Update Azure.Identity to 1.21.0#29654
Open
isra-fel wants to merge 14 commits into
Open
Conversation
| Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates shared/authentication-related dependencies used across Azure PowerShell (primarily those shipped/loaded via Az.Accounts) and applies small code adjustments in several modules to resolve type/namespace ambiguities introduced by the dependency bumps.
Changes:
- Bumped shared/runtime dependency set (Azure.Core/Azure.Identity/MSAL/System.* and related transitive deps) and refreshed the Az.Accounts conditional assembly loading inventory.
- Updated several modules’ code to fully-qualify
Identitymodel types to avoid ambiguous references. - Added a repo agent guide for the standard shared-dependency update workflow and documented the dependency changes in Az.Accounts’ changelog.
Reviewed changes
Copilot reviewed 29 out of 60 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/Common.Netcore.Dependencies.targets | Updates compile-time Azure.Core reference version. |
| src/lib/manifest.json | Updates the shared dependency manifest (versions, TFMs, adds new transitive deps). |
| src/Accounts/AssemblyLoading/ConditionalAssemblyProvider.cs | Regenerates/updates the shared assembly load list/versions for Az.Accounts. |
| src/lib/cgmanifest.json | Updates component governance manifest to match updated shared dependencies. |
| src/Accounts/Authentication/Authentication.csproj | Bumps Azure.Identity/Azure.Identity.Broker/MSAL compile-time references. |
| src/Accounts/Authenticators/Factories/AzureCredentialFactory.cs | Updates Managed Identity credential construction and suppresses obsolete API warnings. |
| src/Accounts/Authenticators/SilentAuthenticator.cs | Adds scoped obsolete-warning suppressions around SharedTokenCache credential options. |
| src/Accounts/Authenticators/UsernamePasswordAuthenticator.cs | Adds scoped obsolete-warning suppression (with a TODO to migrate). |
| src/Accounts/Accounts/ChangeLog.md | Adds Upcoming Release notes for dependency upgrades. |
| .github/agents/dependencyUpdate.agent.md | Adds guidance for contributors on updating shared dependencies via AzDev. |
| src/Storage/Storage.Management/StorageAccount/SetAzureStorageAccount.cs | Fully qualifies Storage Identity usage to resolve conflicts. |
| src/Storage/Storage.Management/StorageAccount/NewAzureStorageAccount.cs | Fully qualifies Storage Identity usage to resolve conflicts. |
| src/Storage/Storage.Management/Models/PSStorageAccount.cs | Fully qualifies Storage Identity property type. |
| src/Search/Search/SearchService/SetSearchServiceCommand.cs | Resolves Identity ambiguity via namespace alias/cast. |
| src/Search/Search/SearchService/NewSearchServiceCommand.cs | Resolves Identity ambiguity via namespace alias/cast. |
| src/Search/Search/Models/PSIdentity.cs | Updates explicit conversion operators to use a namespace alias for Identity. |
| src/Resources/Resources/Resources.csproj | Updates Microsoft.Extensions.DependencyInjection.Abstractions reference. |
| src/Resources/ResourceManager/SdkModels/Resources/PSResource.cs | Fully qualifies ResourceManager Identity to resolve conflicts. |
| src/RecoveryServices/RecoveryServices/RecoveryServices.csproj | Updates System.Security.Cryptography.Cng package reference. |
| src/KeyVault/KeyVault/KeyVault.csproj | Updates System.Security.Cryptography.Cng package reference. |
| src/IotHub/IotHub/IotHub.csproj | Updates Microsoft.Extensions.DependencyInjection.Abstractions reference. |
| src/DataFactory/DataFactoryV1/DataFactoryV1.csproj | Updates System.IO.FileSystem.AccessControl package reference. |
| src/OperationalInsights/OperationalInsights/Models/PSIdentity.cs | Fully qualifies OperationalInsights Identity to resolve conflicts. |
| src/CognitiveServices/CognitiveServices/Models/PSCognitiveServicesAccount.cs | Fully qualifies CognitiveServices Identity property type. |
| src/CognitiveServices/CognitiveServices/CognitiveServicesAccount/SetAzureCognitiveServicesAccount.cs | Fully qualifies CognitiveServices Identity instantiation. |
| src/CognitiveServices/CognitiveServices/CognitiveServicesAccount/NewAzureCognitiveServicesAccount.cs | Fully qualifies CognitiveServices Identity instantiation. |
| src/Automation/Automation/Model/AutomationAccount.cs | Fully qualifies Automation Identity property type. |
| src/Automation/Automation/Common/AutomationPSClient.cs | Uses an alias to fully qualify Automation Identity construction. |
| src/ArtifactSigning/ArtifactSigning/ArtifactSigning.csproj | Updates System.Formats.Asn1 package reference. |
Comments suppressed due to low confidence (1)
src/Accounts/Accounts/ChangeLog.md:27
- In the Upcoming Release notes, “MSAL” is introduced without expansion. Per changelog guidance, please expand less-obvious acronyms on first use in the release section (e.g., “MSAL (Microsoft Authentication Library)”).
* Upgraded `System.Text.Json` dependency from 8.0.6 to 10.0.3.
* Upgraded MSAL dependencies (`Microsoft.Identity.Client`, `Microsoft.Identity.Client.Extensions.Msal`, `Microsoft.Identity.Client.Broker`) from 4.83.1 to 4.84.0.
isra-fel
requested review from
NoriZC,
VeryEarly,
necusjz and
wangzelin007
as code owners
| @@ -13,6 +13,7 @@ | |||
| // ---------------------------------------------------------------------------------- | |||
|
|
|||
| using Microsoft.Azure.Management.Search.Models; | |||
| public virtual TokenCredential CreateManagedIdentityCredential(string clientId) | ||
| { | ||
| return new ManagedIdentityCredential(clientId); | ||
| return string.IsNullOrEmpty(clientId) |
Member
There was a problem hiding this comment.
Double checked this wont change behaviour. Confirmed null or empty ClientId will result in the same outcome.
|
|
Member
Author
|
This PR targets an out-of-band release after 16.0.0 |
| "System.Text.Encodings.Web", | ||
| "System.Text.Json" //TODO: Compare Version along with Azure.Core | ||
| "System.Text.Json", //TODO: Compare Version along with Azure.Core | ||
| "System.ComponentModel.Annotations", |
isra-fel
commented
Jun 1, 2026
isra-fel
left a comment
isra-fel
left a comment
Member
Author
There was a problem hiding this comment.
There's some misalignment among the files - the idea is src/lib/manifest.json being the single source of truth and generate the other source files based on it. Check out https://github.com/Azure/azure-powershell/blob/main/src/lib/README.md
| CreateAssembly("netstandard2.0", "System.ClientModel", "1.12.0.0"), | ||
| CreateAssembly("netstandard2.0", "System.Formats.Asn1", "8.0.0.0").WithWindowsPowerShell(), | ||
| CreateAssembly("netstandard2.0", "System.IO.Pipelines", "10.0.0.0").WithWindowsPowerShell(), | ||
| CreateAssembly("netstandard2.0", "System.IO.Pipelines", "10.0.0.0"), |
Member
Author
There was a problem hiding this comment.
Do we want to remove WithWindowsPowerShell? Without it, we will be serving our own System.IO.Pipelines.dll on PS 7.4+. Can we reuse what comes with PS?
Member
There was a problem hiding this comment.
My understanding is the issue is PS7 is in net 8 which comes with version 8.0.0.0 of System.IO.Pipelines and that was causing the error in the pipeline as the upgrade means we now need 10.0.0.0
On Windows PowerShell 5.1, Connect-AzAccount failed with:
Could not load file or assembly 'System.Memory, Version=4.0.5.0, ...'
Newer packages (e.g. System.Text.Json 10.x) bind against System.Memory
4.0.5.0, but no NuGet System.Memory has shipped that asm version - the
highest is 4.0.2.0, which Az.Accounts already carries. .NET Core / PS7
roll-forward this automatically; .NET Framework does not.
Extend CustomAssemblyResolver with a narrow LowerVersionRedirectionAllowList
containing only "System.Memory" so the 4.0.5.0 request is satisfied with
the 4.0.2.0 DLL we ship.
Comment on lines
15
to
17
| using Microsoft.Azure.Management.Search.Models; | ||
| using SearchModels = Microsoft.Azure.Management.Search.Models; | ||
| using Microsoft.WindowsAzure.Commands.Common.Attributes; |
Comment on lines
+91
to
+98
| // Special case for System.Memory: newer packages bind against a reference | ||
| // version (4.0.5.0) that no NuGet System.Memory package has ever shipped. | ||
| // .NET Framework cannot satisfy that request on its own, so we hand back the | ||
| // highest shipping NuGet assembly (4.0.2.0) we already carry. | ||
| if (IsLowerVersionRedirectionAllowed(requested.Name)) | ||
| { | ||
| return true; | ||
| } |
Comment on lines
+91
to
+100
| // Special case for System.Memory: newer packages bind against a reference | ||
| // version (4.0.5.0) that no NuGet System.Memory package has ever shipped. | ||
| // .NET Framework cannot satisfy that request on its own, so we hand back the | ||
| // highest shipping NuGet assembly (4.0.2.0) we already carry. | ||
| if (IsLowerVersionRedirectionAllowed(requested.Name)) | ||
| { | ||
| return true; | ||
| } | ||
|
|
||
| return false; |
Comment on lines
+91
to
+98
| // Special case for System.Memory: newer packages bind against a reference | ||
| // version (4.0.5.0) that no NuGet System.Memory package has ever shipped. | ||
| // .NET Framework cannot satisfy that request on its own, so we hand back the | ||
| // highest shipping NuGet assembly (4.0.2.0) we already carry. | ||
| if (IsLowerVersionRedirectionAllowed(requested.Name)) | ||
| { | ||
| return true; | ||
| } |
isra-fel
commented
Jun 16, 2026
isra-fel
left a comment
isra-fel
left a comment
Member
Author
There was a problem hiding this comment.
There's one important thing I forgot to bring up - for PS whether a module receives a new version depends on ChangeLog, so for those modules we've updated source code or csproj, we need to put something in their changelog. I'm talking about ArtifactSigning, Automation, ...Storage.
Also please check two inline comments. Rest of the PR LGTM. Thanks!
Member
Author
There was a problem hiding this comment.
There are some issues in this file on main branch. Thomas is working on it. Let's wait until it's fixed and sync from main again https://github.com/Azure/azure-powershell/blob/main/src/Accounts/Accounts/ChangeLog.md
| /// </summary> | ||
| private static bool IsLowerVersionRedirectionAllowed(string assemblyName) | ||
| { | ||
| return LowerVersionRedirectionAllowList.Contains(assemblyName); |
Member
Author
There was a problem hiding this comment.
I think the AI comments in this file make sense - we are relatively sure 4.0.2 would satisfy requests of 4.0.x, but for higher version e.g. 4.1.0 there's the risk of not being able to provide new feautres.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This pull request primarily upgrades key dependencies across multiple modules to their latest versions and makes several related code adjustments to ensure compatibility. It also clarifies build instructions and introduces minor code refactoring for improved type clarity and maintainability.
Mandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.mdand reviewed the following information:ChangeLog.mdfile(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.## Upcoming Releaseheader in the past tense.ChangeLog.mdif no new release is required, such as fixing test case only.