chore(deps): update dependency authlib to v1.6.6 (!103) · Merge requests · Perun / Perun ProxyIdP / ProxyIdP GUI

This MR contains the following updates:

Package	Update	Change
Authlib	minor	`==1.3.0` -> `==1.6.6`

Release Notes

authlib/authlib (Authlib)

What's Changed

fix(jose): prevent public/unprotected header overwriting protected header by @lepture in https://github.com/authlib/authlib/pull/809
Fix InsecureTransportError raising by @azmeuk in https://github.com/authlib/authlib/pull/810
Add conventional-commits pre-commit hook by @azmeuk in https://github.com/authlib/authlib/pull/811
Fix response_mode=form_post with Starlette client by @azmeuk in https://github.com/authlib/authlib/pull/812
Specify README.md as project long description by @EpicWink in https://github.com/authlib/authlib/pull/817
Migrate tests to pytest paradigm by @azmeuk in https://github.com/authlib/authlib/pull/813
jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by @AL-Cybision in https://github.com/authlib/authlib/pull/823
Use explicit *.test urls in unit tests by @azmeuk in https://github.com/authlib/authlib/pull/824

New Contributors

@EpicWink made their first contribution in https://github.com/authlib/authlib/pull/817
@AL-Cybision made their first contribution in https://github.com/authlib/authlib/pull/823

Full Changelog: https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4

`v1.6.3`: Version 1.6.3

Compare Source

What's Changed

Add diff-cover check in GHA by @azmeuk in https://github.com/authlib/authlib/pull/803
Run GHA unit tests with uv by @azmeuk in https://github.com/authlib/authlib/pull/805
Move from pre-commit to prek by @azmeuk in https://github.com/authlib/authlib/pull/804
Sign OIDC id_token according to id_token_signed_response_alg client metadata by @azmeuk in https://github.com/authlib/authlib/pull/802

Full Changelog: https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3

`v1.6.2`: Version 1.6.2

Compare Source

What's Changed

Allow insecure transport for 127.0.0.1 for debugging by @geigerzaehler in https://github.com/authlib/authlib/pull/788
Raise a MissingCodeError when code parameter is missing by @lepture in https://github.com/authlib/authlib/pull/786
Temporarily restore OAuth2Request body parameter by @azmeuk in https://github.com/authlib/authlib/pull/791
Raise MissingCodeException when code parameter is missing by @lepture in https://github.com/authlib/authlib/pull/794
Fix id_token generation with EdDSA alg by @azmeuk in https://github.com/authlib/authlib/pull/800

Full Changelog: https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2

`v1.6.1`: Version 1.6.1

Compare Source

Filter key set with additional "alg" and "use" parameters.

`v1.6.0`: Version 1.6.0

Compare Source

Fix issue when RFC9207 is enabled and the authorization endpoint response is not a redirection. pull request #733
Fix missing state parameter in authorization error responses. issue #525
Support for acr and amr claims in id_token. issue #734
Support for the none JWS algorithm.
Fix response_types strict order during dynamic client registration. issue #760
Implement RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR). issue #723
OIDC UserInfo endpoint support. issue #459

`v1.5.2`: Version 1.5.2

Compare Source

Released on Apr 1, 2025

Forbid fragments in redirect_uris. #714
Fix invalid characters in error_description. #720
Add claims_cls parameter for client's parse_id_token method. #725

`v1.5.1`: Version 1.5.1

Compare Source

Released on Feb 28, 2025

Fix RFC9207 iss parameter. #715

`v1.5.0`: Version 1.5.0

Compare Source

Fix token introspection auth method for clients. #662
Optional typ claim in JWT tokens. #696
JWT validation leeway. #689
Implement server-side RFC9207. #700 #701
generate_id_token can take a kid parameter. #702
More detailed InvalidClientError. #706
OpenID Connect Dynamic Client Registration implementation. #707

`v1.4.1`: Version 1.4.1

Compare Source

Improve garbage collection on OAuth clients. #698
Fix client parameters for httpx. #694

`v1.4.0`: Version 1.4.0

Compare Source

Bugfixes

Fix id_token decoding when kid is null. #659
Support for Python 3.13. #682
Force login if the prompt parameter value is login. #637
Support for httpx 0.28. #695

Breaking changes

Stop support for Python 3.8. #682

`v1.3.2`: Version 1.3.2

Compare Source

Prevent ever-growing session size for OAuth clients.
Revert quote client id and secret.
unquote basic auth header for authorization server.

`v1.3.1`: Version 1.3.1

Compare Source

Prevent OctKey to import ssh and PEM strings.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Dec 12, 2025 by Perun-GitLab Service Account

chore(deps): update dependency authlib to v1.6.6

Release Notes

v1.6.6

v1.6.5

v1.6.4

What's Changed

New Contributors

v1.6.3: Version 1.6.3

What's Changed

v1.6.2: Version 1.6.2

What's Changed

v1.6.1: Version 1.6.1

v1.6.0: Version 1.6.0

v1.5.2: Version 1.5.2

v1.5.1: Version 1.5.1

v1.5.0: Version 1.5.0

v1.4.1: Version 1.4.1

v1.4.0: Version 1.4.0

v1.3.2: Version 1.3.2

v1.3.1: Version 1.3.1

Configuration

Merge request reports

`v1.6.6`

`v1.6.5`

`v1.6.4`

`v1.6.3`: Version 1.6.3

`v1.6.2`: Version 1.6.2

`v1.6.1`: Version 1.6.1

`v1.6.0`: Version 1.6.0

`v1.5.2`: Version 1.5.2

`v1.5.1`: Version 1.5.1

`v1.5.0`: Version 1.5.0

`v1.4.1`: Version 1.4.1

`v1.4.0`: Version 1.4.0

`v1.3.2`: Version 1.3.2

`v1.3.1`: Version 1.3.1