Title: Bump authlib from 1.3.1 to 1.6.5 by dependabot[bot] · Pull Request #200 · vpython/glowscript · GitHub
Open Graph Title: Bump authlib from 1.3.1 to 1.6.5 by dependabot[bot] · Pull Request #200 · vpython/glowscript
X Title: Bump authlib from 1.3.1 to 1.6.5 by dependabot[bot] · Pull Request #200 · vpython/glowscript
Description: Bumps authlib from 1.3.1 to 1.6.5.
Release notes
Sourced from authlib's releases.
v1.6.4
What's Changed
fix(jose): prevent public/unprotected header overwriting protected header by @lepture in authlib/authlib#809
Fix InsecureTransportError raising by @azmeuk in authlib/authlib#810
Add conventional-commits pre-commit hook by @azmeuk in authlib/authlib#811
Fix response_mode=form_post with Starlette client by @azmeuk in authlib/authlib#812
Specify README.md as project long description by @EpicWink in authlib/authlib#817
Migrate tests to pytest paradigm by @azmeuk in authlib/authlib#813
jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by @AL-Cybision in authlib/authlib#823
Use explicit *.test urls in unit tests by @azmeuk in authlib/authlib#824
New Contributors
@EpicWink made their first contribution in authlib/authlib#817
@AL-Cybision made their first contribution in authlib/authlib#823
Full Changelog: authlib/authlib@v1.6.3...v1.6.4
Version 1.6.3
What's Changed
Add diff-cover check in GHA by @azmeuk in authlib/authlib#803
Run GHA unit tests with uv by @azmeuk in authlib/authlib#805
Move from pre-commit to prek by @azmeuk in authlib/authlib#804
Sign OIDC id_token according to id_token_signed_response_alg client metadata by @azmeuk in authlib/authlib#802
Full Changelog: authlib/authlib@v1.6.2...v1.6.3
Version 1.6.2
What's Changed
Allow insecure transport for 127.0.0.1 for debugging by @geigerzaehler in authlib/authlib#788
Raise a MissingCodeError when code parameter is missing by @lepture in authlib/authlib#786
Temporarily restore OAuth2Request body parameter by @azmeuk in authlib/authlib#791
Raise MissingCodeException when code parameter is missing by @lepture in authlib/authlib#794
Fix id_token generation with EdDSA alg by @azmeuk in authlib/authlib#800
Full Changelog: authlib/authlib@v1.6.1...v1.6.2
Version 1.6.1
Filter key set with additional "alg" and "use" parameters.
Version 1.6.0
Fix issue when RFC9207 is enabled and the authorization endpoint response is not a redirection. [pull request #733](authlib/authlib#733)
Fix missing state parameter in authorization error responses. [issue #525](authlib/authlib#525)
Support for acr and amr claims in id_token. [issue #734](authlib/authlib#734)
Support for the none JWS algorithm.
Fix response_types strict order during dynamic client registration. [issue #760](authlib/authlib#760)
Implement RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR). [issue #723](authlib/authlib#723)
OIDC UserInfo endpoint support. [issue #459](authlib/authlib#459)
... (truncated)
Changelog
Sourced from authlib's changelog.
Version 1.6.5
Released on Oct 2, 2025
RFC7591 generate_client_info and generate_client_secret take a request parameter.
Add size limitation when decode JWS/JWE to prevent DoS.
Add size limitation for DEF JWE zip algorithm.
Version 1.6.4
Released on Sep 17, 2025
Fix InsecureTransportError error raising. :issue:795
Fix response_mode=form_post with Starlette client. :issue:793
Validate crit header value, reject unprotected header in crit header.
Version 1.6.3
Released on Aug 26, 2025
OIDC id_token are signed according to id_token_signed_response_alg
client metadata. :issue:755
Version 1.6.2
Released on Aug 23, 2025
Temporarily restore OAuth2Request body parameter. :issue:781 :pr:791
Allow 127.0.0.1 in insecure transport mode. :pr:788
Raise MissingCodeException when the code parameter is missing. :issue:793 :pr:794
Fix id_token generation with EdDSA algs. :issue:799 :pr:800
Version 1.6.1
Released on Jul 20, 2025
Filter key set with additional "alg" and "use" parameters.
Restore and deprecate OAuth2Request body parameter. :issue:781
Version 1.6.0
Released on May 22, 2025
Fix issue when :rfc:RFC9207 <9207> is enabled and the authorization endpoint response is not a redirection. :pr:733
... (truncated)
Commits
9ec4256 chore: release 1.6.5
b62b5b2 Merge branch 'fix-GHSA-pq5p-34cr-23v9'
e0863d5 Merge pull request #830 from authlib/fix-GHSA-g7f3-828f-7h7m
867e3f8 fix(jose): add size limitation to prevent DoS
75ad6d4 Merge pull request #828 from authlib/dependabot/github_actions/dot-github/wor...
68b9823 chore(deps): bump SonarSource/sonarqube-scan-action
5bdfc4b Merge pull request #827 from lisongmin/support-list-params-in-prepare-grant-uri
30ea3c5 feat: support list params in prepare_grant_uri
4b5b570 fix(jose): add max size for JWE zip=DEF decompression
6e35a02 Merge pull request #825 from azmeuk/request-params
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps authlib from 1.3.1 to 1.6.5. Release notes Sourced from authlib's releases. v1.6.4 What's Changed fix(jose): prevent public/unprotected header overwriting protected header by @lep...
X Description: Bumps authlib from 1.3.1 to 1.6.5. Release notes Sourced from authlib's releases. v1.6.4 What's Changed fix(jose): prevent public/unprotected header overwriting protected header ...
Opengraph URL: https://github.com/vpython/glowscript/pull/200
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:7ec80d0a-3d1a-e285-c873-cd9bd9715e25 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | EB2A:1B1F98:E64BB5:1402854:6977A5BE |
| html-safe-nonce | f53fb415267c4e9862b49bc468457a654e6b608b10f45f759758308fa384230b |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFQjJBOjFCMUY5ODpFNjRCQjU6MTQwMjg1NDo2OTc3QTVCRSIsInZpc2l0b3JfaWQiOiI1NjkwNDIwMzY1NzIxMzE0NzUwIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 4d6445581a1c82aea86e6b8a8f0cd90f2f0cc4833bca5f45176df6ea1e545c8e |
| hovercard-subject-tag | pull_request:2905382266 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/vpython/glowscript/pull/200/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps authlib from 1.3.1 to 1.6.5. Release notes Sourced from authlib's releases. v1.6.4 What's Changed fix(jose): prevent public/unprotected header overwriting protected header by @lep... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | e8b91803a5fc7ac066710509c57c636dab6ed4620bd9213b470a4617c79989c9 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/vpython/glowscript git https://github.com/vpython/glowscript.git |
| octolytics-dimension-user_id | 1280757 |
| octolytics-dimension-user_login | vpython |
| octolytics-dimension-repository_id | 187905631 |
| octolytics-dimension-repository_nwo | vpython/glowscript |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 187905631 |
| octolytics-dimension-repository_network_root_nwo | vpython/glowscript |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9b4562e3c5c60b38349a7d80ec8e160c11fe84b6 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width