Skip to content

chore(deps): update dotnet-azure-ad-identitymodel-extensions monorepo to v7.7.1

This MR contains the following updates:

Package Type Update Change
Microsoft.IdentityModel.JsonWebTokens nuget minor 7.5.1 -> 7.7.1
Microsoft.IdentityModel.Tokens nuget minor 7.5.1 -> 7.7.1
System.IdentityModel.Tokens.Jwt nuget minor 7.5.1 -> 7.7.1

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.JsonWebTokens)

v7.7.1

Compare Source

7.7.1

Bug Fix
  • Re-add JsonSerializerPrimitives.TryAllStringClaimsAsDateTime which was removed as it is in an internal class, but due to InternalsVisibleTo can lead to a MissingMethodException if IdentityModel versions are not aligned. See MR #​2734 for details.

v7.7.0

7.7.0
CVE package updates

CVE-2024-30105

  • A derived ClaimsIdentity where claim retrieval is case-sensitive. The current ClaimsIdentity, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying SecurityToken. The new CaseSensitiveClaimsIdentity class provides consistent retrieval logic with SecurityToken. Opt in to the new behavior via an AppContext switch. See MR #​2715 for details.
Performance improvement

v7.6.2

Compare Source

7.6.2
Bug Fix:
  • Revert reduced allocations in AadIssuerValidator by not using string.Replace where appropriate due to an index out-of-range error.

v7.6.1

Compare Source

=====

New Features:
  • Added an Audiences member to the SecurityTokenDescriptor to make it easier to define multiple audiences in JWT and SAML tokens. Addresses issue #​1479 with MR #​2575
  • Add missing metadata parameters to OpenIdConnectConfiguration. See issue #​2498 for details.
Bug Fixes:
  • Fix over-reporting of IDX14100. See issue #​2058 and MR #​2618 for details.
  • JwtRegisteredClaimNames now contains previously missing Standard OpenIdConnect claims. See issue #​1598 for details.
Performance Improvements:
  • No longer for every string claim, calling DateTime.TryParse on each value, whether it is expected to be a DateTime or not. See issue #​2615 for details.

v7.6.0

Compare Source

=====

New Features:
  • Update JsonWebToken - extract and expose the method that reads the header/payload property values from the reader so it can be overridden in children classes to add any extra own logic. See issues #​2581, #​2583, and #​2495 for details.
Bug Fixes:
  • JWE header algorithm is now compliant to IANA document. See issue #​2089 for details.
Performance Improvements:
  • Reduce the number of internal array allocations that need to happen for each claim set, see MR #​2596.
Fundamentals:
  • Add an AOT compatibility check on each MR to ensure only AOT compatible code is checked-in. See MR #​2598.
  • Update perl scrip for OneBranch build. See MR #​2602.
  • Add langversion 12 to benchmark tests. See MR #​2601.
  • Removed unused build.cmd file. See MR #​2605.
  • Create CodeQL exclusions file. See MR #​2609.
  • Fix variable usage in AOT script. See MR #​2610.
  • Move Microsoft.IdentityModel.Tokens delegates to a new file. See MR #​2606

v7.5.2

Compare Source

=====

Bug Fixes:
Fundamentals:
  • App Context Switches in Identity Model 7x are now documented here.
Performance Improvements:
  • In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See MR #​2589 for more details.
  • Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See MR #​2586 for more details.
  • Remove Task allocation in AadIssuerValidator. See MR #​2584 for more details.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Ghost User

Merge request reports