Upgrade Azure Identity package to 4.1.0 to fix security vulnerability

Azure / AppConfiguration-JavaScriptProvider

The configuration provider for consuming data in Azure App Configuration from JavaScript applications like Node or browser apps.

https://github.com/Azure/AppConfiguration

MIT License

6 stars 1 forks source link

Upgrade Azure Identity package to 4.1.0 to fix security vulnerability #59

Closed avanigupta closed 3 months ago

avanigupta commented 3 months ago

We need to upgrade the Azure Identity package to address this security vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29992

Release notes: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/CHANGELOG.md#410-2024-04-09

Eskibear commented 3 months ago

Indeed a new version 4.1.0 of @azure/identity was released days ago. I'll update the dependency now. At a glance the js-sdk is not listed as affected products, no idea whether this CVE applies to azure identity JS SDK. Will investigate the impact to determine whether to ship a new release.