Updating Azure-Identity Version for Vulnerability Fix
All Submissions:
- [YES] Have you added an explanation of what your changes do and why you'd like us to include them?
- [NO] I have updated the documentation accordingly.
- [YES] My code follows the code style of this project.
Current Behavior or Linked Issues
Azure-Identity is flagged for a security vulnerability with current version for instance-init:
| VulnerabilityName | CVEs | ScanResult |
|---|---|---|
| Python (Pip) Security Update for @azure/identity (GHSA-m5vv-6r4h-3vj9) | [CVE-2024-35255,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35255] | #table cols="5" Package Installed_Version Required_Version Language Install_Path azure-identity 1.10.0 1.16.1 Python usr/lib/python3.9/site-packages/azure__identity-1.10.0.dist-info/METADATA |
Updating to the specified version, to fix the vulnerabilities.
Testing:
Built a new docker image and installed the helm chart for osdu-instance-initialization as specified here
Pod was able to run and fetch tokens successfully:
Does this introduce a breaking change?
- [NO]
Other information
Edited by Ayushi Srivastava