Description
Describe the bug
Parent dependency to nuget package of IdentityModel.OidcClient must be replaced as it's now unlisted on nuget.org. Having this issue means that it will bring risky possibility that this nuget package is not supported and it's not available anymore, therefore it breaks SBOM audit. This means we must replace the dependency immediately by equivalent nuget package.
See below detailed suggestions.
Kubernetes C# SDK Client Version
Observed in 16.0.2,
Server Kubernetes Version
N/A, this issue is focusing on concerns on nuget dependency (SBOM) issue.
Dotnet Runtime Version
I use both NET 8.0 and .NET 9.0, but this doesn't matter to this issue
To Reproduce
Steps to reproduce the behavior: N/A.
Current dependency to IdentityModel.OidcClient has risk of breaking SBOM, as this nuget has been unlisted by package owner now.
This is the current look of IdentityModel.OidcClient nuget package on nuget.otg: (I have added some emphasizes) on link of https://www.nuget.org/packages/IdentityModel.OidcClient)
Expected behavior
The nuget package of IdentityModel.OidcClient must be replaced immediately with the suggested nuget package, as suggested by the nuget package's owner. In this case, Duende owns this IdentityModel.OidcClient nuget package, and based on the suggestion on the nuget.org page, we must replace this nuget package with the suggested package of Duende.IdentityModel.OidcClient.
KubeConfig
N/A.
Where do you run your app with Kubernetes SDK (please complete the following information):
- OS: N/A
- Environment: N/A
- Cloud N/A
Additional context
I have done the replacement and compile KubernetesClient (locally) using the Duende.IdentityModel.OidcClient and this includes some changes in the code about some namespaces, and it works fine.