Commit 4fa3131
fix(deps): bump authlib 1.7.0 -> 1.7.2 to fix OIDC open-redirect (GHSA-r95x-qfjj-fjj2)
authlib 1.7.0 is vulnerable to an unauthenticated open redirect in the
OpenIDImplicitGrant/OpenIDHybridGrant authorization endpoint (moderate).
1.7.1+ is patched; resolves to 1.7.2 within the existing ~=1.7.0 constraint.
Clears the failing Dependency Review check on the staging->main promotion (#582).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>1 parent ce41e94 commit 4fa3131
1 file changed
Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments