Skip to content

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal#644

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/multi-1724c288b4
Closed

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal#644
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/multi-1724c288b4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Updated Microsoft.Identity.Client from 4.82.1 to 4.83.1.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.83.1

Bug Fixes

4.83.0

New Features

  • Agent Skills: Added Agent Skills catalog with complete coverage of both Confidential Client Authentication and mTLS PoP flows #​5733
  • mTLS PoP Skills Guide: Added comprehensive guide for GitHub Copilot Chat covering MSAL.NET authentication, mTLS Proof of Possession, and Federated Identity Credentials #​5790

Changes

  • Credential Guard Attestation: Integrated native DLL handling for Credential Guard attestation with centralized versioning #​5674

Bug Fixes

  • IMDSv2 mTLS Auto-Recovery: Implemented automatic recovery from SCHANNEL handshake failures by evicting cached certificates and re-minting #​5761
  • Managed Identity Fallback Behavior: Restored classic fallback behavior in MSAL MI unless GetManagedIdentitySourceAsync() is explicitly invoked #​5815
  • Attestation Token Expiration: Exposed expires_on field in attestation tokens for better token lifecycle management #​5741
  • Service Fabric API Version: Updated Service Fabric managed identity API version from 2019-07-01-preview to 2020-05-01 #​5781
  • Cached Token Validation: Enhanced ValidateCachedTokenAsync to work properly with multiple APIs beyond the initial scope #​5764
  • Client Credentials Tenant ID: Updated result to properly pass tenant ID in client credentials flow #​5754
  • Experimental Flag Removal: Removed experimental flag requirement from IAuthenticationOperation and WithAuthenticationExtension #​5699
  • OpenTelemetry Exception Handling: Expanded OTel exception handling for Azure Functions compatibility #​5720
  • ICustomWebUi Security Warning: Added security warnings to ICustomWebUi documentation #​5704

Infrastructure & Dependencies

  • GitHub Actions Workflow: Added GitHub Actions workflow for Managed Identity WebAPI automated build and deployment to Azure #​5751
  • .NET SDK Security Update: Updated .NET SDK from version 8.0.415 to 8.0.418 to address high severity security vulnerabilities #​5779 #​5783

Commits viewable in compare view.

Updated Microsoft.Identity.Client.Extensions.Msal from 4.82.1 to 4.83.1.

Release notes

Sourced from Microsoft.Identity.Client.Extensions.Msal's releases.

4.83.1

Bug Fixes

4.83.0

New Features

  • Agent Skills: Added Agent Skills catalog with complete coverage of both Confidential Client Authentication and mTLS PoP flows #​5733
  • mTLS PoP Skills Guide: Added comprehensive guide for GitHub Copilot Chat covering MSAL.NET authentication, mTLS Proof of Possession, and Federated Identity Credentials #​5790

Changes

  • Credential Guard Attestation: Integrated native DLL handling for Credential Guard attestation with centralized versioning #​5674

Bug Fixes

  • IMDSv2 mTLS Auto-Recovery: Implemented automatic recovery from SCHANNEL handshake failures by evicting cached certificates and re-minting #​5761
  • Managed Identity Fallback Behavior: Restored classic fallback behavior in MSAL MI unless GetManagedIdentitySourceAsync() is explicitly invoked #​5815
  • Attestation Token Expiration: Exposed expires_on field in attestation tokens for better token lifecycle management #​5741
  • Service Fabric API Version: Updated Service Fabric managed identity API version from 2019-07-01-preview to 2020-05-01 #​5781
  • Cached Token Validation: Enhanced ValidateCachedTokenAsync to work properly with multiple APIs beyond the initial scope #​5764
  • Client Credentials Tenant ID: Updated result to properly pass tenant ID in client credentials flow #​5754
  • Experimental Flag Removal: Removed experimental flag requirement from IAuthenticationOperation and WithAuthenticationExtension #​5699
  • OpenTelemetry Exception Handling: Expanded OTel exception handling for Azure Functions compatibility #​5720
  • ICustomWebUi Security Warning: Added security warnings to ICustomWebUi documentation #​5704

Infrastructure & Dependencies

  • GitHub Actions Workflow: Added GitHub Actions workflow for Managed Identity WebAPI automated build and deployment to Azure #​5751
  • .NET SDK Security Update: Updated .NET SDK from version 8.0.415 to 8.0.418 to address high severity security vulnerabilities #​5779 #​5783

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 23, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 23, 2026

Labels

The following labels could not be found: nuget. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot mentioned this pull request Mar 23, 2026
Closed
@dependabot dependabot bot temporarily deployed to test-dataverse March 23, 2026 09:10 Inactive
@dependabot
deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Ex…
7deef9b 
…tensions.Msal

Bumps Microsoft.Identity.Client from 4.82.1 to 4.83.1
Bumps Microsoft.Identity.Client.Extensions.Msal from 4.82.1 to 4.83.1

---
updated-dependencies:
- dependency-name: Microsoft.Identity.Client
  dependency-version: 4.83.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: Microsoft.Identity.Client.Extensions.Msal
  dependency-version: 4.83.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/nuget/multi-1724c288b4 branch from 0a38e25 to 7deef9b Compare March 24, 2026 18:25
@dependabot dependabot bot temporarily deployed to test-dataverse March 24, 2026 18:25 Inactive
joshsmithxrm added a commit that referenced this pull request Mar 25, 2026
@joshsmithxrm @claude
deps: combine 12 dependabot updates and fix flaky test
0ddbb6a 
NuGet updates:
- Microsoft.Identity.Client 4.82.1 → 4.83.1
- Microsoft.Identity.Client.Extensions.Msal 4.82.1 → 4.83.1
- Devlooped.CredentialManager 2.6.1.1 → 2.7.0
- System.Security.Cryptography.Pkcs 10.0.2 → 10.0.5
- System.CommandLine 2.0.2 → 2.0.5
- Microsoft.SqlServer.TransactSql.ScriptDom 170.3.0 → 170.191.0
- Microsoft.SourceLink.GitHub 10.0.102 → 10.0.201
- coverlet.collector 8.0.0 → 8.0.1
- FluentAssertions 8.8.0 → 8.9.0

npm updates (Extension):
- knip 5.87.0 → 6.0.2
- eslint 10.0.3 → 10.1.0
- stylelint 17.4.0 → 17.5.0
- typescript-eslint 8.57.0 → 8.57.1
- flatted 3.3.3 → 3.4.2 (transitive)

Fix flaky AsyncHelperTests.FireAndForget_UnwrapsAggregateException —
replaced fixed Task.Delay(100) with polling loop (2s timeout) to
eliminate thread-pool scheduling race under CI load.

Supersedes: #635, #636, #637, #638, #639, #640, #641, #644, #645, #646, #647, #649

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@joshsmithxrm joshsmithxrm mentioned this pull request Mar 25, 2026
Merged
6 tasks
joshsmithxrm added a commit that referenced this pull request Mar 25, 2026
@joshsmithxrm @claude
deps: combine 12 dependabot updates + fix flaky test (#668)
77ae23d 
* deps: combine 12 dependabot updates and fix flaky test

NuGet updates:
- Microsoft.Identity.Client 4.82.1 → 4.83.1
- Microsoft.Identity.Client.Extensions.Msal 4.82.1 → 4.83.1
- Devlooped.CredentialManager 2.6.1.1 → 2.7.0
- System.Security.Cryptography.Pkcs 10.0.2 → 10.0.5
- System.CommandLine 2.0.2 → 2.0.5
- Microsoft.SqlServer.TransactSql.ScriptDom 170.3.0 → 170.191.0
- Microsoft.SourceLink.GitHub 10.0.102 → 10.0.201
- coverlet.collector 8.0.0 → 8.0.1
- FluentAssertions 8.8.0 → 8.9.0

npm updates (Extension):
- knip 5.87.0 → 6.0.2
- eslint 10.0.3 → 10.1.0
- stylelint 17.4.0 → 17.5.0
- typescript-eslint 8.57.0 → 8.57.1
- flatted 3.3.3 → 3.4.2 (transitive)

Fix flaky AsyncHelperTests.FireAndForget_UnwrapsAggregateException —
replaced fixed Task.Delay(100) with polling loop (2s timeout) to
eliminate thread-pool scheduling race under CI load.

Supersedes: #635, #636, #637, #638, #639, #640, #641, #644, #645, #646, #647, #649

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(test): address Gemini review — use Stopwatch and Assert.Fail in WaitForErrors

Use Stopwatch instead of Environment.TickCount64 for more reliable time
measurement, and add Assert.Fail with a descriptive message on timeout
for easier debugging.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@joshsmithxrm
Copy link
Copy Markdown
Owner

joshsmithxrm commented Mar 25, 2026

Superseded by #668 which combined all 12 Dependabot updates into a single PR.

@github-project-automation github-project-automation bot moved this from Todo to Done in PPDS Roadmap Mar 25, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 25, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/nuget/multi-1724c288b4 branch March 25, 2026 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

PPDS Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joshsmithxrm