From 3ffb38d4b04171153c8e8d0ea3e389e8f2d0819c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Oct 2023 01:12:26 +0000
Subject: [PATCH] Bump Microsoft.Identity.Web from 2.14.0 to 2.15.1 in /webapi
 (#484)

Bumps
[Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web)
from 2.14.0 to 2.15.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/AzureAD/microsoft-identity-web/blob/master/changelog.md">Microsoft.Identity.Web's
changelog</a>.</em></p>
<blockquote>
<h1>2.15.1</h1>
<ul>
<li>Updated IdentityModel dependencies to Identity.Model.*.6.33.0 for
all target frameworks other than .NET 8 rc1, for which
Microsoft,Identity.Web leverages Identity.Model 7.0.2</li>
</ul>
<h1>2.15.0</h1>
<h3>New features</h3>
<ul>
<li>TokenAcquirerFactory now adds support for reading the configuration
from environment variables. See issue <a
href="https://redirect.github.com/AzureAD/microsoft-identity-web/issues/2480">#2480</a></li>
</ul>
<h4>Experimental API</h4>
<p>(to get feedback, could change without bumping-up the major
version)</p>
<ul>
<li>It's now possible for an application to observe the client
certificate selected by Token acquirer from the ClientCredentials
properties, and when the certicate is un-selected (because it's rejected
by the Identity Provider, as expired, or revoked). See <a
href="https://github.com/AzureAD/microsoft-identity-web/wiki/Certificates#observing-client-certificates">Observing
client certificates</a>. PR <a
href="https://redirect.github.com/AzureAD/microsoft-identity-web/pull/2496">#2496</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>Fixes a resiliency issue where the client certificate rotation
wasn't always happening (from KeyKeyVault, or certificate store with
same distinguished name). See <a
href="https://redirect.github.com/AzureAD/microsoft-identity-web/pull/2496">#2496</a>
for details.</li>
<li>In the override of AddMicrosoftIdentityWebApp taking a delegate, the
delegate is now called only once (it was called twice causing the
TokenValidated event to be called twice as well). Fixes <a
href="https://redirect.github.com/AzureAD/microsoft-identity-web/issues/2328">#2328</a></li>
<li>Fixes a regression introduced in 2.13.3, causing the configuration
to not be read, when using an app builder other than the
WindowsAppBuilder with AddMicroosftIdentityWebApp/Api, unless you
provided an empty authentication scheme when acquiring a token. Fixes <a
href="https://redirect.github.com/AzureAD/microsoft-identity-web/issues/2410">#2460</a>,
<a
href="https://redirect.github.com/AzureAD/microsoft-identity-web/issues/2460">#2410</a>,
<a
href="https://redirect.github.com/AzureAD/microsoft-identity-web/issues/2394">#2394</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/AzureAD/microsoft-identity-web/commits/2.15.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web&package-manager=nuget&previous-version=2.14.0&new-version=2.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 webapi/CopilotChatWebApi.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapi/CopilotChatWebApi.csproj b/webapi/CopilotChatWebApi.csproj
index a4efb1980..f6356b553 100644
--- a/webapi/CopilotChatWebApi.csproj
+++ b/webapi/CopilotChatWebApi.csproj
@@ -20,7 +20,7 @@
     <PackageReference Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.2.2" />
     <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.21.0" />
     <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.35.4" />
-    <PackageReference Include="Microsoft.Identity.Web" Version="2.14.0" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="2.15.1" />
     <PackageReference Include="Microsoft.SemanticKernel" Version="0.24.230918.1-preview" />
     <PackageReference Include="Microsoft.SemanticKernel.Connectors.AI.OpenAI" Version="0.24.230918.1-preview" />
     <PackageReference Include="Microsoft.SemanticKernel.Connectors.Memory.AzureCognitiveSearch" Version="0.24.230918.1-preview" />