[PR #15423] [CLOSED] build(deps): bump authlib from 1.4.1 to 1.6.0 in /backend #127477

Closed
opened 2026-05-21 09:24:33 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/15423
Author: @dependabot[bot]
Created: 7/1/2025
Status: Closed

Base: devHead: dependabot/pip/backend/dev/authlib-1.6.0


📝 Commits (1)

  • 071b4ae build(deps): bump authlib from 1.4.1 to 1.6.0 in /backend

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 backend/requirements.txt (+1 -1)

📄 Description

Bumps authlib from 1.4.1 to 1.6.0.

Release notes

Sourced from authlib's releases.

Version 1.6.0

Version 1.5.2

Released on Apr 1, 2025

  • Forbid fragments in redirect_uris. #714
  • Fix invalid characters in error_description. #720
  • Add claims_cls parameter for client's parse_id_token method. #725

Version 1.5.1

Released on Feb 28, 2025

  • Fix RFC9207 iss parameter. #715

Version 1.5.0

  • Fix token introspection auth method for clients. #662
  • Optional typ claim in JWT tokens. #696
  • JWT validation leeway. #689
  • Implement server-side RFC9207. #700 #701
  • generate_id_token can take a kid parameter. #702
  • More detailed InvalidClientError. #706
  • OpenID Connect Dynamic Client Registration implementation. #707
Changelog

Sourced from authlib's changelog.

Version 1.6.0

Released on May 22, 2025

  • Fix issue when :rfc:RFC9207 <9207> is enabled and the authorization endpoint response is not a redirection. :pr:733
  • Fix missing state parameter in authorization error responses. :issue:525
  • Support for acr and amr claims in id_token. :issue:734
  • Support for the none JWS algorithm.
  • Fix response_types strict order during dynamic client registration. :issue:760
  • Implement :rfc:RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) <9101>. :issue:723
  • OIDC :class:UserInfo endpoint <authlib.oidc.core.userinfo.UserInfoEndpoint> support. :issue:459

Version 1.5.2

Released on Apr 1, 2025

  • Forbid fragments in redirect_uris. :issue:714
  • Fix invalid characters in error_description. :issue:720
  • Add claims_cls parameter for client's parse_id_token method. :issue:725

Version 1.5.1

Released on Feb 28, 2025

  • Fix RFC9207 iss parameter. :pr:715

Version 1.5.0

Released on Feb 25, 2025

  • Fix token introspection auth method for clients. :pr:662
  • Optional typ claim in JWT tokens. :pr:696
  • JWT validation leeway. :pr:689
  • Implement server-side :rfc:RFC9207 <9207>. :issue:700 :pr:701
  • generate_id_token can take a kid parameter. :pr:702
  • More detailed InvalidClientError. :pr:706
  • OpenID Connect Dynamic Client Registration implementation. :pr:707
Commits
  • fe87a11 chore: release version 1.6.0
  • 036a0b7 Merge pull request #774 from azmeuk/459-userinfo
  • 449a1a2 feat: OIDC userinfo endpoint support
  • d429c36 Merge pull request #749 from azmeuk/724-jar
  • a524d23 chore: move 1.7 deprecations to 1.8
  • f37e60e feat: implement rfc9101 JWT authorization request
  • 8a6c714 refactor: OAuth2 hook mechanism overhaul
  • ff1b66b refactor: extract OAuth2Payload from OAuth2Request
  • 98eebd1 refactor: remove uncovered code in OAuth2Request
  • 1b848e2 refactor: create_authorization_response can take an optional 'grant' arg
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/15423 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 7/1/2025 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `dependabot/pip/backend/dev/authlib-1.6.0` --- ### 📝 Commits (1) - [`071b4ae`](https://github.com/open-webui/open-webui/commit/071b4aefa66b028ec4ad8666234030b85b20c93c) build(deps): bump authlib from 1.4.1 to 1.6.0 in /backend ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/requirements.txt` (+1 -1) </details> ### 📄 Description Bumps [authlib](https://github.com/authlib/authlib) from 1.4.1 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <ul> <li>Fix issue when <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a> is enabled and the authorization endpoint response is not a redirection. [pull request <a href="https://redirect.github.com/authlib/authlib/issues/733">#733</a>](<a href="https://redirect.github.com/authlib/authlib/pull/733">authlib/authlib#733</a>)</li> <li>Fix missing state parameter in authorization error responses. [issue <a href="https://redirect.github.com/authlib/authlib/issues/525">#525</a>](<a href="https://redirect.github.com/authlib/authlib/issues/525">authlib/authlib#525</a>)</li> <li>Support for acr and amr claims in id_token. [issue <a href="https://redirect.github.com/authlib/authlib/issues/734">#734</a>](<a href="https://redirect.github.com/authlib/authlib/issues/734">authlib/authlib#734</a>)</li> <li>Support for the none JWS algorithm.</li> <li>Fix response_types strict order during dynamic client registration. [issue <a href="https://redirect.github.com/authlib/authlib/issues/760">#760</a>](<a href="https://redirect.github.com/authlib/authlib/issues/760">authlib/authlib#760</a>)</li> <li>Implement <a href="https://datatracker.ietf.org/doc/html/rfc9101.html">RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)</a>. [issue <a href="https://redirect.github.com/authlib/authlib/issues/723">#723</a>](<a href="https://redirect.github.com/authlib/authlib/issues/723">authlib/authlib#723</a>)</li> <li>OIDC <a href="https://docs.authlib.org/en/latest/specs/oidc.html#authlib.oidc.core.UserInfoEndpoint">UserInfo endpoint</a> support. [issue <a href="https://redirect.github.com/authlib/authlib/issues/459">#459</a>](<a href="https://redirect.github.com/authlib/authlib/issues/459">authlib/authlib#459</a>)</li> </ul> <h2>Version 1.5.2</h2> <p>Released on Apr 1, 2025</p> <ul> <li>Forbid fragments in redirect_uris. <a href="https://redirect.github.com/authlib/authlib/issues/714">#714</a></li> <li>Fix invalid characters in error_description. <a href="https://redirect.github.com/authlib/authlib/issues/720">#720</a></li> <li>Add <code>claims_cls</code> parameter for client's parse_id_token method. <a href="https://redirect.github.com/authlib/authlib/issues/725">#725</a></li> </ul> <h2>Version 1.5.1</h2> <p>Released on Feb 28, 2025</p> <ul> <li>Fix RFC9207 iss parameter. <a href="https://redirect.github.com/authlib/authlib/issues/715">#715</a></li> </ul> <h2>Version 1.5.0</h2> <ul> <li>Fix token introspection auth method for clients. <a href="https://redirect.github.com/lepture/authlib/pull/662">#662</a></li> <li>Optional typ claim in JWT tokens. <a href="https://redirect.github.com/lepture/authlib/pull/696">#696</a></li> <li>JWT validation leeway. <a href="https://redirect.github.com/lepture/authlib/pull/689">#689</a></li> <li>Implement server-side <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a>. <a href="https://redirect.github.com/lepture/authlib/issues/700">#700</a> <a href="https://redirect.github.com/lepture/authlib/pull/701">#701</a></li> <li>generate_id_token can take a kid parameter. <a href="https://redirect.github.com/lepture/authlib/pull/702">#702</a></li> <li>More detailed InvalidClientError. <a href="https://redirect.github.com/lepture/authlib/pull/706">#706</a></li> <li>OpenID Connect Dynamic Client Registration implementation. <a href="https://redirect.github.com/lepture/authlib/pull/707">#707</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <p><strong>Released on May 22, 2025</strong></p> <ul> <li>Fix issue when :rfc:<code>RFC9207 &lt;9207&gt;</code> is enabled and the authorization endpoint response is not a redirection. :pr:<code>733</code></li> <li>Fix missing <code>state</code> parameter in authorization error responses. :issue:<code>525</code></li> <li>Support for <code>acr</code> and <code>amr</code> claims in <code>id_token</code>. :issue:<code>734</code></li> <li>Support for the <code>none</code> JWS algorithm.</li> <li>Fix <code>response_types</code> strict order during dynamic client registration. :issue:<code>760</code></li> <li>Implement :rfc:<code>RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) &lt;9101&gt;</code>. :issue:<code>723</code></li> <li>OIDC :class:<code>UserInfo endpoint &lt;authlib.oidc.core.userinfo.UserInfoEndpoint&gt;</code> support. :issue:<code>459</code></li> </ul> <h2>Version 1.5.2</h2> <p><strong>Released on Apr 1, 2025</strong></p> <ul> <li>Forbid fragments in <code>redirect_uris</code>. :issue:<code>714</code></li> <li>Fix invalid characters in <code>error_description</code>. :issue:<code>720</code></li> <li>Add <code>claims_cls</code> parameter for client's <code>parse_id_token</code> method. :issue:<code>725</code></li> </ul> <h2>Version 1.5.1</h2> <p><strong>Released on Feb 28, 2025</strong></p> <ul> <li>Fix RFC9207 <code>iss</code> parameter. :pr:<code>715</code></li> </ul> <h2>Version 1.5.0</h2> <p><strong>Released on Feb 25, 2025</strong></p> <ul> <li>Fix token introspection auth method for clients. :pr:<code>662</code></li> <li>Optional <code>typ</code> claim in JWT tokens. :pr:<code>696</code></li> <li>JWT validation leeway. :pr:<code>689</code></li> <li>Implement server-side :rfc:<code>RFC9207 &lt;9207&gt;</code>. :issue:<code>700</code> :pr:<code>701</code></li> <li><code>generate_id_token</code> can take a <code>kid</code> parameter. :pr:<code>702</code></li> <li>More detailed <code>InvalidClientError</code>. :pr:<code>706</code></li> <li>OpenID Connect Dynamic Client Registration implementation. :pr:<code>707</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/authlib/authlib/commit/fe87a117f941975793bf4063e9b08b90e88b230a"><code>fe87a11</code></a> chore: release version 1.6.0</li> <li><a href="https://github.com/authlib/authlib/commit/036a0b71532ada9371f0fc41f6bcd2287666bb20"><code>036a0b7</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/774">#774</a> from azmeuk/459-userinfo</li> <li><a href="https://github.com/authlib/authlib/commit/449a1a24a42f5090f339dc60cab29ac89203e971"><code>449a1a2</code></a> feat: OIDC userinfo endpoint support</li> <li><a href="https://github.com/authlib/authlib/commit/d429c36717cfa1df8723139ca4c8d5939ed7fd73"><code>d429c36</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/749">#749</a> from azmeuk/724-jar</li> <li><a href="https://github.com/authlib/authlib/commit/a524d23e95a1ef4e1fd0d4b4cdb0c0005cc74757"><code>a524d23</code></a> chore: move 1.7 deprecations to 1.8</li> <li><a href="https://github.com/authlib/authlib/commit/f37e60ec0cac660df3b1e4256883e77107aa5d78"><code>f37e60e</code></a> feat: implement rfc9101 JWT authorization request</li> <li><a href="https://github.com/authlib/authlib/commit/8a6c714fdbfd8ad574f51eb880590efdc6235912"><code>8a6c714</code></a> refactor: OAuth2 hook mechanism overhaul</li> <li><a href="https://github.com/authlib/authlib/commit/ff1b66bedc736a86ba596ad5d0344c5c2c2f03ad"><code>ff1b66b</code></a> refactor: extract OAuth2Payload from OAuth2Request</li> <li><a href="https://github.com/authlib/authlib/commit/98eebd14b99411235da75457a7aec21d473d448e"><code>98eebd1</code></a> refactor: remove uncovered code in OAuth2Request</li> <li><a href="https://github.com/authlib/authlib/commit/1b848e2a1e0aadc70762f4a707ab91e1b99f2300"><code>1b848e2</code></a> refactor: create_authorization_response can take an optional 'grant' arg</li> <li>Additional commits viewable in <a href="https://github.com/authlib/authlib/compare/v1.4.1...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.4.1&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-21 09:24:33 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#127477