MichaelSun90
commented
5 months ago Hi @oliverbock , Thanks for bring this on up. Will definitely look into this and bump up the version accordingly.
Closed oliverbock closed 5 months ago
MichaelSun90
commented
5 months ago Hi @oliverbock , Thanks for bring this on up. Will definitely look into this and bump up the version accordingly.
MichaelSun90
commented
5 months ago Hi @oliverbock , the change has been merged and released. Closing this one for now.
olibos
commented
5 months ago Hello @MichaelSun90 do you know when it will be released on NPM?
According to this advisory, @azure/identity versions prior to 4.2.1 include a vulnerability. Package.json specifies
"@azure/identity": "^3.4.1"which cannot be quietly upgraded because the hat (^) does not allow major version upgrades.Please adopt the invulnerable release version.
Apologies if my limited understanding of npm dependencies means that this isn't necessary.