Skip to content

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal #519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joshsmithxrm merged 1 commit into from
Feb 10, 2026
Merged

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal #519

joshsmithxrm merged 1 commit into from
Feb 10, 2026
+3 −2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026
edited
Loading

Updated Microsoft.Identity.Client from 4.81.0 to 4.82.1.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.82.1

Bug Fixes

  • Remove experimental flag requirement from IAuthenticationOperation #​5699
  • Add security warning to ICustomWebUi documentation #​5704

Changes

  • Adds support for implicit mTLS (Mutual TLS) transport for client assertion delegates #​5670

4.82.0

4.82.0

Highlights

This release expands extensibility for confidential-client authentication (certificates + client assertions), adds additional sovereign cloud environments, and hardens security-sensitive flows (mTLS PoP and system browser auth) with clearer validation and safer defaults.

Features

  • Certificate-based confidential client extensibility: Introduced CertificateOptions and updated WithCertificate extensibility APIs to accept it, including support for passing sendX5C configuration through the options model. (#​5655)
  • Sovereign cloud support: Added instance discovery / authority validation support for Bleu (France), Delos (Germany), and GovSG (Singapore) cloud environments. (#​5671)
  • Client assertion customization: Added WithExtraClientAssertionClaims on AcquireTokenForClientParameterBuilder to enable supplying additional signed claims in client assertions (intended for advanced scenarios and higher-level libraries). (#​5650)
  • mTLS PoP guardrails: Added validation and explicit error handling when mTLS PoP is requested for unsupported environments and/or non-login.* hosts. (#​5684)
  • System browser hardening: Added response_mode=form_post support for the default system browser (loopback) flow. MSAL will enforce form_post and process the authorization response from POST data. (#​5678)

Changes

  • Key Attestation packaging rename: Microsoft.Identity.Client.MtlsPop renamed to Microsoft.Identity.Client.KeyAttestation (assembly/package naming update). (#​5653)

Commits viewable in compare view.

Updated Microsoft.Identity.Client.Extensions.Msal from 4.81.0 to 4.82.1.

Release notes

Sourced from Microsoft.Identity.Client.Extensions.Msal's releases.

4.82.1

Bug Fixes

  • Remove experimental flag requirement from IAuthenticationOperation #​5699
  • Add security warning to ICustomWebUi documentation #​5704

Changes

  • Adds support for implicit mTLS (Mutual TLS) transport for client assertion delegates #​5670

4.82.0

4.82.0

Highlights

This release expands extensibility for confidential-client authentication (certificates + client assertions), adds additional sovereign cloud environments, and hardens security-sensitive flows (mTLS PoP and system browser auth) with clearer validation and safer defaults.

Features

  • Certificate-based confidential client extensibility: Introduced CertificateOptions and updated WithCertificate extensibility APIs to accept it, including support for passing sendX5C configuration through the options model. (#​5655)
  • Sovereign cloud support: Added instance discovery / authority validation support for Bleu (France), Delos (Germany), and GovSG (Singapore) cloud environments. (#​5671)
  • Client assertion customization: Added WithExtraClientAssertionClaims on AcquireTokenForClientParameterBuilder to enable supplying additional signed claims in client assertions (intended for advanced scenarios and higher-level libraries). (#​5650)
  • mTLS PoP guardrails: Added validation and explicit error handling when mTLS PoP is requested for unsupported environments and/or non-login.* hosts. (#​5684)
  • System browser hardening: Added response_mode=form_post support for the default system browser (loopback) flow. MSAL will enforce form_post and process the authorization response from POST data. (#​5678)

Changes

  • Key Attestation packaging rename: Microsoft.Identity.Client.MtlsPop renamed to Microsoft.Identity.Client.KeyAttestation (assembly/package naming update). (#​5653)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 9, 2026

Labels

The following labels could not be found: nuget. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 9, 2026
@dependabot dependabot bot mentioned this pull request Feb 9, 2026
Closed
@dependabot dependabot bot temporarily deployed to test-dataverse February 9, 2026 08:47 Inactive
@dependabot
deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Ex…
0dbdcf0 
…tensions.Msal

Bumps Microsoft.Identity.Client from 4.81.0 to 4.82.1
Bumps Microsoft.Identity.Client.Extensions.Msal from 4.81.0 to 4.82.1

---
updated-dependencies:
- dependency-name: Microsoft.Identity.Client
  dependency-version: 4.82.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: Microsoft.Identity.Client.Extensions.Msal
  dependency-version: 4.82.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/nuget/multi-238cdbeebc branch from 945f6b2 to 0dbdcf0 Compare February 10, 2026 00:05
@joshsmithxrm joshsmithxrm merged commit 5b05954 into main Feb 10, 2026
15 checks passed
@joshsmithxrm joshsmithxrm deleted the dependabot/nuget/multi-238cdbeebc branch February 10, 2026 01:43
@github-project-automation github-project-automation bot moved this from Todo to Done in PPDS Roadmap Feb 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

PPDS Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joshsmithxrm