Bumps [authlib](https://github.com/authlib/authlib) from 1.3.0 to 1.6.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>v1.6.5</h2> <h2>What's Changed</h2> <ul> <li>Add a <code>request</code> param to RFC7591 <code>generate_client_info</code> and <code>generate_client_secret</code> methods by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/825">authlib/authlib#825</a></li> <li>feat: support list params in prepare_grant_uri by <a href="https://github.com/lisongmin"><code>@lisongmin</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/827">authlib/authlib#827</a></li> <li>chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/authlib/authlib/pull/828">authlib/authlib#828</a></li> <li>fix(jose): add max size for JWE zip=DEF decompression by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/830">authlib/authlib#830</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lisongmin"><code>@lisongmin</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/827">authlib/authlib#827</a></li> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/828">authlib/authlib#828</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5">https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5</a></p> <h2>v1.6.4</h2> <h2>What's Changed</h2> <ul> <li>fix(jose): prevent public/unprotected header overwriting protected header by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/809">authlib/authlib#809</a></li> <li>Fix <code>InsecureTransportError</code> raising by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/810">authlib/authlib#810</a></li> <li>Add conventional-commits pre-commit hook by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/811">authlib/authlib#811</a></li> <li>Fix response_mode=form_post with Starlette client by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/812">authlib/authlib#812</a></li> <li>Specify README.md as project long description by <a href="https://github.com/EpicWink"><code>@EpicWink</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li> <li>Migrate tests to pytest paradigm by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/813">authlib/authlib#813</a></li> <li>jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by <a href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li> <li>Use explicit *.test urls in unit tests by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/824">authlib/authlib#824</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/EpicWink"><code>@EpicWink</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li> <li><a href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4">https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4</a></p> <h2>Version 1.6.3</h2> <h2>What's Changed</h2> <ul> <li>Add diff-cover check in GHA by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/803">authlib/authlib#803</a></li> <li>Run GHA unit tests with uv by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/805">authlib/authlib#805</a></li> <li>Move from pre-commit to prek by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/804">authlib/authlib#804</a></li> <li>Sign OIDC id_token according to <code>id_token_signed_response_alg</code> client metadata by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/802">authlib/authlib#802</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3">https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3</a></p> <h2>Version 1.6.2</h2> <h2>What's Changed</h2> <ul> <li>Allow insecure transport for 127.0.0.1 for debugging by <a href="https://github.com/geigerzaehler"><code>@geigerzaehler</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/788">authlib/authlib#788</a></li> <li>Raise a MissingCodeError when code parameter is missing by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/786">authlib/authlib#786</a></li> <li>Temporarily restore OAuth2Request body parameter by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/791">authlib/authlib#791</a></li> <li>Raise MissingCodeException when code parameter is missing by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/794">authlib/authlib#794</a></li> <li>Fix id_token generation with EdDSA alg by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/800">authlib/authlib#800</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2">https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.5</h2> <p><strong>Released on Oct 2, 2025</strong></p> <ul> <li>RFC7591 <code>generate_client_info</code> and <code>generate_client_secret</code> take a <code>request</code> parameter.</li> <li>Add size limitation when decode JWS/JWE to prevent DoS.</li> <li>Add size limitation for <code>DEF</code> JWE zip algorithm.</li> </ul> <h2>Version 1.6.4</h2> <p><strong>Released on Sep 17, 2025</strong></p> <ul> <li>Fix <code>InsecureTransportError</code> error raising. :issue:<code>795</code></li> <li>Fix <code>response_mode=form_post</code> with Starlette client. :issue:<code>793</code></li> <li>Validate <code>crit</code> header value, reject unprotected header in <code>crit</code> header.</li> </ul> <h2>Version 1.6.3</h2> <p><strong>Released on Aug 26, 2025</strong></p> <ul> <li>OIDC <code>id_token</code> are signed according to <code>id_token_signed_response_alg</code> client metadata. :issue:<code>755</code></li> </ul> <h2>Version 1.6.2</h2> <p><strong>Released on Aug 23, 2025</strong></p> <ul> <li>Temporarily restore <code>OAuth2Request</code> <code>body</code> parameter. :issue:<code>781</code> :pr:<code>791</code></li> <li>Allow <code>127.0.0.1</code> in insecure transport mode. :pr:<code>788</code></li> <li>Raise <code>MissingCodeException</code> when the <code>code</code> parameter is missing. :issue:<code>793</code> :pr:<code>794</code></li> <li>Fix <code>id_token</code> generation with <code>EdDSA</code> algs. :issue:<code>799</code> :pr:<code>800</code></li> </ul> <h2>Version 1.6.1</h2> <p><strong>Released on Jul 20, 2025</strong></p> <ul> <li>Filter key set with additional "alg" and "use" parameters.</li> <li>Restore and deprecate <code>OAuth2Request</code> <code>body</code> parameter. :issue:<code>781</code></li> </ul> <h2>Version 1.6.0</h2> <p><strong>Released on May 22, 2025</strong></p> <ul> <li>Fix issue when :rfc:<code>RFC9207 <9207></code> is enabled and the authorization endpoint response is not a redirection. :pr:<code>733</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|---|---|---|
| .. | ||
| arcade_postgres | ||
| evals | ||
| tests | ||
| Makefile | ||
| pyproject.toml | ||