Bump Microsoft.Identity.Web from 2.16.1 to 2.17.1 in /src

[dependabot[bot]]

Bumps Microsoft.Identity.Web from 2.16.1 to 2.17.1.

Release notes

Sourced from Microsoft.Identity.Web's releases.

2.17.1

• Updated to Microsoft.IdentityModel.* 7.4.0

New features

• DownstreamApi now automatically processes claims challenge from web APIs which are CAE enabled, provided you set "ClientCapablities" : ["cp1"] in the configuation. See issue #2550.

Bug fixes

• Fixes the use of ServiceDescriptor for containers which have keyed services present. This can be an issue on .NET 8.0. See issue #2676 for details.

Engineering excellence

• Calls to ConfidentialClientApplicationBuilderExtension.WithClientCredentials are fully async. See issue #2566 for details.

2.17.0

• Updated to Microsoft.IdentityModel.* 7.3.1 and MSAL.NET 4.59.0

New features

• Added support for Microsoft.NET.Sdk.Worker. See Worker calling APIs
• Added support for Managed identity when calling a downstream API on behalf of the app. See Calling APIs with Managed Identity and PR 2650. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)

Bug fixes

• In OWIN applications, GetTokenForUserAsync now respects the ClaimsPrincipal. See issue #2629 for details.
• After setting AddTokenAcquisition(useSingleton:true) to use token acquisition as a singleton, if you use .AddMicrosoftGraph and/or .AddDownstreamApi after this call, the GraphServiceClient and IDownstreamApis are now registered as a singleton service. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)
• Added check Against Injection Attacks. For details see PR 2619

Engineering excellence

• Added a benchmark running on PR merges, available from https://azuread.github.io/microsoft-identity-web/benchmarks on GitHub pages

Changelog

Sourced from Microsoft.Identity.Web's changelog.

2.17.1

• Updated to Microsoft.IdentityModel.* 7.4.0

New features

• DownstreamApi now automatically processes claims challenge from web APIs which are CAE enabled, provided you set "ClientCapablities" : ["cp1"] in the configuation. See issue #2550.

Bug fixes

• Fixes the use of ServiceDescriptor for containers which have keyed services present. This can be an issue on .NET 8.0. See issue #2676 for details.

Engineering excellence

• Calls to ConfidentialClientApplicationBuilderExtension.WithClientCredentials are fully async. See issue #2566 for details.

2.17.0

• Updated to Microsoft.IdentityModel.* 7.3.1 and MSAL.NET 4.59.0

New features

• Added support for Microsoft.NET.Sdk.Worker. See Worker calling APIs
• Added support for Managed identity when calling a downstream API on behalf of the app. See Calling APIs with Managed Identity and PR 2650. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)

Bug fixes

• In OWIN applications, GetTokenForUserAsync now respects the ClaimsPrincipal. See issue #2629 for details.
• After setting AddTokenAcquisition(useSingleton:true) to use token acquisition as a singleton, if you use .AddMicrosoftGraph and/or .AddDownstreamApi after this call, the GraphServiceClient and IDownstreamApis are now registered as a singleton service. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)
• Added check Against Injection Attacks. For details see PR 2619

Engineering excellence

• Added a benchmark running on PR merges, available from https://azuread.github.io/microsoft-identity-web/benchmarks on GitHub pages

Commits

• 8473045 changelog for 2.17.1 (#2682)
• 4355c93 update to identitymodel 7.4.0 (#2683)
• 407db82 IDownstreamApi handles Continuous Access Evaluation (CAE) (#2616)
• ced8591 Make ConfidentialClientApplicationBuilderExtension.WithClientCredentials asyn...
• b6cc9eb Fix ServiceDescriptor access when Keyed Services are present (#2676)
• 7ca44be Stabilize UI and Unit Tests (#2669)
• 397fce7 Changelog for IdWeb 2.17.0 (#2668)
• c2ee714 update id web to 7.3.1 (#2665)
• fc6320d update IdentityModel 7.3.0 (#2662)
• 0bf2825 trying evergreen dependabot updates (#2661)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Looks like Microsoft.Identity.Web is up-to-date now, so this is no longer needed.