← 返回首页
chore(deps-dev): bump msal from 1.36.0 to 1.37.0 by dependabot[bot] · Pull Request #1523 · microsoftgraph/msgraph-sdk-python · GitHub
Skip to content

Navigation Menu

Toggle navigation
Sign in
Appearance settings
Search or jump to...

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
Resetting focus

chore(deps-dev): bump msal from 1.36.0 to 1.37.0#1523

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/msal-1.37.0
Open

chore(deps-dev): bump msal from 1.36.0 to 1.37.0#1523
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/msal-1.37.0

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps msal from 1.36.0 to 1.37.0.

Release notes

Sourced from msal's releases.

1.37.0

Breaking Changes

  • Removed support for Python 3.8 in #910

New Features

  • Add User Federated Identity Credential (user_fic) grant type support in #918

Bug Fixes and Improvements

  • Use unsigned redirect URI for macOS broker silent flows in #907
  • Escape username parameter in #901
  • Forward MSAL client metadata headers through IMDS to ESTS in #902

Dependency Updates

  • Update pymsalruntime minimum version to 0.20.6 in #919
  • Bump cryptography dependency ceiling to <50 (N+3) in #906
Changelog

Sourced from msal's changelog.

MSAL Python — Release Guide

How to ship a new version of msal to PyPI. Everything happens in Azure DevOps (no GitHub Releases, no Git-tag-triggered automation).

Before you start — one-time prerequisites

Confirm these are set up in ADO (IdentityDivision → IDDP project) — the release will fail at runtime if any are missing:

  • Pipeline MSAL.Python-Publish (definition 3067) exists
  • Service connection MSAL-ESRP-AME exists and is authorized
  • Environment MSAL-Python-Release has a required manual approval configured under Approvals and checks
  • Key Vault MSALVault contains cert MSAL-ESRP-Release-Signing

Note on TestPyPI: The TestPyPI publish path (publishTarget = test.pypi.org (Preview / RC)) is currently a no-op — the MSAL-Test-Python-Upload service connection has not been created yet, so that stage prints a skip message and uploads nothing. Until it's wired up, use an RC version (e.g. 1.36.0rc1) on the production path for dry runs.

Release in 4 steps

1. Bump the version on dev

The package version lives in one file: https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/msal/sku.py.

__version__ = "1.36.0" # final release # or __version__ = "1.36.0rc1" # RC / dry run

Open a PR, get it merged into dev.

2. Cut the release branch

git checkout dev && git pull git checkout -b release-1.36.0 git push origin release-1.36.0

Pushing the branch does not publish anything — the pipeline is manual.

... (truncated)

Commits
  • ebb980f Update version to 1.37.0 (#922)
  • c504b41 Migrate CI/CD from GitHub Actions to ADO; remove GH Actions workflow (#895)
  • 192a82d Removed support for Python 3.8 (#910)
  • 08aa7fd Add User Federated Identity Credential (user_fic) grant type support (#918)
  • d4f58ec Add documentation for MSI v2 mTLS in Python (#904)
  • 5866feb Create design document for MSI v2 In-Memory Key Approach (#905)
  • 651d54b Update pymsalruntime minimum version to 0.20.6 (#919)
  • 895b581 Use unsigned redirect uri for mac broker flows (#907)
  • 8ea1eaa Switch FMI tests from disabled IDLABS_APP_FMI to MISE-App-FMICLIENT (#913)
  • faf5dce Bump cryptography dependency ceiling to <50 (N+3) (#906)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) from 1.36.0 to 1.37.0. - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases) - [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASE_GUIDE.md) - [Commits](AzureAD/microsoft-authentication-library-for-python@1.36.0...1.37.0) --- updated-dependencies: - dependency-name: msal dependency-version: 1.37.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2026
dependabot Bot requested a review from a team as a code owner June 3, 2026 22:27
dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2026
github-actions Bot enabled auto-merge June 3, 2026 22:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants

Footer

© 2026 GitHub, Inc.