Bump Microsoft.Identity.Web from 2.13.3 to 2.13.4 in /webapi

[dependabot]

Bumps Microsoft.Identity.Web from 2.13.3 to 2.13.4.

Release notes

Sourced from Microsoft.Identity.Web's releases.

2.13.4

• Update to IdentityModel 7.0.0-preview5 on .NET 8 and IdentityModel 6.32.3 for the other target frameworks.
• Update to MSAL 4.56.0, which now enables the cache synchronization by default
• Support for .NET 8 preview 7. See PR #2430

Bug fixes

• In Microsoft.Identity.Web.Owin, removed un-needed reference to Microsoft.Aspnet.WebApi.HelpPage. See issue #2417
• Fix to accomodate for breaking change in ASP.NET Core on .NET 8 that the SecurityToken is now a JsonWebToken. See issue #2420
• Improved the usability of IDownstreamApi by checking all HttpResponse for success before returning to the caller, instead of swallowing issues. This is a change of behavior. See issue #2426
• Improvement/Fix of OWIN scenarios, especially the session with B2C: #2388
• Fix an issue with CIAM web APIs and added two CIAM test apps. See PR #2411
• Fix a bug that is now surfaced by the .NET 8 runtime. See issue #2448
• Added a lock while loading credentials. See issue #2439

Fundamentals

• performance improvements: #2414
• Replaced Selenim with Playwright for more reliable faster UI tests. See issue #2354
• Added MSAL telemetry about the kind of token cache used (L1/L2). See issue #1900
• Resilience improvement: IdWeb now attempts to reload a certificate from its description when AAD returns "certificate revoked" error. See issue #244

Changelog

Sourced from Microsoft.Identity.Web's changelog.

2.13.4

• Update to IdentityModel 7.0.0-preview5 on .NET 8 and IdentityModel 6.32.3 for the other target frameworks.
• Update to MSAL 4.56.0, which now enables the cache synchronization by default
• Support for .NET 8 preview 7. See PR #2430

Bug fixes

• In Microsoft.Identity.Web.Owin, removed un-needed reference to Microsoft.Aspnet.WebApi.HelpPage. See issue #2417
• Fix to accomodate for breaking change in ASP.NET Core on .NET 8 that the SecurityToken is now a JsonWebToken. See issue #2420
• Improved the usability of IDownstreamApi by checking all HttpResponse for success before returning to the caller, instead of swallowing issues. This is a change of behavior. See issue #2426
• Improvement/Fix of OWIN scenarios, especially the session with B2C: #2388
• Fix an issue with CIAM web APIs and added two CIAM test apps. See PR #2411
• Fix a bug that is now surfaced by the .NET 8 runtime. See issue #2448
• Added a lock while loading credentials. See issue #2439

Fundamentals

• performance improvements: #2414
• Replaced Selenim with Playwright for more reliable faster UI tests. See issue #2354
• Added MSAL telemetry about the kind of token cache used (L1/L2). See issue #1900
• Resilience improvement: IdWeb now attempts to reload a certificate from its description when AAD returns "certificate revoked" error. See issue #244

Commits

• 06c3ef6 updating changelog (#2452)
• 050e3e0 Introduces a lock while loading credentials from Credential Source (#2438)
• 52cec44 Add revoked cert condition (#2450)
• e7d7d4e Fixes #2448 (#2449)
• bb4fe8d Bump Microsoft.Identity.Client from 4.55.0 to 4.56.0 (#2447)
• 767331f Changelog for 2.13.4 (#2441)
• e39c2f6 package updates for release (#2440)
• a6b5fe8 api: Check all responses for success (#2427)
• cc6fc99 change value of expected properties to 60 (#2431)
• 8d7e90c Jennyf19/net8 preview7 (#2430)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)