Skip to content

chore(deps): update microsoft#109

Open
Workleap IT (Infra-Workleap) wants to merge 1 commit into
mainfrom
renovate/microsoft
Open

chore(deps): update microsoft#109
Workleap IT (Infra-Workleap) wants to merge 1 commit into
mainfrom
renovate/microsoft

Conversation

@Infra-Workleap

@Infra-Workleap Workleap IT (Infra-Workleap) commented May 23, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
Microsoft.Identity.Client (source) 4.83.14.85.2 age confidence
Microsoft.Identity.Client.Extensions.Msal (source) 4.83.14.85.2 age confidence
Microsoft.NET.Test.Sdk 18.3.018.7.0 age confidence
System.Formats.Asn1 (source) 10.0.510.0.9 age confidence
System.IO.Abstractions 22.1.022.1.1 age confidence
System.IdentityModel.Tokens.Jwt 8.17.08.19.1 age confidence

Release Notes

AzureAD/microsoft-authentication-library-for-dotnet (Microsoft.Identity.Client)

v4.85.2

Compare Source

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.85.1...4.85.2

v4.85.1

Compare Source

======

New Features
  • Exposed canonical OpenTelemetry tag names per metric via MsalMetricsCatalog.CanonicalTagsByMetric for discoverability and validation. #​6076
Changes
  • Managed identity error messages and request-failure logs now include the detected ManagedIdentitySource (e.g., AppService, Imds, ServiceFabric) so the host-issued Managed Identity Correlation ID can be traced to the correct host's telemetry. #​6101

v4.85.0

Compare Source

======

New Features
  • Added WithOtelTagsEnricher extension on AbstractAcquireTokenParameterBuilder<T> to enrich OpenTelemetry tags from token acquisition results. #​6071
  • Promoted MsalServiceException.SubErrorForLogging to public for diagnostic logging of service sub-errors. #​6063
  • Added GovFr, GovDe, and GovSg values to the AzureCloudInstance enum for sovereign cloud support. #​6023
Changes
  • Migrated region discovery to the IMDS /compute JSON endpoint. #​6039
Bug Fixes
  • Excluded caller SDK telemetry headers (caller-sdk-id, caller-sdk-ver) from access token cache keys to prevent cache fragmentation. #​6073
  • Service Fabric Managed Identity now sends principalId for ObjectId and rejects ClientId/ResourceId identifiers. #​6065
  • Validated Azure region format to prevent region poisoning. #​6060
  • Fixed proactive token refresh bypassing cancellation, which could lead to unbounded semaphore waits. #​6053
  • Fall back to the home account from the request when not available elsewhere. #​5618

v4.84.2

Compare Source

======

New Features
  • Added ManagedIdentityApplication.GetManagedIdentityCapabilitiesAsync(CancellationToken) returning a ManagedIdentityCapabilities object that reports the detected managed identity Source, the host's MaxSupportedBindingStrength (new MtlsBindingStrength enum: None, Software, KeyGuard), and a derived IsMtlsPopSupportedByHost. Replaces GetManagedIdentitySourceAsync()/ManagedIdentitySourceResult. The public ManagedIdentitySource.ImdsV2 value is folded into Imds (v1/v2 routing remains internal). #​6049
  • Added OID-based user identification to the User Federated Identity Credential (user_fic) flow via AcquireTokenByUserFederatedIdentityCredential(scopes, Guid userObjectId, assertion). #​6050
  • Added WithClaimsFromClient(claimsJson) to forward client-originated claims across managed identity and confidential client flows. #​5999
  • Added mTLS PoP support for WithCertificate(() => x509) (dynamic certificate credential). #​5957
  • Added opt-in token-acquisition metrics covering both successful and failed attempts. #​6004
Changes
  • Extended mTLS bearer transport (CertificateOptions.SendCertificateOverMtls) to the OBO, refresh-token, and authorization-code flows. #​6009
  • General Availability of the Microsoft.Identity.Client.KeyAttestation package. #​6038
  • Managed identity now probes IMDSv2 first and the preview latch was removed. #​6041
  • Updated NativeInterop baseline and corrected devapp version ranges. #​6045
  • Simplified GetTenantedAuthority in CiamAuthority and DstsAuthority. #​6001
Bug Fixes
  • Fixed WithExtraQueryParameters on ManagedIdentityApplicationBuilder bypassing token caching. #​6035
  • Guarded HTTP status codes on discovery endpoints in KnownInstanceMetadataIsUpToDateAsync. #​6048
  • Detect orphaned KeyGuard certificates via public-key modulus comparison. #​6020
  • KeyGuard/Credential Guard attestation failures now surface as an MsalServiceException("attestation_failed") (carrying the MAA status/native error/reason) instead of silently sending a non-attested certificate request to IMDS, and native AttestationClientLib (MAA) logs are bridged into the MSAL ILoggerAdapter. Behavior change: when an attestation provider is configured via WithAttestationSupport() and returns no token for a KeyGuard key, the request now fails closed rather than falling back to a non-attested request. #​6081

v4.84.1

Compare Source

======

New Features
  • Added WithReservedScopes and WithCachePartitionKey public API extensions on AcquireTokenByAuthorizationCodeParameterBuilder and BaseAbstractAcquireTokenParameterBuilder. #​6014
  • Added IAuthenticationOperation3 interface for CDT + mTLS PoP composition, with CredentialEvaluationContext for post-credential evaluation hooks. #​5996
  • Added MsalRemainingTokenLifetime histogram metric for token expiry tracking. #​5920
Changes
  • Removed [Obsolete] attribute from WithExtraBodyParameters extension method. #​6006
  • Replaced ConcurrentHashSet<T> with ConcurrentDictionary<T, byte> to eliminate custom collection. #​5975
Bug Fixes
  • Fixed WithTenantId not honoring MSA tenant GUID when specified at request level. #​5958
  • Fixed OBO cache returning multiple_matching_tokens_detected when attributed tokens share a partition. #​5993

v4.84.0

Compare Source

======

New Features
  • Added CacheOptions.DisableInternalCacheOptions static property and CacheOptions.IsInternalCacheDisabled to allow disabling MSAL's internal token cache. Added CacheRefreshReason.CacheDisabled and MsalError.InternalCacheDisabled to support this scenario. #​5947
  • Added AuthenticationResultExtensions.GetRefreshToken() extension method for accessing refresh tokens from AuthenticationResult. #​5947
  • Added WithAttributeTokens and WithExtraBodyParameters extension methods on AbstractConfidentialClientAcquireTokenParameterBuilder for enhanced extensibility. #​5888
  • Added CertificateOptions.SendCertificateOverMtls for mTLS Proof-of-Possession certificate support. #​5849
  • Added AssertionRequestOptions.CorrelationId property for correlation ID support in FIC assertion requests. #​5937
Changes
  • Removed experimental feature gate from WithClientAssertion(ClientSignedAssertion) overload. #​5945
  • Removed embedded Newtonsoft.Json dependency, migrated to System.Text.Json exclusively. #​5959
  • Removed mTLS PoP region as a hard requirement. #​5902
  • Refactored client credential material resolution. #​5835
  • Added in-process MAA token caching to PopKeyAttestor. #​5887
  • Added raw STS error code to MsalFailure metric. #​5961
  • Support forwarding MSAL client metadata headers through IMDS to ESTS. #​5912
Bug Fixes
  • Fixed eager evaluation in ConcurrentDictionary.GetOrAdd calls. #​5950
  • Fixed System.ValueTuple conditional dependency to net462 only. #​5894
  • Validated clientSignedAssertionProvider delegate is non-null in WithClientAssertion. #​5956
  • Improved MtlsPopTokenNotSupportedinImdsV1 error message clarity. #​5908
  • Added additional checks for issuer validation. #​5931

v4.83.3

Compare Source

======

New Features
  • Added support for User Federated Identity Credential (UserFIC) scenarios through the IByUserFederatedIdentityCredential interface and user_fic grant type. #​5802
Changes
  • Updated NativeInterop to version 0.20.3. #​5866
Bug Fixes
  • Fixed response handling in HttpListenerInterceptor.cs to ensure the full response is properly closed. #​5478
  • Fixed macOS detection to include maccatalyst target in desktop platform checks.#​5882
Infrastructure & Dependencies
  • Extracted reusable MSAL test infrastructure into Microsoft.Identity.Lab.API. #​5864
microsoft/vstest (Microsoft.NET.Test.Sdk)

v18.7.0

What's Changed

New Contributors

Full Changelog: microsoft/vstest@v18.6.0...v18.7.0

v18.6.0

What's Changed

Changes to tests and infra

Full Changelog: microsoft/vstest@v18.5.1...v18.6.0

v18.5.1

What's Changed

Full Changelog: microsoft/vstest@v18.5.0...v18.5.1

v18.5.0

⚠️ Unlisted on Nuget, because of #​15718

What's Changed

Full Changelog: microsoft/vstest@v18.4.0...v18.5.0

v18.4.0

What's Changed

New Contributors

Full Changelog: microsoft/vstest@v18.3.0...v18.4.0

TestableIO/System.IO.Abstractions (System.IO.Abstractions)

v22.1.1

What's Changed

New Contributors

Full Changelog: TestableIO/System.IO.Abstractions@v22.1.0...v22.1.1

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (System.IdentityModel.Tokens.Jwt)

v8.19.1

Compare Source

====

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

v8.19.0

Compare Source

====

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't con

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@Infra-Workleap Workleap IT (Infra-Workleap) requested a review from a team as a code owner May 23, 2026 06:30
Copilot AI review requested due to automatic review settings May 23, 2026 06:30
@Infra-Workleap Workleap IT (Infra-Workleap) enabled auto-merge (squash) May 23, 2026 06:30
@Infra-Workleap

Copy link
Copy Markdown
Contributor Author

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.


  • Branch has one or more failed status checks

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates several NuGet dependencies used by the Leap CLI and its test project, primarily bumping Microsoft identity/auth libraries and test tooling to newer patch/minor versions.

Changes:

  • Update MSAL packages (Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal) from 4.83.1 to 4.84.0.
  • Update security/identity-related system packages (System.Formats.Asn1, System.IdentityModel.Tokens.Jwt) to newer patch/minor versions.
  • Update test SDK (Microsoft.NET.Test.Sdk) from 18.3.0 to 18.5.1.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/Leap.Cli/Leap.Cli.csproj Bumps MSAL and related dependency versions used by the CLI.
src/Leap.Cli.Tests/Leap.Cli.Tests.csproj Bumps Microsoft.NET.Test.Sdk used by the test project.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants