fix: [#4490] Usage of a vulnerable package - Upgrade recognizers-text-number (#4524)

* Upgrade recognizers-text-number to latest version

* Update unit tests to work with new entities

Author: ceciliaavila

libraries/botbuilder-dialogs-adaptive/package.json

@@ -31,7 +31,7 @@
     "@microsoft/recognizers-text": "~1.1.4",
     "@microsoft/recognizers-text-choice": "~1.1.4",
     "@microsoft/recognizers-text-date-time": "~1.1.4",
-    "@microsoft/recognizers-text-number": "~1.1.4",
+    "@microsoft/recognizers-text-number": "~1.3.1",
     "@microsoft/recognizers-text-number-with-unit": "~1.1.4",
     "@microsoft/recognizers-text-sequence": "~1.1.4",
     "@microsoft/recognizers-text-suite": "1.1.4",

libraries/botbuilder-dialogs-adaptive/tests/entityRecognizer.test.js

@@ -96,7 +96,7 @@ describe('EntityRecognizer Tests', function () {
     it('test datetime', async function () {
         const dc = getDialogContext('testDatetime', 'Next thursday at 4pm.');
         const results = await recognizers.recognizeEntities(dc, dc.context.activity.text, dc.context.activity.locale);
-        assert.strictEqual(results.length, 3); // should be 4 but ordinal entity is missing.
+        assert.strictEqual(results.length, 4);
         assert.strictEqual(results.filter((e) => e.type === 'datetimeV2.datetime').length, 1);
         // assert.strictEqual(results.filter((e) => e.type === 'ordinal').length, 1);
         assert.strictEqual(results.filter((e) => e.type === 'dimension').length, 1);
@@ -119,7 +119,7 @@ describe('EntityRecognizer Tests', function () {
     it('test guid', async function () {
         const dc = getDialogContext('testGuid', 'my account number is 00000000-0000-0000-0000-000000000000...');
         const results = await recognizers.recognizeEntities(dc, dc.context.activity.text, dc.context.activity.locale);
-        assert.strictEqual(results.length, 3); // should be 7, but some entitie are missing.
+        assert.strictEqual(results.length, 7);
         assert.strictEqual(results.filter((e) => e.type === 'guid').length, 1);
     });
 
@@ -168,7 +168,7 @@ describe('EntityRecognizer Tests', function () {
     it('test phonenumber', async function () {
         const dc = getDialogContext('testPhonenumber', 'Call 425-882-8080');
         const results = await recognizers.recognizeEntities(dc, dc.context.activity.text, dc.context.activity.locale);
-        assert.strictEqual(results.length, 3); // should be 5, but some entities are missing.
+        assert.strictEqual(results.length, 5);
         assert.strictEqual(results.filter((e) => e.type === 'phonenumber').length, 1);
     });
 

libraries/botbuilder-dialogs/package.json

@@ -29,7 +29,7 @@
   "dependencies": {
     "@microsoft/recognizers-text-choice": "1.1.4",
     "@microsoft/recognizers-text-date-time": "1.1.4",
-    "@microsoft/recognizers-text-number": "1.1.4",
+    "@microsoft/recognizers-text-number": "1.3.1",
     "@microsoft/recognizers-text-suite": "1.1.4",
     "botbuilder-core": "4.1.6",
     "botbuilder-dialogs-adaptive-runtime-core": "4.1.6",

package.json

@@ -48,6 +48,7 @@
     "underscore": "1.13.1",
     "json-schema": "0.4.0",
     "jsonwebtoken": "9.0.0",
+    "@microsoft/recognizers-text-number": "~1.3.1",
     "@xmldom/xmldom": "0.8.6",
     "**/botbuilder-ai/@azure/cognitiveservices-luis-runtime/@azure/ms-rest-js": "^2.7.0",
     "**/botbuilder-azure/@azure/core-auth/@azure/core-tracing": "1.0.0-preview.9",

yarn.lock

@@ -1504,16 +1504,14 @@
     lodash.last "^3.0.0"
     lodash.max "^4.0.1"
 
-"@microsoft/recognizers-text-number@1.1.4", "@microsoft/recognizers-text-number@~1.1.4":
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/@microsoft/recognizers-text-number/-/recognizers-text-number-1.1.4.tgz#1fbe0473322e6292bb93f9af86c6ca5ce05212d9"
-  integrity sha512-6EmlR+HR+eJBIX7sQby1vs6LJB64wxLowHaGpIU9OCXFvZ5Nb0QT8qh10rC40v3Mtrz4DpScXfSXr9tWkIO5MQ==
+"@microsoft/recognizers-text-number@1.3.1", "@microsoft/recognizers-text-number@~1.1.4", "@microsoft/recognizers-text-number@~1.3.1":
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/@microsoft/recognizers-text-number/-/recognizers-text-number-1.3.1.tgz#b2bffbb0b5c44eec77121f0c510c5bb40f77c668"
+  integrity sha512-JBxhSdihdQLQilCtqISEBw5kM+CNGTXzy5j5hNoZECNUEvBUPkAGNEJAeQPMP5abrYks29aSklnSvSyLObXaNQ==
   dependencies:
-    "@microsoft/recognizers-text" "~1.1.4"
+    "@microsoft/recognizers-text" "~1.3.1"
     bignumber.js "^7.2.1"
-    lodash.escaperegexp "^4.1.2"
-    lodash.sortby "^4.7.0"
-    lodash.trimend "^4.5.1"
+    lodash "^4.17.21"
 
 "@microsoft/recognizers-text-sequence@~1.1.4":
   version "1.1.4"
@@ -1540,6 +1538,11 @@
   resolved "https://registry.yarnpkg.com/@microsoft/recognizers-text/-/recognizers-text-1.1.4.tgz#264530f748b2cad3fac54d53538f88ad2bf99b7e"
   integrity sha512-hlSVXcaX5i8JcjuUJpVxmy2Z/GxvFXarF0KVySCFop57wNEnrLWMHe4I4DjP866G19VyIKRw+vPA32pkGhZgTg==
 
+"@microsoft/recognizers-text@~1.3.1":
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/@microsoft/recognizers-text/-/recognizers-text-1.3.1.tgz#eda98a9148101ecdb04ed1424082d472b04aabd9"
+  integrity sha512-HikLoRUgSzM4OKP3JVBzUUp3Q7L4wgI17p/3rERF01HVmopcujY3i6wgx8PenCwbenyTNxjr1AwSDSVuFlYedQ==
+
 "@microsoft/tsdoc-config@~0.15.2":
   version "0.15.2"
   resolved "https://registry.yarnpkg.com/@microsoft/tsdoc-config/-/tsdoc-config-0.15.2.tgz#eb353c93f3b62ab74bdc9ab6f4a82bcf80140f14"
@@ -8730,11 +8733,6 @@ lodash.set@^4.3.2:
   resolved "https://registry.yarnpkg.com/lodash.set/-/lodash.set-4.3.2.tgz#d8757b1da807dde24816b0d6a84bea1a76230b23"
   integrity sha1-2HV7HagH3eJIFrDWqEvqGnYjCyM=
 
-lodash.sortby@^4.7.0:
-  version "4.7.0"
-  resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
-  integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=
-
 lodash.template@^3.0.0:
   version "3.6.2"
   resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-3.6.2.tgz#f8cdecc6169a255be9098ae8b0c53d378931d14f"
@@ -8787,11 +8785,6 @@ lodash.tonumber@^4.0.3:
   resolved "https://registry.yarnpkg.com/lodash.tonumber/-/lodash.tonumber-4.0.3.tgz#0b96b31b35672793eb7f5a63ee791f1b9e9025d9"
   integrity sha1-C5azGzVnJ5Prf1pj7nkfG56QJdk=
 
-lodash.trimend@^4.5.1:
-  version "4.5.1"
-  resolved "https://registry.yarnpkg.com/lodash.trimend/-/lodash.trimend-4.5.1.tgz#12804437286b98cad8996b79414e11300114082f"
-  integrity sha1-EoBENyhrmMrYmWt5QU4RMAEUCC8=
-
 lodash@^4.1.2, lodash@^4.17.11, lodash@^4.17.13, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.4, lodash@~4.17.15, lodash@~4.17.19:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"