search

data-altinn-no / core

3 stars 3 forks source link

chore(deps): update dotnet-azure-ad-identitymodel-extensions monorepo to v6.36.0 #65

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Microsoft.IdentityModel.Protocols.OpenIdConnect 6.30.1 -> 6.36.0 age adoption passing confidence
Microsoft.IdentityModel.Tokens 6.34.0 -> 6.36.0 age adoption passing confidence
System.IdentityModel.Tokens.Jwt 6.34.0 -> 6.36.0 age adoption passing confidence

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Protocols.OpenIdConnect) ### [`v6.36.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.36.0) # 6.36.0 ##### CVE package updates [CVE-2024-30105](https://togithub.com/advisories/GHSA-hh2w-p6rv-4g7w) ##### New feature - A derived `ClaimsIdentity` where claim retrieval is case-sensitive. The current `ClaimsIdentity`, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying `SecurityToken`. The new `CaseSensitiveClaimsIdentity` class provides consistent retrieval logic with `SecurityToken`. Opt in to the new behavior via an AppContext switch. See PR [#​2710](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2710) for details. ##### Fundamentals - Update signing info for NuGet packages. See PR [#​2696](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2696) for details. ### [`v6.35.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.35.0) [Compare Source](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/6.34.0...6.35.0) ##### Bug Fix - fix `AadIssuerValidator`'s handling of trailing forward slashes. See issue \[[#​2415](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2415)] for more details. ##### Feature - Adds an AppContext switch to control HMAC key size verification. See [#​2421](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2421) for more details. ### [`v6.34.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0) ##### Security fixes See https://aka.ms/IdentityModel/Jan2024/zip and https://aka.ms/IdentityModel/Jan2024/jku for details. ### [`v6.33.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/v6.33.0): 6.33.0 #### Bug Fixes: - Clean up log messages. See [#​2339](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2339) for details. - Decouple JsonElements from JsonDocument, which causes issues in multi-threaded environments. See [#​2340](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2340) for details. ### [`v6.32.3`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/CHANGELOG.md#6323) [Compare Source](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/6.32.2...6.32.3) \======= #### Bug fixes: - Fix logging messages. See [#​2288](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2288) for details. ### [`v6.32.2`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/CHANGELOG.md#6322) [Compare Source](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/6.32.1...6.32.2) \======= #### Bug fixes: - Underlying JsonDocument is never disposed, causing high latency in large scale services. See [#​2258](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2258) for details. ### [`v6.32.1`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/CHANGELOG.md#6321) \======= #### Bug fixes: - Fix thread safety for `JsonClaimSet` Claims and `JsonWebToken` Audiences. See [#​2185](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2185) for details. ### [`v6.32.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/CHANGELOG.md#6320) \======= #### New features: - Adding an AAD specific signing key issuer validator. See issue [#​2134](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2134) for details. - Better support for WsFederation. See [PR](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2100) for details. #### Bug fixes - Address perf regression introduced in 6.31.0. See [PR](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2131) for details. ### [`v6.31.0`](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/CHANGELOG.md#6310) [Compare Source](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/6.30.1...6.31.0) \======== This release contains work from the following PRs and commits: - Introduce ConfigurationValidationException([#​2076](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2076)) - Disarm security artifacts([#​2064](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2064)) - Throw SecurityTokenMalformedTokenException on malformed tokens([#​2080](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2080)) - Add ClaimsMapping to [JsonWebTokenHandler](https://togithub.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/8e7f07e859629a850e375518fcce2b6057380721)

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about these updates again.

This PR was generated by Mend Renovate. View the repository job log.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

warning The version of Java (11.0.14) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more here

sonarcloud[bot] commented 10 months ago

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud