chore(deps): bump pygments from 2.19.2 to 2.20.0#1
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.19.2...2.20.0) --- updated-dependencies: - dependency-name: pygments dependency-version: 2.20.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
colombod
added a commit
that referenced
this pull request
Jun 27, 2026
create_asgi_app() now selects the resolver from settings.auth_mode: entra -> EntraResolver(client_id, tenant_id, build_identity_map()); static -> StaticKeyResolver(build_keystore()). The middleware no longer special-cases a concrete resolver type -- PrincipalResolver gains an auth_enabled property (StaticKeyResolver: bool(keystore); EntraResolver: True). Closes a CRITICAL silent fail-open (AC13/H2): a server with no auth configured (static + no keys -- previously a pass-through) now REFUSES to start with a loud RuntimeError, unless the explicit, default-false allow_unauthenticated flag is set (test harness only). A six-lens council review flagged this as the #1 issue (restless-old-brian verdict: FAIL) -- auth_mode=entra was previously inert and silently unauthenticated. Cleanups (cranky-old-sam): delete dead _is_hex() + its test class; drop @runtime_checkable + the circular protocol test; remove dead isinstance(meta,dict) branches in both validators; correct the PrincipalResolver / _validate_api_keys docstrings (resolvers raise AuthError 401 OR 403). 13 new switch/fail-closed tests incl. AC13 startup-refusal (RED->GREEN) and AC8 (auth_mode actually changes the resolver). Full suite 1493 green.
colombod
added a commit
that referenced
this pull request
Jun 27, 2026
…tra section Adds docs/entra-auth-setup.md (the council's #1 unblock -- an operator can't build the oid->contributor map and a developer can't get a token without it): - operator guide: config shape (YAML + env), `az ad user show` for an oid, a bold PII/secret-hygiene warning, the 403-names-oid recovery loop, the real startup- validator messages, and the fail-closed allow_unauthenticated note - developer guide: scope access_as_user on api://<client-id>, az account get-access-token, the Bearer header + a full curl (incl. data.timestamp), and a 401-vs-403 table from the caller's POV - ops runbook: write-once wrong-oid permanence (+ verify-before-apply), JWKS ~5-min cache / ~6-week rotation guidance, and reading auth logs AGENTS.md gains an Entra-auth subsection alongside the static-key section plus a secret-hygiene rule. Placeholders only -- no real oids/client-ids/tenant-ids in the product repo. 🤖 Generated with [Amplifier](https://github.com/microsoft/amplifier) Co-Authored-By: Amplifier <240397093+microsoft-amplifier@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps pygments from 2.19.2 to 2.20.0.
Release notes
Sourced from pygments's releases.
Changelog
Sourced from pygments's changelog.
Commits
708197dFix underline length.1d4538aPrepare 2.20 release.2ceaee4Update CHANGES.e3a3c54Fix Haskell lexer: handle escape sequences in character literals (#3069)d7c3453Merge pull request #3071 from pygments/harden-html-formatter0f97e7cHarden the HTML formatter against CSS.9f981b2Update CHANGES.1d88915Update CHANGES.c3d93adFix ASN.1 lexer: recognize minus sign and fix range operator (#3060)4f06bcffix bad behaving backtracking regex in CommonLispLexerYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.