Skip to content

chore(deps): update dependency azure-identity to v1.16.1 [security]#34

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-azure-identity-vulnerability
Open

chore(deps): update dependency azure-identity to v1.16.1 [security]#34
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-azure-identity-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jun 12, 2024

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
azure-identity ==1.15.0==1.16.1 age confidence

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

CVE-2024-35255 / GHSA-m5vv-6r4h-3vj9

More information

Details

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Severity

  • CVSS Score: 6.8 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

Azure/azure-sdk-for-python (azure-identity)

v1.16.1

Compare Source

1.16.1 (2024-06-11)

Bugs Fixed
  • Managed identity bug fixes

v1.16.0

Compare Source

1.16.0 (2024-04-09)

Other Changes
  • For IMDS requests in ManagedIdentityCredential, the retry backoff factor was reduced from 2 to 0.8 in order to avoid excessive retry delays and improve responsiveness. Users can customize this setting with the retry_backoff_factor parameter: ManagedIdentityCredential(retry_backoff_factor=2). (#​35070)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner June 12, 2024 02:56
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants