Migrate from @azure/ms-rest-nodeauth to @azure/identity as the former…

… is deprecated and has a CVE (#2225) Resolves #1440 The NodeJS SDK has some hand-written mixins that haven't been updated in a long time. This PR replaces the deprecated @azure/ms-rest-nodeauth package, that has a CVE open (see #1440), with the current @azure/identity package. The previous PR #2217 restored some test coverage for this change, although not all auth methods are covered. CI uses Service Principal with client secret, and I ran it locally using CLI auth.
pulumi · Jul 16, 2024 · d54f14b · d54f14b
1 parent fbc5598
commit d54f14b
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 16 deletions.
diff --git a/provider/cmd/pulumi-resource-azure/schema.json b/provider/cmd/pulumi-resource-azure/schema.json
@@ -168,8 +168,8 @@
             "dependencies": {
                 "@azure/eventgrid": "^4.6.0",
                 "@azure/functions": "=1.2.2",
+                "@azure/identity": "^4.0.0",
                 "@azure/ms-rest-azure-js": "^2.0.1",
-                "@azure/ms-rest-nodeauth": "^3.0.0",
                 "@pulumi/pulumi": "^3.0.0",
                 "azure-functions-ts-essentials": "^1.3.2",
                 "moment": "2.29.4",

diff --git a/provider/resources.go b/provider/resources.go
@@ -3160,8 +3160,8 @@ func Provider() tfbridge.ProviderInfo {
 				"@pulumi/pulumi":                "^3.0.0",
 				"@azure/eventgrid":              "^4.6.0",
 				"@azure/functions":              "=1.2.2",
+				"@azure/identity":               "^4.0.0",
 				"@azure/ms-rest-azure-js":       "^2.0.1",
-				"@azure/ms-rest-nodeauth":       "^3.0.0",
 				"azure-functions-ts-essentials": "^1.3.2",
 				"moment":                        "2.29.4",
 				"node-fetch":                    "^2.3.0",

diff --git a/sdk/nodejs/core/zMixins.ts b/sdk/nodejs/core/zMixins.ts
diff --git a/sdk/nodejs/package.json b/sdk/nodejs/package.json