microsoft / vsts-extension-retrospectives

An Azure DevOps extension for efficient retrospectives
MIT License
183 stars 82 forks source link

Bump System.IdentityModel.Tokens.Jwt from 8.1.2 to 8.2.0 in /src/backend.tests #934

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps System.IdentityModel.Tokens.Jwt from 8.1.2 to 8.2.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

8.2.0

Fundamentals

  • Update System.Text.Json to 8.0.5 CVE-2024-43485. See 2892.
  • Using FixedTimeEquals in NETCore targets. See 2857.
  • Updated .NET 9 to RC 2 2898.
  • Adds ability to create token without kid 2968
  • Enables code coverage in PRs 2946
  • Various test improvements:
  • #2953
  • #2955
  • #2951
  • #2952
  • #2947

Work related to redesign of IdentityModel's token validation logic #2711

  • Validates Audience for SAML2TokenHandler with New Model 2863
  • Improvements to AudienceValidation 2902
  • Added properties to ValidationResult 2923
  • Implements Audience and Lifetime validations in SamlSecurityTokenHandler 2925
  • Implements Issuer validation in SamlSecurityTokenHandler 2948

What's Changed

... (truncated)

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

8.2.0

Fundamentals

  • Update System.Text.Json to 8.0.5 CVE-2024-43485. See 2892.
  • Using FixedTimeEquals in NETCore targets. See 2857.
  • Updated .NET 9 to RC 2 2898.
  • Adds ability to create token without kid 2968
  • Enables code coverage in PRs 2946
  • Various test improvements:
  • #2953
  • #2955
  • #2951
  • #2952
  • #2947

Work related to redesign of IdentityModel's token validation logic #2711

  • Validates Audience for SAML2TokenHandler with New Model 2863
  • Improvements to AudienceValidation 2902
  • Added properties to ValidationResult 2923
  • Implements Audience and Lifetime validations in SamlSecurityTokenHandler 2925
  • Implements Issuer validation in SamlSecurityTokenHandler 2948
Commits
  • 5471249 SAML new model validation: Signature (#2958)
  • ba49516 Add Ask Mode Change Template (#2941)
  • e43dc2d Adds changelog for 8.2.0 (#2971)
  • a1d55cb Add ability to create token without kid (#2968)
  • 671e2a2 Handle the case where the event received has no arguments as passing null to ...
  • 4b0cfc2 SAML new model validation: Issuer (#2948)
  • 0b72d1f Enable coverage report in PRs (#2946)
  • 2477877 Regression tests: JWE Decryption (#2940)
  • 38ddcdc restore CacheOverflowTestMultithreaded as it took 67 ms and is no longer larg...
  • d7d78fa restore CacheOverflowTestSequential - takes 1.5s (#2955)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 week ago

Superseded by #937.