Bump oauthlib from 3.1.1 to 3.2.2

[dependabot]

Bumps oauthlib from 3.1.1 to 3.2.2.

Release notes

Sourced from oauthlib's releases.

3.2.2

OAuth2.0 Provider:

• CVE-2022-36087

3.2.1

In short

OAuth2.0 Provider:

• #803 : Metadata endpoint support of non-HTTPS

OAuth1.0:

• #818 : Allow IPv6 being parsed by signature

General:

• Improved and fixed documentation warnings.
• Cosmetic changes based on isort

What's Changed

• add missing slots to TokenBase by @​ariebovenberg in oauthlib/oauthlib#804
• Add CORS support for Refresh Token Grant. by @​luhn in oauthlib/oauthlib#806
• GitHub Action to lint Python code by @​cclauss in oauthlib/oauthlib#797
• Docs: fix Sphinx warnings for better ReadTheDocs generation by @​JonathanHuot in oauthlib/oauthlib#807
• Allow non-HTTPS issuer when OAUTHLIB_INSECURE_TRANSPORT. by @​luhn in oauthlib/oauthlib#803
• chore: fix typo in test by @​tamanobi in oauthlib/oauthlib#816
• Fix typo in server.rst by @​NemanjaT in oauthlib/oauthlib#819
• Fixed isort imports by @​dasm in oauthlib/oauthlib#820
• docs: Fix a few typos by @​timgates42 in oauthlib/oauthlib#822
• docs: fix typos by @​kianmeng in oauthlib/oauthlib#823

New Contributors

• @​ariebovenberg made their first contribution in oauthlib/oauthlib#804
• @​tamanobi made their first contribution in oauthlib/oauthlib#816
• @​NemanjaT made their first contribution in oauthlib/oauthlib#819
• @​kianmeng made their first contribution in oauthlib/oauthlib#823

Full Changelog: oauthlib/oauthlib@v3.2.0...v3.2.1

3.2.0

Changelog

OAuth2.0 Client:

• #795: Add Device Authorization Flow for Web Application
• #786: Add PKCE support for Client
• #783: Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:

• #790: Add support for CORS to metadata endpoint.
• #791: Add support for CORS to token endpoint.
• #787: Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:

• #755: Call save_token in Hybrid code flow

... (truncated)

Changelog

Sourced from oauthlib's changelog.

3.2.2 (2022-10-17)

OAuth2.0 Provider:

• CVE-2022-36087

3.2.1 (2022-09-09)

OAuth2.0 Provider:

• #803: Metadata endpoint support of non-HTTPS

OAuth1.0:

• #818: Allow IPv6 being parsed by signature

General:

• Improved and fixed documentation warnings.
• Cosmetic changes based on isort

3.2.0 (2022-01-29)

OAuth2.0 Client:

• #795: Add Device Authorization Flow for Web Application
• #786: Add PKCE support for Client
• #783: Fallback to none in case of wrong expires_at format.

OAuth2.0 Provider:

• #790: Add support for CORS to metadata endpoint.
• #791: Add support for CORS to token endpoint.
• #787: Remove comma after Bearer in WWW-Authenticate

OAuth2.0 Provider - OIDC:

• #755: Call save_token in Hybrid code flow
• #751: OIDC add support of refreshing ID Tokens with refresh_id_token
• #751: The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request).

General:

• Added Python 3.9, 3.10, 3.11
• Improve Travis & Coverage

Commits

• e6c33e4 Add 3.2.2 version
• 4a4d65f Merge pull request #832 from oauthlib/3.2.1
• 88bb156 Updated date and authors
• 2e40b41 Merge pull request from GHSA-3pgj-pg6c-r5p7
• 1a45d97 Prepare 3.2.1 release
• b4bdd09 Merge pull request #818 from dasm/master
• 5d85c61 Fix IPV6 regex used to check redirect_uri
• e514826 Add check of performance of ipv6 check
• 0adbbe1 docs: fix typos
• 6569ec3 docs: Fix a few typos
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[washeck]

This PR cannot be merged because dependabot created it with poetry 1.3 which uses incompatible lock file format with poetry-1.1.15 used in pyzeebe CI.

I really like to see this (oathlib upgrade) merged so I am willing to help but I'd need info from maintainer if I should create a different PR using older poetry or investigate upgrade of poetry in the CI.

[jonathanlukas]

@dependabot rebase

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.