@azure/identity is using vulnerable version of axios@0.20.0 with high severity
See original GitHub issue- Package Name:
@azure/identity
- Package Version:
1.2.0
- Operating system:
- nodejs
- version:
14.10.1
- version:
- browser
- name/version:
- typescript
- version:
- Is the bug related to documentation in
- README.md
- source code documentation
- SDK API docs on https://docs.microsoft.com
Describe the bug
axios@0.20.0
has high severity vulnerability, documented at https://npmjs.com/advisories/1594. It is fixed in axios@>0.21.1
.
Since @azure/identity
is a base package of other SDKs, the issue could have a broad impact across all SDKs.
To Reproduce Steps to reproduce the behavior:
npm install @azure/identity
Expected behavior It should not report any vulnerabilities.
Screenshots
Additional context
Issue Analytics
- State:
- Created 3 years ago
- Comments:14 (9 by maintainers)
Top Results From Across the Web
Microsoft Informs Users of High-Severity Vulnerability in Azure ...
Microsoft on Wednesday informed customers about a recently patched information disclosure vulnerability affecting Azure Active Directory ...
Read more >Critical Microsoft vulnerability from 2020 added to list of ...
A high-severity vulnerability affecting some versions of Microsoft Windows has been added to CISA's list of Known Exploited Vulnerabilities.
Read more >Change log for 4.10.0-0.nightly-ppc64le-2022-01-14-035348
kube-storage-version-migrator git 901a6d22 sha256: ... podWorker status for terminated pods #105527; Add CVE 2021-25741 info to 1.22 Release Notes #105532 ...
Read more >The 3-Part Formula to Increase Your Executive Presence
Network After Work is a professional community consisting of Entrepreneurs, Professionals, Executives and thought leaders who understand the importance of ...
Read more >search issues · spring-boot - bytemeta
RELEASE.jar: 1 vulnerabilities (highest severity is: 7.8). 0. Vulnerable ... RELEASE ❌ Details CVE-2022-27772 Vulnerable Library - spring-boot-2.1.0.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@azure/msal-node
has released an update with the fix Re-opening this issue until we update the@azure-msal-node
dependency in@azure/identity
The PR to update axios in
@azure/msal-node
was merged yesterday, see https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/2825Once an update to
@azure/msal-node
is released, we can look into updating our dependency on it as well