Skip to content

Update IdentityModel to 8.19.1#5513

Open
dependencyupdates[bot] wants to merge 1 commit into
masterfrom
renovate/identity-model
Open

Update IdentityModel to 8.19.1#5513
dependencyupdates[bot] wants to merge 1 commit into
masterfrom
renovate/identity-model

Conversation

@dependencyupdates
Copy link
Copy Markdown
Contributor

@dependencyupdates dependencyupdates Bot commented Jun 1, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Microsoft.IdentityModel.Abstractions 8.18.08.19.1 age adoption passing confidence
Microsoft.IdentityModel.Protocols.OpenIdConnect 8.18.08.19.1 age adoption passing confidence
Microsoft.IdentityModel.Tokens 8.18.08.19.1 age adoption passing confidence
System.IdentityModel.Tokens.Jwt 8.18.08.19.1 age adoption passing confidence

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Abstractions)

v8.19.1

Compare Source

Bug Fixes
  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

v8.19.0

Compare Source

New Features
  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.
Bug Fixes
  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Commands to ignore dependencies

You can trigger dependency actions by commenting on this PR:

  • @particularbot ignore this major version
  • @particularbot ignore this minor version
  • @particularbot ignore this dependency

@dependencyupdates dependencyupdates Bot added dependencies Pull requests that update a dependency file NuGet labels Jun 1, 2026
@dependencyupdates dependencyupdates Bot changed the title Update IdentityModel to 8.19.0 Update IdentityModel to 8.19.0 - autoclosed Jun 2, 2026
@dependencyupdates dependencyupdates Bot closed this Jun 2, 2026
@dependencyupdates dependencyupdates Bot deleted the renovate/identity-model branch June 2, 2026 16:50
@dependencyupdates dependencyupdates Bot changed the title Update IdentityModel to 8.19.0 - autoclosed Update IdentityModel to 8.19.1 Jun 5, 2026
@dependencyupdates dependencyupdates Bot reopened this Jun 5, 2026
@dependencyupdates dependencyupdates Bot force-pushed the renovate/identity-model branch 2 times, most recently from 841bc42 to 5d8a764 Compare June 5, 2026 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file NuGet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants