Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency azure-identity to v1.16.1 [security] #9704

Merged
merged 1 commit into from
Jan 9, 2025
Merged

chore(deps): update dependency azure-identity to v1.16.1 [security] #9704

merged 1 commit into from
Jan 9, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 8, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
azure-identity (source) ==1.6.1 -> ==1.16.1 age adoption passing confidence

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

CVE-2024-35255 / GHSA-m5vv-6r4h-3vj9 / GO-2024-2918

More information

Details

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Severity

  • CVSS Score: 5.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

Azure/azure-sdk-for-python (azure-identity)

v1.16.1

Compare Source

1.16.1 (2024-06-11)

Bugs Fixed
  • Managed identity bug fixes

v1.16.0

Compare Source

1.16.0 (2021-07-01)

Features Added
  • Add new provisional methods send_request onto the azure.core.PipelineClient and azure.core.AsyncPipelineClient. This method takes in
    requests and sends them through our pipelines.
  • Add new provisional module azure.core.rest. azure.core.rest is our new public simple HTTP library in azure.core that users will use to create requests, and consume responses.
  • Add new provisional errors StreamConsumedError, StreamClosedError, and ResponseNotReadError to azure.core.exceptions. These errors
    are thrown if you mishandle streamed responses from the provisional azure.core.rest module
Fixed
  • Improved error message in the from_dict method of CloudEvent when a wrong schema is sent.

v1.15.0

Compare Source

1.15.0 (2021-06-04)

New Features
  • Added BearerTokenCredentialPolicy.on_challenge and .authorize_request to allow subclasses to optionally handle authentication challenges
Bug Fixes
  • Retry policies don't sleep after operations time out
  • The from_dict methhod in the CloudEvent can now convert a datetime string to datetime object when microsecond exceeds the python limitation

v1.14.1

Compare Source

1.14.1 (2023-10-09)

Bugs Fixed
  • Bug fixes for developer credentials

v1.14.0

Compare Source

1.14.0 (2021-05-13)

New Features
  • Added azure.core.credentials.AzureNamedKeyCredential credential #​17548.
  • Added decompress parameter for stream_download method. If it is set to False, will not do decompression upon the stream. #​17920

v1.13.0

Compare Source

1.13.0 (2021-04-02)

Azure core requires Python 2.7 or Python 3.6+ since this release.

New Features
  • Added azure.core.utils.parse_connection_string function to parse connection strings across SDKs, with common validation and support for case insensitive keys.
  • Supported adding custom policies #​16519
  • Added ~azure.core.tracing.Link that should be used while passing Links to AbstractSpan.
  • AbstractSpan constructor can now take in additional keyword only args.
Bug fixes
  • Make NetworkTraceLoggingPolicy show the auth token in plain text. #​14191
  • Fixed RetryPolicy overriding default connection timeout with an extreme value #​17481

v1.12.0

Compare Source

1.12.0 (2021-03-08)

This version will be the last version to officially support Python 3.5, future versions will require Python 2.7 or Python 3.6+.

Features
  • Added azure.core.messaging.CloudEvent model that follows the cloud event spec.
  • Added azure.core.serialization.NULL sentinel value
  • Improve reprs for HttpRequest and HttpResponses #​16972
Bug Fixes

v1.11.0

Compare Source

1.11.0 (2021-02-08)

Features
  • Added CaseInsensitiveEnumMeta class for case-insensitive enums. #​16316
  • Add raise_for_status method onto HttpResponse. Calling response.raise_for_status() on a response with an error code
    will raise an HttpResponseError. Calling it on a good response will do nothing #​16399
Bug Fixes
  • Update conn.conn_kw rather than overriding it when setting block size. (thanks for @​jiasli for the contribution) #​16587

v1.10.0

Compare Source

1.10.0 (2021-01-11)

Features
  • Added AzureSasCredential and its respective policy. #​15946

v1.9.0

Compare Source

1.9.0 (2020-11-09)

Features
  • Add a continuation_token attribute to the base AzureError exception, and set this value for errors raised
    during paged or long-running operations.
Bug Fixes
  • Set retry_interval to 1 second instead of 1000 seconds (thanks vbarbaresi for contributing) #​14357

v1.8.0

Compare Source

1.8.0 (2022-03-01)

Bugs Fixed

  • Handle injected "tenant_id" and "claims" (#​23138)

    "tenant_id" argument in get_token() method is only supported by:

    • AuthorizationCodeCredential
    • AzureCliCredential
    • AzurePowerShellCredential
    • InteractiveBrowserCredential
    • DeviceCodeCredential
    • EnvironmentCredential
    • UsernamePasswordCredential

    it is ignored by other types of credentials.

Other Changes
  • Python 2.7 is no longer supported. Please use Python version 3.6 or later.

v1.7.1

Compare Source

1.7.1 (2021-11-09)

Bugs Fixed
  • Fix multi-tenant auth using async AadClient (#​21289)

v1.7.0

Compare Source

1.7.0 (2021-10-14)

Breaking Changes

These changes do not impact the API of stable versions such as 1.6.0.
Only code written against a beta version such as 1.7.0b1 may be affected.

  • The allow_multitenant_authentication argument has been removed and the default behavior is now as if it were true.
    The multitenant authentication feature can be totally disabled by setting the environment variable
    AZURE_IDENTITY_DISABLE_MULTITENANTAUTH to True.
  • azure.identity.RegionalAuthority is removed.
  • regional_authority argument is removed for CertificateCredential and ClientSecretCredential.
  • AzureApplicationCredential is removed.
  • client_credential in the ctor of OnBehalfOfCredential is removed. Please use client_secret or client_certificate instead.
  • Make user_assertion in the ctor of OnBehalfOfCredential a keyword only argument.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file New Hydra Version PR# introduces new Hydra version renovate labels Jan 8, 2025
@renovate renovate bot force-pushed the renovate/pypi-azure-identity-vulnerability branch 2 times, most recently from 6572baa to 5cfc507 Compare January 8, 2025 18:13
@fruch fruch force-pushed the renovate/pypi-azure-identity-vulnerability branch from 5cfc507 to b68c0ce Compare January 8, 2025 18:32
@renovate renovate bot force-pushed the renovate/pypi-azure-identity-vulnerability branch from b68c0ce to c996b5d Compare January 8, 2025 18:33
@fruch fruch force-pushed the renovate/pypi-azure-identity-vulnerability branch from c996b5d to d3c3414 Compare January 8, 2025 18:53
@renovate renovate bot force-pushed the renovate/pypi-azure-identity-vulnerability branch from d3c3414 to 44ff466 Compare January 8, 2025 18:55
@fruch fruch force-pushed the renovate/pypi-azure-identity-vulnerability branch from 44ff466 to d3c3414 Compare January 8, 2025 19:53
@renovate renovate bot force-pushed the renovate/pypi-azure-identity-vulnerability branch from d3c3414 to 3c2f8d2 Compare January 8, 2025 19:54
@fruch fruch force-pushed the renovate/pypi-azure-identity-vulnerability branch 2 times, most recently from e3796a1 to b13e492 Compare January 8, 2025 19:58
@renovate renovate bot force-pushed the renovate/pypi-azure-identity-vulnerability branch 2 times, most recently from b580302 to 4eab151 Compare January 8, 2025 20:18
@fruch fruch removed the renovate label Jan 9, 2025
@fruch fruch force-pushed the renovate/pypi-azure-identity-vulnerability branch from 4eab151 to 4cf04fc Compare January 9, 2025 17:13
fruch
fruch approved these changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@fruch fruch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fruch fruch merged commit 7731320 into master Jan 9, 2025
8 checks passed
This was referenced Jan 9, 2025
Merged
Merged
Merged
Merged
@renovate renovate bot deleted the renovate/pypi-azure-identity-vulnerability branch January 9, 2025 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fruch fruch fruch approved these changes

Assignees
No one assigned
Labels
backport/perf-v15-done backport/perf-v16-done backport/6.2-done backport/2024.2-done Commit backported to 2024.2 dependencies Pull requests that update a dependency file New Hydra Version PR# introduces new Hydra version promoted-to-master test-provision-azure
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fruch @scylladbbot