This repository was archived by the owner on Oct 10, 2025. It is now read-only.
Bump Microsoft.AspNetCore.Authentication.JwtBearer and 8 others #201
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=80&v=4){kind=small}
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.16 to 8.0.18 Bumps Microsoft.AspNetCore.HeaderPropagation from 8.0.16 to 8.0.18 Bumps Microsoft.Extensions.Configuration.Json from 9.0.5 to 9.0.7 Bumps Microsoft.Extensions.Hosting from 9.0.5 to 9.0.7 Bumps Microsoft.Identity.Client from 4.72.1 to 4.74.1 Bumps Microsoft.NET.Test.Sdk from 17.14.0 to 17.14.1 Bumps NUnit.Analyzers from 4.8.1 to 4.9.2 Bumps Swashbuckle.AspNetCore from 8.1.2 to 9.0.3 Bumps System.IdentityModel.Tokens.Jwt from 8.11.0 to 8.13.0 --- updated-dependencies: - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 8.0.18 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.AspNetCore.HeaderPropagation dependency-version: 8.0.18 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Configuration.Json dependency-version: 9.0.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Hosting dependency-version: 9.0.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Identity.Client dependency-version: 4.74.1 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 17.14.1 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: NUnit.Analyzers dependency-version: 4.9.2 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Swashbuckle.AspNetCore dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
.NET
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.16 to 8.0.18.
Release notes
Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.
8.0.18
Release
What's Changed
04ee1b4toe9092b1by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from04ee1b4toe9092b1dotnet/aspnetcore#62201Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18
8.0.17
Bug Fixes
The Forwarded Headers Middleware now ignores
X-Forwarded-Headerssent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.Dependency Updates
Update dependencies from dotnet/arcade (#61832)
This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.
Bump src/submodules/googletest from
52204f7to04ee1b4(#61761)The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.
Miscellaneous
Update branding to 8.0.17 (#61830)
The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.
Merging internal commits for release/8.0 (#61924)
This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.
This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.
Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17
Commits viewable in compare view.
Updated Microsoft.AspNetCore.HeaderPropagation from 8.0.16 to 8.0.18.
Release notes
Sourced from Microsoft.AspNetCore.HeaderPropagation's releases.
8.0.18
Release
What's Changed
04ee1b4toe9092b1by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from04ee1b4toe9092b1dotnet/aspnetcore#62201Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18
8.0.17
Bug Fixes
The Forwarded Headers Middleware now ignores
X-Forwarded-Headerssent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.Dependency Updates
Update dependencies from dotnet/arcade (#61832)
This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.
Bump src/submodules/googletest from
52204f7to04ee1b4(#61761)The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.
Miscellaneous
Update branding to 8.0.17 (#61830)
The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.
Merging internal commits for release/8.0 (#61924)
This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.
This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.
Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17
Commits viewable in compare view.
Updated Microsoft.Extensions.Configuration.Json from 9.0.5 to 9.0.7.
Release notes
Sourced from Microsoft.Extensions.Configuration.Json's releases.
9.0.7
Release
What's Changed
sort_mark_listby @github-actions in [release/9.0-staging] throw an exception instead of infinite loop insort_mark_listdotnet/runtime#115529Full Changelog: dotnet/runtime@v9.0.6...v9.0.7
9.0.6
Bug Fixes
Read messages from binlog if process output is missing build finished message (#114676)
Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.
Fix debugger app hangs related to thread exit (#114917)
Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.
[Mono] Workaround MSVC miscompiling sgen_clz (#114903)
Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.
Do not set the salt or info if they are NULL for OpenSSL HKDF (#114877)
Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.
[Test Only] Fix Idn tests (#115032)
Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.
JIT: revised fix for fp division issue in profile synthesis (#115026)
Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.
Handle OSSL 3.4 change to SAN:othername formatting (#115361)
Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.
[Mono] Fix c11 ARM64 atomics to issue full memory barrier (#115635)
Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.
Performance Improvements
[WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#114678)
Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.
Improve distribute_free_regions (#115167)
Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.
Technical Improvements
Strip trailing slash from source dir for cmake4 (#114905)
Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.
Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#114995)
Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.
Add support for more libicu versions (#115376)
Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.
Infrastructure
Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.
... (truncated)
Commits viewable in compare view.
Updated Microsoft.Extensions.Hosting from 9.0.5 to 9.0.7.
Release notes
Sourced from Microsoft.Extensions.Hosting's releases.
9.0.7
Release
What's Changed
sort_mark_listby @github-actions in [release/9.0-staging] throw an exception instead of infinite loop insort_mark_listdotnet/runtime#115529Full Changelog: dotnet/runtime@v9.0.6...v9.0.7
9.0.6
Bug Fixes
Read messages from binlog if process output is missing build finished message (#114676)
Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.
Fix debugger app hangs related to thread exit (#114917)
Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.
[Mono] Workaround MSVC miscompiling sgen_clz (#114903)
Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.
Do not set the salt or info if they are NULL for OpenSSL HKDF (#114877)
Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.
[Test Only] Fix Idn tests (#115032)
Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.
JIT: revised fix for fp division issue in profile synthesis (#115026)
Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.
Handle OSSL 3.4 change to SAN:othername formatting (#115361)
Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.
[Mono] Fix c11 ARM64 atomics to issue full memory barrier (#115635)
Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.
Performance Improvements
[WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#114678)
Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.
Improve distribute_free_regions (#115167)
Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.
Technical Improvements
Strip trailing slash from source dir for cmake4 (#114905)
Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.
Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#114995)
Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.
Add support for more libicu versions (#115376)
Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.
Infrastructure
Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.
... (truncated)
Commits viewable in compare view.
Updated Microsoft.Identity.Client from 4.72.1 to 4.74.1.
Release notes
Sourced from Microsoft.Identity.Client's releases.
4.74.1
Bug fixes
When you configure MSAL with WithOidcAuthority(), the library now confirms that the issuer returned by the OIDC discovery endpoint matches the expected authority (including CIAM patterns) and throws an exception if it does not. Add issuer validation when making call to OIDC endpoint AzureAD/microsoft-authentication-library-for-dotnet#5358
Re-expose public AuthenticationResult constructor. A public, test-friendly constructor of AuthenticationResult was inadvertently hidden behind [Obsolete] and [EditorBrowsable(Never)]. The constructor is now publicly available again. [Bug] AuthenticationResult has no public constructor AzureAD/microsoft-authentication-library-for-dotnet#5392
4.74.0
Features
Bug fixes
4.73.1
What's Changed
Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.73.0...4.73.1
4.73.0
What's Changed
Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.1...4.73.0
Commits viewable in compare view.
Updated Microsoft.NET.Test.Sdk from 17.14.0 to 17.14.1.
Release notes
Sourced from Microsoft.NET.Test.Sdk's releases.
17.14.1
What's Changed
Full Changelog: microsoft/vstest@v17.14.0...v17.14.1
Commits viewable in compare view.
Updated NUnit.Analyzers from 4.8.1 to 4.9.2.
Release notes
Sourced from NUnit.Analyzers's releases.
4.9.2
NUnit Analyzers 4.9.2 - June 17, 2025
This release of the NUnit Analyzers extends the
NUnit3001nullability suppressorto also work in the context of
Assert.EnterMultipleScopeand other using statements.The release contains contributions from the following users (in alphabetical order):
Issues Resolved
Features and Enhancements
4.9.1
NUnit Analyzers 4.9.1 - June 12, 2025
This release of the NUnit Analyzers fixes a problem with the code-fix for translating
Assert.Multiple/Assert.MultipleAsyncinto the newAssert.EnterMultipleScopeformatwhen the test method already is asynchronous and have a return type different from
Task.The release contains contributions from the following users (in alphabetical order):
Issues Resolved
Bugs
4.9.0
NUnit Analyzers 4.9 - June 11, 2025
This release of the NUnit Analyzers adds several new analyzers. For the
RangeAttribute,the analyzers now warn about potential issues at runtime.
It also introduces an analyzer and code fix for translating
Assert.Multiple/Assert.MultipleAsyncinto the newAssert.EnterMultipleScopeformat, as wellas for converting
is Tchecks intoIs.InstanceOf<T>()constraints.For
NUnit2021, the analyzer now respectsUsingPropertiesComparer, including enhancementsthat will be available in NUnit 4.4.
Finally, this release includes improvements to
NUnit2007,NUnit2045, andNUnit4002.See the list of resolved issues below for more details.
The release contains contributions from the following users (in alphabetical order):
Issues Resolved
Features and Enhancements
Bugs
NUnit4002shouldn't trigger forTvsnullable<T>struct typesTooling, Process, and Documentation
Commits viewable in compare view.
Updated Swashbuckle.AspNetCore from 8.1.2 to 9.0.3.
Release notes
Sourced from Swashbuckle.AspNetCore's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated System.IdentityModel.Tokens.Jwt from 8.11.0 to 8.13.0.
Release notes
Sourced from System.IdentityModel.Tokens.Jwt's releases.
8.13.0
8.13.0
Fundamentals
CaseSensitiveClaimsIdentity.SecurityTokensetter is now protected internal (was internal). See PR #3278 for details.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0
8.12.1
8.12.1
Fundamentals
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1
8.12.0
8.12.0
New Features
Added event handling capabilities to the
ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #3253Bug Fixes
Introduced the expected overload of
Base64UrlEncoder.Decodefor .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.For details see #3249
Fundamentals
Incorporated AI assist rules to enhance AI agents effectiveness.
For details see #3255
Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
For details see #3256
Centralized suppression of RS006 warnings in project files for easier management.
For details see #3230
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)