Bump django-oauth-toolkit from 2.4.0 to 3.0.1

[dependabot]

Bumps django-oauth-toolkit from 2.4.0 to 3.0.1.

Release notes

Sourced from django-oauth-toolkit's releases.

Release 3.0.1

bugfix #1491 Fix migration error when there are pre-existing Access Tokens.

Release 3.0.0

WARNING - POTENTIAL BREAKING CHANGES

• Changes to the AbstractAccessToken model require doing a manage.py migrate after upgrading.
• If you use swappable models you will need to make sure your custom models are also updated (usually manage.py makemigrations).
• Old Django versions below 4.2 are no longer supported.
• A few deprecations warned about in 2.4.0 (#1345) have been removed. See below.

Added

• #1366 Add Docker containerized apps for testing IDP and RP.
• #1454 Added compatibility with LoginRequiredMiddleware introduced in Django 5.1.

Changed

• Many documentation and project internals improvements.
• #1446 Use generic models pk instead of id. This enables, for example, custom swapped models to have a different primary key field.
• #1447 Update token to TextField from CharField. Removing the 255 character limit enables supporting JWT tokens with additional claims.
  This adds a SHA-256 token_checksum field that is used to validate tokens.
• #1450 Transactions wrapping writes of the Tokens now rely on Django's database routers to determine the correct
  database to use instead of assuming that 'default' is the correct one.
• #1455 Changed minimum supported Django version to >=4.2.

Removed

• #1425 Remove deprecated RedirectURIValidator, WildcardSet per #1345; validate_logout_request per #1274

Fixed

• #1444, #1476 Fix several 500 errors to instead raise appropriate errors.
• #1469 Fix ui_locales request parameter triggers AttributeError under certain circumstances

Security

• #1452 Add a new setting REFRESH_TOKEN_REUSE_PROTECTION.
  In combination with ROTATE_REFRESH_TOKEN,
  this prevents refresh tokens from being used more than once. See more at
  OAuth 2.0 Security Best Current Practice
• #1481 Bump oauthlib version required to 3.2.2 and above to address CVE-2022-36087.

Changelog

Sourced from django-oauth-toolkit's changelog.

[3.0.1] - 2024-09-07

Fixed

• #1491 Fix migration error when there are pre-existing Access Tokens.

[3.0.0] - 2024-09-05

WARNING - POTENTIAL BREAKING CHANGES

• Changes to the AbstractAccessToken model require doing a manage.py migrate after upgrading.
• If you use swappable models you will need to make sure your custom models are also updated (usually manage.py makemigrations).
• Old Django versions below 4.2 are no longer supported.
• A few deprecations warned about in 2.4.0 (#1345) have been removed. See below.

Added

• #1366 Add Docker containerized apps for testing IDP and RP.
• #1454 Added compatibility with LoginRequiredMiddleware introduced in Django 5.1.

Changed

• Many documentation and project internals improvements.
• #1446 Use generic models pk instead of id. This enables, for example, custom swapped models to have a different primary key field.
• #1447 Update token to TextField from CharField. Removing the 255 character limit enables supporting JWT tokens with additional claims. This adds a SHA-256 token_checksum field that is used to validate tokens.
• #1450 Transactions wrapping writes of the Tokens now rely on Django's database routers to determine the correct database to use instead of assuming that 'default' is the correct one.
• #1455 Changed minimum supported Django version to >=4.2.

Removed

• #1425 Remove deprecated RedirectURIValidator, WildcardSet per #1345; validate_logout_request per #1274

Fixed

• #1444, #1476 Fix several 500 errors to instead raise appropriate errors.
• #1469 Fix ui_locales request parameter triggers AttributeError under certain circumstances

Security

• #1452 Add a new setting REFRESH_TOKEN_REUSE_PROTECTION. In combination with ROTATE_REFRESH_TOKEN, this prevents refresh tokens from being used more than once. See more at OAuth 2.0 Security Best Current Practice
• #1481 Bump oauthlib version required to 3.2.2 and above to address CVE-2022-36087.

Commits

• 1d19e54 3.0.1: fix for migration error on upgrade to 3.0.0 (#1491)
• f220235 Fix test for changed error message from newer Django (djmain) (#1486)
• 5ce5e7f Release 3.0.0 Changlelog, version and minor version dependency updates. See a...
• 72d0551 add link to new gh discussions (#1480)
• 9561866 Honor database assignment from router (#1450)
• 1d19e3d bump oauthlib to 3.2.2 (#1481)
• 62508b4 Raise InvalidGrantError if no grant associated with auth code exists (#1476)
• aede24b [pre-commit.ci] pre-commit autoupdate (#1475)
• 3b429c9 Bump svelte from 4.2.18 to 4.2.19 in /tests/app/rp (#1473)
• e63999d Work around double parsing of ui_locales (#1469)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

coverage: 87.448% (-0.002%) from 87.45%
when pulling c7b727a on dependabot/pip/django-oauth-toolkit-3.0.1
into e38efff on main.