fix: Dev v4 to main merge

[Dhruvkumar-Microsoft]

Purpose

This pull request primarily updates dependencies across the project to newer versions, focusing on both Python and JavaScript packages, as well as GitHub Actions used in CI/CD workflows. The updates are aimed at improving security, compatibility, and stability.

Dependency Updates

• Updated Python package dependencies in src/backend/pyproject.toml, src/backend/requirements.txt, src/App/pyproject.toml, and src/mcp_server/pyproject.toml to newer versions, including key libraries like fastapi, uvicorn, azure-cosmos, openai, opentelemetry, and others. This also includes patch and minor version bumps for security and compatibility. [1] [2] [3] [4] [5]

• Upgraded postcss JavaScript dependency in src/App/package-lock.json from 8.5.9 to 8.5.14.

CI/CD Workflow Improvements

• Updated the version of actions/checkout to v6 in multiple workflow files for improved performance and support. [1] [2] [3]

• Upgraded azure/login action from v2 to v3 in all workflows to ensure better security and compatibility with Azure authentication. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]

• Updated additional GitHub Actions to latest versions, such as microsoft/template-validation-action, tj-actions/changed-files, actions/setup-python, and actions/upload-artifact, to maintain compatibility and receive latest features and fixes. [1] [2] [3] [4]

These changes help keep the project up-to-date with the latest dependencies and CI/CD tooling, reducing technical debt and potential security vulnerabilities.

Does this introduce a breaking change?

• Yes
• No

How to Test

• Get the code

git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install

• Test the code

What to Check

Verify that the following are valid

• ...

Other Information

[github-actions]

Coverage Report •

File	Stmts	Miss	Cover	Missing
TOTAL	3034	379	87%

report-only-changed-files is enabled. No files were changed during this commit :)

Tests	Skipped	Failures	Errors	Time
883	5 💤	0 ❌	0 🔥	8.600s ⏱️

[Copilot]

Pull request overview

This PR merges dev-v4 changes into main with a primary focus on modernizing project dependencies (Python + JS) and updating GitHub Actions used across CI/CD workflows to newer versions for security/compatibility.

Changes:

• Bumped Python dependency versions across backend, MCP server, and App (including regenerated uv.lock files and updated requirements.txt / pyproject.toml pins).
• Updated the App’s npm dependency lock to move postcss to a newer patch version.
• Updated multiple GitHub Actions versions across workflows (e.g., actions/checkout, actions/setup-python, actions/upload-artifact, azure/login, and others).

Reviewed changes

Copilot reviewed 17 out of 21 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/mcp_server/uv.lock	Updates locked Python packages for the MCP server (e.g., python-dotenv, python-multipart, urllib3).
src/mcp_server/pyproject.toml	Bumps MCP server dependency pins to align with lockfile updates.
src/backend/uv.lock	Large lock refresh for backend dependencies (Azure SDKs, FastAPI, OpenAI, OTel, protobuf, etc.).
src/backend/requirements.txt	Updates backend pip requirements pins to newer versions.
src/backend/pyproject.toml	Updates backend dependency pins (and dev deps) consistent with the new lock/requirements.
src/App/uv.lock	Updates App’s Python lockfile and adds/pins additional dependencies (including urllib3).
src/App/pyproject.toml	Pins App Python deps more explicitly and adds urllib3 pin.
src/App/package-lock.json	Upgrades postcss in npm lockfile.
.github/workflows/validate-bicep-params.yml	Updates core CI actions (checkout/setup-python/upload-artifact) to newer versions.
.github/workflows/test-automation-v2.yml	Updates checkout/setup-python/upload-artifact and upgrades azure/login to v3.
.github/workflows/job-docker-build.yml	Upgrades azure/login to v3.
.github/workflows/job-deploy.yml	Upgrades azure/login to v3.
.github/workflows/job-deploy-windows.yml	Upgrades azure/login to v3.
.github/workflows/job-deploy-linux.yml	Upgrades azure/login to v3.
.github/workflows/job-cleanup-deployment.yml	Upgrades azure/login to v3.
.github/workflows/docker-build-and-push.yml	Upgrades azure/login to v3.
.github/workflows/deploy.yml	Upgrades azure/login to v3 and updates actions/checkout.
.github/workflows/deploy-waf.yml	Upgrades azure/login to v3.
.github/workflows/broken-links-checker.yml	Updates tj-actions/changed-files pin.
.github/workflows/azure-dev.yml	Updates actions/checkout and upgrades azure/login to v3.
.github/workflows/azd-template-validation.yml	Updates actions/checkout and bumps microsoft/template-validation-action.

Files not reviewed (1)

• src/App/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🎉 This PR is included in version 4.2.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