[FEATURE REQ] Upgrade Azure.Identity dependency on Azure.Core version to 1.26.0

[gh-user-123]

trafficstars

Library name

Azure.Identity

Please describe the feature.

I'm trying to use Azure.Identity and Azure.Security.KeyVault.* package with latest version and I see the Azure.Security.KeyVault.* uses 1.26.0 with the latest package and due to the version conflict I run into dependency hell and conflicts with different verison of Azure.Core being used.

So, I'm requesting if the latest dependency within Azure.Identity can be same as other product versions.

If it helps, I'm a MS Employee and a dev using these packages.

[jsquire]

//cc: @christothes

[jsquire]

Hi @gh-user-123. Thank you for reaching out and we regret that you're experiencing difficulties. Backwards compatibility for Azure.Core is strictly maintained, with no breaking changes between versions. There should be no issue using a higher version of Azure.Core with any library. In the majority of cases, the .NET compiler will hoist the version automatically when different versions appear as transitive dependencies. In some cases, it may be necessary to add a direct dependency to the latest Azure.Core version to your application.

Can you help us understand more about your scenario and the error that you're seeing?

[ghost]

@jsquire Thank you for looking into this and helping me out.

When I try to run the application it always results in a FileNotFoundException where it's trying to find Azure.Core v1.25.0 when loading the Azure.Identity v.1.8.2 but I have a latest version of Azure.Core v1.26.0 present in the packages and still it cannot resolve the dll.

I have tried using the BindingRedirect but it wasn't a success (not sure if I'm still missing something). Hope this helps for the raised request.

[jsquire]

Can you confirm that you're using package references to NuGet or another package feed where transitive dependencies are managed?

[ghost]

Hi, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

[ghost]

Yes, I'm using the package references (with the latest version specified in the packages.config). However, the tests are still unable to resolve the dependencies due to the latest version as this specifically looks for the minimum version.

[jsquire]

Hi @gh-user-123. I'm unable to reproduce any conflicts at build time or runtime. I've also confirmed that our integration tests which reference Identity and KeyVault together are building/passing and that each of our dependencies is correctly tracked as a >= for versioning.

Can you share a project that has a minimal reproduction of the issue that you're running into?

[ghost]

Hi, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

[ghost]

Hello @jsquire, I tried to put together a standalone .NET SDK app and tried to import all the dependencies and wasn't able to repro the issue I mentioned. I later found out that the DLLs were not being resolved at runtime, thus I tried to do a Assembly.LoadFrom and this worked for me. I think this issue is no longer needed in this case and can be closed out. Thanks for your help and attention to this issue.