aleph
aleph copied to clipboard
alephdata
Bump authlib from 0.15.5 to 1.6.5
Bumps authlib from 0.15.5 to 1.6.5.
Release notes
Sourced from authlib's releases.
v1.6.5
What's Changed
- Add a
requestparam to RFC7591generate_client_infoandgenerate_client_secretmethods by@azmeukin authlib/authlib#825- feat: support list params in prepare_grant_uri by
@lisongminin authlib/authlib#827- chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by
@dependabot[bot] in authlib/authlib#828- fix(jose): add max size for JWE zip=DEF decompression by
@lepturein authlib/authlib#830New Contributors
@lisongminmade their first contribution in authlib/authlib#827@dependabot[bot] made their first contribution in authlib/authlib#828Full Changelog: https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5
v1.6.4
What's Changed
- fix(jose): prevent public/unprotected header overwriting protected header by
@lepturein authlib/authlib#809- Fix
InsecureTransportErrorraising by@azmeukin authlib/authlib#810- Add conventional-commits pre-commit hook by
@azmeukin authlib/authlib#811- Fix response_mode=form_post with Starlette client by
@azmeukin authlib/authlib#812- Specify README.md as project long description by
@EpicWinkin authlib/authlib#817- Migrate tests to pytest paradigm by
@azmeukin authlib/authlib#813- jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by
@AL-Cybisionin authlib/authlib#823- Use explicit *.test urls in unit tests by
@azmeukin authlib/authlib#824New Contributors
@EpicWinkmade their first contribution in authlib/authlib#817@AL-Cybisionmade their first contribution in authlib/authlib#823Full Changelog: https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4
Version 1.6.3
What's Changed
- Add diff-cover check in GHA by
@azmeukin authlib/authlib#803- Run GHA unit tests with uv by
@azmeukin authlib/authlib#805- Move from pre-commit to prek by
@azmeukin authlib/authlib#804- Sign OIDC id_token according to
id_token_signed_response_algclient metadata by@azmeukin authlib/authlib#802Full Changelog: https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3
Version 1.6.2
What's Changed
- Allow insecure transport for 127.0.0.1 for debugging by
@geigerzaehlerin authlib/authlib#788- Raise a MissingCodeError when code parameter is missing by
@lepturein authlib/authlib#786- Temporarily restore OAuth2Request body parameter by
@azmeukin authlib/authlib#791- Raise MissingCodeException when code parameter is missing by
@lepturein authlib/authlib#794- Fix id_token generation with EdDSA alg by
@azmeukin authlib/authlib#800Full Changelog: https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2
... (truncated)
Changelog
Sourced from authlib's changelog.
Version 1.6.5
Released on Oct 2, 2025
- RFC7591
generate_client_infoandgenerate_client_secrettake arequestparameter.- Add size limitation when decode JWS/JWE to prevent DoS.
- Add size limitation for
DEFJWE zip algorithm.Version 1.6.4
Released on Sep 17, 2025
- Fix
InsecureTransportErrorerror raising. :issue:795- Fix
response_mode=form_postwith Starlette client. :issue:793- Validate
critheader value, reject unprotected header incritheader.Version 1.6.3
Released on Aug 26, 2025
- OIDC
id_tokenare signed according toid_token_signed_response_algclient metadata. :issue:755Version 1.6.2
Released on Aug 23, 2025
- Temporarily restore
OAuth2Requestbodyparameter. :issue:781:pr:791- Allow
127.0.0.1in insecure transport mode. :pr:788- Raise
MissingCodeExceptionwhen thecodeparameter is missing. :issue:793:pr:794- Fix
id_tokengeneration withEdDSAalgs. :issue:799:pr:800Version 1.6.1
Released on Jul 20, 2025
- Filter key set with additional "alg" and "use" parameters.
- Restore and deprecate
OAuth2Requestbodyparameter. :issue:781Version 1.6.0
Released on May 22, 2025
- Fix issue when :rfc:
RFC9207 <9207>is enabled and the authorization endpoint response is not a redirection. :pr:733
... (truncated)
Commits
9ec4256chore: release 1.6.5b62b5b2Merge branch 'fix-GHSA-pq5p-34cr-23v9'e0863d5Merge pull request #830 from authlib/fix-GHSA-g7f3-828f-7h7m867e3f8fix(jose): add size limitation to prevent DoS75ad6d4Merge pull request #828 from authlib/dependabot/github_actions/dot-github/wor...68b9823chore(deps): bump SonarSource/sonarqube-scan-action5bdfc4bMerge pull request #827 from lisongmin/support-list-params-in-prepare-grant-uri30ea3c5feat: support list params in prepare_grant_uri4b5b570fix(jose): add max size for JWE zip=DEF decompression6e35a02Merge pull request #825 from azmeuk/request-params- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}