Fix critical DataProtection vulnerability (NU1904)#451
Merged
Conversation
Pin Microsoft.AspNetCore.DataProtection to 10.0.7 to resolve NU1904 for the vulnerable transitive 10.0.0 dependency, and bump System.Security.Cryptography.Xml to 10.0.7 as required. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR aims to address a critical NuGet advisory (NU1904 / GHSA-9mv3-2cwr-p262) while also introducing broader SDK updates across samples, CI tooling, and API surface (cloud support, targeted messaging, reactions, and cancellation-token-friendly handlers).
Changes:
- Adds/updates multiple samples (core and repo-level), including standardized config templates and cancellation-token-aware handlers.
- Extends SDK capabilities: cloud environment wiring, targeted messaging routing, reactions client, new invoke/activity types, and additional cancellation token parameters across clients/handlers.
- Updates CI/dev tooling (GitHub workflows, Azure DevOps pipelines, devcontainer), and bumps some package versions.
Reviewed changes
Copilot reviewed 1 out of 1 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| core/samples/MeetingsBot/appsettings.json | Adds sample logging/host configuration for MeetingsBot. |
| core/samples/MeetingsBot/README.md | Documents Meetings sample manifest requirements and setup. |
| core/samples/MeetingsBot/Program.cs | Adds MeetingsBot minimal hosting sample with meeting handlers. |
| core/samples/MeetingsBot/MeetingsBot.csproj | Introduces net10.0 MeetingsBot sample project. |
| core/samples/Directory.Build.props | Enables NuGet auditing and treats warnings as errors for core samples. |
| core/samples/CustomHosting/appsettings.json | Adds logging/host configuration for CustomHosting sample. |
| core/samples/CustomHosting/Program.cs | Adds CustomHosting minimal web host sample. |
| core/samples/CustomHosting/MyTeamsBotApp.cs | Adds a custom TeamsBotApplication-derived sample. |
| core/samples/CustomHosting/CustomHosting.csproj | Introduces net10.0 CustomHosting sample project. |
| core/samples/CoreBot/appsettings.json | Adds CoreBot logging and AppInsights placeholder configuration. |
| core/samples/CoreBot/Program.cs | Adds CoreBot minimal hosting sample using BotApplication. |
| core/samples/CoreBot/CoreBot.csproj | Introduces net10.0 CoreBot sample project. |
| core/samples/CompatProactive/appsettings.json | Adds logging config for CompatProactive sample. |
| core/samples/CompatProactive/Program.cs | Adds worker-hosted compat proactive sample entrypoint. |
| core/samples/CompatProactive/ProactiveWorker.cs | Implements proactive messaging example using compat adapter. |
| core/samples/CompatProactive/CompatProactive.csproj | Adds CompatProactive sample project file. |
| core/samples/CompatBot/appsettings.json | Adds logging/AppInsights placeholder for CompatBot sample. |
| core/samples/CompatBot/Program.cs | Adds CompatBot sample wiring for adapter, routes, proactive notify endpoint. |
| core/samples/CompatBot/MyCompatMiddleware.cs | Adds middleware example for compat layer. |
| core/samples/CompatBot/CompatBot.csproj | Adds CompatBot sample project file. |
| core/samples/CompatBot/Cards.cs | Adds adaptive card payload helpers for CompatBot sample. |
| core/samples/AllInvokesBot/manifest.json | Adds Teams app manifest for invoke-handler sample. |
| core/samples/AllInvokesBot/appsettings.json | Adds configuration for AllInvokesBot sample. |
| core/samples/AllInvokesBot/README.md | Adds testing guide for invoke handlers. |
| core/samples/AllInvokesBot/AllInvokesBot.csproj | Adds net10.0 AllInvokesBot sample project. |
| core/samples/AllFeatures/appsettings.json | Adds configuration for AllFeatures sample. |
| core/samples/AllFeatures/Program.cs | Adds AllFeatures sample demonstrating message handling. |
| core/samples/AllFeatures/AllFeatures.http | Adds HTTP scratch file for local testing. |
| core/samples/AllFeatures/AllFeatures.csproj | Adds net10.0 AllFeatures sample project. |
| core/samples/AFBot/appsettings.json | Adds AFBot logging/AppInsights placeholder configuration. |
| core/samples/AFBot/Program.cs | Adds AFBot sample using Azure OpenAI agent flow. |
| core/samples/AFBot/DropTypingMiddleware.cs | Adds middleware to drop typing activities in AFBot sample. |
| core/samples/AFBot/AFBot.csproj | Adds net10.0 AFBot sample project and package refs. |
| core/.gitignore | Adds ignores for local run/config files in core. |
| core/.editorconfig | Adds C# formatting rules and sample/test rule adjustments. |
| Tests/Microsoft.Teams.Apps.Tests/Microsoft.Teams.Apps.Tests.csproj | Adjusts NoWarn and DI package reference in tests. |
| Tests/Microsoft.Teams.Api.Tests/Microsoft.Teams.Api.Tests.csproj | Adds NoWarn entries for experimental features in tests. |
| Tests/Microsoft.Teams.Api.Tests/Json/Activity/Message/MessageReactionActivity.json | Updates reaction activity fixture JSON. |
| Tests/Microsoft.Teams.Api.Tests/Json/Activity/Invokes/SignInFailureActivity.json | Adds fixture JSON for signin/failure invoke. |
| Tests/Microsoft.Teams.Api.Tests/ConversationTests.cs | Adds tests for threaded conversation ID helper. |
| Tests/Microsoft.Teams.Api.Tests/Clients/ReactionClientTests.cs | Adds client tests for reactions add/delete endpoints. |
| Tests/Microsoft.Teams.Api.Tests/Clients/BotTokenClientTests.cs | Adds tests for configurable bot scope usage. |
| Tests/Microsoft.Teams.Api.Tests/Activities/Message/MessageReactionActivityTests.cs | Updates reaction activity tests to reflect API changes. |
| Tests/Microsoft.Teams.Api.Tests/Activities/Invokes/Tasks/TasksTests.cs | Adds tests asserting derived/base Value accessibility. |
| Tests/Microsoft.Teams.Api.Tests/Activities/Invokes/MessageExtensions/MessageExtensionsTests.cs | Adds tests asserting derived/base Value accessibility for message extensions. |
| Tests/Microsoft.Teams.Api.Tests/Activities/Invokes/AdaptiveCards/AdaptiveCardsTests.cs | Adds tests asserting derived/base Value accessibility for adaptive cards. |
| Samples/Samples.Threading/appsettings.json | Adds TenantId setting placeholder. |
| Samples/Samples.Threading/Samples.Threading.csproj | Adds net10.0 project definition for threading sample. |
| Samples/Samples.Threading/README.md | Adds documentation for threading commands and behaviors. |
| Samples/Samples.Threading/Program.cs | Adds threading demo bot showing reply/send/thread targeting. |
| Samples/Samples.TargetedMessages/appsettings.json | Updates config shape (AllowedHosts vs BotEndpoint). |
| Samples/Samples.TargetedMessages/appsettings.Development.json | Adds dev logging config. |
| Samples/Samples.TargetedMessages/Samples.TargetedMessages.csproj | Adds net10.0 project definition and experimental NoWarn. |
| Samples/Samples.TargetedMessages/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings with Teams env vars. |
| Samples/Samples.Tab/appsettings.json | Adjusts logging and Teams config shape. |
| Samples/Samples.Tab/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.Tab/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.Tab/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Samples.Reactions/appsettings.json | Adjusts logging config in reactions sample. |
| Samples/Samples.Reactions/Samples.Reactions.csproj | Adds net10.0 reactions sample project and NoWarn. |
| Samples/Samples.Reactions/Properties/launchSettings.TEMPLATE.json | Updates templated launch settings format and env vars. |
| Samples/Samples.Reactions/Program.cs | Adds reactions sample demonstrating add/delete and event handling. |
| Samples/Samples.MessageExtensions/appsettings.json | Adds Teams logging section and TenantId placeholder. |
| Samples/Samples.MessageExtensions/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.MessageExtensions/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.MessageExtensions/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Samples.MessageExtensions/Program.cs | Updates handlers to accept/use CancellationToken. |
| Samples/Samples.Meetings/appsettings.json | Updates logging and Teams config shape. |
| Samples/Samples.Meetings/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Samples.Meetings/Program.cs | Updates handlers to accept/use CancellationToken. |
| Samples/Samples.McpClient/appsettings.json | Adds Teams config and Teams logging section. |
| Samples/Samples.McpClient/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.McpClient/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.McpClient/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings with OpenAI env vars. |
| Samples/Samples.Mcp/appsettings.json | Adjusts logging and adds TenantId placeholder. |
| Samples/Samples.Mcp/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.Mcp/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.Mcp/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings with OpenAI env vars. |
| Samples/Samples.Lights/appsettings.json | Adjusts logging and adds TenantId placeholder. |
| Samples/Samples.Lights/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.Lights/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.Lights/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings with OpenAI env vars. |
| Samples/Samples.Lights/Program.cs | Updates handlers to accept/use CancellationToken. |
| Samples/Samples.Graph/appsettings.json | Updates logging and Teams config shape. |
| Samples/Samples.Graph/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.Graph/README.md | Updates prereqs/docs around launchSettings template and .NET version. |
| Samples/Samples.Graph/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.Graph/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Samples.Graph/Program.cs | Updates handlers for CancellationToken and adds OnSignInFailure handler. |
| Samples/Samples.Echo/appsettings.json | Adjusts logging and adds TenantId placeholder. |
| Samples/Samples.Echo/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.Echo/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Samples.Echo/Program.cs | Updates activity/message handlers to use CancellationToken. |
| Samples/Samples.Dialogs/appsettings.json | Updates logging and Teams config shape. |
| Samples/Samples.Dialogs/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Samples.Cards/appsettings.json | Updates logging and Teams config shape. |
| Samples/Samples.Cards/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.Cards/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Samples.Cards/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Samples.BotBuilder/appsettings.json | Updates logging and removes Teams settings from config. |
| Samples/Samples.BotBuilder/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.BotBuilder/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings for BotBuilder sample. |
| Samples/Samples.BotBuilder/Program.cs | Updates handlers to accept/use CancellationToken. |
| Samples/Samples.AI/appsettings.json | Adds Teams config and Teams logging section. |
| Samples/Samples.AI/appsettings.Development.json | Removes dev appsettings file. |
| Samples/Samples.AI/Samples.AI.csproj | Adds Microsoft.Teams.Cards project reference. |
| Samples/Samples.AI/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings including Azure OpenAI vars. |
| Samples/Samples.AI/Handlers/MemoryManagementHandler.cs | Adds cancellation token support for AI prompt/calls. |
| Samples/Samples.AI/Handlers/FunctionCallingHandler.cs | Adds cancellation token support for AI prompt/calls. |
| Samples/Samples.AI/Handlers/CitationsHandler.cs | Adds cancellation token support for sending messages. |
| Samples/Deprecated.Controllers/appsettings.json | Adds Teams config and Teams logging section. |
| Samples/Deprecated.Controllers/Properties/launchSettings.json | Removes local launchSettings.json. |
| Samples/Deprecated.Controllers/Properties/launchSettings.TEMPLATE.json | Adds templated launch settings. |
| Samples/Deprecated.Controllers/Program.cs | Reorders usings. |
| Samples/Deprecated.Controllers/MainController.cs | Fixes using ordering for annotations. |
| README.md | Adds documentation about preview packages on nuget.org. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.External/Microsoft.Teams.Plugins.External.McpClient/version.json | Bumps preview version. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.External/Microsoft.Teams.Plugins.External.Mcp/version.json | Bumps preview version. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/HostApplicationBuilder.cs | Passes resolved cloud into TeamsValidationSettings. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/ApplicationBuilder.cs | Removes unused auth using. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/AspNetCorePlugin.cs | Adds targeted message handling for create/update. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/AspNetCorePlugin.Stream.cs | Adds cancellation token support to streamer close loop. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore.DevTools/Microsoft.Teams.Plugins.AspNetCore.DevTools.csproj | Bumps System.IdentityModel.Tokens.Jwt dependency. |
| Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore.DevTools/DevToolsPlugin.cs | Prevents devtools plugin usage in Production environment. |
| Libraries/Microsoft.Teams.Extensions/Microsoft.Teams.Extensions.Hosting/Microsoft.Teams.Apps.Extensions/HostApplicationBuilder.cs | Resolves cloud from settings and applies to credentials/app builder. |
| Libraries/Microsoft.Teams.Cards/Utilities/SubmitData.cs | Adds helper type for action-based submit payload routing. |
| Libraries/Microsoft.Teams.Cards/Utilities/OpenDialogData.cs | Adds helper type for task/fetch dialog routing payload. |
| Libraries/Microsoft.Teams.Cards/Actions/TaskFetchAction.cs | Marks legacy class obsolete in favor of newer data types. |
| Libraries/Microsoft.Teams.Cards/Actions/SignInAction.cs | Marks legacy class obsolete in favor of newer data types. |
| Libraries/Microsoft.Teams.Cards/Actions/MessageBackAction.cs | Marks legacy class obsolete in favor of newer data types. |
| Libraries/Microsoft.Teams.Cards/Actions/InvokeAction.cs | Marks legacy class obsolete and updates InvokeSubmitActionData construction. |
| Libraries/Microsoft.Teams.Cards/Actions/IMBackAction.cs | Marks legacy class obsolete in favor of newer data types. |
| Libraries/Microsoft.Teams.Apps/ServiceUrlValidator.cs | Adds new service URL allowlist validation helper. |
| Libraries/Microsoft.Teams.Apps/Plugins/Streamer.cs | Updates interface to accept cancellation token in Close(). |
| Libraries/Microsoft.Teams.Apps/Contexts/Client/FunctionContext.cs | Adds cancellation token support to send methods. |
| Libraries/Microsoft.Teams.Apps/AppOptions.cs | Adds Cloud and additional allowed domain options. |
| Libraries/Microsoft.Teams.Apps/AppBuilder.cs | Adds AddCloud() builder method. |
| Libraries/Microsoft.Teams.Apps/Annotations/ContextAttribute.cs | Removes unused extension using. |
| Libraries/Microsoft.Teams.Apps/Activities/TypingActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Messages/MessageUpdateActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Messages/MessageDeleteActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Tasks/SubmitActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Tasks/FetchActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Tabs/SubmitActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Tabs/FetchActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Search/SearchActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Messages/SubmitActionActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Messages/FetchTaskActivity.cs | Adds handler registration for message/fetchTask invoke. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Messages/FeedbackActivity.cs | Adds cancellation-token overload and obsoletes old handler. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/MessageExtensions/SettingsActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/MessageExtensions/SelectItemActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/MessageExtensions/QueryLinkActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/MessageExtensions/QueryActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/MessageExtensions/FetchTaskActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/MessageExtensions/CardButtonClickedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/InvokeActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/HandoffActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/FileConsentActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/ExecuteActionActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Configs/SubmitActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/Configs/FetchActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Invokes/AdaptiveCards/ActionActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Installs/UnInstallActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Installs/InstallUpdateActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Installs/InstallActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Events/ReadReceiptActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Events/MeetingStartActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Events/MeetingLeaveActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Events/MeetingJoinActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Events/MeetingEndActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Events/EventActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/TeamUnArchivedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/TeamRestoredActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/TeamRenamedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/TeamDeletedActivity.cs | Adds cancellation-token overloads and marks old overloads obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/TeamArchivedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/MembersRemovedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/MembersAddedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ConversationUpdateActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ConversationEndActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelUnsharedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelSharedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelRestoredActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelRenamedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelMemberRemovedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelMemberAddedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelDeletedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/Conversations/ChannelCreatedActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/CommandResultActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps/Activities/CommandActivity.cs | Adds cancellation-token overload and marks old overload obsolete. |
| Libraries/Microsoft.Teams.Apps.Testing/Plugins/TestPlugin.Stream.cs | Updates test streamer Close() signature. |
| Libraries/Microsoft.Teams.Api/SignIn/Failure.cs | Adds model for Teams signin failure payload. |
| Libraries/Microsoft.Teams.Api/Microsoft.Teams.Api.csproj | Bumps System.IdentityModel.Tokens.Jwt dependency. |
| Libraries/Microsoft.Teams.Api/Messages/Reaction.cs | Marks reactions experimental and updates reaction type set. |
| Libraries/Microsoft.Teams.Api/Messages/Message.cs | Suppresses experimental warnings for reactions property. |
| Libraries/Microsoft.Teams.Api/FeedbackLoop.cs | Adds feedback loop model/types. |
| Libraries/Microsoft.Teams.Api/Conversation.cs | Adds helper for threaded conversation IDs. |
| Libraries/Microsoft.Teams.Api/Clients/TeamClient.cs | Adds optional CancellationToken to methods. |
| Libraries/Microsoft.Teams.Api/Clients/MemberClient.cs | Adds optional CancellationToken to methods. |
| Libraries/Microsoft.Teams.Api/Clients/MeetingClient.cs | Adds optional CancellationToken to methods. |
| Libraries/Microsoft.Teams.Api/Clients/ConversationClient.cs | Adds reactions client and optional CancellationToken for CreateAsync. |
| Libraries/Microsoft.Teams.Api/Clients/BotTokenClient.cs | Adds configurable scopes and optional CancellationToken. |
| Libraries/Microsoft.Teams.Api/Clients/BotSignInClient.cs | Adds configurable token service URL and optional CancellationToken. |
| Libraries/Microsoft.Teams.Api/Clients/ApiClient.cs | Exposes underlying IHttpClient and adds copy ctor with CancellationToken. |
| Libraries/Microsoft.Teams.Api/ChannelData.cs | Adds FeedbackLoop property and clarifies legacy flag. |
| Libraries/Microsoft.Teams.Api/Auth/ClientCredentials.cs | Adds cloud-aware login endpoints/tenant selection. |
| Libraries/Microsoft.Teams.Api/App.cs | Makes App.Id nullable (was required). |
| Libraries/Microsoft.Teams.Api/Activities/Message/MessageReactionActivity.cs | Marks reaction helper methods obsolete and gates experimental warnings. |
| Libraries/Microsoft.Teams.Api/Activities/Message/MessageActivity.cs | Adds experimental targeted recipient overload. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/Tasks/SubmitActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/Tasks/FetchActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/Tabs/SubmitActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/Tabs/FetchActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/SignInActivity.cs | Adds signin/failure serialization support. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/SignIn/VerifyStateActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/SignIn/TokenExchangeActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/SignIn/FailureActivity.cs | Adds invoke activity type for signin/failure. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/SearchActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/Messages/SubmitActionActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageExtensions/SubmitActionActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageExtensions/SettingActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageExtensions/QuerySettingUrlActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageExtensions/QueryLinkActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageExtensions/QueryActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageExtensions/FetchTaskActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageExtensions/AnonQueryLinkActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/MessageActivity.cs | Adds message/fetchTask conversion and serialization support. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/HandoffActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Activities/Invokes/AdaptiveCards/ActionActivity.cs | Makes derived Value delegate to base.Value. |
| Libraries/Microsoft.Teams.Api/Account.cs | Adds experimental isTargeted flag on Account. |
| .github/workflows/core-test.yaml | Adds manual workflow to build/test core with secrets in environment. |
| .github/workflows/core-ci.yaml | Adds CI workflow for next/core branch (build/test). |
| .github/workflows/codeql.yml | Extends CodeQL analysis to run on next/core branch. |
| .devcontainer/devcontainer.json | Updates devcontainer to latest Aspire and adds .NET 10 + Docker-in-Docker. |
| .azdo/ci.yaml | Refactors ADO pipeline: variables, test results publishing, artifacts, removes push. |
| .azdo/cd-core.yaml | Adds core path filters and standardizes artifact naming/conditions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
15
to
19
There was a problem hiding this comment.
The builder variable is declared but never used. Because core/samples/Directory.Build.props enables TreatWarningsAsErrors, this will fail the build for the samples. Remove the unused builder declaration (or use a single builder consistently).
There was a problem hiding this comment.
The same middleware is registered twice, which will cause it to run twice per turn (duplicated logging and duplicated outbound messages). Remove the duplicate Use(new MyCompatMiddleware()) call.
Suggested change
There was a problem hiding this comment.
Passing an empty bot AppId to ContinueConversationAsync is very likely to fail at runtime for proactive messaging. Use the configured Microsoft AppId (from configuration/environment) instead of an empty string.
Comment on lines
32
to
38
There was a problem hiding this comment.
Using cancellationToken != default to decide whether to use the per-client _cancellationToken makes it impossible for callers to override a canceled _cancellationToken with CancellationToken.None (since None is default). If the intent is 'caller token always wins', use the passed cancellationToken directly; if the intent is 'fallback to _cancellationToken only when not provided', consider changing the API to CancellationToken? cancellationToken = null (or removing the stored _cancellationToken pattern).
Comment on lines
19
to
25
There was a problem hiding this comment.
For a method named IsAllowed, returning true when serviceUrl is null/empty can unintentionally bypass validation in security-sensitive call sites (e.g., validating incoming activities). Consider returning false for null/empty values, or splitting this into two APIs (e.g., TryValidate(...) vs IsAllowed(...)) so callers must explicitly opt into the 'missing URL is ok' behavior.
There was a problem hiding this comment.
This introduces new allowlist validation behavior (scheme enforcement, localhost exception, wildcard handling, and domain matching) without corresponding tests. Add unit tests covering: null/empty input, invalid URI, http vs https, localhost/127.0.0.1, wildcard *, and allowed/blocked hostnames (including additionalDomains).
Removed Azure.Monitor.OpenTelemetry.AspNetCore from CompatBot and CoreBot projects. Added OpenTelemetry.Api to AFBot. Cleaned up related using and service registration in Program.cs.
singhk97
approved these changes
Apr 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Microsoft.AspNetCore.DataProtectionto 10.0.7 in the net10.0 target to resolve GHSA-9mv3-2cwr-p262 (NU1904 critical vulnerability in transitive 10.0.0 dependency)System.Security.Cryptography.Xmlfrom 10.0.6 to 10.0.7 (required by DataProtection 10.0.7)Test plan
dotnet buildsucceeds with 0 warnings, 0 errors for bothBot.CoreandBot.Compat🤖 Generated with Claude Code