Giter Site home page Giter Site logo

Comments (9)

yonzhan avatar yonzhan commented on August 18, 2024

Thank you for opening this issue, we will look into it.

from azure-cli.

microsoft-github-policy-service avatar microsoft-github-policy-service commented on August 18, 2024

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.

from azure-cli.

ADBjester avatar ADBjester commented on August 18, 2024

I note that MSAL has been used since CLI v2.30.0:

https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli#november-02-2021

Since ADAL hasn't been used for authentication in the CLI since 2021, it seems safe to remove the python ADAL package entirely.

from azure-cli.

microsoft-github-policy-service avatar microsoft-github-policy-service commented on August 18, 2024

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @adamedx.

from azure-cli.

microsoft-github-policy-service avatar microsoft-github-policy-service commented on August 18, 2024

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.

from azure-cli.

virtualjack avatar virtualjack commented on August 18, 2024

Does the fact that Microsoft is installing a vulnerable library change the priority?

from azure-cli.

virtualjack avatar virtualjack commented on August 18, 2024

If az-cli isn't being updated to remove EOL libraries, I guess it means that it is effectively unsupported. I've leave this open for a bit in case anyone has any follow-up comments, and then close it.

from azure-cli.

jiasli avatar jiasli commented on August 18, 2024

Azure CLI Core removed the dependency on ADAL in #19853.

However, adal is indeed installed. pipdeptree shows it is installed by azure-datalake-store and msrestazure:

> pipdeptree --reverse --packages adal
adal==1.2.7
├── azure-datalake-store==0.0.49 [requires: adal>=0.4.2]
│   └── azure-cli==2.62.0 [requires: azure-datalake-store~=0.0.49]
└── msrestazure==0.6.4 [requires: adal>=0.6.0,<2.0.0]
    ├── azure-batch==14.2.0 [requires: msrestazure>=0.4.32,<2.0.0]
    │   └── azure-cli==2.62.0 [requires: azure-batch~=14.2.0]
    ├── azure-cli-core==2.62.0 [requires: msrestazure~=0.6.4]
    │   └── azure-cli==2.62.0 [requires: azure-cli-core==2.62.0]
    ├── azure-graphrbac==0.60.0 [requires: msrestazure>=0.4.32,<2.0.0]
    │   └── azure-cli==2.62.0 [requires: azure-graphrbac~=0.60.0]
    ├── azure-mgmt-datalake-store==0.5.0 [requires: msrestazure>=0.4.27,<2.0.0]
    ├── azure-mgmt-devtestlabs==4.0.0 [requires: msrestazure>=0.4.32,<2.0.0]
    │   └── azure-cli==2.62.0 [requires: azure-mgmt-devtestlabs~=4.0]
    ├── azure-mgmt-kusto==0.3.0 [requires: msrestazure>=0.4.32,<2.0.0]
    │   └── azure-cli==2.62.0 [requires: azure-mgmt-kusto~=0.3.0]
    └── azure-mgmt-managedservices==1.0.0 [requires: msrestazure>=0.4.32,<2.0.0]
        └── azure-cli==2.62.0 [requires: azure-mgmt-managedservices~=1.0]

For azure-datalake-store, I will contact the service team to move to the latest 0.0.53 which already uses MSAL.

For msrestazure, it is required by Track 1 SDKs and azure-cli-core:

  • Dropping Track 1 SDKs is tracked by #20462.
  • Azure CLI uses msrestazure to support managed identity. Dropping msrestazure is tracked by #20460.

However, adal is installed merely as a dependency. No functionality from adal is used.

from azure-cli.

jiasli avatar jiasli commented on August 18, 2024

A code search shows azure.datalake.store is used by dls module:

azure-cli/src/azure-cli/azure/cli/command_modules/dls/_client_factory.py

Line 32 in acec6c3

from azure.datalake.store import core

owned by service team @akharit @rahuldutta90

azure-cli/.github/CODEOWNERS

Line 39 in 9e3ce99

/src/azure-cli/azure/cli/command_modules/dls/ @akharit @rahuldutta90 @jsntcy @yonzhan @evelyn-ys

from azure-cli.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.