search

grafana / pyroscope

Continuous Profiling Platform. Debug performance issues down to a single line of code
https://grafana.com/oss/pyroscope/
GNU Affero General Public License v3.0
9.64k stars 574 forks source link

[release/v1.6] Update azure identity #3367

Closed github-actions[bot] closed 1 week ago

github-actions[bot] commented 1 week ago

Backport 08bd31b140966e01696be3bff7ca073f952dc819 from #3366

This is reported by trivy:

┌──────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐
│                     Library                      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                         Title                         │
├──────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤
│ github.com/Azure/azure-sdk-for-go/sdk/azidentity │ CVE-2024-35255 │ MEDIUM   │ fixed  │ v1.5.1            │ 1.6.0         │ Azure Identity Libraries and Microsoft Authentication │
│                                                  │                │          │        │                   │               │ Library Elevation of Privilege Vulnerability          │
│                                                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-35255            │
└──────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