Bump System.IdentityModel.Tokens.Jwt from 6.32.2 to 7.0.0

[dependabot]

Bumps System.IdentityModel.Tokens.Jwt from 6.32.2 to 7.0.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

7.0.0

See IdentityModel7x for the updates on this much anticipated release.

7.0.0-preview5

Bug fixes:

• Improve log messages. See PR #2289 for details.
• In AadIssuerValidator return a ValueTask<string> instead of a Task<string>. See Issue #2286 and PR [https://redirect.github.com/Change Task to ValueTask. AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2287] for details.
• Deprecate int? JwtPayload.Exp, .Iat, and .Nbf. See issue #2266 for details, #92, and #1525.
• General clean-up. See PR #2285.

7.0.0-preview4

Bug fixes:

• Add nullables to the properties in WsFederationMessage. See issue #2240 for details.
• Fix regression where JsonWebToken.TryGetPayloadValue() was not compatible with dictionary types. See issue #2246 for details.
• Fix regression where dictionary claims added to SecurityTokenDescriptor.Claims are no longer correctly serialized. See issue #2245 for details.
• Fix regression with a Y2038 bug. See issue #2261 for details.
• Fix a regression where claims with multiple values are incorrectly serialized. See #2244 for details.

Performance improvements:

• Remove sync-over-async pattern with JsonWebTokens.ValidateToken, which when in the hot path can lead to threadpool starvation. See issue #2253 for details.
• Perf testing using brenchmark dotnet and crank, similar to aspnetcore, to better gauge requests per second perf impacts. See issue #2232 for details.
• Use optimistic synchronization in JsonWebToken.Audiences. See PR for details.
• Reduce allocations when enumerating over collections. See PR for details.

Documentation:

• Fix description for JWT X5tS256 field.

Fundamentals:

• Improvements to the build script to accommodate .NET's source-build requirements. See PR for details.

7.0.0-preview3

Performance improvements:

• Replace Newtonsoft.Json with System.Text.Json, see #2233, and as a result, ASP.NET's JwtBearer auth handler will now be fully AOT compatible.

7.0.0-preview2

Performance improvements:

• Series of perf improvements in collaboration with ASP .NET Core DevDiv team, results in improvements from 280K Request per second (RPS) in 7.0.0-preview to 370K RPS in 7.0.0-preview2, with more improvements to come in later versions: #2195, #2194, #2193, #2192, #2190, #2188, #2184, #2181, #2180, #2178, #2175, #2172, #2171, #2170, #2169, #2168, #2167, #2166, #2164, #2162, #2161, #2160, #2159, #2158, #2221

• First increment in replacing newtonsoft with System.Text.Json, see #2174

• Reading and writing JsonWebKey and JsonWebKeySet types now use System.Text.Json.Utf8JsonReaders/Writers for serialization. Seee PR @​2208 for details.

• Remove the use of Newtonsoft from OpenIdConnectConfiguration and OpenIdConnectMessage. See PR @​2214 for details.

... (truncated)

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

7.0.0

See IdentityModel7x for the updates on this much anticipated release.

7.0.0-preview5

Bug fixes:

• Improve log messages. See PR #2289 for details.
• In AadIssuerValidator return a ValueTask<string> instead of a Task<string>. See Issue #2286 and PR [https://redirect.github.com/Change Task to ValueTask. AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2287] for details.
• Deprecate int? JwtPayload.Exp, .Iat, and .Nbf. See issue #2266 for details, #92, and #1525.
• General clean-up. See PR #2285.

7.0.0-preview4

Bug fixes:

• Add nullables to the properties in WsFederationMessage. See issue #2240 for details.
• Fix regression where JsonWebToken.TryGetPayloadValue() was not compatible with dictionary types. See issue #2246 for details.
• Fix regression where dictionary claims added to SecurityTokenDescriptor.Claims are no longer correctly serialized. See issue #2245 for details.
• Fix regression with a Y2038 bug. See issue #2261 for details.
• Fix a regression where claims with multiple values are incorrectly serialized. See #2244 for details.

Performance improvements:

• Remove sync-over-async pattern with JsonWebTokens.ValidateToken, which when in the hot path can lead to threadpool starvation. See issue #2253 for details.
• Perf testing using brenchmark dotnet and crank, similar to aspnetcore, to better gauge requests per second perf impacts. See issue #2232 for details.
• Use optimistic synchronization in JsonWebToken.Audiences. See PR for details.
• Reduce allocations when enumerating over collections. See PR for details.

Documentation:

• Fix description for JWT X5tS256 field.

Fundamentals:

• Improvements to the build script to accommodate .NET's source-build requirements. See PR for details.

7.0.0-preview3

Performance improvements:

• Replace Newtonsoft.Json with System.Text.Json, see #2233, and as a result, ASP.NET's JwtBearer auth handler will now be fully AOT compatible.

7.0.0-preview2

Performance improvements:

• Series of perf improvements in collaboration with ASP .NET Core DevDiv team, results in improvements from 280K Request per second (RPS) in 7.0.0-preview to 370K RPS in 7.0.0-preview2, with more improvements to come in later versions: #2195, #2194, #2193, #2192, #2190, #2188, #2184, #2181, #2180, #2178, #2175, #2172, #2171, #2170, #2169, #2168, #2167, #2166, #2164, #2162, #2161, #2160, #2159, #2158, #2221

• First increment in replacing newtonsoft with System.Text.Json, see #2174

• Reading and writing JsonWebKey and JsonWebKeySet types now use System.Text.Json.Utf8JsonReaders/Writers for serialization. Seee PR @​2208 for details.

• Remove the use of Newtonsoft from OpenIdConnectConfiguration and OpenIdConnectMessage. See PR @​2214 for details.

... (truncated)

Commits

• bf4cb25 remove preview from buildConfig.xml (#2310)
• c82b10b update to 7x for yaml (#2309)
• 74a59f2 7.0.0 changelog (#2308)
• 2fef5a9 add year2038 bug issues to changelog (#2306)
• d02e451 Revert to 6x behavior where users can clear.
• 650e55d Support 6x where JsonWebToken.GetPayloadValue<string>("aud")
• 675a7fc reverted to skipping audiences strings that are null
• 76aa676 Add support for IList<string>, ICollection<string>
• f602540 Add access to shared components
• ec3086a update benchmark tool to use dev (#2299)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)