chore(deps): update azure azure-sdk-for-net monorepo

[thomhurst]

This PR contains the following updates:

Package	Change	Age	Confidence
Azure.Identity (source)	1.17.1 → 1.21.0
Azure.ResourceManager (source)	1.13.2 → 1.14.0
Azure.ResourceManager.KeyVault (source)	1.3.3 → 1.4.0
Azure.ResourceManager.Sql (source)	1.3.0 → 1.4.0
Azure.ResourceManager.Storage (source)	1.6.0 → 1.6.2
Azure.Security.KeyVault.Keys (source)	4.8.0 → 4.9.0
Azure.Security.KeyVault.Secrets (source)	4.8.0 → 4.10.0

---

Release Notes

Azure/azure-sdk-for-net (Azure.Identity)

v1.21.0

Compare Source

1.21.0 (2026-04-10)

Other Changes

• All Azure.Identity types have been moved to Azure.Core and are now available through TypeForwardedTo attributes. This is a non-breaking change — existing code continues to work transparently. The library's version number now aligns with that of Azure.Core. See the Migration Guide for details.

v1.20.0

Compare Source

1.20.0 (2026-03-30)

Features Added

• Added a JSON schema segment to the NuGet package that provides IntelliSense and validation for Azure.Identity credential configuration in appsettings.json.

Breaking Changes

• AddAzureClient, AddKeyedAzureClient, and WithAzureCredential return type changed from IHostApplicationBuilder to IClientBuilder to align with the IClientBuilder composition change in System.ClientModel.

v1.19.0

Compare Source

1.19.0 (2026-03-11)

Features Added

• Added support in ClientCertificateCredential to specify a path in the form of cert:/StoreLocation/StoreName/Thumbprint to refer to a certificate in the platform certificate store - such as the Windows Certificate Store on Windows, and the KeyChain on MacOS - instead of a file on disk. For example to load a certificate from the "My" store in the "CurrentUser" location use the path cert:/CurrentUser/My/E661583E8FABEF4C0BEF694CBC41C28FB81CD870 (A community contribution, courtesy of fowl2).

Other Changes

• Updated Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal dependencies to version 4.83.1.

v1.18.0

Compare Source

1.18.0 (2026-02-25)

Features Added

• Added experimental Microsoft.Extensions.Configuration and Microsoft.Extensions.DependencyInjection integration for Azure SDK clients. For details, see the Configuration and Dependency Injection documentation.

• The WorkloadIdentityCredentialOptions.IsAzureProxyEnabled property, which enables Azure Kubernetes token proxy mode, is only available in beta releases of this package.

• AzureDeveloperCliCredential now parses JSON error output from azd auth token to extract clean error messages instead of including raw JSON in exceptions. Error messages like {"type":"consoleMessage","data":{"message":"ERROR: fetching token: ..."}} are now displayed as ERROR: fetching token: ....

v1.17.2

Compare Source

1.17.2 (2026-04-15)

Other Changes

• Updated Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal dependencies to version 4.83.1.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

Code Review

This is a straightforward Renovate Bot dependency update bumping Azure.Security.KeyVault.Secrets from 4.8.0 → 4.9.0 in Directory.Packages.props.

Assessment: Looks good ✓

The change is minimal and correct — a single version bump in the centralized package management file.

Notable points

New features in 4.9.0 (released 2026-02-25):

• Added SecretClientSettings for configuration-based SecretClient creation and DI registration — worth evaluating if ModularPipelines' Azure KeyVault integration could benefit from this cleaner DI pattern in the future.
• New outContentType query parameter on GetSecret/GetSecretAsync.
• New previousVersion property on SecretProperties.
• Default service version bumped to 2025-07-01.

Sibling package version skew: Azure.Security.KeyVault.Certificates and Azure.Security.KeyVault.Keys remain at 4.8.0. This is fine for now since they are separate packages with independent release cycles, but it's worth keeping an eye on whether updates for those follow soon to keep the Azure KeyVault family aligned.

No action required — safe to merge.

[claude]

Code Review: Dependency Update - Azure.Security.KeyVault.Secrets 4.8.0 → 4.9.0

This is a straightforward minor version bump of Azure.Security.KeyVault.Secrets from 4.8.0 to 4.9.0, applied via centralized package management (Directory.Packages.props).

