search

quarkiverse / quarkus-azure-services

Quarkus extensions for Azure services
Apache License 2.0
13 stars 17 forks source link

Bump msal4j from 1.13.4 to 1.13.8 #87

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps msal4j from 1.13.4 to 1.13.8.

Release notes

Sourced from msal4j's releases.

msal4j v1.13.8

  • Added support for CIAM authority
  • Added refresh_in logic for managed identity flow
  • Better exception handling in interactive flow
  • Updated vulnerable dependency versions

msal4j v1.13.7 release

Address security vulnerability - Update net.minidev:json-smart version to 2.4.10

msal4j v1.13.6 release

  • Added ExtraQueryParameters API.
  • added tests for a CIAM user.
  • updated condition to throw exception only for an invalid authority while performing instance discovery.

msal4j v1.13.5 release

  • fixed url for admin consent.
  • added 2s timeout to IMDS endpoint call.
  • fixed url for regional endpoint calls.
  • added support for current and legacy B2c authority formats.
Commits
  • 54c14b2 Version updates for 1.13.8 release (#634)
  • 0355683 Better redirect URI error handling and dependency upgrade (#633)
  • d345e61 Merge pull request #628 from AzureAD/SJAIN/add-refresh-in-logic
  • 3f653c6 Merge pull request #632 from AzureAD/sjain/update-org-json-version
  • 7fc84fc updated org-json version to resolve Dependabot alert
  • a965fbb Merge pull request #626 from AzureAD/add-ciam-authority
  • db6fad5 update tests
  • 98ef236 resolve build issues + address PR comments
  • f4189d9 add refresh_in logic
  • 9d4e1dd update exception message for device code flow
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.