Bump System.IdentityModel.Tokens.Jwt from 6.10.0 to 6.17.0

[dependabot]

Bumps System.IdentityModel.Tokens.Jwt from 6.10.0 to 6.17.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

6.17.0

New Features

• Added a new ConfigurationManager constructor with configuration validator (#1825).

6.16.0

Enhancements

• Make Microsoft.IdentityModel.Tokens visible to S2S.Tokens (#1807).
• Added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (#1810).

6.15.1

Enhancements

• Performance improvement when caching signature providers. No need to use LRU logic since it is assumed only a small number of signature providers will be in play at a time (#1783).
• DisposableObjectPool disposes of objects on Free() when full (#1802).

Bugs

• TestTokenCreator modified to throw SecurityTokenInvalidSignatureException rather than ArgumentException(#1798).
• AadIssuerValidator fixed issue where AadIssuerValidatorConstants.Tid was used where AadIssuerValidatorConstants.TenantId should have been used (#1801).

6.15.0

New Features

• Added support for the Last Known Good feature (#1723)
• Made logging more legible by displaying Non-PII information in clear text (#1757)
• Added new GitHub Templates to report bugs (#1756)
• Added the OpenID standard scope "address" (#1787)

Enhancements

• Added multi-auth scheme support in AadIssuerValidator (#1753)
• Added default values for TokenValidationParameters (#1767)
• Improved logging to indicate issuer is an empty string (#1758) (#1761)
• Improved exception handling when metadata retrieval results in a failure (#1776)
• Added string optimizations (#1765)
• Improved performance of Saml2 attributes consolidation (#1764)
• Updated comments to use references (#1769)
• Added new unit test samples that make negative testing easier for consumers of this library. These show the most common problem token types and gives examples for validation. (#1748)

Bug Fixes

• Fixed broken links to ietf.org (#1723)

6.14.1

Bug Fixes:

The AadIssuerValidator in Microsoft.IdentityModel.Validators now uses the entire authority (instance + tenant ID), not just the authority host when validating the issuer. This was an issue which arose when using multiple authentication schemes. See issue #1752 .

6.14.0

New Features

A new assembly, Microsoft.IdentityModel.Validators, is available! It provides an issuer validator for the Microsoft identity platform (AAD and AAD B2C), working for single and multi-tenant applications and v1 and v2 token types. See #1736 and Microsoft.Identity.Web issue.

Bug Fixes

Fixes to determine when IsValid property has been checked. Includes a warning so developers ensure that token validation succeeded before reading the claims. See #1718.

... (truncated)

Commits

• 039d09b Configuration validator (#1825)
• adc8d59 update version to 6.16.1 (#1811)
• a97c9ed added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (...
• ae6110f Make M.IM.Tokens visible to S2S.Tokens (#1807)
• 9b36f95 Adding LKG feature into JwtSecurityTokenHandler
• b253983 update version to 6.15.2
• 9e6f90a fix check for tenantId (#1801)
• 669515a param check for null
• 33879ec Update DisposableObjectPool to dispose on Free() when full
• dbb701d Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)