Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2024.2] chore(deps): update dependency azure-identity to v1.16.1 [security] #9742

Merged
merged 1 commit into from
Jan 9, 2025

Conversation

mergify[bot]
Copy link

@mergify mergify bot commented Jan 9, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
azure-identity (source) ==1.6.1 -> ==1.16.1 age adoption passing confidence

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

CVE-2024-35255 / GHSA-m5vv-6r4h-3vj9 / GO-2024-2918

More information

Details

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Severity

  • CVSS Score: 5.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


Release Notes

Azure/azure-sdk-for-python (azure-identity)

v1.16.1

Compare Source

1.16.1 (2024-06-11)

Bugs Fixed
  • Managed identity bug fixes

v1.16.0

Compare Source

1.16.0 (2021-07-01)

Features Added
  • Add new provisional methods send_request onto the azure.core.PipelineClient and azure.core.AsyncPipelineClient. This method takes in
    requests and sends them through our pipelines.
  • Add new provisional module azure.core.rest. azure.core.rest is our new public simple HTTP library in azure.core that users will use to create requests, and consume responses.
  • Add new provisional errors StreamConsumedError, StreamClosedError, and ResponseNotReadError to azure.core.exceptions. These errors
    are thrown if you mishandle streamed responses from the provisional azure.core.rest module
Fixed
  • Improved error message in the from_dict method of CloudEvent when a wrong schema is sent.

v1.15.0

Compare Source

1.15.0 (2021-06-04)

New Features
  • Added BearerTokenCredentialPolicy.on_challenge and .authorize_request to allow subclasses to optionally handle authentication challenges
Bug Fixes
  • Retry policies don't sleep after operations time out
  • The from_dict methhod in the CloudEvent can now convert a datetime string to datetime object when microsecond exceeds the python limitation

v1.14.1

Compare Source

1.14.1 (2023-10-09)

Bugs Fixed
  • Bug fixes for developer credentials

v1.14.0

Compare Source

1.14.0 (2021-05-13)

New Features
  • Added azure.core.credentials.AzureNamedKeyCredential credential #​17548.
  • Added decompress parameter for stream_download method. If it is set to False, will not do decompression upon the stream. #​17920

v1.13.0

Compare Source

1.13.0 (2021-04-02)

Azure core requires Python 2.7 or Python 3.6+ since this release.

New Features
  • Added azure.core.utils.parse_connection_string function to parse connection strings across SDKs, with common validation and support for case insensitive keys.
  • Supported adding custom policies #​16519
  • Added ~azure.core.tracing.Link that should be used while passing Links to AbstractSpan.
  • AbstractSpan constructor can now take in additional keyword only args.
Bug fixes
  • Make NetworkTraceLoggingPolicy show the auth token in plain text. #​14191
  • Fixed RetryPolicy overriding default connection timeout with an extreme value #​17481

v1.12.0

Compare Source

1.12.0 (2021-03-08)

This version will be the last version to officially support Python 3.5, future versions will require Python 2.7 or Python 3.6+.

Features
  • Added azure.core.messaging.CloudEvent model that follows the cloud event spec.
  • Added azure.core.serialization.NULL sentinel value
  • Improve reprs for HttpRequest and HttpResponses #​16972
Bug Fixes

v1.11.0

Compare Source

1.11.0 (2021-02-08)

Features
  • Added CaseInsensitiveEnumMeta class for case-insensitive enums. #​16316
  • Add raise_for_status method onto HttpResponse. Calling response.raise_for_status() on a response with an error code
    will raise an HttpResponseError. Calling it on a good response will do nothing #​16399
Bug Fixes
  • Update conn.conn_kw rather than overriding it when setting block size. (thanks for @​jiasli for the contribution) #​16587

v1.10.0

Compare Source

1.10.0 (2021-01-11)

Features
  • Added AzureSasCredential and its respective policy. #​15946

v1.9.0

Compare Source

1.9.0 (2020-11-09)

Features
  • Add a continuation_token attribute to the base AzureError exception, and set this value for errors raised
    during paged or long-running operations.
Bug Fixes
  • Set retry_interval to 1 second instead of 1000 seconds (thanks vbarbaresi for contributing) #​14357

v1.8.0

Compare Source

1.8.0 (2022-03-01)

Bugs Fixed
  • Handle injected "tenant_id" and "claims" (#​23138)

    "tenant_id" argument in get_token() method is only supported by:

    • AuthorizationCodeCredential
    • AzureCliCredential
    • AzurePowerShellCredential
    • InteractiveBrowserCredential
    • DeviceCodeCredential
    • EnvironmentCredential
    • UsernamePasswordCredential

    it is ignored by other types of credentials.

Other Changes
  • Python 2.7 is no longer supported. Please use Python version 3.6 or later.

v1.7.1

Compare Source

1.7.1 (2021-11-09)

Bugs Fixed
  • Fix multi-tenant auth using async AadClient (#​21289)

v1.7.0

Compare Source

1.7.0 (2021-10-14)

Breaking Changes

These changes do not impact the API of stable versions such as 1.6.0.
Only code written against a beta version such as 1.7.0b1 may be affected.

  • The allow_multitenant_authentication argument has been removed and the default behavior is now as if it were true.
    The multitenant authentication feature can be totally disabled by setting the environment variable
    AZURE_IDENTITY_DISABLE_MULTITENANTAUTH to True.
  • azure.identity.RegionalAuthority is removed.
  • regional_authority argument is removed for CertificateCredential and ClientSecretCredential.
  • AzureApplicationCredential is removed.
  • client_credential in the ctor of OnBehalfOfCredential is removed. Please use client_secret or client_certificate instead.
  • Make user_assertion in the ctor of OnBehalfOfCredential a keyword only argument.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

(cherry picked from commit 7731320)

Parent PR: #9704

@fruch fruch merged commit c763666 into branch-2024.2 Jan 9, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant