[Identity] upgrade the msal dependencies due to security issue in jso…

…nwebtoken (#24458)
Azure · Jan 13, 2023 · 22591b6 · 22591b6
1 parent b5d9a6b
commit 22591b6
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 34 deletions.
diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml
diff --git a/sdk/identity/identity/CHANGELOG.md b/sdk/identity/identity/CHANGELOG.md
@@ -1,4 +1,11 @@
 # Release History
+
+## 3.1.3 (2023-01-12)
+
+### Other Changes
+
+- Upgraded versions of @azure/msal-node, @azure/msal-common and @azure/msal-browser to remove any dependency versions that were depending on old version of jsonwebtoken which had a [security issue](https://nvd.nist.gov/vuln/detail/CVE-2022-23529)
+
 ## 3.1.2 (2022-12-05)
 
 ### Bugs Fixed

diff --git a/sdk/identity/identity/package.json b/sdk/identity/identity/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@azure/identity",
   "sdk-type": "client",
-  "version": "3.1.2",
+  "version": "3.1.3",
   "description": "Provides credential implementations for Azure SDK libraries that can authenticate with Azure Active Directory",
   "main": "dist/index.js",
   "module": "dist-esm/src/index.js",
@@ -110,9 +110,9 @@
     "@azure/core-tracing": "^1.0.0",
     "@azure/core-util": "^1.0.0",
     "@azure/logger": "^1.0.0",
-    "@azure/msal-browser": "^2.32.0",
-    "@azure/msal-common": "^9.0.0",
-    "@azure/msal-node": "^1.14.4",
+    "@azure/msal-browser": "^2.32.2",
+    "@azure/msal-common": "^9.0.2",
+    "@azure/msal-node": "^1.14.6",
     "events": "^3.0.0",
     "jws": "^4.0.0",
     "open": "^8.0.0",