Skip to content

Update dependency System.IdentityModel.Tokens.Jwt to 8.13.0 #505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update dependency System.IdentityModel.Tokens.Jwt to 8.13.0 #505

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 4, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
System.IdentityModel.Tokens.Jwt 8.2.1 -> 8.13.0 age confidence

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (System.IdentityModel.Tokens.Jwt)

v8.13.0

Compare Source

====

Fundamentals
  • CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
  • Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
  • Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

v8.12.1

Compare Source

====

Fundamentals
  • Update .NET SDK version to 9.0.107 used when building or running the code. See #​3385 for details.
  • To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
  • Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

v8.12.0

Compare Source

====

New Features

  • Enhance ConfigurationManager with event handling
    Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

  • Add expected Base64UrlEncoder.Decode overload for NET6 and 8
    Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
    For details see #​3249

Fundamentals

  • Add AI assist rules
    Incorporated AI assist rules to enhance AI agents effectiveness.
    For details see #​3255
  • Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
    Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
    For details see #​3256
  • Move suppression of RS006 to csproj
    Centralized suppression of RS006 warnings in project files for easier management.
    For details see #​3230

v8.11.0

Compare Source

=====

New Features:

  • Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
  • Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

v8.10.0

Compare Source

=====

Bug Fixes

  • Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
  • Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220 to avoid build warnings with the other target frameworks
  • Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

v8.9.0

Compare Source

=====

Bug Fixes

New Features

  • Introduced a new delegate for reading custom token payload values on JsonWebToken. See #​2981.
  • Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See #​3205.

Fundamentals

  • Utilized IList to avoid enumerator allocation during audience validation. See #​3204.

v8.8.0

Compare Source

=====

New Features

  • Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #​3193 for details.
  • Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #​3195 and https://aka.ms/identitymodel/app-context-switches for details.
  • Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #​3185 and #​3189 for details.

v8.7.0

Compare Source

=====

Bug Fixes

  • Add back internal methods IsRecoverableException and IsRecoverableExceptionType whose signatures were changed in the previous version. See #​3181.

New Features

  • Make Cnf class public and move it to Microsoft.IdentityModel.Tokens package. See #​3165.

v8.6.1

Compare Source

=====

Bug fix

  • Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue #​3148 for details.
  • Fix a bug in JsonWebTokenHandler where JwtTokenDecryptionParameters's Alg and Enc were not set during token decryption, causing IDX10611 and IDX10619 errors to show null values in the messages. See issue #​3003 for details.

Fundamentals

  • For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue #​2995 for details.

v8.6.0

Compare Source

=====

New Features

  • TokenValidationParameters has a new boolean property TryAllDecryptionKeys that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #​3128
  • Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See #​3140

Fundamentals

  • Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See 3143
  • Add more tests for encrypted tokens. See #​3139

v8.5.0

Compare Source

=====

Reverting previous breaking change

  • The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that adding IDisposable is a breaking change, so we are following semver guidance and reverting and releasing a minor version (8.5.0).
  • Cherry-picked Changes: Included changes from PR #​3022 and #​3104.

v8.4.0

Compare Source

=====

New Features

  • App context switch allows blocking or non-blocking calls for configuration. See PR #​3106 for details and issue #​3082 for details.
  • IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See #​3094 for details.
  • IdentityModel now allows specifying the HTTP protocol version and version policy. See #​2808 for details.

Repair items

  • Add request count and duration telemetry for configuration requests. See #​3022 for details.
  • KeyID should be present in exception messages and is no longer PII. See #​3104 for details.

Fundamentals

  • Fix spelling issues in xml comments. See #​3117 for details.
  • Fix comment coverage in PR builds. See #​3079 for details.
Work related to redesign of IdentityModel's token validation logic #​2711

v8.3.1

Compare Source

=====

Bug Fixes

  • Respect TVP.RequireAudience when set to false. See #​3055
  • For net4.6.2 select RSACng for PSS support. See #​3097
  • Fix package downgrade in consuming libraries. See#​3062
  • Fix integer overflow in AuthenticationEncryptionProvider.cs. See #​3063

Fundamentals

  • Removed unused property on JsonWebToken ClaimsIdentity. See #​3071 for details.
  • Upgrade to C# 13. See #​2998
  • Use new Base64Url API. See #​22817
  • Add warning quality check. See #​3067
  • Update dotnet actions. see #​3074
  • Fix warnings. See #​3081
  • Test updates in JsonWebToken. See #​3080.
Work related to redesign of IdentityModel's token validation logic #​2711

v8.3.0

Compare Source

=====

New features

Work related to redesign of IdentityModel's token validation logic #​2711

Bug fixes

Fundamentals

New Contributors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from pascalberger as a code owner December 4, 2024 19:45
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Dec 4, 2024
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 2 times, most recently from dbf03f3 to 55ae2a5 Compare December 18, 2024 10:06
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 2 times, most recently from 6e41534 to ba96025 Compare January 15, 2025 08:03
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.3.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.3.1 Jan 19, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from ba96025 to 40217ed Compare January 19, 2025 09:29
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 4 times, most recently from 79d3419 to 4e3c7ef Compare January 31, 2025 15:03
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.3.1 Update dependency System.IdentityModel.Tokens.Jwt to 8.4.0 Feb 7, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 4 times, most recently from 5045548 to 3ee351e Compare February 12, 2025 06:52
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.4.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.5.0 Feb 15, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 3ee351e to 20a3945 Compare February 15, 2025 02:33
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 20a3945 to 78b281e Compare February 22, 2025 03:04
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.5.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.6.0 Feb 22, 2025
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.6.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.6.1 Mar 7, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 2 times, most recently from 8245dc0 to c467db0 Compare March 12, 2025 14:44
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from c467db0 to 47aacbd Compare March 19, 2025 16:13
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.6.1 Update dependency System.IdentityModel.Tokens.Jwt to 8.7.0 Mar 21, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 47aacbd to 5cfc788 Compare March 21, 2025 18:12
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 5cfc788 to 04f9c03 Compare April 8, 2025 06:04
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.7.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.8.0 Apr 8, 2025
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.8.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.9.0 Apr 25, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 04f9c03 to 3a051f6 Compare April 25, 2025 02:22
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 3a051f6 to 6294312 Compare May 5, 2025 05:30
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.9.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.9.0 - autoclosed May 13, 2025
@renovate renovate bot closed this May 13, 2025
@renovate renovate bot deleted the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch May 13, 2025 14:28
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.9.0 - autoclosed Update dependency System.IdentityModel.Tokens.Jwt to 8.9.0 May 13, 2025
@renovate renovate bot reopened this May 13, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 0cf2d8e to 6294312 Compare May 13, 2025 20:28
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.9.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.10.0 May 16, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 6294312 to 937870b Compare May 16, 2025 03:35
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 937870b to 06d56bd Compare May 23, 2025 20:03
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.10.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.11.0 May 23, 2025
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.11.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.12.0 Jun 3, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 06d56bd to 0902fbe Compare June 3, 2025 21:24
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 0902fbe to 1556179 Compare June 17, 2025 23:30
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.12.0 Update dependency System.IdentityModel.Tokens.Jwt to 8.12.1 Jun 17, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 4 times, most recently from eeefb0d to 5608174 Compare July 9, 2025 19:16
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 4 times, most recently from 9db12b1 to afb756a Compare July 14, 2025 08:02
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to 8.12.1 Update dependency System.IdentityModel.Tokens.Jwt to 8.13.0 Jul 21, 2025
@renovate renovate bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from afb756a to a49f2c0 Compare July 21, 2025 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pascalberger pascalberger Awaiting requested review from pascalberger pascalberger is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants