Bump Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt in /Backend

[dependabot]

Bumps Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together.
Updates Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.3 to 8.0.11

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 8.0.11

Release

What's Changed

• Update branding to 8.0.11 by @​vseanreesermsft in dotnet/aspnetcore#58198
• [release/8.0] (deps): Bump src/submodules/googletest from ff233bd to 6dae7eb by @​dependabot in dotnet/aspnetcore#58180
• [release/8.0] Add explicit conversion for value-type returning handlers with filters by @​captainsafia in dotnet/aspnetcore#57966
• [release/8.0] Stop using Mac 11 in Helix by @​wtgodbe in dotnet/aspnetcore#58063
• [release/8.0] Enable TSA/Policheck by @​github-actions in dotnet/aspnetcore#58124
• [release/8.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 by @​dependabot in dotnet/aspnetcore#58179
• [Backport] Http.Sys: Clean up Request parsing errors by @​BrennanConroy in dotnet/aspnetcore#57819
• [release/8.0] Update the Microsoft.Identity.Web versions used by project templates by @​halter73 in dotnet/aspnetcore#58229
• Add registry search for upgrade policy keys, update dependencies from Arcade by @​dotnet-maestro in dotnet/aspnetcore#58278
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#58300
• [release/8.0] Remove ProviderKey from Hosting Bundle by @​github-actions in dotnet/aspnetcore#58294
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#58352
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#58347
• [release/8.0] Improve dev-certs export error message by @​amcasey in dotnet/aspnetcore#58470
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#58474

Full Changelog: dotnet/aspnetcore@v8.0.10...v8.0.11

.NET 8.0.10

Release

.NET 8.0.8

Release

.NET 8.0.7

Release

.NET 8.0.6

Release

.NET 8.0.5

Release

What's Changed

• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#54744
• Update branding to 8.0.5 by @​vseanreesermsft in dotnet/aspnetcore#54907
• [release/8.0] Convert to 1ES templates by @​RussKie in dotnet/aspnetcore#54660
• Increase logs and delays in CanLaunchPhotinoWebViewAndClickButton by @​Eilon in dotnet/aspnetcore#54608
• [release/8.0] (deps): Bump src/submodules/googletest from 31993df to 77afe8e by @​dependabot in dotnet/aspnetcore#54872
• [release/8.0] Reduce helix-matrix timeout to 5 hours by @​github-actions in dotnet/aspnetcore#54778
• [release/8.0] Preserve RemoteAuthenticationContext during trimming if used in JS interop by @​halter73 in dotnet/aspnetcore#54655
• [release/8.0] Improve usage of Type.GetType when activating types in data protection by @​github-actions in dotnet/aspnetcore#54762
• [release/8.0] Fix route analyzer performance with highly concatenated strings by @​github-actions in dotnet/aspnetcore#54763
• [release/8.0] Suppress .ps1 SDL errors by @​wtgodbe in dotnet/aspnetcore#54915
• [release/8.0] Backport test fixes by @​MackinnonBuck in dotnet/aspnetcore#54912

... (truncated)

Commits

• 4757647 Merged PR 44074: [internal/release/8.0] Update dependencies from dnceng/inter...
• 809a619 Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ef...
• 8e8eded Merged PR 44051: [internal/release/8.0] Updated NuGet.config - add feed for e...
• 53c99d3 [internal/release/8.0] Updated NuGet.config - add feed for efcore 3b21bdbc
• bb08e05 Merged PR 44022: [internal/release/8.0] Update dependencies from dnceng/inter...
• 155b8bf Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ef...
• cb771e5 Merged PR 44008: [internal/release/8.0] Merge from public
• 49c3e20 Update dependencies from https://github.com/dotnet/arcade build 20241016.1 (#...
• fc878b7 Merged PR 43936: [internal/release/8.0] Update dependencies from dnceng/inter...
• 4c938ae Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ru...
• Additional commits viewable in compare view

Updates Microsoft.IdentityModel.Tokens from 7.5.1 to 7.1.2

Changelog

Sourced from Microsoft.IdentityModel.Tokens's changelog.

7.5.1

Performance Improvements:

• Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504.

Fundamentals:

• Moved token lifetime validation logic to an internal static class. See PR #2547.

Bug Fix:

• Contribution from @​martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

7.5.0

New features

• Supports the 1.1 version of the Microsoft Entra ID Endpoint #2503

7.4.1

Bug Fixes:

• SamlSecurityTokenHandler and Saml2SecurityTokenHandler now can fetch configuration when validating SAML issuer and signature. See PR #2412
• JsonWebToken.ReadToken now correctly checks Dot3 index in JWE. See PR #2501

Engineering Excellence:

• Remove reference to Microsoft.IdentityModel.Logging in Microsoft.IdentityModel.Protocols, which already depends on it via Microsoft.IdentityModel.Tokens. See PR #2508
• Adjust uppercase json serialization tests to fix an unreliable test method, add consistency to naming. See PR #2512
• Disable the 'restore' and 'build' steps of 'build and pack' in build.sh, improving speed. See PR #2521

7.4.0

New Features:

• Introduced an injection point for external metadata management and adjusted the issuer Last Known Good (LKG) to maintain the state within the issuer validator. See PR #2480.
• Made an internal virtual method public, enabling users to provide signature providers. See PR #2497.

Performance Improvements:

• Added a new JsonWebToken constructor that accepts Memory for improved performance, along with enhancements to existing constructors. More information can be found in issue #2487 and in PR #2458.

Fundamentals:

• Resolved the issue of duplicated log messages in the source code and made IDX10506 log message more specific. For more details, refer to PR #2481.
• Enhanced Json serialization by ensuring the complete object is always read. This improvement can be found in PR #2491.

Engineering Excellence:

• Streamlined the build and release process by replacing the dependency on updateAssemblyInfo.ps1 with the Version property. Check out the details in PR #2494.
• Excluded the packing of Benchmark and TestApp projects for a more efficient process. Details available in PR #2496.

7.3.1

Bug Fixes:

• Replace propertyName with MetadataName constant. See issue #2471 for details.
• Fix 6x to 7x regression where mixed cases OIDC json was not correctly process. See #2404 and #2402 for details.

... (truncated)

Commits

• a607fa5 Merged PR 10669: update version to 7.1.2
• 44021bb Merged PR 10664: Update dev branch from public GitHub dev
• a22ab8e Merged PR 10603: Re-enable Jwt sub claim as either Number or String
• 1966c05 fixup prefix
• 97888a2 Merged PR 10258: Compatibility with 6x for bool claims (#2367)
• 5c1ea4a Merged PR 10241: Update dev to fix the release build
• ec25d19 reduced size for netcorestandard2.1 compression size is larger.
• b16f758 Merged PR 10217: Disable test that set statics.
• ceeff41 Merged PR 10199: Set MaximumDeflateSize
• e986e22 Merged PR 10198: Don't resolve jku claim by default
• Additional commits viewable in compare view

Updates System.IdentityModel.Tokens.Jwt from 7.5.1 to 7.1.2

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

7.5.1

Performance Improvements:

• Use Base64.DecodeFromUtf8InPlace for base64 decode that saves 12% on token read time. Note that JsonWebToken no longer throws ArgumentOutOfRangeException and ArgumentException exceptions. See PR #2504.

Fundamentals:

• Moved token lifetime validation logic to an internal static class. See PR #2547.

Bug Fix:

• Contribution from @​martinb69 to fix correct parsing of UserInfoEndpoint. See issue #2548 for details.

7.5.0

New features

• Supports the 1.1 version of the Microsoft Entra ID Endpoint #2503

7.4.1

Bug Fixes:

• SamlSecurityTokenHandler and Saml2SecurityTokenHandler now can fetch configuration when validating SAML issuer and signature. See PR #2412
• JsonWebToken.ReadToken now correctly checks Dot3 index in JWE. See PR #2501

Engineering Excellence:

• Remove reference to Microsoft.IdentityModel.Logging in Microsoft.IdentityModel.Protocols, which already depends on it via Microsoft.IdentityModel.Tokens. See PR #2508
• Adjust uppercase json serialization tests to fix an unreliable test method, add consistency to naming. See PR #2512
• Disable the 'restore' and 'build' steps of 'build and pack' in build.sh, improving speed. See PR #2521

7.4.0

New Features:

• Introduced an injection point for external metadata management and adjusted the issuer Last Known Good (LKG) to maintain the state within the issuer validator. See PR #2480.
• Made an internal virtual method public, enabling users to provide signature providers. See PR #2497.

Performance Improvements:

• Added a new JsonWebToken constructor that accepts Memory for improved performance, along with enhancements to existing constructors. More information can be found in issue #2487 and in PR #2458.

Fundamentals:

• Resolved the issue of duplicated log messages in the source code and made IDX10506 log message more specific. For more details, refer to PR #2481.
• Enhanced Json serialization by ensuring the complete object is always read. This improvement can be found in PR #2491.

Engineering Excellence:

• Streamlined the build and release process by replacing the dependency on updateAssemblyInfo.ps1 with the Version property. Check out the details in PR #2494.
• Excluded the packing of Benchmark and TestApp projects for a more efficient process. Details available in PR #2496.

7.3.1

Bug Fixes:

• Replace propertyName with MetadataName constant. See issue #2471 for details.
• Fix 6x to 7x regression where mixed cases OIDC json was not correctly process. See #2404 and #2402 for details.

... (truncated)

Commits

• a607fa5 Merged PR 10669: update version to 7.1.2
• 44021bb Merged PR 10664: Update dev branch from public GitHub dev
• a22ab8e Merged PR 10603: Re-enable Jwt sub claim as either Number or String
• 1966c05 fixup prefix
• 97888a2 Merged PR 10258: Compatibility with 6x for bool claims (#2367)
• 5c1ea4a Merged PR 10241: Update dev to fix the release build
• ec25d19 reduced size for netcorestandard2.1 compression size is larger.
• b16f758 Merged PR 10217: Disable test that set statics.
• ceeff41 Merged PR 10199: Set MaximumDeflateSize
• e986e22 Merged PR 10198: Don't resolve jku claim by default
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
Microsoft.AspNetCore.Authentication.JwtBearer	[>= 7.a, < 8]
Microsoft.IdentityModel.Tokens	[>= 7.a, < 8]
System.IdentityModel.Tokens.Jwt	[>= 7.a, < 8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: Dependabot was ignoring updates to this dependency, but since you've updated it yourself we've started tracking it for you again. 🤖

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

This change is 

[github-actions]

⚠️ Commit Message Format Issues ⚠️

commit 1ad6b754ba:
1: T1 Title exceeds max length (118>72): "Bump Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt"
3: B1 Line exceeds max length (386>80): "Bumps Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together."
7: B1 Line exceeds max length (85>80): "- Changelog"
11: B1 Line exceeds max length (112>80): "- Release notes"
12: B1 Line exceeds max length (121>80): "- Changelog"
13: B1 Line exceeds max length (119>80): "- Commits"
16: B1 Line exceeds max length (112>80): "- Release notes"
17: B1 Line exceeds max length (121>80): "- Changelog"
18: B1 Line exceeds max length (119>80): "- Commits"

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.67%. Comparing base (cf6d1eb) to head (1ad6b75).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3505      +/-   ##
==========================================
- Coverage   74.71%   74.67%   -0.05%     
==========================================
  Files         285      285              
  Lines       10996    10996              
  Branches     1337     1337              
==========================================
- Hits         8216     8211       -5     
- Misses       2398     2402       +4     
- Partials      382      383       +1     

Flag	Coverage Δ
backend	83.62% <ø> (-0.10%)	⬇️
frontend	66.70% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.