chore(deps): bump authlib from 1.7.0 to 1.7.1 in /envs/terminus_env#786
chore(deps): bump authlib from 1.7.0 to 1.7.1 in /envs/terminus_env#786dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [authlib](https://github.com/authlib/authlib) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/authlib/authlib/releases) - [Commits](authlib/authlib@v1.7.0...1.7.1) --- updated-dependencies: - dependency-name: authlib dependency-version: 1.7.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
Dependencies
python:uv
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review (automated)
Tier 1 (bugs/lint): None. Minimal patch bump (+3/-3) touching only envs/terminus_env/uv.lock: authlib 1.7.0 -> 1.7.1, a bugfix release that also patches an unvalidated redirect_uri redirect in OpenIDImplicitGrant/OpenIDHybridGrant (security-relevant, worth taking). Verified the diff contains no unrelated openenv-core -> openenv rename — unlike #780, this lockfile still references openenv-core.
Tier 2 (alignment): None.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Tier 1 (correctness): Clean lockfile bump of authlib 1.7.0 → 1.7.1 in envs/terminus_env/uv.lock. Version string, sdist (URL + sha256 + size + upload-time) and wheel (URL + sha256 + size + upload-time) are all updated together and consistent with the 1.7.1 artifacts — no partial edits or stale hashes.
Tier 2 (alignment): No Python source touched; no OpenEnv invariant or principle implicated. Scope matches the title exactly (one file). Upstream 1.7.1 is a bugfix release (JOSE deprecation-warning fix + an OIDC redirect_uri validation fix).
Verdict: approve — routine, internally-consistent dependency bump.
Automated review by Claude Code | Learn more
1 participant
Bumps authlib from 1.7.0 to 1.7.1.
Release notes
Sourced from authlib's releases.
Commits
485016achore: bump to 1.7.17b4ecd7fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grantsc304a21Merge pull request #881 from azmeuk/880-deprecation-warnings4165adafix: authlib.jose deprecation warning poping from _joserfc_helpersDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.