Bump Microsoft.Identity.Web from 2.21.1 to 3.6.2 in /webapi #1252

dependabot · 2025-01-27T12:43:00Z

Bumps Microsoft.Identity.Web from 2.21.1 to 3.6.2.

Release notes

Sourced from Microsoft.Identity.Web's releases.

3.6.2

Updated to Microsoft.Identity.Abstractions 8.0.0

Fundamentals

Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue #3212 for details.

What's Changed

Bump the notsecurity group across 1 directory with 3 updates by @dependabot in AzureAD/microsoft-identity-web#3211

Suppress TFM Build Warnings by @kllysng in AzureAD/microsoft-identity-web#3210

Fixing 3212 and cleaning-up technical debt by @jmprieur in AzureAD/microsoft-identity-web#3213

Full Changelog: AzureAD/microsoft-identity-web@3.6.1...3.6.2

3.6.1

Updated to Microsoft.Identity.Abstractions 7.2.1

3.6.0

Updated to Microsoft.IdentityModel.* 8.3.1

Updated to MSAL.NET 4.67.2

Bug fixes

Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See AzureAD/microsoft-identity-web#3131

Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider. See Issue #3078

Fundamentals

Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See AzureAD/microsoft-identity-web#3183

Re-add code coverage comments & scope to src files. See AzureAD/microsoft-identity-web#3177

What's Changed

Update changelog.md by @jmprieur in AzureAD/microsoft-identity-web#3161

Update global.json by @keegan-caruso in AzureAD/microsoft-identity-web#3163

Use ExtraQP to inject telemetry SDK ID by @bgavrilMS in AzureAD/microsoft-identity-web#2973

Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @jmprieur in AzureAD/microsoft-identity-web#3168

Add Warning Quality Check Build Task 🔨 by @kllysng in AzureAD/microsoft-identity-web#3169

Treat warnings as errors by @keegan-caruso in AzureAD/microsoft-identity-web#3166

Revert: Warning Quality Check Build Task by @alexholub113 in AzureAD/microsoft-identity-web#3172

fix warnings in idweb and readd warnings as errors by @jennyf19 in AzureAD/microsoft-identity-web#3173

Add checks to protect the internal claims used by MIW. Ref: issue #2968 by @DOMZE in AzureAD/microsoft-identity-web#3131

use only src files and re-add comments by @jennyf19 in AzureAD/microsoft-identity-web#3176

Update dotnet actions by @sebastienros in AzureAD/microsoft-identity-web#3175

Fixes 3181 by @jmprieur in AzureAD/microsoft-identity-web#3183

Add retry logic to stabilize flaky UI tests by @kllysng in AzureAD/microsoft-identity-web#3180

Add null handling for process output/error data in UiTestHelpers by @kllysng in AzureAD/microsoft-identity-web#3184

package updates from dependabot by @jennyf19 in AzureAD/microsoft-identity-web#3185

Fix E2E tests persistent flakiness + build hanging by @kllysng in AzureAD/microsoft-identity-web#3188

... (truncated)

Changelog

Sourced from Microsoft.Identity.Web's changelog.

3.6.2

Updated to Microsoft.Identity.Abstractions 8.0.0

Fundamentals

Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue #3212 for details.

3.6.1

Updated to Microsoft.Identity.Abstractions 7.2.1

3.6.0

Updated to Microsoft.IdentityModel.* 8.3.1

Updated to MSAL.NET 4.67.2

Bug fixes

Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See AzureAD/microsoft-identity-web#3131

Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider. See Issue #3078

Fundamentals

Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See AzureAD/microsoft-identity-web#3183

Re-add code coverage comments & scope to src files. See AzureAD/microsoft-identity-web#3177

3.5.0

Updated to Microsoft.IdentityModel.* 8.3.0

Bug fixes

Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See AzureAD/microsoft-identity-web#3155

Dont modify the merged options when building the confidential client. See AzureAD/microsoft-identity-web#3137

Fundamentals

Install all .NET versions in pipeline, including .NET 9. See AzureAD/microsoft-identity-web#3152

Upgrade to C# 13. See AzureAD/microsoft-identity-web#3138

Specify sdk version in global.json. See AzureAD/microsoft-identity-web#3156

Disable Coverage PR comments. See in AzureAD/microsoft-identity-web#3159

3.4.0

Updated to Microsoft.IdentityModel.* 8.2.1

Updated to Microsoft.Identity.Abstractions 7.2.0

New features

Add ROPC flow support for confidential client applications. See 3091, 3129, 3139.

Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See 3121, 3132.

Update to use .NET 9 GA. See 3127.

3.3.1

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 2.21.1 to 3.6.2. - [Release notes](https://github.com/AzureAD/microsoft-identity-web/releases) - [Changelog](https://github.com/AzureAD/microsoft-identity-web/blob/master/changelog.md) - [Commits](https://github.com/AzureAD/microsoft-identity-web/commits/3.6.2) --- updated-dependencies: - dependency-name: Microsoft.Identity.Web dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jan 27, 2025

dependabot bot mentioned this pull request Jan 27, 2025

Bump Microsoft.Identity.Web from 2.21.1 to 3.6.0 in /webapi #1249

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump Microsoft.Identity.Web from 2.21.1 to 3.6.2 in /webapi #1252

Bump Microsoft.Identity.Web from 2.21.1 to 3.6.2 in /webapi #1252

Uh oh!

dependabot bot commented on behalf of github Jan 27, 2025

Uh oh!

Uh oh!

Bump Microsoft.Identity.Web from 2.21.1 to 3.6.2 in /webapi #1252

Are you sure you want to change the base?

Bump Microsoft.Identity.Web from 2.21.1 to 3.6.2 in /webapi #1252

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 27, 2025

3.6.2

Fundamentals

What's Changed

3.6.1

3.6.0

Bug fixes

Fundamentals

What's Changed

3.6.2

Fundamentals

3.6.1

3.6.0

Bug fixes

Fundamentals

3.5.0

Bug fixes

Fundamentals

3.4.0

New features

Uh oh!

Uh oh!