Bump msal4j from 1.11.0 to 1.13.8 in /msal-obo-sample

[dependabot[bot]]

Bumps msal4j from 1.11.0 to 1.13.8.

Release notes

Sourced from msal4j's releases.

msal4j v1.13.8

• Added support for CIAM authority
• Added refresh_in logic for managed identity flow
• Better exception handling in interactive flow
• Updated vulnerable dependency versions

msal4j v1.13.7 release

Address security vulnerability - Update net.minidev:json-smart version to 2.4.10

msal4j v1.13.6 release

• Added ExtraQueryParameters API.
• added tests for a CIAM user.
• updated condition to throw exception only for an invalid authority while performing instance discovery.

msal4j v1.13.5 release

• fixed url for admin consent.
• added 2s timeout to IMDS endpoint call.
• fixed url for regional endpoint calls.
• added support for current and legacy B2c authority formats.

msal4j v1.13.4 release

• regional endpoint updates
• fixed manifest
• Expose instance discovery flag to perform instance discovery.

msal4j v1.13.3 release

Update jackson-databind version to 2.13.4.2

v1.13.2

• Add IBroker interface
• Update AppTokenProvider callback logging to be consistent with Azure SDK logging
• Restructure library and add broker module
• Update version of vulnerable libraries
• Update README for broken links

v1.13.1

• Bug fixes and improvements for region API
• Allow configuration of timeouts for interactive requests
• Additional and more informative logging for regional scenarios and token requests in general

msal4j v1.13.0 release

• Provide token caching functionality for managed identity tokens
• Updates for obo-for-service-principal scenarios
• version updates for nimbusds-oauth2 library

v1.12.0

• Updates several dependencies to avoid security vulnerabilities
• Improves serialization of ID tokens and authentication results
• Various bug fixes related to authority paths, regional endpoints, and unclear logs

... (truncated)

Commits

• 54c14b2 Version updates for 1.13.8 release (#634)
• 0355683 Better redirect URI error handling and dependency upgrade (#633)
• d345e61 Merge pull request #628 from AzureAD/SJAIN/add-refresh-in-logic
• 3f653c6 Merge pull request #632 from AzureAD/sjain/update-org-json-version
• 7fc84fc updated org-json version to resolve Dependabot alert
• a965fbb Merge pull request #626 from AzureAD/add-ciam-authority
• db6fad5 update tests
• 98ef236 resolve build issues + address PR comments
• f4189d9 add refresh_in logic
• 9d4e1dd update exception message for device code flow
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #265.