugin-react's releases</a>.</em></p> <blockquote> <h2>plugin-react@6.0.2</h2> <h3>Allow all options in reactCompilerPreset (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3> <p>This is a type only change. Only <code>compilationMode</code> and <code>target</code> options were available for <code>reactCompilerPreset</code>.</p> <h2>plugin-react@6.0.1</h2> <h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3> <p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to include <code>^0.2.0</code>.</p> <h2>plugin-react@6.0.0</h2> <h3>Remove Babel Related Features (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3> <p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.</p> <p>If you are using Babel, you can use <code>@rolldown/plugin-babel</code> together with this plugin:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li> <pre><code>react({ </code></pre> </li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> <li> <pre><code>}), </code></pre> </li> </ul> <ul> <li> <pre><code>react(), </code></pre> </li> <li> <pre><code>babel({ </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code>}), </code></pre> ] }) </code></pre></li> </ul> <p>For React compiler users, you can use <code>reactCompilerPreset</code> for easier setup with preconfigured filter to improve build performance:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' -import react from '@vitejs/plugin-react' +import react, { reactCompilerPreset } from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li>react({</li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['babel-plugin-react-compiler'], </code></pre> </li> </ul> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md">@vitejs/plugin-react's changelog</a>.</em></p> <blockquote> <h2>6.0.2 (2026-05-14)</h2> <h3>Allow all options in reactCompilerPreset (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3> <p>This is a type only change. Only <code>compilationMode</code> and <code>target</code> options were available for <code>reactCompilerPreset</code>.</p> <h2>6.0.1 (2026-03-13)</h2> <h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3> <p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to include <code>^0.2.0</code>.</p> <h2>6.0.0 (2026-03-12)</h2> <h2>6.0.0-beta.0 (2026-03-03)</h2> <h3>Remove Babel Related Features (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3> <p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.</p> <p>If you are using Babel, you can use <code>@rolldown/plugin-babel</code> together with this plugin:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li> <pre><code>react({ </code></pre> </li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> <li> <pre><code>}), </code></pre> </li> </ul> <ul> <li> <pre><code>react(), </code></pre> </li> <li> <pre><code>babel({ </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code>}), </code></pre> ] }) </code></pre></li> </ul> <p>For React compiler users, you can use <code>reactCompilerPreset</code> for easier setup with preconfigured filter to improve build performance:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' -import react from '@vitejs/plugin-react' +import react, { reactCompilerPreset } from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/6535b55e956b425e6650ffc2cc98fd23cca1d231"><code>6535b55</code></a> release: plugin-react@6.0.2</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/bf0e43b756e3be81f8572d59727c218311f431ef"><code>bf0e43b</code></a> feat(react): whitelist debugging-options (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1189">#1189</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/3bd1f08ae0b82ee0e96feb2ff265e61c6fe74b54"><code>3bd1f08</code></a> feat: use carets for rolldown versions (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1216">#1216</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/2b8df67323265d1ff5ddf47b2db9ab0b9de5c688"><code>2b8df67</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1218">#1218</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/8fa9619e1b1f51b079f4c1df6bcf076dcafc5aed"><code>8fa9619</code></a> fix(deps): update react 19.2.6 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1211">#1211</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/a4296ad2995a8d493528b8d5450a1209de2943cb"><code>a4296ad</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1209">#1209</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/323ccd72576be636b50baa7d9ce816cc94d5991e"><code>323ccd7</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1196">#1196</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/a7506e105df00cdadc58c0aecc4512d8cfdd9765"><code>a7506e1</code></a> chore(deps): update vite 8.0.10 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1198">#1198</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/02cff2a0cf5c7e9792b1612baa380228f5e4d3c1"><code>02cff2a</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1184">#1184</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/4b9c890cdb21078ac45a86873b24f7e8613b8526"><code>4b9c890</code></a> fix(deps): update react 19.2.5 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1181">#1181</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.2/packages/plugin-react">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@vitejs/plugin-react</code> since your current version.</p> </details> <br /> Updates `vite` from 6.4.2 to 8.0.16 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v8.0.16</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.16/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.15</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.15/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.14</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.14/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.13</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.12</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.10</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.9</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.5</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.4</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.2/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.15...v8.0.16">8.0.16</a> (2026-06-01)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> reject UNC paths for launch-editor-middleware (<a href="https://redirect.github.com/vitejs/vite/issues/22571">#22571</a>) (<a href="https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9">50b9512</a>)</li> <li>reject windows alternate paths (<a href="https://redirect.github.com/vitejs/vite/issues/22572">#22572</a>) (<a href="https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546">dc245c7</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.14...v8.0.15">8.0.15</a> (2026-06-01)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>send 408 on request timeout (<a href="https://redirect.github.com/vitejs/vite/issues/22476">#22476</a>) (<a href="https://github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797">c85c9ee</a>)</li> <li>update rolldown to 1.0.3 (<a href="https://redirect.github.com/vitejs/vite/issues/22538">#22538</a>) (<a href="https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575">646dbed</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>capitalize error messages and remove spurious space in parse error (<a href="https://redirect.github.com/vitejs/vite/issues/22488">#22488</a>) (<a href="https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3">85a0eff</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22511">#22511</a>) (<a href="https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa">2686d7d</a>)</li> <li><strong>dev:</strong> fix html-proxy cache key mismatch for /@fs/ HTML paths (<a href="https://redirect.github.com/vitejs/vite/issues/21762">#21762</a>) (<a href="https://github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e">47c4213</a>)</li> <li><strong>glob:</strong> error on relative glob in virtual module when no files match (<a href="https://redirect.github.com/vitejs/vite/issues/22497">#22497</a>) (<a href="https://github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c">5c8e98f</a>)</li> <li><strong>optimizer:</strong> close the rolldown bundle when write() rejects (<a href="https://redirect.github.com/vitejs/vite/issues/22528">#22528</a>) (<a href="https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815">e3cfb9d</a>)</li> <li><strong>resolve:</strong> provide onWarn for viteResolvePlugin in JS plugin containers (<a href="https://redirect.github.com/vitejs/vite/issues/22509">#22509</a>) (<a href="https://github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83">40985f1</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22566">#22566</a>) (<a href="https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd">3052a67</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li>correct logic in <code>collectAllModules</code> function (<a href="https://redirect.github.com/vitejs/vite/issues/22562">#22562</a>) (<a href="https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c">6978a9c</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.13...v8.0.14">8.0.14</a> (2026-05-21)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>update rolldown to 1.0.2 (<a href="https://redirect.github.com/vitejs/vite/issues/22484">#22484</a>) (<a href="https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0">96efc88</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22471">#22471</a>) (<a href="https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3">98b8163</a>)</li> <li><strong>dev:</strong> handle errors when sending messages to vite server (<a href="https://redirect.github.com/vitejs/vite/issues/22450">#22450</a>) (<a href="https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217">e8e9a34</a>)</li> <li><strong>html:</strong> handle trailing slash paths in transformIndexHtml (<a href="https://redirect.github.com/vitejs/vite/issues/22480">#22480</a>) (<a href="https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693">5d94d1b</a>)</li> <li><strong>optimizer:</strong> pass oxc jsx options to transformSync in dependency scan (<a href="https://redirect.github.com/vitejs/vite/issues/22342">#22342</a>) (<a href="https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262">b3132da</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22470">#22470</a>) (<a href="https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f">7cb728e</a>)</li> <li>remove irrelevant commits from changelog (<a href="https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086">2c69495</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li><strong>glob:</strong> do not rewrite import path for absolute base (<a href="https://redirect.github.com/vitejs/vite/issues/22310">#22310</a>) (<a href="https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302">0ae2844</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/f94df87ff03b40b65e29bacdc04cc18c7bccaa4a"><code>f94df87</code></a> release: v8.0.16</li> <li><a href="https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546"><code>dc245c7</code></a> fix: reject windows alternate paths (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572">#22572</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9"><code>50b9512</code></a> fix(deps): reject UNC paths for launch-editor-middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571">#22571</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/8d1b0195fd186d0b3297d7cd17acff6c96797420"><code>8d1b019</code></a> release: v8.0.15</li> <li><a href="https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa"><code>2686d7d</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22511">#22511</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd"><code>3052a67</code></a> chore(deps): update rolldown-related dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22566">#22566</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815"><code>e3cfb9d</code></a> fix(optimizer): close the rolldown bundle when write() rejects (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22528">#22528</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c"><code>6978a9c</code></a> refactor: correct logic in <code>collectAllModules</code> function (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22562">#22562</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575"><code>646dbed</code></a> feat: update rolldown to 1.0.3 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22538">#22538</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3"><code>85a0eff</code></a> fix: capitalize error messages and remove spurious space in parse error (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22488">#22488</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v8.0.16/packages/vite">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams.net/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…Samples.Tab/Web (#565) Removes [esbuild](https://github.com/evanw/esbuild). It's no longer used after updating ancestor dependencies [esbuild](https://github.com/evanw/esbuild), [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). These dependencies need to be updated together. Removes `esbuild` Updates `@vitejs/plugin-react` from 4.7.0 to 6.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/releases">@vitejs/plugin-react's releases</a>.</em></p> <blockquote> <h2>plugin-react@6.0.2</h2> <h3>Allow all options in reactCompilerPreset (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3> <p>This is a type only change. Only <code>compilationMode</code> and <code>target</code> options were available for <code>reactCompilerPreset</code>.</p> <h2>plugin-react@6.0.1</h2> <h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3> <p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to include <code>^0.2.0</code>.</p> <h2>plugin-react@6.0.0</h2> <h3>Remove Babel Related Features (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3> <p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.</p> <p>If you are using Babel, you can use <code>@rolldown/plugin-babel</code> together with this plugin:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li> <pre><code>react({ </code></pre> </li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> <li> <pre><code>}), </code></pre> </li> </ul> <ul> <li> <pre><code>react(), </code></pre> </li> <li> <pre><code>babel({ </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code>}), </code></pre> ] }) </code></pre></li> </ul> <p>For React compiler users, you can use <code>reactCompilerPreset</code> for easier setup with preconfigured filter to improve build performance:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' -import react from '@vitejs/plugin-react' +import react, { reactCompilerPreset } from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li>react({</li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['babel-plugin-react-compiler'], </code></pre> </li> </ul> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md">@vitejs/plugin-react's changelog</a>.</em></p> <blockquote> <h2>6.0.2 (2026-05-14)</h2> <h3>Allow all options in reactCompilerPreset (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3> <p>This is a type only change. Only <code>compilationMode</code> and <code>target</code> options were available for <code>reactCompilerPreset</code>.</p> <h2>6.0.1 (2026-03-13)</h2> <h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3> <p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to include <code>^0.2.0</code>.</p> <h2>6.0.0 (2026-03-12)</h2> <h2>6.0.0-beta.0 (2026-03-03)</h2> <h3>Remove Babel Related Features (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3> <p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.</p> <p>If you are using Babel, you can use <code>@rolldown/plugin-babel</code> together with this plugin:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li> <pre><code>react({ </code></pre> </li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> <li> <pre><code>}), </code></pre> </li> </ul> <ul> <li> <pre><code>react(), </code></pre> </li> <li> <pre><code>babel({ </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code>}), </code></pre> ] }) </code></pre></li> </ul> <p>For React compiler users, you can use <code>reactCompilerPreset</code> for easier setup with preconfigured filter to improve build performance:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' -import react from '@vitejs/plugin-react' +import react, { reactCompilerPreset } from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/6535b55e956b425e6650ffc2cc98fd23cca1d231"><code>6535b55</code></a> release: plugin-react@6.0.2</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/bf0e43b756e3be81f8572d59727c218311f431ef"><code>bf0e43b</code></a> feat(react): whitelist debugging-options (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1189">#1189</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/3bd1f08ae0b82ee0e96feb2ff265e61c6fe74b54"><code>3bd1f08</code></a> feat: use carets for rolldown versions (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1216">#1216</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/2b8df67323265d1ff5ddf47b2db9ab0b9de5c688"><code>2b8df67</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1218">#1218</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/8fa9619e1b1f51b079f4c1df6bcf076dcafc5aed"><code>8fa9619</code></a> fix(deps): update react 19.2.6 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1211">#1211</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/a4296ad2995a8d493528b8d5450a1209de2943cb"><code>a4296ad</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1209">#1209</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/323ccd72576be636b50baa7d9ce816cc94d5991e"><code>323ccd7</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1196">#1196</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/a7506e105df00cdadc58c0aecc4512d8cfdd9765"><code>a7506e1</code></a> chore(deps): update vite 8.0.10 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1198">#1198</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/02cff2a0cf5c7e9792b1612baa380228f5e4d3c1"><code>02cff2a</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1184">#1184</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/4b9c890cdb21078ac45a86873b24f7e8613b8526"><code>4b9c890</code></a> fix(deps): update react 19.2.5 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1181">#1181</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.2/packages/plugin-react">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@vitejs/plugin-react</code> since your current version.</p> </details> <br /> Updates `vite` from 6.4.2 to 8.0.16 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v8.0.16</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.16/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.15</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.15/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.14</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.14/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.13</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.12</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.10</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.9</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.5</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.4</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.2/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.15...v8.0.16">8.0.16</a> (2026-06-01)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> reject UNC paths for launch-editor-middleware (<a href="https://redirect.github.com/vitejs/vite/issues/22571">#22571</a>) (<a href="https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9">50b9512</a>)</li> <li>reject windows alternate paths (<a href="https://redirect.github.com/vitejs/vite/issues/22572">#22572</a>) (<a href="https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546">dc245c7</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.14...v8.0.15">8.0.15</a> (2026-06-01)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>send 408 on request timeout (<a href="https://redirect.github.com/vitejs/vite/issues/22476">#22476</a>) (<a href="https://github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797">c85c9ee</a>)</li> <li>update rolldown to 1.0.3 (<a href="https://redirect.github.com/vitejs/vite/issues/22538">#22538</a>) (<a href="https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575">646dbed</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>capitalize error messages and remove spurious space in parse error (<a href="https://redirect.github.com/vitejs/vite/issues/22488">#22488</a>) (<a href="https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3">85a0eff</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22511">#22511</a>) (<a href="https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa">2686d7d</a>)</li> <li><strong>dev:</strong> fix html-proxy cache key mismatch for /@fs/ HTML paths (<a href="https://redirect.github.com/vitejs/vite/issues/21762">#21762</a>) (<a href="https://github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e">47c4213</a>)</li> <li><strong>glob:</strong> error on relative glob in virtual module when no files match (<a href="https://redirect.github.com/vitejs/vite/issues/22497">#22497</a>) (<a href="https://github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c">5c8e98f</a>)</li> <li><strong>optimizer:</strong> close the rolldown bundle when write() rejects (<a href="https://redirect.github.com/vitejs/vite/issues/22528">#22528</a>) (<a href="https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815">e3cfb9d</a>)</li> <li><strong>resolve:</strong> provide onWarn for viteResolvePlugin in JS plugin containers (<a href="https://redirect.github.com/vitejs/vite/issues/22509">#22509</a>) (<a href="https://github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83">40985f1</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22566">#22566</a>) (<a href="https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd">3052a67</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li>correct logic in <code>collectAllModules</code> function (<a href="https://redirect.github.com/vitejs/vite/issues/22562">#22562</a>) (<a href="https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c">6978a9c</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.13...v8.0.14">8.0.14</a> (2026-05-21)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>update rolldown to 1.0.2 (<a href="https://redirect.github.com/vitejs/vite/issues/22484">#22484</a>) (<a href="https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0">96efc88</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22471">#22471</a>) (<a href="https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3">98b8163</a>)</li> <li><strong>dev:</strong> handle errors when sending messages to vite server (<a href="https://redirect.github.com/vitejs/vite/issues/22450">#22450</a>) (<a href="https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217">e8e9a34</a>)</li> <li><strong>html:</strong> handle trailing slash paths in transformIndexHtml (<a href="https://redirect.github.com/vitejs/vite/issues/22480">#22480</a>) (<a href="https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693">5d94d1b</a>)</li> <li><strong>optimizer:</strong> pass oxc jsx options to transformSync in dependency scan (<a href="https://redirect.github.com/vitejs/vite/issues/22342">#22342</a>) (<a href="https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262">b3132da</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22470">#22470</a>) (<a href="https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f">7cb728e</a>)</li> <li>remove irrelevant commits from changelog (<a href="https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086">2c69495</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li><strong>glob:</strong> do not rewrite import path for absolute base (<a href="https://redirect.github.com/vitejs/vite/issues/22310">#22310</a>) (<a href="https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302">0ae2844</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/f94df87ff03b40b65e29bacdc04cc18c7bccaa4a"><code>f94df87</code></a> release: v8.0.16</li> <li><a href="https://github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546"><code>dc245c7</code></a> fix: reject windows alternate paths (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22572">#22572</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9"><code>50b9512</code></a> fix(deps): reject UNC paths for launch-editor-middleware (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22571">#22571</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/8d1b0195fd186d0b3297d7cd17acff6c96797420"><code>8d1b019</code></a> release: v8.0.15</li> <li><a href="https://github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa"><code>2686d7d</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22511">#22511</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd"><code>3052a67</code></a> chore(deps): update rolldown-related dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22566">#22566</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815"><code>e3cfb9d</code></a> fix(optimizer): close the rolldown bundle when write() rejects (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22528">#22528</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c"><code>6978a9c</code></a> refactor: correct logic in <code>collectAllModules</code> function (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22562">#22562</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575"><code>646dbed</code></a> feat: update rolldown to 1.0.3 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22538">#22538</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3"><code>85a0eff</code></a> fix: capitalize error messages and remove spurious space in parse error (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22488">#22488</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v8.0.16/packages/vite">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams.net/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Introduce CachingAuthTokens sample project using .NET 10.0 and StackExchange.Redis for distributed token caching. Update AddBotApplicationExtensions to use distributed token caches instead of in-memory. Add appsettings.json for configuration and implement a basic echo bot in Program.cs that reports SDK version, OS, and reply latency. Update solution file to include the new sample.
