Bump Microsoft.Identity.Web.UI, Microsoft.Identity.Web, Microsoft.AspNetCore.Authentication.JwtBearer and Microsoft.AspNetCore.Authentication.OpenIdConnect in /TaskChecklist

[dependabot]

Bumps Microsoft.Identity.Web.UI, Microsoft.Identity.Web, Microsoft.AspNetCore.Authentication.JwtBearer and Microsoft.AspNetCore.Authentication.OpenIdConnect. These dependencies needed to be updated together.
Updates Microsoft.Identity.Web.UI from 2.19.1 to 3.0.1

Release notes

Sourced from Microsoft.Identity.Web.UI's releases.

3.0.1

• Updated to Microsoft.IdentityModel.* 8.0.1

2.21.0

• Updated to Microsoft.IdentityModel 7.7.0

CVE package updates

CVE-2024-30105

3.0.0

CVE package updates

CVE-2024-30105

• See PR #2929 for details.

• Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0

• See rel/v2 changelog for full list of added features to 3.0.0.

Fundamentals:

• Update lab cert and lab version. See PR #2923 for details.

2.20.0

• Updated to Microsoft.Identity.Abstractions 6.0.0 which adds one method to IAuthorizationHeaderProvider

New features

• Implements the updated IAuthorizationHeaderProvider interface (the new method CreateAuthorizationHeaderForAppAsync). See issue #2907
• If an IMsalHttpClientFactory is added to the service collection, it's not used by IdWeb token acquisition. See issue #2911 This will be use to enable some IPv6 scenarios.

Bug fixes

• Fix metadata address creation when using AddMicrosoftIdentityWebApp. See issue #2752
• Use MSAL.NET instead of DefaultAzureCredential for Federation identity credentials scenario. See 2894

Fundamentals

• Updating Lab Api to 0.13.3

3.0.0-preview3

• Updated to Microsoft.IdentityModel.* 8.0.0-preview3

3.0.0-preview2

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

New features:

• Change GetSignedAssertion public API. See issue #2853 for details.

... (truncated)

Changelog

Sourced from Microsoft.Identity.Web.UI's changelog.

3.0.1

• Updated to Microsoft.IdentityModel.* 8.0.1

3.0.0

CVE package updates

CVE-2024-30105

• See PR #2929 for details.

• Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0

• See rel/v2 changelog for full list of added features to 3.0.0.

Fundamentals:

• Update lab cert and lab version. See PR #2923 for details.

3.0.0-preview3

• Updated to Microsoft.IdentityModel.* 8.0.0-preview3

3.0.0-preview2

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

New features:

• Change GetSignedAssertion public API. See issue #2853 for details.
• Update to latest .NET 9 preview 4. See issue #2877 for details.

3.0.0-preview1

Breaking changes

• Remove netcoreapp3.1 support, see issue #2262 for details.
• Remove net5.0 support from Microsoft.Identity.Web.UI, see issue #2711 for details.

New features

• Microsoft.Identity.Web can be conditionally built on .net9.0-preview, see issue #2702 for details.
• Microsoft.Identity.Web nows processes the AcceptHeader and ContentType if provided, see issue #2806 for details.
• Target Microsoft.IdentityModel 7x in OWIN targets, see issue #2785 for details.

========

See rel/v2 changelog for full list of added features to 3.0.0.

========

2.19.0

• Updated to Microsoft.IdentityModel.* 7.6.0

... (truncated)

Commits

• See full diff in compare view

Updates Microsoft.Identity.Web from 2.19.1 to 3.0.1

Release notes

Sourced from Microsoft.Identity.Web's releases.

3.0.1

• Updated to Microsoft.IdentityModel.* 8.0.1

2.21.0

• Updated to Microsoft.IdentityModel 7.7.0

CVE package updates

CVE-2024-30105

3.0.0

CVE package updates

CVE-2024-30105

• See PR #2929 for details.

• Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0

• See rel/v2 changelog for full list of added features to 3.0.0.

Fundamentals:

• Update lab cert and lab version. See PR #2923 for details.

2.20.0

• Updated to Microsoft.Identity.Abstractions 6.0.0 which adds one method to IAuthorizationHeaderProvider

New features

• Implements the updated IAuthorizationHeaderProvider interface (the new method CreateAuthorizationHeaderForAppAsync). See issue #2907
• If an IMsalHttpClientFactory is added to the service collection, it's not used by IdWeb token acquisition. See issue #2911 This will be use to enable some IPv6 scenarios.

Bug fixes

• Fix metadata address creation when using AddMicrosoftIdentityWebApp. See issue #2752
• Use MSAL.NET instead of DefaultAzureCredential for Federation identity credentials scenario. See 2894

Fundamentals

• Updating Lab Api to 0.13.3

3.0.0-preview3

• Updated to Microsoft.IdentityModel.* 8.0.0-preview3

3.0.0-preview2

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

New features:

• Change GetSignedAssertion public API. See issue #2853 for details.

... (truncated)

Changelog

Sourced from Microsoft.Identity.Web's changelog.

3.0.1

• Updated to Microsoft.IdentityModel.* 8.0.1

3.0.0

CVE package updates

CVE-2024-30105

• See PR #2929 for details.

• Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0

• See rel/v2 changelog for full list of added features to 3.0.0.

Fundamentals:

• Update lab cert and lab version. See PR #2923 for details.

3.0.0-preview3

• Updated to Microsoft.IdentityModel.* 8.0.0-preview3

3.0.0-preview2

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

New features:

• Change GetSignedAssertion public API. See issue #2853 for details.
• Update to latest .NET 9 preview 4. See issue #2877 for details.

3.0.0-preview1

Breaking changes

• Remove netcoreapp3.1 support, see issue #2262 for details.
• Remove net5.0 support from Microsoft.Identity.Web.UI, see issue #2711 for details.

New features

• Microsoft.Identity.Web can be conditionally built on .net9.0-preview, see issue #2702 for details.
• Microsoft.Identity.Web nows processes the AcceptHeader and ContentType if provided, see issue #2806 for details.
• Target Microsoft.IdentityModel 7x in OWIN targets, see issue #2785 for details.

========

See rel/v2 changelog for full list of added features to 3.0.0.

========

2.19.0

• Updated to Microsoft.IdentityModel.* 7.6.0

... (truncated)

Commits

• See full diff in compare view

Updates Microsoft.AspNetCore.Authentication.JwtBearer from 6.0.31 to 9.0.0-preview.6.24328.4

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 9.0 Preview 6

Release

.NET 9 Preview 5

Release

.NET 9 Preview 4

Release

.NET 9.0 Preview 3

Release

.NET 9.0 Preview 2

[Release[(https://github.com/dotnet/core/releases/tag/v9.0.0-preview.2)

.NET 9 Preview 1

Release

.NET 8.0.7

Release

.NET 8.0.6

Release

.NET 8.0.5

Release

What's Changed

• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#54744
• Update branding to 8.0.5 by @​vseanreesermsft in dotnet/aspnetcore#54907
• [release/8.0] Convert to 1ES templates by @​RussKie in dotnet/aspnetcore#54660
• Increase logs and delays in CanLaunchPhotinoWebViewAndClickButton by @​Eilon in dotnet/aspnetcore#54608
• [release/8.0] (deps): Bump src/submodules/googletest from 31993df to 77afe8e by @​dependabot in dotnet/aspnetcore#54872
• [release/8.0] Reduce helix-matrix timeout to 5 hours by @​github-actions in dotnet/aspnetcore#54778
• [release/8.0] Preserve RemoteAuthenticationContext during trimming if used in JS interop by @​halter73 in dotnet/aspnetcore#54655
• [release/8.0] Improve usage of Type.GetType when activating types in data protection by @​github-actions in dotnet/aspnetcore#54762
• [release/8.0] Fix route analyzer performance with highly concatenated strings by @​github-actions in dotnet/aspnetcore#54763
• [release/8.0] Suppress .ps1 SDL errors by @​wtgodbe in dotnet/aspnetcore#54915
• [release/8.0] Backport test fixes by @​MackinnonBuck in dotnet/aspnetcore#54912
• [release/8.0] Skip SpotBugs for now by @​wtgodbe in dotnet/aspnetcore#54952
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#55034
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#55061
• [release/8.0] Update Wix version by @​github-actions in dotnet/aspnetcore#55101

Full Changelog: dotnet/aspnetcore@v8.0.4...v8.0.5

.NET 8.0.4

Release

... (truncated)

Commits

• f508452 [release/9.0-preview6] Update dependencies from dotnet/efcore, dotnet/runtime...
• 07fefab [release/9.0-preview6] Update dependencies from dotnet/efcore (#56406)
• 68adb02 [release/9.0-preview6] Update dependencies from dotnet/runtime (#56354)
• b6fed08 Update milestones for August (#56350)
• c40405f [main] Update dependencies from dotnet/source-build-externals (#56342)
• de37915 Fix urls in ProjectTemplates/README (#55984)
• 613ac88 Update dependencies from https://github.com/dotnet/winforms build 20240617.1 ...
• 613c1e9 Re-plat on JsonExporter APIs and remove JsonSchemaMapper prototype (#56330)
• 7712869 SE.Redis DC backend / HybridCache : add net8.0 TFM (#56122)
• 79cab58 [main] Update dependencies from dotnet/xdt (#56293)
• Additional commits viewable in compare view

Updates Microsoft.AspNetCore.Authentication.OpenIdConnect from 6.0.31 to 9.0.0-preview.6.24328.4

Release notes

Sourced from Microsoft.AspNetCore.Authentication.OpenIdConnect's releases.

.NET 9.0 Preview 6

Release

.NET 9 Preview 5

Release

.NET 9 Preview 4

Release

.NET 9.0 Preview 3

Release

.NET 9.0 Preview 2

[Release[(https://github.com/dotnet/core/releases/tag/v9.0.0-preview.2)

.NET 9 Preview 1

Release

.NET 8.0.7

Release

.NET 8.0.6

Release

.NET 8.0.5

Release

What's Changed

• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#54744
• Update branding to 8.0.5 by @​vseanreesermsft in dotnet/aspnetcore#54907
• [release/8.0] Convert to 1ES templates by @​RussKie in dotnet/aspnetcore#54660
• Increase logs and delays in CanLaunchPhotinoWebViewAndClickButton by @​Eilon in dotnet/aspnetcore#54608
• [release/8.0] (deps): Bump src/submodules/googletest from 31993df to 77afe8e by @​dependabot in dotnet/aspnetcore#54872
• [release/8.0] Reduce helix-matrix timeout to 5 hours by @​github-actions in dotnet/aspnetcore#54778
• [release/8.0] Preserve RemoteAuthenticationContext during trimming if used in JS interop by @​halter73 in dotnet/aspnetcore#54655
• [release/8.0] Improve usage of Type.GetType when activating types in data protection by @​github-actions in dotnet/aspnetcore#54762
• [release/8.0] Fix route analyzer performance with highly concatenated strings by @​github-actions in dotnet/aspnetcore#54763
• [release/8.0] Suppress .ps1 SDL errors by @​wtgodbe in dotnet/aspnetcore#54915
• [release/8.0] Backport test fixes by @​MackinnonBuck in dotnet/aspnetcore#54912
• [release/8.0] Skip SpotBugs for now by @​wtgodbe in dotnet/aspnetcore#54952
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#55034
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#55061
• [release/8.0] Update Wix version by @​github-actions in dotnet/aspnetcore#55101

Full Changelog: dotnet/aspnetcore@v8.0.4...v8.0.5

.NET 8.0.4

Release

... (truncated)

Commits

• f508452 [release/9.0-preview6] Update dependencies from dotnet/efcore, dotnet/runtime...
• 07fefab [release/9.0-preview6] Update dependencies from dotnet/efcore (#56406)
• 68adb02 [release/9.0-preview6] Update dependencies from dotnet/runtime (#56354)
• b6fed08 Update milestones for August (#56350)
• c40405f [main] Update dependencies from dotnet/source-build-externals (#56342)
• de37915 Fix urls in ProjectTemplates/README (#55984)
• 613ac88 Update dependencies from https://github.com/dotnet/winforms build 20240617.1 ...
• 613c1e9 Re-plat on JsonExporter APIs and remove JsonSchemaMapper prototype (#56330)
• 7712869 SE.Redis DC backend / HybridCache : add net8.0 TFM (#56122)
• 79cab58 [main] Update dependencies from dotnet/xdt (#56293)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)