Skip to content

Bump authlib from 0.14.3 to 1.0.1#419

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/authlib-1.0.1
Closed

Bump authlib from 0.14.3 to 1.0.1#419
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/authlib-1.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 6, 2022

Copy link
Copy Markdown
Contributor

Bumps authlib from 0.14.3 to 1.0.1.

Release notes

Sourced from authlib's releases.

Version 1.0.1

  • Fix authenticate_none method, via #438.
  • Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #447.
  • Fix missing_token for Flask OAuth client, via #448.
  • Allow openid in any place of the scope, via #449.
  • Security fix for validating essential value on blank value in JWT, via #445.

Version 1.0.0

We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.

JOSE Changes

  • JWS has been renamed to JsonWebSignature
  • JWE has been renamed to JsonWebEncryption
  • JWK has been renamed to JsonWebKey
  • JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the JSON Web Key for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

Version 0.15.5

  • Make Authlib compatible with latest httpx
  • Make Authlib compatible with latest werkzeug
  • Allow customize RFC7523 alg value

Version 0.15.4

Security fix when JWT claims is None.

For example, JWT payload has iss=None:

</tr></table> 

... (truncated)

Changelog

Sourced from authlib's changelog.

Version 1.0.1

Released on April 6, 2022

  • Fix authenticate_none method, via :gh:issue#438.
  • Allow to pass in alternative signing algorithm to RFC7523 authentication methods via :gh:PR#447.
  • Fix missing_token for Flask OAuth client, via :gh:issue#448.
  • Allow openid in any place of the scope, via :gh:issue#449.
  • Security fix for validating essential value on blank value in JWT, via :gh:issue#445.

Version 1.0.0

Released on Mar 15, 2022.

We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.

JOSE Changes

  • JWS has been renamed to JsonWebSignature
  • JWE has been renamed to JsonWebEncryption
  • JWK has been renamed to JsonWebKey
  • JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the :ref:jwk_guide for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

Version 0.15.5

... (truncated)

Commits
  • 2e721aa Version bump 1.0.1
  • b953036 Fix GitHub workflow for coverage
  • f735578 Fix tests, restructure tests
  • 45ceb49 Raise InvalidClaimError for None value
  • 436e3f9 Fix validate jwt essential logic
  • 1c7a2c4 Allow openid scope anywhere
  • b28f037 Fix missing_token for Flask client
  • 6058a35 Merge pull request #447 from mikemonteith-livi/master
  • 1f6aea6 allow to pass in alternative signing algoritm to RFC7523 authentication methods
  • 1735d03 Fix docs for OpenIDCode via #439
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 6, 2022
@dependabot dependabot Bot force-pushed the dependabot/pip/authlib-1.0.1 branch 3 times, most recently from b2b0465 to 8b9f24a Compare June 23, 2022 03:09
Bumps [authlib](https://github.com/lepture/authlib) from 0.14.3 to 1.0.1.
- [Release notes](https://github.com/lepture/authlib/releases)
- [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst)
- [Commits](authlib/authlib@v0.14.3...v1.0.1)

---
updated-dependencies:
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/authlib-1.0.1 branch from 8b9f24a to 5041b7f Compare August 12, 2022 01:25
@codecov-commenter

codecov-commenter commented Aug 12, 2022

Copy link
Copy Markdown

Codecov Report

Merging #419 (5041b7f) into master (095dabe) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #419   +/-   ##
=======================================
  Coverage   86.83%   86.83%           
=======================================
  Files          36       36           
  Lines         448      448           
=======================================
  Hits          389      389           
  Misses         59       59           
Impacted Files Coverage Δ
setup.py 0.00% <ø> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@dependabot @github

dependabot Bot commented on behalf of github Sep 13, 2022

Copy link
Copy Markdown
Contributor Author

Superseded by #446.

@dependabot dependabot Bot closed this Sep 13, 2022
@dependabot dependabot Bot deleted the dependabot/pip/authlib-1.0.1 branch September 13, 2022 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant