Comments (9)
Thank you for opening this issue, we will look into it.
from azure-cli.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.
from azure-cli.
I note that MSAL has been used since CLI v2.30.0:
https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli#november-02-2021
Since ADAL hasn't been used for authentication in the CLI since 2021, it seems safe to remove the python ADAL package entirely.
from azure-cli.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @adamedx.
from azure-cli.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.
from azure-cli.
Does the fact that Microsoft is installing a vulnerable library change the priority?
from azure-cli.
If az-cli isn't being updated to remove EOL libraries, I guess it means that it is effectively unsupported. I've leave this open for a bit in case anyone has any follow-up comments, and then close it.
from azure-cli.
Azure CLI Core removed the dependency on ADAL in #19853.
However, adal
is indeed installed. pipdeptree
shows it is installed by azure-datalake-store
and msrestazure
:
> pipdeptree --reverse --packages adal
adal==1.2.7
├── azure-datalake-store==0.0.49 [requires: adal>=0.4.2]
│ └── azure-cli==2.62.0 [requires: azure-datalake-store~=0.0.49]
└── msrestazure==0.6.4 [requires: adal>=0.6.0,<2.0.0]
├── azure-batch==14.2.0 [requires: msrestazure>=0.4.32,<2.0.0]
│ └── azure-cli==2.62.0 [requires: azure-batch~=14.2.0]
├── azure-cli-core==2.62.0 [requires: msrestazure~=0.6.4]
│ └── azure-cli==2.62.0 [requires: azure-cli-core==2.62.0]
├── azure-graphrbac==0.60.0 [requires: msrestazure>=0.4.32,<2.0.0]
│ └── azure-cli==2.62.0 [requires: azure-graphrbac~=0.60.0]
├── azure-mgmt-datalake-store==0.5.0 [requires: msrestazure>=0.4.27,<2.0.0]
├── azure-mgmt-devtestlabs==4.0.0 [requires: msrestazure>=0.4.32,<2.0.0]
│ └── azure-cli==2.62.0 [requires: azure-mgmt-devtestlabs~=4.0]
├── azure-mgmt-kusto==0.3.0 [requires: msrestazure>=0.4.32,<2.0.0]
│ └── azure-cli==2.62.0 [requires: azure-mgmt-kusto~=0.3.0]
└── azure-mgmt-managedservices==1.0.0 [requires: msrestazure>=0.4.32,<2.0.0]
└── azure-cli==2.62.0 [requires: azure-mgmt-managedservices~=1.0]
For azure-datalake-store
, I will contact the service team to move to the latest 0.0.53 which already uses MSAL.
For msrestazure
, it is required by Track 1 SDKs and azure-cli-core
:
- Dropping Track 1 SDKs is tracked by #20462.
- Azure CLI uses
msrestazure
to support managed identity. Droppingmsrestazure
is tracked by #20460.
However, adal
is installed merely as a dependency. No functionality from adal
is used.
from azure-cli.
A code search shows azure.datalake.store
is used by dls
module:
owned by service team @akharit @rahuldutta90
Line 39 in 9e3ce99
from azure-cli.
Related Issues (20)
- Login with WAM + no more silent authentication failures cause Terraform errors HOT 5
- Please update Docker Image due to Security Issues CVE-2024-39689 CVE-2024-6345 HOT 2
- Internal Server Error on service principal credential reset and delete HOT 2
- (InvalidPolicyAssignmentName) az policy assignment create --name should be consistent with portal and back-end service HOT 3
- 'az webapp config ssl list' returns an empty list HOT 4
- Can not `az apim api import` HOT 2
- Specifying private-link specific parameters doesn't imply enabling of private-link in az afd origin create command HOT 5
- `az role assignment list --all --role AcrPull` fails with ValueError: No value for given attribute HOT 5
- Add new flag to mask secrets from '--debug' output HOT 1
- vnet-integration add fails with Site.FunctionAppConfig is invalid HOT 2
- Azure CLI - No output on command prompt HOT 1
- Invalid duplicate name error on webapp create HOT 3
- CI fails because of setuptools change HOT 3
- [Feature request] `az ad app permission admin-consent`: Migrate `https://main.iam.ad.ext.azure.com/` to Microsoft Graph HOT 1
- [Feature request] Remove the functionality of `az feedback` HOT 1
- Azure disk breaking change - Disk SAS limit max expiry to 5184000 seconds (60 days) HOT 2
- bicep install/upgrade on aarch64 using wrong binary (linux-x64 instead of linux-arm64) HOT 1
- az container create returns internal server error HOT 6
- Azure Key Vault access HOT 2
- az vm repair create needs option to deploy repair VM without public IP silently HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-cli.