search

cedadev / ceda-services-portal

Portal for registration and management of CEDA users.
Other
0 stars 0 forks source link

Bump mozilla-django-oidc from 2.0.0 to 4.0.0 #166

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps mozilla-django-oidc from 2.0.0 to 4.0.0.

Release notes

Sourced from mozilla-django-oidc's releases.

Bump to 4.0.0

No release notes provided.

Bump to v3.0.0

https://github.com/mozilla/mozilla-django-oidc/blob/main/HISTORY.rst#300-2022-11-14

Changelog

Sourced from mozilla-django-oidc's changelog.

4.0.0 (2024-01-11)

  • Added PKCE support in the authorization code flow. Thanks @themooer1 <https://github.com/themooer1>_ and @escattone <https://github.com/escattone/>_
  • Added support for Elliptic Curve JWT signing algorithms Thanks @atanunq <https://github.com/atanunq>_
  • Replace mock with unittest.mock Thanks @traylenator <https://github.com/traylenator>_
  • Add pre-commit hooks
  • Add support for Python 3.11 and 3.12
  • Add support for Django 4.2
  • Document OIDC_USERNAME_ALGO Thanks @polyccon <https://github.com/polyccon>_
  • Add claims to custom username algorithm Thanks @EduardRosert <https://github.com/EduardRosert>_
  • Formatting fixes in the Documentation Thanks @EduardRosert <https://github.com/EduardRosert>_
  • Update token error response handling Thanks @dopry <https://github.com/dopry>

Backwards-incompatible changes:

  • Drop Python 3.7 support
  • Drop Django 4.1 support

3.0.0 (2022-11-14)

  • Gracefully handle www-authenticate header with missing error_description. Thanks @vinitsharswat <https://github.com/vinitsharswat>_ and @adamj9431 <https://github.com/adamj9431>_
  • Lint project with black.
  • Add support for Django 4
  • Document OIDC_OP_JWKS_ENDPOINT. Thanks @yoctozepto <https://github.com/yoctozepto>_
  • Update typo in comments. Thanks @rabbit-aaron <https://github.com/rabbit-aaron>_
  • LOGIN_REDIRECT_URL now accepts a named url pattern. Thanks @dispiste <https://github.com/dispiste>_
  • Pass OIDC_AUTH_REQUEST_EXTRA_PARAMS to SessionRefresh Thanks @melanger <https://github.com/melanger>_
  • Remove state from from session after failed authentication attempts Thanks @cfra <https://github.com/cfra>_
  • Do not call auth.login() on session refresh. Thanks crgwbr <https://github.com/crgwbr>_

Backwards-incompatible changes:

  • Drop Python 3.6 support
  • Drop Django 2.x Support

... (truncated)

Commits
  • 8db684a Bump version: 3.0.0 → 4.0.0
  • 107805c Merge pull request #518 from akatsoulas/fix-history
  • 3fa56fb Fix rst syntax.
  • 648a6e0 Merge pull request #514 from akatsoulas/release-preparation
  • bfd61b2 Merge pull request #516 from akatsoulas/drop-django410
  • 6044320 Update History for release v4
  • 1e81505 Drop support for Django 4.1
  • bf0d143 Merge pull request #515 from escattone/PKCE-in-session-refresh-middleware
  • 8bf691f add PKCE to SessionRefresh middleware
  • f75ff62 Merge pull request #513 from akatsoulas/ec-support
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 7 months ago

Superseded by #176.