chore(deps): update module github.com/azure/azure-sdk-for-go/sdk/azidentity to v1.6.0 [security] (release-2.9.x) - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/Azure/azure-sdk-for-go/sdk/azidentity	v1.2.0 -> v1.6.0

---

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

CVE-2024-35255 / GHSA-m5vv-6r4h-3vj9 / GO-2024-2918

More information

Details

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Severity

• CVSS Score: 5.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-35255
• https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340
• https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499
• https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d
• https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492
• https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53
• https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

CVE-2024-35255 / GHSA-m5vv-6r4h-3vj9 / GO-2024-2918

More information

Details

Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

Severity

Unknown

References

• https://github.com/advisories/GHSA-m5vv-6r4h-3vj9
• https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499
• https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 16 additional dependencies were updated

Details:

Package	Change
github.com/google/go-cmp	v0.5.9 -> v0.6.0
github.com/google/uuid	v1.3.0 -> v1.6.0
github.com/stretchr/testify	v1.8.4 -> v1.9.0
golang.org/x/crypto	v0.21.0 -> v0.24.0
golang.org/x/net	v0.23.0 -> v0.26.0
golang.org/x/sync	v0.3.0 -> v0.7.0
golang.org/x/sys	v0.18.0 -> v0.21.0
golang.org/x/text	v0.14.0 -> v0.16.0
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.2.0 -> v1.11.1
github.com/Azure/azure-sdk-for-go/sdk/internal	v1.1.1 -> v1.8.0
github.com/AzureAD/microsoft-authentication-library-for-go	v0.7.0 -> v1.2.2
github.com/pkg/browser	v0.0.0-20210911075715-681adbf594b8 -> v0.0.0-20240102092130-5ac0b6a4141c
github.com/stretchr/objx	v0.5.0 -> v0.5.2
golang.org/x/mod	v0.12.0 -> v0.17.0
golang.org/x/term	v0.18.0 -> v0.21.0
golang.org/x/tools	v0.11.0 -> v0.21.1-0.20240508182429-e35e4ccd0d2d

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.