chore: bump dependencies and add SCA scan workflow

.github/workflows/sca_scan.yml

@@ -0,0 +1,18 @@
+name: SCA
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  snyk-cli:
+    uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main
+    with:
+      additional-arguments: "--exclude=README.md,.jfrog --skip-unresolved"
+      python-version: "3.10"
+      pre-scan-commands: |
+        python3 -m venv venv --upgrade-deps
+        ./venv/bin/pip3 install -r requirements.txt
+    secrets: inherit

.gitignore

@@ -23,4 +23,7 @@ setup.py
 test.py
 test-script.py
 .coverage
-coverage.xml
+coverage.xml
+
+# AI tools
+.claude

.ruff.toml

@@ -1,5 +1,7 @@
 line-length = 100
 target-version = "py39"
+
+[lint]
 select = [
     "E",   # pycodestyle errors
     "W",   # pycodestyle warnings
@@ -11,4 +13,3 @@ select = [
     "S",   # bandit (security)
 ]
 ignore = ["E501", "B904", "S101", "S105", "S106"]  # Line too long (handled by black), Exception handling without from
-

pyproject.toml

@@ -17,15 +17,15 @@ pyjwt = ">=2.8.0"
 authlib = "^1.2"
 httpx = "^0.28.1"
 pydantic = "^2.10.6"
-jwcrypto = "^1.5.6"
+jwcrypto = "^1.5.7"
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^7.2"
 pytest-cov = "^4.0"
 pytest-asyncio = ">=0.20.3,<0.24.0"
 pytest-mock = "^3.14.0"
 twine = "^6.1.0"
-ruff = "^0.1.0"
+ruff = ">=0.1"
 
 [tool.pytest.ini_options]
 addopts = "--cov=auth0_server_python --cov-report=term-missing:skip-covered --cov-report=xml"

src/auth0_server_python/auth_server/my_account_client.py

@@ -2,6 +2,7 @@
 from typing import Optional
 
 import httpx
+
 from auth0_server_python.auth_schemes.bearer_auth import BearerAuth
 from auth0_server_python.auth_types import (
     CompleteConnectAccountRequest,

src/auth0_server_python/auth_server/server_client.py

@@ -12,6 +12,10 @@
 
 import httpx
 import jwt
+from authlib.integrations.base_client.errors import OAuthError
+from authlib.integrations.httpx_client import AsyncOAuth2Client
+from pydantic import ValidationError
+
 from auth0_server_python.auth_server.my_account_client import MyAccountClient
 from auth0_server_python.auth_types import (
     CompleteConnectAccountRequest,
@@ -55,9 +59,6 @@
     build_domain_resolver_context,
     validate_resolved_domain_value,
 )
-from authlib.integrations.base_client.errors import OAuthError
-from authlib.integrations.httpx_client import AsyncOAuth2Client
-from pydantic import ValidationError
 
 # Generic type for store options
 TStoreOptions = TypeVar('TStoreOptions')

src/auth0_server_python/tests/test_my_account_client.py

@@ -1,6 +1,7 @@
 from unittest.mock import ANY, AsyncMock, MagicMock
 
 import pytest
+
 from auth0_server_python.auth_server.my_account_client import MyAccountClient
 from auth0_server_python.auth_types import (
     CompleteConnectAccountRequest,

src/auth0_server_python/tests/test_server_client.py

@@ -4,6 +4,8 @@
 from urllib.parse import parse_qs, urlparse
 
 import pytest
+from pydantic_core import ValidationError
+
 from auth0_server_python.auth_server.my_account_client import MyAccountClient
 from auth0_server_python.auth_server.server_client import ServerClient
 from auth0_server_python.auth_types import (
@@ -42,7 +44,6 @@
     StartLinkUserError,
 )
 from auth0_server_python.utils import PKCE
-from pydantic_core import ValidationError
 
 
 @pytest.mark.asyncio