build(deps): bump authlib from 1.6.1 to 1.6.4
Merged
Number: #161
Type: Pull Request
State: Merged
Type: Pull Request
State: Merged
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Contributor
Comments: 0
dependabot[bot]Association: Contributor
Comments: 0
Created:
September 29, 2025 at 08:02 PM UTC
(9 months ago)
(9 months ago)
Updated:
September 30, 2025 at 04:39 AM UTC
(9 months ago)
(9 months ago)
Merged:
September 30, 2025 at 04:39 AM UTC
(9 months ago)
by jirhiker
(9 months ago)
by jirhiker
Time to Close:
about 9 hours
Labels:
dependencies python:uv
dependencies python:uv
Description:
Bumps authlib from 1.6.1 to 1.6.4.
Release notes
Sourced from authlib's releases.
v1.6.4
What's Changed
- fix(jose): prevent public/unprotected header overwriting protected header by
@lepturein authlib/authlib#809- Fix
InsecureTransportErrorraising by@azmeukin authlib/authlib#810- Add conventional-commits pre-commit hook by
@azmeukin authlib/authlib#811- Fix response_mode=form_post with Starlette client by
@azmeukin authlib/authlib#812- Specify README.md as project long description by
@EpicWinkin authlib/authlib#817- Migrate tests to pytest paradigm by
@azmeukin authlib/authlib#813- jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by
@AL-Cybisionin authlib/authlib#823- Use explicit *.test urls in unit tests by
@azmeukin authlib/authlib#824New Contributors
@EpicWinkmade their first contribution in authlib/authlib#817@AL-Cybisionmade their first contribution in authlib/authlib#823Full Changelog: https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4
Version 1.6.3
What's Changed
- Add diff-cover check in GHA by
@azmeukin authlib/authlib#803- Run GHA unit tests with uv by
@azmeukin authlib/authlib#805- Move from pre-commit to prek by
@azmeukin authlib/authlib#804- Sign OIDC id_token according to
id_token_signed_response_algclient metadata by@azmeukin authlib/authlib#802Full Changelog: https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3
Version 1.6.2
What's Changed
- Allow insecure transport for 127.0.0.1 for debugging by
@geigerzaehlerin authlib/authlib#788- Raise a MissingCodeError when code parameter is missing by
@lepturein authlib/authlib#786- Temporarily restore OAuth2Request body parameter by
@azmeukin authlib/authlib#791- Raise MissingCodeException when code parameter is missing by
@lepturein authlib/authlib#794- Fix id_token generation with EdDSA alg by
@azmeukin authlib/authlib#800Full Changelog: https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2
Changelog
Sourced from authlib's changelog.
Version 1.6.4
Released on Sep 17, 2025
- Fix
InsecureTransportErrorerror raising. :issue:795- Fix
response_mode=form_postwith Starlette client. :issue:793- Validate
critheader value, reject unprotected header incritheader.Version 1.6.3
Released on Aug 26, 2025
- OIDC
id_tokenare signed according toid_token_signed_response_algclient metadata. :issue:755Version 1.6.2
Released on Aug 23, 2025
- Temporarily restore
OAuth2Requestbodyparameter. :issue:781:pr:791- Allow
127.0.0.1in insecure transport mode. :pr:788- Raise
MissingCodeExceptionwhen thecodeparameter is missing. :issue:793:pr:794- Fix
id_tokengeneration withEdDSAalgs. :issue:799:pr:800
Commits
09a5185chore: release 1.6.46b1813echore: merge branch 'fix-jose-crit'99e330fMerge pull request #824 from azmeuk/test-urlsbd14be1test: use explicit *.test url in unit tests55e8517fix(jose): Reject unprotected ‘crit’ and enforce type; add tests (#823)06f0813fix(jose): validate crit header when deserializeeb07119fix(jose): validate crit header parameters72a00e7fix: typo in diff-cover GHA step49d0f47Merge pull request #813 from azmeuk/pytest-paradigmbafecc4Merge pull request #817 from EpicWink/pyproject-readme- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
1
Files Changed:
2
2
Additions:
+7
+7
Deletions:
-7
-7
Package Dependencies
Technical Details
| ID: | 8819677 |
| UUID: | 2871900971 |
| Node ID: | PR_kwDOO1pBFM6rLbsr |
| Host: | GitHub |
| Repository: | DataIntegrationGroup/NMSampleLocations |
| Merge State: | Unknown |