Align module dependency versions with manifest#29487
Conversation
Agent-Logs-Url: https://github.com/Azure/azure-powershell/sessions/eefad03f-e110-4c5e-bbba-0236e1782c6a Co-authored-by: isra-fel <11371776+isra-fel@users.noreply.github.com>
| Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status. |
There was a problem hiding this comment.
Pull request overview
This PR aligns NuGet PackageReference versions in several shipped module projects with the authoritative versions in src/lib/manifest.json, reducing drift between compile-time references and the repo’s shared/shipped dependency set.
Changes:
- Updated MSAL (Microsoft.Identity.Client*) package references in Accounts Authentication to match
src/lib/manifest.json. - Updated
System.Security.Cryptography.Cng(RecoveryServices, KeyVault) andSystem.Formats.Asn1(ArtifactSigning) package references to match the manifest. - Added “Upcoming Release” changelog entries for the affected modules.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/RecoveryServices/RecoveryServices/RecoveryServices.csproj | Bumps System.Security.Cryptography.Cng to 5.0.0 to match the manifest. |
| src/RecoveryServices/RecoveryServices/ChangeLog.md | Notes the dependency update in Upcoming Release. |
| src/KeyVault/KeyVault/KeyVault.csproj | Bumps System.Security.Cryptography.Cng to 5.0.0 to match the manifest. |
| src/KeyVault/KeyVault/ChangeLog.md | Notes the dependency update in Upcoming Release. |
| src/ArtifactSigning/ArtifactSigning/ArtifactSigning.csproj | Bumps System.Formats.Asn1 to 8.0.1 to match the manifest. |
| src/ArtifactSigning/ArtifactSigning/ChangeLog.md | Notes the dependency update in Upcoming Release. |
| src/Accounts/Authentication/Authentication.csproj | Bumps MSAL packages to 4.83.1 to match the manifest. |
| src/Accounts/Accounts/ChangeLog.md | Notes alignment of authentication dependencies in Upcoming Release. |
| --> | ||
|
|
||
| ## Upcoming Release | ||
| * Updated the `System.Security.Cryptography.Cng` dependency to v5.0.0. |
There was a problem hiding this comment.
The changelog is user-facing; this entry is an internal dependency/version note and doesn’t explain any user-visible impact. Consider rewording to describe the behavioral/fix impact (and add an issue reference if applicable), or omit the entry if there is no user-facing change.
| * Updated the `System.Security.Cryptography.Cng` dependency to v5.0.0. |
| - Additional information about change #1 | ||
| --> | ||
| ## Upcoming Release | ||
| * Updated the `System.Security.Cryptography.Cng` dependency to v5.0.0. |
There was a problem hiding this comment.
The changelog is user-facing; this entry only states an internal dependency bump. Please reword to describe what this changes for users (bug fix/compatibility/security), and include a GitHub issue reference if there is one, or omit if no user-visible change.
| * Updated the `System.Security.Cryptography.Cng` dependency to v5.0.0. |
| - Additional information about change #1 | ||
| --> | ||
| ## Upcoming Release | ||
| * Updated the `System.Formats.Asn1` dependency to v8.0.1. |
There was a problem hiding this comment.
This changelog entry is a dependency-version note without user-facing context. Please update it to explain the user impact (e.g., compatibility/security fix) and add an issue reference if applicable, or omit if it’s purely internal alignment.
| * Updated the `System.Formats.Asn1` dependency to v8.0.1. |
| --> | ||
|
|
||
| ## Upcoming Release | ||
| * Aligned authentication dependency versions with the module manifest. |
There was a problem hiding this comment.
This entry is quite internal/vague (“aligned dependency versions with the module manifest”) and doesn’t tell users what changed. Please make the entry user-impact oriented (what behavior is fixed/changed) and reference an issue if available.
| * Aligned authentication dependency versions with the module manifest. | |
| * Improved authentication reliability in Az.Accounts by updating packaged dependency versions to match the module manifest. | |
| - Helps prevent version mismatch issues when loading the module and signing in to Azure. |
| <PackageReference Include="Azure.Developer.TrustedSigning.CryptoProvider" Version="0.1.38" /> | ||
| <PackageReference Include="Azure.CodeSigning.Sdk" Version="0.1.127" /> | ||
| <PackageReference Include="System.Formats.Asn1" Version="6.0.1" /> | ||
| <PackageReference Include="System.Formats.Asn1" Version="8.0.1" /> |
There was a problem hiding this comment.
These transient dependencies have to be managed universally.
Possible solution: modules add package references without version, a common manifest defines universal version for each packge
Summary
src/Accounts/Authentication/Authentication.csprojMSAL package references withsrc/lib/manifest.json.Validation
./tools/BuildScripts/BuildModules.ps1 -RepoRoot /home/runner/work/azure-powershell/azure-powershell -Configuration Debug -TargetModule Accountspassed before edits../tools/BuildScripts/BuildModules.ps1 -RepoRoot /home/runner/work/azure-powershell/azure-powershell -Configuration Debug -TargetModule Accounts,RecoveryServices,ArtifactSigning,KeyVaultpassed.srcproject mismatches againstsrc/lib/manifest.json.dotnet msbuild build.proj /t:StaticAnalysiscould not complete in this sandbox because required CI artifacts such asartifacts/FilesChanged.txtandartifacts/Debugwere absent.