Bump System.IdentityModel.Tokens.Jwt from 6.5.1 to 6.7.0 in /src/server/MUDhub.Core

[dependabot-preview[bot]]

Bumps System.IdentityModel.Tokens.Jwt from 6.5.1 to 6.7.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

6.7.0

Features

• SignedHttpRequest adjusted logic to control optional validation of claims.
• Added Microsoft.CodeAnaylsis.FxCopAnalyzers to validate code
• Added API SecurityKey.IsSupportedAlgorithm to check if a SecurityKey / Algorithm is supported.

Bug Fixes

• SamlSerializer fails to validate token using XmlReader created from XDocument.
• Null reference possible in logging using IDX13300 and IDX13107.
• When creating TokenValidationResult if setting an exception ensure IsValid is set to false.
• Use CultureInvariant when parsing double values.

Pull Requests click here.

Bug fixes click here.

6.6.0

Features

• OpenIdConnectConfiguration supports TokenIntrospectionEndpoint information with first class properties (#1411).
• TokenValidationParameters has user controlled validation of Algorithms and TokenType (#1413, #1385).
  • AlgorithmValidator - delegate allows users to check algorithm at runtime.
  • ValidAlgorithms - a list of algorithms that are allowed, if set will be honored.
  • TypeValidator - delegate allows users to check token type at runtime.
  • ValidTypes - a list of token types that are allowed, if set will be honored.
• Saml tokens will use SecurityTokenDescriptor.Claims when creating tokens (#1417).
• User can control if all possible keys should be tried to validate token (#1399.

Bug Fixes

• All supported asymmetric algorithms are checked for key size (delegates are now called before checking if validation should occur) (#1236).
• Null reference possible in logging (#1406)
• JwtSecuritytokenHandler does not set token on failure (#1290)
• Exceptions serialize data (#1300)

Click here for a full list of issues that were fixed in this release.

Commits

• aab47fa Set TokenValidationResult.IsValid to false if Exception is thrown.
• 3744a01 fixed spelling, extra line
• 7eb317e Issues: 453, 1419
• 8433d58 uses CultureInfo.InvariantCulture to stringify claim values
• 5560e2f Allow validation of signed http requests claims if present (#1415)
• de89a30 target lts version for test runtime (#1470)
• 0567929 Fix usage of IDX13300 and IDX13107 (#1458)
• 63f2585 Add analyzers to Tokens assembly (#1454)
• 374b097 Add analyzers to Tokens.Saml (#1456)
• aace545 Add analyzers to Xml (#1462)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[codecov[bot]]

Codecov Report

Merging #171 into develop will not change coverage. The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop     #171   +/-   ##
========================================
  Coverage    79.32%   79.32%           
========================================
  Files           64       64           
  Lines         3154     3154           
  Branches       325      325           
========================================
  Hits          2502     2502           
  Misses         503      503           
  Partials       149      149