chore(deps): update dependency azure.identity to 1.11.4 [security] - autoclosed #2538
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
Thank you for your contribution! 🙏 We will review it as soon as possible. |
|
Hey Tom, we are in need of a release to address some CVEs. A major release will be tough to get to, since I need some time to extensively test my batch scraping PR. Is there any chance you can cut a minor release? |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate-nuget-azure.identity-vulnerability
branch
2 times, most recently
from
d2af3a3 to
d60727a
Compare
|
I think this should be mergable once you get the resource discovery test fix from master. It'd be great if you can cut a minor release with this and the .NET version bump: #2517 My thought is to create two releases. A minor one with just the version bumps, and a major one with this batch scraping PR: #2459 afterwards. Just in case things go wrong on the later :) |
renovate
bot
force-pushed
the
renovate-nuget-azure.identity-vulnerability
branch
5 times, most recently
from
69cc1b5 to
9fc010b
Compare
Given Batch is already merged, this is going to be more painful to do a patch so let's just roll forward in case of an issue. |
|
/azp run Promitor CI - Scraper Agent |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
@tomkerkhove you need to re-run these pipelines a few more times if you want to have them all passing. We got throttled on Resource Discovery Agent, and Scraper Agent is failing due to flaky OTEL Collector tests. Let me know if you want help on this. |
|
@hkfgo Sadly they have been failing more than passing (did not get it to pass after 3-4 runs even) since we added batch support. Can you please have a look what is up? |
renovate
bot
force-pushed
the
renovate-nuget-azure.identity-vulnerability
branch
from
9fc010b to
7671614
Compare
|
/azp run Promitor CI - Scraper Agent |
|
Commenter does not have sufficient privileges for PR 2538 in repo tomkerkhove/promitor |
|
Well, I've filed an issue here already: #2553. I think collector tests became flaky recently. Unlikely due to how tests themselves are written I'm guessing, but rather how the underlying test components are set up? It'd definitely save a lot of headache to get that resolved, but for now I think we just have to re-run CI multiple times. I don't think I have the privilege to re-run CI here; I'm guessing CI on someone else's PR can only re-run by that person or the maintainer? I'll try to open a separate PR then |
|
I seemed to get a clean PR here but that's because the Azure Devops steps never actually ran :/ I tried troubleshooting for a few hrs but no luck, those pipelines never got triggered even though they should based on config. (sorry about all those junk PRs for testing btw). I think there are a few options we can take right now:
Let me know what you think? Thanks! |
renovate
bot
changed the title
This PR contains the following updates:
1.11.3->1.11.4GitHub Vulnerability Alerts
CVE-2024-35255
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.
Release Notes
Azure/azure-sdk-for-net (Azure.Identity)
v1.11.4Compare Source
1.11.4 (2024-06-10)
Bugs Fixed
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.