Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency System.IdentityModel.Tokens.Jwt to v7 - autoclosed #4

Closed
wants to merge 1 commit into from
Closed

Update dependency System.IdentityModel.Tokens.Jwt to v7 - autoclosed #4

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 26, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
System.IdentityModel.Tokens.Jwt 6.31.0 -> 7.6.0 age adoption passing confidence

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (System.IdentityModel.Tokens.Jwt)

v7.6.0

Compare Source

=====

New Features:
  • Update JsonWebToken - extract and expose the method that reads the header/payload property values from the reader so it can be overridden in children classes to add any extra own logic. See issues #​2581, #​2583, and #​2495 for details.
Bug Fixes:
  • JWE header algorithm is now compliant to IANA document. See issue #​2089 for details.
Performance Improvements:
  • Reduce the number of internal array allocations that need to happen for each claim set, see PR #​2596.
Fundamentals:
  • Add an AOT compatibility check on each PR to ensure only AOT compatible code is checked-in. See PR #​2598.
  • Update perl scrip for OneBranch build. See PR #​2602.
  • Add langversion 12 to benchmark tests. See PR #​2601.
  • Removed unused build.cmd file. See PR #​2605.
  • Create CodeQL exclusions file. See PR #​2609.
  • Fix variable usage in AOT script. See PR #​2610.
  • Move Microsoft.IdentityModel.Tokens delegates to a new file. See PR #​2606

v7.5.2

Compare Source

=====

Bug Fixes:
Fundamentals:
  • App Context Switches in Identity Model 7x are now documented here.
Performance Improvements:
  • In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #​2589 for more details.
  • Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #​2586 for more details.
  • Remove Task allocation in AadIssuerValidator. See PR #​2584 for more details.

v7.5.1

Compare Source

=====

Performance Improvements:
  • Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #​2504.
Fundamentals:
Bug Fix:
  • Contribution from @​martinb69 to fix correct parsing of UserInfoEndpoint. See issue #​2548 for details.

v7.5.0

=====

New features
  • Supports the 1.1 version of the Microsoft Entra ID Endpoint #​2503

v7.4.1

======

Bug Fixes:
  • SamlSecurityTokenHandler and Saml2SecurityTokenHandler now can fetch configuration when validating SAML issuer and signature. See PR #​2412
  • JsonWebToken.ReadToken now correctly checks Dot3 index in JWE. See PR #​2501
Engineering Excellence:
  • Remove reference to Microsoft.IdentityModel.Logging in Microsoft.IdentityModel.Protocols, which already depends on it via Microsoft.IdentityModel.Tokens. See PR #​2508
  • Adjust uppercase json serialization tests to fix an unreliable test method, add consistency to naming. See PR #​2512
  • Disable the 'restore' and 'build' steps of 'build and pack' in build.sh, improving speed. See PR #​2521

v7.4.0

======

New Features:
  • Introduced an injection point for external metadata management and adjusted the issuer Last Known Good (LKG) to maintain the state within the issuer validator. See PR #​2480.
  • Made an internal virtual method public, enabling users to provide signature providers. See PR #​2497.
Performance Improvements:
  • Added a new JsonWebToken constructor that accepts Memory for improved performance, along with enhancements to existing constructors. More information can be found in issue #​2487 and in PR #​2458.
Fundamentals:
  • Resolved the issue of duplicated log messages in the source code and made IDX10506 log message more specific. For more details, refer to PR #​2481.
  • Enhanced Json serialization by ensuring the complete object is always read. This improvement can be found in PR #​2491.
Engineering Excellence:
  • Streamlined the build and release process by replacing the dependency on updateAssemblyInfo.ps1 with the Version property. Check out the details in PR #​2494.
  • Excluded the packing of Benchmark and TestApp projects for a more efficient process. Details available in PR #​2496.

v7.3.1

Compare Source

======

Bug Fixes:
  • Replace propertyName with MetadataName constant. See issue #​2471 for details.
  • Fix 6x to 7x regression where mixed cases OIDC json was not correctly process. See #​2404 and #​2402 for details.
Performance Improvements:
  • Update the benchmark configuration. See issue #​2468.
Documentation:
  • Update comment for azp in JsonWebToken. See #​2475 for details.
  • Link to breaking change announcement. See [#​2478].
  • Fix typo in log message. See [#​2479].

v7.3.0

Compare Source

======

New Features:

Addition of the ClientCertificates property to the HttpRequestData class enables exposure of certificate collection involved in authenticating the client against the server and unlock support of new scenarios within the SDK. See PR #​2462 for details.

Bug Fixes:

Fixed bug where x5c property is empty in JwtHeader after reading a JWT containing x5c in its header, issue #​2447, see PR #​2460 for details.
Fixed bug where JwtPayload.Claim.Value was not culture invariant #​2409. Fixed by PRs #​2453 and #​2461.
Fixed bug where Guid values in JwtPayload caused an exception, issue #​2439. Fixed by PR #​2440.

Performance Improvements:

Remove linq from BaseConfigurationComparer, improvement #​2464, for additional details see PR #​2465.

Engineering Excellence:

New benchmark tests for AsymmetricAdapter signatures. For details see PR #​2449.

v7.2.0

Compare Source

======

Performance Improvements:

Reduce allocations and transformations when creating a token #​2395.
Update Esrp Code Signing version to speed up release build #​2429.

Engineering Excellence:

Improve benchmark consistency #​2428.
Adding P50, P90 and P100 percentiles to benchmarks #​2411.
Decouple benchmark tests from test projects #​2413.
Include pack step in PR builds #​2442.

Fundamentals:

Improve logging in Wilson for failed token validation when key not found #​2436.
Remove conditional Net8.0 compilation #​2424.

v7.1.2

Compare Source

======

Security fixes:

See https://aka.ms/IdentityModel/Jan2024/zip and https://aka.ms/IdentityModel/Jan2024/jku for details.

v7.0.3

Compare Source

======

Bug Fixes:
  • Fix errors like the following reported by multiple customers at dotnet/aspnetcore#51005 when they tried to upgrade their app using AddMicrosoftIdentityWebApp to .NET 8. See PR for details.
  • Fix compatibility issue with 6x when claims are a bool. See issue #​2354 for details.

v7.0.2

Compare Source

======

Bug Fixes:
  • Resolved an issue where JsonWebToken properties would throw exceptions when the input string was 'null'. See PR#​2335 for details.

v7.0.1

Compare Source

======

Bug Fixes:
  • GetPayloadClaim("aud") returns a string when a single audience is specified, aligning with the behavior in 6.x. See PR#​2331 for details.

v7.0.0

Compare Source

======
See IdentityModel7x for the updates on this much anticipated release.

v6.35.0

Compare Source

Bug Fix
  • fix AadIssuerValidator's handling of trailing forward slashes. See issue [#​2415] for more details.
Feature
  • Adds an AppContext switch to control HMAC key size verification. See #​2421 for more details.

v6.34.0

Security fixes

See https://aka.ms/IdentityModel/Jan2024/zip and https://aka.ms/IdentityModel/Jan2024/jku for details.

v6.33.0: 6.33.0

Bug Fixes:

  • Clean up log messages. See #​2339 for details.
  • Decouple JsonElements from JsonDocument, which causes issues in multi-threaded environments. See #​2340 for details.

v6.32.3

Compare Source

=======

Bug fixes:

  • Fix logging messages. See #​2288 for details.

v6.32.2

Compare Source

=======

Bug fixes:

  • Underlying JsonDocument is never disposed, causing high latency in large scale services. See #​2258 for details.

v6.32.1

=======

Bug fixes:

  • Fix thread safety for JsonClaimSet Claims and JsonWebToken Audiences. See #​2185 for details.

v6.32.0

=======

New features:

  • Adding an AAD specific signing key issuer validator. See issue #​2134 for details.
  • Better support for WsFederation. See PR for details.

Bug fixes

  • Address perf regression introduced in 6.31.0. See PR for details.

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch 2 times, most recently from 23567f6 to f5b1d37 Compare January 11, 2024 02:49
@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch 2 times, most recently from 52d6b14 to 2067b87 Compare February 4, 2024 02:46
@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch from 2067b87 to 0e002cd Compare February 28, 2024 02:43
@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch from 0e002cd to cfd9bce Compare March 17, 2024 02:58
@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch from cfd9bce to 97e17a2 Compare March 27, 2024 05:56
@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch from 97e17a2 to 18c3072 Compare April 6, 2024 06:00
@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch from 18c3072 to 8776341 Compare May 23, 2024 02:25
@renovate renovate bot force-pushed the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch from 8776341 to 5c7956c Compare May 28, 2024 20:34
@renovate renovate bot changed the title Update dependency System.IdentityModel.Tokens.Jwt to v7 Update dependency System.IdentityModel.Tokens.Jwt to v7 - autoclosed Jun 19, 2024
@renovate renovate bot closed this Jun 19, 2024
@renovate renovate bot deleted the renovate/major-dotnet-azure-ad-identitymodel-extensions-monorepo branch June 19, 2024 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants