Bump oauthlib from 3.2.2 to 3.3.1 #2747

dependabot · 2025-09-22T12:07:26Z

Bumps oauthlib from 3.2.2 to 3.3.1.

Release notes

v3.3.1

What's Changed

Stop installing examples into site-packages by @mgorny in oauthlib/oauthlib#904

Add explicit GHSA for vuln disclosure by @JonathanHuot in oauthlib/oauthlib#903

Add mandatory RTD configuration by @JonathanHuot in oauthlib/oauthlib#908

Fix 3.3.0 regression of expires_in by @JonathanHuot in oauthlib/oauthlib#907

Full Changelog: oauthlib/oauthlib@v3.3.0...v3.3.1

3.3.0

What's Changed

See also CHANGELOG.md

Use proper SPDX identifier by @Shortfinga in oauthlib/oauthlib#836

Upgrade GitHub Actions and make bandit, codespell, and pytest mandatory by @cclauss in oauthlib/oauthlib#835

OAuth2Error: Allow falsy values as state by @TiphaineLAURENT in oauthlib/oauthlib#815

Update pre-configured OIDC server to use OIDC flavor of Refresh Token grant type by @burkel24 in oauthlib/oauthlib#838

Update setup.cfg to use license_files by @mgorny in oauthlib/oauthlib#839

Ensure expires_at is always int by @sindrig in oauthlib/oauthlib#828

create security policy by @auvipy in oauthlib/oauthlib#831

Fix failing GitHub Action lint_python.yml by @cclauss in oauthlib/oauthlib#854

Lint with ruff to replace bandit, flake8, isort, pyupgrade by @cclauss in oauthlib/oauthlib#855

Add classifier for Python 3.11 by @eseifert in oauthlib/oauthlib#840

Move from Travis to GitHub Actions CI by @auvipy in oauthlib/oauthlib#834

Add support for Python 3.12 by @hugovk in oauthlib/oauthlib#859

CI: Only attempt upload for upstream by @hugovk in oauthlib/oauthlib#858

Lint with ruff to replace bandit, flake8, isort, pyupgrade by @cclauss in oauthlib/oauthlib#861

Ensure that request.client_id is set during Refresh Token Grant. by @luhn in oauthlib/oauthlib#853

Tox use ruff by @cclauss in oauthlib/oauthlib#864

Make UtilsTests.test_filter_params Python 3.13+ compatible by @hroncok in oauthlib/oauthlib#866

Create dependency-review.yml by @auvipy in oauthlib/oauthlib#850

Update supported python versions in classifier by @auvipy in oauthlib/oauthlib#860

Coveralls parallel is True — Turn GitHub Actions green by @cclauss in oauthlib/oauthlib#871

Fix CI Errors by @shawnz in oauthlib/oauthlib#878

Update create_code_verifier to output the proper length by @shawnz in oauthlib/oauthlib#876

Add the device authorization endpoint (RFC8628 section 3.1 & 3.2) by @duzumaki in oauthlib/oauthlib#881

Add support for Python 3.13 by @hugovk in oauthlib/oauthlib#883

Allow user_code to be configured for device auth flow (Device Authorization Grant) by @duzumaki in oauthlib/oauthlib#885

Guard ui_locales.split() by @jaap3 in oauthlib/oauthlib#879

Add DeviceCodeGrant type for device code flow(rfc8628) section 3.4 & 3.5 by @duzumaki in oauthlib/oauthlib#889

Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant to allow validators to be setup with more flexibility by @duzumaki in oauthlib/oauthlib#891

Remove code verifier regex by @shawnz in oauthlib/oauthlib#893

Remove generic classifier by @EvertonSA in oauthlib/oauthlib#895

docs: add django-allauth to available options by @pennersr in oauthlib/oauthlib#902

Handle expires_at with best effort basis by @JonathanHuot in oauthlib/oauthlib#900

3.3.0 release by @JonathanHuot in oauthlib/oauthlib#898

New Contributors

@Shortfinga made their first contribution in oauthlib/oauthlib#836

... (truncated)

Changelog

Sourced from oauthlib's changelog.

3.3.1 (2025-06-19):

OAuth2.0 Client:

#906: fix regression of expires_in parsing when float in string.

3.3.0 (2025-06-17):

OAuth2.0 Provider:

OIDC: #879 Changed in how ui_locales is parsed

RFC8628: Added OAuth2.0 Device Authorization Grant support

PKCE: #876, #893 Fixed create_code_verifier length

OIDC: Pre-configured OIDC server to use Refresh Token by default

OAuth2.0 Common:

OAuth2Error: Allow 0 to be a valid state

OAuth2.0 Client:

#745: expires_at is forced to be an int

#899: expires_at clarification

General:

Removed Python 3.5, 3.6, 3.7 support

#859, #883: Added Python 3.12, 3.13 Support

Added dependency-review GitHub Action

Updated various references of license (SPDX identifier..)

Added GitHub Action for lint, replaced bandy with ruff, removed isort...

Migrated to GitHub Actions from Travis

Added Security Policy

Commits

a2779c6 Bump dependency-review
38c2a8e Merge publish into build workflow
9b65baf Bump version
93fdf91 Add twine manual instructions
6b65bd1 Merge branch 'master' into release-3.3.1
34c9012 Handle expires_in as float to be backward compatible with 3.2.*
f5d58f8 Merge pull request #908 from oauthlib/rtd-cfg
136b3e7 Add mandatory RTD configuration
8929532 Add unit test sample based on 3.3.0 regression of expires_in
9ed616d Merge pull request #903 from oauthlib/security-ghsa
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.2.2 to 3.3.1. - [Release notes](https://github.com/oauthlib/oauthlib/releases) - [Changelog](https://github.com/oauthlib/oauthlib/blob/master/CHANGELOG.rst) - [Commits](oauthlib/oauthlib@v3.2.2...v3.3.1) --- updated-dependencies: - dependency-name: oauthlib dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Sep 22, 2025

pamelafox merged commit dafcef7 into main Oct 3, 2025
21 checks passed

dependabot bot deleted the dependabot/pip/oauthlib-3.3.1 branch October 3, 2025 17:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump oauthlib from 3.2.2 to 3.3.1 #2747

Bump oauthlib from 3.2.2 to 3.3.1 #2747

Uh oh!

dependabot bot commented on behalf of github Sep 22, 2025

Uh oh!

Uh oh!

Uh oh!

Bump oauthlib from 3.2.2 to 3.3.1 #2747

Bump oauthlib from 3.2.2 to 3.3.1 #2747

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 22, 2025

v3.3.1

What's Changed

3.3.0

What's Changed

New Contributors

3.3.1 (2025-06-19):

3.3.0 (2025-06-17):

Uh oh!

Uh oh!

Uh oh!