-
Notifications
You must be signed in to change notification settings - Fork 582
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update azure identity #3366
Update azure identity #3366
Conversation
This is reported by trivy: ``` ┌──────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/Azure/azure-sdk-for-go/sdk/azidentity │ CVE-2024-35255 │ MEDIUM │ fixed │ v1.5.1 │ 1.6.0 │ Azure Identity Libraries and Microsoft Authentication │ │ │ │ │ │ │ │ Library Elevation of Privilege Vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35255 │ └──────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘ ```
This PR must be merged before a backport PR will be created. |
1 similar comment
This PR must be merged before a backport PR will be created. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is reported by trivy: ``` ┌──────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/Azure/azure-sdk-for-go/sdk/azidentity │ CVE-2024-35255 │ MEDIUM │ fixed │ v1.5.1 │ 1.6.0 │ Azure Identity Libraries and Microsoft Authentication │ │ │ │ │ │ │ │ Library Elevation of Privilege Vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35255 │ └──────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘ ``` (cherry picked from commit 08bd31b)
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-3366-to-release/v1.6 origin/release/v1.6
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 08bd31b140966e01696be3bff7ca073f952dc819 When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-3366-to-release/v1.6
# Create the PR body template
PR_BODY=$(gh pr view 3366 --json body --template 'Backport 08bd31b140966e01696be3bff7ca073f952dc819 from #3366{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title '[release/v1.6] Update azure identity' --body-file - --label 'type/bug' --label 'backport' --base release/v1.6 --milestone release/v1.6 --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-3366-to-release/v1.6
# Create a pull request where the `base` branch is `release/v1.6` and the `compare`/`head` branch is `backport-3366-to-release/v1.6`.
# Remove the local backport branch
git switch main
git branch -D backport-3366-to-release/v1.6 |
This is reported by trivy: ``` ┌──────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/Azure/azure-sdk-for-go/sdk/azidentity │ CVE-2024-35255 │ MEDIUM │ fixed │ v1.5.1 │ 1.6.0 │ Azure Identity Libraries and Microsoft Authentication │ │ │ │ │ │ │ │ Library Elevation of Privilege Vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35255 │ └──────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘ ``` (cherry picked from commit 08bd31b) Co-authored-by: Christian Simon <[email protected]>
This is reported by trivy: