To be fair, that's because their own Azure.Identity org hadn't even shipped an update addressing this vulnerability and they work in the same building.