Closed avanigupta closed 3 months ago
Indeed a new version 4.1.0 of @azure/identity was released days ago. I'll update the dependency now. At a glance the js-sdk is not listed as affected products, no idea whether this CVE applies to azure identity JS SDK. Will investigate the impact to determine whether to ship a new release.
We need to upgrade the Azure Identity package to address this security vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29992
Release notes: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/CHANGELOG.md#410-2024-04-09