MichaelSun90
commented
2 weeks ago Hi @oliverbock , Thanks for bring this on up. Will definitely look into this and bump up the version accordingly.
Closed oliverbock closed 1 week ago
MichaelSun90
commented
2 weeks ago Hi @oliverbock , Thanks for bring this on up. Will definitely look into this and bump up the version accordingly.
MichaelSun90
commented
1 week ago Hi @oliverbock , the change has been merged and released. Closing this one for now.
olibos
commented
1 week ago Hello @MichaelSun90 do you know when it will be released on NPM?
According to this advisory, @azure/identity versions prior to 4.2.1 include a vulnerability. Package.json specifies
"@azure/identity": "^3.4.1"which cannot be quietly upgraded because the hat (^) does not allow major version upgrades.Please adopt the invulnerable release version.
Apologies if my limited understanding of npm dependencies means that this isn't necessary.