Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency azure-identity to v1.16.1 [SECURITY] - autoclosed #561

Closed
wants to merge 1 commit into from
Closed

Update dependency azure-identity to v1.16.1 [SECURITY] - autoclosed #561

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jun 11, 2024
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
azure-identity (source) ==1.4.0 -> ==1.16.1 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-35255

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Release Notes

Azure/azure-sdk-for-python (azure-identity)

v1.16.1

1.16.1 (2024-06-11)
Bugs Fixed
  • Managed identity bug fixes

v1.16.0

1.16.0 (2024-05-14)

Features Added
  • Add experimental support for working with Promptflow evaluators: ml_client.evaluators.
  • Many changes to the Connection entity class and its associated operations.
  • Workspace Connection list, get, and create_or_update operations now include an optional populate_secrets input, which causes the operations to try making a secondary call to fill in the returned connections' credential info if possible. Only works with api key-based credentials for now.
  • Many workspace connection subtypes added. The full list of subclasses is now:
    • AzureBlobStoreConnection
    • AzureBlobStoreConnection
    • MicrosoftOneLakeConnection
    • AzureOpenAIConnection
    • AzureAIServicesConnection
    • AzureAISearchConnection
    • AzureContentSafetyConnection
    • AzureSpeechServicesConnection
    • APIKeyConnection
    • OpenAIConnection
    • SerpConnection
    • ServerlessConnection
  • Many workspace connections only accept api keys or entra ids for credentials. Since Entra IDs require not inputs, these have been refactored to not required a full credential object. Instead they only accept an api_key as a top-level input, and default to an entra credential otherwise. Their YAML schemas have been similarly altered.
  • Client-side credential-type validation added for some workspace connection types.
  • Added new credential type: AadCredentialConfiguration
  • Renamed WorkspaceHub class as Hub.
  • Added Project entity class and YAML support.
  • Project and Hub operations supported by workspace operations.
  • workspace list operation supports type filtering.
  • Add support for Microsoft Entra token (aad_token) auth in invoke and get-credentials operations.
  • Add experimental support for working with indexes: ml_client.indexes
Breaking Changes
  • Removed WorkspaceHubConfig entity, and renamed WorkspaceHub to Hub.
  • workspace_hub input of Workspace class hidden, renamed to hub_id, and re-surfaced in child class Project.
  • Removed Workspace Hub Operations from ML Client.

v1.15.0

1.15.0 (2023-10-26)

Features Added
Bugs Fixed
  • Fixed issue InteractiveBrowserCredential does not hand over to next credential in chain if no browser is supported.(#​32276)

v1.14.1

1.14.1 (2023-10-09)

Bugs Fixed
  • Bug fixes for developer credentials

v1.14.0

1.14.0 (2021-05-13)

New Features
  • Added azure.core.credentials.AzureNamedKeyCredential credential #​17548.
  • Added decompress parameter for stream_download method. If it is set to False, will not do decompression upon the stream. #​17920

v1.13.0

1.13.0 (2021-04-02)

Azure core requires Python 2.7 or Python 3.6+ since this release.

New Features
  • Added azure.core.utils.parse_connection_string function to parse connection strings across SDKs, with common validation and support for case insensitive keys.
  • Supported adding custom policies #​16519
  • Added ~azure.core.tracing.Link that should be used while passing Links to AbstractSpan.
  • AbstractSpan constructor can now take in additional keyword only args.
Bug fixes
  • Make NetworkTraceLoggingPolicy show the auth token in plain text. #​14191
  • Fixed RetryPolicy overriding default connection timeout with an extreme value #​17481

v1.12.0

1.12.0 (2021-03-08)

This version will be the last version to officially support Python 3.5, future versions will require Python 2.7 or Python 3.6+.

Features
  • Added azure.core.messaging.CloudEvent model that follows the cloud event spec.
  • Added azure.core.serialization.NULL sentinel value
  • Improve reprs for HttpRequest and HttpResponses #​16972
Bug Fixes

v1.11.0

1.11.0 (2021-02-08)

Features
  • Added CaseInsensitiveEnumMeta class for case-insensitive enums. #​16316
  • Add raise_for_status method onto HttpResponse. Calling response.raise_for_status() on a response with an error code
    will raise an HttpResponseError. Calling it on a good response will do nothing #​16399
Bug Fixes
  • Update conn.conn_kw rather than overriding it when setting block size. (thanks for @​jiasli for the contribution) #​16587

v1.10.0

1.10.0 (2021-01-11)

Features
  • Added AzureSasCredential and its respective policy. #​15946

v1.9.0

1.9.0 (2020-11-09)

Features
  • Add a continuation_token attribute to the base AzureError exception, and set this value for errors raised
    during paged or long-running operations.
Bug Fixes
  • Set retry_interval to 1 second instead of 1000 seconds (thanks vbarbaresi for contributing) #​14357

v1.8.0

1.8.0 (2022-03-01)

Bugs Fixed

  • Handle injected "tenant_id" and "claims" (#​23138)

    "tenant_id" argument in get_token() method is only supported by:

    • AuthorizationCodeCredential
    • AzureCliCredential
    • AzurePowerShellCredential
    • InteractiveBrowserCredential
    • DeviceCodeCredential
    • EnvironmentCredential
    • UsernamePasswordCredential

    it is ignored by other types of credentials.

Other Changes
  • Python 2.7 is no longer supported. Please use Python version 3.6 or later.

v1.7.1

1.7.1 (2021-11-09)

Bugs Fixed
  • Fix multi-tenant auth using async AadClient (#​21289)

v1.7.0

1.7.0 (2021-10-14)

Breaking Changes

These changes do not impact the API of stable versions such as 1.6.0.
Only code written against a beta version such as 1.7.0b1 may be affected.

  • The allow_multitenant_authentication argument has been removed and the default behavior is now as if it were true.
    The multitenant authentication feature can be totally disabled by setting the environment variable
    AZURE_IDENTITY_DISABLE_MULTITENANTAUTH to True.
  • azure.identity.RegionalAuthority is removed.
  • regional_authority argument is removed for CertificateCredential and ClientSecretCredential.
  • AzureApplicationCredential is removed.
  • client_credential in the ctor of OnBehalfOfCredential is removed. Please use client_secret or client_certificate instead.
  • Make user_assertion in the ctor of OnBehalfOfCredential a keyword only argument.

v1.6.1

1.6.1 (2021-08-19)
Other Changes
  • Persistent cache implementations are now loaded on demand, enabling
    workarounds when importing transitive dependencies such as pywin32
    fails
    (#​19989)

v1.6.0

1.6.0 (2023-05-03)

Features Added
  • Added experimental scatter gather node to DSL package. This node has a unique mldesigner dependency.
  • Added support to make JobService and ServiceInstance objects serializable when printed
  • Support Singularity compute in pipeline job
  • Added purge operation support for workspace resource
  • Added Feature Store, its dedicated classes and updated the docstrings, now available in public interface. The classes added are FeatureStoreOperations, FeatureSetOperations, FeatureStoreEntityOperations with properties classes specific to the new features.
  • Support additional_includes in command component
  • Added experimental distribution: ray support in command job.
Bugs Fixed
  • Fixed issue where show_progress=False was not being respected for uploads when set via MLClient
  • Fixed issue of spark input/output mode validation doesn't take effect because of wrong type assertion
  • Fixed the bug when setting node.limits.timeout to a pipeline input.
  • Removed Experimental Tag from Idle Shutdown, Custom Applications, Setup Scripts, and Image Metadata on Compute Instances.
  • Removed Experimental Tag from JobService classes
Breaking Changes
  • Renamed JobServiceBase.job_service_type to type
Other Changes
  • Remove the default placeholder for CommandComponent.code

v1.5.0

1.5.0 (2023-03-20)

Features Added
  • Added support for tags on Compute Resources.
  • Added support for promoting data asset from a workspace to a registry
  • Added support for registering named asset from job output or node output by specifying name and version settings.
  • Added support for data binding on outputs inside dynamic arguments for dsl pipeline
  • Added support for serverless compute in pipeline, command, automl and sweep job
  • Added support for job_tier and priority in standalone job
  • Added support for passing locations via command function and set it to JobResourceConfiguration.locations
  • Added support for modifying SSH key values after creation on Compute Resources.
  • Added WorkspaceConnection types s3, snowflake, azure_sql_db, azure_synapse_analytics, azure_my_sql_db, azure_postgres_db
  • Added WorkspaceConnection auth type access_key for s3
  • Added DataImport class and DataOperations.import_data.
  • Added DataOperations.list_materialization_status - list status of data import jobs that create asset versions via asset name.
Bugs Fixed
  • Fix experiment name wrongly set to 'Default' when schedule existing job.
  • Error message improvement when a local path fails to match with data asset type.
  • Error message improvement when an asset does not exist in a registry
  • Fix an issue when submit spark pipeline job with referring a registered component
  • Fix an issue that prevented Job.download from downloading the output of a BatchJob
Other Changes
  • Added dependency on azure-mgmt-resource
  • Added dependency on azure-mgmt-resourcegraph
  • Added dependency on opencensus-ext-azure<2.0.0
  • Update job types to use MFE Dec preview rest objects.
  • Added classifiers for Python version 3.11.
  • Added warning for reserved keywords in IO names in pipeline job nodes.
  • Added telemetry logging for SDK Jupyter Notebook scenarios with opt-out option (see README.md)

v1.4.1

1.4.1 (2020-10-07)
Fixed
  • AzureCliCredential.get_token correctly sets token expiration time,
    preventing clients from using expired tokens
    (#​14345)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update dependency azure-identity to v1.16.1 [SECURITY] Update dependency azure-identity to v1.16.1 [SECURITY] - autoclosed Aug 6, 2024
@renovate renovate bot closed this Aug 6, 2024
@renovate renovate bot deleted the renovate/pypi-azure-identity-vulnerability branch August 6, 2024 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants