Skip to content

CHANGELOG

v0.5.6 (2026-05-19)

Bug Fixes

  • Correct dependabot commit-message configuration (73cb015)

Chores

  • Configure dependabot commit message prefix (ef80b6d)

  • deps: Bump urllib3 from 2.6.3 to 2.7.0 (#50, a4e009e)

  • chore(deps): bump urllib3 from 2.6.3 to 2.7.0

Bumps urllib3 from 2.6.3 to 2.7.0. - Release notes - Changelog - Commits

--- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.7.0

dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

  • chore(config): update pre-commit hooks

Co-authored-by: dependabot[bot] 49699333+dependabot[bot]@users.noreply.github.com

Co-authored-by: github-actions[bot] github-actions[bot]@users.noreply.github.com

v0.5.5 (2026-05-02)

Bug Fixes

Chores

  • Implement mkdocs documentation with read the docs integration (#46, c774145)

  • Restructure documentation (#47, e96d2c1)

Refactoring

  • Remove dead testing module (#48, 60202e5)

  • refactor: remove dead testing module

  • fix: allow custom fields for require methods

  • fix: introduce FieldNames for customizable user model field names

  • chore: add pycraks for detecting breaking changes

v0.5.4 (2026-04-27)

Bug Fixes

  • Add get_token_payload dependency for token verification in provider (#45, a0eccaf)

  • fix: add get_token_payload dependency for token verification in provider

  • chore(config): update pre-commit hooks

Co-authored-by: github-actions[bot] github-actions[bot]@users.noreply.github.com

v0.5.3 (2026-04-22)

Bug Fixes

  • docs: Update docs based on latest updates (90fd43f)

v0.5.2 (2026-04-22)

Bug Fixes

  • Export create_password_reset_token in package init (#42, ee20e8a)

v0.5.1 (2026-04-22)

Bug Fixes

  • Abstract token verification into a reusable method (#41, b9850d8)

v0.5.0 (2026-04-21)

Features

  • Add password reset token support and improve JWT validation with type enforcement (#40, b688ea1)

v0.4.2 (2026-04-18)

Bug Fixes

  • Update require_roles to support singular role fields and enum types with regression tests (#39, 0d2c646)

v0.4.1 (2026-04-18)

Bug Fixes

  • ci: Prevent shell injection in GitHub Actions workflow (#37, 11835f1)

Fix potential shell injection vulnerability in CI/CD workflow by avoiding GitHub expression interpolation.

Changes - Removed env: block that used ${{ github.head_ref || github.ref_name }}

interpolation - Changed git push command to use GitHub's built-in environment variables (GITHUB_HEAD_REF and GITHUB_REF_NAME) directly in the shell - Properly quoted the variable to prevent word splitting

Why Using ${{ }} expression interpolation with github.head_ref in a workflow step can be

exploited by attackers who create pull requests with maliciously crafted branch names. By using the shell environment variables GITHUB_HEAD_REF and GITHUB_REF_NAME (which GitHub Actions automatically provides), we avoid the expression interpolation while maintaining the same functionality. The shell handles these variables safely when properly quoted.

Semgrep Finding Details Using variable interpolation ${{...}} with github context data in a

run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

Semgrep Assistant generated this pull request to fix a finding from the detection rule yaml.github-actions.security.run-shell-injection.run-shell-injection.

Co-authored-by: Semgrep Autofix autofix@semgrep.com

Chores

  • Add Snyk and Semgrep security scanning workflows (#35, 768b38b)

  • ci: add Snyk and Semgrep security scanning workflows

  • chore(config): update pre-commit hooks

  • chore: update autotrigger

  • chore: change semgrep metrics option from off to auto

  • ci: fix shell injection vulnerability in cicd workflow

Co-authored-by: github-actions[bot] github-actions[bot]@users.noreply.github.com

  • Remove pre-commit autoupdate workflow (#36, 7022909)

v0.4.0 (2026-04-15)

Chores

  • Add pragma no cover to auth middleware fallback paths (cd3c090)

Features

  • Implement token refresh functionality in AuthProvider with associated tests (d597d8f)

v0.3.1 (2026-04-15)

Bug Fixes

  • Add py.typed marker to enable type checking support (1787519)

v0.3.0 (2026-04-15)

Bug Fixes

  • Correct typo in pylint disable directive within auth middleware (bc06572)

Chores

  • Disable pylint complexity checks for auth middleware dispatch method (7c335aa)

  • config: Update pre-commit hooks (34ca640)

  • config: Update pre-commit hooks (e6225f9)

  • deps: Bump cryptography from 46.0.6 to 46.0.7 (c57f70f)

Bumps cryptography from 46.0.6 to 46.0.7. - Changelog - Commits

--- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.7

dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

  • deps: Bump pygments from 2.19.2 to 2.20.0 (c022333)

Bumps pygments from 2.19.2 to 2.20.0. - Release notes - Changelog - Commits

--- updated-dependencies: - dependency-name: pygments dependency-version: 2.20.0

dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

  • deps: Bump pyjwt from 2.11.0 to 2.12.0 (0c443a9)

Bumps pyjwt from 2.11.0 to 2.12.0. - Release notes - Changelog - Commits

--- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.12.0

dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

  • deps-dev: Bump pytest from 9.0.2 to 9.0.3 (f1372ad)

Bumps pytest from 9.0.2 to 9.0.3. - Release notes - Changelog - Commits

--- updated-dependencies: - dependency-name: pytest dependency-version: 9.0.3

dependency-type: direct:development ...

Signed-off-by: dependabot[bot] support@github.com

Features

  • Implement AuthMiddleware for JWT-based request authentication and user loading (0527038)

v0.2.2 (2026-04-04)

Bug Fixes

  • Add badge for dependabot (22f4719)

Chores

  • Add python version matrix to CI/CD workflow (9576512)

  • Fix cicd for dependabot prs (befb729)

  • Implement setup env action and remove legacy requirements.txt (781a552)

  • Remove extract curly brace (2661dd3)

  • Restore checkout step in jobs (ad4e33d)

  • Set python version to min supported (8c981a4)

  • config: Update pre-commit hooks (ab09f61)

  • config: Update pre-commit hooks (6ec7a6d)

  • config: Update requirements.txt (862978f)

  • deps: Bump cryptography from 46.0.5 to 46.0.6 (a61129d)

Bumps cryptography from 46.0.5 to 46.0.6. - Changelog - Commits

--- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6

dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

v0.2.1 (2026-04-03)

Bug Fixes

  • Implement AuthProvider for FastAPI authentication and add testing utilities (f19f7ad)

Chores

  • config: Merge with main (d8caae2)

v0.2.0 (2026-04-02)

Bug Fixes

  • config: Add logs and update docs (9d9e733)

Chores

  • config: Update pre-commit hooks (f4098cd)

  • config: Update requirements.txt (1bef7cc)

  • docs: Clarify structlog configuration requirements (9f685cb)

  • docs: Update project dependencies in pyproject.toml (d49cdbf)

Features

  • config: Implement structured logging utility using structlog (d87f777)

v0.1.2 (2026-04-01)

Bug Fixes

  • config: Add authenticate method to AuthProvider with IdentityLoader support (f905766)

  • config: Add openapi security scheme support to AuthProvider and router dependencies (72d7754)

Chores

v0.1.1 (2026-04-01)

Bug Fixes

  • config: Simplify dependency injection by using direct method references (4438d9e)

Chores

  • config: Update pre-commit hooks (8f9c9d8)

v0.1.0 (2026-03-29)

Bug Fixes

  • Add tests for core and api modules (cb6ed8a)

  • Add tests for create_access_token (eae2201)

  • Add tests for jwt utilities and password utilities. (23f6345)

  • Add unit tests and fixtures for the authentication provider. (e81e447)

Chores

  • Add polyfactory as new development dependencies. (e36e895)

  • Add pypi publishing job (e8f5ba0)

  • Fix lint issues (8e18b2f)

  • Improve type hints, update dependencies, and apply minor stylistic adjustments across several modules (1d55d31)

  • Restructure main package (f0d7236)

  • config: Merge with main (c66d1eb)

  • config: Update pre-commit hooks (6d4ad4f)

  • config: Update pre-commit hooks (77a8f95)

  • config: Update requirements.txt (13b718a)

  • config: Update requirements.txt (08fed86)

  • config: Update requirements.txt (ec11b90)

Features

  • Implement core authentication logic, transports, and testing utilities (7abbd34)

v0.0.0 (2026-03-10)

Chores

  • Add initial project readme and detailed design plan (161b2e0)

  • Introduce package and document new testing utilities including fakes and factories. (52f3299)

  • Update readme (1e50ee3)

  • config: Initialize new fauth project with core structure, dependency management, CI/CD, and code quality tooling (0fe70cf)