Skip to content

Update dependency fastapi-users to >=15.0.3,<15.0.4 #1422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renovate merged 1 commit into from
Jan 6, 2026
Merged

Update dependency fastapi-users to >=15.0.3,<15.0.4 #1422

renovate merged 1 commit into from
Jan 6, 2026

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 20, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
fastapi-users >=15.0.1,<15.0.2>=15.0.3,<15.0.4 age confidence

Release Notes

fastapi-users/fastapi-users (fastapi-users)

v15.0.3

Compare Source

Bump version 15.0.2 → 15.0.3

Bug fixes and improvements

  • Add cookie parameters added in 15.0.1 to FastAPIUsers.get_oauth_router and FastAPIUsers.get_oauth_associate_router. Thanks @​jthurner 🎉

v15.0.2

Compare Source

Bump version 15.0.1 → 15.0.2

🛡️ Security Fix

A CSRF vulnerability was identified in the OAuth2 flow. To mitigate this, the authorize endpoint will set a cookie in the response, and this cookie will be expected in the callback request.

In most cases, this change should work out-of-the-box, but in certain scenarios (e.g. cross-domain setups), additional configuration may be required for the cookie to be correctly sent and received. [Read more]

Thanks to @​davidbors-snyk from Snyk for his research, responisble disclosure, and assistance in fixing this issue.

Improvements

  • Bump dependencies
    • python-multipart ==0.0.21
    • pwdlib[argon2,bcrypt] ==0.3.0

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Something got an update, I guess label Dec 20, 2025
@renovate renovate bot enabled auto-merge (squash) December 20, 2025 02:34
@renovate renovate bot added the dependencies Something got an update, I guess label Dec 20, 2025
@bkis bkis force-pushed the renovate/fastapi-users-15.x branch from 439e65b to 14d18ac Compare December 22, 2025 13:59
@renovate renovate bot force-pushed the renovate/fastapi-users-15.x branch from 14d18ac to bad0494 Compare December 22, 2025 16:37
@renovate renovate bot force-pushed the renovate/fastapi-users-15.x branch from bad0494 to e29b2ac Compare December 23, 2025 13:30
@bkis bkis self-requested a review January 6, 2026 08:23
@renovate renovate bot merged commit c9c1bd5 into main Jan 6, 2026
3 checks passed
@renovate renovate bot deleted the renovate/fastapi-users-15.x branch January 6, 2026 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bkis bkis bkis approved these changes

Assignees

No one assigned

Labels

dependencies Something got an update, I guess

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bkis