When running a build in ADO with the latest rush version component governance flags https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 as a moderate vulnerability which is due to @azure/identity version 4.0.1.
Details
The nesting of this is as follows:
@microsoft/rush-lib@5.128.1
├─ @rushstack/rush-azure-storage-build-cache-plugin@5.128.1
│ ├─ @azure/identity@4.0.1
Standard questions
Please answer these questions to help us investigate your issue more quickly:
octogonz
commented
3 months ago
Summary
When running a build in ADO with the latest rush version component governance flags https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 as a moderate vulnerability which is due to @azure/identity version 4.0.1.
Details
The nesting of this is as follows: @microsoft/rush-lib@5.128.1 ├─ @rushstack/rush-azure-storage-build-cache-plugin@5.128.1 │ ├─ @azure/identity@4.0.1
Standard questions
Please answer these questions to help us investigate your issue more quickly:
@microsoft/rushglobally installed version?rushVersionfrom rush.json?useWorkspacesfrom rush.json?node -v)?