…ab/Web (#569) Bumps [form-data](https://github.com/form-data/form-data) from 4.0.5 to 4.0.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/form-data/form-data/blob/master/CHANGELOG.md">form-data's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/form-data/form-data/compare/v4.0.5...v4.0.6">v4.0.6</a> - 2026-06-12</h2> <h3>Commits</h3> <ul> <li>[Fix] escape CR, LF, and <code>"</code> in field names and filenames <a href="https://github.com/form-data/form-data/commit/8dff42c6da654ed4e7ad4acb7f8ccd3831217c99"><code>8dff42c</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code>, <code>auto-changelog</code>, <code>tape</code> <a href="https://github.com/form-data/form-data/commit/f31d21ef10bf46e46344c3ee4f99acbef6be43e1"><code>f31d21e</code></a></li> <li>[Deps] update <code>hasown</code>, <code>mime-types</code> <a href="https://github.com/form-data/form-data/commit/92ae0eb5da94d6f01925d5f4fcffb2a1e50ed7cd"><code>92ae0eb</code></a></li> <li>[Dev Deps] update <code>js-randomness-predictor</code> <a href="https://github.com/form-data/form-data/commit/67b0f65c2e0b065a511d42227d35e4d367644e97"><code>67b0f65</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"><code>64190db</code></a> v4.0.6</li> <li><a href="https://github.com/form-data/form-data/commit/92ae0eb5da94d6f01925d5f4fcffb2a1e50ed7cd"><code>92ae0eb</code></a> [Deps] update <code>hasown</code>, <code>mime-types</code></li> <li><a href="https://github.com/form-data/form-data/commit/f31d21ef10bf46e46344c3ee4f99acbef6be43e1"><code>f31d21e</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code>, <code>auto-changelog</code>, <code>tape</code></li> <li><a href="https://github.com/form-data/form-data/commit/8dff42c6da654ed4e7ad4acb7f8ccd3831217c99"><code>8dff42c</code></a> [Fix] escape CR, LF, and <code>"</code> in field names and filenames</li> <li><a href="https://github.com/form-data/form-data/commit/67b0f65c2e0b065a511d42227d35e4d367644e97"><code>67b0f65</code></a> [Dev Deps] update <code>js-randomness-predictor</code></li> <li>See full diff in <a href="https://github.com/form-data/form-data/compare/v4.0.5...v4.0.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/teams.net/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary Fixes the integration test throttling issue (429s) by caching `/members` calls in the shared fixture, and adds proper skip annotations for known service-side limitations. ## Changes - **Member caching**: Add `IAsyncLifetime` to `IntegrationTestFixture` to fetch members once during initialization. Exposes `CachedMembers`, `MemberMri1/2/3` properties. - **Remove stale Skips**: All previously-disabled tests now run. - **Agentic identity skips**: Targeted activities (500), reactions (404), paged members (500/empty) are skipped when running with agentic identity — known service limitations. - **Canary skips**: Paged members (empty) and reactions (404) skipped on canary endpoint — pre-prod ring limitations. - **Group chat fix**: Bot can't include itself in members list when creating group chats. - **README**: Setup instructions and architecture notes. - **.gitignore**: Exclude `.runsettings/` directory (contains secrets). ## Test Results | Config | Passed | Skipped | Failed | |--------|--------|---------|--------| | botid-prod | 68 | 0 | **0** | | botid-canary | 63 | 5 | **0** | | agenticid-prod | 54 | 14 | **0** | | agenticid-canary | 54 | 14 | **0** | ## Supersedes This supersedes #470 (which removed Skip annotations without fixing the underlying caching issue). ## Related - Cross-SDK runbook: microsoft/teams-sdk#(pending) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds `[Trait("Category", "...")]` to all 68 integration tests for
selective CI filtering.
**Categories:** Activities, Members, Conversations, Reactions, Teams,
Meetings, Bots, Users, Client, Diagnostic, ErrorHandling
**Usage:**
```bash
# Run only activities tests
dotnet test --filter "Category=Activities"
# Exclude slow diagnostic matrix
dotnet test --filter "Category!=Diagnostic"
```
Follow-up to #570.
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Follow-up to #561. The stopwatch in the CachingAuthTokens sample measures `SendActivityAsync` round-trip time, not token acquisition latency. This renames the label from "auth latency" to "reply latency" to accurately reflect what is being measured. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Quoted replies are now GA. Removes all
`[Experimental("ExperimentalTeamsQuotedReplies")]` attributes, `#pragma
warning disable/restore` pairs, and `NoWarn` entries from csproj files.
## Changes
Across both `Libraries/` and `core/`:
- Removed `[Experimental]` attributes from classes and methods
- Removed pragma warning disable/restore pairs
- Cleaned up `NoWarn` entries in csproj files (preserving other warnings
like `ExperimentalTeamsTargeted`)
- Updated `core/docs/MigrationGuide.md`
All tests pass (696/696). Format check passes.
## Summary
- Bump Core version to `1.0.5-preview.{height}` (post 1.0.4 release)
- Bump Legacy version to `2.0.10-preview.{height}` (post 2.0.9 release)
Updates the integration test README runbook link to point to the internal ADO wiki. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
## Summary
Fixes `TeamClient.GetConversationsAsync` which failed to deserialize the
response from `GET /v3/teams/{id}/conversations`.
The endpoint returns a wrapper object (`{"conversations": [...]}`), but
the method was trying to deserialize directly as `List<Channel>`,
causing a `JsonException`.
## Changes
- Added a private `ConversationListResponse` wrapper class for
deserialization
- Updated `GetConversationsAsync` to deserialize into the wrapper and
return `.Conversations`
- Updated unit test to exercise the real JSON deserialization path (not
mocked)
- Added empty list test case
## Notes
- No public API signature change (still returns `Task<List<Channel>>`)
- Already fixed in `core` (`next/core` branch) - this backports the fix
to Libraries
- TS and Python SDKs already handle this correctly
Fixes #574
Reported by customer:
OfficeDev/Microsoft-Teams-Samples#1969
## Summary Fixes #546 The `AddFunction<TBody>(builder, name, Func<IFunctionContext<TBody>, Task<object?>>)` overload was infinitely recursive -- it wrapped the handler in `async context => await handler(context)` which still returns `Task<object?>`, resolving back to itself via overload resolution. This caused a `StackOverflowException` at runtime. ## Fix - Moved the base endpoint-registration implementation into the async `Func<IFunctionContext<TBody>, Task<object?>>` overload (properly awaiting the handler) - Changed the synchronous `Func<IFunctionContext<TBody>, object?>` overload to delegate to the async base via `Task.FromResult(handler(context))` ## Verification - Build succeeds - Ran a minimal app using the previously-buggy overload; server responds with 401 (expected, no auth) instead of crashing with StackOverflowException
Cleanup: Microsoft.Teams.Apps Pre-release cleanup pass over the Apps layer — naming, dead code, and tighter types. No behavioral/wire changes (net −300 lines). Naming — value-set const string catalog classes are now plural (matches .NET convention: ClaimTypes, HttpMethods): ActionTypes, AttachmentContentTypes, TeamsActivityTypes, TaskModuleSizes, ReactionTypes, UserIdentityTypes, TextFormats, … Where a wire property shares the name (e.g. ConversationType), the property stays singular and only the class is pluralized. TeamsActivityType.cs → TeamsActivityTypes.cs. Tighter types (replacing loose object): WithSuggestedActions(object[]) → SuggestedAction[] (+ MessageExtensionSuggestedAction.Actions) WithCard(object) → TeamsAttachment TeamsBotApplication.Api now virtual (mock seam) New: MemberClient.GetAllAsync(...) — IAsyncEnumerable auto-paging overload alongside GetPagedAsync. Removed: commented-out handlers/samples and unused constants. Testing: builds clean; all 360 unit tests pass on net8.0 + net10.0. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary Addresses the Azure SDK Copilot review comments on the core client/schema surface. ## Changes - **Rename `ConversationAccount` → `ChannelAccount`** (+ `TeamsConversationAccount` → `TeamsChannelAccount`). It models a *participant* (`from`/`recipient`/members) — Bot Framework's `ChannelAccount`; the old name was BF's term for the container we already call `Conversation`. - **`UserTokenClient.GetSignInResource` → `GetSignInResourceAsync`** (async suffix). - **`virtual` on mocked members** (clients are mocked ~49×): `ConversationClient` reaction/delete methods + `BotHttpClient`; `BotApplication.ConversationClient`/`UserTokenClient`. - **Removed dead surface**: `CoreActivity.DefaultJsonOptions`, `ConversationClient.DefaultCustomHeaders`, `BotRequestOptions.DefaultHeaders` (all unused/never-populated; cross-cutting headers belong on a `DelegatingHandler`). - **`CoreActivity`**: param `ops` → `jsonTypeInfo` + fix an inaccurate doc comment. ## Declined - **`Response<T>` wrapping** — the BF API returns no consumer-relevant metadata; failures throw. - **Sync counterparts** — consumer context is an async bot server; dead surface + deadlock footgun. - **Parameterless ctors on clients** — Moq mocks via the arg ctor; not subclassing points (`BotApplication` is, so it keeps its). - **`ThumbnailBase64`→`ThumbnailBytes`** / **`ActivityType`→`ActivityTypes`** — kept (contract-aligned / pseudo-enum singular convention). ## Validation Full solution builds clean, samples included; rename compiler-validated across 55 files. --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
## Summary - **Legacy 2.0**: Adds `TextFormat.ExtendedMarkdown` static field and `IsExtendedMarkdown` predicate - **New 2.1**: Adds `TextFormats.ExtendedMarkdown` constant with expanded XML doc - Adds unit tests for both 2.0 and 2.1 - Updates TeamsBot sample welcome message to include `extended` command - Adds new `Samples.FormattedMessaging` sample demonstrating all text formats: markdown, extendedmarkdown, xml, and plain ## Test plan - [x] 2.0 unit tests pass (22/22 x2 TFMs) - [x] 2.1 unit tests pass (7/7 x2 TFMs) - [x] `Samples.FormattedMessaging` builds clean (0 errors, 0 warnings) - [x] E2E validated in Teams ## Screenshots <img width="363" height="125" alt="image" src="https://github.com/user-attachments/assets/7b2ed266-c3b0-4be9-b336-cc03a0957b05" /> <img