chore(deps): bump authlib from 1.7.0 to 1.7.1 in the uv group across 1 directory#239
Closed
dependabot[bot] wants to merge 1 commit into
Closed
chore(deps): bump authlib from 1.7.0 to 1.7.1 in the uv group across 1 directory#239dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the uv group with 1 update in the / directory: [authlib](https://github.com/authlib/authlib). Updates `authlib` from 1.7.0 to 1.7.1 - [Release notes](https://github.com/authlib/authlib/releases) - [Commits](authlib/authlib@v1.7.0...1.7.1) --- updated-dependencies: - dependency-name: authlib dependency-version: 1.7.1 dependency-type: direct:production dependency-group: uv ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Dependency ReviewThe following issues were found:
License Issuesrequirements.txt
OpenSSF Scorecard
Scanned Files
|
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
saidsef
added a commit
that referenced
this pull request
May 17, 2026
* chore(deps): combine dependabot dependency updates Batch update 5 dependencies from open dependabot PRs (#234-#237, #239): - authlib 1.7.0 -> 1.7.1 (PR #239) - cryptography 47.0.0 -> 48.0.0 (PR #234) - jsonschema-path 0.4.5 -> 0.4.6 (PR #237) - pydantic-settings 2.14.0 -> 2.14.1 (PR #235) - uv 0.11.12 -> 0.11.13 (PR #236) Note: pydantic-core (PR #238) excluded - bumping it independently conflicts with pydantic==2.13.3 which pins pydantic-core==2.46.3 exactly. * feat(tools): add get_pr_linked_issues and get_pr_status_checks Two new GraphQL-backed tools that close genuine agent blind spots: - get_pr_linked_issues: queries closingIssuesReferences to return the authoritative list of issues that auto-close on merge. More reliable than text-parsing "Closes #N" keywords from the PR body, and picks up issues linked via the GitHub UI. - get_pr_status_checks: queries check suites and legacy commit status from the PR HEAD commit. Derives an overall "passing/failing/pending/ unknown" state so agents can make a merge decision without asking the user whether CI is green. Both auto-register as MCP tools via the existing inspect.getmembers() mechanism. Also fix pre-existing ruff formatting issues in auth.py, tests/__init__.py, and tests/test_auth.py. * refactor(tools): raise ToolError on failure, add ToolAnnotations, remove IP tools - Replace all return {"status": "error"} patterns with raise ToolError so agents see failures as errors rather than successful results with error payloads; merge_pr preserves the GitHub API message before raising - Add ToolAnnotations to the registration layer: readOnlyHint=True on all read-only tools so Claude skips confirmation prompts; destructiveHint=True on merge_pr - Remove get_ipv4_info and get_ipv6_info (IPIntegration, ip_integration.py, ip-lookup skill, IPInfoError) - no genuine value in a GitHub-focused MCP - Remove traceback import from github_integration (now unused) * refactor(tools): apply ToolAnnotations directly to methods via decorators Replace the centralised _TOOL_ANNOTATIONS lookup dict in issues_pr_analyser.py with _read_only/_destructive decorator helpers in github_integration.py that stamp a _mcp_annotations attribute directly on each method. * fix(quality): resolve duplicate heading and reduce cyclomatic complexity Rename duplicate '### Features' heading in README to '### Tool Categories'. Extract status-set literals in _derive_overall to module-level frozensets and replace comprehension conditionals with set-difference, reducing cyclomatic complexity from 13 to 7. * refactor(tools): split _derive_overall into focused boolean helpers Replace module-level frozenset constants with _has_failing_checks and _has_pending_checks private methods, restoring inline local sets and reducing _derive_overall cyclomatic complexity from 10 to 6. * feat(tools): add @_write annotations to all write-operation tools Eleven public methods were registered without ToolAnnotations, leaving MCP clients unable to classify them as read/write. Adds a _write() decorator (readOnlyHint=False) and applies it to add_pr_comments, add_inline_pr_comment, update_pr_description, create_pr, create_issue, update_pr_branch, update_issue, update_reviews, update_assignees, create_tag, and create_release. * fix(annotation): add correct hints to mr merge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the uv group with 1 update in the / directory: authlib.
Updates
authlibfrom 1.7.0 to 1.7.1Release notes
Sourced from authlib's releases.
Commits
485016achore: bump to 1.7.17b4ecd7fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grantsc304a21Merge pull request #881 from azmeuk/880-deprecation-warnings4165adafix: authlib.jose deprecation warning poping from _joserfc_helpersDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.