From 2ef8344b229387add69b0650ba448ca77ef6d5d4 Mon Sep 17 00:00:00 2001 From: Ling Zhou Date: Tue, 30 Apr 2024 12:02:36 -0700 Subject: [PATCH] Update `Azure.Identity` reference from 1.10.2 to 1.11.0 in `WorkItems` and `Sarif.Multitool.Library` to resolve [CVE-2024-29992] --- ReleaseHistory.md | 1 + src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj | 2 +- src/WorkItems/WorkItems.csproj | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ReleaseHistory.md b/ReleaseHistory.md index b321e5171..d3cf0cf1e 100644 --- a/ReleaseHistory.md +++ b/ReleaseHistory.md @@ -1,6 +1,7 @@ # SARIF Package Release History (SDK, Driver, Converters, and Multitool) ## UNRELEASED +* DEP: Update `Azure.Identity` reference from 1.10.2 to 1.11.0 in `WorkItems` and `Sarif.Multitool.Library` to resolve [CVE-2024-29992](https://github.com/advisories/GHSA-wvxc-855f-jvrv). * BUG: Resolve process hangs when a file path is provided with a wildcard, but without a `-r` (recurse) flag during the multi-threaded analysis file enumeration phase. * BUG: Fix error `ERR997.NoValidAnalysisTargets` when scanning symbolic link files. diff --git a/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj b/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj index e81ca0d69..1d0e8a7d8 100644 --- a/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj +++ b/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj @@ -15,7 +15,7 @@ - + diff --git a/src/WorkItems/WorkItems.csproj b/src/WorkItems/WorkItems.csproj index ba7461325..9fc085373 100644 --- a/src/WorkItems/WorkItems.csproj +++ b/src/WorkItems/WorkItems.csproj @@ -24,7 +24,7 @@ - +