ADAL package, which is EOL, included in latest az-cli

[bebound]

On Linux find /usr -name "*adal" yields /usr/lib64/az/lib/python3.9/site-packages/adal (NOTE: This package is installed by the az-cli package install)

On Windows, the find command returned the package at ./Program Files/Microsoft SDKs/Azure/CLI2/Lib/site-packages/adal

Having an EOL package installed with the distribution introduces vulnerabilities into the environment as that package can still be referenced. This package has been EOL since December 2022

Please remove the EOL package. If, for some reason, you feel that you need to make this library available I would recommend that you put it in a separate package (e.g. az-cli-deprecated )

[github-actions[bot]]

This issue is related to security. Please pay attention.