Bump the identity-libraries group with 3 updates

[dependabot]

Bumps the identity-libraries group with 3 updates: software.amazon.msk:aws-msk-iam-auth, com.azure:azure-identity and com.google.cloud.hosted.kafka:managed-kafka-auth-login-handler.

Updates software.amazon.msk:aws-msk-iam-auth from 2.3.0 to 2.3.7

Release notes

Sourced from software.amazon.msk:aws-msk-iam-auth's releases.

2.3.7

Upgrade AWS SDK BOM to 2.44.12 to address Netty CVEs (CVE-2026-42581, CVE-2026-33870, and 9 others)

2.3.6

What's New

• Configurable Signing Region: New awsMskRegionProvider JAAS config parameter for custom region resolution when broker hostnames don't contain region info (e.g., custom DNS/Route53 endpoints)
• Route53RegionProvider: Built-in provider that resolves region via DNS TXT record lookup
• Fix: Use public SignerConstant API path

2.3.5

• Upgrade AWS SDK version to address CVE-2025-58056 and CVE-2025-58057
• Updated dependencies to address build issues. It's now recommended to build the package using Gradle 8.0+ and JDK 17+.

2.3.4

• Skip credential providers chain
• Upgrade AWS SDK version

2.3.3

• Upgrade AWS SDK version

2.3.2

• Fix unreleased file lock issue in Gradle
• Enable FIPS endpoint support

2.3.1

• Upgrade Jackson Databind version

Commits

• 8ffb503 Merge pull request #243 from aws/fix/bump-sdk-bom-netty-cve
• cee34d8 fix: Bump AWS SDK BOM to 2.44.12 to resolve Netty CVEs (v2.3.7)
• 3258f32 Merge pull request #241 from aws/release_2.3.6
• df40102 fix: use public SignerConstant API path
• 830716d Revert "Merge pull request #240 from aws/revert-238-feat/custom-region-provider"
• e5795df Merge pull request #240 from aws/revert-238-feat/custom-region-provider
• b6e3095 Revert "Feat/custom region provider"
• 1db5478 Merge pull request #238 from bdesert/feat/custom-region-provider
• b3e1cde docs update
• d11c5d0 refresh interval for region provider
• Additional commits viewable in compare view

Updates com.azure:azure-identity from 1.15.4 to 1.18.4

Release notes

Sourced from com.azure:azure-identity's releases.

com.azure+azure-identity_1.18.4

1.18.4 (2026-06-11)

Other Changes

Dependency Updates

• Upgraded azure-core from 1.58.0 to version 1.58.1.
• Upgraded azure-core-http-netty from 1.16.4 to version 1.16.5.

com.azure+azure-core-http-netty_1.16.5

1.16.5 (2026-06-08)

Other Changes

Dependency Updates

• Upgraded azure-core from 1.58.0 to 1.58.1.
• Upgraded Reactor from 3.7.17 to 3.7.18.
• Upgraded Reactor Netty from 1.2.16 to 1.2.18.
• Upgraded Netty dependencies from 4.1.132.Final to 4.1.135.Final.
• Upgraded Netty TcNative dependencies from 2.0.75.Final to 2.0.78.Final.

Commits

• 0df233b Updating SDK dependencies for azure-identity-broker
• cd57fce Updating the SDK dependencies for azure-identity
• e6db36e Reset changes to the patch version.
• 71680b8 Added auth and CFS step to partner release pipeline (#49452)
• df3114f [Automation] Generate SDK based on TypeSpec 0.45.3 (#49467)
• c995ad5 Increment package versions for cloudhealth releases (#49462)
• 4b547c9 Validate iss and aud claims on AAD/B2C OIDC login ID token decoders (#49423)
• ff8a3bf eng, remove code generation for swagger/autorest (#49438)
• 3bc83be Update helper function to print nested exception details. (#49447)
• 4f8efdd Update the skills in tools repo to match specs repo (#49444)
• Additional commits viewable in compare view

Updates com.google.cloud.hosted.kafka:managed-kafka-auth-login-handler from 1.0.5 to 1.0.6

Release notes

Sourced from com.google.cloud.hosted.kafka:managed-kafka-auth-login-handler's releases.

v1.0.6-java

What's Changed

• feat: Add segmentio/kafka-go Mechanism implementation for SASL/Plain with GCP OAuth Tokens. by @​benjamin-maynard in googleapis/managedkafka#30
• fix: Change GcpBearerAuthCredentialProvider alias by @​Dippatel98 in googleapis/managedkafka#35
• Feat: Add ErrorMessage class for Schema Registry client. by @​an2x in googleapis/managedkafka#38
• upgrade: Update version with the release of 1.0.6 by @​Dippatel98 in googleapis/managedkafka#39

New Contributors

• @​benjamin-maynard made their first contribution in googleapis/managedkafka#30
• @​an2x made their first contribution in googleapis/managedkafka#38

Full Changelog: googleapis/managedkafka@v1.0.5...v1.0.6

Commits

• 8f1dd1c upgrade: Update version with the release of 1.0.6 (#39)
• 9f549f6 Feat: Add ErrorMessage class for Schema Registry client. (#38)
• 226eae9 fix: Change GcpBearerAuthCredentalProvider alias (#35)
• 7204e3c feat: Add segmentio/kafka-go Mechanism implementation for SASL/Plain with GCP...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions