3.1.0

dependabot · 2024-08-23T13:26:31Z

Release notes

Sourced from Microsoft.Identity.Web.UI's releases.

3.1.0

Updated to Microsoft.IdentityModel.* 8.0.2

Security improvement:

Id Web now uses CaseSensitiveClaimsIdentity by default and provides AppContextSwitches to fallback to using ClaimsIdentity. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR #2977 for details.

Bug fixes:

For SN/I scenarios, Id Web's GetTokenAcquirer now sets SendX5C in particular protocols. See issue #2887 for details.

Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR #2954 for details.

Fix regex that threw a format exception: The input string " was not in a correct format when enabling same-site cookie compatibility with userAgent: "Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue #2879 for details.

Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR #2962 for details.

Fundamentals:

Fix flakey tests: #2972, #2984, #2982,

Update to AzureKeyVault@2 in AzureDevOps, #2981.

Update to .NET 9-preview7, #2980 and #2991.

It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion): #2974, #2990

What's Changed

Add X5C to MSAuth POP by @bgavrilMS in AzureAD/microsoft-identity-web#2950

Update CSPROJ with README by @localden in AzureAD/microsoft-identity-web#2956

Fix Instance/Tenant Parsing for V2 Authority by @jackj-msft in AzureAD/microsoft-identity-web#2954

Check that regex succeeded and value is an integer. by @brentschmaltz in AzureAD/microsoft-identity-web#2958

Set upper bound on Abstractions by @westin-m in AzureAD/microsoft-identity-web#2962

Removing 2.x versions post 3.0.0-preview1 by @JoshLozensky in AzureAD/microsoft-identity-web#2967

Fix test instability by @keegan-caruso in AzureAD/microsoft-identity-web#2971

Fix AT POP tests by @keegan-caruso in AzureAD/microsoft-identity-web#2972

Update to net 9 preview 7 by @westin-m in AzureAD/microsoft-identity-web#2980

Updating AzureKeyVault task to version 2 by @JoshLozensky in AzureAD/microsoft-identity-web#2981

[test] updates for one build by @jennyf19 in AzureAD/microsoft-identity-web#2974

Disable ciam test by @keegan-caruso in AzureAD/microsoft-identity-web#2983

Ensure that SimulateOidc is built before IntegrationTests (that use it) by @jmprieur in AzureAD/microsoft-identity-web#2984

skip more CIAM E2E tests by @jennyf19 in AzureAD/microsoft-identity-web#2985

remove grpc in E2E test by @jennyf19 in AzureAD/microsoft-identity-web#2986

Jennyf/fix slice by @jennyf19 in AzureAD/microsoft-identity-web#2988

reenable other ciam test by @jennyf19 in AzureAD/microsoft-identity-web#2989

Jennyf/client sem ver by @jennyf19 in AzureAD/microsoft-identity-web#2990

Fix Id Web Build by @FuPingFranco in AzureAD/microsoft-identity-web#2991

Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors and AppContextSwitches for fallback by @pmaytak in AzureAD/microsoft-identity-web#2977

New Contributors

@localden made their first contribution in AzureAD/microsoft-identity-web#2956

@jackj-msft made their first contribution in AzureAD/microsoft-identity-web#2954

Full Changelog: AzureAD/microsoft-identity-web@3.0.1...3.1.0

Changelog

Sourced from Microsoft.Identity.Web.UI's changelog.

3.1.0

Updated to Microsoft.IdentityModel.* 8.0.2

Security improvement:

Id Web now uses CaseSensitiveClaimsIdentity by default and provides AppContextSwitches to fallback to using ClaimsIdentity. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR #2977 for details.

Bug fixes:

For SN/I scenarios, Id Web's GetTokenAcquirer now sets SendX5C in particular protocols. See issue #2887 for details.

Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR #2954 for details.

Fix regex that threw a format exception: The input string " was not in a correct format when enabling same-site cookie compatibility with userAgent: "Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue #2879 for details.

Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR #2962 for details.

Fundamentals:

Fix flakey tests: #2972, #2984, #2982,

Update to AzureKeyVault@2 in AzureDevOps, #2981.

Update to .NET 9-preview7, #2980 and #2991.

It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion): #2974, #2990

========

See rel/v2 branch changelog for changes to all 2.x.x versions after 2.18.1.

The changes listed in the rel/v2 changelog are also in the 3.x.x versions of Id Web but are not listed here.

========

Commits

63bc10e Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors and AppC...
fcd715e Fix Id Web build (#2991)
23f6d94 Jennyf/client sem ver (#2990)
287c8e6 reenable other ciam test (#2989)
7889d56 Jennyf/fix slice (#2988)
60b96dc remove grpc in E2E test (#2986)
86700d7 skip more CIAM E2E tests (#2985)
cbd131d Ensure that SimulateOidc is built before IntegrationTests (that use it) (#2984)
17f0078 Disable ciam test (#2983)
fc42cec [test] updates for one build (#2974)
Additional commits viewable in compare view

Updates Microsoft.Identity.Web from 2.15.3 to 3.1.0

Release notes

Sourced from Microsoft.Identity.Web's releases.

3.1.0

Updated to Microsoft.IdentityModel.* 8.0.2

Security improvement:

Id Web now uses CaseSensitiveClaimsIdentity by default and provides AppContextSwitches to fallback to using ClaimsIdentity. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR #2977 for details.

Bug fixes:

For SN/I scenarios, Id Web's GetTokenAcquirer now sets SendX5C in particular protocols. See issue #2887 for details.

Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR #2954 for details.

Fix regex that threw a format exception: The input string " was not in a correct format when enabling same-site cookie compatibility with userAgent: "Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue #2879 for details.

Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR #2962 for details.

Fundamentals:

Fix flakey tests: #2972, #2984, #2982,

Update to AzureKeyVault@2 in AzureDevOps, #2981.

Update to .NET 9-preview7, #2980 and #2991.

It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion): #2974, #2990

What's Changed

Add X5C to MSAuth POP by @bgavrilMS in AzureAD/microsoft-identity-web#2950

Update CSPROJ with README by @localden in AzureAD/microsoft-identity-web#2956

Fix Instance/Tenant Parsing for V2 Authority by @jackj-msft in AzureAD/microsoft-identity-web#2954

Check that regex succeeded and value is an integer. by @brentschmaltz in AzureAD/microsoft-identity-web#2958

Set upper bound on Abstractions by @westin-m in AzureAD/microsoft-identity-web#2962

Removing 2.x versions post 3.0.0-preview1 by @JoshLozensky in AzureAD/microsoft-identity-web#2967

Fix test instability by @keegan-caruso in AzureAD/microsoft-identity-web#2971

Fix AT POP tests by @keegan-caruso in AzureAD/microsoft-identity-web#2972

Update to net 9 preview 7 by @westin-m in AzureAD/microsoft-identity-web#2980

Updating AzureKeyVault task to version 2 by @JoshLozensky in AzureAD/microsoft-identity-web#2981

[test] updates for one build by @jennyf19 in AzureAD/microsoft-identity-web#2974

Disable ciam test by @keegan-caruso in AzureAD/microsoft-identity-web#2983

Ensure that SimulateOidc is built before IntegrationTests (that use it) by @jmprieur in AzureAD/microsoft-identity-web#2984

skip more CIAM E2E tests by @jennyf19 in AzureAD/microsoft-identity-web#2985

remove grpc in E2E test by @jennyf19 in AzureAD/microsoft-identity-web#2986

Jennyf/fix slice by @jennyf19 in AzureAD/microsoft-identity-web#2988

reenable other ciam test by @jennyf19 in AzureAD/microsoft-identity-web#2989

Jennyf/client sem ver by @jennyf19 in AzureAD/microsoft-identity-web#2990

Fix Id Web Build by @FuPingFranco in AzureAD/microsoft-identity-web#2991

Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors and AppContextSwitches for fallback by @pmaytak in AzureAD/microsoft-identity-web#2977

New Contributors

@localden made their first contribution in AzureAD/microsoft-identity-web#2956

@jackj-msft made their first contribution in AzureAD/microsoft-identity-web#2954

Full Changelog: AzureAD/microsoft-identity-web@3.0.1...3.1.0

3.0.1

Updated to Microsoft.IdentityModel.* 8.0.1

... (truncated)

Changelog

Sourced from Microsoft.Identity.Web's changelog.

3.1.0

Updated to Microsoft.IdentityModel.* 8.0.2

Security improvement:

Id Web now uses CaseSensitiveClaimsIdentity by default and provides AppContextSwitches to fallback to using ClaimsIdentity. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR #2977 for details.

Bug fixes:

For SN/I scenarios, Id Web's GetTokenAcquirer now sets SendX5C in particular protocols. See issue #2887 for details.

Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR #2954 for details.

Fix regex that threw a format exception: The input string " was not in a correct format when enabling same-site cookie compatibility with userAgent: "Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue #2879 for details.

Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR #2962 for details.

Fundamentals:

Fix flakey tests: #2972, #2984, #2982,

Update to AzureKeyVault@2 in AzureDevOps, #2981.

Update to .NET 9-preview7, #2980 and #2991.

It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion): #2974, #2990

========

See rel/v2 branch changelog for changes to all 2.x.x versions after 2.18.1.

The changes listed in the rel/v2 changelog are also in the 3.x.x versions of Id Web but are not listed here.

========

3.0.1

Updated to Microsoft.IdentityModel.* 8.0.1

3.0.0

CVE package updates

CVE-2024-30105

See PR #2929 for details.

Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0

See rel/v2 changelog for full list of added features to 3.0.0.

Fundamentals:

Update lab cert and lab version. See PR #2923 for details.

3.0.0-preview3

Updated to Microsoft.IdentityModel.* 8.0.0-preview3

3.0.0-preview2

... (truncated)

Commits

63bc10e Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors and AppC...
fcd715e Fix Id Web build (#2991)
23f6d94 Jennyf/client sem ver (#2990)
287c8e6 reenable other ciam test (#2989)
7889d56 Jennyf/fix slice (#2988)
60b96dc remove grpc in E2E test (#2986)
86700d7 skip more CIAM E2E tests (#2985)
cbd131d Ensure that SimulateOidc is built before IntegrationTests (that use it) (#2984)
17f0078 Disable ciam test (#2983)
fc42cec [test] updates for one build (#2974)
Additional commits viewable in compare view

Updates Microsoft.Extensions.Logging.Abstractions from 2.1.0 to 8.0.0

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

.NET 8.0.0

Release

What's Changed

[release/8.0-rc1] [release/8.0] Events for IL methods without IL headers by @github-actions in dotnet/runtime#92317

[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/runtime#92340

[release/8.0-rc1] [release/8.0] Fix wasi build. by @github-actions in dotnet/runtime#92368

[automated] Merge branch 'release/8.0-rc2' => 'release/8.0' by @dotnet-maestro-bot in dotnet/runtime#92325

[release/8.0] Update dependencies from dotnet/roslyn by @dotnet-maestro in dotnet/runtime#92303

[automated] Merge branch 'release/8.0-rc1' => 'release/8.0' by @dotnet-maestro-bot in dotnet/runtime#92374

[release/8.0] Bump version to GA by @carlossanlop in dotnet/runtime#92305

[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/runtime#92476

[automated] Merge branch 'release/8.0-rc2' => 'release/8.0' by @dotnet-maestro-bot in dotnet/runtime#92401

[release/8.0] Update dependencies from dotnet/roslyn by @dotnet-maestro in dotnet/runtime#92418

[release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/runtime#92474

[release/8.0] Update dependencies from dnceng/internal/dotnet-optimization by @dotnet-maestro in dotnet/runtime#92473

[release/8.0] Update dependencies from dotnet/roslyn by @dotnet-maestro in dotnet/runtime#92488

[automated] Merge branch 'release/8.0-rc2' => 'release/8.0' by @dotnet-maestro-bot in dotnet/runtime#92484

[release/8.0] Update dependencies from dotnet/roslyn-analyzers by @dotnet-maestro in dotnet/runtime#92499

[release/8.0] Update dependencies from dotnet/emsdk by @dotnet-maestro in dotnet/runtime#92532

[automated] Merge branch 'release/8.0-rc2' => 'release/8.0' by @dotnet-maestro-bot in dotnet/runtime#92515

[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/runtime#92641

[release/8.0] Update dependencies from dotnet/emsdk dotnet/hotreload-utils by @dotnet-maestro in dotnet/runtime#92606

[release/8.0][wasm] Fix regressed file sizes for blazor by @radical in dotnet/runtime#92627

[release/8.0] JIT: Fixed containment of STOREIND of HW intrinsics ConvertTo*/Extract* by @github-actions in dotnet/runtime#92513

[release/8.0] Define bool as Interop.BOOL to prevent upper bytes setting native bool by @github-actions in dotnet/runtime#92681

[release/8.0] Make CoreCLR/NativeAOT assembly compile with .subsections_via_symbols on Apple platforms by @github-actions in dotnet/runtime#92544

[release/8.0] Fix LLVMAOT Mono runtime variant official build to produce correctly named runtime packs by @github-actions in dotnet/runtime#92737

[release/8.0] Remove all PGO assets except for the runtime PGO archive. by @github-actions in dotnet/runtime#92735

[release/8.0] Put HasNativeCodeReJITAware into GetFunctionAddress by @github-actions in dotnet/runtime#92665

[release/8.0] Update dependencies from dotnet/cecil dotnet/emsdk by @dotnet-maestro in dotnet/runtime#92702

[release/8.0][wasm] Fix Wasm.Build.Tests failing due to an old skiasharp reference by @radical in dotnet/runtime#92747

[release/8.0] Update dependencies from dotnet/installer by @radical in dotnet/runtime#92745

[release/8.0] Bring back CopyOutputSymbolsToPublishDirectory by @github-actions in dotnet/runtime#92369

[release/8.0] Update dependencies from dotnet/installer by @radical in dotnet/runtime#92795

[release/8.0] Update dependencies from dnceng/internal/dotnet-optimization by @dotnet-maestro in dotnet/runtime#92762

[release/8.0] Update dependencies from dnceng/internal/dotnet-optimization by @dotnet-maestro in dotnet/runtime#92816

[release/8.0][wasm][debugger] Support multidimensional indexing of object scheme by @ilonatommy in dotnet/runtime#92753

[release/8.0] [browser] Remove duplicated marshaling of return value for JSExport by @github-actions in dotnet/runtime#92886

[release/8.0] [browser][nodejs] keep runtime alive for JSExport calls by @github-actions in dotnet/runtime#92890

[release/8.0] Update dependencies from dotnet/roslyn by @dotnet-maestro in dotnet/runtime#92503

[release/8.0] Make config binding gen incremental (#89587) by @layomia in dotnet/runtime#92730

[release/8.0] [wasm] Endian fix for Webcil by @github-actions in dotnet/runtime#92495

[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/runtime#92935

[release/8.0] Update dependencies from dotnet/cecil dotnet/hotreload-utils by @dotnet-maestro in dotnet/runtime#92932

[release/8.0][wasm] Use intended ports when running DevServer by @radical in dotnet/runtime#92906

[release/8.0] Fix deadlock in EventPipeEventDispatcher by @github-actions in dotnet/runtime#92912

[release/8.0] CI: runtime-wasm-perf: disable for PRs by @radical in dotnet/runtime#92977

[release/8.0] Throw when applying JsonObjectHandling.Populate to types with parameterized constructors. by @github-actions in dotnet/runtime#92947

[release/8.0] Use invariant culture in CBOR date encoding by @github-actions in dotnet/runtime#92924

... (truncated)

Commits

See full diff in compare view

Updates Microsoft.IdentityModel.JsonWebTokens from 8.0.1 to 8.0.2

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.0.2

Security fundamentals

Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors. See PR #2778 for details.

Bug fixes

IdentityModel now allows the JWT payload to be an empty string. See issue #2656 for details.

Cache UseRfcDefinitionOfEpkAndKid switch. See PR #2747 for details.

Method was named DoNotFailOnMissingTid in 7x and DontFailOnMissingTid in 8x, adding the method for back compat. See issue #2750 for details.

Metadata is now updated on a background thread. See #2780 for details.

JsonWebKeySet stores the original string it was created with. See PR #2755 for details.

Restore AOT compatibility. See #2711.

Fix OpenIdConnect parsing bug. See #2772 for details.

Remove the lock on creating a SignatureProvider. See #2788 for details.

Fundamentals

Test clean up #2742.

Use only FxCop in .NET framework targets #2693.

Add rule to add file headers automatically #2748.

Code analysis updates #2746.

Include README packages in NuGet #2752.

Update projects inside WilsonUnix solution #2768.

Code style enforced in build #2603.

CodeQL update #2767.

Update build pipeline to new one release build format #2777.

Update GitHub actions to 9.0.100-preview.7.24407.12 and add <NoWarn>$(NoWarn);SYSLIB0057</NoWarn> due to breaking changes in preview7. #2786.

Work relating to #2711

#2725, #2729, #2753, #2758, #2759, #2757, #2759, #2764, #2759, #2771, #2759, and #2779.

What's Changed

Remove old 6x tests used that are not needed anymore by @brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2742

Only use fxcop in netfw by @keegan-caruso in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2693

Allow Jwt payload to be the empty string. by @brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2745

Add rule to add file headers automatically. by @pmaytak in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2748

Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @FuPingFranco in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2725

Fix CodeQL by @pmaytak in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2746

Cache UseRfcDefinitionOfEpkAndKid switch. by @pmaytak in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2747

Decrypt token: Remove exceptions + use new ValidationParameters by @iNinja in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2729

Include README packages in NuGet by @localden in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2752

Remove internals for new work. by @brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2753

Add property named differently in 7x. by @brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2756

Remove SlimLock when updating metadata. by @brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2751

Revert "Remove SlimLock when updating metadata. (#2751)" by @keegan-caruso in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2762

Remove Delegate Checks Audience Validator and Prevents Null Setting of Delegate by @FuPingFranco in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2758

Re-factor Issuer Validator to Follow New Validation Model by @FuPingFranco in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2759

Update projects inside WilsonUnix solution by @iNinja in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2768

JsonWebKeySet stores the String it was created with by @westin-m in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2755

... (truncated)

Changelog

Sourced from Microsoft.IdentityModel.JsonWebTokens's changelog.

8.0.2

Security fundamentals

Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors. See PR #2778 for details.

Bug fixes

IdentityModel now allows the JWT payload to be an empty string. See issue #2656 for details.

Cache UseRfcDefinitionOfEpkAndKid switch. See PR #2747 for details.

Method was named DoNotFailOnMissingTid in 7x and DontFailOnMissingTid in 8x, adding the method for back compat. See issue #2750 for details.

Metadata is now updated on a background thread. See #2780 for details.

JsonWebKeySet stores the original string it was created with. See PR #2755 for details.

Restore AOT compatibility. See #2711.

Fix OpenIdConnect parsing bug. See #2772 for details.

Remove the lock on creating a SignatureProvider. See #2788 for details.

Fundamentals

Test clean up #2742.

Use only FxCop in .NET framework targets #2693.

Add rule to add file headers automatically #2748.

Code analysis updates #2746.

Include README packages in NuGet #2752.

Update projects inside WilsonUnix solution #2768.

Code style enforced in build #2603.

CodeQL update #2767.

Update build pipeline to new one release build format #2777.

Update GitHub actions to 9.0.100-preview.7.24407.12 and add <NoWarn>$(NoWarn);SYSLIB0057</NoWarn> due to breaking changes in preview7. #2786.

Work relating to #2711

#2725, #2729, #2753, #2758, #2759, #2757, #2759, #2764, #2759, #2771, #2759, and #2779.

Commits

1e23cef Remove lock when creating a SignatureProvider (#2788)
7c7d1c1 update to 9.0.100-preview.7.24407.12 (#2786)
2f4f9e6 updates for one build (#2777)
a120bde Adding benchmark for new ValidateTokenAsync model vs old (#2779)
34a421f Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors (#2778)
eb4df8f Add lock when configuration is null (#2780)
68ff8df ValidateTokenAsync: New code path (#2771)Description has been truncated

…ensions.Logging.Abstractions, Microsoft.IdentityModel.JsonWebTokens, Microsoft.IdentityModel.Logging, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions, Microsoft.IdentityModel.LoggingExtensions, System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.Protocols.OpenIdConnect, Microsoft.Extensions.Hosting and Microsoft.IdentityModel.Validators Bumps [Microsoft.Identity.Web.UI](https://github.com/AzureAD/microsoft-identity-web), [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web), [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime), [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet), [Microsoft.IdentityModel.Logging](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet), [System.Text.Encodings.Web](https://github.com/dotnet/runtime), [Microsoft.AspNetCore.DataProtection](https://github.com/dotnet/aspnetcore), [System.Security.Cryptography.Xml](https://github.com/dotnet/runtime), [Microsoft.Extensions.Caching.Memory](https://github.com/dotnet/runtime), [Microsoft.Extensions.Logging](https://github.com/dotnet/runtime), [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime), [System.Formats.Asn1](https://github.com/dotnet/runtime), [System.Security.Cryptography.Pkcs](https://github.com/dotnet/runtime), [Microsoft.Extensions.Configuration.Binder](https://github.com/dotnet/runtime), [Microsoft.Extensions.Configuration.EnvironmentVariables](https://github.com/dotnet/runtime), [Microsoft.Extensions.Configuration](https://github.com/dotnet/runtime), [Microsoft.Extensions.Configuration.Json](https://github.com/dotnet/runtime), [Microsoft.Extensions.Options.ConfigurationExtensions](https://github.com/dotnet/runtime), [Microsoft.IdentityModel.LoggingExtensions](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet), [System.IdentityModel.Tokens.Jwt](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet), [Microsoft.IdentityModel.Protocols.OpenIdConnect](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet), [Microsoft.Extensions.Hosting](https://github.com/dotnet/runtime) and [Microsoft.IdentityModel.Validators](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet). These dependencies needed to be updated together. Updates `Microsoft.Identity.Web.UI` from 3.0.1 to 3.1.0 - [Release notes](https://github.com/AzureAD/microsoft-identity-web/releases) - [Changelog](https://github.com/AzureAD/microsoft-identity-web/blob/master/changelog.md) - [Commits](AzureAD/microsoft-identity-web@3.0.1...3.1.0) Updates `Microsoft.Identity.Web` from 2.15.3 to 3.1.0 - [Release notes](https://github.com/AzureAD/microsoft-identity-web/releases) - [Changelog](https://github.com/AzureAD/microsoft-identity-web/blob/master/changelog.md) - [Commits](AzureAD/microsoft-identity-web@2.15.3...3.1.0) Updates `Microsoft.Extensions.Logging.Abstractions` from 2.1.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v8.0.0) Updates `Microsoft.IdentityModel.JsonWebTokens` from 8.0.1 to 8.0.2 - [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md) - [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.0.1...8.0.2) Updates `Microsoft.IdentityModel.Logging` from 8.0.1 to 8.0.2 - [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md) - [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.0.1...8.0.2) Updates `System.Text.Encodings.Web` from 6.0.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v6.0.0...v8.0.0) Updates `Microsoft.AspNetCore.DataProtection` from 2.1.0 to 8.0.1 - [Release notes](https://github.com/dotnet/aspnetcore/releases) - [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md) - [Commits](dotnet/aspnetcore@2.1.0...v8.0.1) Updates `System.Security.Cryptography.Xml` from 4.7.1 to 8.0.1 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v8.0.1) Updates `Microsoft.Extensions.Caching.Memory` from 2.1.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v8.0.0) Updates `Microsoft.Extensions.Logging` from 2.1.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v8.0.0) Updates `Microsoft.Extensions.DependencyInjection` from 2.1.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v8.0.0) Updates `System.Formats.Asn1` from 6.0.1 to 8.0.1 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v6.0.1...v8.0.1) Updates `System.Security.Cryptography.Pkcs` from 7.0.2 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.2...v8.0.0) Updates `Microsoft.Extensions.Configuration.Binder` from 2.2.4 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v8.0.0) Updates `Microsoft.Extensions.Configuration.EnvironmentVariables` from 2.2.4 to 6.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v6.0.0) Updates `Microsoft.Extensions.Configuration` from 3.1.24 to 6.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v6.0.0) Updates `Microsoft.Extensions.Configuration.Json` from 3.1.0 to 6.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v6.0.0) Updates `Microsoft.Extensions.Options.ConfigurationExtensions` from 2.1.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v8.0.0) Updates `Microsoft.IdentityModel.LoggingExtensions` from 8.0.1 to 8.0.2 - [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md) - [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.0.1...8.0.2) Updates `System.IdentityModel.Tokens.Jwt` from 8.0.1 to 8.0.2 - [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md) - [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.0.1...8.0.2) Updates `Microsoft.IdentityModel.Protocols.OpenIdConnect` from 8.0.1 to 8.0.2 - [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md) - [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.0.1...8.0.2) Updates `Microsoft.Extensions.Hosting` from 2.1.1 to 6.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/commits/v6.0.0) Updates `Microsoft.IdentityModel.Validators` from 8.0.1 to 8.0.2 - [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md) - [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.0.1...8.0.2) --- updated-dependencies: - dependency-name: Microsoft.Identity.Web.UI dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Microsoft.Identity.Web dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.IdentityModel.JsonWebTokens dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.IdentityModel.Logging dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: System.Text.Encodings.Web dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.AspNetCore.DataProtection dependency-type: direct:production update-type: version-update:semver-major - dependency-name: System.Security.Cryptography.Xml dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Caching.Memory dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Logging dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.DependencyInjection dependency-type: direct:production update-type: version-update:semver-major - dependency-name: System.Formats.Asn1 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: System.Security.Cryptography.Pkcs dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Configuration.Binder dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Configuration.EnvironmentVariables dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Configuration dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Configuration.Json dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.IdentityModel.LoggingExtensions dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: System.IdentityModel.Tokens.Jwt dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.IdentityModel.Protocols.OpenIdConnect dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Hosting dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.IdentityModel.Validators dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-08-23T13:26:32Z

The following labels could not be found: dependabot.

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dependabot bot commented on behalf of github Aug 23, 2024

dependabot bot commented on behalf of github Aug 23, 2024

Are you sure you want to change the base?

Conversation

dependabot bot commented on behalf of github Aug 23, 2024

3.1.0

Security improvement:

Bug fixes:

Fundamentals:

What's Changed

New Contributors

3.1.0

Security improvement:

Bug fixes:

Fundamentals:

3.1.0

Security improvement:

Bug fixes:

Fundamentals:

What's Changed

New Contributors

3.0.1

3.1.0

Security improvement:

Bug fixes:

Fundamentals:

3.0.1

3.0.0

CVE package updates

Fundamentals:

3.0.0-preview3

3.0.0-preview2

.NET 8.0.0

What's Changed

8.0.2

Security fundamentals

Bug fixes

Fundamentals

Work relating to #2711

What's Changed

8.0.2

Security fundamentals

Bug fixes

Fundamentals

Work relating to #2711

dependabot bot commented on behalf of github Aug 23, 2024