Bump com.azure.spring:spring-cloud-azure-dependencies from 4.4.1 to 7.3.0

[dependabot]

Bumps com.azure.spring:spring-cloud-azure-dependencies from 4.4.1 to 7.3.0.

Release notes

Sourced from com.azure.spring:spring-cloud-azure-dependencies's releases.

Spring Cloud Azure 7.3.0

• This release is compatible with Spring Boot 4.0.0-4.0.6. (Note: 4.0.x (x>6) should be supported, but they aren't tested with this release.)
• This release is compatible with Spring Cloud 2025.1.0-2025.1.1. (Note: 2025.1.x (x>1) should be supported, but they aren't tested with this release.)

Spring Cloud Azure Dependencies (BOM)

Dependency Updates

• Upgrade azure-sdk-bom to 1.3.7.

Spring Cloud Azure Autoconfigure

This section includes changes in spring-cloud-azure-autoconfigure module.

Breaking Changes

• AAD resource server now requires spring.cloud.azure.active-directory.profile.tenant-id to be set to a specific (non-reserved) tenant ID. Empty string, common, organizations, and consumers are no longer accepted and will cause application startup to fail with an IllegalArgumentException. (#49033)
• AadAuthenticationFilter now enables explicit audience validation by default. The filter will verify that the JWT's aud (audience) claim matches either spring.cloud.azure.active-directory.credential.client-id or spring.cloud.azure.active-directory.app-id-uri. Tokens issued for other applications will be rejected with BadJWTException. This prevents cross-application token reuse and aligns with OAuth2/OIDC security best practices. (#49033)
• B2C resource server now requires spring.cloud.azure.active-directory.b2c.profile.tenant-id to be set to a specific (non-reserved) tenant ID. Empty string, common, organizations, and consumers are no longer accepted. In addition, default token validation is hardened to enforce tenant-bound tid, stricter aud validation, and B2C-only trusted issuers. (#49252)
• Event Hubs auto-configuration now identifies the root EventHubClientBuilder by bean name (springCloudAzureEventHubsClientBuilder) instead of by type. To override the auto-configured root builder (and have shared EventHubConsumerClient/EventHubProducerClient use your bean), register the bean under the name springCloudAzureEventHubsClientBuilder. A user-supplied EventHubClientBuilder bean under a different name will no longer suppress the auto-configured root builder and will not be wired into the shared clients. (#49245)

Bugs Fixed

• Fixed Event Hubs autoconfiguration where a dedicated EventHubClientBuilder registered by consumer-only or producer-only sub-level overrides (connection-string / namespace / event-hub-name) suppressed the root builder and got injected into the opposite shared section, causing the shared client to target the other section's event hub. The root builder is now registered under bean name springCloudAzureEventHubsClientBuilder with a name-based @ConditionalOnMissingBean, and the shared consumer/producer sections gate on and inject that specific bean via @Qualifier. (#49245)
• Fixed JDBC/Azure Database and Redis passwordless connection scope defaulting using the wrong azure.scopes value for Azure China and Azure US Government when spring.cloud.azure.profile.cloud-type is set to azure_china or azure_us_government. The scopes are now correctly derived from the merged cloud type. (#47096)
• Fixed Service Bus autoconfiguration for dedicated producer, consumer, and processor connection details so applications can initialize with only sub-level Service Bus namespace or connection-string settings and no top-level Service Bus connection configuration. (#49257)

Spring Cloud Azure Stream Binder Service Bus

This section includes changes in spring-cloud-azure-stream-binder-servicebus module.

Features Added

• Add support for Spring Cloud Stream consumer retry properties (maxAttempts, backOffInitialInterval, backOffMaxInterval, backOffMultiplier) to enable retry with exponential backoff for message processing failures. #47135.
• Add support for injecting a custom RetryTemplate from Spring context for advanced retry scenarios. #47135.

Spring Cloud Azure Service

This section includes changes in spring-cloud-azure-service module.

Features Added

• Support AzurePipelinesCredential in Azure Event Hubs for Kafka passwordless connection (#49108). It only takes effect when all the following 4 environment variables exist at runtime:
  • AZURESUBSCRIPTION_SERVICE_CONNECTION_ID
  • AZURESUBSCRIPTION_CLIENT_ID
  • AZURESUBSCRIPTION_TENANT_ID
  • SYSTEM_ACCESSTOKEN

... (truncated)

Commits

• 709a03f Prepare for Spring Cloud Azure 7.3.0 release (#49259)
• f5e5bdb Fix Service Bus autoconfiguration for dedicated producer/consumer/processor c...
• 33e50b4 Fix Event Hubs dedicated builder polluting shared section injection (#49254)
• 13bd94b Security: Harden B2C resource server token validation defaults (#49252)
• 0699467 Increment package versions for containerservice releases (#49253)
• 7f74565 Fix Spring sub-level event-hub-name override and EventContext checkpoint offs...
• 91a3cc7 Update dependencies (#49180)
• 4c984c1 [Automation] Generate SDK based on TypeSpec 0.45.1 (#49237)
• ddf934e Increment package versions for horizondb releases (#49231)
• 6b77fb4 transcription, increment version (#49222)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)