Bump System.IdentityModel.Tokens.Jwt from 6.6.0 to 6.7.0

[dependabot-preview]

Bumps System.IdentityModel.Tokens.Jwt from 6.6.0 to 6.7.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

6.7.0

Features

• Adjusted SignedHttpRequest logic to control optional validation of claims.
• Added Microsoft.CodeAnaylsis.FxCopAnalyzers to validate code.
• Added SecurityKey.IsSupportedAlgorithm API to check if a SecurityKey / Algorithm is supported.

Bug Fixes

• SamlSerializer fails to validate token using an XmlReader created from a XDocument.
• Null reference possible in logging when using the IDX13300 and IDX13107 log messages.
• When creating a TokenValidationResult and setting the Exception property, ensure IsValid is set to false.
• Use CultureInvariant when parsing double values.

Pull Requests click here.

Bug fixes click here.

Commits

• aab47fa Set TokenValidationResult.IsValid to false if Exception is thrown.
• 3744a01 fixed spelling, extra line
• 7eb317e Issues: 453, 1419
• 8433d58 uses CultureInfo.InvariantCulture to stringify claim values
• 5560e2f Allow validation of signed http requests claims if present (#1415)
• de89a30 target lts version for test runtime (#1470)
• 0567929 Fix usage of IDX13300 and IDX13107 (#1458)
• 63f2585 Add analyzers to Tokens assembly (#1454)
• 374b097 Add analyzers to Tokens.Saml (#1456)
• aace545 Add analyzers to Xml (#1462)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[github-actions]

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.