Skip to content

chore(deps-dev): bump msal from 1.34.0 to 1.36.0#1023

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/msal-1.36.0
Closed

chore(deps-dev): bump msal from 1.34.0 to 1.36.0#1023
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/msal-1.36.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps msal from 1.34.0 to 1.36.0.

Release notes

Sourced from msal's releases.

1.36.0

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.35.1...1.36.0

1.35.1

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.35.0...1.35.1

1.35.0

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.34.0...1.35.0

MSAL Python 1.35.0b1

Highlights

  • The managed identity code path no longer has a dependency on the socket.getfqdn(). No API change is needed. Existing MSAL-powered apps will automatically pick up this new behavior.
  • This version of MSAL Python will pick up PyMsalRuntime 0.20.*. No API change is needed. Existing MSAL-powered apps will automatically pick up this new behavior.
  • The thumbprint name-value pair in the client_credential parameter becomes optional now. See API docs for usage.

What's Changed

... (truncated)

Commits
  • 4a2cb98 Update sku.py
  • a3ba722 Fix OIDC issuer domain spoofing in B2C host validation (#896)
  • 6a92f24 Use cryptographically secure randomness for PKCE, state, and nonce generation...
  • ecf515a Added withFmi method for cca app (#876)
  • eb78068 Potential fix for code scanning alert no. 74: Workflow does not contain permi...
  • 6de712e Add documentation for Managed Identity v2 Hackathon (#885)
  • 1f71ede Add ADO CI, SDL, and release pipelines with e2e test enablement (#890)
  • e4e692c Fix the PoP flow in the console app (#887)
  • 2de45ae Instance discovery remains cloud local on known clouds (#875)
  • 09c8821 Create RELEASE_GUIDE.md (#880)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 13, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 13, 2026 02:45
@github-actions github-actions Bot enabled auto-merge April 13, 2026 02:45
@dependabot dependabot Bot force-pushed the dependabot/pip/msal-1.36.0 branch 2 times, most recently from 0553833 to 6fb74e9 Compare April 17, 2026 20:34
@jingjingjia-ms jingjingjia-ms mentioned this pull request May 7, 2026
Closed
@dependabot
chore(deps-dev): bump msal from 1.34.0 to 1.36.0
74a28fe 
Bumps [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) from 1.34.0 to 1.36.0.
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases)
- [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASES.md)
- [Commits](AzureAD/microsoft-authentication-library-for-python@1.34.0...1.36.0)

---
updated-dependencies:
- dependency-name: msal
  dependency-version: 1.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/msal-1.36.0 branch from 6fb74e9 to 74a28fe Compare May 7, 2026 20:36
@ramsessanchez ramsessanchez mentioned this pull request May 19, 2026
Merged
@ramsessanchez

ramsessanchez commented May 19, 2026

Copy link
Copy Markdown
Contributor

Superseded by #1046 which consolidates all dependency updates.

auto-merge was automatically disabled May 19, 2026 08:50

Pull request was closed

@dependabot @github

dependabot Bot commented on behalf of github May 19, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/pip/msal-1.36.0 branch May 19, 2026 08:51
ramsessanchez added a commit that referenced this pull request May 20, 2026
@ramsessanchez
chore(deps): consolidate dependency updates (#1046)
21157a9 
Consolidates all open Dependabot PRs into a single update:

requirements-dev.txt:
- microsoft-kiota-* 1.9.7 -> 1.10.1
- azure-core 1.38.0 -> 1.41.0
- azure-identity 1.25.1 -> 1.25.3
- opentelemetry-api 1.38.0 -> 1.41.1
- opentelemetry-sdk 1.38.0 -> 1.41.1
- opentelemetry-semantic-conventions 0.59b0 -> 0.62b1
- msal 1.34.0 -> 1.36.0
- mypy 1.17.1 -> 1.19.1
- packaging 25.0 -> 26.2
- tomli 2.3.0 -> 2.4.1
- wrapt 2.0.1 -> 2.1.2
- certifi 2025.8.3 -> 2026.4.22
- PyJWT 2.12.0 -> 2.12.1

GitHub Actions:
- googleapis/release-please-action v4 -> v5
- dependabot/fetch-metadata v3.0.0 -> v3.1.0

Supersedes: #1020, #1021, #1023, #1024, #1025, #1026, #1027, #1029, #1032, #1034, #1037

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ramsessanchez