4.9.1 Release checklist

[compulim]

Checklist

Build

1. Bump to Bot Framework SDK release 4.9.2
   • https://botbuilder.myget.org/feed/botbuilder-v4-js-daily/package/npm/botbuilder
   • https://www.npmjs.com/package/botbuilder/v/4.9.2
2. Update CHANGELOG.md to mark specific changes in 4.9.1
3. Run npm version --no-git-tag-version 4.9.1
   • Merged into master, the PR number is [HIGH] Bump to production 4.9.1 #3231
   • Commit is 69d0afb
   • Do not merge any other unrelated changes after this PR. Any other PR merged, will need to be re-tested
4. Run daily pipeline manually, set "generate release version number" to true
   • (This will not push to NPM or CDN)
   • The build number is 136995 and commit is 69d0afb

Test

The test should run against the build artifacts from Azure Pipelines.

1. Manual testing on major browsers using webchat-release-testing
   • Chrome 83.0.4103.97
   • Edge (Anaheim) 83.0.478.45
   • Edge (UWP) 44.19041.1.0
   • Firefox 77.0.1
   • IE11
   • macOS Safari 13.0.3 (15608.3.10.1.4)
     • DLSpeech: Web Socket connection to westus2.convai.speech.microsoft.com closed instantly after connected, it also repro on previous versions of Web Chat (failed on 4.9.0, 4.8.1)
       • As it also repro on 4.9.0 and 4.8.1, I think this is service-side issue
   • iOS Safari 13.4.1
   • Android Chrome 83.0.4103.96
2. Test specific fixes related to 4.9.1 and previous releases
   • (Look at CHANGELOG.md and list out PRs that were not covered with automated tests)

Release

1. Make sure you are on master or qfe branch, run git status to check
2. git pull
3. Verify /package.json, /package-lock.json, and CHANGELOG.md has a version of 4.9.1
4. git log
   • Verify the latest commit is 69d0afb
5. git tag v4.9.1
6. git push -u upstream v4.9.1
   • You do not need to kick off a build again, use the previous build
7. Create a new GitHub release, copy entries from CHANGELOG.md
   • Subresource Integrity can be generated by
     • curl -H 'Accept-Encoding: gzip' https://cdn.botframework.com/botframework-webchat/4.9.1/webchat.js | gunzip - | openssl dgst -sha384 -binary | openssl base64 -A
     • cat webchat.js | openssl dgst -sha384 -binary | openssl base64 -A
   • Attach assets including 3 JS files, stats.json and 4 tarballs
     • You can copy the artifacts from webchat-release-testing/drops
     • Tarballs download from npmjs

       curl -L -o botframework-directlinespeech-sdk-4.9.1.tgz https://registry.npmjs.org/botframework-directlinespeech-sdk/-/botframework-directlinespeech-sdk-4.9.1.tgz
       curl -L -o botframework-webchat-4.9.1.tgz https://registry.npmjs.org/botframework-webchat/-/botframework-webchat-4.9.1.tgz
       curl -L -o botframework-webchat-core-4.9.1.tgz https://registry.npmjs.org/botframework-webchat-core/-/botframework-webchat-core-4.9.1.tgz
       curl -L -o botframework-webchat-component-4.9.1.tgz https://registry.npmjs.org/botframework-webchat-component/-/botframework-webchat-component-4.9.1.tgz
       

8. Kick off release to NPM
   • The build number is 136995, release number is 2268 and commit is 69d0afb
   • Retain the build indefinitely
9. Kick off release to CDN
   • The build number is 136995, release number is 2269 and commit is 69d0afb
   • Script build number is 131156
   1. Send reminder email to approvers
   • Retain the build indefinitely

Post-release check

• Clone webchat-release-testing
  • 01.create-react-app
    1. Nuke 01.create-react-app/node_modules
    2. npm install [email protected] (just install the bundle package)
  • Others
    • Using script tags from https://github.com/microsoft/BotFramework-WebChat/releases/tag/v4.9.1, with subresource integrity

      <script
         crossorigin="anonymous"
         integrity_no="sha384-"
         src="https://cdn.botframework.com/botframework-webchat/latest/webchat-es5.js"
      ></script>
      

Notification to interesting parties

• Update partner page on Adaptive Cards doc
  • https://docs.microsoft.com/en-us/adaptive-cards/resources/partners
  • PR at Update version number of Web Chat MicrosoftDocs/AdaptiveCards#299
• Notify related parties for the following fixes
  • CDC
  • CRA
  • DL ASE

Changelog

[4.9.1] - 2020-06-09

Breaking changes

• Affecting Adaptive Cards, legacy cards and suggested actions
  • For openUrl card action, we are now whitelisting the URL scheme using the same whitelist from the default Markdown + sanitize engine, which includes data, http, https, ftp, mailto, sip, and tel
  • To whitelist a different set of URL schemes, please implement the card action middleware to override this behavior

Added

• Resolves #3205. Added Direct Line App Service Extension protocol, by @compulim in PR #3206
• Resolves #3225. Support allowed scheme with openUrl card action, by @compulim in PR #3226

Fixed

• Fixes #1340. Card container should not be focusable if they do not have tapAction, by @compulim in PR #3193
• Fixed #3196. Cards with tapAction should be executable by ENTER or SPACEBAR key, by @compulim in PR #3197
• Fixed #3203. "New messages" button should be narrated by assistive technology, by @compulim in PR #3204
• Fixed #3217. Make sure rel="noopener noreferrer is not sanitized, by @compulim in PR #3220
• Fixed #3223. Tap an openUrl card action should open URL in a new tab with noopener noreferrer set, by @compulim in PR #3224

Changed

• Bumped Adaptive Cards dependencies, by @compulim in PR #3193
  • [email protected]
• Bumped dependencies due to a bug in Babel and Node.js, by @compulim in PR #3177
  • Development dependencies
    • @babel/[email protected]
  • Production dependencies
    • [email protected]
    • [email protected]
    • [email protected]
    • [email protected]
    • [email protected]
• Updated localization strings for Estonian (Estonia) (et-EE), by @LiweiMa in PR #3183
• Bumped [email protected], by @compulim in PR #3206

Samples

• Resolves #3205. Added Direct Line App Service Extension chat adapter sample, by @compulim in PR #3206

[compulim]

Done.