search

microsoft / vsts-extension-retrospectives

An Azure DevOps extension for efficient retrospectives
MIT License
183 stars 82 forks source link

Bump Microsoft.AspNetCore.Authentication.JwtBearer and System.IdentityModel.Tokens.Jwt in /src/backend #938

Closed dependabot[bot] closed 3 days ago

dependabot[bot] commented 1 week ago

Bumps Microsoft.AspNetCore.Authentication.JwtBearer and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together. Updates Microsoft.AspNetCore.Authentication.JwtBearer from 6.0.31 to 6.0.35

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 6.0.35

Release

.NET 6.0.33

Release

.NET 6.0.32

Release

Commits


Updates System.IdentityModel.Tokens.Jwt from 8.1.2 to 6.35.0

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

See the releases for details on bug fixes and added features.

8.2.0

Fundamentals

  • Update System.Text.Json to 8.0.5 CVE-2024-43485. See 2892.
  • Using FixedTimeEquals in NETCore targets. See 2857.
  • Updated .NET 9 to RC 2 2898.
  • Adds ability to create token without kid 2968
  • Enables code coverage in PRs 2946
  • Various test improvements:
  • #2953
  • #2955
  • #2951
  • #2952
  • #2947

Work related to redesign of IdentityModel's token validation logic #2711

  • Validates Audience for SAML2TokenHandler with New Model 2863
  • Improvements to AudienceValidation 2902
  • Added properties to ValidationResult 2923
  • Implements Audience and Lifetime validations in SamlSecurityTokenHandler 2925
  • Implements Issuer validation in SamlSecurityTokenHandler 2948
Commits
  • c94c7fc rmv preview
  • 522bc41 Merged PR 10814: Two fixes, AadIssuerValidator slash, AppContext
  • 74cc160 Merged PR 10242: Update Dev6x to fix the release build
  • 4845cf1 Merged PR 10239: Commenting out a constant which is not used
  • e06dc84 Merged PR 10213: Set MaximumDeflateSize
  • 0b2f269 Merged PR 10182: Don't resolve jku claim by default
  • c3e99cd update build config version (#2350)
  • 8ea36a8 Update CHANGELOG.md (#2348)
  • 9d9925e [Log Scrubbing] Clean up log messages in Wilson (#2339) (#2344)
  • c2fa102 Decouple JsonElements from JsonDocument.
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 days ago

Superseded by #939.