Update nuget non-major dependencies #16

renovate · 2023-03-24T07:08:27Z

This PR contains the following updates:

Package	Type	Update	Change
Azure.Identity (source)	nuget	minor	`1.4.1` -> `1.8.2`
Azure.Security.KeyVault.Secrets (source)	nuget	minor	`4.2.0` -> `4.5.0`
Microsoft.Extensions.Caching.Memory (source)	nuget	patch	`6.0.0` -> `6.0.1`
Microsoft.Extensions.Logging.Abstractions (source)	nuget	patch	`6.0.0` -> `6.0.3`
Microsoft.IdentityModel.Tokens	nuget	minor	`6.15.1` -> `6.27.0`
System.IdentityModel.Tokens.Jwt	nuget	minor	`6.15.1` -> `6.27.0`

Release Notes

Azure/azure-sdk-for-net

`v1.8.2`

1.8.2 (2023-02-08)

Bugs Fixed

Fixed error message parsing in AzurePowerShellCredential which would misinterpret AAD errors with the need to install PowerShell. #31998
Fix regional endpoint validation error when using ManagedIdentityCredential. [#32498])(https://github.com/Azure/azure-sdk-for-net/issues/32498)

`v1.8.1`

1.8.1 (2020-01-11)

Key Bug Fixes

Include Microsoft.Bcl.AsyncInterfaces dependency on .NET 5 to avoid build issues in applications targeting .NET 5.

`v1.8.0`

1.8.0 (2020-01-06)

Added

AzureSasCredential and its respective policy.

Key Bug Fixes

Avoid a causing and ignoring an exception when setting network stream timeout on .NET Core

`v1.7.0`

1.7.0 (2022-09-19)

Features Added

Added AdditionallyAllowedTenants to the following credential options to force explicit opt-in behavior for multi-tenant authentication:
- AuthorizationCodeCredentialOptions
- AzureCliCredentialOptions
- AzurePowerShellCredentialOptions
- ClientAssertionCredentialOptions
- ClientCertificateCredentialOptions
- ClientSecretCredentialOptions
- DefaultAzureCredentialOptions
- OnBehalfOfCredentialOptions
- UsernamePasswordCredentialOptions
- VisualStudioCodeCredentialOptions
- VisualStudioCredentialOptions
Added TenantId to DefaultAzureCredentialOptions to avoid having to set InteractiveBrowserTenantId, SharedTokenCacheTenantId, VisualStudioCodeTenantId, and VisualStudioTenantId individually.

Bugs Fixed

Fixed overly restrictive scope validation to allow the '_' character, for common scopes such as user_impersonation #30647

Breaking Changes

Credential types supporting multi-tenant authentication will now throw AuthenticationFailedException if the requested tenant ID doesn't match the credential's tenant ID, and is not included in the AdditionallyAllowedTenants option. Applications must now explicitly add additional tenants to the AdditionallyAllowedTenants list, or add '*' to list, to enable acquiring tokens from tenants other than the originally specified tenant ID. See BREAKING_CHANGES.md.
ManagedIdentityCredential token caching added in 1.7.0-beta.1 has been removed from this release and will be added back in 1.8.0-beta.1

`v1.6.1`

1.6.1 (2022-08-08)

Bugs Fixed

Fixed AZURE_REGIONAL_AUTHORITY_NAME support in ClientCertificateCredential #29112
Fixed regression in SharedTokenCacheCredential default behavior #28029
Fixed legacy PowerShell discovery failures #28030 (A community contribution, courtesy of nerddtvg)

Other Changes

Documentation improvements to TokenCacheRefreshArgs and EnvironmentCredential (Community contributions, courtesy of pmaytak and goenning)

Acknowledgments

Thank you to our developer community members who helped to make Azure Identity better with their contributions to this release:

`v1.6.0`

1.6.0 (2020-10-28)

Added

The HttpClientTransport(HttpMessageHandler) constructor overload.
The JsonPatchDocument type.

Fixed

The race condition in AzureEventSourceListener class that sometimes resulted in a NullReferenceException in the EventSource.
The overflow exception when content length is larger than int.MaxValue.

`v1.5.0`

1.5.0 (2022-08-24)

Bugs Fixed

Hiding the new AddAzureClientsCore overload from IntelliSense, as its usage is not intuitive.

dotnet/runtime

`v6.0.1`: .NET 6.0.1

Release

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet

`v6.27.0`

Servicing release
Set maximum depth for Newtonsoft parsing.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2024
Improve metadata failure message.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2010
Validate size of symmetric signatures.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2008
Added property TokenEndpoint to BaseConfiguration.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1998

`v6.26.1`

=========

Bug Fixes:

Releasing a Hotfix for Wilson 6.26.0 that reverts async/await changes made in #1996 to address a performance reduction issue.

Changes are in #2015
Root cause analysis and fix will be tracked in #2017

Add Instance property bag that is cleared when Clone is called.
Added comments to JsonWebTokenHandler and JwtSecurityTokenHandler to emphasize that ReadToken does not validate the token.
#1952
#1954

`v6.24.0`

Compare Source

Single feature to control if exceptions are logged for Audience and Issuer failures.
Sometimes multiple policies are used, when a subsequent policy succeeds the upper layer can decide if previous exceptions should be logged.
#1949

`v6.23.1`

Compare Source

A simple 'dot' release to fix an issue where JsonWebTokenHandler virtual CreateClaimsIdentity was not called.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/1940

`v6.23.0`

Compare Source

=========

New Features:

Microsoft.IdentityModel has two assemblies to manipulate JWT tokens:

System.IdentityModel.Tokens.Jwt, which is the legacy assembly. It defines JwtSecurityTokenHandler class to manipulate JWT tokens.
Microsoft.IdentityModel.JsonWebTokens, which defines the JsonWebToken class and JsonWebTokenHandler, more modern, and more efficient.
When using JwtSecurityTokenHandler, the short named claims (oid, tid), used to be transformed into the long named claims (with a namespace). With JsonWebTokenHandler this is no longer the case, but when you migrate your application from using JwtSecurityTokenHandler to JsonWebTokenHandler (or use a framework that does), you will only get original claims sent by the IdP. This is more efficient, and occupies less space, but might trigger a lot of changes in your application. In order to make it easier for people to migrate without changing their app too much, this PR offers extensibility to re-add the claims mapping.

Bug Fixes:

`v6.22.1`

Compare Source

=========

New Features:

Microsoft.IdentityModel has two assemblies to manipulate JWT tokens:

System.IdentityModel.Tokens.Jwt, which is the legacy assembly. It defines JwtSecurityTokenHandler class to manipulate JWT tokens.
Microsoft.IdentityModel.JsonWebTokens, which defines the JsonWebToken class and JsonWebTokenHandler, more modern, and more efficient.
When using JwtSecurityTokenHandler, the short named claims (oid, tid), used to be transformed into the long named claims (with a namespace). With JsonWebTokenHandler this is no longer the case, but when you migrate your application from using JwtSecurityTokenHandler to JsonWebTokenHandler (or use a framework that does), you will only get original claims sent by the IdP. This is more efficient, and occupies less space, but might trigger a lot of changes in your application. In order to make it easier for people to migrate without changing their app too much, this PR offers extensibility to re-add the claims mapping.

Bug Fixes:

`v6.22.0`

Compare Source

=========

New Features:

Unmasked non-PII properties in log messages -
In Microsoft.IdentityModel logs, previously only system metadata (DateTime, class name, httpmethod etc.) was displayed in clear text. For all other log arguments, the type was being logged to prevent Personally Identifiable Information (PII) from being displayed when ShowPII flag is turned OFF. To improve troubleshooting experience non-PII properties - Issuer, Audience, Key location, Key Id (kid) and some SAML constants will now be displayed in clear text. See issue #1903 for more details.

Prefix Wilson header message to the first log message -
To always log the Wilson header (Version, DateTime, PII ON/OFF message), EventLogLevel.LogAlways was mapped to LogLevel.Critical in Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter class which caused confusion on why header was being displayed as a fatal log.
To address this, header is now prefixed to the first message logged by Wilson and separated with a newline. EventLogLevel.LogAlways has been remapped to LogLevel.Trace. See issue #1907 for more details.

Bug Fixes:

Copy the IssuerSigningKeyResolverUsingConfiguration delegate in Clone() #1909

`v6.21.0`

Compare Source

Dependency Updates:

Updated Newtonsoft dependency to 13.0.2 #1902

Bug Fixes:

Add M.IM.TestExtensions to strong name by pass. #1897

Add early alerting for governance #1896

Adjust log level #1893

Fundamentals

Update newtonsoft per governance report #1890

`v6.20.0`

Compare Source

New Feature:

Microsoft.IdentityModel now provides a LoggerContext class to aid with debugging. See issue #1876 for details.

Bug Fixes:

The cty claim is now optional. See issue #1861 for details.

The signature of the token is no longer logged. See issue #1880 for details.

ValidateHash method Alg is null when token is a JWE token. See issue #1680 for details.

Fixed the issue the compaction actions are queued but potentially never got started. See issue #1871 for details.

`v6.19.0`

Compare Source

Enhancements

Introducing IdentityLoggerAdapter for Identity Libraries integrating (#1862)

`v6.18.0`

Compare Source

Enhancements

Simplify strings comparison with Ordinal option (#1775)
Set 'cty' claim in JWE header (#1588)
Added custom logger interface (#1823)
log cert thumbprint (#1820)
Introduced custom log level enum to remove dependency on System.Diagnostics.Tracing.EventLevel in IIdentityLogger (#1843)

`v6.17.0`

Compare Source

New Features

Added a new ConfigurationManager constructor with configuration validator (#1825).

`v6.16.0`

Compare Source

Enhancements

Make Microsoft.IdentityModel.Tokens visible to S2S.Tokens (#1807).
Added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (#1810).

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Update nuget non-major dependencies

accd24e

elsand approved these changes Mar 24, 2023

View reviewed changes

elsand merged commit 1f0b155 into main Mar 24, 2023

elsand deleted the renovate/manager-minor-patch branch March 24, 2023 07:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update nuget non-major dependencies #16

Update nuget non-major dependencies #16

renovate bot commented Mar 24, 2023

Update nuget non-major dependencies #16

Update nuget non-major dependencies #16

Conversation

renovate bot commented Mar 24, 2023

Release Notes

1.8.2 (2023-02-08)

Bugs Fixed

1.8.1 (2020-01-11)

Key Bug Fixes

1.8.0 (2020-01-06)

Added

Key Bug Fixes

1.7.0 (2022-09-19)

Features Added

Bugs Fixed

Breaking Changes

1.6.1 (2022-08-08)

Bugs Fixed

Other Changes

Acknowledgments

1.6.0 (2020-10-28)

Added

Fixed

1.5.0 (2022-08-24)

Bugs Fixed

v6.0.1: .NET 6.0.1

Bug Fixes:

New Features:

Bug Fixes:

New Features:

Bug Fixes:

New Features:

Bug Fixes:

Dependency Updates:

Bug Fixes:

Fundamentals

New Feature:

Bug Fixes:

Enhancements

Enhancements

New Features

Enhancements

Configuration

`v6.0.1`: .NET 6.0.1