Bump Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer and System.IdentityModel.Tokens.Jwt

[dependabot]

Bumps Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer and System.IdentityModel.Tokens.Jwt. These dependencies needed to be updated together.
Updates Azure.Identity from 1.13.2 to 1.11.4

Commits

• 2856f9a changelog update
• 7267469 Update azure-sdk-build-tools Repository Resource Refs in Yaml files (#43311)
• 2db9a0f AzureArcManagedIdentitySource fix
• 06dd672 Hotfix for DAC probe request
• ae13ec2 Fix ConfidentialClient's AcquireTokenSilent and AcquireTokenOnBehalfOf claims...
• 1835c8f Sync .github/workflows directory with azure-sdk-tools for PR 8131 (#43535)
• 40ff95a prep release (#43534)
• 70f5c48 [AzureMonitorDistro] Add LiveMetricsActivityProcessor only when live metrics ...
• a6c3e59 Respect SupportsOrdering property (#43531)
• 82cc7cf WCF Client/CoreWCF extension packages to use Azure Queue Storage as transport...
• Additional commits viewable in compare view

Updates Microsoft.EntityFrameworkCore.SqlServer from 8.0.8 to 9.0.4

Release notes

Sourced from Microsoft.EntityFrameworkCore.SqlServer's releases.

.NET 9.0.4

Release

What's Changed

• Merge branch 'release/8.0' into 'release/8.0-staging' by @​AndriySvyryd in dotnet/efcore#35541
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/efcore#35621
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/efcore#35633
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/efcore#35634
• [automated] Merge branch 'release/8.0' => 'release/9.0' by @​github-actions in dotnet/efcore#35626
• [release/9.0-staging] Set the environment when executing Scaffold-DBContext by @​AndriySvyryd in dotnet/efcore#35693
• [release/8.0-staging] Improve LoadExtension to work correctly with dotnet run and lib* named libs by @​roji in dotnet/efcore#35718
• [release/8.0-staging] Transform Span-based overloads to Enumerable in funcletizer by @​roji in dotnet/efcore#35720
• [release/9.0-staging] Process Coalesce-simplified Convert node properly in funcletizer by @​roji in dotnet/efcore#35721
• [release/9.0-staging] Improve LoadExtension to work correctly with dotnet run and lib* named libs by @​roji in dotnet/efcore#35717
• [release/9.0-staging] Transform Span-based overloads to Enumerable in funcletizer by @​roji in dotnet/efcore#35719
• Update branding to 8.0.15 by @​vseanreesermsft in dotnet/efcore#35738
• Update branding to 9.0.4 by @​vseanreesermsft in dotnet/efcore#35739
• Merge branch 'release/8.0-staging' => 'release/8.0' by @​AndriySvyryd in dotnet/efcore#35742
• Merge branch 'release/9.0-staging' => 'release/9.0' by @​AndriySvyryd in dotnet/efcore#35743
• [automated] Merge branch 'release/8.0' => 'release/9.0' by @​github-actions in dotnet/efcore#35740
• Merging internal commits for release/9.0 by @​vseanreesermsft in dotnet/efcore#35766
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/efcore#35781

Full Changelog: dotnet/efcore@v9.0.3...v9.0.4

.NET 9.0.3

Release

What's Changed

• [release/9.0-staging] Fix to #35393 - GroupJoin in EF Core 9 Returns Null for Joined Entities by @​maumar in dotnet/efcore#35449
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/efcore#35473
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/efcore#35470
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/efcore#35498
• Merge branch 'release/9.0' into 'release/9.0-staging' by @​AndriySvyryd in dotnet/efcore#35542
• [release/9.0-staging] Make SnapshotModelProcessor idempotent. by @​AndriySvyryd in dotnet/efcore#35543
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in dotnet/efcore#35572
• [automated] Merge branch 'release/8.0' => 'release/9.0' by @​github-actions in dotnet/efcore#35474
• Update branding to 9.0.3 by @​vseanreesermsft in dotnet/efcore#35584
• Update branding to 8.0.14 by @​vseanreesermsft in dotnet/efcore#35583
• [automated] Merge branch 'release/8.0' => 'release/9.0' by @​github-actions in dotnet/efcore#35587
• Merge branch 'release/9.0-staging' => 'release/9.0' by @​AndriySvyryd in dotnet/efcore#35601
• Merging internal commits for release/9.0 by @​vseanreesermsft in dotnet/efcore#35622

Full Changelog: dotnet/efcore@v9.0.2...v9.0.3

.NET 9.0.2

Release

... (truncated)

Commits

• 9275e9a Merged PR 48431: [internal/release/9.0] Update dependencies from dnceng/inter...
• 7465b32 Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ru...
• a2ed5ad Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ru...
• bb7c843 Merged PR 48408: [internal/release/9.0] Merge from public
• b39398b Update dependencies from https://github.com/dotnet/arcade build 20250311.4 (#...
• a96171b Merged PR 48358: [internal/release/9.0] Merge from public
• 52c3481 Merged PR 48209: [internal/release/9.0] Update dependencies from dnceng/inter...
• d2168ec Merging internal commits for release/9.0 (#35766)
• 0738604 Merge commit '68c7e19496df80819410fc6de1682a194aad33d3' into internal-merge-9...
• 9739ecb Merge commit 'c18fc677233d1c27e8282ad94439d177eaaacaa2'
• Additional commits viewable in compare view

Updates System.IdentityModel.Tokens.Jwt from 8.1.1 to 6.35.0

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

See the releases for details on bug fixes and added features.

8.8.0

New Features

• Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #3193 for details.
• Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #3195 and https://aka.ms/identitymodel/app-context-switches for details.
• Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #3185 and #3189 for details.

8.7.0

Bug Fixes

• Add back internal methods IsRecoverableException and IsRecoverableExceptionType whose signatures were changed in the previous version. See #3181.

New Features

• Make Cnf class public and move it to Microsoft.IdentityModel.Tokens package. See #3165.

8.6.1

Bug fix

• Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue #3148 for details.
• Fix a bug in JsonWebTokenHandler where JwtTokenDecryptionParameters's Alg and Enc were not set during token decryption, causing IDX10611 and IDX10619 errors to show null values in the messages. See issue #3003 for details.

Fundamentals

• For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue #2995 for details.

8.6.0

New Features

• TokenValidationParameters has a new boolean property TryAllDecryptionKeys that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #3128
• Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See #3140

Fundamentals

• Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See 3143
• Add more tests for encrypted tokens. See #3139

8.5.0

Reverting previous breaking change

• The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that adding IDisposable is a breaking change, so we are following semver guidance and reverting and releasing a minor version (8.5.0).
• Cherry-picked Changes: Included changes from PR #3022 and #3104.

8.4.0

New Features

• App context switch allows blocking or non-blocking calls for configuration. See PR #3106 for details and issue #3082 for details.
• IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See #3094 for details.
• IdentityModel now allows specifying the HTTP protocol version and version policy. See #2808 for details.

Repair items

... (truncated)

Commits

• c94c7fc rmv preview
• 522bc41 Merged PR 10814: Two fixes, AadIssuerValidator slash, AppContext
• 74cc160 Merged PR 10242: Update Dev6x to fix the release build
• 4845cf1 Merged PR 10239: Commenting out a constant which is not used
• e06dc84 Merged PR 10213: Set MaximumDeflateSize
• 0b2f269 Merged PR 10182: Don't resolve jku claim by default
• c3e99cd update build config version (#2350)
• 8ea36a8 Update CHANGELOG.md (#2348)
• 9d9925e [Log Scrubbing] Clean up log messages in Wilson (#2339) (#2344)
• c2fa102 Decouple JsonElements from JsonDocument.
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.