Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency @azure/ms-rest-nodeauth to v3 #160

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mend-for-github.aaakk.us.kg[bot]
Copy link

@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot commented Apr 28, 2021

This PR contains the following updates:

Package Type Update Change
@azure/ms-rest-nodeauth dependencies major 2.0.3 -> 3.0.8

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.8 CVE-2021-28458 #158

Release Notes

Azure/ms-rest-nodeauth

v3.0.8

  • Fix command injection in core function execAz() by replacing exec() with execFile() - CVE-2021-28458

v3.0.7

  • Updated doc comments on all exported members to follow TSDoc for better API reference documentation.

v3.0.6

  • Fixed a bug where buildTenantsList will throw an error when it can't list tenants
  • Added instructions for authenticating with an existing token

v3.0.5

  • The helper method buildTenantList is made public. This is helpful if one needs to get the Ids of all the tenants in the account programmatically.
  • A new method setDomain() which takes the Id of a tenant is now available on all credentials. Use this to change the domain i.e. the tenant against which tokens are created.
  • Fixed typos in error messages.
  • Added support for passing a clientId property in the options parameter of the MSI based login method loginWithAppServiceMSI(). This is required to allow user-assigned managed identities to be used to authenticate through Azure App Services and Azure Functions.
  • Added support for the IDENTITY_ENDPOINT and IDENTITY_SECRET when using the MSIAppServiceTokenCredentials credentials.

v3.0.4

  • Through a mistake of release automation, a CI job from PR #​91 got shipped by accident.

v3.0.3

  • Fixed a bug where the callback to loginWithServicePrincipalSecretWithAuthResponse is sometimes not called.
    For more details, see PR 77

v3.0.2

  • Fix bug prevent tenant IDs from being discovered on auth

v3.0.1

  • Updated the dependency adal-node to version ^0.2.0. This fixes customer issue: 125.

v3.0.0

  • Breaking change:
    • Updated min version of dependency @azure/ms-rest-js from ^1.8.13 to ^2.0.4 there by fixing #​67.

v2.0.6

  • Fixed a bug where buildTenantsList will throw an error when it can't list tenants
  • Added instructions for authenticating with an existing token

v2.0.5

  • Fixed a bug where the callback to loginWithServicePrincipalSecretWithAuthResponse is sometimes not called.
  • Fix bug prevent tenant IDs from being discovered on auth
  • Reduce number of Promise object allocations inside async functions.

v2.0.4

  • Rolled back the min version of dependency @azure/ms-rest-js from ^2.0.3 to ^1.8.13 thereby fixing #​69.

  • If you want to rebase/retry this PR, click this checkbox.

@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot added the security fix Security fix generated by WhiteSource label Apr 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants