microsoft / vsts-extension-retrospectives

An Azure DevOps extension for efficient retrospectives
MIT License
183 stars 82 forks source link

Bump Microsoft.AspNetCore.Authentication.JwtBearer and System.IdentityModel.Tokens.Jwt in /src/backend.tests #941

Closed dependabot[bot] closed 1 day ago

dependabot[bot] commented 3 days ago

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps Microsoft.AspNetCore.Authentication.JwtBearer and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together. Updates Microsoft.AspNetCore.Authentication.JwtBearer from 6.0.31 to 6.0.36

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 6.0.36

Release

What's Changed

Full Changelog: https://github.com/dotnet/aspnetcore/compare/v6.0.35...v6.0.36

.NET 6.0.35

Release

.NET 6.0.33

Release

.NET 6.0.32

Release

Commits
  • 64ea410 Merged PR 43795: [internal/release/6.0] Update dependencies from dnceng/inter...
  • c2a9255 Merged PR 43792: [internal/release/6.0] Update dependencies from dnceng/inter...
  • c9a7efb Merge commit '25ef79e96f407cb1e2ab5acecd568aed0845e955'
  • 25ef79e Update dependencies from https://github.com/dotnet/arcade build 20241008.2 (#...
  • 9f07080 Merge commit 'fab2f44310817151ceecfd992bdbcf70b65750ce'
  • fab2f44 Merge pull request #58299 from vseanreesermsft/internal-merge-6.0-2024-10-08-...
  • 1384054 Update baseline, SDK
  • 6c99752 Merge commit '827b96040e62e5aa47d829bfa61c000d315d4f2e' into internal-merge-6...
  • 6353f3e Merge commit '723b0ab24e01cb1360008cc1300d9940bdd7815a'
  • 723b0ab [Backport] Http.Sys: Clean up Request parsing errors (#57812)
  • Additional commits viewable in compare view


Updates System.IdentityModel.Tokens.Jwt from 8.1.2 to 6.35.0

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

See the releases for details on bug fixes and added features.

8.2.0

Fundamentals

  • Update System.Text.Json to 8.0.5 CVE-2024-43485. See 2892.
  • Using FixedTimeEquals in NETCore targets. See 2857.
  • Updated .NET 9 to RC 2 2898.
  • Adds ability to create token without kid 2968
  • Enables code coverage in PRs 2946
  • Various test improvements:
  • #2953
  • #2955
  • #2951
  • #2952
  • #2947

Work related to redesign of IdentityModel's token validation logic #2711

  • Validates Audience for SAML2TokenHandler with New Model 2863
  • Improvements to AudienceValidation 2902
  • Added properties to ValidationResult 2923
  • Implements Audience and Lifetime validations in SamlSecurityTokenHandler 2925
  • Implements Issuer validation in SamlSecurityTokenHandler 2948
Commits
  • c94c7fc rmv preview
  • 522bc41 Merged PR 10814: Two fixes, AadIssuerValidator slash, AppContext
  • 74cc160 Merged PR 10242: Update Dev6x to fix the release build
  • 4845cf1 Merged PR 10239: Commenting out a constant which is not used
  • e06dc84 Merged PR 10213: Set MaximumDeflateSize
  • 0b2f269 Merged PR 10182: Don't resolve jku claim by default
  • c3e99cd update build config version (#2350)
  • 8ea36a8 Update CHANGELOG.md (#2348)
  • 9d9925e [Log Scrubbing] Clean up log messages in Wilson (#2339) (#2344)
  • c2fa102 Decouple JsonElements from JsonDocument.
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)