diff --git a/backport-Ensure-expires_at-is-always-int.patch b/backport-Ensure-expires_at-is-always-int.patch
deleted file mode 100644
index a7d50388970984895d54aa85dfbb1e8555b0cdab..0000000000000000000000000000000000000000
--- a/backport-Ensure-expires_at-is-always-int.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From d4b6699f8ccb608152b764919e0bd3d38a7b171f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sindri=20Gu=C3=B0mundsson?= <sindrigudmundsson@gmail.com>
-Date: Mon, 22 Aug 2022 16:32:14 +0000
-Subject: [PATCH] Ensure expires_at is always int
-
-As discussed in #745
----
- oauthlib/oauth2/rfc6749/clients/base.py            |  4 +--
- oauthlib/oauth2/rfc6749/parameters.py              |  5 +++-
- tests/oauth2/rfc6749/clients/test_base.py          | 33 ++++++++++++++++++++++
- .../rfc6749/clients/test_service_application.py    |  2 +-
- 4 files changed, 40 insertions(+), 4 deletions(-)
-
-diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py
-index d5eb0cc..1d12638 100644
---- a/oauthlib/oauth2/rfc6749/clients/base.py
-+++ b/oauthlib/oauth2/rfc6749/clients/base.py
-@@ -589,11 +589,11 @@ class Client:
- 
-         if 'expires_in' in response:
-             self.expires_in = response.get('expires_in')
--            self._expires_at = time.time() + int(self.expires_in)
-+            self._expires_at = round(time.time()) + int(self.expires_in)
- 
-         if 'expires_at' in response:
-             try:
--                self._expires_at = int(response.get('expires_at'))
-+                self._expires_at = round(float(response.get('expires_at')))
-             except:
-                 self._expires_at = None
- 
-diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py
-index 8f6ce2c..0f0f423 100644
---- a/oauthlib/oauth2/rfc6749/parameters.py
-+++ b/oauthlib/oauth2/rfc6749/parameters.py
-@@ -345,7 +345,7 @@ def parse_implicit_response(uri, state=None, scope=None):
-         params['scope'] = scope_to_list(params['scope'])
- 
-     if 'expires_in' in params:
--        params['expires_at'] = time.time() + int(params['expires_in'])
-+        params['expires_at'] = round(time.time()) + int(params['expires_in'])
- 
-     if state and params.get('state', None) != state:
-         raise ValueError("Mismatching or missing state in params.")
-@@ -437,6 +437,9 @@ def parse_token_response(body, scope=None):
-         else:
-             params['expires_at'] = time.time() + int(params['expires_in'])
- 
-+    if isinstance(params.get('expires_at'), float):
-+        params['expires_at'] = round(params['expires_at'])
-+
-     params = OAuth2Token(params, old_scope=scope)
-     validate_token_parameters(params)
-     return params
-diff --git a/tests/oauth2/rfc6749/clients/test_base.py b/tests/oauth2/rfc6749/clients/test_base.py
-index 70a2283..7286b99 100644
---- a/tests/oauth2/rfc6749/clients/test_base.py
-+++ b/tests/oauth2/rfc6749/clients/test_base.py
-@@ -1,5 +1,6 @@
- # -*- coding: utf-8 -*-
- import datetime
-+from unittest.mock import patch
- 
- from oauthlib import common
- from oauthlib.oauth2 import Client, InsecureTransportError, TokenExpiredError
-@@ -353,3 +354,35 @@ class ClientTest(TestCase):
-         code_verifier = client.create_code_verifier(length=128)
-         code_challenge_s256 = client.create_code_challenge(code_verifier=code_verifier, code_challenge_method='S256')
-         self.assertEqual(code_challenge_s256, client.code_challenge)
-+
-+    def test_parse_token_response_expires_at_is_int(self):
-+        expected_expires_at = 1661185149
-+        token_json = ('{   "access_token":"2YotnFZFEjr1zCsicMWpAA",'
-+                      '    "token_type":"example",'
-+                      '    "expires_at":1661185148.6437678,'
-+                      '    "scope":"/profile",'
-+                      '    "example_parameter":"example_value"}')
-+
-+        client = Client(self.client_id)
-+
-+        response = client.parse_request_body_response(token_json, scope=["/profile"])
-+
-+        self.assertEqual(response['expires_at'], expected_expires_at)
-+        self.assertEqual(client._expires_at, expected_expires_at)
-+
-+    @patch('time.time')
-+    def test_parse_token_response_generated_expires_at_is_int(self, t):
-+        t.return_value = 1661185148.6437678
-+        expected_expires_at = round(t.return_value) + 3600
-+        token_json = ('{   "access_token":"2YotnFZFEjr1zCsicMWpAA",'
-+                      '    "token_type":"example",'
-+                      '    "expires_in":3600,'
-+                      '    "scope":"/profile",'
-+                      '    "example_parameter":"example_value"}')
-+
-+        client = Client(self.client_id)
-+
-+        response = client.parse_request_body_response(token_json, scope=["/profile"])
-+
-+        self.assertEqual(response['expires_at'], expected_expires_at)
-+        self.assertEqual(client._expires_at, expected_expires_at)
-diff --git a/tests/oauth2/rfc6749/clients/test_service_application.py b/tests/oauth2/rfc6749/clients/test_service_application.py
-index b97d855..84361d8 100644
---- a/tests/oauth2/rfc6749/clients/test_service_application.py
-+++ b/tests/oauth2/rfc6749/clients/test_service_application.py
-@@ -166,7 +166,7 @@ mfvGGg3xNjTMO7IdrwIDAQAB
-     @patch('time.time')
-     def test_parse_token_response(self, t):
-         t.return_value = time()
--        self.token['expires_at'] = self.token['expires_in'] + t.return_value
-+        self.token['expires_at'] = self.token['expires_in'] + round(t.return_value)
- 
-         client = ServiceApplicationClient(self.client_id)
- 
--- 
-2.9.3.windows.1
-
diff --git a/backport-Update-setup.cfg-to-use-license_files-839.patch b/backport-Update-setup.cfg-to-use-license_files-839.patch
deleted file mode 100644
index 0be6000ef43e69180b8f39e03079362402514fe9..0000000000000000000000000000000000000000
--- a/backport-Update-setup.cfg-to-use-license_files-839.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 541297b344944d13c77f4ea0356b83bb3b381dba Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
-Date: Tue, 18 Oct 2022 09:43:17 +0200
-Subject: [PATCH] Update setup.cfg to use license_files (#839)
-
-Fixes the following warning:
-
-> The license_file parameter is deprecated, use license_files instead.
----
- setup.cfg | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/setup.cfg b/setup.cfg
-index ca59291..286d6cb 100644
---- a/setup.cfg
-+++ b/setup.cfg
-@@ -1,5 +1,5 @@
- [metadata]
--license_file = LICENSE
-+license_files = LICENSE
- 
- [isort]
- combine_as_imports = true
--- 
-2.9.3.windows.1
-
diff --git a/backport-Use-proper-SPDX-identifier.patch b/backport-Use-proper-SPDX-identifier.patch
deleted file mode 100644
index aa553f058ae702d1adb9bbb8291d6ed9442761f3..0000000000000000000000000000000000000000
--- a/backport-Use-proper-SPDX-identifier.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From d63d1aea5d3eb1e2240077096177687f018fc32a Mon Sep 17 00:00:00 2001
-From: Maximilian Wirtz <maximilian.wirtz@tribe29.com>
-Date: Fri, 16 Sep 2022 13:28:20 +0200
-Subject: [PATCH] Use proper SPDX identifier
-
----
- setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/setup.py b/setup.py
-index 0192458..4c435f9 100755
---- a/setup.py
-+++ b/setup.py
-@@ -32,7 +32,7 @@ setup(
-     maintainer_email='ib.lundgren@gmail.com',
-     url='https://github.com/oauthlib/oauthlib',
-     platforms='any',
--    license='BSD',
-+    license='BSD-3-Clause',
-     packages=find_packages(exclude=('docs', 'tests', 'tests.*')),
-     python_requires='>=3.6',
-     extras_require={
--- 
-2.9.3.windows.1
-
diff --git a/oauthlib-3.2.2.tar.gz b/oauthlib-3.2.2.tar.gz
deleted file mode 100644
index 9693e9cef4f50299f4a8f40e20019772e2ccacbf..0000000000000000000000000000000000000000
Binary files a/oauthlib-3.2.2.tar.gz and /dev/null differ
diff --git a/oauthlib-3.3.1.tar.gz b/oauthlib-3.3.1.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..6cb8be61e2a4dad0780070a5524f2fb2ad4f3b97
Binary files /dev/null and b/oauthlib-3.3.1.tar.gz differ
diff --git a/python-oauthlib.spec b/python-oauthlib.spec
index bff801216f8c3f5c5407a07e5a4ad3950dfc66d8..26b6764fcd8c5fe44a7389972f59c9c7a3b4d3fc 100644
--- a/python-oauthlib.spec
+++ b/python-oauthlib.spec
@@ -1,14 +1,11 @@
 Name:           python-oauthlib
-Version:        3.2.2
-Release:        4
+Version:        3.3.1
+Release:        1
 Summary:        A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
 License:        BSD-3-Clause
 URL:            https://github.com/oauthlib/oauthlib
 Source0:        https://github.com/oauthlib/oauthlib/archive/refs/tags/v%{version}.tar.gz#/oauthlib-%{version}.tar.gz
-Patch0:         backport-Update-setup.cfg-to-use-license_files-839.patch
-Patch1:         backport-Ensure-expires_at-is-always-int.patch
-Patch2:         backport-Use-proper-SPDX-identifier.patch
-Patch3:         openEuler-fix-jwt-upgrade-error.patch
+Patch0:         openEuler-fix-jwt-upgrade-error.patch
 
 BuildArch:      noarch
 %description
@@ -102,13 +99,21 @@ echo 'import pytest; __getattr__ = lambda _: pytest.skip("this test needs jwt")'
 %{_docdir}/*
 
 %changelog
+* Sat Oct 11 2025 lifeifei <lifeifei@kylinos.cn> -  3.3.1-1
+- update package to 3.3.1
+  Removed Python 3.5, 3.6, 3.7 support
+  Added Python 3.12, 3.13 Support
+  Added dependency-review GitHub Action
+  Updated various references of license
+  Added Security Policy
+
 * Mon Jun 30 2025 Funda Wang <fundawang@yeah.net> - 3.2.2-4
 - use pytest for testing
 
 * Tue Aug 27 2024 chenhuihan <chenhuihan@huawei.com> - 3.2.2-3
 - fix test error
 
-* Fri may 17 2024 wuzhaomin <wuzhaomin@kylinos.cn> - 3.2.2-2
+* Fri May 17 2024 wuzhaomin <wuzhaomin@kylinos.cn> - 3.2.2-2
 - Update setup.cfg to use license_files 
 - Ensure expires_at is always int
 - Use proper SPDX identifier