Skip to content

Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.19.2#666

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/Core/identity-bfcf24face
Closed

Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.19.2#666
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/Core/identity-bfcf24face

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Updated Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

8.18.0

New Features

  • Introduced a new interface IConfigurationEventHandlerContextAware<T> that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #​3444.
  • Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #​3443.

Commits viewable in compare view.

@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies labels Jul 14, 2026
@kzu

kzu commented Jul 14, 2026

Copy link
Copy Markdown
Member

44 passed 44 passed 1 skipped
44 passed 44 passed 1 skipped
44 passed 44 passed 1 skipped

🧪 Details on macOS Unix 26.4.0
🧪 Details on Ubuntu 24.04.4 LTS
🧪 Details on Microsoft Windows 10.0.26100

from dotnet-retest v1.0.0 on .NET 10.0.10 with 💜 by @devlooped

---
updated-dependencies:
- dependency-name: Microsoft.IdentityModel.JsonWebTokens
  dependency-version: 8.19.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: identity
- dependency-name: Microsoft.IdentityModel.JsonWebTokens
  dependency-version: 8.19.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: identity
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the identity group with 1 update Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.19.2 Jul 15, 2026
@dependabot
dependabot Bot force-pushed the dependabot/nuget/src/Core/identity-bfcf24face branch from 593356c to f2d957b Compare July 15, 2026 03:51
@dependabot @github

dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor Author

The group that created this PR has been removed from your configuration.

@dependabot dependabot Bot closed this Jul 15, 2026
@dependabot
dependabot Bot deleted the dependabot/nuget/src/Core/identity-bfcf24face branch July 15, 2026 03:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant