Skip to content

Bump Microsoft.IdentityModel.Tokens, MK.IO and Newtonsoft.Json #901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump Microsoft.IdentityModel.Tokens, MK.IO and Newtonsoft.Json #901

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 22, 2025
edited
Loading

Bumps Microsoft.IdentityModel.Tokens, MK.IO and Newtonsoft.Json. These dependencies needed to be updated together.
Updates Microsoft.IdentityModel.Tokens from 8.3.1 to 8.2.0

Changelog

Sourced from Microsoft.IdentityModel.Tokens's changelog.

8.2.0

Fundamentals

Work related to redesign of IdentityModel's token validation logic #2711

  • Validates Audience for SAML2TokenHandler with New Model 2863
  • Improvements to AudienceValidation 2902
  • Added properties to ValidationResult 2923
  • Implements Audience and Lifetime validations in SamlSecurityTokenHandler 2925
  • Implements Issuer validation in SamlSecurityTokenHandler 2948

8.1.2

Bug fixes

  • CaseSensitiveClaimsIdentity.Clone() now returns a CaseSensitiveClaimsIdentity as expected. See 2879
  • Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling. See 2888. No major version changed needed as these APIs were not usable per se.

Fundamentals

  • Enabled PublicApiAnalyzers to better understand and trace changes to the public API. See2782

8.1.1

Bug fixes

  • Fix bug where ConfigurationManager was updating keys too frequently. See 2866 for details.

8.1.0

Performance improvements

  • Improves performance during issuer validation by replacing string comparison with span comparison. See PR #2826.

New features

  • Add optional check to prevent using keys that are shared across multiple clouds. See issue #2832 for details.

Bug fixes

  • JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue #2695 for details.

Fundamentals

  • Fix flaky tests. See #2793 for details.
  • Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR #2796 for details.

... (truncated)

Commits
  • 5471249 SAML new model validation: Signature (#2958)
  • ba49516 Add Ask Mode Change Template (#2941)
  • e43dc2d Adds changelog for 8.2.0 (#2971)
  • a1d55cb Add ability to create token without kid (#2968)
  • 671e2a2 Handle the case where the event received has no arguments as passing null to ...
  • 4b0cfc2 SAML new model validation: Issuer (#2948)
  • 0b72d1f Enable coverage report in PRs (#2946)
  • 2477877 Regression tests: JWE Decryption (#2940)
  • 38ddcdc restore CacheOverflowTestMultithreaded as it took 67 ms and is no longer larg...
  • d7d78fa restore CacheOverflowTestSequential - takes 1.5s (#2955)
  • Additional commits viewable in compare view

Updates MK.IO from 1.5.0 to 2.1.3

Release notes

Sourced from MK.IO's releases.

v2.1.3

What's Changed

  • Support for live and on-demand AI based transcription, with updated samples
  • Add support for Asset.GetFileAccessInfo
  • Updated some of the classes
  • Update to packages

Full Changelog: microsoft/MK.IO@v2.1.2...v2.1.3

v2.1.2

What's Changed

  • Fix an issue with Streaming Locator creation when providing content key(s)
  • Fix the list content keys operation for a streaming locator
  • Update to some packages

Full Changelog: microsoft/MK.IO@v2.1.1...v2.1.2

Please install from https://www.nuget.org/packages/MK.IO

v2.1.1

What's Changed

Full Changelog: microsoft/MK.IO@v2.1.0...v2.1.1

v2.1.0

What's Changed

Full Changelog: microsoft/MK.IO@v2.0.1...v2.1.0

v2.0.1

What's Changed

Full Changelog: microsoft/MK.IO@v1.7.2...v2.0.1

... (truncated)

Commits

Updates Newtonsoft.Json from 13.0.1 to 13.0.3

Release notes

Sourced from Newtonsoft.Json's releases.

13.0.3

  • Fix - Fixed parsed zero decimals losing trailing zeroes
  • Fix - Fixed parsed negative zero double losing negative
  • Fix - Fixed null string being reported as String rather than JTokenType.Null

13.0.2

  • New feature - Add support for DateOnly and TimeOnly
  • New feature - Add UnixDateTimeConverter.AllowPreEpoch property
  • New feature - Add copy constructor to JsonSerializerSettings
  • New feature - Add JsonCloneSettings with property to disable copying annotations
  • Change - Add nullable annotation to JToken.ToObject(Type, JsonSerializer)
  • Change - Reduced allocations by reusing boxed values
  • Fix - Fixed MaxDepth when used with ToObject inside of a JsonConverter
  • Fix - Fixed deserializing mismatched JToken types in properties
  • Fix - Fixed merging enumerable content and validate content
  • Fix - Fixed using $type with arrays of more than two dimensions
  • Fix - Fixed rare race condition in name table when deserializing on device with ARM processors
  • Fix - Fixed deserializing via constructor with ignored base type properties
  • Fix - Fixed MaxDepth not being used with ISerializable deserialization
Commits
  • 0a2e291 Remove prerelease for 13.0.3
  • 4949c66 Update to 13.0.3-beta1
  • 5702581 Fix: Null String being reported as String rather than JTokenType.Null (#2796)
  • c908de3 Fix not returning negative double from box cache (#2777)
  • 2afdccd Fix parsed decimal losing trailing zeroes (#2769)
  • 4fba53a Remove prerelease for 13.0.2
  • b15df4b Add missing headers
  • 789bfd3 Update to 13.0.2-beta3
  • b13717a Add JsonCloneSettings to disable copy annotations (#2757)
  • d0a328e Fix MaxDepth not being used with ISerializable deserialization (#2736)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump Microsoft.IdentityModel.Tokens, MK.IO and Newtonsoft.Json
5729eda 
Bumps [Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet), [MK.IO](https://github.com/microsoft/MK.IO) and [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json). These dependencies needed to be updated together.

Updates `Microsoft.IdentityModel.Tokens` from 8.3.1 to 8.2.0
- [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)
- [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md)
- [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.3.1...8.2.0)

Updates `MK.IO` from 1.5.0 to 2.1.3
- [Release notes](https://github.com/microsoft/MK.IO/releases)
- [Commits](https://github.com/microsoft/MK.IO/commits/v2.1.3)

Updates `Newtonsoft.Json` from 13.0.1 to 13.0.3
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](JamesNK/Newtonsoft.Json@13.0.1...13.0.3)

---
updated-dependencies:
- dependency-name: Microsoft.IdentityModel.Tokens
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: MK.IO
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jan 22, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 22, 2025

Looks like these dependencies are up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Jan 22, 2025
@dependabot dependabot bot deleted the dependabot/nuget/Automatic_version_update_dependabot/multi-4b3a0de29e branch January 22, 2025 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants