Bump Microsoft.AspNetCore.Authentication.JwtBearer and System.IdentityModel.Tokens.Jwt

[dependabot]

Bumps Microsoft.AspNetCore.Authentication.JwtBearer and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together.
Updates Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.7 to 8.0.11

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 8.0.11

Release

What's Changed

• Update branding to 8.0.11 by @​vseanreesermsft in dotnet/aspnetcore#58198
• [release/8.0] (deps): Bump src/submodules/googletest from ff233bd to 6dae7eb by @​dependabot in dotnet/aspnetcore#58180
• [release/8.0] Add explicit conversion for value-type returning handlers with filters by @​captainsafia in dotnet/aspnetcore#57966
• [release/8.0] Stop using Mac 11 in Helix by @​wtgodbe in dotnet/aspnetcore#58063
• [release/8.0] Enable TSA/Policheck by @​github-actions in dotnet/aspnetcore#58124
• [release/8.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 by @​dependabot in dotnet/aspnetcore#58179
• [Backport] Http.Sys: Clean up Request parsing errors by @​BrennanConroy in dotnet/aspnetcore#57819
• [release/8.0] Update the Microsoft.Identity.Web versions used by project templates by @​halter73 in dotnet/aspnetcore#58229
• Add registry search for upgrade policy keys, update dependencies from Arcade by @​dotnet-maestro in dotnet/aspnetcore#58278
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#58300
• [release/8.0] Remove ProviderKey from Hosting Bundle by @​github-actions in dotnet/aspnetcore#58294
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in dotnet/aspnetcore#58352
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#58347
• [release/8.0] Improve dev-certs export error message by @​amcasey in dotnet/aspnetcore#58470
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/aspnetcore#58474

Full Changelog: dotnet/aspnetcore@v8.0.10...v8.0.11

.NET 8.0.10

Release

.NET 8.0.8

Release

Commits

• 4757647 Merged PR 44074: [internal/release/8.0] Update dependencies from dnceng/inter...
• 809a619 Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ef...
• 8e8eded Merged PR 44051: [internal/release/8.0] Updated NuGet.config - add feed for e...
• 53c99d3 [internal/release/8.0] Updated NuGet.config - add feed for efcore 3b21bdbc
• bb08e05 Merged PR 44022: [internal/release/8.0] Update dependencies from dnceng/inter...
• 155b8bf Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ef...
• cb771e5 Merged PR 44008: [internal/release/8.0] Merge from public
• 49c3e20 Update dependencies from https://github.com/dotnet/arcade build 20241016.1 (#...
• fc878b7 Merged PR 43936: [internal/release/8.0] Update dependencies from dnceng/inter...
• 4c938ae Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ru...
• Additional commits viewable in compare view

Updates System.IdentityModel.Tokens.Jwt from 8.0.2 to 7.1.2

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

8.0.2

Security fundamentals

• Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors. See PR #2778 for details.

Bug fixes

• IdentityModel now allows the JWT payload to be an empty string. See issue #2656 for details.
• Cache UseRfcDefinitionOfEpkAndKid switch. See PR #2747 for details.
• Method was named DoNotFailOnMissingTid in 7x and DontFailOnMissingTid in 8x, adding the method for back compat. See issue #2750 for details.
• Metadata is now updated on a background thread. See #2780 for details.
• JsonWebKeySet stores the original string it was created with. See PR #2755 for details.
• Restore AOT compatibility. See #2711.
• Fix OpenIdConnect parsing bug. See #2772 for details.
• Remove the lock on creating a SignatureProvider. See #2788 for details.

Fundamentals

• Test clean up #2742.
• Use only FxCop in .NET framework targets #2693.
• Add rule to add file headers automatically #2748.
• Code analysis updates #2746.
• Include README packages in NuGet #2752.
• Update projects inside WilsonUnix solution #2768.
• Code style enforced in build #2603.
• CodeQL update #2767.
• Update build pipeline to new one release build format #2777.
• Update GitHub actions to 9.0.100-preview.7.24407.12 and add <NoWarn>$(NoWarn);SYSLIB0057</NoWarn> due to breaking changes in preview7. #2786.

Work relating to #2711

• #2725, #2729, #2753, #2758, #2759, #2757, #2759, #2764, #2759, #2771, #2759, and #2779.

8.0.1

Bug fixes

• IdentityModel now resolves the public key to EPK. See issue #1951 for details.
• Fix a race condition where SignatureProvider was disposed but still able to leverage the cache and SignatureProvider now disposes when compacting. See PR #2682 for details.
• For JWE, JsonWebTokenHandler.ValidateJWEAsync now considers the decrypt keys in the configuration. See issue #2737 for details.

Performance improvement

• AppContext.TryGetSwitch statically caches internally but takes out a lock. .NET almost always caches these values. They're not expected to change while the process is running unlike normal config. IdentityModel now caches the value. See issue #2722 for details.

8.0.0

CVE package updates

CVE-2024-30105

• See PR #2707 for details.

Breaking change:

Full list of breaking changes.

... (truncated)

Commits

• a607fa5 Merged PR 10669: update version to 7.1.2
• 44021bb Merged PR 10664: Update dev branch from public GitHub dev
• a22ab8e Merged PR 10603: Re-enable Jwt sub claim as either Number or String
• 1966c05 fixup prefix
• 97888a2 Merged PR 10258: Compatibility with 6x for bool claims (#2367)
• 5c1ea4a Merged PR 10241: Update dev to fix the release build
• ec25d19 reduced size for netcorestandard2.1 compression size is larger.
• b16f758 Merged PR 10217: Disable test that set statics.
• ceeff41 Merged PR 10199: Set MaximumDeflateSize
• e986e22 Merged PR 10198: Don't resolve jku claim by default
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)