Bump Microsoft.Identity.Web from 2.16.1 to 3.0.1

[dependabot]

Bumps Microsoft.Identity.Web from 2.16.1 to 3.0.1.

Release notes

Sourced from Microsoft.Identity.Web's releases.

3.0.1

• Updated to Microsoft.IdentityModel.* 8.0.1

2.21.0

• Updated to Microsoft.IdentityModel 7.7.0

CVE package updates

CVE-2024-30105

3.0.0

CVE package updates

CVE-2024-30105

• See PR #2929 for details.

• Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0

• See rel/v2 changelog for full list of added features to 3.0.0.

Fundamentals:

• Update lab cert and lab version. See PR #2923 for details.

2.20.0

• Updated to Microsoft.Identity.Abstractions 6.0.0 which adds one method to IAuthorizationHeaderProvider

New features

• Implements the updated IAuthorizationHeaderProvider interface (the new method CreateAuthorizationHeaderForAppAsync). See issue #2907
• If an IMsalHttpClientFactory is added to the service collection, it's not used by IdWeb token acquisition. See issue #2911 This will be use to enable some IPv6 scenarios.

Bug fixes

• Fix metadata address creation when using AddMicrosoftIdentityWebApp. See issue #2752
• Use MSAL.NET instead of DefaultAzureCredential for Federation identity credentials scenario. See 2894

Fundamentals

• Updating Lab Api to 0.13.3

3.0.0-preview3

• Updated to Microsoft.IdentityModel.* 8.0.0-preview3

3.0.0-preview2

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

New features:

• Change GetSignedAssertion public API. See issue #2853 for details.

... (truncated)

Changelog

Sourced from Microsoft.Identity.Web's changelog.

3.0.1

• Updated to Microsoft.IdentityModel.* 8.0.1

3.0.0

CVE package updates

CVE-2024-30105

• See PR #2929 for details.

• Updated to Microsoft.IdentityModel.* 8.0.0, Microsoft.Identity.Lab API 1.0.2, Microsoft.Identity.Abstractions 6.0.0

• See rel/v2 changelog for full list of added features to 3.0.0.

Fundamentals:

• Update lab cert and lab version. See PR #2923 for details.

3.0.0-preview3

• Updated to Microsoft.IdentityModel.* 8.0.0-preview3

3.0.0-preview2

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

New features:

• Change GetSignedAssertion public API. See issue #2853 for details.
• Update to latest .NET 9 preview 4. See issue #2877 for details.

Bug Fixes

• If Logging:LogLevel:Microsoft.Identity.Web is assigned to None, no default logger is initialized and Microsoft.Identity.Web does not record any logs. See #2816 for details.
• GraphAuthenticationProvider checks that the RequestInformation.URI is a Graph URI before appending the authorization header, resolving #2710. See PR #2818 for details.

3.0.0-preview1

Breaking changes

• Remove netcoreapp3.1 support, see issue #2262 for details.
• Remove net5.0 support from Microsoft.Identity.Web.UI, see issue #2711 for details.

New features

• Microsoft.Identity.Web can be conditionally built on .net9.0-preview, see issue #2702 for details.
• Microsoft.Identity.Web nows processes the AcceptHeader and ContentType if provided, see issue #2806 for details.
• Target Microsoft.IdentityModel 7x in OWIN targets, see issue #2785 for details.

2.18.1

• Updated to Microsoft.IdentityModel.* 7.5.1

Bug fix

• Fix for FIC due to appending ./default, see issue #2796 for details.

... (truncated)

Commits

• 449cbcb M.IM to 8.01 (#2949)
• 78e87da Removing reference to Iddp Code Signing (#2941)
• 1e6f70f update build to 9.0.100-preview.6.24328.19 (#2940)
• e6fe2d8 fix blazor test (#2939)
• 9863535 cve fixes (#2938)
• f6c19af fix .net 9 package issue (#2937)
• 5a67761 Lozensky/update deps for CVE (#2936)
• 756e5fb update to M.IM 8 (#2934)
• 8975ae2 3.0.0 changelog (#2932)
• a53065d updated dependency versions for b2c webapp (#2933)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #44.