From 4febeb47f35970674acbc588d23a213187c036bb Mon Sep 17 00:00:00 2001 From: Joe DeCock Date: Fri, 5 Apr 2024 11:26:41 -0500 Subject: [PATCH 1/4] Match wilson version with minimum required by asp.net We want to match our requirements with the oidc handler in asp.net. As of today, the latest version is 8.0.3, which depends on wilson >= 7.1.2 https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.OpenIdConnect/8.0.3#dependencies-body-tab --- Directory.Build.targets | 4 ++-- samples/Worker/Worker.csproj | 2 +- samples/WorkerDI/WorkerDI.csproj | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Directory.Build.targets b/Directory.Build.targets index 53da29e..197884e 100644 --- a/Directory.Build.targets +++ b/Directory.Build.targets @@ -2,8 +2,8 @@ 8.0.3 8.0.0 - 7.3.1 - 7.0.3 + 7.1.2 + 7.0.4 diff --git a/samples/Worker/Worker.csproj b/samples/Worker/Worker.csproj index 2233c51..82bd102 100644 --- a/samples/Worker/Worker.csproj +++ b/samples/Worker/Worker.csproj @@ -7,7 +7,7 @@ - + diff --git a/samples/WorkerDI/WorkerDI.csproj b/samples/WorkerDI/WorkerDI.csproj index 2233c51..82bd102 100644 --- a/samples/WorkerDI/WorkerDI.csproj +++ b/samples/WorkerDI/WorkerDI.csproj @@ -7,7 +7,7 @@ - + From b17f56b8af59093bc8d412c1a5f75482c50ac3c5 Mon Sep 17 00:00:00 2001 From: Joe DeCock Date: Thu, 18 Apr 2024 21:24:18 -0500 Subject: [PATCH 2/4] Match Framework version with minimum required 6.0.26 of the asp.net packages was the first version to depend on wilson 6.35.0. We want wilson 6.35 because it contains security fixes. We don't depend on anything more recent than that, so we can keep our requirements as relaxed possible beyond that. --- Directory.Build.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Directory.Build.targets b/Directory.Build.targets index 197884e..aa39958 100644 --- a/Directory.Build.targets +++ b/Directory.Build.targets @@ -7,7 +7,7 @@ - 6.0.28 + 6.0.26 6.0.0 6.35.0 6.3.6 From 39820dc7f0b89d8c0469d720357a8c804f600110 Mon Sep 17 00:00:00 2001 From: Joe DeCock Date: Fri, 19 Apr 2024 09:33:12 -0500 Subject: [PATCH 3/4] Relax dependency on auth handler to 8.0.1 We take the earliest version that doesn't have a known security vulnerability, so we go with 8.0.1 to ensure that our transitive dependency on the wilson JWT library is at least 7.1.2. --- Directory.Build.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Directory.Build.targets b/Directory.Build.targets index aa39958..da21df5 100644 --- a/Directory.Build.targets +++ b/Directory.Build.targets @@ -1,6 +1,6 @@ - 8.0.3 + 8.0.1 8.0.0 7.1.2 7.0.4 From efc4edac8f1b379740caf1ab878642126fb6adb2 Mon Sep 17 00:00:00 2001 From: Joe DeCock Date: Fri, 19 Apr 2024 09:54:09 -0500 Subject: [PATCH 4/4] Remove explicit dependency on oidc from tests IdentityServer depends on version 8.0.3 of the oidc auth handler, while we only use 8.0.1. This is normally fine, but if we explicitly take a dependency on both the handler at version 8.0.1 and identity server, then our explicit dependency is a downgrade of what identity server wants, producing a warning. We don't actually need the explicit dependency, and removing it fixes the build. --- test/Tests/Tests.csproj | 1 - 1 file changed, 1 deletion(-) diff --git a/test/Tests/Tests.csproj b/test/Tests/Tests.csproj index 1f2a066..ac6566a 100644 --- a/test/Tests/Tests.csproj +++ b/test/Tests/Tests.csproj @@ -11,7 +11,6 @@ -