Skip to content

Bump the pip group across 1 directory with 2 updates#29

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-a4d365fdf7
Closed

Bump the pip group across 1 directory with 2 updates#29
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-a4d365fdf7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 7, 2025
edited
Loading

Bumps the pip group with 2 updates in the / directory: authlib and python-socketio.

Updates authlib from 1.5.2 to 1.6.4

Release notes

Sourced from authlib's releases.

v1.6.4

What's Changed

New Contributors

Full Changelog: authlib/authlib@v1.6.3...v1.6.4

Version 1.6.3

What's Changed

Full Changelog: authlib/authlib@v1.6.2...v1.6.3

Version 1.6.2

What's Changed

Full Changelog: authlib/authlib@v1.6.1...v1.6.2

Version 1.6.1

  • Filter key set with additional "alg" and "use" parameters.

Version 1.6.0

Changelog

Sourced from authlib's changelog.

Version 1.6.4

Released on Sep 17, 2025

  • Fix InsecureTransportError error raising. :issue:795
  • Fix response_mode=form_post with Starlette client. :issue:793
  • Validate crit header value, reject unprotected header in crit header.

Version 1.6.3

Released on Aug 26, 2025

  • OIDC id_token are signed according to id_token_signed_response_alg client metadata. :issue:755

Version 1.6.2

Released on Aug 23, 2025

  • Temporarily restore OAuth2Request body parameter. :issue:781 :pr:791
  • Allow 127.0.0.1 in insecure transport mode. :pr:788
  • Raise MissingCodeException when the code parameter is missing. :issue:793 :pr:794
  • Fix id_token generation with EdDSA algs. :issue:799 :pr:800

Version 1.6.1

Released on Jul 20, 2025

  • Filter key set with additional "alg" and "use" parameters.
  • Restore and deprecate OAuth2Request body parameter. :issue:781

Version 1.6.0

Released on May 22, 2025

  • Fix issue when :rfc:RFC9207 <9207> is enabled and the authorization endpoint response is not a redirection. :pr:733
  • Fix missing state parameter in authorization error responses. :issue:525
  • Support for acr and amr claims in id_token. :issue:734
  • Support for the none JWS algorithm.
  • Fix response_types strict order during dynamic client registration. :issue:760
  • Implement :rfc:RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) <9101>. :issue:723
  • OIDC :class:UserInfo endpoint <authlib.oidc.core.userinfo.UserInfoEndpoint> support. :issue:459
Commits
  • 09a5185 chore: release 1.6.4
  • 6b1813e chore: merge branch 'fix-jose-crit'
  • 99e330f Merge pull request #824 from azmeuk/test-urls
  • bd14be1 test: use explicit *.test url in unit tests
  • 55e8517 fix(jose): Reject unprotected ‘crit’ and enforce type; add tests (#823)
  • 06f0813 fix(jose): validate crit header when deserialize
  • eb07119 fix(jose): validate crit header parameters
  • 72a00e7 fix: typo in diff-cover GHA step
  • 49d0f47 Merge pull request #813 from azmeuk/pytest-paradigm
  • bafecc4 Merge pull request #817 from EpicWink/pyproject-readme
  • Additional commits viewable in compare view

Updates python-socketio from 5.13.0 to 5.14.0

Release notes

Sourced from python-socketio's releases.

Release 5.14.0

See CHANGES.md for release notes.

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.14.1 - 2025-10-02

  • Restore support for rediss:// URLs, and add support for valkeys:// as well (commit)
  • Add support for Redis connections using unix sockets #1503 (commit) (thanks Darren Chang!)

Release 5.14.0 - 2025-09-30

  • Replace pickle with json in message queue communications #1502 (commit)
  • Add support for Valkey in the Redis client managers #1488 (commit) (thanks phi-friday!)
  • Keep track of which namespaces failed to connect #1496 (commit)
  • Fixed transport property of the simple clients to be a string as documented #1499 (commit)
  • SimpleClient.call does not raise TimeoutError on timeout #1501 (commit) (thanks James Thistlewood!)
  • Wait for client to end background tasks on disconnect #1500 (commit)
  • Better error logging for the Redis managers #1479 (commit) (thanks Eugnee!)
  • Channel was not properly initialized in several pubsub client managers #1476 (commit) (thanks Eugnee!)
  • Add message queue deployment recommendations for security (commit)
  • Add missing async on session examples for the async server #1465 (commit) (thanks Func!)
  • Add SPDX license identifier #1453 (commit) (thanks Marc Mueller!)

Release 5.13.0 - 2025-04-12

  • Eliminate race conditions on disconnect #1441 (commit)
  • Preserve exception context in Client.connect and AsyncClient.connect #1450 (commit) (thanks Tim Van Baak!)
  • Allow custom client subclasses to be used in SimpleClient and AsyncSimpleClient #1432 (commit)
  • Add support for Redis Sentinel URLs in RedisManager and AsyncRedisManager #1448 (commit)
  • Remove incorrect reference to an asyncio installation extra in documentation #1449 (commit)

Release 5.12.1 - 2024-12-29

  • Fix admin instrumentation support of disconnect reasons #1423 (commit)
  • Stop using deprecated datetime functions (commit)
  • Enable admin instrumentation by default in WSGI and ASGI examples (commit)
  • Fixed broken gevent URL in documentation #1427 (commit) (thanks Carlos Guerrero!)

Release 5.12.0 - 2024-12-18

  • Added a reason argument to the disconnect handler #1422 (commit)
  • Prevented starting multiple tasks for reconnection #1369 (commit) (thanks humayunsr!)
  • Fixed AsyncClient::wait() unexpected return after success reconnect #1407 (commit) (thanks Arseny!)
  • Removed old constructs from old and unsupported Python versions (commit)
  • Removed dependency on unittest.TestCase base class in unit tests (commit)
  • Adopted pyenv-asyncio for async unit tests (commit)
  • Adopted unittest.mock.AsyncMock in async unit tests (commit)
  • Fix typo with AsyncClient.connect example #1403 (commit) (thanks Peter Bierma!)
  • Documentation typo #1421 (commit) (thanks Masen Furer!)
  • Renamed flask-socketio references to python-socketio in documentation #1377 (commit)
  • Added Python 3.13 CI builds (commit)

... (truncated)

Commits
  • 400200e Release 5.14.0
  • 53f6be0 Replace pickle with json (#1502)
  • a59c6f5 Fix: SimpleClient.call does not raise TimeoutError on timeout (#1501)
  • f61e0be wait for client to end background tasks on disconnect (#1500)
  • 23556fb Fixed transport property of the simple clients to be a string as documented (...
  • e59acf1 Address failures of test suite on Mac (#1497)
  • 36a8922 Add support for valkey in the Redis client managers (#1488)
  • 5dc2aea keep track of which namespaces failed to connect (#1496)
  • b3da354 Add message queue deployment recommendations
  • 3625fe8 Bump eventlet from 0.35.2 to 0.40.3 in /examples/server/wsgi (#1491) #nolog
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 2 updates
273654c 
Bumps the pip group with 2 updates in the / directory: [authlib](https://github.com/authlib/authlib) and [python-socketio](https://github.com/miguelgrinberg/python-socketio).


Updates `authlib` from 1.5.2 to 1.6.4
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.5.2...v1.6.4)

Updates `python-socketio` from 5.13.0 to 5.14.0
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v5.13.0...v5.14.0)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: python-socketio
  dependency-version: 5.14.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Oct 7, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 13, 2025

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Oct 13, 2025
@dependabot dependabot bot deleted the dependabot/pip/pip-a4d365fdf7 branch October 13, 2025 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants