Bump Microsoft.Rest.ClientRuntime from 2.3.21 to 2.3.24 in /sdk/PowerBI.Api #201
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [Microsoft.Rest.ClientRuntime](https://github.com/Azure/azure-sdk-for-net) from 2.3.21 to 2.3.24. - [Release notes](https://github.com/Azure/azure-sdk-for-net/releases) - [Commits](Azure/azure-sdk-for-net@Microsoft.Rest.ClientRuntime_2.3.21...Microsoft.Rest.ClientRuntime_2.3.24) --- updated-dependencies: - dependency-name: Microsoft.Rest.ClientRuntime dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
|
The older version of the ClientRuntime library has a security vulnerability, so I would recommend merging this PR. As a workaround on my end I have added ClientRuntime in my central package version file with the latest version as follows: Hope this helps someone coming across this later :) |
|
Hey there! I might be stepping onto other's toes, but Microsoft.Rest.ClientRuntime is fully deprecated (i.e. all versions are marked as such) and it's recommended to use Azure.Core instead. Will this be attended in the future? Sorry if that's not the place to ask it. |
|
Hello, I also vote for updating the Microsoft.Rest.ClientRuntime because the Mend security scan on our product reports this security issue because we include the powerbi package. |
|
Dear maintainers, appreciate your efforts. Can we please have an outlook on moving away from your dependency Microsoft.Rest.ClientRuntime to Azure.Core? I'm facing comparable issues as mentioned before in this thread. Thank you! |
|
Would be nice if this was indeed removed by regenerating the client using AutoRest 3 as opposed to 2 and making it compatible with that. Alternatively if you could shed some light on how the swagger file was generated or provide a compatible one that would enable opensource contributions. - Simply running the old swagger file trough AutoRest 3 throws exceptions, converting it trough https://editor.swagger.io/ to openapi 3 and then running it also results in some exceptions. - |
Bumps Microsoft.Rest.ClientRuntime from 2.3.21 to 2.3.24.
Commits
0a3afc9Clientruntime/sanitize request header (#28169)8724e58Minor fix to update comment for TokenCacheRefreshArgs.SuggestedCacheKey (#28128)2decee4performance patch of JsonConverterHelper.cs (#26448)64b55ac[DataFactory]Added new features into 6.0.0 (#28135)bba0666Sync eng/common directory with azure-sdk-tools for PR 3124 (#28158)15f55a0check the right variable syntax (#28159)d9f870dFixed readme links (#28133)24e3145[FormRecognizer] Updated Form Recognizer sanitized properties (#28151)7ac1c4aupdate pipeline generator package version (#28157)6ce436cRemove empty changelog sections (#28152)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.