Skip to content

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 2, 2025

Bumps authlib from 1.5.2 to 1.6.4.

Release notes

Sourced from authlib's releases.

v1.6.4

What's Changed

New Contributors

Full Changelog: authlib/authlib@v1.6.3...v1.6.4

Version 1.6.3

What's Changed

Full Changelog: authlib/authlib@v1.6.2...v1.6.3

Version 1.6.2

What's Changed

Full Changelog: authlib/authlib@v1.6.1...v1.6.2

Version 1.6.1

  • Filter key set with additional "alg" and "use" parameters.

Version 1.6.0

Changelog

Sourced from authlib's changelog.

Version 1.6.4

Released on Sep 17, 2025

  • Fix InsecureTransportError error raising. :issue:795
  • Fix response_mode=form_post with Starlette client. :issue:793
  • Validate crit header value, reject unprotected header in crit header.

Version 1.6.3

Released on Aug 26, 2025

  • OIDC id_token are signed according to id_token_signed_response_alg client metadata. :issue:755

Version 1.6.2

Released on Aug 23, 2025

  • Temporarily restore OAuth2Request body parameter. :issue:781 :pr:791
  • Allow 127.0.0.1 in insecure transport mode. :pr:788
  • Raise MissingCodeException when the code parameter is missing. :issue:793 :pr:794
  • Fix id_token generation with EdDSA algs. :issue:799 :pr:800

Version 1.6.1

Released on Jul 20, 2025

  • Filter key set with additional "alg" and "use" parameters.
  • Restore and deprecate OAuth2Request body parameter. :issue:781

Version 1.6.0

Released on May 22, 2025

  • Fix issue when :rfc:RFC9207 <9207> is enabled and the authorization endpoint response is not a redirection. :pr:733
  • Fix missing state parameter in authorization error responses. :issue:525
  • Support for acr and amr claims in id_token. :issue:734
  • Support for the none JWS algorithm.
  • Fix response_types strict order during dynamic client registration. :issue:760
  • Implement :rfc:RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) <9101>. :issue:723
  • OIDC :class:UserInfo endpoint <authlib.oidc.core.userinfo.UserInfoEndpoint> support. :issue:459
Commits
  • 09a5185 chore: release 1.6.4
  • 6b1813e chore: merge branch 'fix-jose-crit'
  • 99e330f Merge pull request #824 from azmeuk/test-urls
  • bd14be1 test: use explicit *.test url in unit tests
  • 55e8517 fix(jose): Reject unprotected ‘crit’ and enforce type; add tests (#823)
  • 06f0813 fix(jose): validate crit header when deserialize
  • eb07119 fix(jose): validate crit header parameters
  • 72a00e7 fix: typo in diff-cover GHA step
  • 49d0f47 Merge pull request #813 from azmeuk/pytest-paradigm
  • bafecc4 Merge pull request #817 from EpicWink/pyproject-readme
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [authlib](https://github.com/authlib/authlib) from 1.5.2 to 1.6.4.
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.5.2...v1.6.4)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 2, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 2, 2025 02:19
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 2, 2025
Copy link
Author

dependabot bot commented on behalf of github Oct 3, 2025

Superseded by #42.

@dependabot dependabot bot closed this Oct 3, 2025
@dependabot dependabot bot deleted the dependabot/pip/authlib-1.6.4 branch October 3, 2025 02:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants