Bump django-oauth-toolkit from 1.1.2 to 1.4.1 in /cccatalog-api (original #706)

[obulat]

This issue has been migrated from the CC Search Frontend repository

Author: dependabot[bot]
Date: Mon Mar 15 2021
Labels: dependencies,python,🙅 status: discontinued

Bumps django-oauth-toolkit from 1.1.2 to 1.4.1.

Release notes

Sourced from django-oauth-toolkit's releases.

Release 1.4.1

No release notes provided.

Releae 1.4.0

No release notes provided.

Release 1.3.3

No release notes provided.

Release 1.3.2

See release 1.3.1; no changes.

Release 1.3.1

Added

• #725: HTTP Basic Auth support for introspection (Fix issue #709)

Fixed

• #812: Reverts #643 pass wrong request object to authenticate function.
• Fix concurrency issue with refresh token requests (#810)
• #817: Reverts #734 tutorial documentation error.

Release 1.3.0

From the CHANGELOG:

[1.3.0] 2020-03-02

Added

• Add support for Python 3.7 & 3.8
• Add support for Django>=2.1,<3.1
• Add requirement for oauthlib>=3.0.1
• Add support for Proof Key for Code Exchange (PKCE, RFC 7636).
• Add support for custom token generators (e.g. to create JWT tokens).
• Add new OAUTH2_PROVIDER settings:
  • ACCESS_TOKEN_GENERATOR to override the default access token generator.
  • REFRESH_TOKEN_GENERATOR to override the default refresh token generator.
  • EXTRA_SERVER_KWARGS options dictionary for oauthlib's Server class.
  • PKCE_REQUIRED to require PKCE.
• Add createapplication management command to create an application.
• Add id in toolkit admin console applications list.
• Add nonstandard Google support for [urn:ietf:wg:oauth:2.0:oob] redirect_uri for Google OAuth2 "manual copy/paste". N.B. this feature appears to be deprecated and replaced with methods described in RFC 8252: OAuth2 for Native Apps and may be deprecated and/or removed from a future release of Django-oauth-toolkit.

Changed

• Change this change log to use Keep a Changelog format.
• Backwards-incompatible squashed migrations: If you are currently on a release < 1.2.0, you will need to first install 1.2.0 then manage.py migrate before

... (truncated)

Changelog

Sourced from django-oauth-toolkit's changelog.

[1.4.1]

Changed

• #925 OAuth2TokenMiddleware converted to new style middleware, and no longer extends MiddlewareMixin.

Removed

• #936 Remove support for Python 3.5

[1.4.0] 2021-02-08

Added

• #917 Documentation improvement for Access Token expiration.
• #916 (for DOT contributors) Added tox -e livedocs which launches a local web server on locahost:8000 to display Sphinx documentation with live updates as you edit.
• #891 (for DOT contributors) Added details on how best to contribute to this project.
• #884 Added support for Python 3.9
• #898 Added the ability to customize classes for django admin
• #690 Added pt-PT translations to HTML templates. This enables adding additional translations.

Fixed

• #906 Made token revocation not apply a limit to the select_for_update statement (impacts Oracle 12c database).
• #903 Disable redirect_uri field length limit for AbstractGrant

[1.3.3] 2020-10-16

Added

• added select_related in intospect view for better query performance
• #831 Authorization token creation now can receive an expire date
• #831 Added a method to override Grant creation
• #825 Bump oauthlib to 3.1.0 to introduce PKCE
• Support for Django 3.1

Fixed

• #847: Fix inappropriate message when response from authentication server is not OK.

Changed

• few smaller improvements to remove older django version compatibility #830, #861, #862, #863

[1.3.2] 2020-03-24

Fixed

• Fixes: 1.3.1 inadvertently uploaded to pypi with an extra migration (0003...) from a dev branch.

[1.3.1] 2020-03-23

Added

• #725: HTTP Basic Auth support for introspection (Fix issue #709)

Fixed

... (truncated)

Commits

• c0a9ac9 1.4.1 release (#940)
• 2555156 Drop retired Python 3.5 (#936)
• d6d1f99 Revert "GitHub Actions: smart run strategy (#937)" (#939)
• 062408a GitHub Actions: smart run strategy (#937)
• e09e7d4 Fix weird grammar in messages on authorize screen (#935)
• 4c6f059 Fix wrong import (#930)
• 1ada5af Run lint in Github Actions (#933)
• ffff6b6 Remove italics from "Models" section header (#927)
• e3207d8 Rename Django's dev branch to main. (#932)
• 41aa49e new style middleware
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Original Comments:

TimidRobot commented on Mon Mar 15 2021:

🙅🏻 status: discontinued: Project is in maintenance mode (Upcoming Changes to the CC Open Source Community — Creative Commons Open Source). source

Issue author dependabot[bot] commented on Mon Mar 15 2021:

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it. source

[obulat]

The old version of django-oauth-toolkit that we have pinned blocks us from updating other django-related packages. The problem was that a change in 1.2.0 was not backward-compatible:

validators.URIValidator has been updated to match URLValidator behaviour more closely.
Moved redirect_uris validation to the application clean() method.

The solution, from the django-oauth-toolkit's changelog is: Backwards-incompatible squashed migrations: If you are currently on a release < 1.2.0, you will need to first install 1.2.0 then manage.py migrate before upgrading to >= 1.3.0.