Brightspace / D2L.Security.OAuth2

Brightspace OAuth 2.0 for C#
Apache License 2.0
7 stars 16 forks source link

Bump System.IdentityModel.Tokens.Jwt from 6.17.0 to 7.0.0 #333

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps System.IdentityModel.Tokens.Jwt from 6.17.0 to 7.0.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

7.0.0

See IdentityModel7x for the updates on this much anticipated release.

7.0.0-preview5

Bug fixes:

  • Improve log messages. See PR #2289 for details.
  • In AadIssuerValidator return a ValueTask<string> instead of a Task<string>. See Issue #2286 and PR [https://redirect.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2287] for details.
  • Deprecate int? JwtPayload.Exp, .Iat, and .Nbf. See issue #2266 for details, #92, and #1525.
  • General clean-up. See PR #2285.

7.0.0-preview4

Bug fixes:

  • Add nullables to the properties in WsFederationMessage. See issue #2240 for details.
  • Fix regression where JsonWebToken.TryGetPayloadValue() was not compatible with dictionary types. See issue #2246 for details.
  • Fix regression where dictionary claims added to SecurityTokenDescriptor.Claims are no longer correctly serialized. See issue #2245 for details.
  • Fix regression with a Y2038 bug. See issue #2261 for details.
  • Fix a regression where claims with multiple values are incorrectly serialized. See #2244 for details.

Performance improvements:

  • Remove sync-over-async pattern with JsonWebTokens.ValidateToken, which when in the hot path can lead to threadpool starvation. See issue #2253 for details.
  • Perf testing using brenchmark dotnet and crank, similar to aspnetcore, to better gauge requests per second perf impacts. See issue #2232 for details.
  • Use optimistic synchronization in JsonWebToken.Audiences. See PR for details.
  • Reduce allocations when enumerating over collections. See PR for details.

Documentation:

Fundamentals:

  • Improvements to the build script to accommodate .NET's source-build requirements. See PR for details.

7.0.0-preview3

Performance improvements:

  • Replace Newtonsoft.Json with System.Text.Json, see #2233, and as a result, ASP.NET's JwtBearer auth handler will now be fully AOT compatible.

7.0.0-preview2

Performance improvements:

  • Series of perf improvements in collaboration with ASP .NET Core DevDiv team, results in improvements from 280K Request per second (RPS) in 7.0.0-preview to 370K RPS in 7.0.0-preview2, with more improvements to come in later versions: #2195, #2194, #2193, #2192, #2190, #2188, #2184, #2181, #2180, #2178, #2175, #2172, #2171, #2170, #2169, #2168, #2167, #2166, #2164, #2162, #2161, #2160, #2159, #2158, #2221

  • First increment in replacing newtonsoft with System.Text.Json, see #2174

  • Reading and writing JsonWebKey and JsonWebKeySet types now use System.Text.Json.Utf8JsonReaders/Writers for serialization. Seee PR @​2208 for details.

  • Remove the use of Newtonsoft from OpenIdConnectConfiguration and OpenIdConnectMessage. See PR @​2214 for details.

... (truncated)

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

7.0.0

See IdentityModel7x for the updates on this much anticipated release.

7.0.0-preview5

Bug fixes:

  • Improve log messages. See PR #2289 for details.
  • In AadIssuerValidator return a ValueTask<string> instead of a Task<string>. See Issue #2286 and PR [https://redirect.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2287] for details.
  • Deprecate int? JwtPayload.Exp, .Iat, and .Nbf. See issue #2266 for details, #92, and #1525.
  • General clean-up. See PR #2285.

7.0.0-preview4

Bug fixes:

  • Add nullables to the properties in WsFederationMessage. See issue #2240 for details.
  • Fix regression where JsonWebToken.TryGetPayloadValue() was not compatible with dictionary types. See issue #2246 for details.
  • Fix regression where dictionary claims added to SecurityTokenDescriptor.Claims are no longer correctly serialized. See issue #2245 for details.
  • Fix regression with a Y2038 bug. See issue #2261 for details.
  • Fix a regression where claims with multiple values are incorrectly serialized. See #2244 for details.

Performance improvements:

  • Remove sync-over-async pattern with JsonWebTokens.ValidateToken, which when in the hot path can lead to threadpool starvation. See issue #2253 for details.
  • Perf testing using brenchmark dotnet and crank, similar to aspnetcore, to better gauge requests per second perf impacts. See issue #2232 for details.
  • Use optimistic synchronization in JsonWebToken.Audiences. See PR for details.
  • Reduce allocations when enumerating over collections. See PR for details.

Documentation:

Fundamentals:

  • Improvements to the build script to accommodate .NET's source-build requirements. See PR for details.

7.0.0-preview3

Performance improvements:

  • Replace Newtonsoft.Json with System.Text.Json, see #2233, and as a result, ASP.NET's JwtBearer auth handler will now be fully AOT compatible.

7.0.0-preview2

Performance improvements:

  • Series of perf improvements in collaboration with ASP .NET Core DevDiv team, results in improvements from 280K Request per second (RPS) in 7.0.0-preview to 370K RPS in 7.0.0-preview2, with more improvements to come in later versions: #2195, #2194, #2193, #2192, #2190, #2188, #2184, #2181, #2180, #2178, #2175, #2172, #2171, #2170, #2169, #2168, #2167, #2166, #2164, #2162, #2161, #2160, #2159, #2158, #2221

  • First increment in replacing newtonsoft with System.Text.Json, see #2174

  • Reading and writing JsonWebKey and JsonWebKeySet types now use System.Text.Json.Utf8JsonReaders/Writers for serialization. Seee PR @​2208 for details.

  • Remove the use of Newtonsoft from OpenIdConnectConfiguration and OpenIdConnectMessage. See PR @​2214 for details.

... (truncated)

Commits
  • bf4cb25 remove preview from buildConfig.xml (#2310)
  • c82b10b update to 7x for yaml (#2309)
  • 74a59f2 7.0.0 changelog (#2308)
  • 2fef5a9 add year2038 bug issues to changelog (#2306)
  • d02e451 Revert to 6x behavior where users can clear.
  • 650e55d Support 6x where JsonWebToken.GetPayloadValue<string>("aud")
  • 675a7fc reverted to skipping audiences strings that are null
  • 76aa676 Add support for IList<string>, ICollection<string>
  • f602540 Add access to shared components
  • ec3086a update benchmark tool to use dev (#2299)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #334.