According to this advisory, @azure/identity versions prior to 4.2.1 include a vulnerability. Package.json specifies "@azure/identity": "^3.4.1" which cannot be quietly upgraded because the hat (^) does not allow major version upgrades.

Please adopt the invulnerable release version.

Apologies if my limited understanding of npm dependencies means that this isn't necessary.

Hi @oliverbock , Thanks for bring this on up. Will definitely look into this and bump up the version accordingly.

Hi @oliverbock , the change has been merged and released. Closing this one for now.

Hello @MichaelSun90 do you know when it will be released on NPM?