[v5] Address CVEs #8189
Open
[v5] Address CVEs #8189
+23,240
−24,744
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to address CVEs by updating multiple dependencies across sample applications and libraries. The updates include axios, nodemon, Playwright, Electron, Angular packages, and other dependencies to newer versions that presumably fix security vulnerabilities.
Key changes:
- Security dependency updates across sample applications (axios, nodemon, Playwright, Electron, Angular packages)
- Updates to @azure/identity, semver, and puppeteer packages
- Formatting changes to package.json files (indentation standardization)
Reviewed changes
Copilot reviewed 22 out of 23 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| samples/msal-node-samples/silent-flow/package.json | Updated axios to ^1.12.0 |
| samples/msal-node-samples/on-behalf-of-distributed-cache/package.json | Updated axios to ^1.12.0, nodemon to ^3.1.11, formatting changes |
| samples/msal-node-samples/custom-INetworkModule-and-network-tracing/package.json | Updated axios to 1.12.0 |
| samples/msal-node-samples/client-credentials-distributed-cache/package.json | Updated axios to ^1.12.0, nodemon to ^3.1.11, formatting changes |
| samples/msal-node-samples/b2c-user-flows/package.json | Updated axios to ^1.12.0 |
| samples/msal-node-samples/auth-code-key-vault/package.json | Updated @azure/identity to ^4.5.0, formatting changes |
| samples/msal-node-samples/auth-code-distributed-cache/package.json | Updated axios to ^1.12.0, nodemon to ^3.1.11, formatting changes |
| samples/msal-node-samples/auth-code-cli-app/package.json | Updated axios to ^1.12.0 |
| samples/msal-node-samples/ElectronSystemBrowserTestApp/package.json | Updated @playwright/test to ^1.56.0, electron to ^36.9.5, axios to ^1.12.0 |
| samples/msal-browser-samples/TestingSample/package.json | Updated @playwright/test to ^1.56.0, formatting changes |
| samples/msal-browser-samples/HybridSample/package.json | Updated nodemon to ^3.1.11 |
| samples/msal-browser-samples/ExpressSample/package.json | Updated nodemon to ^3.1.11 |
| samples/msal-browser-samples/COOP/sts/package.json | Updated @playwright/test to ^1.56.0, formatting changes |
| samples/msal-browser-samples/COOP/package.json | Updated @playwright/test to ^1.56.0, electron to ^36.9.5, formatting changes |
| samples/msal-angular-samples/angular-standalone-sample/package.json | Updated Angular packages to 20.3.x versions |
| samples/msal-angular-samples/angular-modules-sample/package.json | Updated Angular packages to 20.3.x versions |
| samples/msal-angular-samples/angular-b2c-sample/package.json | Updated Angular packages to 20.3.x and 20.2.x versions, fixed karma formatting |
| samples/e2eTestUtils/package.json | Updated axios to ^1.12.0, playwright-core to ^1.56.0, puppeteer to ^24.29.0 |
| package.json | Updated @angular/compiler to ^19.2.17, semver to ^7.7.3 |
| lib/msal-angular/package.json | Updated Angular dev dependencies to 19.2.15/16 versions |
| extensions/samples/electron-webpack/package.json | Updated electron to ^36.9.5, formatting changes |
| change/@azure-msal-angular-e230b80b-b14b-4696-9d63-ad0fcbb416be.json | Added beachball changefile for the CVE fixes |
change/@azure-msal-angular-e230b80b-b14b-4696-9d63-ad0fcbb416be.json
Outdated
Show resolved
Hide resolved
samples/msal-angular-samples/angular-standalone-sample/package.json
Outdated
Show resolved
Hide resolved
samples/msal-angular-samples/angular-modules-sample/package.json
Outdated
Show resolved
Hide resolved
Contributor
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
….json Co-authored-by: Copilot <[email protected]>
sameerag
commented
Dec 9, 2025
change/@azure-msal-angular-e230b80b-b14b-4696-9d63-ad0fcbb416be.json
Outdated
Show resolved
Hide resolved
New branch naming isn't caught by the existing beachball branch filter, causing beachball check not to be skipped in post-release PRs.
This PR contains the changelogs and version bumps for the MSAL.js 3P releases. --------- Co-authored-by: MSAL.js Release Automation <[email protected]> Co-authored-by: Konstantin <[email protected]>
…8191) Use cross-env for environment variable management in build scripts
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Address CVE alerts for msal-v5