{Core} Bump microsoft-security-utilities-secret-masker to 1.0.0b4

[evelyn-ys]

Related command

Description

Pick up regex patterns' updates from https://github.com/microsoft/security-utilities/tree/main/GeneratedRegexPatterns

Testing Guide

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

---

This checklist is used to make sure that common guidelines for a pull request are followed.

• The PR title and description has followed the guideline in Submitting Pull Requests.

• I adhere to the Command Guidelines.

• I adhere to the Error Handling Guidelines.

[azure-client-tools-bot-prd]

️✔️AzureCLI-FullTest

️✔️acr

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️acs

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️advisor

️✔️latest

️✔️3.12

️✔️3.9

️✔️ams

️✔️latest

️✔️3.12

️✔️3.9

️✔️apim

️✔️latest

️✔️3.12

️✔️3.9

️✔️appconfig

️✔️latest

️✔️3.12

️✔️3.9

️✔️appservice

️✔️latest

️✔️3.12

️✔️3.9

️✔️aro

️✔️latest

️✔️3.12

️✔️3.9

️✔️backup

️✔️latest

️✔️3.12

️✔️3.9

️✔️batch

️✔️latest

️✔️3.12

️✔️3.9

️✔️batchai

️✔️latest

️✔️3.12

️✔️3.9

️✔️billing

️✔️latest

️✔️3.12

️✔️3.9

️✔️botservice

️✔️latest

️✔️3.12

️✔️3.9

️✔️cdn

️✔️latest

️✔️3.12

️✔️3.9

️✔️cloud

️✔️latest

️✔️3.12

️✔️3.9

️✔️cognitiveservices

️✔️latest

️✔️3.12

️✔️3.9

️✔️compute_recommender

️✔️latest

️✔️3.12

️✔️3.9

️✔️computefleet

️✔️latest

️✔️3.12

️✔️3.9

️✔️config

️✔️latest

️✔️3.12

️✔️3.9

️✔️configure

️✔️latest

️✔️3.12

️✔️3.9

️✔️consumption

️✔️latest

️✔️3.12

️✔️3.9

️✔️container

️✔️latest

️✔️3.12

️✔️3.9

️✔️containerapp

️✔️latest

️✔️3.12

️✔️3.9

️✔️core

️✔️2018-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️cosmosdb

️✔️latest

️✔️3.12

️✔️3.9

️✔️databoxedge

️✔️2019-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️dls

️✔️latest

️✔️3.12

️✔️3.9

️✔️dms

️✔️latest

️✔️3.12

️✔️3.9

️✔️eventgrid

️✔️latest

️✔️3.12

️✔️3.9

️✔️eventhubs

️✔️latest

️✔️3.12

️✔️3.9

️✔️feedback

️✔️latest

️✔️3.12

️✔️3.9

️✔️find

️✔️latest

️✔️3.12

️✔️3.9

️✔️hdinsight

️✔️latest

️✔️3.12

️✔️3.9

️✔️identity

️✔️latest

️✔️3.12

️✔️3.9

️✔️iot

️✔️2019-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️keyvault

️✔️2018-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️lab

️✔️latest

️✔️3.12

️✔️3.9

️✔️managedservices

️✔️latest

️✔️3.12

️✔️3.9

️✔️maps

️✔️latest

️✔️3.12

️✔️3.9

️✔️marketplaceordering

️✔️latest

️✔️3.12

️✔️3.9

️✔️monitor

️✔️latest

️✔️3.12

️✔️3.9

️✔️mysql

️✔️latest

️✔️3.12

️✔️3.9

️✔️netappfiles

️✔️latest

️✔️3.12

️✔️3.9

️✔️network

️✔️2018-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️policyinsights

️✔️latest

️✔️3.12

️✔️3.9

️✔️privatedns

️✔️latest

️✔️3.12

️✔️3.9

️✔️profile

️✔️latest

️✔️3.12

️✔️3.9

️✔️rdbms

️✔️latest

️✔️3.12

️✔️3.9

️✔️redis

️✔️latest

️✔️3.12

️✔️3.9

️✔️relay

️✔️latest

️✔️3.12

️✔️3.9

️✔️resource

️✔️2018-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️role

️✔️latest

️✔️3.12

️✔️3.9

️✔️search

️✔️latest

️✔️3.12

️✔️3.9

️✔️security

️✔️latest

️✔️3.12

️✔️3.9

️✔️servicebus

️✔️latest

️✔️3.12

️✔️3.9

️✔️serviceconnector

️✔️latest

️✔️3.12

️✔️3.9

️✔️servicefabric

️✔️latest

️✔️3.12

️✔️3.9

️✔️signalr

️✔️latest

️✔️3.12

️✔️3.9

️✔️sql

️✔️latest

️✔️3.12

️✔️3.9

️✔️sqlvm

️✔️latest

️✔️3.12

️✔️3.9

️✔️storage

️✔️2018-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️synapse

️✔️latest

️✔️3.12

️✔️3.9

️✔️telemetry

️✔️2018-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

️✔️util

️✔️latest

️✔️3.12

️✔️3.9

️✔️vm

️✔️2018-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2019-03-01-hybrid

️✔️3.12

️✔️3.9

️✔️2020-09-01-hybrid

️✔️3.12

️✔️3.9

️✔️latest

️✔️3.12

️✔️3.9

[azure-client-tools-bot-prd]

️✔️AzureCLI-BreakingChangeTest

️✔️Non Breaking Changes

[yonzhan]

Thank you for your contribution! We will review the pull request and get back to you soon.

[github-actions]

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

[bebound]

Why it is not in requirements.txt?

[evelyn-ys]

It's azure-cli-core's dependency, not azure-cli

[bebound]

I see.
This change has no effect since ~= will select the 1.0.0b4 by default.

[evelyn-ys]

Right, this PR fixes tests after sdk upgrade as well

[jiasli]

It's azure-cli-core's dependency, not azure-cli

This is not accurate. requirements.txt contains requirements of both Azure CLI and Core. requirements.txt is used to have stable dependencies in MSI, ZIP, DEB, RPM packages.

If microsoft-security-utilities-secret-masker is required by Azure CLI Core, it should be included in requirements.txt too. msal is an example:

azure-cli/src/azure-cli-core/setup.py

Line 57 in 1696f9f

'msal[broker]==1.32.3',

azure-cli/src/azure-cli/requirements.py3.windows.txt

Line 106 in cd9a1ae

msal[broker]==1.32.3

[bebound]

I upvote adding more azure-cli-core dependencies in requirements.txt.

I have to manually add microsoft-security-utilities-secret-masker and py-deviceid to requirements.txt in: https://github.com/Azure/azure-cli-pr/pull/143#discussion_r2030667413

[jiasli]

#31367 contains the detailed error.

2025-04-27T09:22:37.8357554Z                             if char not in "=!":
2025-04-27T09:22:37.8357740Z >                               raise source.error("unknown extension ?<" + char,
2025-04-27T09:22:37.8357916Z                                                    len(char) + 2)
2025-04-27T09:22:37.8358098Z E                               re.error: unknown extension ?<r at position 1
2025-04-27T09:22:37.8358190Z 
2025-04-27T09:22:37.8358388Z /opt/hostedtoolcache/Python/3.12.9/x64/lib/python3.12/re/_parser.py:769: error

I am curious if ?<r is an invalid regex, how is it not detected by the old microsoft-security-utilities-secret-masker library?

Is it because (?<refine>[\w.%#+-]+)(%40|@)([a-z0-9.-]*.[a-z]{2,}) is actually never used?

[evelyn-ys]

old microsoft-security-utilities-secret-masker has a func replacing all ?P<refine> with ?<refine> because it was wrong in rule json file that 1ES shared. The new version removed this func as 1ES has fixed the rule patterns

[evelyn-ys]

old microsoft-security-utilities-secret-masker has a func replacing all ?<refine> with ?P<refine> because it was wrong in rule json file that 1ES shared. The new version removed this func as 1ES has fixed the rule patterns