[Backport 2024.2] chore(deps): update dependency azure-identity to v1.16.1 [security] #9742
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.6.1
->==1.16.1
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
CVE-2024-35255 / GHSA-m5vv-6r4h-3vj9 / GO-2024-2918
More information
Details
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.
Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
Azure/azure-sdk-for-python (azure-identity)
v1.16.1
Compare Source
1.16.1 (2024-06-11)
Bugs Fixed
v1.16.0
Compare Source
1.16.0 (2021-07-01)
Features Added
send_request
onto theazure.core.PipelineClient
andazure.core.AsyncPipelineClient
. This method takes inrequests and sends them through our pipelines.
azure.core.rest
.azure.core.rest
is our new public simple HTTP library inazure.core
that users will use to create requests, and consume responses.StreamConsumedError
,StreamClosedError
, andResponseNotReadError
toazure.core.exceptions
. These errorsare thrown if you mishandle streamed responses from the provisional
azure.core.rest
moduleFixed
from_dict
method ofCloudEvent
when a wrong schema is sent.v1.15.0
Compare Source
1.15.0 (2021-06-04)
New Features
BearerTokenCredentialPolicy.on_challenge
and.authorize_request
to allow subclasses to optionally handle authentication challengesBug Fixes
from_dict
methhod in theCloudEvent
can now convert a datetime string to datetime object when microsecond exceeds the python limitationv1.14.1
Compare Source
1.14.1 (2023-10-09)
Bugs Fixed
v1.14.0
Compare Source
1.14.0 (2021-05-13)
New Features
azure.core.credentials.AzureNamedKeyCredential
credential #17548.decompress
parameter forstream_download
method. If it is set toFalse
, will not do decompression upon the stream. #17920v1.13.0
Compare Source
1.13.0 (2021-04-02)
Azure core requires Python 2.7 or Python 3.6+ since this release.
New Features
azure.core.utils.parse_connection_string
function to parse connection strings across SDKs, with common validation and support for case insensitive keys.~azure.core.tracing.Link
that should be used while passingLinks
toAbstractSpan
.AbstractSpan
constructor can now take in additional keyword only args.Bug fixes
v1.12.0
Compare Source
1.12.0 (2021-03-08)
This version will be the last version to officially support Python 3.5, future versions will require Python 2.7 or Python 3.6+.
Features
azure.core.messaging.CloudEvent
model that follows the cloud event spec.azure.core.serialization.NULL
sentinel valuerepr
s forHttpRequest
andHttpResponse
s #16972Bug Fixes
v1.11.0
Compare Source
1.11.0 (2021-02-08)
Features
CaseInsensitiveEnumMeta
class for case-insensitive enums. #16316raise_for_status
method ontoHttpResponse
. Callingresponse.raise_for_status()
on a response with an error codewill raise an
HttpResponseError
. Calling it on a good response will do nothing #16399Bug Fixes
v1.10.0
Compare Source
1.10.0 (2021-01-11)
Features
AzureSasCredential
and its respective policy. #15946v1.9.0
Compare Source
1.9.0 (2020-11-09)
Features
continuation_token
attribute to the baseAzureError
exception, and set this value for errors raisedduring paged or long-running operations.
Bug Fixes
v1.8.0
Compare Source
1.8.0 (2022-03-01)
Bugs Fixed
Handle injected "tenant_id" and "claims" (#23138)
"tenant_id" argument in get_token() method is only supported by:
AuthorizationCodeCredential
AzureCliCredential
AzurePowerShellCredential
InteractiveBrowserCredential
DeviceCodeCredential
EnvironmentCredential
UsernamePasswordCredential
it is ignored by other types of credentials.
Other Changes
v1.7.1
Compare Source
1.7.1 (2021-11-09)
Bugs Fixed
v1.7.0
Compare Source
1.7.0 (2021-10-14)
Breaking Changes
allow_multitenant_authentication
argument has been removed and the default behavior is now as if it were true.The multitenant authentication feature can be totally disabled by setting the environment variable
AZURE_IDENTITY_DISABLE_MULTITENANTAUTH
toTrue
.azure.identity.RegionalAuthority
is removed.regional_authority
argument is removed forCertificateCredential
andClientSecretCredential
.AzureApplicationCredential
is removed.client_credential
in the ctor ofOnBehalfOfCredential
is removed. Please useclient_secret
orclient_certificate
instead.user_assertion
in the ctor ofOnBehalfOfCredential
a keyword only argument.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
(cherry picked from commit 7731320)
Parent PR: #9704