Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Retract adal versions with token refresh errors #716

Merged
merged 2 commits into from
Jan 17, 2023
Merged

Retract adal versions with token refresh errors #716

merged 2 commits into from
Jan 17, 2023

Conversation

berndverst
Copy link
Member

Signed-off-by: Bernd Verst github@bernd.dev

This retracts a range of adal library versions which have errors in the handling of Token Refresh calls.

These errors can results in a huge range of subtle failures, such as inability to refresh a service principal token obtained via managed identity / MSI.

This retraction does not break builds using this particular version, but will print a warning to anyone impacted. v0.9.20 is the first working version.

For this retraction to become effective a new release v0.9.22 (since v0.9.21 is the latest right now) needs to be tagged.

@berndverst
Retract adal versions with token refresh errors
0771731 
Signed-off-by: Bernd Verst <github@bernd.dev>
RickWinter
RickWinter reviewed Jan 13, 2023
View reviewed changes
Copy link
Member

@RickWinter RickWinter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems reasonable, @jhendrixMSFT can you take a look.

@berndverst
Copy link
Member Author

berndverst commented Jan 13, 2023
edited
Loading

Can we update the build pipeline to remove Go 1.15? Then the errors regarding go.mod won't happen. Retract was added in Go 1.16. 1.15 and 1.16 are end of life already. 1.17 is the oldest supported Go version.

Also, no idea what the go cov errors are about - but that's not related to my change here.

@jhendrixMSFT jhendrixMSFT merged commit 79575dd into Azure:main Jan 17, 2023
nickysemenza added a commit to cloudflare/gokeyless that referenced this pull request Mar 27, 2023
@nickysemenza
chore: bump dependencies
1349e10 
retracted module in Azure/go-autorest#716 causing `go get` to fail
@nickysemenza nickysemenza mentioned this pull request Mar 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RickWinter RickWinter RickWinter left review comments

@jhendrixMSFT jhendrixMSFT jhendrixMSFT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@berndverst @RickWinter @jhendrixMSFT