width="344" height="266" alt="image" src="https://github.com/user-attachments/assets/d39f3614-dbc3-4050-9ab9-a1e105da68d3" /> <img width="413" height="191" alt="image" src="https://github.com/user-attachments/assets/5b208d10-5d67-4c0d-b61c-69e7bdf073a7" /> <img width="630" height="297" alt="image" src="https://github.com/user-attachments/assets/ad193b43-115f-409d-9925-a5953804e064" /> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
API-surface cleanup for the new `core/src/Microsoft.Teams.Apps` library: deprecate the migration backcompat shims, hide internals, and drop redundant clients. (~500 +/2,400 −, 39 files.) **Deprecated (`[Obsolete]`) → canonical API** - `App.Builder()` / `AppBuilder` / `AddTeams` / `UseTeams` → `AddTeamsBotApplication` / `UseTeamsBotApplication` - non-`Async` aliases `context.Send/Reply/Typing/Quote`, `teams.Send/Reply` → `…Async` (added `QuoteAsync`) - `context.Log` → DI `ILogger` - `context` OAuth helpers (`SignInAsync` etc.) → `teams.GetOAuthFlow(name).XxxAsync(context, …)` **Removed / consolidated** - `OnMeetingJoin`/`OnMeetingLeave` is now the single meeting API (dropped the `OnMeetingParticipant*` duplicates) - `UserClient` gone → `api.Users` is `UserTokenApiClient` directly - `BotSignInClient`+`BotClient`+`ApiClient.Bots` folded into `api.Users.GetSignInUrlAsync`/`GetSignInResourceAsync` - deleted unused `BotTokenClient` **Internalized** - `Router`, `Route<T>`, `RouteBase`, and the handler activity-type constructors (framework-built from incoming activities; serialization attrs kept) **Fix** - `MemberClient.GetAllAsync`: `TeamsConversationAccount` → `TeamsChannelAccount` (build break) **Docs**: consolidated to `ReduceBreakingChangesPlan.md` (deleted `MigrationGuide.md`); trimmed `ApiClient-Design.md`. Builds clean; 354 unit tests pass (net8.0 + net10.0). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Updates `@azure/msal-browser` from `^3.0.0` (resolved 3.30.0) to `^5.14.0` in `core/samples/TabApp/Web` to address internal security finding **MVS-2026-vmmw-f85q** flagged by the 1ES/Breeze scanner (not a public CVE, so it doesn't surface in npm audit / GitHub advisories). ### Changes - `core/samples/TabApp/Web/package.json`: `@azure/msal-browser` `^3.0.0` -> `^5.14.0` - `core/samples/TabApp/Web/package-lock.json`: regenerated (msal-browser 5.14.0, msal-common 16.9.0) ### Validation - The sample's MSAL API usage (`createNestablePublicClientApplication`, `acquireTokenSilent`/`acquireTokenPopup`, `getAllAccounts`, `InteractionRequiredAuthError`) is unchanged across the major bump. - `tsc --noEmit` and `vite build` both pass. Scope limited to `core/samples/TabApp/Web`; the other web sample (`Samples/Samples.Tab/Web`) already resolves msal-browser 4.22.0 transitively. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…multi-bot auth to PABot (#580) ## Summary Introduces a single, non-ambient per-request property bag (`BotRequestProperties`) for flowing custom per-request fields — **agentic identity** and **bot app id** — from the Compat layer through the core `ConversationClient` to the outbound `HttpRequestMessage`, and uses it to support **per-app-id token minting** and **multi-bot inbound auth** in the PABot sample. ## What changed ### Core (`Microsoft.Teams.Core`) - **New `BotRequestContext`** — central helper for the per-request auth ctx. (can be extended in the future to carry other custom properties from incoming activities or other per turn values) Currently holds: `AgenticIdentity`, `botAppId`. Factories: `FromActivity` (outbound/From), `FromInboundActivity` (inbound/Recipient), `FromAgenticIdentity`, `FromBotAppId`, `Merge`; - **`BotRequestOptions`** — replaced the typed `AgenticIdentity` property with a `RequestContext` record. - **`BotHttpClient`** — stamps each ctx entry onto `HttpRequestMessage.Options`; - **`ConversationClient`** — methods take `requestContext` instead of `agenticIdentity`; `SendActivityAsync` derives properties from the outgoing activity and merges any caller-supplied ctx. ### Apps (`Microsoft.Teams.Apps`) - Internal API clients (Activity, Conversation, Meeting, Member, Reaction, Team, UserToken) converted to pass `BotRequestContext` while keeping their public `AgenticIdentity?` parameters. ### Compat (`Microsoft.Teams.Apps.BotBuilder`) - **`CompatConversations`** — scoped `RequestProperties` bag threaded through all outbound calls. - **`TeamsBotFrameworkHttpAdapter`** — populates `FromInboundActivity` (reactive) and `FromBotAppId` (proactive `ContinueConversationAsync`). - **`TeamsBotAdapter`** — Delete/Update activity paths now carry the inbound bag. ### PABot sample - **`PACustomAuthHandler`** — reads `botAppId` from request options and routes token acquisition: agentic → agentic token; bot app id → per-app-id token; else default. - **`RoutedTokenAcquisitionService`** — mints a token as a specific bot app id against a trusted-bot allow-list. - **`InitCompatAdapter`** — multi-bot config (`MsalBot` + `MsalBots[]`); one JWT validation scheme per bot with a policy scheme forwarding by token audience. ## Testing - Full core build + unit tests green; integration tests build. - Manually validated end-to-end against a live bot via devtunnel (per-app-id token acquisition observed in logs). --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
## Summary Adds an optional tenant id to `AgenticIdentity`, mirroring [`tenant_id` in teams.py](https://github.com/microsoft/teams.py/blob/b65a9976d5a6f15a5f6c4130ce9f0665824e6a40/packages/api/src/microsoft_teams/api/models/agentic_identity.py#L15). The tenant arrives on the wire as `tenantId` on the inbound activity's account (alongside `agenticAppId` / `agenticUserId` / `agenticAppBlueprintId`), so the change wires it through end-to-end. ## Changes - **`AgenticIdentity`** — new optional `TenantId` property; `FromAccount` now maps it. - **`ChannelAccount`** — added typed `tenantId` JSON property (the wire source); `GetAgenticIdentity()` now populates `TenantId`. A `tenantId` alone still does not fabricate an agentic identity. - **`TeamsChannelAccount`** — removed its duplicate `tenantId`, now inherited from the base `ChannelAccount` (same JSON name, no behavior change). Updated the related doc cref in `TeamsBaggageBuilder`. - **Tests** — added unit tests covering the wire → identity mapping and the tenant-only case. ## Verification - 169 Core + 354 Apps unit tests pass. - Verified live against a real agentic invoke: the recipient's `tenantId` flowed correctly into the parsed `AgenticIdentity.TenantId`. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Mehak Bindra <mhk0397@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…m 3.1.0 to 4.0.0 (#584) Bumps ghcr.io/devcontainers/features/docker-in-docker from 3.1.0 to 4.0.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Conflicts: # .devcontainer/devcontainer.json # core/src/Microsoft.Teams.Apps/Diagnostics/TeamsBaggageBuilder.cs # core/src/Microsoft.Teams.Apps/Schema/TeamsChannelAccount.cs # core/version.json
corinagum
approved these changes
Jun 30, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Core release branch for a stable v1.0.6 NuGet publish by bumping core/version.json and bringing in recent main changes, including tenantId wiring for AgenticIdentity / ChannelAccount.
Changes:
- Bump Core package set version to 1.0.6 for stable release.
- Add typed
tenantIdsupport onChannelAccountand flow it intoAgenticIdentity+ unit tests. - Remove the duplicate
tenantIdproperty fromTeamsChannelAccountand rely on the baseChannelAccount.TenantId.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| core/version.json | Bumps Core release version to 1.0.6. |
| core/test/Microsoft.Teams.Core.UnitTests/Schema/CoreActivityTests.cs | Adds unit coverage for tenantId → AgenticIdentity behavior. |
| core/src/Microsoft.Teams.Core/Schema/ChannelAccount.cs | Introduces typed TenantId and includes it in GetAgenticIdentity(). |
| core/src/Microsoft.Teams.Core/Schema/AgenticIdentity.cs | Adds TenantId and maps it from ChannelAccount. |
| core/src/Microsoft.Teams.Apps/Schema/TeamsChannelAccount.cs | Removes duplicate TenantId and changes mapping source. |
| core/src/Microsoft.Teams.Apps/Diagnostics/TeamsBaggageBuilder.cs | Updates XML doc cref to reference the new base TenantId property. |
| .devcontainer/devcontainer.json | Updates devcontainer Docker-in-Docker feature major version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+52
to
+56
| /// <summary> | ||
| /// Gets or sets the tenant ID associated with the account. | ||
| /// </summary> | ||
| [JsonPropertyName("tenantId")] | ||
| public string? TenantId { get; set; } |
Comment on lines
55
to
58
| result.UserPrincipalName = result.Properties.Extract<string>("userPrincipalName"); | ||
| result.UserRole = result.Properties.Extract<string>("userRole"); | ||
| result.TenantId = result.Properties.Extract<string>("tenantId"); | ||
| result.TenantId = channelAccount.TenantId; | ||
| if (string.IsNullOrEmpty(result.AadObjectId)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sets Core version to 1.0.6 for a stable public (nuget.org) release, following RELEASE.md §"Producing a Stable Release".
What this releases
Packs
core/src/**/*.csproj— the Core package set:Microsoft.Teams.CoreMicrosoft.Teams.Apps.BotBuilderMicrosoft.Teams.Apps2.1.0-preview.*version.jsonoverride, unchanged — matches v1.0.5)Microsoft.Teams.Apps.BotBuilderinheritscore/version.json, so it moves to 1.0.6 alongside Core (its last stable was 1.0.5).Changes
core/version.json:1.0.5→1.0.6(preview suffix removed).mainintoreleases/core, bringing in everything since v1.0.5 — including Add optional TenantId to AgenticIdentity #583 (optionalTenantIdonAgenticIdentity).Validation
dotnet packsucceeds for all three Core packages.After merge
releases/corewithpackageSet=Core, publishType=Public.v1.0.6(targetreleases/core).mainto the next cycle (1.0.7-preview.{height}).