Bump msal4j from 1.11.0 to 1.13.9 in /msal-web-sample

[dependabot[bot]]

trafficstars

Bumps msal4j from 1.11.0 to 1.13.9.

Release notes

Sourced from msal4j's releases.

msal4j v1.13.8

• Added support for CIAM authority
• Added refresh_in logic for managed identity flow
• Better exception handling in interactive flow
• Updated vulnerable dependency versions

msal4j v1.13.7 release

Address security vulnerability - Update net.minidev:json-smart version to 2.4.10

msal4j v1.13.6 release

• Added ExtraQueryParameters API.
• added tests for a CIAM user.
• updated condition to throw exception only for an invalid authority while performing instance discovery.

msal4j v1.13.5 release

• fixed url for admin consent.
• added 2s timeout to IMDS endpoint call.
• fixed url for regional endpoint calls.
• added support for current and legacy B2c authority formats.

msal4j v1.13.4 release

• regional endpoint updates
• fixed manifest
• Expose instance discovery flag to perform instance discovery.

msal4j v1.13.3 release

Update jackson-databind version to 2.13.4.2

v1.13.2

• Add IBroker interface
• Update AppTokenProvider callback logging to be consistent with Azure SDK logging
• Restructure library and add broker module
• Update version of vulnerable libraries
• Update README for broken links

v1.13.1

• Bug fixes and improvements for region API
• Allow configuration of timeouts for interactive requests
• Additional and more informative logging for regional scenarios and token requests in general

msal4j v1.13.0 release

• Provide token caching functionality for managed identity tokens
• Updates for obo-for-service-principal scenarios
• version updates for nimbusds-oauth2 library

v1.12.0

• Updates several dependencies to avoid security vulnerabilities
• Improves serialization of ID tokens and authentication results
• Various bug fixes related to authority paths, regional endpoints, and unclear logs

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)