fix: [#4684] Update some dependencies to latest version #4737
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #4684
Fixes #4734
#minor
Description
This PR fixes the remaining vulnerabilities (CVE-2024-43788, CVE-2015-8855, CVE-2017-16137, CVE-2017-16137).
Specific Changes
browserify-fs
as it was preventing updatingbl
andsemver
packages to non-vulnerable versions.ejs
andlodash.pick
asnightwatch
package was updated to fixsemver
vulnerability.webpack
to fix a vulnerability that appeared when running yarn audit.debug
version to anon-vulnerable one by updating the yarn.lock.Testing
The following image shows the
botframework-connector
browser continues working, and no new vulnerabilities have been found.