Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency system.identitymodel.tokens.jwt to 7.7.1 #25

Merged
merged 1 commit into from
Jan 30, 2025
Merged

chore(deps): update dependency system.identitymodel.tokens.jwt to 7.7.1 #25

merged 1 commit into from
Jan 30, 2025

Conversation

descope[bot]
Copy link
Contributor

@descope descope bot commented May 13, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
System.IdentityModel.Tokens.Jwt nuget minor 7.5.1 -> 7.7.1 OpenSSF Scorecard

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (System.IdentityModel.Tokens.Jwt)

v7.7.1

Compare Source

7.7.1

Bug Fix
  • Re-add JsonSerializerPrimitives.TryAllStringClaimsAsDateTime which was removed as it is in an internal class, but due to InternalsVisibleTo can lead to a MissingMethodException if IdentityModel versions are not aligned. See PR #​2734 for details.

v7.7.0

7.7.0

CVE package updates

CVE-2024-30105

  • A derived ClaimsIdentity where claim retrieval is case-sensitive. The current ClaimsIdentity, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying SecurityToken. The new CaseSensitiveClaimsIdentity class provides consistent retrieval logic with SecurityToken. Opt in to the new behavior via an AppContext switch. See PR #​2715 for details.
Performance improvement

v7.6.2

Compare Source

7.6.2

Bug Fix:
  • Revert reduced allocations in AadIssuerValidator by not using string.Replace where appropriate due to an index out-of-range error.

v7.6.1

Compare Source

=====

New Features:
  • Added an Audiences member to the SecurityTokenDescriptor to make it easier to define multiple audiences in JWT and SAML tokens. Addresses issue #​1479 with PR #​2575
  • Add missing metadata parameters to OpenIdConnectConfiguration. See issue #​2498 for details.
Bug Fixes:
  • Fix over-reporting of IDX14100. See issue #​2058 and PR #​2618 for details.
  • JwtRegisteredClaimNames now contains previously missing Standard OpenIdConnect claims. See issue #​1598 for details.
Performance Improvements:
  • No longer for every string claim, calling DateTime.TryParse on each value, whether it is expected to be a DateTime or not. See issue #​2615 for details.

v7.6.0

Compare Source

=====

New Features:
  • Update JsonWebToken - extract and expose the method that reads the header/payload property values from the reader so it can be overridden in children classes to add any extra own logic. See issues #​2581, #​2583, and #​2495 for details.
Bug Fixes:
  • JWE header algorithm is now compliant to IANA document. See issue #​2089 for details.
Performance Improvements:
  • Reduce the number of internal array allocations that need to happen for each claim set, see PR #​2596.
Fundamentals:
  • Add an AOT compatibility check on each PR to ensure only AOT compatible code is checked-in. See PR #​2598.
  • Update perl scrip for OneBranch build. See PR #​2602.
  • Add langversion 12 to benchmark tests. See PR #​2601.
  • Removed unused build.cmd file. See PR #​2605.
  • Create CodeQL exclusions file. See PR #​2609.
  • Fix variable usage in AOT script. See PR #​2610.
  • Move Microsoft.IdentityModel.Tokens delegates to a new file. See PR #​2606

v7.5.2

Compare Source

=====

Bug Fixes:
Fundamentals:
  • App Context Switches in Identity Model 7x are now documented here.
Performance Improvements:
  • In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #​2589 for more details.
  • Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #​2586 for more details.
  • Remove Task allocation in AadIssuerValidator. See PR #​2584 for more details.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 9d96291 to 9cecb8e Compare May 28, 2024 03:11
@descope descope bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to v7.5.2 Update dependency System.IdentityModel.Tokens.Jwt to v7.6.0 May 28, 2024
@descope descope bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to v7.6.0 chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.0 May 29, 2024
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 2 times, most recently from 4c8ef77 to 86e4366 Compare May 29, 2024 10:58
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 86e4366 to aaf69d6 Compare June 18, 2024 02:26
@descope descope bot changed the title chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.0 chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.1 Jun 18, 2024
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from aaf69d6 to a9adc41 Compare June 20, 2024 03:21
@descope descope bot changed the title chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.1 chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.2 Jun 20, 2024
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from a9adc41 to 376af0c Compare July 10, 2024 01:30
@descope descope bot changed the title chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.2 chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.3 Jul 10, 2024
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 376af0c to 860f385 Compare July 18, 2024 22:08
@descope descope bot changed the title chore(deps): update dependency system.identitymodel.tokens.jwt to v7.6.3 chore(deps): update dependency system.identitymodel.tokens.jwt to v7.7.0 Jul 18, 2024
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 860f385 to ff9d00a Compare July 20, 2024 00:15
@descope descope bot changed the title chore(deps): update dependency system.identitymodel.tokens.jwt to v7.7.0 chore(deps): update dependency system.identitymodel.tokens.jwt to v7.7.1 Jul 20, 2024
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from ff9d00a to c994186 Compare November 23, 2024 19:45
@descope descope bot changed the title chore(deps): update dependency system.identitymodel.tokens.jwt to v7.7.1 chore(deps): update dependency system.identitymodel.tokens.jwt to 7.7.1 Nov 23, 2024
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch 2 times, most recently from 6794906 to 8f3001a Compare January 30, 2025 11:52
@descope descope bot enabled auto-merge (squash) January 30, 2025 11:52
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from 8f3001a to d48bdff Compare January 30, 2025 11:54
@descope descope bot force-pushed the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch from d48bdff to 82ce819 Compare January 30, 2025 11:58
@descope descope bot merged commit baca84a into main Jan 30, 2025
4 checks passed
@descope descope bot deleted the renovate/dotnet-azure-ad-identitymodel-extensions-monorepo branch January 30, 2025 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@descope-approve descope-approve[bot] descope-approve[bot] approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants