Update azure identity #3366
Merged
Update azure identity #3366
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is reported by trivy: ``` ┌──────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/Azure/azure-sdk-for-go/sdk/azidentity │ CVE-2024-35255 │ MEDIUM │ fixed │ v1.5.1 │ 1.6.0 │ Azure Identity Libraries and Microsoft Authentication │ │ │ │ │ │ │ │ Library Elevation of Privilege Vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35255 │ └──────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘ ```
simonswine
added
type/bug
|
This PR must be merged before a backport PR will be created. |
1 similar comment
|
This PR must be merged before a backport PR will be created. |
github-actions bot
pushed a commit
that referenced
this pull request
Jun 19, 2024
This is reported by trivy: ``` ┌──────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/Azure/azure-sdk-for-go/sdk/azidentity │ CVE-2024-35255 │ MEDIUM │ fixed │ v1.5.1 │ 1.6.0 │ Azure Identity Libraries and Microsoft Authentication │ │ │ │ │ │ │ │ Library Elevation of Privilege Vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35255 │ └──────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘ ``` (cherry picked from commit 08bd31b)
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-3366-to-release/v1.6 origin/release/v1.6
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 08bd31b140966e01696be3bff7ca073f952dc819When the conflicts are resolved, stage and commit the changes: If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-3366-to-release/v1.6
# Create the PR body template
PR_BODY=$(gh pr view 3366 --json body --template 'Backport 08bd31b140966e01696be3bff7ca073f952dc819 from #3366{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title '[release/v1.6] Update azure identity' --body-file - --label 'type/bug' --label 'backport' --base release/v1.6 --milestone release/v1.6 --webOr, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-3366-to-release/v1.6
# Create a pull request where the `base` branch is `release/v1.6` and the `compare`/`head` branch is `backport-3366-to-release/v1.6`.
# Remove the local backport branch
git switch main
git branch -D backport-3366-to-release/v1.6 |
simonswine
added a commit
that referenced
this pull request
Jun 19, 2024
This is reported by trivy: ``` ┌──────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/Azure/azure-sdk-for-go/sdk/azidentity │ CVE-2024-35255 │ MEDIUM │ fixed │ v1.5.1 │ 1.6.0 │ Azure Identity Libraries and Microsoft Authentication │ │ │ │ │ │ │ │ Library Elevation of Privilege Vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35255 │ └──────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘ ``` (cherry picked from commit 08bd31b) Co-authored-by: Christian Simon <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is reported by trivy: