Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Component governance] Bump the Azure.Identity dependency #51612

Merged
merged 2 commits into from Nov 9, 2023
Merged

[Component governance] Bump the Azure.Identity dependency #51612

merged 2 commits into from Nov 9, 2023

Conversation

amcasey
Copy link
Member

@amcasey amcasey commented Oct 24, 2023
edited

Backport of #51498 and #51524.

[Component governance] Bump the Azure.Identity dependency

Bump the version to address a Component Governance warning.

Description

This is an indirect dependency from Microsoft.Data.SqlClient. We could wait for their update to go through and bump that dependency instead.

Customer Impact

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414

Regression?

  • Yes
  • No

[If yes, specify the version the behavior has regressed from]

Risk

  • High
  • Medium
  • Low

[Justify the selection above]

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@dotnet-issue-labeler dotnet-issue-labeler bot added the area-infrastructure Includes: MSBuild projects/targets, build scripts, CI, Installers and shared framework label Oct 24, 2023
@ghost ghost added this to the 6.0.x milestone Oct 24, 2023
@ghost
Copy link

ghost commented Oct 24, 2023

Hi @amcasey. If this is not a tell-mode PR, please make sure to follow the instructions laid out in the servicing process document.
Otherwise, please add tell-mode label.

@ghost ghost added this to In Progress in Servicing Oct 24, 2023
@ghost
Copy link

ghost commented Oct 24, 2023

Hey @dotnet/aspnet-build, looks like this PR is something you want to take a look at.

@JamesNK
Copy link
Member

JamesNK commented Oct 26, 2023
edited

@dotnet/aspnet-build What do we want to do here? The issue description provides two options: merge this, or wait for SqlClient to have the right dependency.

@wtgodbe wtgodbe added the * NO MERGE * Do not merge this PR as long as this label is present. label Oct 26, 2023
@wtgodbe
Copy link
Member

wtgodbe commented Oct 26, 2023

I think it's fine to take this PR, but we need to wait until the branches open again in November - I'll take care of doing that

@wtgodbe wtgodbe added the tell-mode Indicates a PR which is being merged during tell-mode label Oct 26, 2023
@ghost
Copy link

ghost commented Nov 3, 2023

Looks like this PR hasn't been active for some time and the codebase could have been changed in the meantime.
To make sure no conflicting changes have occurred, please rerun validation before merging. You can do this by leaving an /azp run comment here (requires commit rights), or by simply closing and reopening.

@ghost ghost added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Nov 3, 2023
@wtgodbe
Copy link
Member

wtgodbe commented Nov 8, 2023

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

@build-analysis build-analysis bot mentioned this pull request Nov 9, 2023
Closed
3 tasks
@wtgodbe wtgodbe merged commit 4529d66 into dotnet:release/6.0 Nov 9, 2023
23 checks passed
Servicing automation moved this from In Progress to Done Nov 9, 2023
@wtgodbe wtgodbe removed * NO MERGE * Do not merge this PR as long as this label is present. pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun labels Nov 9, 2023
@ghost ghost modified the milestones: 6.0.x, 6.0.24 Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wtgodbe wtgodbe wtgodbe approved these changes

@captainsafia captainsafia Awaiting requested review from captainsafia captainsafia is a code owner

@halter73 halter73 Awaiting requested review from halter73 halter73 is a code owner

Assignees
No one assigned
Labels
area-infrastructure Includes: MSBuild projects/targets, build scripts, CI, Installers and shared framework tell-mode Indicates a PR which is being merged during tell-mode
Projects
Servicing
Done
Milestone
6.0.24
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@amcasey @JamesNK @wtgodbe @javiercn