Skip to content

Bump authlib from 0.14.3 to 0.15.4#362

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/authlib-0.15.4
Closed

Bump authlib from 0.14.3 to 0.15.4#362
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/authlib-0.15.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 7, 2021

Copy link
Copy Markdown
Contributor

Bumps authlib from 0.14.3 to 0.15.4.

Release notes

Sourced from authlib's releases.

Version 0.15.3

Fixed .authorize_access_token for OAuth 1.0 services, via lepture/authlib#308

Version 0.15.2

Fixed httpx authentication bug via #283

Version 0.15.1

Backward compitable fix for using JWKs in JWT, via #280.

Version 0.15

This is the last release before v1.0. In this release, we added more RFCs implementations and did some refactors for JOSE:

  • RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)
  • RFC7638: JSON Web Key (JWK) Thumbprint

We also fixed bugs for integrations:

  • Fixed support for HTTPX>=0.14.3
  • Added OAuth clients of HTTPX back via #270
  • Fixed parallel token refreshes for HTTPX async OAuth 2 client
  • Raise OAuthError when callback contains errors via #275

Breaking Change:

  1. The parameter algorithms in JsonWebSignature and JsonWebEncryption are changed. Usually you don't have to care about it since you won't use it directly.
  2. Whole JSON Web Key is refactored, please check JSON Web Key (JWK)
Changelog

Sourced from authlib's changelog.

Changelog

.. meta:: :description: The full list of changes between each Authlib release.

Here you can see the full list of changes between each Authlib release.

Version 1.0

Plan to release in Mar, 2021.

We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.

JOSE Changes

  • JWS has been renamed to JsonWebSignature
  • JWE has been renamed to JsonWebEncryption
  • JWK has been renamed to JsonWebKey
  • JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the :ref:jwk_guide for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

Version 0.15.3

Released on Jan 15, 2020.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [authlib](https://github.com/lepture/authlib) from 0.14.3 to 0.15.4.
- [Release notes](https://github.com/lepture/authlib/releases)
- [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst)
- [Commits](https://github.com/lepture/authlib/commits)

---
updated-dependencies:
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 7, 2021
@codecov-commenter

codecov-commenter commented Jun 7, 2021

Copy link
Copy Markdown

Codecov Report

Merging #362 (c32eca6) into master (29f7a1e) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #362   +/-   ##
=======================================
  Coverage   85.32%   85.32%           
=======================================
  Files          18       18           
  Lines         293      293           
=======================================
  Hits          250      250           
  Misses         43       43           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 29f7a1e...c32eca6. Read the comment docs.

@dependabot @github

dependabot Bot commented on behalf of github Oct 18, 2021

Copy link
Copy Markdown
Contributor Author

Superseded by #388.

@dependabot dependabot Bot closed this Oct 18, 2021
@dependabot dependabot Bot deleted the dependabot/pip/authlib-0.15.4 branch October 18, 2021 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant