From 518dd1fd7fc9d7a62b5d8f4bb449fd95312b4501 Mon Sep 17 00:00:00 2001 From: Thomas Norling Date: Wed, 15 Jan 2025 09:16:32 -0800 Subject: [PATCH 1/5] Update changelog for v4 --- lib/msal-browser/CHANGELOG.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/msal-browser/CHANGELOG.md b/lib/msal-browser/CHANGELOG.md index 8971c09d9b..1cb69e99eb 100644 --- a/lib/msal-browser/CHANGELOG.md +++ b/lib/msal-browser/CHANGELOG.md @@ -8,14 +8,13 @@ Wed, 15 Jan 2025 05:05:17 GMT -### Patches +### Breaking Changes - Rename `native` to `platformBroker` in public API and docs (sameera.gajjarapu@microsoft.com) - Encrypt localStorage to reduce persistence to browser session lifetime (thomas.norling@microsoft.com) -- Bump @azure/msal-common to v15.0.1 -- Bump eslint-config-msal to v0.0.0 -- Bump msal-test-utils to v0.0.1 -- Bump rollup-msal to v0.0.0 +- Bump @azure/msal-common to v15.0.1 (beachball) + +Please see the [migration guide](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/v3-migration.md) for more details. ## 3.28.1 From 7f979b16e3cac299c9bcfad1f8fcc1e94d5b9ead Mon Sep 17 00:00:00 2001 From: Thomas Norling Date: Wed, 15 Jan 2025 09:17:48 -0800 Subject: [PATCH 2/5] Update CHANGELOG.md --- lib/msal-angular/CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/msal-angular/CHANGELOG.md b/lib/msal-angular/CHANGELOG.md index 19030faabd..7b16aa9742 100644 --- a/lib/msal-angular/CHANGELOG.md +++ b/lib/msal-angular/CHANGELOG.md @@ -8,11 +8,11 @@ Wed, 15 Jan 2025 05:05:16 GMT -### Patches +### Breaking Changes - Update msal-browser peer dependency to include v4 (thomas.norling@microsoft.com) -- Bump @azure/msal-browser to v4.0.1 -- Bump eslint-config-msal to v0.0.0 + +Please see the msal-browser [migration guide](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/v3-migration.md) for more details on what's changed in v4. ## 3.1.0 From 90842be709ea089b3185644426107f4f21f6bc4b Mon Sep 17 00:00:00 2001 From: Thomas Norling Date: Wed, 15 Jan 2025 09:18:16 -0800 Subject: [PATCH 3/5] Update CHANGELOG.md --- lib/msal-react/CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/msal-react/CHANGELOG.md b/lib/msal-react/CHANGELOG.md index d68a198f84..8b351f884c 100644 --- a/lib/msal-react/CHANGELOG.md +++ b/lib/msal-react/CHANGELOG.md @@ -8,12 +8,13 @@ Wed, 15 Jan 2025 05:05:17 GMT -### Patches +### Breaking Changes - Update msal-browser peer dependency to include v4 (thomas.norling@microsoft.com) - Rename `native` to `platformBroker` in public API and docs (sameera.gajjarapu@microsoft.com) - Bump @azure/msal-browser to v4.0.1 -- Bump eslint-config-msal to v0.0.0 + +- Please see the msal-browser [migration guide](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/v3-migration.md) for more details on what's changed in v4. ## 2.2.0 From 188aa8ffcfb30c20e421bfb62d73d9ff2bc30a95 Mon Sep 17 00:00:00 2001 From: Thomas Norling Date: Wed, 15 Jan 2025 09:19:13 -0800 Subject: [PATCH 4/5] Update CHANGELOG.md --- lib/msal-node/CHANGELOG.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/msal-node/CHANGELOG.md b/lib/msal-node/CHANGELOG.md index 18629b53e1..3876f9c9eb 100644 --- a/lib/msal-node/CHANGELOG.md +++ b/lib/msal-node/CHANGELOG.md @@ -8,12 +8,11 @@ Wed, 15 Jan 2025 05:05:17 GMT -### Patches +### Breaking Changes -- Asynchronous cache writes (thomas.norling@microsoft.com) -- Bump @azure/msal-common to v15.0.1 -- Bump eslint-config-msal to v0.0.0 -- Bump rollup-msal to v0.0.0 +- NodeStorage is no longer exported + +Please see the [migration guide](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/v2-migration.md) for more details. ## 2.16.2 From 41609220657dfb301a5cce15261539639264c496 Mon Sep 17 00:00:00 2001 From: Thomas Norling Date: Wed, 15 Jan 2025 10:17:22 -0800 Subject: [PATCH 5/5] Update v3-migration.md --- lib/msal-browser/docs/v3-migration.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/msal-browser/docs/v3-migration.md b/lib/msal-browser/docs/v3-migration.md index 674f204105..aace64228e 100644 --- a/lib/msal-browser/docs/v3-migration.md +++ b/lib/msal-browser/docs/v3-migration.md @@ -66,4 +66,5 @@ Starting in v4, if you are using the `localStorage` cache location, auth artifac This cookie will be automatically removed when the browser instance (not tab) is closed, thus making it impossible to decrypt any auth artifacts after the session has ended. These expired auth artifacts will be removed the next time MSAL is initialized and the user may need to reauthenticate. The `localStorage` location still provides cross-tab cache persistence but will no longer persist across browser sessions. -> [!Important] The purpose of this encryption is to reduce the persistence of auth artifacts, **not** to provide additional security. If a bad actor gains access to browser storage they would also have access to the key or have the ability to request tokens on your behalf without the need for cache at all. It is your responsibility to ensure your application is not vulnerable to XSS attacks [see below](#security) \ No newline at end of file +> [!Important] +> The purpose of this encryption is to reduce the persistence of auth artifacts, **not** to provide additional security. If a bad actor gains access to browser storage they would also have access to the key or have the ability to request tokens on your behalf without the need for cache at all. It is your responsibility to ensure your application is not vulnerable to XSS attacks [see below](#security)