Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Component governance] Bump the Azure.Identity dependency #51616

Merged
merged 2 commits into from
Nov 9, 2023
Merged

[Component governance] Bump the Azure.Identity dependency #51616

merged 2 commits into from
Nov 9, 2023

Conversation

amcasey
Copy link
Member

@amcasey amcasey commented Oct 24, 2023
edited
Loading

Backport of #51498 and #51524.

[Component governance] Bump the Azure.Identity dependency

Bump the version to address a Component Governance warning.

Description

This is an indirect dependency from Microsoft.Data.SqlClient. We could wait for their update to go through and bump that dependency instead.

Customer Impact

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414

Regression?

  • Yes
  • No

[If yes, specify the version the behavior has regressed from]

Risk

  • High
  • Medium
  • Low

[Justify the selection above]

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@amcasey amcasey requested review from captainsafia, halter73, wtgodbe and a team as code owners October 24, 2023 19:09
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-infrastructure Includes: MSBuild projects/targets, build scripts, CI, Installers and shared framework label Oct 24, 2023
@ghost ghost added this to the 7.0.x milestone Oct 24, 2023
@ghost
Copy link

ghost commented Oct 24, 2023

Hi @amcasey. If this is not a tell-mode PR, please make sure to follow the instructions laid out in the servicing process document.
Otherwise, please add tell-mode label.

@ghost
Copy link

ghost commented Oct 24, 2023

Hey @dotnet/aspnet-build, looks like this PR is something you want to take a look at.

@JamesNK
Copy link
Member

JamesNK commented Oct 26, 2023

@dotnet/aspnet-build What do we want to do here? The issue description provides two options: merge this, or wait for SqlClient to have the right dependency.

@wtgodbe
Copy link
Member

wtgodbe commented Oct 26, 2023

I think it's fine to take this PR, but we need to wait until the branches open again in November - I'll take care of doing that

@wtgodbe wtgodbe added tell-mode Indicates a PR which is being merged during tell-mode * NO MERGE * Do not merge this PR as long as this label is present. labels Oct 26, 2023
@ghost
Copy link

ghost commented Nov 3, 2023

Looks like this PR hasn't been active for some time and the codebase could have been changed in the meantime.
To make sure no conflicting changes have occurred, please rerun validation before merging. You can do this by leaving an /azp run comment here (requires commit rights), or by simply closing and reopening.

@ghost ghost added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Nov 3, 2023
@wtgodbe wtgodbe removed the * NO MERGE * Do not merge this PR as long as this label is present. label Nov 8, 2023
@wtgodbe
Copy link
Member

wtgodbe commented Nov 8, 2023

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@wtgodbe wtgodbe removed the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Nov 9, 2023
@wtgodbe wtgodbe merged commit 46ec285 into dotnet:release/7.0 Nov 9, 2023
23 checks passed
@ghost ghost modified the milestones: 7.0.x, 7.0.13 Nov 9, 2023
@amcasey amcasey mentioned this pull request Feb 1, 2024
Merged
@amcasey
Copy link
Member Author

amcasey commented Feb 1, 2024

/backport to branch release/8.0

@ghost
Copy link

ghost commented Feb 1, 2024

Hi @amcasey. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 1, 2024

Started backporting to branch: https://github.com/dotnet/aspnetcore/actions/runs/7748759642

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 1, 2024

@amcasey an error occurred while backporting to branch, please check the run log for details!

Error: The specified backport target branch branch wasn't found in the repo.

@amcasey
Copy link
Member Author

amcasey commented Feb 1, 2024

/backport to release/8.0

@ghost
Copy link

ghost commented Feb 1, 2024

Hi @amcasey. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 1, 2024

Started backporting to release/8.0: https://github.com/dotnet/aspnetcore/actions/runs/7748774322

@github-actions github-actions bot mentioned this pull request Feb 1, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wtgodbe wtgodbe wtgodbe approved these changes

@captainsafia captainsafia Awaiting requested review from captainsafia

@halter73 halter73 Awaiting requested review from halter73

Assignees
No one assigned
Labels
area-infrastructure Includes: MSBuild projects/targets, build scripts, CI, Installers and shared framework tell-mode Indicates a PR which is being merged during tell-mode
Projects
Servicing
Status: Done
Milestone
7.0.13
Development

Successfully merging this pull request may close these issues.
4 participants
@amcasey @JamesNK @wtgodbe @javiercn