fix: loosen dependency constraints and bump CI actions

.github/workflows/codeql.yml

@@ -36,18 +36,18 @@ jobs:
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{ matrix.language }}"

.github/workflows/publish.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           fetch-tags: true

.github/workflows/rl-scanner.yml

@@ -31,7 +31,7 @@ jobs:
       scan-status: ${{ steps.rl-scan-conclusion.outcome }}
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
           fetch-tags: true

.github/workflows/test.yml

@@ -42,7 +42,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
@@ -80,6 +80,6 @@ jobs:
 
       - if: ${{ matrix.python-version == '3.10' }}
         name: Upload coverage
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # pin@5.5.1
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@5.5.2
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

pyproject.toml

@@ -12,9 +12,8 @@ packages = [
 
 [tool.poetry.dependencies]
 python = "^3.9"
-fastapi = "^0.115.11"
-httpx = "^0.28.1"
-uvicorn = "^0.34.0"
+fastapi = ">=0.115.11"
+httpx = ">=0.28.1"
 auth0-api-python = ">=1.0.0b6"
 
 [tool.poetry.group.dev.dependencies]
@@ -23,7 +22,8 @@ pytest-cov = "^4.0"
 pytest-asyncio = ">=0.20.3,<0.27.0"
 pytest-mock = "^3.15.1"
 pytest-httpx = "^0.35.0"
-twine = "^6.1.0"
+twine = "^6.2.0"
+uvicorn = ">=0.34.0"
 
 [tool.pytest.ini_options]
 addopts = "--cov=fastapi_plugin --cov-report=term-missing:skip-covered --cov-report=xml"

requirements.txt

@@ -1,8 +1,7 @@
 # Core runtime dependencies
 fastapi>=0.115.11
-uvicorn>=0.34.0
 auth0-api-python>=1.0.0b6
-authlib>=1.5.2
+authlib>=1.6.6
 httpx>=0.28.1
 
 # Development and testing dependencies
@@ -11,3 +10,4 @@ pytest-asyncio>=0.26.0
 pytest-cov>=4.0
 pytest-httpx>=0.35.0
 pytest-mock>=3.15.1
+uvicorn>=0.34.0