Skip to content

build(deps): bump IdentityModel from 3.9.0 to 6.0.0 #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump IdentityModel from 3.9.0 to 6.0.0 #158

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 27, 2021
edited
Loading

Bumps IdentityModel from 3.9.0 to 6.0.0.

Release notes

Sourced from IdentityModel's releases.

5.0.0

Release to go along Duende IdentityServer v5

  • removed all dependencies on JSON.NET
  • re-worked internal parameter handling to allow multiple parameters of same type (required e.g. for resource parameter)

4.1.0

added an additional target for .NET 4.7.2

4.0.0

IdentityModel has been growing organically over the last years, and we felt it is necessary to do some fundamental cleanup. At the same time it is used by a lot of people and companies (currently around 20 million downloads on nuget) – which is a bit scary when doing breaking changes.

But since we are at a point where a new .NET Core runtime is released, and thus many other libraries will release new major version, we thought that this might be a good opportunity to make the changes.

This version is a breaking release!!!

Stay on v3.x if you are using:

  • IdentityServer4 v2.x
  • IdentityServer4.AccessTokenValidation v2.x
  • IdentityModel.AspNetCore.OAuth2Introspection v3.x
  • IdentityModel.OidcClient v2.x

All subsequent major versions of the above mentioned packages have switched to IdentityModel v4 and will be released along with IdentityServer4 v3 on the 23rd September.

In the coming days I will push IdentityModel v4 to nuget – here’s a high level list of the changes.

Target frameworks I dropped the net452 target – v4 is targeting net461 and netstandard2.0 only.

Removed old *Client classes I removed the protocol client classes like TokenClient in favour of the newer style extension methods for HttpMessageInvoker (the base class of HttpClient). This allows you to manage the setup and lifetime of the HTTP client yourself. I added a new TokenClient and IntrospectionClient based on the new design which is now DI and HttpClientFactory friendly. I did that mainly because I needed them in some other project. Give them a try, and see if they work for you as well.

Removed access token related delegating handlers for HttpClient I never was happy with their design, and they also did not work for some common scenarios. Part of the work has been moved to OidcClient (for native apps) and part of it has been moved to the ASP.NET Core specific IdentityModel.

Updated extension methods The protocol extensions methods have been re-written from the ground up. The public API surface stayed mostly the same, but certain classes have been renamed for clarity. The request objects now derive from HttpRequestMessage which gives you more control over the HTTP details (e.g. headers).

Updated Epoch Extensions Year 2038 is coming! All extensions have been updated to use long instead of int. Alternatively – .NET has built-in support now as well. So feel free to switch to that if you like.

Misc I probably changed some parameter, classes and namespace names..

3.10.1

  • fix #157
  • add authenticode signing.

... (truncated)

Commits
  • 2c10f4b Change data type from string to Uri (#413)
  • cd78229 Add more CIBA related properties to DiscoveryDocumentResponse.cs
  • 8836f44 cleanup
  • 1bc30d1 add logic to ignore other parameters if a CIBA request object is set
  • 4d2b8dd Add BackchannelAuthenticationEndpoint to DiscoveryDocumentResponse.cs
  • d44a948 Add documentation (#419)
  • 5083fae Update README.md
  • 42c6b27 Added more CIBA constants and resource indicator support
  • 5827d3a More CIBA
  • 773ce08 Only throw when a combination of client ID, assertion and authZ header is used.
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump IdentityModel from 3.9.0 to 6.0.0
86f6001 
Bumps [IdentityModel](https://github.com/IdentityModel/IdentityModel) from 3.9.0 to 6.0.0.
- [Release notes](https://github.com/IdentityModel/IdentityModel/releases)
- [Commits](DuendeArchive/IdentityModel@3.9.0...6.0.0)

---
updated-dependencies:
- dependency-name: IdentityModel
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 27, 2021
@dependabot dependabot bot mentioned this pull request Dec 27, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant