Bump System.IdentityModel.Tokens.Jwt from 4.0.2.206221351 to 6.15.1

[dependabot[bot]]

Bumps System.IdentityModel.Tokens.Jwt from 4.0.2.206221351 to 6.15.1.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

6.15.1

Enhancements

• Performance improvement when caching signature providers. No need to use LRU logic since it is assumed only a small number of signature providers will be in play at a time (#1783).
• DisposableObjectPool disposes of objects on Free() when full (#1802).

Bugs

• TestTokenCreator modified to throw SecurityTokenInvalidSignatureException rather than ArgumentException(#1798).
• AadIssuerValidator fixed issue where AadIssuerValidatorConstants.Tid was used where AadIssuerValidatorConstants.TenantId should have been used (#1801).

6.15.0

New Features

• Added support for the Last Known Good feature (#1723)
• Made logging more legible by displaying Non-PII information in clear text (#1757)
• Added new GitHub Templates to report bugs (#1756)
• Added the OpenID standard scope "address" (#1787)

Enhancements

• Added multi-auth scheme support in AadIssuerValidator (#1753)
• Added default values for TokenValidationParameters (#1767)
• Improved logging to indicate issuer is an empty string (#1758) (#1761)
• Improved exception handling when metadata retrieval results in a failure (#1776)
• Added string optimizations (#1765)
• Improved performance of Saml2 attributes consolidation (#1764)
• Updated comments to use references (#1769)
• Added new unit test samples that make negative testing easier for consumers of this library. These show the most common problem token types and gives examples for validation. (#1748)

Bug Fixes

• Fixed broken links to ietf.org (#1723)

6.14.1

Bug Fixes:

The AadIssuerValidator in Microsoft.IdentityModel.Validators now uses the entire authority (instance + tenant ID), not just the authority host when validating the issuer. This was an issue which arose when using multiple authentication schemes. See issue #1752 .

6.14.0

New Features

A new assembly, Microsoft.IdentityModel.Validators, is available! It provides an issuer validator for the Microsoft identity platform (AAD and AAD B2C), working for single and multi-tenant applications and v1 and v2 token types. See #1736 and Microsoft.Identity.Web issue.

Bug Fixes

Fixes to determine when IsValid property has been checked. Includes a warning so developers ensure that token validation succeeded before reading the claims. See #1718.

aka.ms link added for issuer validation failure. See issue #1732.

Fix broken rfc link. See issue #1728.

Add const for the OIDC scope "phone". See #1720.

Use https for hyperlinks in XLM. See #1719.

6.13.1

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[bdukes]

I've updated this PR to account for new assemblies that now come with this package. There are still breaking changes in the code that will need to be accounted for.

[dependabot[bot]]

A newer version of System.IdentityModel.Tokens.Jwt exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[stale[bot]]

We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!

[bdukes]

superseded by https://github.com/dnnsoftware/Dnn.Platform/pull/5694

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.