Altinn / altinn-application-owner-system

A reference implementation of a system for app owners, that can react to events, fetch data and update app status.
MIT License
5 stars 4 forks source link

Update dependency Azure.Identity to 1.11.4 [SECURITY] #31

Open renovate[bot] opened 3 months ago

renovate[bot] commented 3 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Azure.Identity (source) 1.8.0 -> 1.11.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-36414

Azure Identity SDK is vulnerable to remote code execution.

CVE-2024-29992

Azure Identity Library for .NET Information Disclosure Vulnerability

CVE-2024-35255

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.


Release Notes

Azure/azure-sdk-for-net (Azure.Identity) ### [`v1.11.4`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.11.4) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.11.3...Azure.Identity_1.11.4) #### 1.11.4 (2024-06-10) ##### Bugs Fixed - Managed identity bug fixes ### [`v1.11.3`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.11.3) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.11.2...Azure.Identity_1.11.3) #### 1.11.3 (2024-05-07) ##### Bugs Fixed - Fixed a regression in `DefaultAzureCredential` probe request behavior for IMDS managed identity environments. [#​43796](https://redirect.github.com/Azure/azure-sdk-for-net/issues/43796) ### [`v1.11.2`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.11.2) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.11.1...Azure.Identity_1.11.2) #### 1.11.2 (2024-04-19) ##### Bugs Fixed - Fixed an issue which caused claims to be incorrectly added to confidential client credentials such as `DeviceCodeCredential` [#​43468](https://redirect.github.com/Azure/azure-sdk-for-net/issues/43468) ### [`v1.11.1`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.11.1) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.11.0...Azure.Identity_1.11.1) #### 1.11.1 (2024-05-07) ##### Other Changes - Updated Microsoft.Identity.Client and related dependencies to version 4.60.3 ### [`v1.11.0`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.11.0) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.10.4...Azure.Identity_1.11.0) #### 1.11.0 (2024-04-09) ##### Bugs Fixed - `AzurePowerShellCredential` now handles the case where it falls back to legacy PowerShell without relying on the error message string. ##### Breaking Changes - `DefaultAzureCredential` now sends a probe request with no retries for IMDS managed identity environments to avoid excessive retry delays when the IMDS endpoint is not available. This should improve credential chain resolution for local development scenarios. See [BREAKING_CHANGES.md](https://redirect.github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/BREAKING_CHANGES.md#1110). ### [`v1.10.4`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.4) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.10.3...Azure.Identity_1.10.4) #### 1.10.4 (2023-11-13) ##### Other Changes - Distributed tracing with `ActivitySource` is stable and no longer requires the [Experimental feature-flag](https://redirect.github.com/Azure/azure-sdk-for-net/blob/main/sdk/core/Azure.Core/samples/Diagnostics.md). ### [`v1.10.3`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.3) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.10.2...Azure.Identity_1.10.3) #### 1.10.3 (2023-10-18) ##### Bugs Fixed - `ManagedIdentityCredential` will now correctly retry when the instance metadata endpoint returns a 410 response. [#​28568](https://redirect.github.com/Azure/azure-sdk-for-net/issues/28568) ##### Other Changes - Updated Microsoft.Identity.Client dependency to version 4.56.0 ### [`v1.10.2`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.2) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.10.1...Azure.Identity_1.10.2) #### 1.10.2 (2023-10-10) ##### Bugs Fixed - Bug fixes for development time credentials. ### [`v1.10.1`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.1) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.10.0...Azure.Identity_1.10.1) #### 1.10.1 (2023-09-12) ##### Bugs Fixed - `ManagedIdentityCredential` will fall through to the next credential in the chain in the case that Docker Desktop returns a 403 response when attempting to access the IMDS endpoint. [#​38218](https://redirect.github.com/Azure/azure-sdk-for-net/issues/38218) - Fixed an issue where interactive credentials would still prompt on the first GetToken request even when the cache is populated and an AuthenticationRecord is provided. [#​38431](https://redirect.github.com/Azure/azure-sdk-for-net/issues/38431) ### [`v1.10.0`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.0) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.9.0...Azure.Identity_1.10.0) #### 1.10.0 (2023-08-14) ##### Features Added - Added `BrowserCustomization` property to `InteractiveBrowserCredential` to enable web view customization for interactive authentication. ##### Bugs Fixed - ManagedIdentityCredential will no longer attempt to parse invalid json payloads on responses from the managed identity endpoint. - Fixed an issue where AzurePowerShellCredential fails to parse the token response from Azure PowerShell. [#​22638](https://redirect.github.com/Azure/azure-sdk-for-net/issues/22638) ### [`v1.9.0`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.ResourceManager.Resources_1.9.0) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.8.2...Azure.Identity_1.9.0) #### 1.9.0 (2024-09-24) ##### Features Added - Added `DataBoundary` support. ### [`v1.8.2`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.2) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.8.1...Azure.Identity_1.8.2) #### 1.8.2 (2023-02-08) ##### Bugs Fixed - Fixed error message parsing in `AzurePowerShellCredential` which would misinterpret AAD errors with the need to install PowerShell. [#​31998](https://redirect.github.com/Azure/azure-sdk-for-net/issues/31998) - Fix regional endpoint validation error when using `ManagedIdentityCredential`. \[[#​32498](https://redirect.github.com/Azure/azure-sdk-for-net/issues/32498)])([https://github.com/Azure/azure-sdk-for-net/issues/32498](https://redirect.github.com/Azure/azure-sdk-for-net/issues/32498)) ### [`v1.8.1`](https://redirect.github.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.1) [Compare Source](https://redirect.github.com/Azure/azure-sdk-for-net/compare/Azure.Identity_1.8.0...Azure.Identity_1.8.1) #### 1.8.1 (2023-01-13) ##### Bugs Fixed - Fixed an issue when using `ManagedIdentityCredential` in combination with authorities other than Azure public cloud that resulted in a incorrect instance metadata validation error. [#​32498](https://redirect.github.com/Azure/azure-sdk-for-net/issues/32498)

Configuration

πŸ“… Schedule: Branch creation - "" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.