[main] Bump the identity-dependencies group with 1 update #8666

dependabot · 2025-10-22T16:49:23Z

Updated Microsoft.Identity.Web from 3.14.1 to 4.0.1.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.0.0

Breaking Changes

Removed support for .NET 6.0 and .NET 7.0 - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.

See MIGRATION_GUIDE_V4

New features

Various improvements to performance logging, authentication, and credential loading capabilities.
Bumped MSAL.NET to 4.77.1
Added credential description extensibility. For details, see #3487
Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See #3505
Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See #3513
Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See #3515
Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See #3503
Support for multiple certificate observers. See #3506
The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See #3524

Bug Fixes

Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See #3443
Fixed IDW10405 error when using managed identity with common tenant. See #3415
Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See #3414

Fundamentals

Various improvements to .NET support and dependency optimizations.
Added doc for Agent identities. See Agent identities
Combined and fixed test collections. See #3472
Migrate repository agent rules from .clinerules to agents.md. See #3475
Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See #3489
Renamed NET 7 tests to ThreadingTests for framework independence. See #3501

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

wiktork · 2025-10-24T23:16:36Z

@dependabot recreate

Bumps Microsoft.Identity.Web from 3.14.1 to 4.0.1 --- updated-dependencies: - dependency-name: Microsoft.Identity.Web dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: identity-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

* Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#8682) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump streetsidesoftware/cspell-action from 7.2.0 to 7.2.1 (#8681) Bumps [streetsidesoftware/cspell-action](https://github.com/streetsidesoftware/cspell-action) from 7.2.0 to 7.2.1. - [Release notes](https://github.com/streetsidesoftware/cspell-action/releases) - [Changelog](https://github.com/streetsidesoftware/cspell-action/blob/main/CHANGELOG.md) - [Commits](streetsidesoftware/cspell-action@dcd03dc...76c6f6d) --- updated-dependencies: - dependency-name: streetsidesoftware/cspell-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use arcade backport workflow (#8683) * [main] Bump the identity-dependencies group with 1 update (#8666) Bumps Microsoft.Identity.Web from 3.14.1 to 4.0.1 --- updated-dependencies: - dependency-name: Microsoft.Identity.Web dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: identity-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [main] Bump Newtonsoft.Json from 13.0.3 to 13.0.4 (#8670) --- updated-dependencies: - dependency-name: Newtonsoft.Json dependency-version: 13.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matt Mitchell <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#8682) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump streetsidesoftware/cspell-action from 7.2.0 to 7.2.1 (#8681) Bumps [streetsidesoftware/cspell-action](https://github.com/streetsidesoftware/cspell-action) from 7.2.0 to 7.2.1. - [Release notes](https://github.com/streetsidesoftware/cspell-action/releases) - [Changelog](https://github.com/streetsidesoftware/cspell-action/blob/main/CHANGELOG.md) - [Commits](streetsidesoftware/cspell-action@dcd03dc...76c6f6d) --- updated-dependencies: - dependency-name: streetsidesoftware/cspell-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use arcade backport workflow (#8683) * [main] Bump the identity-dependencies group with 1 update (#8666) Bumps Microsoft.Identity.Web from 3.14.1 to 4.0.1 --- updated-dependencies: - dependency-name: Microsoft.Identity.Web dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: identity-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [main] Bump Newtonsoft.Json from 13.0.3 to 13.0.4 (#8670) --- updated-dependencies: - dependency-name: Newtonsoft.Json dependency-version: 13.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update Learning Paths (#8693) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * [main] Bump NJsonSchema from 11.0.0 to 11.5.1 (#8702) --- updated-dependencies: - dependency-name: NJsonSchema dependency-version: 11.5.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matt Mitchell <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Oct 22, 2025

dependabot bot requested a review from a team as a code owner October 22, 2025 16:49

dependabot bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .net code labels Oct 22, 2025

dotnet-policy-service bot added the needs-review label Oct 22, 2025

dependabot bot force-pushed the dependabot/nuget/eng/dependabot/independent/main/identity-dependencies-eb6225255e branch from 69c5d9b to ef88cfc Compare October 24, 2025 00:02

wiktork force-pushed the dependabot/nuget/eng/dependabot/independent/main/identity-dependencies-eb6225255e branch from ef88cfc to 63e7a1c Compare October 24, 2025 20:28

dotnet-policy-service bot removed the needs-review label Oct 24, 2025

dependabot bot force-pushed the dependabot/nuget/eng/dependabot/independent/main/identity-dependencies-eb6225255e branch from 63e7a1c to e5eb864 Compare October 24, 2025 23:19

dotnet-policy-service bot added the needs-review label Oct 24, 2025

dependabot bot force-pushed the dependabot/nuget/eng/dependabot/independent/main/identity-dependencies-eb6225255e branch from e5eb864 to 9a4dcc3 Compare October 28, 2025 16:14

wiktork approved these changes Oct 28, 2025

View reviewed changes

dotnet-policy-service bot removed the needs-review label Oct 28, 2025

wiktork merged commit aaa60fe into main Oct 28, 2025
21 of 22 checks passed

wiktork deleted the dependabot/nuget/eng/dependabot/independent/main/identity-dependencies-eb6225255e branch October 28, 2025 23:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[main] Bump the identity-dependencies group with 1 update #8666

[main] Bump the identity-dependencies group with 1 update #8666

Uh oh!

dependabot bot commented on behalf of github Oct 22, 2025 •

edited

Loading

Uh oh!

wiktork commented Oct 24, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[main] Bump the identity-dependencies group with 1 update #8666

[main] Bump the identity-dependencies group with 1 update #8666

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

4.0.0

4.0.0

Breaking Changes

New features

Bug Fixes

Fundamentals

Uh oh!

wiktork commented Oct 24, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Oct 22, 2025 •

edited

Loading