Component Governance python security updates (#1936)

* Fix django vulnerability

* vulnerability fix: "django==2.2.28"

* Update botbuilder requirements to 4.14.2

* Fix black import error

* reformat libraries with latest black

* Add component detection

* Update urllib3 root dependencies

* Revert azure-cognitiveservices-language-luis to 0.2.0 from 0.7.0

* Roll back all urllib3 root dependencies

* Revert the last two

* git reset to 'Add component detection' commit

* git reset to 'Update urllib3 root dependencies' commit

* Revert azure-cognitiveservices-language-luis to 0.2.0

Author: BruceHaley

generators/app/templates/core/{{cookiecutter.bot_name}}/requirements.txt

@@ -1,4 +1,4 @@
-botbuilder-integration-aiohttp>=4.14.0
-botbuilder-dialogs>=4.14.0
-botbuilder-ai>=4.14.0
+botbuilder-integration-aiohttp>=4.14.2
+botbuilder-dialogs>=4.14.2
+botbuilder-ai>=4.14.2
 datatypes-date-time>=1.0.0.a2

generators/app/templates/echo/{{cookiecutter.bot_name}}/requirements.txt

@@ -1 +1 @@
-botbuilder-integration-aiohttp>=4.14.0
+botbuilder-integration-aiohttp>=4.14.2

generators/app/templates/empty/{{cookiecutter.bot_name}}/requirements.txt

@@ -1 +1 @@
-botbuilder-integration-aiohttp>=4.14.0
+botbuilder-integration-aiohttp>=4.14.2

libraries/botbuilder-adapters-slack/botbuilder/adapters/slack/slack_adapter.py

@@ -103,7 +103,9 @@ async def update_activity(self, context: TurnContext, activity: Activity):
 
         message = SlackHelper.activity_to_slack(activity)
         results = await self.slack_client.chat_update(
-            ts=message.ts, channel=message.channel, text=message.text,
+            ts=message.ts,
+            channel=message.channel,
+            text=message.text,
         )
 
         if results.status_code / 100 != 2:

libraries/botbuilder-adapters-slack/botbuilder/adapters/slack/slack_client.py

@@ -409,7 +409,9 @@ async def post_message(self, message: SlackMessage) -> SlackResponse:
         if message.blocks:
             request_content["blocks"] = json.dumps(message.blocks)
 
-        session = aiohttp.ClientSession(timeout=aiohttp.ClientTimeout(total=30),)
+        session = aiohttp.ClientSession(
+            timeout=aiohttp.ClientTimeout(total=30),
+        )
 
         http_verb = "POST"
         api_url = POST_EPHEMERAL_MESSAGE_URL if message.ephemeral else POST_MESSAGE_URL

libraries/botbuilder-adapters-slack/botbuilder/adapters/slack/slack_helper.py

@@ -56,7 +56,9 @@ def activity_to_slack(activity: Activity) -> SlackMessage:
                         message.blocks = att.content
                     else:
                         new_attachment = Attachment(
-                            author_name=att.name, thumb_url=att.thumbnail_url, text="",
+                            author_name=att.name,
+                            thumb_url=att.thumbnail_url,
+                            text="",
                         )
                         attachments.append(new_attachment)
 

libraries/botbuilder-ai/botbuilder/ai/luis/luis_recognizer.py

@@ -262,7 +262,9 @@ async def _recognize_internal(
         if turn_context.activity.type != ActivityTypes.message:
             return None
 
-        utterance: str = turn_context.activity.text if turn_context.activity is not None else None
+        utterance: str = (
+            turn_context.activity.text if turn_context.activity is not None else None
+        )
         recognizer_result: RecognizerResult = None
 
         if luis_prediction_options:

libraries/botbuilder-ai/botbuilder/ai/luis/luis_recognizer_v2.py

@@ -44,7 +44,9 @@ def __init__(
 
     async def recognizer_internal(self, turn_context: TurnContext):
 
-        utterance: str = turn_context.activity.text if turn_context.activity is not None else None
+        utterance: str = (
+            turn_context.activity.text if turn_context.activity is not None else None
+        )
         luis_result: LuisResult = self._runtime.prediction.resolve(
             self._application.application_id,
             utterance,

libraries/botbuilder-ai/botbuilder/ai/luis/luis_recognizer_v3.py

@@ -55,7 +55,9 @@ def __init__(
     async def recognizer_internal(self, turn_context: TurnContext):
         recognizer_result: RecognizerResult = None
 
-        utterance: str = turn_context.activity.text if turn_context.activity is not None else None
+        utterance: str = (
+            turn_context.activity.text if turn_context.activity is not None else None
+        )
 
         url = self._build_url()
         body = self._build_request(utterance)

libraries/botbuilder-ai/botbuilder/ai/luis/luis_util.py

@@ -303,10 +303,14 @@ def recognizer_result_as_dict(
     ) -> Dict[str, object]:
         # an internal method that returns a dict for json serialization.
 
-        intents: Dict[str, Dict[str, float]] = {
-            name: LuisUtil.intent_score_as_dict(intent_score)
-            for name, intent_score in recognizer_result.intents.items()
-        } if recognizer_result.intents is not None else None
+        intents: Dict[str, Dict[str, float]] = (
+            {
+                name: LuisUtil.intent_score_as_dict(intent_score)
+                for name, intent_score in recognizer_result.intents.items()
+            }
+            if recognizer_result.intents is not None
+            else None
+        )
 
         dictionary: Dict[str, object] = {
             "text": recognizer_result.text,

libraries/botbuilder-ai/botbuilder/ai/qna/models/feedback_record.py

@@ -5,7 +5,7 @@
 
 
 class FeedbackRecord(Model):
-    """ Active learning feedback record. """
+    """Active learning feedback record."""
 
     _attribute_map = {
         "user_id": {"key": "userId", "type": "str"},

libraries/botbuilder-ai/botbuilder/ai/qna/models/feedback_records.py

@@ -5,7 +5,7 @@
 
 
 class FeedbackRecords(Model):
-    """ Active learning feedback records. """
+    """Active learning feedback records."""
 
     _attribute_map = {"records": {"key": "records", "type": "[FeedbackRecord]"}}
 

libraries/botbuilder-ai/botbuilder/ai/qna/models/generate_answer_request_body.py

@@ -5,7 +5,7 @@
 
 
 class GenerateAnswerRequestBody(Model):
-    """ Question used as the payload body for QnA Maker's Generate Answer API. """
+    """Question used as the payload body for QnA Maker's Generate Answer API."""
 
     _attribute_map = {
         "question": {"key": "question", "type": "str"},

libraries/botbuilder-ai/botbuilder/ai/qna/models/metadata.py

@@ -5,7 +5,7 @@
 
 
 class Metadata(Model):
-    """ Metadata associated with the answer. """
+    """Metadata associated with the answer."""
 
     _attribute_map = {
         "name": {"key": "name", "type": "str"},

libraries/botbuilder-ai/botbuilder/ai/qna/models/prompt.py

@@ -5,7 +5,7 @@
 
 
 class Prompt(Model):
-    """ Prompt Object. """
+    """Prompt Object."""
 
     _attribute_map = {
         "display_order": {"key": "displayOrder", "type": "int"},

libraries/botbuilder-ai/botbuilder/ai/qna/models/qnamaker_trace_info.py

@@ -11,7 +11,7 @@
 
 
 class QnAMakerTraceInfo:
-    """ Represents all the trace info that we collect from the QnAMaker Middleware. """
+    """Represents all the trace info that we collect from the QnAMaker Middleware."""
 
     def __init__(
         self,

libraries/botbuilder-ai/botbuilder/ai/qna/models/query_result.py

@@ -5,7 +5,7 @@
 
 
 class QueryResult(Model):
-    """ Represents an individual result from a knowledge base query. """
+    """Represents an individual result from a knowledge base query."""
 
     _attribute_map = {
         "questions": {"key": "questions", "type": "[str]"},

libraries/botbuilder-ai/botbuilder/ai/qna/models/query_results.py

@@ -7,7 +7,7 @@
 
 
 class QueryResults(Model):
-    """ Contains answers for a user query. """
+    """Contains answers for a user query."""
 
     _attribute_map = {
         "answers": {"key": "answers", "type": "[QueryResult]"},

libraries/botbuilder-ai/botbuilder/ai/qna/models/ranker_types.py

@@ -4,7 +4,7 @@
 
 class RankerTypes:
 
-    """ Default Ranker Behaviour. i.e. Ranking based on Questions and Answer. """
+    """Default Ranker Behaviour. i.e. Ranking based on Questions and Answer."""
 
     DEFAULT = "Default"
 

libraries/botbuilder-ai/botbuilder/ai/qna/models/train_request_body.py

@@ -5,7 +5,7 @@
 
 
 class TrainRequestBody(Model):
-    """ Class the models the request body that is sent as feedback to the Train API. """
+    """Class the models the request body that is sent as feedback to the Train API."""
 
     _attribute_map = {
         "feedback_records": {"key": "feedbackRecords", "type": "[FeedbackRecord]"}

libraries/botbuilder-ai/botbuilder/ai/qna/qnamaker.py

@@ -55,9 +55,9 @@ def __init__(
         instance_timeout = ClientTimeout(total=opt.timeout / 1000)
         self._http_client = http_client or ClientSession(timeout=instance_timeout)
 
-        self.telemetry_client: Union[
-            BotTelemetryClient, NullTelemetryClient
-        ] = telemetry_client or NullTelemetryClient()
+        self.telemetry_client: Union[BotTelemetryClient, NullTelemetryClient] = (
+            telemetry_client or NullTelemetryClient()
+        )
 
         self.log_personal_information = log_personal_information or False
 

libraries/botbuilder-ai/botbuilder/ai/qna/utils/active_learning_utils.py

@@ -13,7 +13,7 @@
 
 
 class ActiveLearningUtils:
-    """ Active learning helper class """
+    """Active learning helper class"""
 
     @staticmethod
     def get_low_score_variation(

libraries/botbuilder-ai/botbuilder/ai/qna/utils/http_request_utils.py

@@ -14,7 +14,7 @@
 
 
 class HttpRequestUtils:
-    """ HTTP request utils class.
+    """HTTP request utils class.
 
     Parameters:
     -----------

libraries/botbuilder-ai/botbuilder/ai/qna/utils/qna_card_builder.py

@@ -62,7 +62,9 @@ def get_qna_prompts_card(result: QueryResult, card_no_match_text: str) -> Activi
         # Add all prompts
         button_list = [
             CardAction(
-                value=prompt.display_text, type="imBack", title=prompt.display_text,
+                value=prompt.display_text,
+                type="imBack",
+                title=prompt.display_text,
             )
             for prompt in result.context.prompts
         ]

libraries/botbuilder-ai/botbuilder/ai/qna/utils/train_utils.py

@@ -11,7 +11,7 @@
 
 
 class TrainUtils:
-    """ Class for Train API, used in active learning to add suggestions to the knowledge base  """
+    """Class for Train API, used in active learning to add suggestions to the knowledge base"""
 
     def __init__(self, endpoint: QnAMakerEndpoint, http_client: ClientSession):
         """

libraries/botbuilder-ai/requirements.txt

@@ -1,6 +1,6 @@
-msrest==0.6.19
+msrest==0.6.21
 botbuilder-schema==4.15.0
 botbuilder-core==4.15.0
-requests==2.23.0
+requests==2.27.1
 aiounittest==1.3.0
-azure-cognitiveservices-language-luis==0.2.0
+azure-cognitiveservices-language-luis==0.7.0

libraries/botbuilder-ai/tests/luis/luis_recognizer_test.py

@@ -126,7 +126,9 @@ async def test_single_intent_simply_entity(self):
 
     async def test_null_utterance(self):
         utterance: str = None
-        response_path: str = "SingleIntent_SimplyEntity.json"  # The path is irrelevant in this case
+        response_path: str = (
+            "SingleIntent_SimplyEntity.json"  # The path is irrelevant in this case
+        )
 
         _, result = await LuisRecognizerTest._get_recognizer_result(
             utterance, response_path

libraries/botbuilder-applicationinsights/botbuilder/applicationinsights/bot_telemetry_processor.py

@@ -12,10 +12,14 @@ class BotTelemetryProcessor(TelemetryProcessor):
     """Application Insights Telemetry Processor for Bot"""
 
     def __init__(self, processors: List[TelemetryProcessor] = None):
-        self._processors: List[TelemetryProcessor] = [
-            DjangoTelemetryProcessor(),
-            FlaskTelemetryProcessor(),
-        ] if processors is None else processors
+        self._processors: List[TelemetryProcessor] = (
+            [
+                DjangoTelemetryProcessor(),
+                FlaskTelemetryProcessor(),
+            ]
+            if processors is None
+            else processors
+        )
 
     def can_process(self) -> bool:
         for processor in self._processors:

libraries/botbuilder-applicationinsights/botbuilder/applicationinsights/flask/flask_telemetry_middleware.py

@@ -10,7 +10,7 @@
 
 
 def retrieve_flask_body():
-    """ retrieve_flask_body
+    """retrieve_flask_body
     Retrieve the POST body text from temporary cache.
     The POST body corresponds with the thread id and should resides in
     cache just for lifetime of request.

libraries/botbuilder-applicationinsights/botbuilder/applicationinsights/processor/telemetry_processor.py

@@ -31,7 +31,7 @@ def get_request_body(self) -> str:  # pylint: disable=inconsistent-return-statem
         raise NotImplementedError()
 
     def __call__(self, data, context) -> bool:
-        """ Traditional Web user and session ID's don't apply for Bots.  This processor
+        """Traditional Web user and session ID's don't apply for Bots.  This processor
         replaces the identifiers to be consistent with Bot Framework's notion of
         user and session id's.
 

libraries/botbuilder-applicationinsights/requirements.txt

@@ -1,3 +1,3 @@
-msrest==0.6.19
+msrest==0.6.21
 botbuilder-core==4.15.0
 aiounittest==1.3.0

libraries/botbuilder-applicationinsights/setup.py

@@ -12,7 +12,7 @@
 ]
 TESTS_REQUIRES = [
     "aiounittest==1.3.0",
-    "django==2.2.24",  # For samples
+    "django==2.2.28",  # For samples
     "djangorestframework==3.10.3",  # For samples
     "flask==1.1.1",  # For samples
 ]

libraries/botbuilder-core/botbuilder/core/adapters/test_adapter.py

@@ -311,10 +311,18 @@ def create_conversation_reference(
             channel_id="test",
             service_url="https://test.com",
             conversation=ConversationAccount(
-                is_group=False, conversation_type=name, id=name,
+                is_group=False,
+                conversation_type=name,
+                id=name,
+            ),
+            user=ChannelAccount(
+                id=user.lower(),
+                name=user.lower(),
+            ),
+            bot=ChannelAccount(
+                id=bot.lower(),
+                name=bot.lower(),
             ),
-            user=ChannelAccount(id=user.lower(), name=user.lower(),),
-            bot=ChannelAccount(id=bot.lower(), name=bot.lower(),),
         )
 
     def add_user_token(
@@ -657,7 +665,9 @@ async def wait_for_activity():
         return TestFlow(await test_flow_previous(), self.adapter)
 
     async def assert_no_reply(
-        self, description=None, timeout=None,  # pylint: disable=unused-argument
+        self,
+        description=None,
+        timeout=None,  # pylint: disable=unused-argument
     ) -> "TestFlow":
         """
         Generates an assertion if the bot responds when no response is expected.

libraries/botbuilder-core/botbuilder/core/bot_framework_adapter.py

@@ -400,7 +400,8 @@ async def create_conversation(
                 if resource_response.activity_id
                 else str(uuid.uuid4()),
                 conversation=ConversationAccount(
-                    id=resource_response.id, tenant_id=parameters.tenant_id,
+                    id=resource_response.id,
+                    tenant_id=parameters.tenant_id,
                 ),
                 channel_data=parameters.channel_data,
                 recipient=parameters.bot,
@@ -512,7 +513,8 @@ async def process_activity_with_identity(
             if invoke_response is None:
                 return InvokeResponse(status=int(HTTPStatus.NOT_IMPLEMENTED))
             return InvokeResponse(
-                status=invoke_response.value.status, body=invoke_response.value.body,
+                status=invoke_response.value.status,
+                body=invoke_response.value.body,
             )
 
         return None
@@ -1295,7 +1297,9 @@ def key_for_connector_client(service_url: str, app_id: str, scope: str):
         return f"{service_url if service_url else ''}:{app_id if app_id else ''}:{scope if scope else ''}"
 
     async def _create_token_api_client(
-        self, context: TurnContext, oauth_app_credentials: AppCredentials = None,
+        self,
+        context: TurnContext,
+        oauth_app_credentials: AppCredentials = None,
     ) -> TokenApiClient:
         if (
             not self._is_emulating_oauth_cards