Update dependency Azure.Identity to 1.11.4 [SECURITY] #962
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.6.0
->1.11.4
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-36414
Azure Identity SDK is vulnerable to remote code execution.
CVE-2024-29992
Azure Identity Library for .NET Information Disclosure Vulnerability
CVE-2024-35255
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.
Release Notes
Azure/azure-sdk-for-net (Azure.Identity)
v1.11.4
Compare Source
1.11.4 (2024-06-10)
Bugs Fixed
v1.11.3
Compare Source
1.11.3 (2024-05-07)
Bugs Fixed
DefaultAzureCredential
probe request behavior for IMDS managed identity environments. #43796v1.11.2
Compare Source
1.11.2 (2024-04-19)
Bugs Fixed
DeviceCodeCredential
#43468v1.11.1
Compare Source
1.11.1 (2024-05-07)
Other Changes
v1.11.0
Compare Source
1.11.0 (2024-04-09)
Bugs Fixed
AzurePowerShellCredential
now handles the case where it falls back to legacy PowerShell without relying on the error message string.Breaking Changes
DefaultAzureCredential
now sends a probe request with no retries for IMDS managed identity environments to avoid excessive retry delays when the IMDS endpoint is not available. This should improve credential chain resolution for local development scenarios. See BREAKING_CHANGES.md.v1.10.4
Compare Source
1.10.4 (2023-11-13)
Other Changes
ActivitySource
is stable and no longer requires the Experimental feature-flag.v1.10.3
Compare Source
1.10.3 (2023-10-18)
Bugs Fixed
ManagedIdentityCredential
will now correctly retry when the instance metadata endpoint returns a 410 response. #28568Other Changes
v1.10.2
Compare Source
1.10.2 (2023-10-10)
Bugs Fixed
v1.10.1
Compare Source
1.10.1 (2023-09-12)
Bugs Fixed
ManagedIdentityCredential
will fall through to the next credential in the chain in the case that Docker Desktop returns a 403 response when attempting to access the IMDS endpoint. #38218v1.10.0
Compare Source
1.10.0 (2023-08-14)
Features Added
BrowserCustomization
property toInteractiveBrowserCredential
to enable web view customization for interactive authentication.Bugs Fixed
v1.9.0
Compare Source
1.9.0 (2024-09-24)
Features Added
DataBoundary
support.v1.8.2
Compare Source
1.8.2 (2023-02-08)
Bugs Fixed
AzurePowerShellCredential
which would misinterpret AAD errors with the need to install PowerShell. #31998ManagedIdentityCredential
. [#32498])(https://github.com/Azure/azure-sdk-for-net/issues/32498)v1.8.1
Compare Source
1.8.1 (2023-01-13)
Bugs Fixed
ManagedIdentityCredential
in combination with authorities other than Azure public cloud that resulted in a incorrect instance metadata validation error. #32498v1.8.0
Compare Source
1.8.0 (2022-11-08)
Bugs Fixed
AzureCliCredential
which would misinterpret AAD errors with the need to login withaz login
. #26894, #29109ManagedIdentityCredential
will no longer fail when a response received from the endpoint is invalid JSON. It now treats this scenario as if the credential is unavailable. #30467, #32061v1.7.0
Compare Source
1.7.0 (2023-08-08)
Features Added
WorkloadIdentityCredential
objects from the configuration using the"credential": "workloadidentity"
. Users must provide values for thetenentId
,clientId
, and newly addedtokenFilePath
keys in the configuration, or they must set the environment variablesAZURE_TENANT_ID
,AZURE_CLIENT_ID
, andAZURE_FEDERATED_TOKEN_FILE
.Other Changes
Azure.Identity
to version1.9.0
.v1.6.1
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.