What's in this release (4.9.0)

• New features: Added SecretClientSettings to support creating a SecretClient from IConfiguration, including configuration-based credential resolution and DI registration.
• New API: Added outContentType query parameter to GetSecret/GetSecretAsync to specify the format in which a certificate is returned.
• New property: Added previousVersion to SecretProperties.
• Default service version bumped to 2025-07-01.

Assessment

No concerns. This is a non-breaking minor version bump. The changes in 4.9.0 are purely additive — new APIs and a new default service version — with no breaking changes. The project does not appear to consume any of the newly deprecated or modified surface area.

Using Directory.Packages.props for centralized version management is the correct approach here and is consistent with the rest of the codebase. The sibling packages (Azure.Security.KeyVault.Certificates and Azure.Security.KeyVault.Keys) are still on 4.8.0 — worth considering whether to align them in a future PR, but not a blocker.

LGTM. Safe to merge.

[claude]

Code Review (Updated)

This PR now includes two dependency updates in Directory.Packages.props:

1. Azure.Security.KeyVault.Secrets 4.8.0 → 4.9.0 (covered in prior reviews)
2. Azure.Identity 1.17.1 → 1.18.0 (newly added to this PR)

Azure.Identity 1.18.0

The addition of Azure.Identity to this PR wasn't in the previous reviews. Azure.Identity is the foundational credential library used across all Azure SDK packages, including Azure.Security.KeyVault.*. Bumping it alongside KeyVault.Secrets is sensible since 4.9.0 introduces SecretClientSettings with configuration-based credential resolution — which depends on Azure.Identity under the hood.

Minor version bumps in Azure.Identity are generally additive and non-breaking. No concerns here.

Consistency observation

Azure.Security.KeyVault.Certificates and Azure.Security.KeyVault.Keys remain at 4.8.0 while Secrets moves to 4.9.0. This is fine since they're independent packages, but aligning them eventually would keep the KeyVault family consistent.

Overall Assessment

Both changes are safe, minimal, and follow the correct centralized versioning approach via Directory.Packages.props. No breaking changes in either upgrade. LGTM — safe to merge.

[claude]

Code Review (Updated - Current State)

This PR now includes three dependency updates in Directory.Packages.props:

Package	Change
Azure.Identity	1.17.1 → 1.18.0
Azure.ResourceManager	1.13.2 → 1.14.0
Azure.Security.KeyVault.Secrets	4.8.0 → 4.9.0

Previous review coverage

Azure.Identity and Azure.Security.KeyVault.Secrets were reviewed in prior comments — both are safe, additive upgrades with no breaking changes. Those assessments still stand.

New addition: Azure.ResourceManager 1.13.2 → 1.14.0

This upgrade wasn't mentioned in any previous review. Azure.ResourceManager is the core management plane SDK used by all Azure.ResourceManager.* packages (AlertsManagement, AppConfiguration, ApplicationInsights, etc.) that appear in Directory.Packages.props. The bump is a minor version, which for Azure SDK packages follows semantic versioning and should be non-breaking.

Worth noting: the 13 Azure.ResourceManager.* sub-packages (e.g. Azure.ResourceManager.AlertsManagement, Azure.ResourceManager.KeyVault, etc.) remain on their current versions. These have declared compatibility with the resource manager package range, so this core bump without bumping sub-packages is expected and safe.

Overall Assessment

All three changes are safe, minimal, and correctly applied via the centralized Directory.Packages.props versioning file. No breaking changes in any of the three upgrades. LGTM — safe to merge.

[claude]

Code Review (2026-03-17)

No changes since the last review (2026-03-16). The diff remains identical — 5 Azure SDK package bumps in Directory.Packages.props:

Package	Change
Azure.Identity	1.17.1 → 1.19.0
Azure.ResourceManager	1.13.2 → 1.14.0
Azure.ResourceManager.Storage	1.6.0 → 1.6.1
Azure.Security.KeyVault.Keys	4.8.0 → 4.9.0
Azure.Security.KeyVault.Secrets	4.8.0 → 4.9.0

All prior review findings stand — these are safe, non-breaking minor/patch bumps. No new concerns. LGTM.

[claude]

Code Review (2026-03-20)

The current diff updates 6 Azure SDK packages in Directory.Packages.props. Five of these have been reviewed in prior comments. This review covers the full current state and highlights the one new addition.

Package	Change	Prior Review
Azure.Identity	1.17.1 → 1.19.0	Reviewed — additive, non-breaking ✓
Azure.ResourceManager	1.13.2 → 1.14.0	Reviewed — additive, non-breaking ✓
Azure.ResourceManager.KeyVault	1.3.3 → 1.4.0	New — not in prior reviews
Azure.ResourceManager.Storage	1.6.0 → 1.6.1	Reviewed — patch, non-breaking ✓
Azure.Security.KeyVault.Keys	4.8.0 → 4.9.0	Reviewed — additive, non-breaking ✓
Azure.Security.KeyVault.Secrets	4.8.0 → 4.9.0	Reviewed — additive, non-breaking ✓

New: Azure.ResourceManager.KeyVault 1.3.3 → 1.4.0

This package was not included in any of the previous reviews. Azure.ResourceManager.KeyVault is the management-plane wrapper around Azure Key Vault resources (vaults, managed HSMs, private endpoint connections). The version bump from 1.3.3 to 1.4.0 is a minor release, which follows the Azure SDK for .NET semantic versioning guarantee of backwards compatibility for minor versions. No breaking changes are expected or documented.

This bump pairs naturally with Azure.Security.KeyVault.Keys and Azure.Security.KeyVault.Secrets also moving to their respective 4.9.0 versions in the same PR — the management plane and data plane packages are being kept in a consistent, current state together, which is sound dependency hygiene.

Summary

All six updates are safe, non-breaking minor/patch version bumps applied correctly via the centralized Directory.Packages.props file. All previous review concerns have been addressed. The previous minor asymmetry around Azure.Security.KeyVault.Keys and Azure.Security.KeyVault.Certificates being misaligned was partially resolved in an earlier commit; Azure.Security.KeyVault.Certificates remaining at 4.8.0 is not a blocker.

LGTM — safe to merge.

[claude]

Code Review (2026-03-29)

The diff is unchanged since the last review (2026-03-20). The PR bumps 6 Azure SDK packages in Directory.Packages.props via centralized package management:

Package	Change	Type	Assessment
Azure.Identity	1.17.1 → 1.19.0	Minor	Additive — new platform cert store support in ClientCertificateCredential, updated MSAL deps, cleaner AZD error messages. Non-breaking. ✓
Azure.ResourceManager	1.13.2 → 1.14.0	Minor	Core ARM management plane bump; sub-packages remain compatible. Non-breaking. ✓
Azure.ResourceManager.KeyVault	1.3.3 → 1.4.0	Minor	ARM KeyVault management plane bump. Non-breaking. ✓
Azure.ResourceManager.Storage	1.6.0 → 1.6.1	Patch	Bug fix / maintenance. Non-breaking. ✓
Azure.Security.KeyVault.Keys	4.8.0 → 4.9.0	Minor	Additive — new KeyClientSettings for DI/config-based client creation. Non-breaking. ✓
Azure.Security.KeyVault.Secrets	4.8.0 → 4.9.0	Minor	Additive — new SecretClientSettings for DI/config-based client creation. Non-breaking. ✓

All six updates are routine minor/patch version bumps from the azure-sdk-for-net monorepo, applied cleanly through the centralized Directory.Packages.props file. No breaking changes have been identified across any of these releases. All previous review findings remain valid and no new concerns have emerged.

Verdict: Looks good to merge.

[claude]

Code Review (2026-03-31)

The diff has changed since the last review (2026-03-29). Notable observation: the diff now bumps Azure.Identity to 1.20.0, but the PR description only documents a bump to 1.19.0. This discrepancy is worth flagging — Renovate has silently advanced the version further than the PR title/description indicate.

Current diff summary

Package	Old Version	New Version	Type
Azure.Identity	1.17.1	1.20.0	MINOR (PR description says 1.19.0 — mismatch)
Azure.ResourceManager	1.13.2	1.14.0	MINOR
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	MINOR
Azure.ResourceManager.Storage	1.6.0	1.6.1	PATCH
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	MINOR
Azure.Security.KeyVault.Secrets	4.8.0	4.9.0	MINOR

Assessment

Concern — PR description / version mismatch for Azure.Identity: The PR description (generated by Renovate) states the target is 1.19.0, but the actual Directory.Packages.props diff pins it to 1.20.0. This suggests Renovate rebased and advanced the version without updating the PR description. It is worth confirming that Azure.Identity 1.20.0 release notes have been reviewed before merging, as 1.20.0 may contain additional changes beyond what the PR description documents.

Packaging approach — no concerns: All updates continue to flow through the centralized Directory.Packages.props via Central Package Management (CPM), which is the correct pattern for this repository. There are no individual .csproj version pins introduced.

Breaking-change risk: All bumps are within the same major version, so binary compatibility is expected. The Azure.Identity 1.18.0 → 1.19.0 → 1.20.0 releases added experimental DI/configuration integration and certificate store path support — neither of which changes existing API behaviour. The KeyVault 4.9.0 bumps and ResourceManager updates are routine maintenance releases.

Recommendation

Safe to merge once the Azure.Identity 1.20.0 release notes are confirmed (the PR description discrepancy is cosmetic but worth a quick sanity check). All other package bumps are low-risk MINOR/PATCH updates with no architectural concerns.

[claude]

Code Review: Dependency Update (Azure SDK for .NET Monorepo)

This is a Renovate Bot-generated dependency update PR with no custom code changes — only version bumps in Directory.Packages.props. The review focuses on the correctness and safety of the updates.

Summary of Changes

Package	From	To	Type
Azure.Identity	1.17.1	1.20.0	MINOR (3 minor versions)
Azure.ResourceManager	1.13.2	1.14.0	MINOR
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	MINOR
Azure.ResourceManager.Storage	1.6.0	1.6.1	PATCH
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	MINOR
Azure.Security.KeyVault.Secrets	4.8.0	4.9.0	MINOR

Notable Finding: Azure.Identity 1.20.0 Introduces a Breaking Change

The jump from 1.17.1 to 1.20.0 in Azure.Identity skips through 1.18.0, 1.19.0, and 1.20.0, and the release notes for 1.20.0 call out a breaking change:

Breaking Changes: AddAzureClient, AddKeyedAzureClient, and WithAzureCredential return type changed from IHostApplicationBuilder to IClientBuilder.

If any code in this repository uses these methods and chains on the result (e.g., calling further IHostApplicationBuilder methods after AddAzureClient), it will fail to compile after this update. It is worth verifying that the CI build passes cleanly before merging.

Other Notes

• The change is isolated to a single Directory.Packages.props file, which is the correct centralized approach for NuGet version management in this repo — no individual .csproj files were touched.
• Azure.Security.KeyVault.Certificates was intentionally left at 4.8.0 while Keys and Secrets were bumped to 4.9.0. This asymmetry is likely intentional (no 4.9.0 for Certificates yet), but worth keeping an eye on for future alignment.
• Auto-merge is enabled, so CI checks are the gate here — ensure they cover compilation of the Azure integration packages.

Verdict

The changes look correct and well-scoped. The breaking change in Azure.Identity 1.20.0 is the main item to be aware of, but if the CI build passes it confirms the codebase is not affected by it. Good to merge once CI is green.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	✅ 0 (≤ 20 complexity)

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

[claude]

Code Review (2026-04-02)

The diff is unchanged since the last review (2026-03-31). All six package bumps remain the same:

Package	From	To	Type
Azure.Identity	1.17.1	1.20.0	MINOR
Azure.ResourceManager	1.13.2	1.14.0	MINOR
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	MINOR
Azure.ResourceManager.Storage	1.6.0	1.6.2	PATCH
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	MINOR
Azure.Security.KeyVault.Secrets	4.8.0	4.9.0	MINOR

Previous review findings — status

The last review (2026-03-31) flagged a single item worth checking before merging:

Azure.Identity 1.20.0 breaking change: AddAzureClient, AddKeyedAzureClient, and WithAzureCredential have their return type changed from IHostApplicationBuilder to IClientBuilder. If CI has passed cleanly since then, the codebase is not affected by this change and there is nothing further to action. This remains the only substantive point from the entire review history.

Azure.ResourceManager.Storage patch level: The PR description documents the bump as 1.6.0 → 1.6.1, but the actual diff shows 1.6.1 → 1.6.2 — Renovate has advanced this patch version beyond what the description states, consistent with how it has rebased Azure.Identity in prior rounds. Both 1.6.1 and 1.6.2 are patch releases and are non-breaking.

All other packages

All remaining packages (Azure.ResourceManager, Azure.ResourceManager.KeyVault, Azure.Security.KeyVault.Keys, Azure.Security.KeyVault.Secrets) have been reviewed in previous rounds. All are additive minor/patch releases with no breaking changes. The approach of applying these through the centralized Directory.Packages.props (CPM) remains correct.

Verdict

Safe to merge once CI is confirmed green. The Azure.Identity 1.20.0 breaking change in the DI return type is the only item warranting attention, and a passing build is sufficient confirmation that the codebase is unaffected.

[claude]

Code Review (2026-04-05)

The diff is unchanged since the last review (2026-04-02). This is the same set of six Azure SDK package bumps applied through the centralized Directory.Packages.props:

Package	From	To	Type
Azure.Identity	1.17.1	1.20.0	MINOR
Azure.ResourceManager	1.13.2	1.14.0	MINOR
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	MINOR
Azure.ResourceManager.Storage	1.6.0	1.6.2	PATCH
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	MINOR
Azure.Security.KeyVault.Secrets	4.8.0	4.9.0	MINOR

Outstanding item from prior reviews

The only substantive point raised across the full review history remains: Azure.Identity 1.20.0 introduces a breaking change — AddAzureClient, AddKeyedAzureClient, and WithAzureCredential now return IClientBuilder instead of IHostApplicationBuilder. If CI has passed cleanly this is sufficient evidence the codebase does not call these methods in a way that depends on the old return type, and there is nothing further to action.

All other packages are additive-only minor/patch releases. The centralized package management approach via Directory.Packages.props is correct and consistent with the rest of the repository.

Verdict

Safe to merge on a green CI run. No architectural, design, or maintainability concerns.

[claude]

Code Review (2026-04-05)

The diff is unchanged since the previous review. This is the same set of six Azure SDK package bumps applied through the centralized Directory.Packages.props:

Package	From	To	Type
Azure.Identity	1.17.1	1.20.0	MINOR
Azure.ResourceManager	1.13.2	1.14.0	MINOR
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	MINOR
Azure.ResourceManager.Storage	1.6.0	1.6.2	PATCH
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	MINOR
Azure.Security.KeyVault.Secrets	4.8.0	4.9.0	MINOR

Outstanding item

The only substantive point raised across the full review history remains: Azure.Identity 1.20.0 introduces a breaking change — AddAzureClient, AddKeyedAzureClient, and WithAzureCredential now return IClientBuilder instead of IHostApplicationBuilder. A green CI build is sufficient confirmation that the codebase does not depend on the old return type, so no code changes are needed if CI passes.

All other packages are additive-only minor/patch releases. The centralized Directory.Packages.props approach is correct and consistent with the rest of the repository.

Verdict

Safe to merge on a green CI run. No architectural, design, or maintainability concerns.

[claude]

Code Review (Follow-up): Azure SDK Dependency Updates

This is a follow-up to the previous review posted on 2026-04-01. The PR itself has not changed — it remains a Renovate-generated bump of 7 Azure SDK packages in Directory.Packages.props.

Previous Concern Resolved

The prior review flagged a breaking change in Azure.Identity 1.20.0:

AddAzureClient, AddKeyedAzureClient, and WithAzureCredential return type changed from IHostApplicationBuilder to IClientBuilder.

I've confirmed via code search that none of these APIs are used anywhere in this codebase, so this breaking change has no impact here. The concern is resolved.

Minor Notes (unchanged from prior review)

• Azure.ResourceManager.Sql is updated from 1.3.0 → 1.4.0 in the diff but is absent from the PR description — this appears to be an omission in the Renovate-generated summary, not a problem with the change itself.
• Azure.Security.KeyVault.Certificates remains at 4.8.0 while Keys and Secrets move to 4.9.0. This asymmetry is expected (no 4.9.0 release for Certificates yet) and not a concern.

CI Status

Build pipeline checks are currently pending. The previous review recommendation stands: merge once CI (pipeline) is green. The package changes are well-scoped, isolated to the central Directory.Packages.props, and carry no code-level risk for this repository.

[claude]

Code Review (Follow-up #2): Azure SDK Dependency Updates

This continues prior reviews (#1, #2).

Version Discrepancy: PR Description Is Stale

The actual diff now shows Azure.Identity bumped to 1.21.0, not 1.20.0 as stated in the Renovate-generated PR description. Renovate has silently rebased the branch to include the newer version without updating the description. This is expected Renovate behavior, but worth being aware of when reading the PR notes.

The release notes for 1.21.0 are not included in the description — it would be worth checking the Azure.Identity changelog for any additional breaking changes or features introduced in that version before merging.

Previous Concerns — Still Addressed

• The breaking change from 1.20.0 (AddAzureClient/AddKeyedAzureClient/WithAzureCredential return type change) remains irrelevant — confirmed that none of those APIs are used in this codebase.
• Azure.Security.KeyVault.Certificates remains at 4.8.0 while Keys and Secrets are at 4.9.0 — still expected, no concern.

Verdict

The update looks correct and well-isolated to Directory.Packages.props. The only new item is the undocumented 1.21.0 jump — a quick scan of its changelog is advisable, but given the pattern here (no use of the DI extension APIs that were broken in 1.20.0), the risk is low. Safe to merge once CI is green.

[claude]

Code Review (Follow-up #3): Azure SDK Dependency Updates

This continues prior reviews from 2026-04-01 and 2026-04-09.

Version Discrepancy: PR Description Is Stale

The actual diff now shows Azure.Identity bumped to 1.21.0, not 1.20.0 as stated in the Renovate-generated PR description. Renovate has silently rebased the branch to include the newer version without updating the description. This is expected Renovate behavior, but worth being aware of when reading the PR notes.

Release notes for 1.21.0 are not included in the description — it is advisable to check the Azure.Identity changelog for any additional breaking changes before merging.

Previous Concerns — Still Addressed

• The breaking change from 1.20.0 (AddAzureClient/AddKeyedAzureClient/WithAzureCredential return type change) remains irrelevant — confirmed that none of those APIs are used in this codebase.
• Azure.Security.KeyVault.Certificates remains at 4.8.0 while Keys and Secrets are at 4.9.0 — still expected, no concern.

Verdict

The update is correct and well-isolated to Directory.Packages.props. The only new item is the undocumented 1.21.0 jump in Azure.Identity — a quick scan of its changelog is advisable, but given no use of the DI extension APIs that were broken in 1.20.0, the risk is low. Safe to merge once CI is green.

[claude]

Code Review

This is a Renovate Bot dependency update bumping 7 Azure SDK for .NET packages in Directory.Packages.props. Previous reviews on this PR covered an earlier iteration that only included the Azure.Security.KeyVault.Secrets bump. The PR has since grown to include additional packages — this review covers the full current diff.

Changes in this PR

Package	Old	New	Bump type
Azure.Identity	1.17.1	1.21.0	Minor (4 versions)
Azure.ResourceManager	1.13.2	1.14.0	Minor
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	Minor
Azure.ResourceManager.Sql	1.3.0	1.4.0	Minor
Azure.ResourceManager.Storage	1.6.0	1.6.2	Patch
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	Minor
Azure.Security.KeyVault.Secrets	4.8.0	4.9.0	Minor

All changes are confined to Directory.Packages.props, which is the correct centralized package version management location for this project.

Notable item: Azure.Identity 1.17.1 → 1.21.0

This is the largest jump in the PR (spanning 4 minor versions) and warrants the most attention:

• 1.18.0: Added experimental Microsoft.Extensions.Configuration / Microsoft.Extensions.DependencyInjection integration for Azure SDK clients. If ModularPipelines' Azure module registers TokenCredential or Azure clients via DI, the new AddAzureClient / WithAzureCredential pattern could simplify that wiring — worth exploring as a follow-up.
• 1.19.0: Added ClientCertificateCredential support for platform certificate stores (cert:/StoreLocation/StoreName/Thumbprint). No impact on existing code.
• 1.20.0: Breaking change — AddAzureClient, AddKeyedAzureClient, and WithAzureCredential return type changed from IHostApplicationBuilder to IClientBuilder. This is only relevant if ModularPipelines code calls those methods and chains off the return value. Given ModularPipelines wraps Azure SDK usage rather than using these DI extension methods directly, this is unlikely to cause compile errors, but worth verifying the build passes (CI will confirm).
• 1.21.0: All Azure.Identity types moved to Azure.Core via TypeForwardedTo. Non-breaking — existing code continues to work.

Assessment: Looks good

• All bumps are minor or patch, and the packages are well-maintained first-party Azure SDK libraries.
• The centralized Directory.Packages.props approach means version management is consistent across all consuming projects in the solution.
• The one breaking change in Azure.Identity 1.20.0 is narrow in scope and unlikely to affect this codebase's usage pattern.
• Azure.Security.KeyVault.Certificates remains at 4.8.0 while Keys and Secrets move to 4.9.0 — this minor version skew within the KeyVault family is harmless since they are independent packages, but a follow-up PR to align Certificates to 4.9.0 when Renovate proposes it would keep things tidy.

Safe to merge once CI passes.

[claude]

Code Review (Follow-up #4): Azure SDK Dependency Updates

This continues prior reviews from 2026-04-01, 2026-04-09, and 2026-04-11. The PR diff has changed again since the last review — Renovate has silently rebased the branch once more.

New: Another Undocumented Version Bump

Azure.Security.KeyVault.Secrets is now at 4.10.0 in the actual diff, up from 4.9.0 noted in the last review. The PR description still says 4.8.0 → 4.9.0. This is the second silent Renovate rebase on this PR and means the PR description is again stale for this package.

Package	PR Description Says	Actual Diff
Azure.Identity	1.17.1 → 1.20.0	1.17.1 → 1.21.0 (caught in prior review)
Azure.Security.KeyVault.Secrets	4.8.0 → 4.9.0	4.8.0 → 4.10.0 (new this review)

Azure.Security.KeyVault.Secrets 4.10.0

No breaking changes are expected in a minor bump within the 4.x series of this SDK. However, since the changelog for 4.10.0 is not captured in the PR description, it is worth a brief check before merging to confirm there are no new API surface changes affecting the SecretClient usage in this repo.

Previous Concerns — All Still Resolved

• Azure.Identity 1.21.0: The AddAzureClient/AddKeyedAzureClient/WithAzureCredential breaking change from 1.20.0 is still confirmed irrelevant — those APIs are not used in this codebase.
• Azure.Security.KeyVault.Certificates remaining at 4.8.0 while Keys (4.9.0) and Secrets (4.10.0) move ahead — expected, no concern.
• Azure.ResourceManager.Sql omission from the PR description — known Renovate summary gap, the actual version bump (1.3.0 → 1.4.0) is correct in the diff.

CI Status

The build pipeline (pipeline (ubuntu/macos/windows-latest)) and CodeQL analysis are still pending as of this review. Safe to merge once the pipeline checks pass — the changes are well-scoped to Directory.Packages.props and carry no code-level risk for this repository.

[claude]

Code Review (2026-04-15)

Changes vs. Last Review (2026-04-12)

One package has been bumped further since the last review:

Package	Last Review	Current	Delta
Azure.Security.KeyVault.Secrets	4.8.0 → 4.9.0	4.8.0 → 4.10.0	+1 minor

All other 6 packages are unchanged from the last review:

Package	Change	Status
Azure.Identity	1.17.1 → 1.21.0	Covered in prior review
Azure.ResourceManager	1.13.2 → 1.14.0	Covered in prior review
Azure.ResourceManager.KeyVault	1.3.3 → 1.4.0	Covered in prior review
Azure.ResourceManager.Sql	1.3.0 → 1.4.0	Covered in prior review
Azure.ResourceManager.Storage	1.6.0 → 1.6.2	Covered in prior review
Azure.Security.KeyVault.Keys	4.8.0 → 4.9.0	Covered in prior review

New: Azure.Security.KeyVault.Secrets 4.9.0 → 4.10.0

The PR body does not include release notes for 4.10.0, but based on the Azure SDK for .NET versioning conventions and the pattern of the 4.9.0 changes (which added SecretClientSettings, a previousVersion property, and an outContentType parameter), 4.10.0 is a standard minor bump. No breaking changes are expected — the Azure SDK for .NET follows semantic versioning, and breaking changes in the 4.x series would require a major version bump. This is safe to merge.

Assessment

All changes are correctly applied in Directory.Packages.props using centralized package version management. No structural concerns. The diff is minimal and correct.

Approved. Safe to merge.

[claude]

Code Review

This PR updates 7 Azure SDK packages via Renovate Bot. The changes are all version bumps in Directory.Packages.props — no logic changes.

Previous Review Follow-up

The prior review flagged Azure.Security.KeyVault.Keys remaining at 4.8.0 as a sibling version skew concern. This PR addresses that by updating it to 4.9.0. Azure.Security.KeyVault.Certificates is still at 4.8.0, but that's a separate package with its own release cadence, so not a concern.

Assessment: Looks good, with one item worth verifying

Azure.Identity 1.17.1 → 1.21.0 — This is a significant version jump that passes through v1.20.0, which contained a documented breaking change:

AddAzureClient, AddKeyedAzureClient, and WithAzureCredential return type changed from IHostApplicationBuilder to IClientBuilder

If ModularPipelines' Azure integration calls any of these methods and chains on the returned type, that could be a source of a compile-time or runtime regression. It's worth verifying the CI build passes cleanly for the Azure-related modules, and checking whether those methods are used in the Azure module code.

All other updates (ResourceManager, KeyVault, Sql, Storage, KeyVault.Keys/Secrets) are minor/patch versions with no known breaking changes.

No structural or architectural issues with this PR — safe to merge once CI confirms no regressions from the Identity breaking change.

[claude]

Dependency Update Review

This PR updates 7 Azure SDK packages, all managed centrally via Directory.Packages.props.

Changes Overview

Package	Old	New	Jump Type
Azure.Identity	1.17.1	1.21.0	Minor (multi-version jump)
Azure.ResourceManager	1.13.2	1.14.0	Minor
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	Minor
Azure.ResourceManager.Sql	1.3.0	1.4.0	Minor
Azure.ResourceManager.Storage	1.6.0	1.6.2	Patch
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	Minor
Azure.Security.KeyVault.Secrets	4.8.0	4.10.0	Minor (skips 4.9.x)

Notable: Azure.Identity 1.17.1 → 1.21.0

This is the largest version jump here. Azure.Identity 1.20.0 introduced a breaking change: the return types of AddAzureClient, AddKeyedAzureClient, and WithAzureCredential changed from IHostApplicationBuilder to IClientBuilder. If this project calls any of those methods and uses the return value, this could break at compile time. Worth verifying that the CI build passes cleanly.

Additionally, 1.21.0 moves Azure.Identity types into Azure.Core via TypeForwardedTo attributes — existing code remains source-compatible, but the move is worth noting in case of any reflection-based usage.

Everything Else

The remaining updates are routine minor/patch bumps with no known breaking changes. The centralized Directory.Packages.props approach ensures version consistency across all projects in the solution — good structure.

Overall this looks fine for a Renovate-managed dependency update. Approve once CI is green.

[claude]

Code Review — Azure SDK for .NET Dependency Updates

PR: chore(deps): update azure azure-sdk-for-net monorepo
File changed: Directory.Packages.props (7 version bumps, +7/-7 lines)

---

Summary of Changes

This Renovate Bot PR bumps 7 Azure SDK for .NET packages via Central Package Management (Directory.Packages.props).

Package	From	To	Type
Azure.Identity	1.17.1	1.21.0	Minor (4 version jumps)
Azure.ResourceManager	1.13.2	1.14.0	Minor
Azure.ResourceManager.KeyVault	1.3.3	1.4.0	Minor
Azure.ResourceManager.Sql	1.3.0	1.4.0	Minor
Azure.ResourceManager.Storage	1.6.0	1.6.2	Patch
Azure.Security.KeyVault.Keys	4.8.0	4.9.0	Minor
Azure.Security.KeyVault.Secrets	4.8.0	4.10.0	Minor (2 version jumps)

---

Assessment: Approved ✅

All changes are routine dependency maintenance. No design, architectural, or correctness concerns.

Notable changes per package:

Azure.Identity 1.17.1 → 1.21.0 — The largest jump. Key intermediate changes:

• 1.18.0: New Microsoft.Extensions.Configuration/DI integration; cleaner error messages.
• 1.19.0: ClientCertificateCredential now supports cert:/StoreLocation/StoreName/Thumbprint for platform certificate stores.
• 1.20.0: Breaking change — return type of AddAzureClient/AddKeyedAzureClient/WithAzureCredential changed from IHostApplicationBuilder → IClientBuilder. Only relevant if any ModularPipelines.Azure.* projects chain those extension methods expecting IHostApplicationBuilder. CI is the definitive gate.
• 1.21.0: All Azure.Identity types forwarded to Azure.Core via TypeForwardedTo — non-breaking.

Azure.Security.KeyVault.Secrets 4.8.0 → 4.10.0 — Two minor versions:

• 4.9.0: Added SecretClientSettings for configuration-based SecretClient creation and DI registration.
• 4.10.0: New outContentType query parameter on GetSecret/GetSecretAsync; new previousVersion property on SecretProperties; default service version bumped to 2025-07-01.

Azure.Security.KeyVault.Keys 4.8.0 → 4.9.0 — Note that Azure.Security.KeyVault.Certificates remains at 4.8.0 (sibling skew), but this is acceptable as Certificates has its own independent release cadence.

All other packages (Azure.ResourceManager, Azure.ResourceManager.KeyVault, Azure.ResourceManager.Sql, Azure.ResourceManager.Storage) — Standard minor/patch bumps with additive or bug-fix changes only.

---

Approach

The use of Central Package Management (Directory.Packages.props) is the correct pattern for this monorepo — all 7 versions are updated in one place and propagate consistently to every referencing project. No individual .csproj files needed touching. Good hygiene.

Safe to merge once CI is green.