Skip to content

Update dependency azure-identity to v1.16.1 [SECURITY]#40

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/pypi-azure-identity-vulnerability
Open

Update dependency azure-identity to v1.16.1 [SECURITY]#40
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/pypi-azure-identity-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Feb 4, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
azure-identity ==1.13.0==1.16.1 age confidence

GitHub Vulnerability Alerts

CVE-2024-35255

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Severity
  • CVSS Score: 6.8 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Release Notes

Azure/azure-sdk-for-python (azure-identity)

v1.16.1

Compare Source

1.16.1 (2024-06-11)

Bugs Fixed
  • Managed identity bug fixes

v1.16.0

Compare Source

1.16.0 (2024-04-09)

Other Changes
  • For IMDS requests in ManagedIdentityCredential, the retry backoff factor was reduced from 2 to 0.8 in order to avoid excessive retry delays and improve responsiveness. Users can customize this setting with the retry_backoff_factor parameter: ManagedIdentityCredential(retry_backoff_factor=2). (#​35070)

v1.15.0

Compare Source

1.15.0 (2026-02-03)
Bugs Fixed
  • Prevent recursive stdout/stderr forwarding when NodeLogManager is nested, avoiding RecursionError in concurrent evaluation runs.

v1.14.1

Compare Source

1.14.1 (2023-10-09)

Bugs Fixed
  • Bug fixes for developer credentials

v1.14.0

Compare Source

1.14.0 (2026-01-05)
Bugs Fixed
  • Updated CodeVulnerability and UngroundedAttributes evaluators for RedTeam to use the binary true/false scoring pattern so their results align with service responses.
  • Fixed GroundednessEvaluator with query not honoring is_reasoning_model (and credential) when reloading the query prompty, which could cause max_tokens to be sent to reasoning models. #​44385

Configuration

📅 Schedule: (in timezone Europe/London)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Feb 4, 2026
@renovate renovate Bot force-pushed the renovate/pypi-azure-identity-vulnerability branch from 8dfcb08 to 63627c4 Compare March 14, 2026 10:04
@renovate renovate Bot changed the title chore(deps): update dependency azure-identity to v1.16.1 [security] Update dependency azure-identity to v1.16.1 [SECURITY] Apr 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants