fix(dotnet): bump Microsoft.Identity.Web and Microsoft.AspNetCore.Authentication.JwtBearer in /dotnet/iwebapi/Company.WebApplication1

[dependabot]

Bumps Microsoft.Identity.Web and Microsoft.AspNetCore.Authentication.JwtBearer. These dependencies needed to be updated together.
Updates Microsoft.Identity.Web from 2.16.1 to 3.3.1

Release notes

Sourced from Microsoft.Identity.Web's releases.

3.3.1

• Updated to Microsoft.IdentityModel.* 8.2.0

Supportability

• Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the appsettings.json, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json: "$schema": "https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json" This update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR #3119 for details.

Fundamentals

• Fix a flaky test in the L1L2Cache tests. See PR #3122 for details.

What's Changed

• Update changelog.md to fix release 3.2.2 which had a breaking change by @​jmprieur in AzureAD/microsoft-identity-web#3116
• Bump the notsecurity group with 19 updates by @​dependabot in AzureAD/microsoft-identity-web#3115
• Adding a json schema for Microsoft.Identity.Web configuration by @​jmprieur in AzureAD/microsoft-identity-web#3119
• Fixed flaky tests by @​alexholub113 in AzureAD/microsoft-identity-web#3122
• Update changelog.md 3.3.1 by @​jennyf19 in AzureAD/microsoft-identity-web#3123
• Add Ask Mode Change Template by @​kellyyangsong in AzureAD/microsoft-identity-web#3110

New Contributors

• @​alexholub113 made their first contribution in AzureAD/microsoft-identity-web#3122

Full Changelog: AzureAD/microsoft-identity-web@3.3.0...3.3.1

3.3.0

• Updated to Microsoft.Identity.Client 4.66.0
• Update system.Text.Json to 8.0.5 CVE-2024-43485
• Updated to .NET 9 RC2

New features

• Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see #2975

Fundamentals

• Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in AzureAD/microsoft-identity-web#3090
• ASP.NET Core (and other) cross-link updates by @​guardrex in AzureAD/microsoft-identity-web#3096. Thank you!
• Onboarded to Threading Analyzers. For details, see #3052
• display code coverage as PR comments
• Fix flaky EncryptionTestAsync on .NET 9.

What's Changed

• Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @​dependabot in AzureAD/microsoft-identity-web#3069
• Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in AzureAD/microsoft-identity-web#3073
• Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in AzureAD/microsoft-identity-web#3072
• Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @​dependabot in AzureAD/microsoft-identity-web#3070
• update system.Text.Json to 8.0.5 CVE-2024-43485 by @​jennyf19 in AzureAD/microsoft-identity-web#3074
• another update by @​jennyf19 in AzureAD/microsoft-identity-web#3075
• Onboard Id Web to Threading Analyzers by @​westin-m in AzureAD/microsoft-identity-web#3041
• Update .NET 9 to RC 2 by @​msbw2 in AzureAD/microsoft-identity-web#3082

... (truncated)

Changelog

Sourced from Microsoft.Identity.Web's changelog.

3.3.1

• Updated to Microsoft.IdentityModel.* 8.2.0

Supportability

• Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the appsettings.json, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json: "$schema": "https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json" This update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR #3119 for details.

Fundamentals

• Fix a flaky test in the L1L2Cache tests. See PR #3122 for details.

3.3.0

• Updated to Microsoft.Identity.Client 4.66.0
• Update system.Text.Json to 8.0.5 CVE-2024-43485
• Updated to .NET 9 RC2

New features

• Microsoft.Identity.Web token acquisitio now provides an extensibility mechanism to enlight non-standard features. For details, see #2975

Fundamentals

• Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in AzureAD/microsoft-identity-web#3090
• ASP.NET Core (and other) cross-link updates by @​guardrex in AzureAD/microsoft-identity-web#3096. Thank you!
• Onboarded to Threading Analyzers. For details, see #3052
• display code coverage as PR comments
• Fix flaky EncryptionTestAsync on .NET 9.

3.2.2

• Updated to Microsoft.IdentityModel.* 8.1.2

• Breaking change (without major version change. Sorry!) ClientAssertionProviderBase.GetSignedAssertion now takes an MSAL.NET AssertionRequestOptions and the method name has changed from GetSignedAssertion to GetClientAssertionAsync:

  var m = new ManagedIdentityClientAssertion("<some client id>");
  m.GetSignedAssertion(CancellationToken.None); // this method will break on v3.2.2  

3.2.1

• Updated to Microsoft.IdentityModel.* 8.1.1

3.2.0

• Updated to Microsoft.Identity.Abstractions 7.1.0
• Updated to Microsoft.IdentityModel.* 8.1.0
• Updated to Microsoft.Identity.Client 4.64.1  

New features

... (truncated)

Commits

• 3dc8286 Add Ask Mode Change Template (#3110)
• 7a871b9 Update changelog.md 3.3.1 (#3123)
• 45beafc Fixed flaky tests (#3122)
• 8dba2e8 Adding a json schema for Microsoft.Identity.Web configuration (#3119)
• f35f7d8 Bump the notsecurity group with 19 updates (#3115)
• 0106ea4 Update changelog.md to fix release 3.2.2 which had a breaking change (#3116)
• 195328c Update changelog.md for 3.3.0 (#3113)
• 86a35af Use Nuget config file (#3112)
• 153cb3b display code coverage as PR comments (#3107)
• 50bdedf Microsoft.Identity.Web token acquisition extensions (#3005)
• Additional commits viewable in compare view

Updates Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.1 to 9.0.0-rc.2.24474.3

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 9.0 RC 2

Release

What's Changed

• [automated] Merge branch 'release/9.0-rc1' => 'release/9.0' by @​github-actions in dotnet/aspnetcore#57420
• [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @​dotnet-maestro in dotnet/aspnetcore#57366
• [release/9.0] Add references to new 9.0 branches in .yml files by @​wtgodbe in dotnet/aspnetcore#57463
• [release/9.0] Update dependencies from dotnet/extensions by @​dotnet-maestro in dotnet/aspnetcore#57526
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#57446
• [release/9.0] Quarantine two CircuitTests by @​github-actions in dotnet/aspnetcore#57606
• [automated] Merge branch 'release/9.0-rc1' => 'release/9.0' by @​github-actions in dotnet/aspnetcore#57659
• [release/9.0] Fix duplicate error.type on kestrel.connection.duration by @​github-actions in dotnet/aspnetcore#57581
• [release/9.0] Update dependencies from dotnet/extensions by @​dotnet-maestro in dotnet/aspnetcore#57668
• [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @​dotnet-maestro in dotnet/aspnetcore#57436
• [release/9.0] Update dependencies from dotnet/winforms by @​dotnet-maestro in dotnet/aspnetcore#57527
• [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @​dotnet-maestro in dotnet/aspnetcore#57686
• [release/9.0] Update dependencies from dotnet/xdt by @​dotnet-maestro in dotnet/aspnetcore#57691
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#57667
• [release/9.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#57528
• [release/9.0] Update dependencies from dotnet/efcore by @​dotnet-maestro in dotnet/aspnetcore#57697
• [release/9.0] [Blazor] Invoke inbound activity handlers on circuit initialization by @​github-actions in dotnet/aspnetcore#57678
• Disable launching browser on Web API template by @​captainsafia in dotnet/aspnetcore#57682
• [release/9.0] [Static Assets] Improve development experience by @​github-actions in dotnet/aspnetcore#57764
• Include Readme.md in packages by @​wtgodbe in dotnet/aspnetcore#57809
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#57759
• [release/9.0] Update dependencies from dotnet/extensions by @​dotnet-maestro in dotnet/aspnetcore#57760
• [release/9.0] Update dependencies from dotnet/winforms by @​dotnet-maestro in dotnet/aspnetcore#57761
• [release/9.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#57762
• [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @​dotnet-maestro in dotnet/aspnetcore#57708
• HybridCache: relocate to dotnet/extensions by @​mgravell in dotnet/aspnetcore#57670
• [release/9.0] (deps): Bump src/submodules/googletest from ff233bd to 0953a17 by @​dependabot in dotnet/aspnetcore#57643
• Http.Sys: Clean up Request parsing errors by @​BrennanConroy in dotnet/aspnetcore#57531
• [release/9.0] Update dependencies from dotnet/runtime by @​dotnet-maestro in dotnet/aspnetcore#57835
• [release/9.0] [Identity][Templates] Ensure placeholders don't overlap with text by @​github-actions in dotnet/aspnetcore#57789
• [release/9.0] Update dependencies from dotnet/runtime by @​dotnet-maestro in dotnet/aspnetcore#57858
• Fix mapping for nested schemas and [Produces] attributes in OpenAPI implementation by @​captainsafia in dotnet/aspnetcore#57852
• [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @​dotnet-maestro in dotnet/aspnetcore#57866
• [release/9.0] [Templates] Updates libraries dependencies content by @​github-actions in dotnet/aspnetcore#57864
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#57896
• [release/9.0-rc2] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#57931
• Add registry search for upgrade policy keys by @​wtgodbe in dotnet/aspnetcore#57952
• Check for sentinel value when setting HTTP/3 error code by @​amcasey in dotnet/aspnetcore#57976
• [release/9.0-rc2] [Blazor] Update WebAssembly.DevServer to serve the Blazor-Environment header by @​github-actions in dotnet/aspnetcore#57974
• Fix IAsyncEnumerable controller methods to allow setting headers by @​BrennanConroy in dotnet/aspnetcore#57924
• Add partitioned to cookie for SignalR browser testing by @​BrennanConroy in dotnet/aspnetcore#57997

Full Changelog: dotnet/aspnetcore@v9.0.0-rc.1.24452.1...v9.0.0-rc.2.24474.3

.NET 9.0 RC 1

... (truncated)

Commits

• c70204a Merged PR 43089: [internal/release/9.0-rc2] Update dependencies from dnceng/i...
• 27ccca9 Merged PR 42952: [internal/release/9.0-rc2] Update dependencies from dnceng/i...
• ef65a77 Merged PR 42925: Merged PR 41476: Fix Http3 Pipe complete
• b77c79e Add partitioned to cookie for SignalR browser testing (#57997)
• 92376ce Fix IAsyncEnumerable controller methods to allow setting headers (#57924)
• 8371724 [release/9.0-rc2] [Blazor] Update WebAssembly.DevServer to serve the `Blazo...
• a717e7f Check for sentinel value when setting HTTP/3 error code (#57976)
• 74bdb8b Add registry search for upgrade policy keys (#57952)
• f4ee6c1 Update dependencies from https://github.com/dotnet/arcade build 20240916.2 (#...
• d76a16d Update dependencies from https://github.com/dotnet/arcade build 20240913.2 (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)