chore(deps): update all non-major dependencies to 8.15.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Microsoft.IdentityModel.Tokens	8.14.0 -> 8.15.0
System.IdentityModel.Tokens.Jwt	8.14.0 -> 8.15.0

---

Release Notes

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Tokens)

v8.15.0

====

New Features

• Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
  Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
  See PR #​2377 for details.

Bug Fixes

• Sanitize logs to avoid leaking sensitive data
  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
  See PR #​3316 for details.
• Optimize log sanitization with SearchValues
  Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
  See PR #​3341 for details.
• Update test for IDX10400
  Adjusted the IDX10400 test to align with the current behavior and error messaging.
  See PR #​3314 for details.

Fundamentals

• Add supported algorithm tests
  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
  See PR #​3296 for details.
• Migrate repository agent rules from .clinerules to agents.md
  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
  See PR #​3313 for details.
• Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
  Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
  See PR #​3356 for details.
• Disable code coverage comments
  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
  See PR #​3349 for details.
• Fix CodeQL alerts
  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
  See PR #​3364 for details.

.NET 10 / SDK and tooling updates

• Building with .NET 10 preview / RC 1
  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
  See PRs #​3287, #​3357, and #​3358 for details.
• Fix .NET 10 test execution consistency
  Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
  See PR #​3337 for details.
• Update project files and workflows for .NET 10.0 compatibility
  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
  See PR #​3363 for details.
• Update .NET version to meet CG compliance
  Updated the .NET version references to be compliant with corporate governance (CG) requirements.
  See PR #​3353 for details.
• Update Coverlet collector and test SDK
  • Bumped CoverletCollectorVersion to 6.0.4.
    See PR #​3333 for details.
  • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
    See PR #​3336 for details.
• Update runTests.ps1 to specify dotnet directory
  Updated runTests.ps1 to accept an explicit dotnet directory, improving test execution robustness in environments with multiple SDK installations.
  See PR #​3368 for details.
• Adjust dotnetcore workflow targeting for .NET 10 SDK
  Iterated on the CI workflow configuration to correctly target the .NET 10 SDK:
  • Temporarily removed targeting of the .NET 10 SDK in dotnetcore.yml.
    See PR #​3335.
  • Reverted that change to restore .NET 10 SDK targeting.
    See PR #​3339 for details.

Documentation

• Update support policy documentation
  Refreshed supportPolicy.md to reflect the latest support policy for IdentityModel.
  See PR #​3367 for details.

---

Configuration

📅 Schedule: Branch creation - Between 08:00 AM and 08:59 AM ( * 8 * * * ) in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud