Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump msal4j from 1.11.2 to 1.13.8 in /examples/msal-java #913

Merged
merged 1 commit into from
May 16, 2023
Merged

chore: bump msal4j from 1.11.2 to 1.13.8 in /examples/msal-java #913

merged 1 commit into from
May 16, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 1, 2023
edited
Loading

Bumps msal4j from 1.11.2 to 1.13.8.

Release notes

Sourced from msal4j's releases.

msal4j v1.13.8

  • Added support for CIAM authority
  • Added refresh_in logic for managed identity flow
  • Better exception handling in interactive flow
  • Updated vulnerable dependency versions

msal4j v1.13.7 release

Address security vulnerability - Update net.minidev:json-smart version to 2.4.10

msal4j v1.13.6 release

  • Added ExtraQueryParameters API.
  • added tests for a CIAM user.
  • updated condition to throw exception only for an invalid authority while performing instance discovery.

msal4j v1.13.5 release

  • fixed url for admin consent.
  • added 2s timeout to IMDS endpoint call.
  • fixed url for regional endpoint calls.
  • added support for current and legacy B2c authority formats.

msal4j v1.13.4 release

  • regional endpoint updates
  • fixed manifest
  • Expose instance discovery flag to perform instance discovery.

msal4j v1.13.3 release

Update jackson-databind version to 2.13.4.2

v1.13.2

  • Add IBroker interface
  • Update AppTokenProvider callback logging to be consistent with Azure SDK logging
  • Restructure library and add broker module
  • Update version of vulnerable libraries
  • Update README for broken links

v1.13.1

  • Bug fixes and improvements for region API
  • Allow configuration of timeouts for interactive requests
  • Additional and more informative logging for regional scenarios and token requests in general

msal4j v1.13.0 release

  • Provide token caching functionality for managed identity tokens
  • Updates for obo-for-service-principal scenarios
  • version updates for nimbusds-oauth2 library

v1.12.0

  • Updates several dependencies to avoid security vulnerabilities
  • Improves serialization of ID tokens and authentication results
  • Various bug fixes related to authority paths, regional endpoints, and unclear logs

... (truncated)

Commits
  • 54c14b2 Version updates for 1.13.8 release (#634)
  • 0355683 Better redirect URI error handling and dependency upgrade (#633)
  • d345e61 Merge pull request #628 from AzureAD/SJAIN/add-refresh-in-logic
  • 3f653c6 Merge pull request #632 from AzureAD/sjain/update-org-json-version
  • 7fc84fc updated org-json version to resolve Dependabot alert
  • a965fbb Merge pull request #626 from AzureAD/add-ciam-authority
  • db6fad5 update tests
  • 98ef236 resolve build issues + address PR comments
  • f4189d9 add refresh_in logic
  • 9d4e1dd update exception message for device code flow
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from aramase as a code owner May 1, 2023 20:05
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 1, 2023
@dependabot dependabot bot force-pushed the dependabot/maven/examples/msal-java/com.microsoft.azure-msal4j-1.13.8 branch 2 times, most recently from 020ae0b to 3dea7ef Compare May 2, 2023 22:41
@codecov-commenter
Copy link

codecov-commenter commented May 2, 2023
edited
Loading

Codecov Report

Merging #913 (52679c3) into main (210a14e) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #913   +/-   ##
=======================================
  Coverage   53.71%   53.71%           
=======================================
  Files          36       36           
  Lines        2290     2290           
=======================================
  Hits         1230     1230           
  Misses       1014     1014           
  Partials       46       46

@dependabot dependabot bot force-pushed the dependabot/maven/examples/msal-java/com.microsoft.azure-msal4j-1.13.8 branch from 3dea7ef to 1907fb6 Compare May 12, 2023 19:35
@dependabot dependabot bot requested a review from enj as a code owner May 12, 2023 19:35
@dependabot dependabot bot force-pushed the dependabot/maven/examples/msal-java/com.microsoft.azure-msal4j-1.13.8 branch from 1907fb6 to e99054f Compare May 15, 2023 23:51
@dependabot
chore: bump msal4j from 1.11.2 to 1.13.8 in /examples/msal-java
52679c3 
Bumps [msal4j](https://github.com/AzureAD/microsoft-authentication-library-for-java) from 1.11.2 to 1.13.8.
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-java/releases)
- [Commits](AzureAD/microsoft-authentication-library-for-java@v1.11.2...v1.13.8)

---
updated-dependencies:
- dependency-name: com.microsoft.azure:msal4j
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/maven/examples/msal-java/com.microsoft.azure-msal4j-1.13.8 branch from e99054f to 52679c3 Compare May 16, 2023 00:02
@aramase
Copy link
Member

aramase commented May 16, 2023

/azp run

@azure-pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@aramase aramase merged commit 558b3b6 into main May 16, 2023
@aramase aramase deleted the dependabot/maven/examples/msal-java/com.microsoft.azure-msal4j-1.13.8 branch May 16, 2023 00:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aramase aramase aramase approved these changes

@enj enj Awaiting requested review from enj enj is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@codecov-commenter @aramase