Version 2.1.0 of the @azure/identity package brings several updates and refinements compared to the earlier stable version 2.0.5, offering developers enhanced capabilities for secure authentication with Azure Active Directory in their JavaScript applications. One notable change lies in the updated dependencies. Specifically, @azure/msal-node jumps from version ^1.3.0 to ^1.10.0, and @azure/msal-common goes from ^4.5.1 to ^7.0.0. This suggests enhancements in handling authentication flows on the server-side and improvements to the core authentication logic. Furthermore, @azure/msal-browser sees an update from ^2.16.0 to ^2.26.0, indicating improvements to the library responsible for browser-based authentication scenarios. Developers building applications that leverage interactive browser authentication will want to take note.
Another interesting change is the upgrade of @azure/core-util from 1.0.0-beta.1 to ^1.0.0, indicating the graduation of the utility library out of beta. The previous version had @azure/core-tracing as a preview version 1.0.0-preview.13 and it is replaced with ^1.0.0 which indicates a stable version. These represent a greater stability and reliability of those key central utilities in the Azure SDK. The development dependencies also saw updates like dropping the older ESLint version and updating Typescript to a newer version. In summary, version 2.1.0 appears to be a substantial upgrade focused on stabilizing and enhancing authentication capabilities, upgrading core dependencies, and streamlining the developer experience.
All the vulnerabilities related to the version 2.1.0 of the package
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.
