Bump Microsoft.IdentityModel.JsonWebTokens from 7.1.2 to 7.6.2

[dependabot]

Bumps Microsoft.IdentityModel.JsonWebTokens from 7.1.2 to 7.6.2.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

7.6.2

Bug Fix:

• Revert reduced allocations in AadIssuerValidator by not using string.Replace where appropriate due to an index out-of-range error.

7.6.1

New Features:

• Add missing metadata parameters to OpenIdConnectConfiguration. See issue #2498 for details.

Bug Fixes:

• Fix over-reporting of IDX14100. See issue #2058 and PR #2618 for details.
• JwtRegisteredClaimNames now contains previously missing Standard OpenIdConnect claims. See issue #1598 for details.

Performance Improvements:

• Reduced allocations in AadIssuerValidator by not using string.Replace where appropriate. See issue #2595 and PR #2597 for more details.
• No longer for every string claim, calling DateTime.TryParse on each value, whether it is expected to be a DateTime or not. See issue #2615 for details.

7.6.0

New Features:

• Update JsonWebToken - extract and expose the method that reads the header/payload property values from the reader so it can be overridden in children classes to add any extra own logic. See issues #2581, #2583, and #2495 for details.

Bug Fixes:

• JWE header algorithm is now compliant to IANA document. See issue #2089 for details.

Performance Improvements:

• Reduce the number of internal array allocations that need to happen for each claim set, see PR #2596.

Fundamentals:

• Add an AOT compatibility check on each PR to ensure only AOT compatible code is checked-in. See PR #2598.
• Update perl scrip for OneBranch build. See PR #2602.
• Add langversion 12 to benchmark tests. See PR #2601.
• Removed unused build.cmd file. See PR #2605.
• Create CodeQL exclusions file. See PR #2609.
• Fix variable usage in AOT script. See PR #2610.
• Move Microsoft.IdentityModel.Tokens delegates to a new file. See PR #2606

7.5.2

Bug Fixes:

• Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/HEAD/IDX10625 Wiki for details. By @​kellyyangsong

Fundamentals:

• App Context Switches in Identity Model 7x are now documented here. By @​kellyyangsong

Performance Improvements:

• In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details. By @​eerhardt
• Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details. By @​eerhardt
• Remove Task allocation in AadIssuerValidator. See PR #2584 for more details. By @​eerhardt

... (truncated)

Changelog

Sourced from Microsoft.IdentityModel.JsonWebTokens's changelog.

7.6.2

Bug Fix:

• Revert reduced allocations in AadIssuerValidator by not using string.Replace where appropriate due to an index out-of-range error.

7.6.1

New Features:

• Add missing metadata parameters to OpenIdConnectConfiguration. See issue #2498 for details.

Bug Fixes:

• Fix over-reporting of IDX14100. See issue #2058 and PR #2618 for details.
• JwtRegisteredClaimNames now contains previously missing Standard OpenIdConnect claims. See issue #1598 for details.

Performance Improvements:

• Reduced allocations in AadIssuerValidator by not using string.Replace where appropriate. See issue #2595 and PR #2597 for more details.
• No longer for every string claim, calling DateTime.TryParse on each value, whether it is expected to be a DateTime or not. See issue #2615 for details.

7.6.0

New Features:

• Update JsonWebToken - extract and expose the method that reads the header/payload property values from the reader so it can be overridden in children classes to add any extra own logic. See issues #2581, #2583, and #2495 for details.

Bug Fixes:

• JWE header algorithm is now compliant to IANA document. See issue #2089 for details.

Performance Improvements:

• Reduce the number of internal array allocations that need to happen for each claim set, see PR #2596.

Fundamentals:

• Add an AOT compatibility check on each PR to ensure only AOT compatible code is checked-in. See PR #2598.
• Update perl scrip for OneBranch build. See PR #2602.
• Add langversion 12 to benchmark tests. See PR #2601.
• Removed unused build.cmd file. See PR #2605.
• Create CodeQL exclusions file. See PR #2609.
• Fix variable usage in AOT script. See PR #2610.
• Move Microsoft.IdentityModel.Tokens delegates to a new file. See PR #2606

7.5.2

Bug Fixes:

• Validate authentication tag length so a JWE with appended characters will not be considered a valid token. See issues #2201, #1641, PR #2569, and https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/7.6.2/IDX10625 Wiki for details.

Fundamentals:

• App Context Switches in Identity Model 7x are now documented here.

Performance Improvements:

• In .NET 6 or greater, use a temporary buffer to reduce intermediate allocation in VerifyRsa/VerifyECDsa. See PR #2589 for more details.
• Reduce allocations in ValidateSignature by using a collection expression instead of new List<SecurityKey> { key }, to optimize for the single element case. See PR #2586 for more details.
• Remove Task allocation in AadIssuerValidator. See PR #2584 for more details.

... (truncated)

Commits

• a93b7f6 Update CHANGELOG.md (#2654)
• 4d3e5b9 Revert PR#2597 (#2650)
• 8671342 Update changelog for 7.6.1 (#2639)
• 3f1697b Revert "Add support for RSA-OAEP 256 (#1293)"
• b8b244b Add missing comma
• 4efb6fd Lexicographic order part 3
• 54c6d3f Lexicographic order part 2
• 22fce39 Lexicographic order
• f4dcbee Fix unit tests
• c3ead8a Add additional metadata parameters to OpenIdConnectConfiguration
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #120.