Bump System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens #24

dependabot · 2024-05-20T13:44:08Z

Bumps System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens. These dependencies needed to be updated together.
Updates System.IdentityModel.Tokens.Jwt from 7.5.0 to 7.5.2

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

7.5.2

Bug Fixes:

Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/IDX10625 Wiki for details. By @kellyyangsong

Fundamentals:

App Context Switches in Identity Model 7x are now documented here. By @kellyyangsong

Performance Improvements:

In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details. By @eerhardt

Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details. By @eerhardt

Remove Task allocation in AadIssuerValidator. See PR #2584 for more details. By @eerhardt

7.5.1

Performance Improvements:

Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504. By @keegan-caruso.

Fundamentals:

Moved token lifetime validation logic to an internal static class. See PR #2547. By @kellyyangsong.

Bug Fix:

Contribution from @martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

7.5.2

Bug Fixes:

Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/IDX10625 Wiki for details.

Fundamentals:

App Context Switches in Identity Model 7x are now documented here.

Performance Improvements:

In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details.

Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details.

Remove Task allocation in AadIssuerValidator. See PR #2584 for more details.

7.5.1

Performance Improvements:

Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504.

Fundamentals:

Moved token lifetime validation logic to an internal static class. See PR #2547.

Bug Fix:

Contribution from @martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

Commits

ea42b6b Remove byte[] allocation in VerifyRsa / VerifyECDsa (#2589)
c19f599 Fixing Onebranch signing issues (#2590)
39329d8 Fix typo in log message (#2587)
0974668 Remove Task allocation from AadIssuerValidator (#2584)
4228935 Reduce Allocations in ValidateSignature (#2586)
27166da OneBranch Migration (#2571)
28e8784 update changelog (#2580)
d51c2ad Verify authentication tag length (#2569)
d353b5a Adding comment (#2570)
b352bcc Conditionally targets NET 9 (#2561)
Additional commits viewable in compare view

Updates Microsoft.IdentityModel.JsonWebTokens from 7.5.0 to 7.5.2

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

7.5.2

Bug Fixes:

Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/IDX10625 Wiki for details. By @kellyyangsong

Fundamentals:

App Context Switches in Identity Model 7x are now documented here. By @kellyyangsong

Performance Improvements:

In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details. By @eerhardt

Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details. By @eerhardt

Remove Task allocation in AadIssuerValidator. See PR #2584 for more details. By @eerhardt

7.5.1

Performance Improvements:

Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504. By @keegan-caruso.

Fundamentals:

Moved token lifetime validation logic to an internal static class. See PR #2547. By @kellyyangsong.

Bug Fix:

Contribution from @martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

Changelog

Sourced from Microsoft.IdentityModel.JsonWebTokens's changelog.

7.5.2

Bug Fixes:

Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/IDX10625 Wiki for details.

Fundamentals:

App Context Switches in Identity Model 7x are now documented here.

Performance Improvements:

In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details.

Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details.

Remove Task allocation in AadIssuerValidator. See PR #2584 for more details.

7.5.1

Performance Improvements:

Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504.

Fundamentals:

Moved token lifetime validation logic to an internal static class. See PR #2547.

Bug Fix:

Contribution from @martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

Commits

ea42b6b Remove byte[] allocation in VerifyRsa / VerifyECDsa (#2589)
c19f599 Fixing Onebranch signing issues (#2590)
39329d8 Fix typo in log message (#2587)
0974668 Remove Task allocation from AadIssuerValidator (#2584)
4228935 Reduce Allocations in ValidateSignature (#2586)
27166da OneBranch Migration (#2571)
28e8784 update changelog (#2580)
d51c2ad Verify authentication tag length (#2569)
d353b5a Adding comment (#2570)
b352bcc Conditionally targets NET 9 (#2561)
Additional commits viewable in compare view

Updates Microsoft.IdentityModel.Tokens from 7.5.0 to 7.5.2

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

7.5.2

Bug Fixes:

Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/IDX10625 Wiki for details. By @kellyyangsong

Fundamentals:

App Context Switches in Identity Model 7x are now documented here. By @kellyyangsong

Performance Improvements:

In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details. By @eerhardt

Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details. By @eerhardt

Remove Task allocation in AadIssuerValidator. See PR #2584 for more details. By @eerhardt

7.5.1

Performance Improvements:

Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504. By @keegan-caruso.

Fundamentals:

Moved token lifetime validation logic to an internal static class. See PR #2547. By @kellyyangsong.

Bug Fix:

Contribution from @martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

Changelog

Sourced from Microsoft.IdentityModel.Tokens's changelog.

7.5.2

Bug Fixes:

Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/IDX10625 Wiki for details.

Fundamentals:

App Context Switches in Identity Model 7x are now documented here.

Performance Improvements:

In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details.

Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details.

Remove Task allocation in AadIssuerValidator. See PR #2584 for more details.

7.5.1

Performance Improvements:

Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504.

Fundamentals:

Moved token lifetime validation logic to an internal static class. See PR #2547.

Bug Fix:

Contribution from @martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

Commits

ea42b6b Remove byte[] allocation in VerifyRsa / VerifyECDsa (#2589)
c19f599 Fixing Onebranch signing issues (#2590)
39329d8 Fix typo in log message (#2587)
0974668 Remove Task allocation from AadIssuerValidator (#2584)
4228935 Reduce Allocations in ValidateSignature (#2586)
27166da OneBranch Migration (#2571)
28e8784 update changelog (#2580)
d51c2ad Verify authentication tag length (#2569)
d353b5a Adding comment (#2570)
b352bcc Conditionally targets NET 9 (#2561)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions · 2024-05-20T13:45:11Z

Package	Line Rate	Branch Rate	Complexity	Health
Sample-CleanArchitecture-CQRS.Api	0%	0%	27	❌
Sample-CleanArchitecture-CQRS.Application	7%	3%	153	❌
Sample-CleanArchitecture-CQRS.Domain	43%	75%	37	✔
Sample-CleanArchitecture-CQRS.Infrastructure	3%	0%	197	❌
Sample-CleanArchitecture-CQRS.Shared	0%	0%	25	❌
Summary	5% (86 / 1791)	5% (10 / 198)	439	❌

github-actions · 2024-05-20T13:45:20Z

Test Results

15 tests ±0 15 ✅ ±0 1s ⏱️ -1s
3 suites ±0 0 💤 ±0
3 files ±0 0 ❌ ±0

Results for commit 78d5614. ± Comparison against base commit 700002a.

dependabot bot added the dependencies Pull requests that update a dependency file label May 20, 2024

dependabot bot mentioned this pull request May 20, 2024

Bump Microsoft.IdentityModel.Tokens from 7.5.0 to 7.5.1 #13

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens #24

Bump System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens #24

Uh oh!

dependabot bot commented on behalf of github May 20, 2024

Uh oh!

github-actions bot commented May 20, 2024

Uh oh!

github-actions bot commented May 20, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens #24

Are you sure you want to change the base?

Bump System.IdentityModel.Tokens.Jwt, Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens #24

Uh oh!

Conversation

dependabot bot commented on behalf of github May 20, 2024

7.5.2

Bug Fixes:

Fundamentals:

Performance Improvements:

7.5.1

Performance Improvements:

Fundamentals:

Bug Fix:

7.5.2

Bug Fixes:

Fundamentals:

Performance Improvements:

7.5.1

Performance Improvements:

Fundamentals:

Bug Fix:

7.5.2

Bug Fixes:

Fundamentals:

Performance Improvements:

7.5.1

Performance Improvements:

Fundamentals:

Bug Fix:

7.5.2

Bug Fixes:

Fundamentals:

Performance Improvements:

7.5.1

Performance Improvements:

Fundamentals:

Bug Fix:

7.5.2

Bug Fixes:

Fundamentals:

Performance Improvements:

7.5.1

Performance Improvements:

Fundamentals:

Bug Fix:

7.5.2

Bug Fixes:

Fundamentals:

Performance Improvements:

7.5.1

Performance Improvements:

Fundamentals:

Bug Fix:

Uh oh!

github-actions bot commented May 20, 2024

Uh oh!

github-actions bot commented May 20, 2024

Test Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant