azure-pipelines-tasks-azure-arm-rest deploying version of Openssl vulnerable to CVE-2023-49210

[rdlisle]

We are using AzurePowershell@5 task in Azure devops pipelines in a self hosted agent.

It includes the package azure-pipelines-tasks-azure-arm-rest.

Recently our security scans using WIZ have started identifying old versions of openssl on the server we use for the agent.

I tracked it back to the openssl included in the package.json at this path:
https://vstsagenttools.blob.core.windows.net/tools/openssl/1.0.2/M138/openssl_fix_whitespace.zip

I don't have anyway to fix this permanently other than to ask the project to update to a newer version of openssl.

Thank you,
Randy Lisle