Skip to content

chore: bump social-auth-core from 4.5.6 to 4.7.0 #2796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: bump social-auth-core from 4.5.6 to 4.7.0 #2796

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 30, 2025
edited
Loading

Bumps social-auth-core from 4.5.6 to 4.7.0.

Release notes

Sourced from social-auth-core's releases.

Release 4.7.0

Changed

  • Fixed getting user info in LinkedIn authentication.
  • Fixed okta OIDC authentication URLs.
  • Dropped AOL OpenID backend.
  • Improved error handling in ORCID.
  • Fixed Soundcloud OAuth2 authorization.

Added

  • More OIDC configuration options.
  • Session restore with stricter SameSite cookie policy.
  • JWT leeway configuration for some backends.

Donations

This project welcomes donations to make the development sustainable, you can fund Python Social Auth on the following platforms:

Release 4.6.1

Changed

  • Fixed crash in partial pipelines for some backends

Donations

This project welcomes donations to make the development sustainable, you can fund Python Social Auth on following platforms:

Release 4.6.0

Changed

  • Added type annotations
  • Modernized build system
  • OAuth2 backends now default to POST method
  • Code cleanups
  • Tests use responses instead of HTTPretty
  • Improved error handling in case of missing parameters

Added

  • Kick OAuth2 backend
  • OpenIdConnect-based backend for Fedora
  • Lifescience AAI backend

... (truncated)

Changelog

Sourced from social-auth-core's changelog.

4.7.0 - 2025-06-27

Changed

  • Fixed getting user info in LinkedIn authentication.
  • Fixed okta OIDC authentication URLs.
  • Dropped AOL OpenID backend.
  • Improved error handling in ORCID.
  • Fixed Soundcloud OAuth2 authorization.

Added

  • More OIDC configuration options.
  • Session restore with stricter SameSite cookie policy.
  • JWT leeway configuration for some backends.

4.6.1 - 2025-04-28

Changed

  • Fixed crash in partial pipelines for some backends

4.6.0 - 2025-04-25

Changed

  • Added type annotations
  • Modernized build system
  • OAuth2 backends now default to POST method
  • Code cleanups
  • Tests use responses instead of HTTPretty
  • Improved error handling in case of missing parameters

Added

  • Kick OAuth2 backend
  • OpenIdConnect-based backend for Fedora
  • Lifescience AAI backend
  • NFDI (OpenID Connect) backend

Removed

  • Removed no longer available backends: khanacademy, professionali.ru, BitBucket OAuth 1.0
Commits
  • 25fd0b1 chore: Version bump 4.7.0
  • 715ba76 chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.12.1 (#1195)
  • bbd6ea0 chore(deps): update pre-commit hook woodruffw/zizmor-pre-commit to v1.10.0 (#...
  • 45a31ce chore(deps): update pre-commit hook macisamuele/language-formatters-pre-commi...
  • daacdb3 chore(deps): update astral-sh/setup-uv action to v6.3.1 (#1192)
  • d0c4562 fix(backends): Fix SoundcloudOAuth2 user_data to use Authorization header and...
  • 54fb58d fix(deps): update dependency types-oauthlib to v3.3.0.20250622 (#1191)
  • 9ec58b9 chore(deps): update astral-sh/setup-uv action to v6.3.0 (#1189)
  • 81e5f59 chore(deps): update astral-sh/setup-uv action to v6.2.1 (#1188)
  • 3884a9a chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.12.0 (#1187)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore: bump social-auth-core from 4.5.6 to 4.7.0
746ca9d 
Bumps [social-auth-core](https://github.com/python-social-auth/social-core) from 4.5.6 to 4.7.0.
- [Release notes](https://github.com/python-social-auth/social-core/releases)
- [Changelog](https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md)
- [Commits](python-social-auth/social-core@4.5.6...4.7.0)

---
updated-dependencies:
- dependency-name: social-auth-core
  dependency-version: 4.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 30, 2025
@dependabot dependabot bot mentioned this pull request Jun 30, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants