Skip to content

chore(deps): bump authlib from 1.7.0 to 1.7.1 in /src/oci-support-mcp-server#261

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/src/oci-support-mcp-server/authlib-1.7.1
Open

chore(deps): bump authlib from 1.7.0 to 1.7.1 in /src/oci-support-mcp-server#261
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/src/oci-support-mcp-server/authlib-1.7.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps authlib from 1.7.0 to 1.7.1.

Release notes

Sourced from authlib's releases.

v1.7.1

What's Changed

  • Fix authlib.jose deprecation warning poping from _joserfc_helpers by @​azmeuk in authlib/authlib#881
  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Full Changelog: authlib/authlib@v1.7.0...v1.7.1

Commits
  • 485016a chore: bump to 1.7.1
  • 7b4ecd7 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • c304a21 Merge pull request #881 from azmeuk/880-deprecation-warnings
  • 4165ada fix: authlib.jose deprecation warning poping from _joserfc_helpers
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 15, 2026
@oracle-contributor-agreement oracle-contributor-agreement Bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label May 15, 2026
@krisrice

krisrice commented May 26, 2026

Copy link
Copy Markdown
Member

Automated review result: needs security/manual review.

Reason:

  • This Dependabot PR updates authlib, an authentication/OAuth dependency. The automation treats auth and credential dependencies as security-sensitive even for patch bumps.

Manual review should verify:

  • The Authlib patch is semantically compatible with the support MCP server auth flow.
  • Token, credential, and session handling behavior is unchanged or intentionally updated.
  • Tests cover auth failure and credential-redaction behavior where applicable.

No automated approval or merge was performed.

@dependabot
chore(deps): bump authlib in /src/oci-support-mcp-server
f8cca1f 
Bumps [authlib](https://github.com/authlib/authlib) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/src/oci-support-mcp-server/authlib-1.7.1 branch from f7e0bb1 to f8cca1f Compare May 28, 2026 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krisrice krisrice Awaiting requested review from krisrice krisrice is a code owner

@AlaaShaker AlaaShaker Awaiting requested review from AlaaShaker AlaaShaker is a code owner

@gebhardtr gebhardtr Awaiting requested review from gebhardtr gebhardtr is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file OCA Verified All contributors have signed the Oracle Contributor Agreement. python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@krisrice