chore(deps): update dependency authlib to v1.6.5

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
Authlib	==1.3.1 -> ==1.6.5

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

authlib/authlib (Authlib)

v1.6.5

Compare Source

What's Changed

• Add a request param to RFC7591 generate_client_info and generate_client_secret methods by @​azmeuk in #​825
• feat: support list params in prepare_grant_uri by @​lisongmin in #​827
• chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by @​dependabot[bot] in #​828
• fix(jose): add max size for JWE zip=DEF decompression by @​lepture in #​830

New Contributors

• @​lisongmin made their first contribution in #​827
• @​dependabot[bot] made their first contribution in #​828

Full Changelog: authlib/authlib@v1.6.4...v1.6.5

v1.6.4

Compare Source

What's Changed

• fix(jose): prevent public/unprotected header overwriting protected header by @​lepture in #​809
• Fix InsecureTransportError raising by @​azmeuk in #​810
• Add conventional-commits pre-commit hook by @​azmeuk in #​811
• Fix response_mode=form_post with Starlette client by @​azmeuk in #​812
• Specify README.md as project long description by @​EpicWink in #​817
• Migrate tests to pytest paradigm by @​azmeuk in #​813
• jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by @​AL-Cybision in #​823
• Use explicit *.test urls in unit tests by @​azmeuk in #​824

New Contributors

• @​EpicWink made their first contribution in #​817
• @​AL-Cybision made their first contribution in #​823

Full Changelog: authlib/authlib@v1.6.3...v1.6.4

v1.6.3: Version 1.6.3

Compare Source

What's Changed

• Add diff-cover check in GHA by @​azmeuk in #​803
• Run GHA unit tests with uv by @​azmeuk in #​805
• Move from pre-commit to prek by @​azmeuk in #​804
• Sign OIDC id_token according to id_token_signed_response_alg client metadata by @​azmeuk in #​802

Full Changelog: authlib/authlib@v1.6.2...v1.6.3

v1.6.2: Version 1.6.2

Compare Source

What's Changed

• Allow insecure transport for 127.0.0.1 for debugging by @​geigerzaehler in #​788
• Raise a MissingCodeError when code parameter is missing by @​lepture in #​786
• Temporarily restore OAuth2Request body parameter by @​azmeuk in #​791
• Raise MissingCodeException when code parameter is missing by @​lepture in #​794
• Fix id_token generation with EdDSA alg by @​azmeuk in #​800

Full Changelog: authlib/authlib@v1.6.1...v1.6.2

v1.6.1: Version 1.6.1

Compare Source

• Filter key set with additional "alg" and "use" parameters.

v1.6.0: Version 1.6.0

Compare Source

• Fix issue when RFC9207 is enabled and the authorization endpoint response is not a redirection. pull request #​733
• Fix missing state parameter in authorization error responses. issue #​525
• Support for acr and amr claims in id_token. issue #​734
• Support for the none JWS algorithm.
• Fix response_types strict order during dynamic client registration. issue #​760
• Implement RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR). issue #​723
• OIDC UserInfo endpoint support. issue #​459

v1.5.2: Version 1.5.2

Compare Source

Released on Apr 1, 2025

• Forbid fragments in redirect_uris. #​714
• Fix invalid characters in error_description. #​720
• Add claims_cls parameter for client's parse_id_token method. #​725

v1.5.1: Version 1.5.1

Compare Source

Released on Feb 28, 2025

• Fix RFC9207 iss parameter. #​715

v1.5.0: Version 1.5.0

Compare Source

• Fix token introspection auth method for clients. #​662
• Optional typ claim in JWT tokens. #​696
• JWT validation leeway. #​689
• Implement server-side RFC9207. #​700 #​701
• generate_id_token can take a kid parameter. #​702
• More detailed InvalidClientError. #​706
• OpenID Connect Dynamic Client Registration implementation. #​707

v1.4.1: Version 1.4.1

Compare Source

• Improve garbage collection on OAuth clients. #​698
• Fix client parameters for httpx. #​694

v1.4.0: Version 1.4.0

Compare Source

Bugfixes

• Fix id_token decoding when kid is null. #​659
• Support for Python 3.13. #​682
• Force login if the prompt parameter value is login. #​637
• Support for httpx 0.28. #​695

Breaking changes

• Stop support for Python 3.8. #​682

v1.3.2: Version 1.3.2

Compare Source

• Prevent ever-growing session size for OAuth clients.
• Revert quote client id and secret.
• unquote basic auth header for authorization server.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).