Skip to content

Bump oauthlib from 3.0.2 to 3.1.1 #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot-preview wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump oauthlib from 3.0.2 to 3.1.1 #138

dependabot-preview wants to merge 1 commit into from
+1 −1

Conversation

@dependabot-preview
Copy link

@dependabot-preview dependabot-preview bot commented Jun 1, 2021

Bumps oauthlib from 3.0.2 to 3.1.1.

Release notes

Sourced from oauthlib's releases.

3.1.0 is an feature release including improvement to OIDC and security enhancements. Check-it out !

OAuth2.0 Provider - Features

  • #660: OIDC add support of nonce, c_hash, at_hash fields
    • New RequestValidator.fill_id_token method
    • Deprecated RequestValidator.get_id_token method
  • #677: OIDC add UserInfo endpoint
    • New RequestValidator.get_userinfo_claims method

OAuth2.0 Provider - Security

  • #665: Enhance data leak to logs
    • New default to not expose request content in logs
    • New function oauthlib.set_debug(True)
  • #666: Disabling query parameters for POST requests

OAuth2.0 Provider - Bugfixes

  • #670: Fix validate_authorization_request to return the new PKCE fields
  • #674: Fix token_type to be case-insensitive (bearer and Bearer)

OAuth2.0 Client - Bugfixes

  • #290: Fix Authorization Code's errors processing
  • #603: BackendApplication.Client.prepare_request_body use the "scope" argument as intended.
  • #672: Fix edge case when expires_in=Null

OAuth1.0 Client

  • #669: Add case-insensitive headers to oauth1 BaseEndpoint
Changelog

Sourced from oauthlib's changelog.

3.1.1 (2021-05-31)

OAuth2.0 Provider - Bugfixes

  • #753: Fix acceptance of valid IPv6 addresses in URI validation

OAuth2.0 Client - Bugfixes

  • #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently relies on the scope provided in the constructor if any, except if overridden temporarily in a method call. Note that in particular providing a non-None scope in prepare_authorization_request or prepare_refresh_token does not override anymore self.scope forever, it is just used temporarily.
  • #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, ServiceApplicationClient.prepare_request_body, and WebApplicationClient.prepare_request_uri now correctly use the default scope provided in constructor.
  • #725: LegacyApplicationClient.prepare_request_body now correctly uses the default scope provided in constructor

OAuth2.0 Provider - Bugfixes

: - #711: client_credentials grant: fix log message - #746: OpenID Connect Hybrid - fix nonce not passed to add_id_token - #756: Different prompt values are now handled according to spec (e.g. prompt=none) - #759: OpenID Connect - fix Authorization: Basic parsing

General

: - #716: improved skeleton validator for public vs private client - #720: replace mock library with standard unittest.mock - #727: build isort integration - #734: python2 code removal - #735, #750: add python3.8 support - #749: bump minimum versions of pyjwt and cryptography

3.1.0 (2019-08-06)

OAuth2.0 Provider - Features

[#660](https://github.com/oauthlib/oauthlib/issues/660): OIDC add support of nonce, c\_hash, at\_hash fields

:   -   New RequestValidator.fill_id_token method
-   Deprecated RequestValidator.get_id_token method

  • #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method

OAuth2.0 Provider - Security

[#665](https://github.com/oauthlib/oauthlib/issues/665): Enhance data leak to logs

:   -   New default to not expose request content in logs

... (truncated)

Commits
  • 71d0690 Merge branch 'master' into 3.1.1-release
  • dd1f01d Fix readme check basde on .tox result
  • b112d48 Removed pypy2 support
  • 4424d69 Fix italic sentence in rst format
  • 6c473c1 Restore docs, readme, bandit to the CI/CD
  • fd890ff Merge pull request #764 from oauthlib/3.1.1
  • 817f97b 3.1.1 release
  • e634ab9 Merge pull request #760 from n2ygk/issue759/check_authz_type
  • 5c78975 per @​JonathanHuot use existing get_token_from_header()
  • 9f2e8ff handle another case of assuming the token starts after 'Bearer '
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump oauthlib from 3.0.2 to 3.1.1
91dc795 
Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.0.2 to 3.1.1.
- [Release notes](https://github.com/oauthlib/oauthlib/releases)
- [Changelog](https://github.com/oauthlib/oauthlib/blob/master/CHANGELOG.rst)
- [Commits](oauthlib/oauthlib@v3.0.2...v3.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jun 1, 2021
@dependabot-preview dependabot-preview bot mentioned this pull request Jun 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants