build(deps): bump oauthlib from 3.2.2 to 3.3.0 #2017

dependabot · 2025-06-18T10:39:43Z

Bumps oauthlib from 3.2.2 to 3.3.0.

Release notes

3.3.0

What's Changed

See also CHANGELOG.md

Use proper SPDX identifier by @Shortfinga in oauthlib/oauthlib#836

Upgrade GitHub Actions and make bandit, codespell, and pytest mandatory by @cclauss in oauthlib/oauthlib#835

OAuth2Error: Allow falsy values as state by @TiphaineLAURENT in oauthlib/oauthlib#815

Update pre-configured OIDC server to use OIDC flavor of Refresh Token grant type by @burkel24 in oauthlib/oauthlib#838

Update setup.cfg to use license_files by @mgorny in oauthlib/oauthlib#839

Ensure expires_at is always int by @sindrig in oauthlib/oauthlib#828

create security policy by @auvipy in oauthlib/oauthlib#831

Fix failing GitHub Action lint_python.yml by @cclauss in oauthlib/oauthlib#854

Lint with ruff to replace bandit, flake8, isort, pyupgrade by @cclauss in oauthlib/oauthlib#855

Add classifier for Python 3.11 by @eseifert in oauthlib/oauthlib#840

Move from Travis to GitHub Actions CI by @auvipy in oauthlib/oauthlib#834

Add support for Python 3.12 by @hugovk in oauthlib/oauthlib#859

CI: Only attempt upload for upstream by @hugovk in oauthlib/oauthlib#858

Lint with ruff to replace bandit, flake8, isort, pyupgrade by @cclauss in oauthlib/oauthlib#861

Ensure that request.client_id is set during Refresh Token Grant. by @luhn in oauthlib/oauthlib#853

Tox use ruff by @cclauss in oauthlib/oauthlib#864

Make UtilsTests.test_filter_params Python 3.13+ compatible by @hroncok in oauthlib/oauthlib#866

Create dependency-review.yml by @auvipy in oauthlib/oauthlib#850

Update supported python versions in classifier by @auvipy in oauthlib/oauthlib#860

Coveralls parallel is True — Turn GitHub Actions green by @cclauss in oauthlib/oauthlib#871

Fix CI Errors by @shawnz in oauthlib/oauthlib#878

Update create_code_verifier to output the proper length by @shawnz in oauthlib/oauthlib#876

Add the device authorization endpoint (RFC8628 section 3.1 & 3.2) by @duzumaki in oauthlib/oauthlib#881

Add support for Python 3.13 by @hugovk in oauthlib/oauthlib#883

Allow user_code to be configured for device auth flow (Device Authorization Grant) by @duzumaki in oauthlib/oauthlib#885

Guard ui_locales.split() by @jaap3 in oauthlib/oauthlib#879

Add DeviceCodeGrant type for device code flow(rfc8628) section 3.4 & 3.5 by @duzumaki in oauthlib/oauthlib#889

Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant to allow validators to be setup with more flexibility by @duzumaki in oauthlib/oauthlib#891

Remove code verifier regex by @shawnz in oauthlib/oauthlib#893

Remove generic classifier by @EvertonSA in oauthlib/oauthlib#895

docs: add django-allauth to available options by @pennersr in oauthlib/oauthlib#902

Handle expires_at with best effort basis by @JonathanHuot in oauthlib/oauthlib#900

3.3.0 release by @JonathanHuot in oauthlib/oauthlib#898

New Contributors

@Shortfinga made their first contribution in oauthlib/oauthlib#836

@TiphaineLAURENT made their first contribution in oauthlib/oauthlib#815

@burkel24 made their first contribution in oauthlib/oauthlib#838

@sindrig made their first contribution in oauthlib/oauthlib#828

@eseifert made their first contribution in oauthlib/oauthlib#840

@hroncok made their first contribution in oauthlib/oauthlib#866

@shawnz made their first contribution in oauthlib/oauthlib#878

@duzumaki made their first contribution in oauthlib/oauthlib#881

@jaap3 made their first contribution in oauthlib/oauthlib#879

@EvertonSA made their first contribution in oauthlib/oauthlib#895

... (truncated)

Changelog

Sourced from oauthlib's changelog.

3.3.0 (2025-06-17):

OAuth2.0 Provider:

OIDC: #879 Changed in how ui_locales is parsed

RFC8628: Added OAuth2.0 Device Authorization Grant support

PKCE: #876, #893 Fixed create_code_verifier length

OIDC: Pre-configured OIDC server to use Refresh Token by default

OAuth2.0 Common:

OAuth2Error: Allow 0 to be a valid state

OAuth2.0 Client:

#745: expires_at is forced to be an int

#899: expires_at clarification

General:

Removed Python 3.5, 3.6, 3.7 support

#859, #883: Added Python 3.12, 3.13 Support

Added dependency-review GitHub Action

Updated various references of license (SPDX identifier..)

Added GitHub Action for lint, replaced bandy with ruff, removed isort...

Migrated to GitHub Actions from Travis

Added Security Policy

Commits

6413d2e Merge pull request #898 from oauthlib/2025-05-release
80ffd03 Execute publish workflow of the tagged source. Not of master branch.
363d2de Updated recommended filter for publish
c38976f Merge branch 'master' into 2025-05-release
92a785b Fix linter after rebase
2a3e5bc docs: add django-allauth to available options
0c61345 Fixed ruff findings about function import
8d10351 Added maintainer instructions
4b95bce Updated GH actions
46bc4fd Bumped release
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.2.2 to 3.3.0. - [Release notes](https://github.com/oauthlib/oauthlib/releases) - [Changelog](https://github.com/oauthlib/oauthlib/blob/master/CHANGELOG.rst) - [Commits](oauthlib/oauthlib@v3.2.2...v3.3.0) --- updated-dependencies: - dependency-name: oauthlib dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-06-20T10:08:49Z

Superseded by #2022.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 18, 2025

dependabot bot closed this Jun 20, 2025

dependabot bot deleted the dependabot/pip/oauthlib-3.3.0 branch June 20, 2025 10:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump oauthlib from 3.2.2 to 3.3.0 #2017

build(deps): bump oauthlib from 3.2.2 to 3.3.0 #2017

Uh oh!

dependabot bot commented on behalf of github Jun 18, 2025

Uh oh!

dependabot bot commented on behalf of github Jun 20, 2025

Uh oh!

Uh oh!

build(deps): bump oauthlib from 3.2.2 to 3.3.0 #2017

build(deps): bump oauthlib from 3.2.2 to 3.3.0 #2017

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 18, 2025

3.3.0

What's Changed

New Contributors

3.3.0 (2025-06-17):

Uh oh!

dependabot bot commented on behalf of github Jun 20, 2025

Uh oh!

Uh oh!