Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency Azure.Identity to 1.11.4 [SECURITY] #962

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 16, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Azure.Identity (source) 1.6.0 -> 1.11.4 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-36414

Azure Identity SDK is vulnerable to remote code execution.

CVE-2024-29992

Azure Identity Library for .NET Information Disclosure Vulnerability

CVE-2024-35255

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.


Release Notes

Azure/azure-sdk-for-net (Azure.Identity)

v1.11.4

Compare Source

1.11.4 (2024-06-10)

Bugs Fixed
  • Managed identity bug fixes

v1.11.3

Compare Source

1.11.3 (2024-05-07)

Bugs Fixed
  • Fixed a regression in DefaultAzureCredential probe request behavior for IMDS managed identity environments. #​43796

v1.11.2

Compare Source

1.11.2 (2024-04-19)

Bugs Fixed
  • Fixed an issue which caused claims to be incorrectly added to confidential client credentials such as DeviceCodeCredential #​43468

v1.11.1

Compare Source

1.11.1 (2024-05-07)

Other Changes
  • Updated Microsoft.Identity.Client and related dependencies to version 4.60.3

v1.11.0

Compare Source

1.11.0 (2024-04-09)

Bugs Fixed
  • AzurePowerShellCredential now handles the case where it falls back to legacy PowerShell without relying on the error message string.
Breaking Changes
  • DefaultAzureCredential now sends a probe request with no retries for IMDS managed identity environments to avoid excessive retry delays when the IMDS endpoint is not available. This should improve credential chain resolution for local development scenarios. See BREAKING_CHANGES.md.

v1.10.4

Compare Source

1.10.4 (2023-11-13)

Other Changes

v1.10.3

Compare Source

1.10.3 (2023-10-18)

Bugs Fixed
  • ManagedIdentityCredential will now correctly retry when the instance metadata endpoint returns a 410 response. #​28568
Other Changes
  • Updated Microsoft.Identity.Client dependency to version 4.56.0

v1.10.2

Compare Source

1.10.2 (2023-10-10)

Bugs Fixed
  • Bug fixes for development time credentials.

v1.10.1

Compare Source

1.10.1 (2023-09-12)

Bugs Fixed
  • ManagedIdentityCredential will fall through to the next credential in the chain in the case that Docker Desktop returns a 403 response when attempting to access the IMDS endpoint. #​38218
  • Fixed an issue where interactive credentials would still prompt on the first GetToken request even when the cache is populated and an AuthenticationRecord is provided. #​38431

v1.10.0

Compare Source

1.10.0 (2023-08-14)

Features Added
  • Added BrowserCustomization property to InteractiveBrowserCredential to enable web view customization for interactive authentication.
Bugs Fixed
  • ManagedIdentityCredential will no longer attempt to parse invalid json payloads on responses from the managed identity endpoint.
  • Fixed an issue where AzurePowerShellCredential fails to parse the token response from Azure PowerShell. #​22638

v1.9.0

Compare Source

1.9.0 (2024-09-24)

Features Added
  • Added DataBoundary support.

v1.8.2

Compare Source

1.8.2 (2023-02-08)

Bugs Fixed

v1.8.1

Compare Source

1.8.1 (2023-01-13)

Bugs Fixed
  • Fixed an issue when using ManagedIdentityCredential in combination with authorities other than Azure public cloud that resulted in a incorrect instance metadata validation error. #​32498

v1.8.0

Compare Source

1.8.0 (2022-11-08)

Bugs Fixed
  • Fixed error message parsing in AzureCliCredential which would misinterpret AAD errors with the need to login with az login. #​26894, #​29109
  • ManagedIdentityCredential will no longer fail when a response received from the endpoint is invalid JSON. It now treats this scenario as if the credential is unavailable. #​30467, #​32061

v1.7.0

Compare Source

1.7.0 (2023-08-08)

Features Added
  • Added support for creating WorkloadIdentityCredential objects from the configuration using the "credential": "workloadidentity". Users must provide values for the tenentId, clientId, and newly added tokenFilePath keys in the configuration, or they must set the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_FEDERATED_TOKEN_FILE.
Other Changes
  • Updated dependency Azure.Identity to version 1.9.0.

v1.6.1

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update dependency Azure.Identity to v1.11.4 [SECURITY] Update dependency Azure.Identity to 1.11.4 [SECURITY] Sep 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants