summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb
Commit message (Collapse)AuthorAgeFilesLines
* python3-oauthlib: upgrade 3.2.0 -> 3.2.2Narpat Mali2022-11-191-22/+0
| | | | | | | | | | | | | | | | | | | As per CVE reference, version 3.2.1 fixes the CVE-2022-36087 issue. But after upgrading the python3-oauthlib version to 3.2.1, observed that the vulnerable code lines are still available. The same observations were reported here in github at https://github.com/oauthlib/oauthlib/issues/837 and found that it was a mistake during 3.2.1 release preparation and due to which vulnerable code was still existing in 3.2.1 source code. To fix CVE-2022-36087 issue, we need to upgrade python3-oauthlib to 3.2.2 version and here are the changelog of version 3.2.2 https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst Reference : https://nvd.nist.gov/vuln/detail/CVE-2022-36087 Upstream fix : https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-oauthlib: Drop redundant nose dependencyKhem Raj2022-02-241-1/+1
| | | | | | | | | Add pytest module dependency for testing nose has been dropped upstream too [1] [1] https://github.com/oauthlib/oauthlib/commit/037453c6f92b502eaae2acafe11161e4bb2e38bb Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
* python3-oauthlib: upgrade 3.1.1 -> 3.2.0Xu Huan2022-02-111-0/+22
changelog: =============================================================================== OAuth2.0 Client: Add Device Authorization Flow for Web Application Add PKCE support for Client Fallback to none in case of wrong expires_at format. OAuth2.0 Provider: Add support for CORS to metadata endpoint. Add support for CORS to token endpoint. Remove comma after Bearer in WWW-Authenticate OAuth2.0 Provider - OIDC: Call save_token in Hybrid code flow OIDC add support of refreshing ID Tokens with refresh_id_token The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request). General: Added Python 3.9, 3.10, 3.11 Improve Travis & Coverage Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-03-24 00:48:14 +0000