Bump System.IdentityModel.Tokens.Jwt from 8.0.1 to 8.0.2 in /source

[dependabot]

Bumps System.IdentityModel.Tokens.Jwt from 8.0.1 to 8.0.2.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

8.0.2

Security fundamentals

• Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors. See PR #2778 for details.

Bug fixes

• IdentityModel now allows the JWT payload to be an empty string. See issue #2656 for details.
• Cache UseRfcDefinitionOfEpkAndKid switch. See PR #2747 for details.
• Method was named DoNotFailOnMissingTid in 7x and DontFailOnMissingTid in 8x, adding the method for back compat. See issue #2750 for details.
• Metadata is now updated on a background thread. See #2780 for details.
• JsonWebKeySet stores the original string it was created with. See PR #2755 for details.
• Restore AOT compatibility. See #2711.
• Fix OpenIdConnect parsing bug. See #2772 for details.
• Remove the lock on creating a SignatureProvider. See #2788 for details.

Fundamentals

• Test clean up #2742.
• Use only FxCop in .NET framework targets #2693.
• Add rule to add file headers automatically #2748.
• Code analysis updates #2746.
• Include README packages in NuGet #2752.
• Update projects inside WilsonUnix solution #2768.
• Code style enforced in build #2603.
• CodeQL update #2767.
• Update build pipeline to new one release build format #2777.
• Update GitHub actions to 9.0.100-preview.7.24407.12 and add <NoWarn>$(NoWarn);SYSLIB0057</NoWarn> due to breaking changes in preview7. #2786.

Work relating to #2711

• #2725, #2729, #2753, #2758, #2759, #2757, #2759, #2764, #2759, #2771, #2759, and #2779.

What's Changed

• Remove old 6x tests used that are not needed anymore by @​brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2742
• Only use fxcop in netfw by @​keegan-caruso in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2693
• Allow Jwt payload to be the empty string. by @​brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2745
• Add rule to add file headers automatically. by @​pmaytak in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2748
• Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2725
• Fix CodeQL by @​pmaytak in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2746
• Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2747
• Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2729
• Include README packages in NuGet by @​localden in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2752
• Remove internals for new work. by @​brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2753
• Add property named differently in 7x. by @​brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2756
• Remove SlimLock when updating metadata. by @​brentschmaltz in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2751
• Revert "Remove SlimLock when updating metadata. (#2751)" by @​keegan-caruso in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2762
• Remove Delegate Checks Audience Validator and Prevents Null Setting of Delegate by @​FuPingFranco in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2758
• Re-factor Issuer Validator to Follow New Validation Model by @​FuPingFranco in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2759
• Update projects inside WilsonUnix solution by @​iNinja in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2768
• JsonWebKeySet stores the String it was created with by @​westin-m in AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2755

... (truncated)

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

8.0.2

Security fundamentals

• Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors. See PR #2778 for details.

Bug fixes

• IdentityModel now allows the JWT payload to be an empty string. See issue #2656 for details.
• Cache UseRfcDefinitionOfEpkAndKid switch. See PR #2747 for details.
• Method was named DoNotFailOnMissingTid in 7x and DontFailOnMissingTid in 8x, adding the method for back compat. See issue #2750 for details.
• Metadata is now updated on a background thread. See #2780 for details.
• JsonWebKeySet stores the original string it was created with. See PR #2755 for details.
• Restore AOT compatibility. See #2711.
• Fix OpenIdConnect parsing bug. See #2772 for details.
• Remove the lock on creating a SignatureProvider. See #2788 for details.

Fundamentals

• Test clean up #2742.
• Use only FxCop in .NET framework targets #2693.
• Add rule to add file headers automatically #2748.
• Code analysis updates #2746.
• Include README packages in NuGet #2752.
• Update projects inside WilsonUnix solution #2768.
• Code style enforced in build #2603.
• CodeQL update #2767.
• Update build pipeline to new one release build format #2777.
• Update GitHub actions to 9.0.100-preview.7.24407.12 and add <NoWarn>$(NoWarn);SYSLIB0057</NoWarn> due to breaking changes in preview7. #2786.

Work relating to #2711

• #2725, #2729, #2753, #2758, #2759, #2757, #2759, #2764, #2759, #2771, #2759, and #2779.

Commits

• 1e23cef Remove lock when creating a SignatureProvider (#2788)
• 7c7d1c1 update to 9.0.100-preview.7.24407.12 (#2786)
• 2f4f9e6 updates for one build (#2777)
• a120bde Adding benchmark for new ValidateTokenAsync model vs old (#2779)
• 34a421f Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors (#2778)
• eb4df8f Add lock when configuration is null (#2780)
• 68ff8df ValidateTokenAsync: New code path (#2771)
• 7841666 Fix Open Id connect parsing bug. (#2776)
• 5853e4c try to fix codeQL (#2767)
• d2632a7 Restore AOT compatibility for IdentityModel (#2773)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Test Results

  3 files   36 suites   3s ⏱️
131 tests 131 ✅ 0 💤 0 ❌
393 runs  393 ✅ 0 💤 0 ❌

Results for commit bca6dd4.