-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@azure/identity is using vulnerable version of axios@0.20.0 with high severity #13088
Comments
Thanks for reporting @compulim |
@jonathandturner The axios package is also used by |
Will this be fixed in the 1.2.1 release? If yes, when can we expect 1.2.1 to be available? |
This issue is also affecting |
@rmiraballes The |
@rmiraballes We just released an update for |
@ramya-rao-a Thanks |
At least for me, the issue persists because version 1.2.1 depends an |
Yes is still happening in Is fixed on |
The PR to update axios in Once an update to |
|
@jonathandturner Can we close this issue now that 1.2.2 of |
@ramya-rao-a we're not using the Axios anymore on Identity, we've confirmed. We still have other packages that are using the old Axios though. |
Closing this issue, since the issue with Axios for @azure/identity should be solved with 1.2.2. |
Network november release (Azure#13224) * Adds base for updating Microsoft.Network from version stable/2020-08-01 to version 2020-11-01 * Updates readme * Updates API version in new specs and examples * No snat firewall policy (Azure#12505) * Adding No SNAT feature support to firewall policy * committing prettier-fix * adding period at end of description to prevent failure for checks * Insights on Firewall Policy (Azure#12509) * Adds base for updating Microsoft.Network from version stable/2020-07-01 to version 2020-08-01 * Updates readme * Updates API version in new specs and examples * add patch operation for express route gateway (Azure#11553) * add patch * fix example * Added new cloud service NIC and PIP APIs (Azure#11650) Co-authored-by: Richa Jain <ricjain@microsoft.com> * Adding support for Vpn Link Connection Mode (Azure#11574) Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Reverting the changes made for address space update as the changes in service code are not in yet (Azure#11754) Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> * VPN NAT for Virtual WAN feature changes (Azure#11815) * VPN NAT for Virtual WAN feature changes * PrettierCheck fixes * Incorporate review comments and update examples * Add edge zone parameters for networking resources and add extendedLocation property to customIpPrefix (Azure#11933) * Add extendedLocation property to customIpPrefix * Fix the directory * Address linting errors * Fix another linting error * Add edge zone parameter for network interfaces * Looks like edgeZone parameter is working when creating network interfaces * EdgeZone parameter for load balancer * Add edge zone parameter for public IP address * Add edge zone parameter for public IP prefix * Add edgeZone parameter for virtual networks * Add edge zone parameter for custom IP prefix Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add location parameter to Loadbalancer Backend Address Pool Properties Format (Azure#11919) * adding location parameter to backendaddresspoolpropertiesformat * ran prettier * Support for Listing IKE Security Associations for Virtual Network Gateway Connections (Azure#11572) * Support to List IKE SAs on VNG Connection * Updating GetIkeSas * Update virtualNetworkGateway.json * Added location headers * Update virtualNetworkGateway.json * Prettier fix * Update custom-words.txt * Update virtualNetworkGateway.json * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * [Fix] GetIkeSas returns result as string (Azure#12225) * Removing IkeSaParameters * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Add extended location properties for private link service and private endpoints and remove edge zone properties (Azure#12039) * Remove edge zone parameter * Add extended location for private endpoint and private link service * Add examples * Capitalization * Prettier Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add missing properties of SecurityRule, Route and RouteTable (Azure#12215) * Add missing properties of SecurityRule Route and RouteTable * Set resourceGuid field to be read only Co-authored-by: Xu Wang <wax@microsoft.com> * Added placeholder instead of password (Azure#12299) * resolving conflicts * resolving conflicts * new api version * resolving conflicts * fixing network validation * running prettier * fixing network valdiation * fixing network valdiation Co-authored-by: Mikhail <mitryakh@microsoft.com> Co-authored-by: nimaller <71352534+nimaller@users.noreply.github.com> Co-authored-by: Richa Jain <richa.jain1912@gmail.com> Co-authored-by: Richa Jain <ricjain@microsoft.com> Co-authored-by: Abhishek Shah <shah.abhi7860@gmail.com> Co-authored-by: Abhishek Shah <shabhis@microsoft.com> Co-authored-by: Hari Prasad Perabattula <harics24@users.noreply.github.com> Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> Co-authored-by: Nilambari <nilamd@microsoft.com> Co-authored-by: William Ehrich <wdehrich@gmail.com> Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> Co-authored-by: Kayden Wilkinson <69224099+Kawilki-M@users.noreply.github.com> Co-authored-by: Xu Wang <wangxu724@gmail.com> Co-authored-by: Xu Wang <wax@microsoft.com> * Firewall Policy Insights with region (Azure#12711) * Adds base for updating Microsoft.Network from version stable/2020-07-01 to version 2020-08-01 * Updates readme * Updates API version in new specs and examples * add patch operation for express route gateway (Azure#11553) * add patch * fix example * Added new cloud service NIC and PIP APIs (Azure#11650) Co-authored-by: Richa Jain <ricjain@microsoft.com> * Adding support for Vpn Link Connection Mode (Azure#11574) Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Reverting the changes made for address space update as the changes in service code are not in yet (Azure#11754) Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> * VPN NAT for Virtual WAN feature changes (Azure#11815) * VPN NAT for Virtual WAN feature changes * PrettierCheck fixes * Incorporate review comments and update examples * Add edge zone parameters for networking resources and add extendedLocation property to customIpPrefix (Azure#11933) * Add extendedLocation property to customIpPrefix * Fix the directory * Address linting errors * Fix another linting error * Add edge zone parameter for network interfaces * Looks like edgeZone parameter is working when creating network interfaces * EdgeZone parameter for load balancer * Add edge zone parameter for public IP address * Add edge zone parameter for public IP prefix * Add edgeZone parameter for virtual networks * Add edge zone parameter for custom IP prefix Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add location parameter to Loadbalancer Backend Address Pool Properties Format (Azure#11919) * adding location parameter to backendaddresspoolpropertiesformat * ran prettier * Support for Listing IKE Security Associations for Virtual Network Gateway Connections (Azure#11572) * Support to List IKE SAs on VNG Connection * Updating GetIkeSas * Update virtualNetworkGateway.json * Added location headers * Update virtualNetworkGateway.json * Prettier fix * Update custom-words.txt * Update virtualNetworkGateway.json * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * [Fix] GetIkeSas returns result as string (Azure#12225) * Removing IkeSaParameters * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Add extended location properties for private link service and private endpoints and remove edge zone properties (Azure#12039) * Remove edge zone parameter * Add extended location for private endpoint and private link service * Add examples * Capitalization * Prettier Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add missing properties of SecurityRule, Route and RouteTable (Azure#12215) * Add missing properties of SecurityRule Route and RouteTable * Set resourceGuid field to be read only Co-authored-by: Xu Wang <wax@microsoft.com> * Added placeholder instead of password (Azure#12299) * resolving conflicts * resolving conflicts * new api version * resolving conflicts * fixing network validation * running prettier * fixing network valdiation * fixing network valdiation * Passing in the regions to backend * changed the reference definition Co-authored-by: Mikhail <mitryakh@microsoft.com> Co-authored-by: nimaller <71352534+nimaller@users.noreply.github.com> Co-authored-by: Richa Jain <richa.jain1912@gmail.com> Co-authored-by: Richa Jain <ricjain@microsoft.com> Co-authored-by: Abhishek Shah <shah.abhi7860@gmail.com> Co-authored-by: Abhishek Shah <shabhis@microsoft.com> Co-authored-by: Hari Prasad Perabattula <harics24@users.noreply.github.com> Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> Co-authored-by: Nilambari <nilamd@microsoft.com> Co-authored-by: William Ehrich <wdehrich@gmail.com> Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> Co-authored-by: Kayden Wilkinson <69224099+Kawilki-M@users.noreply.github.com> Co-authored-by: Xu Wang <wangxu724@gmail.com> Co-authored-by: Xu Wang <wax@microsoft.com> * Support for Listing IKE Security Associations for VPN Link Connections (Azure#12305) * Adds base for updating Microsoft.Network from version stable/2020-07-01 to version 2020-08-01 * Updates readme * Updates API version in new specs and examples * add patch operation for express route gateway (Azure#11553) * add patch * fix example * Added new cloud service NIC and PIP APIs (Azure#11650) Co-authored-by: Richa Jain <ricjain@microsoft.com> * Adding support for Vpn Link Connection Mode (Azure#11574) Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Reverting the changes made for address space update as the changes in service code are not in yet (Azure#11754) Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> * VPN NAT for Virtual WAN feature changes (Azure#11815) * VPN NAT for Virtual WAN feature changes * PrettierCheck fixes * Incorporate review comments and update examples * Add edge zone parameters for networking resources and add extendedLocation property to customIpPrefix (Azure#11933) * Add extendedLocation property to customIpPrefix * Fix the directory * Address linting errors * Fix another linting error * Add edge zone parameter for network interfaces * Looks like edgeZone parameter is working when creating network interfaces * EdgeZone parameter for load balancer * Add edge zone parameter for public IP address * Add edge zone parameter for public IP prefix * Add edgeZone parameter for virtual networks * Add edge zone parameter for custom IP prefix Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add location parameter to Loadbalancer Backend Address Pool Properties Format (Azure#11919) * adding location parameter to backendaddresspoolpropertiesformat * ran prettier * Support for Listing IKE Security Associations for Virtual Network Gateway Connections (Azure#11572) * Support to List IKE SAs on VNG Connection * Updating GetIkeSas * Update virtualNetworkGateway.json * Added location headers * Update virtualNetworkGateway.json * Prettier fix * Update custom-words.txt * Update virtualNetworkGateway.json * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * [Fix] GetIkeSas returns result as string (Azure#12225) * Removing IkeSaParameters * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Add extended location properties for private link service and private endpoints and remove edge zone properties (Azure#12039) * Remove edge zone parameter * Add extended location for private endpoint and private link service * Add examples * Capitalization * Prettier Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add missing properties of SecurityRule, Route and RouteTable (Azure#12215) * Add missing properties of SecurityRule Route and RouteTable * Set resourceGuid field to be read only Co-authored-by: Xu Wang <wax@microsoft.com> * Added placeholder instead of password (Azure#12299) * Adding getikesas for vpn link connections * pretty fix * Naming * Update VpnSiteLinkConnectionGetIkeSas.json * Update VpnSiteLinkConnectionGetIkeSas.json * Changing API version * Update readme.md * Updating API version * Removing changes from older API * Update virtualWan.json Co-authored-by: Mikhail <mitryakh@microsoft.com> Co-authored-by: nimaller <71352534+nimaller@users.noreply.github.com> Co-authored-by: Richa Jain <richa.jain1912@gmail.com> Co-authored-by: Richa Jain <ricjain@microsoft.com> Co-authored-by: Abhishek Shah <shabhis@microsoft.com> Co-authored-by: Hari Prasad Perabattula <harics24@users.noreply.github.com> Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> Co-authored-by: Nilambari <nilamd@microsoft.com> Co-authored-by: William Ehrich <wdehrich@gmail.com> Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> Co-authored-by: Kayden Wilkinson <69224099+Kawilki-M@users.noreply.github.com> Co-authored-by: Xu Wang <wangxu724@gmail.com> Co-authored-by: Xu Wang <wax@microsoft.com> * Added 'Subnet' property to LoadBalancerBackendAddress (Azure#12625) * Support for ResetConnection for VNG and VPN Link connections (Azure#12715) * fix the name mismatch (Azure#12826) * Add support for Traffic selector param in VpnConnection for virtualWan (Azure#12903) * Add support for Traffic selector param in Connection - initial changes * Add trafficSelectorPolicies list in responses * Add trafficSelectorPolicies list in Get and List connection * cleanup stostools (Azure#12699) * Revert "Merge branch 'network-november-release' into ak-traffic-selector" This reverts commit 1a8f61e3c4395f410d6ff16ee41da4d2eeb091b5, reversing changes made to 3c90ff8ccb6c1e46c0480643906d6b5c5388e8c8. Co-authored-by: Zhenglai Zhang <darinzh@microsoft.com> * Revert "Add support for Traffic selector param in VpnConnection for virtualWan" (Azure#13088) * Revert "Add support for Traffic selector param in VpnConnection for virtualWan (Azure#12903)" This reverts commit 34dcf04f0ee453fa739ec2f790376a8decb5a3ab. * cleanup stostools (Azure#12699) Co-authored-by: Zhenglai Zhang <darinzh@microsoft.com> * Re - Add support for Traffic selector param in VpnConnection for virtualWan (Azure#13103) * Add support for Traffic selector param in Connection - initial changes * Add trafficSelectorPolicies list in responses * Add trafficSelectorPolicies list in Get and List connection * add auth type property to vng config (Azure#13183) * added reverted by mistake api version * fixed mistyping * Fix name mismatch for virtual network local gateway (Azure#13266) * fix the name mismatch * fix name mismatch in nov Co-authored-by: nikhilpadhye1 <68977752+nikhilpadhye1@users.noreply.github.com> Co-authored-by: Sai Sujith Reddy Mankala <samankal@microsoft.com> Co-authored-by: nimaller <71352534+nimaller@users.noreply.github.com> Co-authored-by: Richa Jain <richa.jain1912@gmail.com> Co-authored-by: Richa Jain <ricjain@microsoft.com> Co-authored-by: Abhishek Shah <shah.abhi7860@gmail.com> Co-authored-by: Abhishek Shah <shabhis@microsoft.com> Co-authored-by: Hari Prasad Perabattula <harics24@users.noreply.github.com> Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> Co-authored-by: Nilambari <nilamd@microsoft.com> Co-authored-by: William Ehrich <wdehrich@gmail.com> Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> Co-authored-by: Kayden Wilkinson <69224099+Kawilki-M@users.noreply.github.com> Co-authored-by: Xu Wang <wangxu724@gmail.com> Co-authored-by: Xu Wang <wax@microsoft.com> Co-authored-by: irrogozh <irrogozh@microsoft.com> Co-authored-by: Akshat Kale <kaleakshat@gmail.com> Co-authored-by: litchiyangMSFT <64560090+litchiyangMSFT@users.noreply.github.com> Co-authored-by: Zhenglai Zhang <darinzh@microsoft.com> Co-authored-by: neethirshetty <75816269+neethirshetty@users.noreply.github.com>
@azure/identity
1.2.0
14.10.1
Describe the bug
axios@0.20.0
has high severity vulnerability, documented at https://npmjs.com/advisories/1594. It is fixed inaxios@>0.21.1
.Since
@azure/identity
is a base package of other SDKs, the issue could have a broad impact across all SDKs.To Reproduce
Steps to reproduce the behavior:
npm install @azure/identity
Expected behavior
It should not report any vulnerabilities.
Screenshots
Additional context
The text was updated successfully, but these errors were encountered: