Altinn / altinn-accesstoken

Client and server libraries for simple authorization of API calls
BSD 3-Clause "New" or "Revised" License
0 stars 1 forks source link

chore(deps): update dependency microsoft.identitymodel.protocols.openidconnect to v7.7.1 #103

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 3 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Microsoft.IdentityModel.Protocols.OpenIdConnect 7.6.3 -> 7.7.1 age adoption passing confidence

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Protocols.OpenIdConnect) ### [`v7.7.1`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.7.1) [Compare Source](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/7.7.0...7.7.1) # 7.7.1 ##### Bug Fix - Re-add `JsonSerializerPrimitives.TryAllStringClaimsAsDateTime` which was removed as it is in an internal class, but due to `InternalsVisibleTo` can lead to a `MissingMethodException` if IdentityModel versions are not aligned. See PR [#​2734](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2734) for details. ### [`v7.7.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.7.0) # 7.7.0 ##### CVE package updates [CVE-2024-30105](https://togithub.com/advisories/GHSA-hh2w-p6rv-4g7w) - A derived `ClaimsIdentity` where claim retrieval is case-sensitive. The current `ClaimsIdentity`, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying `SecurityToken`. The new `CaseSensitiveClaimsIdentity` class provides consistent retrieval logic with `SecurityToken`. Opt in to the new behavior via an AppContext switch. See PR [#​2715](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2715) for details.

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud