Bump Microsoft.IdentityModel.JsonWebTokens from 8.9.0 to 8.15.0

[dependabot[bot]]

Updated Microsoft.IdentityModel.JsonWebTokens from 8.9.0 to 8.15.0.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.14.0

8.14.0

Bug Fixes

• Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

8.13.1

8.13.1

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

• Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

• Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

8.13.0

8.13.0

8.13.0

Fundamentals

• CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
• Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
• Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

What's Changed

• Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278
• Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274
• Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280
• changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282

New Contributors

• @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274

Full Changelog: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0

8.12.1

8.12.1

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3263 for details.
• To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
• Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

What's Changed

• Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259
• Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261
• Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263

Full Changelog: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1

8.12.0

8.12.0

New Features

• Enhance ConfigurationManager with event handling
  Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

• Add expected Base64UrlEncoder.Decode overload for NET6 and 8
  Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
  For details see #​3249

Fundamentals

• Add AI assist rules
  Incorporated AI assist rules to enhance AI agents effectiveness.
  For details see #​3255
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
  For details see #​3256
• Move suppression of RS006 to csproj
  Centralized suppression of RS006 warnings in project files for easier management.
  For details see #​3230

What's Changed

• Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230
• Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250
• add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255
• Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256
• Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258

Full Changelog: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0

8.11.0

8.11.0

New Features:

• Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
• Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

What's Changed

• few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242
• Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241
• Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244
• update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246
• Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243
• changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248

Full Changelog: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0

8.10.0

8.10.0

Bug Fixes

• Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
• Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220.
• Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3228 and #​3232.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[kzu]

:test_tube: Details on macOS Unix 15.7.1

:test_tube: Details on Ubuntu 24.04.3 LTS

:test_tube: Details on Microsoft Windows 10.0.26100

from dotnet-retest v1.0.0 on .NET 9.0.10 with :purple_heart: by @devlooped