Bump Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt in /Backend

[dependabot]

Bumps Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together.
Updates Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.11 to 8.0.12

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 8.0.12

Release

What's Changed

• Update branding to 8.0.12 by @​vseanreesermsft in dotnet/aspnetcore#58800
• [release/8.0] (deps): Bump src/submodules/googletest from 6dae7eb to 1204d63 by @​dependabot in dotnet/aspnetcore#58741
• Add scope for internal npm packages by @​BrennanConroy in dotnet/aspnetcore#58512
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#58477
• [release/8.0] Upgrade serialize-javascript transient dependency by @​MackinnonBuck in dotnet/aspnetcore#58466
• [release/8.0] Update Messagepack dependency by @​wtgodbe in dotnet/aspnetcore#58676
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#58898
• [release/8.0] Use MacOS-13 in CI by @​wtgodbe in dotnet/aspnetcore#58549
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#59065
• [release/8.0] Fix java discovery in helix-matrix by @​wtgodbe in dotnet/aspnetcore#59181
• [release/8.0] Update dependencies from dotnet/roslyn by @​wtgodbe in dotnet/aspnetcore#59184
• [release/8.0] (deps): Bump src/submodules/googletest from 1204d63 to d144031 by @​dependabot in dotnet/aspnetcore#59033

Full Changelog: dotnet/aspnetcore@v8.0.11...v8.0.12

Commits

• 31d685b Merged PR 45643: [internal/release/8.0] Update dependencies from dnceng/inter...
• 6b7b74f Merged PR 45638: [internal/release/8.0] Update dependencies from dnceng/inter...
• e356c37 Merge commit 'dc3b2086feef8e62771254fdfded9d9d8a05346f'
• dc3b208 [release/8.0] (deps): Bump src/submodules/googletest (#59033)
• 91fea27 Merge commit '216a41a1dc4940e9d83a761bb0f9c44545d03c44'
• 216a41a [release/8.0] Update dependencies from dotnet/roslyn (#59184)
• 2cea8a7 Merge commit 'b8a8e7281e9d8e7e1cfd15c0412906cf7eaecbf8'
• b8a8e72 Fix java discovery in helix-matrix (#59181)
• 0332d22 Merge commit 'd86a0b487871fa1a1f800557dfb7102164b772fc'
• d86a0b4 Update dependencies from https://github.com/dotnet/arcade build 20241112.12 (...
• Additional commits viewable in compare view

Updates Microsoft.IdentityModel.Tokens from 7.5.1 to 7.1.2

Changelog

Sourced from Microsoft.IdentityModel.Tokens's changelog.

7.5.1

Performance Improvements:

• Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504.

Fundamentals:

• Moved token lifetime validation logic to an internal static class. See PR #2547.

Bug Fix:

• Contribution from @​martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

7.5.0

New features

• Supports the 1.1 version of the Microsoft Entra ID Endpoint #2503

7.4.1

Bug Fixes:

• SamlSecurityTokenHandler and Saml2SecurityTokenHandler now can fetch configuration when validating SAML issuer and signature. See PR #2412
• JsonWebToken.ReadToken now correctly checks Dot3 index in JWE. See PR #2501

Engineering Excellence:

• Remove reference to Microsoft.IdentityModel.Logging in Microsoft.IdentityModel.Protocols, which already depends on it via Microsoft.IdentityModel.Tokens. See PR #2508
• Adjust uppercase json serialization tests to fix an unreliable test method, add consistency to naming. See PR #2512
• Disable the 'restore' and 'build' steps of 'build and pack' in build.sh, improving speed. See PR #2521

7.4.0

New Features:

• Introduced an injection point for external metadata management and adjusted the issuer Last Known Good (LKG) to maintain the state within the issuer validator. See PR #2480.
• Made an internal virtual method public, enabling users to provide signature providers. See PR #2497.

Performance Improvements:

• Added a new JsonWebToken constructor that accepts Memory for improved performance, along with enhancements to existing constructors. More information can be found in issue #2487 and in PR #2458.

Fundamentals:

• Resolved the issue of duplicated log messages in the source code and made IDX10506 log message more specific. For more details, refer to PR #2481.
• Enhanced Json serialization by ensuring the complete object is always read. This improvement can be found in PR #2491.

Engineering Excellence:

• Streamlined the build and release process by replacing the dependency on updateAssemblyInfo.ps1 with the Version property. Check out the details in PR #2494.
• Excluded the packing of Benchmark and TestApp projects for a more efficient process. Details available in PR #2496.

7.3.1

Bug Fixes:

• Replace propertyName with MetadataName constant. See issue #2471 for details.
• Fix 6x to 7x regression where mixed cases OIDC json was not correctly process. See #2404 and #2402 for details.

... (truncated)

Commits

• a607fa5 Merged PR 10669: update version to 7.1.2
• 44021bb Merged PR 10664: Update dev branch from public GitHub dev
• a22ab8e Merged PR 10603: Re-enable Jwt sub claim as either Number or String
• 1966c05 fixup prefix
• 97888a2 Merged PR 10258: Compatibility with 6x for bool claims (#2367)
• 5c1ea4a Merged PR 10241: Update dev to fix the release build
• ec25d19 reduced size for netcorestandard2.1 compression size is larger.
• b16f758 Merged PR 10217: Disable test that set statics.
• ceeff41 Merged PR 10199: Set MaximumDeflateSize
• e986e22 Merged PR 10198: Don't resolve jku claim by default
• Additional commits viewable in compare view

Updates System.IdentityModel.Tokens.Jwt from 7.5.1 to 7.1.2

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

7.5.1

Performance Improvements:

• Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504.

Fundamentals:

• Moved token lifetime validation logic to an internal static class. See PR #2547.

Bug Fix:

• Contribution from @​martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

7.5.0

New features

• Supports the 1.1 version of the Microsoft Entra ID Endpoint #2503

7.4.1

Bug Fixes:

• SamlSecurityTokenHandler and Saml2SecurityTokenHandler now can fetch configuration when validating SAML issuer and signature. See PR #2412
• JsonWebToken.ReadToken now correctly checks Dot3 index in JWE. See PR #2501

Engineering Excellence:

• Remove reference to Microsoft.IdentityModel.Logging in Microsoft.IdentityModel.Protocols, which already depends on it via Microsoft.IdentityModel.Tokens. See PR #2508
• Adjust uppercase json serialization tests to fix an unreliable test method, add consistency to naming. See PR #2512
• Disable the 'restore' and 'build' steps of 'build and pack' in build.sh, improving speed. See PR #2521

7.4.0

New Features:

• Introduced an injection point for external metadata management and adjusted the issuer Last Known Good (LKG) to maintain the state within the issuer validator. See PR #2480.
• Made an internal virtual method public, enabling users to provide signature providers. See PR #2497.

Performance Improvements:

• Added a new JsonWebToken constructor that accepts Memory for improved performance, along with enhancements to existing constructors. More information can be found in issue #2487 and in PR #2458.

Fundamentals:

• Resolved the issue of duplicated log messages in the source code and made IDX10506 log message more specific. For more details, refer to PR #2481.
• Enhanced Json serialization by ensuring the complete object is always read. This improvement can be found in PR #2491.

Engineering Excellence:

• Streamlined the build and release process by replacing the dependency on updateAssemblyInfo.ps1 with the Version property. Check out the details in PR #2494.
• Excluded the packing of Benchmark and TestApp projects for a more efficient process. Details available in PR #2496.

7.3.1

Bug Fixes:

• Replace propertyName with MetadataName constant. See issue #2471 for details.
• Fix 6x to 7x regression where mixed cases OIDC json was not correctly process. See #2404 and #2402 for details.

... (truncated)

Commits

• a607fa5 Merged PR 10669: update version to 7.1.2
• 44021bb Merged PR 10664: Update dev branch from public GitHub dev
• a22ab8e Merged PR 10603: Re-enable Jwt sub claim as either Number or String
• 1966c05 fixup prefix
• 97888a2 Merged PR 10258: Compatibility with 6x for bool claims (#2367)
• 5c1ea4a Merged PR 10241: Update dev to fix the release build
• ec25d19 reduced size for netcorestandard2.1 compression size is larger.
• b16f758 Merged PR 10217: Disable test that set statics.
• ceeff41 Merged PR 10199: Set MaximumDeflateSize
• e986e22 Merged PR 10198: Don't resolve jku claim by default
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
Microsoft.AspNetCore.Authentication.JwtBearer	[>= 7.a, < 8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

This change is 

[github-actions]

⚠️ Commit Message Format Issues ⚠️

commit c966aa7a28:
1: T1 Title exceeds max length (118>72): "Bump Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt"
3: B1 Line exceeds max length (386>80): "Bumps Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together."
7: B1 Line exceeds max length (85>80): "- Changelog"
11: B1 Line exceeds max length (112>80): "- Release notes"
12: B1 Line exceeds max length (121>80): "- Changelog"
13: B1 Line exceeds max length (119>80): "- Commits"
16: B1 Line exceeds max length (112>80): "- Release notes"
17: B1 Line exceeds max length (121>80): "- Changelog"
18: B1 Line exceeds max length (119>80): "- Commits"

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.67%. Comparing base (7a599d0) to head (c966aa7).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3519      +/-   ##
==========================================
+ Coverage   74.62%   74.67%   +0.04%     
==========================================
  Files         286      286              
  Lines       11001    11001              
  Branches     1338     1338              
==========================================
+ Hits         8210     8215       +5     
+ Misses       2408     2404       -4     
+ Partials      383      382       -1     

Flag	Coverage Δ
backend	83.71% <ø> (+0.09%)	⬆️
frontend	66.63% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[imnasnainaec]

Why do the *.IdentityModel.Tokens* packages need to be rolled back?