Skip to content

build(deps): bump joserfc from 1.6.5 to 1.6.8#55

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/joserfc-1.6.8
Open

build(deps): bump joserfc from 1.6.5 to 1.6.8#55
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/joserfc-1.6.8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown

Bumps joserfc from 1.6.5 to 1.6.8.

Release notes

Sourced from joserfc's releases.

1.6.8

  • Reject empty OctKey.

Full Changelog: authlib/joserfc@1.6.7...1.6.8

1.6.7

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from joserfc's changelog.

1.6.8

Released on May 27, 2026

  • Reject empty OctKey.

1.6.7

Released on May 23, 2026

  • Update for type hints.

1.6.6

Released on May 18, 2026

  • JWS: validate payload size when b64=false.
Commits
  • ea1d9e3 chore: release 1.6.8
  • 86d0091 Reject empty oct key material and empty HMAC keys at sign/verify entry
  • 1e5b94d chore: release 1.6.7
  • 75d9f95 fix(typing): use cast for type hints
  • 6d24037 Merge pull request #98 from jonathangreen/algorithms-accept-collection
  • 102a7a7 fix(typing): accept any Collection for algorithms, not just list
  • 8b869e8 chore: release 1.6.6
  • 00d599b chore: update actions
  • 9186561 Merge pull request #97 from authlib/fix-b64
  • 4d4ea2e fix(jws): validate payload size for b64=false
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [joserfc](https://github.com/authlib/joserfc) from 1.6.5 to 1.6.8.
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst)
- [Commits](authlib/joserfc@1.6.5...1.6.8)

---
updated-dependencies:
- dependency-name: joserfc
  dependency-version: 1.6.8
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 3, 2026
@dependabot dependabot Bot requested a review from Cranot as a code owner July 3, 2026 17:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

roam-code Analysis

Mode: incremental (changed-only) — base b9030bdfc2f4bf95d10fe95bfa30bd003de9143c, 1 changed+dependent files

Health Score: 80/100 HEALTHY

health: Healthy codebase (80/100) — 46 critical issues, focus: god_components
pr-risk: index-stale

Health Metrics

Metric Value
Health Score 80/100
Tangle Ratio 0%
Propagation Cost 0.0013
Total Issues 66

PR Risk

Metric Value
Risk Score 0/100

Quality Gate: PASSED

Gate expression: health_score>=50

SARIF Upload

Metric Value
Category roam-code-self-analysis/self-analysis/py3.12
Results Uploaded 79
Full analysis output

health

{
  "_meta": {
    "cache_ttl_s": 300,
    "cacheable": true,
    "index_age_s": 2,
    "latency_ms": null,
    "response_tokens": 3899,
    "roam_version": "13.6.1",
    "timestamp": "2026-07-03T17:25:03Z"
  },
  "actionable_count": 11,
  "actionable_cycles": 1,
  "agent_contract": {
    "confidence": null,
    "facts": [
      "Healthy codebase (80/100) — 46 critical issues, focus: god_components",
      "health score 80",
      "tangle ratio 0.0",
      "0.0013 propagation cost findings",
      "issue count 66"
    ],
    "next_commands": [
      "roam debt",
      "roam trends --days 30"
    ],
    "risks": []
  },
  "algebraic_connectivity": null,
  "algebraic_connectivity_available": false,
  "bottleneck_thresholds": {
    "p70": 1483.4,
    "p90": 10350.2,
    "population": 1139,
    "utility_multiplier": 1.5
  },
  "category_severity": {
    "bottlenecks": {
      "critical": 15,
      "info": 0,
      "warning": 0
    },
    "cycles": {
      "critical": 0,
      "info": 0,
      "warning": 1
    },
    "god_components": {
      "critical": 31,
      "info": 9,
      "warning": 10
    },
    "layer_violations": {
      "critical": 0,
      "info": 0,
      "warning": 0
    }
  },
  "command": "health",
  "cycles_actionable": 1,
  "cycles_total": 14,
  "framework_filtered": 0,
  "health_score": 80,
  "ignored_cycles": 13,
  "imported_coverable_lines": 0,
  "imported_coverage_files": 0,
  "imported_coverage_pct": null,
  "imported_covered_lines": 0,
  "index_status": {
    "dirty_files": 0,
    "fresh": false,
    "head_commit": "014757992077",
    "hint": "index latest commit 944207dd8461 != HEAD 014757992077 — git-derived metrics (commits, churn, co-change, weather) may be stale. Run `roam index --force`.",
    "indexed_commit": "944207dd8461"
  },
  "issue_count": 66,
  "list_counts": {
    "bottlenecks": 15,
    "cycle_break_suggestions": 0,
    "cycles": 14,
    "god_components": 50,
    "layer_violations": 0,
    "next_steps": 2,
    "score_breakdown": 5
  },
  "project": "roam-code",
  "propagation_cost": 0.0013,
  "schema": "roam-envelope-v1",
  "schema_version": "1.1.0",
  "severity": {
    "critical": 46,
    "info": 22,
    "warning": 11
  },
  "summary": {
    "actionable_cycles": 1,
    "algebraic_connectivity": null,
    "algebraic_connectivity_available": false,
    "category_severity": {
      "bottlenecks": {
        "critical": 15,
        "info": 0,
        "warning": 0
      },
      "cycles": {
        "critical": 0,
        "info": 0,
        "warning": 1
      },
      "god_components": {
        "critical": 31,
        "info": 9,
        "warning": 10
      },
      "layer_violations": {
        "critical": 0,
        "info": 0,
        "warning": 0
      }
    },
    "cycles_actionable": 1,
    "cycles_definition": "Cycle counts derived from `roam.graph.cycles.find_cycles(G, min_size=2)` on the symbol graph. `cycles_total` = all SCCs of size >= 2; `cycles_actionable` = SCCs spanning >=2 files AND no test files (same-file and test-only cycles are informational). Run `roam health` for the per-cycle breakdown.",
    "cycles_total": 14,
    "detail_available": true,
    "god_components": 50,
    "god_components_definition": "God components: symbols where `(in_degree + out_degree) > 20` from the `graph_metrics` table, with utility-aware severity bands (standard >50=CRITICAL >30=WARNING; utility >150=CRITICAL >90=WARNING). Run `roam health` for the per-symbol breakdown. Legacy aliases: `god_objects` (fingerprint), `god_classes` (rules).",
    "health_score": 80,
    "health_score_definition": "weighted geometric mean (0-100) of 5 sigmoid health factors: tangle_ratio, god_components, bottlenecks, layer_violations, file_health (+coverage if available).",
    "ignored_cycles": 13,
    "imported_coverage_files": 0,
    "imported_coverage_pct": null,
    "issue_count": 66,
    "partial_success": true,
    "preserved_list_truncations": {},
    "propagation_cost": 0.0013,
    "severity": {
      "critical": 46,
      "info": 22,
      "warning": 11
    },
    "tangle_ratio": 0,
    "tangle_ratio_definition": "fraction of symbols inside non-trivial SCCs; higher = more cyclic coupling.",
    "total_cycles": 14,
    "truncated": true,
    "verdict": "Healthy codebase (80/100) — 46 critical issues, focus: god_components",
    "warnings_out": [
      "health_algebraic_connectivity_warning:RuntimeWarning:algebraic_connectivity compute failed (ModuleNotFoundError): No module named 'numpy'; returning 0.0 sentinel — value is NOT a legitimate disconnected-graph reading"
    ]
  },
  "tangle_ratio": 0,
  "total_cycles": 14,
  "utility_count": 39,
  "version": "13.6.1",
  "warnings_out": [
    "health_algebraic_connectivity_warning:RuntimeWarning:algebraic_connectivity compute failed (ModuleNotFoundError): No module named 'numpy'; returning 0.0 sentinel — value is NOT a legitimate disconnected-graph reading"
  ]
}

pr-risk

{
  "_meta": {
    "cache_ttl_s": 60,
    "cacheable": true,
    "index_age_s": 3,
    "latency_ms": null,
    "response_tokens": 160,
    "roam_version": "13.6.1",
    "timestamp": "2026-07-03T17:25:03Z"
  },
  "agent_contract": {
    "confidence": null,
    "facts": [
      "index-stale",
      "risk score 0",
      "1 risk rank findings"
    ],
    "next_commands": [],
    "risks": []
  },
  "command": "pr-risk",
  "message": "Changed files not found in index. Run `roam index` first.",
  "project": "roam-code",
  "schema": "roam-envelope-v1",
  "schema_version": "1.1.0",
  "summary": {
    "hint": "Changed files not in index — run `roam index`.",
    "partial_success": false,
    "risk_level": "low",
    "risk_level_canonical": "low",
    "risk_rank": 1,
    "risk_score": 0,
    "verdict": "index-stale"
  },
  "version": "13.6.1"
}

roam-code analysis | Commands: health pr-risk

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Roam Agent Review

Verdict: SAFE (risk_level low)

blast-radius 0/100 · ai-likelihood 14/100 · rule violations 0 · critique high-severity 0

Verdict: SAFE. All structural signals clean at the configured thresholds.

Next steps

  • No structural concerns at the configured thresholds. Standard review still recommended.

Powered by roam-code — Apache 2.0, 100% local. Customize thresholds in .roam/rules.yml. Docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants