hluk / waiverdb

84%

master: %

LAST BUILD ON BRANCH ldap-gssapi

branch: ldap-gssapi

CHANGE BRANCH

x

Reset

Sync Branches

• ldap-gssapi
• add-image-expiration
• auth-errors
• avoid-updating-python-version
• bump-base-image
• dependabot/pip/cryptography-37.0.2
• dependabot/pip/cryptography-37.0.4
• dependabot/pip/cryptography-38.0.1
• dependabot/pip/cryptography-38.0.3
• dependabot/pip/flask-migrate-4.0.0
• dependabot/pip/flask-migrate-4.0.3
• dependabot/pip/mock-5.0.0
• dependabot/pip/mock-5.0.1
• dependabot/pip/pip-22.3.1
• dependabot/pip/setuptools-67.0.0
• dependabot/pip/sphinx-6.0.0
• dependabot/pip/sphinx-6.1.2
• dependabot/pip/sphinx-6.1.3
• dependabot/pip/sphinxcontrib-httpdomain-1.8.1
• dependabot/pip/sqlalchemy-1.4.37
• dependabot/pip/sqlalchemy-1.4.39
• dependabot/pip/sqlalchemy-1.4.40
• dependabot/pip/sqlalchemy-1.4.41
• dependabot/pip/sqlalchemy-1.4.42
• dependabot/pip/sqlalchemy-1.4.44
• dependabot/pip/sqlalchemy-1.4.45
• dependabot/pip/sqlalchemy-1.4.46
• dependabot/pip/stomp-py-8.1.0
• dependabot/pip/werkzeug-lt-2.3
• dependabot/pip/wheel-0.38.4
• docker-compose-sync
• drop-flask-restful
• drop-waiverdb-cli
• fix-about-version
• fix-docs-build
• fix-duplicate-session
• fix-example-subject-type
• fix-flaky-test
• fix-lock-file-maintenance-schedule
• fix-migrations
• fix-new-sqlalchemy
• fix-oidc-groups
• fix-oidc-token
• fix-stomp-version
• fix-tests
• fix-tox
• fix-tracing
• fix-werkzeug
• hatch
• kafka
• keycloak
• konflux
• master
• monthly-renovate
• oidc-groups
• oidc-login-form
• onboard-konflux
• pdm
• permission-include-following
• poetry
• postgres-update
• pydantic2
• python-3.11
• python-3.12-for-renovatebot
• python-3.13
• refactor-oidc-token
• renovate
• renovate-lock
• revert-werkzeug
• secure-cookies
• show-permissions-warning
• simplify-log-config
• split-permission-users-groups
• sync-with-greenwave
• unbind-ldap-connection
• update
• update-authlib
• update-dependencies
• update-dependencies-monthly
• update-opentelemetry
• update-otel
• update-pydantic
• update-readthedocs
• uv
• uv-3

Build # 24714794508

Build Type

push

github

Committed by hluk

Commit Message

Drop authlib.jose and use uv sync in Dockerfile

Replace authlib.jose.jwt.decode + create_load_key() with simple base64
JWT payload extraction for reading OIDC access token claims. The token
was already verified during the OIDC login flow, so cryptographic
verification is unnecessary. This avoids the deprecated authlib.jose
module which breaks with newer authlib versions.

Use "uv sync --frozen --no-dev" instead of "uv pip install" in the
Dockerfile so the container installs exact versions from uv.lock.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Coverage Stats

264 of 368 branches covered (71.74%)

Branch coverage included in aggregate %.

1 of 4 new or added lines in 1 file covered. (25.0%)

2099 of 2455 relevant lines covered (85.5%)

0.85 hits per line