Skip to content

Update dependency azure-identity to v1.16.1 [SECURITY] #620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency azure-identity to v1.16.1 [SECURITY] #620

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 13, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
azure-identity ==1.4.0 -> ==1.16.1 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-35255

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Release Notes

Azure/azure-sdk-for-python (azure-identity)

v1.16.1

Compare Source

1.16.1 (2024-06-11)
Bugs Fixed
  • Managed identity bug fixes

v1.16.0

Compare Source

1.16.0 (2024-04-09)
Other Changes
  • For IMDS requests in ManagedIdentityCredential, the retry backoff factor was reduced from 2 to 0.8 in order to avoid excessive retry delays and improve responsiveness. Users can customize this setting with the retry_backoff_factor parameter: ManagedIdentityCredential(retry_backoff_factor=2). (#​35070)

v1.15.0

Compare Source

1.15.0 (2023-10-26)
Features Added
Bugs Fixed
  • Fixed issue InteractiveBrowserCredential does not hand over to next credential in chain if no browser is supported.(#​32276)

v1.14.1

Compare Source

1.14.1 (2023-10-09)
Bugs Fixed
  • Bug fixes for developer credentials

v1.14.0

Compare Source

1.14.0 (2023-08-08)
Features Added
  • Continuous Access Evaluation (CAE) is now configurable per-request by setting the enable_cae keyword argument to True in get_token. This applies to user credentials and service principal credentials. (#​30777)
Breaking Changes
  • CP1 client capabilities for CAE is no longer always-on by default for user credentials. This capability will now be configured as-needed in each get_token request by each SDK. (#​30777)
    • Suffixes are now appended to persistent cache names to indicate whether CAE or non-CAE tokens are stored in the cache. This is to prevent CAE and non-CAE tokens from being mixed/overwritten in the same cache. This could potentially cause issues if you are trying to share the same cache between applications that are using different versions of the Azure Identity library as each application would be reading from a different cache file.
    • Since CAE is no longer always enabled for user-credentials, the AZURE_IDENTITY_DISABLE_CP1 environment variable is no longer supported.
Bugs Fixed
  • Credential types correctly implement azure-core's TokenCredential protocol. (#​25175)

v1.13.0

Compare Source

1.13.0 (2023-05-11)
Breaking Changes

These changes do not impact the API of stable versions such as 1.12.0.
Only code written against a beta version such as 1.13.0b4 may be affected.

  • Windows Web Account Manager (WAM) Brokered Authentication is still in preview and not available in this release. It will be available in the next beta release.
  • Additional Continuous Access Evaluation (CAE) support for service principal credentials is still in preview and not available in this release. It will be available in the next beta release.
  • Renamed keyword argument developer_credential_timeout to process_timeout in DefaultAzureCredential to remain consistent with the other credentials that launch a subprocess to acquire tokens.

v1.12.0

Compare Source

1.12.0 (2022-11-08)
Bugs Fixed
  • AzureCliCredential now works even when az prints warnings to stderr. (#​26857) (thanks to @​micromaomao for the contribution)
  • Fixed issue where user-supplied TokenCachePersistenceOptions weren't propagated when using SharedTokenCacheCredential (#​26982)
Breaking Changes
  • Excluded VisualStudioCodeCredential from DefaultAzureCredential token chain by default as SDK
    authentication via Visual Studio Code is broken due to
    issue #​23249. The VisualStudioCodeCredential will be
    re-enabled in the DefaultAzureCredential flow once a fix is in place.
    Issue #​25713 tracks this. In the meantime
    Visual Studio Code users can authenticate their development environment using the Azure CLI.
Other Changes
  • Added Python 3.11 support and stopped supporting Python 3.6.

v1.11.0

Compare Source

1.11.0 (2022-09-19)
Features Added
  • Added additionally_allowed_tenants to the following credential options to force explicit opt-in behavior for multi-tenant authentication:
    • AuthorizationCodeCredential
    • AzureCliCredential
    • AzurePowerShellCredential
    • CertificateCredential
    • ClientAssertionCredential
    • ClientSecretCredential
    • DefaultAzureCredential
    • OnBehalfOfCredential
    • UsernamePasswordCredential
    • VisualStudioCodeCredential
Breaking Changes
  • Credential types supporting multi-tenant authentication will now throw ClientAuthenticationError if the requested tenant ID doesn't match the credential's tenant ID, and is not included in additionally_allowed_tenants. Applications must now explicitly add additional tenants to the additionally_allowed_tenants list, or add '*' to list, to enable acquiring tokens from tenants other than the originally specified tenant ID.

More information on this change and the consideration behind it can be found here.

  • These beta features in 1.11.0b3 have been removed from this release and will be added back in 1.12.0b1
    • tenant_id for AzureCliCredential
    • removed VisualStudioCodeCredential from DefaultAzureCredential token chain
    • AZURE_CLIENT_CERTIFICATE_PASSWORD support for EnvironmentCredential
    • validate_authority support

v1.10.0

Compare Source

1.10.0 (2022-04-28)
Breaking Changes

These changes do not impact the API of stable versions such as 1.9.0.
Only code written against a beta version such as 1.10.0b1 may be affected.

  • validate_authority support is not available in 1.10.0.
Other Changes
  • Supported msal-extensions version 1.0.0 (#​23927)

v1.9.0

Compare Source

1.9.0 (2022-04-05)
Features Added
  • Added PII logging if logging.DEBUG is enabled. (#​23203)
Breaking Changes
  • validate_authority support is not available in 1.9.0.
Bugs Fixed
  • Added check on content from msal response. (#​23483)
  • Fixed the issue that async OBO credential does not refresh correctly. (#​21981)
Other Changes
  • Removed resource_id, please use identity_config instead.
  • Renamed argument name get_assertion to func for ClientAssertionCredential.

v1.8.0

Compare Source

1.8.0 (2025-09-08)
Features Added
  • Added configuration changes for RateLimited Sampler
    (#​41976)

v1.7.1

Compare Source

1.7.1 (2021-11-09)
Bugs Fixed
  • Fix multi-tenant auth using async AadClient (#​21289)

v1.7.0

Compare Source

1.7.0 (2025-08-21)
Features Added
  • Updated README to specify the python version supported by the distro.
    (#​42464)
Bugs Fixed

v1.6.1

Compare Source

1.6.1 (2021-08-19)
Other Changes
  • Persistent cache implementations are now loaded on demand, enabling
    workarounds when importing transitive dependencies such as pywin32
    fails
    (#​19989)

v1.6.0

Compare Source

1.6.0 (2025-07-02)
Other Changes
  • ARMChallengeAuthenticationPolicy adopt on_challenge in BearerTokenCredentialPolicy of azure-core to support complete CAE challenges.
  • Python 3.8 is no longer supported. Please use Python version 3.9 or later.

v1.5.0

Compare Source

1.5.0 (2020-11-11)
Breaking Changes
  • Renamed optional CertificateCredential keyword argument send_certificate
    (added in 1.5.0b1) to send_certificate_chain
  • Removed user authentication APIs added in prior betas. These will be
    reintroduced in 1.6.0b1. Passing the keyword arguments below
    generally won't cause a runtime error, but the arguments have no effect.
    (#​14601)
    • Removed authenticate method from DeviceCodeCredential,
      InteractiveBrowserCredential, and UsernamePasswordCredential
    • Removed allow_unencrypted_cache and enable_persistent_cache keyword
      arguments from CertificateCredential, ClientSecretCredential,
      DeviceCodeCredential, InteractiveBrowserCredential, and
      UsernamePasswordCredential
    • Removed disable_automatic_authentication keyword argument from
      DeviceCodeCredential and InteractiveBrowserCredential
    • Removed allow_unencrypted_cache keyword argument from
      SharedTokenCacheCredential
    • Removed classes AuthenticationRecord and AuthenticationRequiredError
  • Removed identity_config keyword argument from ManagedIdentityCredential
    (was added in 1.5.0b1)
Changed
  • DeviceCodeCredential parameter client_id is now optional. When not
    provided, the credential will authenticate users to an Azure development
    application.
    (#​14354)
  • Credentials raise ValueError when constructed with tenant IDs containing
    invalid characters
    (#​14821)
  • Raised minimum msal version to 1.6.0
Added
Fixed
  • Prevent VisualStudioCodeCredential using invalid authentication data when
    no user is signed in to Visual Studio Code
    (#​14438)
  • ManagedIdentityCredential uses the API version supported by Azure Functions
    on Linux consumption hosting plans
    (#​14670)
  • InteractiveBrowserCredential.get_token() raises a clearer error message when
    it times out waiting for a user to authenticate on Python 2.7
    (#​14773)

v1.4.1

Compare Source

1.4.1 (2025-01-14)

Other Changes
  • Internal updates for linting and typing improvements.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants