Skip to content

chore(deps-dev): bump msal from 1.33.0 to 1.36.0#1457

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/msal-1.36.0
Closed

chore(deps-dev): bump msal from 1.33.0 to 1.36.0#1457
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/msal-1.36.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Bumps msal from 1.33.0 to 1.36.0.

Release notes

Sourced from msal's releases.

1.36.0

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.35.1...1.36.0

1.35.1

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.35.0...1.35.1

1.35.0

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.34.0...1.35.0

MSAL Python 1.35.0b1

Highlights

  • The managed identity code path no longer has a dependency on the socket.getfqdn(). No API change is needed. Existing MSAL-powered apps will automatically pick up this new behavior.
  • This version of MSAL Python will pick up PyMsalRuntime 0.20.*. No API change is needed. Existing MSAL-powered apps will automatically pick up this new behavior.
  • The thumbprint name-value pair in the client_credential parameter becomes optional now. See API docs for usage.

What's Changed

... (truncated)

Commits
  • 4a2cb98 Update sku.py
  • a3ba722 Fix OIDC issuer domain spoofing in B2C host validation (#896)
  • 6a92f24 Use cryptographically secure randomness for PKCE, state, and nonce generation...
  • ecf515a Added withFmi method for cca app (#876)
  • eb78068 Potential fix for code scanning alert no. 74: Workflow does not contain permi...
  • 6de712e Add documentation for Managed Identity v2 Hackathon (#885)
  • 1f71ede Add ADO CI, SDL, and release pipelines with e2e test enablement (#890)
  • e4e692c Fix the PoP flow in the console app (#887)
  • 2de45ae Instance discovery remains cloud local on known clouds (#875)
  • 09c8821 Create RELEASE_GUIDE.md (#880)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 20, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 20, 2026 05:35
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 20, 2026
@github-actions github-actions Bot enabled auto-merge April 20, 2026 05:36
@jingjingjia-ms jingjingjia-ms mentioned this pull request May 7, 2026
Merged
@dependabot
chore(deps-dev): bump msal from 1.33.0 to 1.36.0
aa9d899 
Bumps [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) from 1.33.0 to 1.36.0.
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases)
- [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASES.md)
- [Commits](AzureAD/microsoft-authentication-library-for-python@1.33.0...1.36.0)

---
updated-dependencies:
- dependency-name: msal
  dependency-version: 1.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/msal-1.36.0 branch from 005e7fa to aa9d899 Compare May 7, 2026 20:29
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 8, 2026

Looks like msal is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 8, 2026
auto-merge was automatically disabled May 8, 2026 18:09

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/pip/msal-1.36.0 branch May 8, 2026 18:09
pull Bot pushed a commit to TheTechOddBug/msgraph-sdk-python that referenced this pull request May 8, 2026
@jingjingjia-ms
chore(deps): consolidate dependabot dependency updates
0f34878 
Combines 12 open dependabot PRs into a single update:

requirements-dev.txt:
- anyio: 4.10.0 -> 4.12.1 (microsoftgraph#1458)
- attrs: 25.3.0 -> 26.1.0 (microsoftgraph#1460)
- azure-core: 1.38.0 -> 1.39.0 (microsoftgraph#1438)
- azure-identity: 1.25.1 -> 1.25.3 (microsoftgraph#1438)
- msal: 1.33.0 -> 1.36.0 (microsoftgraph#1457)
- multidict: 6.7.0 -> 6.7.1 (microsoftgraph#1452)
- PyJWT: 2.12.0 -> 2.12.1 (microsoftgraph#1459)
- tomli: 2.3.0 -> 2.4.1 (microsoftgraph#1453)
- tomlkit: 0.13.3 -> 0.14.0 (microsoftgraph#1454)
- tzdata: 2025.2 -> 2026.1 (microsoftgraph#1455)
- zipp: 3.23.0 -> 3.23.1 (microsoftgraph#1456)

GitHub Actions:
- googleapis/release-please-action: v4 -> v5 (microsoftgraph#1463)
- dependabot/fetch-metadata: v3.0.0 -> v3.1.0 (microsoftgraph#1451)

Note: msal bump to 1.36.0 resolves the dependency conflict that
caused PR microsoftgraph#1438 to fail (azure-identity 1.25.3 requires msal>=1.35.1).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants