Github issues should be used for bugs and feature requests. Use Stack Overflow for general "how-to" questions.

Versions

What package version of the SDK are you using.
[email protected]
[email protected]
[email protected]

What nodejs version are you using
18
What browser version are you using
Chrome
What os are you using
MacOS

Describe the bug

[email protected] has an out-of-date dependency with @azure/identity:

"@azure/core-http": "^3.0.2",
"@azure/identity": "^2.0.4",
"@azure/msal-node": "^1.18.4",

I'm getting a warning about identity but I notice these other are also behind in their versions.

Here's the npm warning I'm getting:

% npm audit

npm audit report

@azure/identity <4.2.1
Severity: moderate
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability - GHSA-m5vv-6r4h-3vj9
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/botframework-connector/node_modules/@azure/identity
botframework-connector >=4.15.0-dev.1982983
Depends on vulnerable versions of @azure/identity
node_modules/botframework-connector
botbuilder >=4.15.0-dev.1982983
Depends on vulnerable versions of botbuilder-core
Depends on vulnerable versions of botframework-connector
node_modules/botbuilder
botbuilder-core >=4.15.0-dev.1982983
Depends on vulnerable versions of botframework-connector
node_modules/botbuilder-core

4 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force

To Reproduce

Steps to reproduce the behavior:
Install the latest versions of:
"botbuilder": "^4.22.3",
"botbuilder-core": "^4.22.3",
"botframework-connector": "^4.22.3",
and:
"@azure/identity": "^4.3.0",
"@azure/msal-node": "^2.6.0",

Conflict appears.

Expected behavior

Give a clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.