build(deps): bump fastapi-users from 14.0.0 to 15.0.5

[dependabot]

Bumps fastapi-users from 14.0.0 to 15.0.5.

Release notes

Sourced from fastapi-users's releases.

v15.0.5

Bump version 15.0.4 → 15.0.5

• Bump dependencies:
  • pyjwt[crypto] >=2.12.0,<3.0.0

v15.0.4

Bump version 15.0.3 → 15.0.4

• Bump dependencies:
  • pyjwt[crypto] >=2.11.0,<3.0.0
  • python-multipart >=0.0.22,<0.1.0"

v15.0.3

Bump version 15.0.2 → 15.0.3

Bug fixes and improvements

• Add cookie parameters added in 15.0.1 to FastAPIUsers.get_oauth_router and FastAPIUsers.get_oauth_associate_router. Thanks @​jthurner 🎉

v15.0.2

Bump version 15.0.1 → 15.0.2

🛡️ Security Fix

A CSRF vulnerability was identified in the OAuth2 flow. To mitigate this, the authorize endpoint will set a cookie in the response, and this cookie will be expected in the callback request.

In most cases, this change should work out-of-the-box, but in certain scenarios (e.g. cross-domain setups), additional configuration may be required for the cookie to be correctly sent and received. [Read more]

Thanks to @​davidbors-snyk from Snyk for his research, responisble disclosure, and assistance in fixing this issue.

Improvements

• Bump dependencies
  • python-multipart ==0.0.21
  • pwdlib[argon2,bcrypt] ==0.3.0

v15.0.1

Bump version 15.0.0 → 15.0.1

Announcement

FastAPI Users is now in maintenance mode.** While we'll continue to provide security updates and dependency maintenance, no new features will be added. We encourage you to explore the project and use it as-is, knowing it will remain stable and secure.

[Read more]

... (truncated)

Commits

• 9ef8cd8 Bump version 15.0.4 → 15.0.5
• 7cd8dbb fix: bump PyJWT minimum version to 2.12.0 to fix crit header vulnerability
• 71dc760 docs: update httpx-oauth link to /oauth2/
• 5a8e326 Bump version 15.0.3 → 15.0.4
• 602493f Fix depreciation warning related to too short JWT secret in tests
• 0d18152 Bump dependencies
• 9b852f9 Bump python-multipart from 0.0.21 to 0.0.22
• 9b44227 missing space
• 81a0679 Bump version 15.0.2 → 15.0.3
• 55dfc07 Fix OAuth imports in fastapi_users when httpx-oauth is not installed
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)