Skip to content

chore(deps-dev): bump msal from 1.36.0 to 1.37.0#1101

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/msal-1.37.0
Open

chore(deps-dev): bump msal from 1.36.0 to 1.37.0#1101
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/msal-1.37.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps msal from 1.36.0 to 1.37.0.

Release notes

Sourced from msal's releases.

1.37.0

Breaking Changes

  • Removed support for Python 3.8 in #910

New Features

  • Add User Federated Identity Credential (user_fic) grant type support in #918

Bug Fixes and Improvements

  • Use unsigned redirect URI for macOS broker silent flows in #907
  • Escape username parameter in #901
  • Forward MSAL client metadata headers through IMDS to ESTS in #902

Dependency Updates

  • Update pymsalruntime minimum version to 0.20.6 in #919
  • Bump cryptography dependency ceiling to <50 (N+3) in #906
Changelog

Sourced from msal's changelog.

MSAL Python — Release Guide

How to ship a new version of msal to PyPI. Everything happens in Azure DevOps (no GitHub Releases, no Git-tag-triggered automation).


Before you start — one-time prerequisites

Confirm these are set up in ADO (IdentityDivisionIDDP project) — the release will fail at runtime if any are missing:

  • Pipeline MSAL.Python-Publish (definition 3067) exists
  • Service connection MSAL-ESRP-AME exists and is authorized
  • Environment MSAL-Python-Release has a required manual approval configured under Approvals and checks
  • Key Vault MSALVault contains cert MSAL-ESRP-Release-Signing

Note on TestPyPI: The TestPyPI publish path (publishTarget = test.pypi.org (Preview / RC)) is currently a no-op — the MSAL-Test-Python-Upload service connection has not been created yet, so that stage prints a skip message and uploads nothing. Until it's wired up, use an RC version (e.g. 1.36.0rc1) on the production path for dry runs.


Release in 4 steps

1. Bump the version on dev

The package version lives in one file: https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/msal/sku.py.

__version__ = "1.36.0"     # final release
# or
__version__ = "1.36.0rc1"  # RC / dry run

Open a PR, get it merged into dev.

2. Cut the release branch

git checkout dev && git pull
git checkout -b release-1.36.0
git push origin release-1.36.0

Pushing the branch does not publish anything — the pipeline is manual.

... (truncated)

Commits
  • ebb980f Update version to 1.37.0 (#922)
  • c504b41 Migrate CI/CD from GitHub Actions to ADO; remove GH Actions workflow (#895)
  • 192a82d Removed support for Python 3.8 (#910)
  • 08aa7fd Add User Federated Identity Credential (user_fic) grant type support (#918)
  • d4f58ec Add documentation for MSI v2 mTLS in Python (#904)
  • 5866feb Create design document for MSI v2 In-Memory Key Approach (#905)
  • 651d54b Update pymsalruntime minimum version to 0.20.6 (#919)
  • 895b581 Use unsigned redirect uri for mac broker flows (#907)
  • 8ea1eaa Switch FMI tests from disabled IDLABS_APP_FMI to MISE-App-FMICLIENT (#913)
  • faf5dce Bump cryptography dependency ceiling to <50 (N+3) (#906)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies python Pull requests that update Python code labels Jun 30, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 30, 2026 04:23
@dependabot dependabot Bot added dependencies python Pull requests that update Python code labels Jun 30, 2026
@github-actions github-actions Bot enabled auto-merge June 30, 2026 04:23
Bumps [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) from 1.36.0 to 1.37.0.
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases)
- [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/RELEASE_GUIDE.md)
- [Commits](AzureAD/microsoft-authentication-library-for-python@1.36.0...1.37.0)

---
updated-dependencies:
- dependency-name: msal
  dependency-version: 1.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/msal-1.37.0 branch from d0ac605 to e41afda Compare July 6, 2026 21:38
@sonarqubecloud

sonarqubecloud Bot commented Jul 6, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants