Skip to content

Bump Microsoft.IdentityModel.JsonWebTokens from 8.4.0 to 8.6.0 in the identity group across 1 directory #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump Microsoft.IdentityModel.JsonWebTokens from 8.4.0 to 8.6.0 in the identity group across 1 directory #117

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 24, 2025
edited
Loading

Bumps the identity group with 1 update in the / directory: Microsoft.IdentityModel.JsonWebTokens.

Updates Microsoft.IdentityModel.JsonWebTokens from 8.4.0 to 8.6.0

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.6.0

New Features

  • TokenValidationParameters has a new boolean property TryAllDecryptionKeys that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #3128
  • Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See #3140

Fundamentals

  • Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See 3143
  • Add more tests for encrypted tokens. See #3139

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.5.0...8.6.0

8.5.0

Reverting previous breaking change

  • The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that adding IDisposable is a breaking change, so we are following semver guidance and reverting and releasing a minor version (8.5.0).
  • Cherry-picked Changes: Included changes from PR #3022 and #3104.

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.4.0...8.5.0

Changelog

Sourced from Microsoft.IdentityModel.JsonWebTokens's changelog.

8.6.0

New Features

  • TokenValidationParameters has a new boolean property TryAllDecryptionKeys that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #3128
  • Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See #3140

Fundamentals

  • Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See 3143
  • Add more tests for encrypted tokens. See #3139

8.5.0

Reverting previous breaking change

  • The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that adding IDisposable is a breaking change, so we are following semver guidance and reverting and releasing a minor version (8.5.0).
  • Cherry-picked Changes: Included changes from PR #3022 and #3104.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 24, 2025
@dependabot dependabot bot mentioned this pull request Feb 24, 2025
Closed
@dependabot
Bump Microsoft.IdentityModel.JsonWebTokens
c3791d7 
Bumps the identity group with 1 update in the / directory: [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet).


Updates `Microsoft.IdentityModel.JsonWebTokens` from 8.4.0 to 8.6.0
- [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)
- [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md)
- [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.4.0...8.6.0)

---
updated-dependencies:
- dependency-name: Microsoft.IdentityModel.JsonWebTokens
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: identity
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/nuget/identity-648aa6e236 branch from 145a44b to c3791d7 Compare March 12, 2025 03:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant