Skip to content

chore(deps): update fido2 requirement from >=1.2.0 to >=2.2.1#184

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/fido2-gte-2.2.1
Open

chore(deps): update fido2 requirement from >=1.2.0 to >=2.2.1#184
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/fido2-gte-2.2.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on fido2 to permit the latest version.

Release notes

Sourced from fido2's releases.

python-fido2 2.2.1

Version 2.2.1 (released 2026-06-29)

  • Server example: Migrate build tool from poetry to uv.
  • Fix: Correctly format att_obj in previewSign.
Changelog

Sourced from fido2's changelog.

  • Version 2.2.1 (released 2026-06-29) ** Server example: Migrate build tool from poetry to uv. ** Fix: Correctly format att_obj in previewSign.

  • Version 2.2.0 (released 2026-04-15) ** Restrict DLL search paths (YSA-2026-01). ** Add support for experimental previewSign extension: https://yubicolabs.github.io/webauthn-sign-extension/4/#sctn-sign-extension ** Add support for PSL wildcard and exception rules to RP validation. ** Fix: WindowsClient hmac_secret extension raising Null pointer access error. ** Fix: TPM attestation certificate Subject field validation.

  • Version 2.1.1 (released 2026-01-19) ** Fix: Platform detection in fido2.hid module for BSD's.

  • Version 2.1.0 (released 2026-01-14) ** CTAP 2.3 support: *** Add new GetInfo fields: enc_cred_store_state. *** Add support for pinComplexityPolicy extension. *** Add thirdPartyPayment bit to credman. *** Check support for config subcommands. ** WebAuthn: *** Allow UserEntity without 'name' field for improved spec compliance. *** Update MDS3 dataclasses with new fields. ** Fido2Client: *** Fallback to PIN after UV_BLOCKED error. *** Improve preflight handling when message exceeds maximum size. ** WindowsClient: *** Fix: Parse 'credentialProtectionPolicy' properly. *** Update win_api.py from latest webauthn.h. *** Add support for hmac-secret-mc extension. *** Add support for hints. ** Development: *** Switch from Poetry to uv for project management. *** Add pyright and ty for improved type checking. *** Replace bandit and flake8 with ruff for linting.

  • Version 2.0.0 (released 2025-05-20) ** See also the migration guide: doc/Migration_1-2.adoc. ** Python 3.10 or later is now required. ** WebAuthn dataclasses have been updated to align with the WebAuthn Level 3 Working Draft. Constructors now require keyword arguments (kwargs_only=True), and serialization to/from dictionaries is compatible with standardized JSON formats. ** The features.webauthn_json_mapping flag has been removed, as its behavior (standardized JSON mapping) is now default. ** Fido2Client and WindowsClient constructors now accept a ClientDataCollector instance instead of origin and verify parameters. ** WindowsClient has been relocated to fido2.client.windows. Importing this class on non-Windows platforms will now raise an ImportError.

... (truncated)

Commits
  • 018ef97 Set date in NEWS
  • e5b022d Use hmac_mc in prf example
  • 27e0999 Fix examples for WindowsClient
  • 1cc7241 Bump version
  • 664f033 Add ML-DSA support
  • 24b03d0 Migrate server example to uv
  • 1f15f16 Lock cryptography to <49 for win x86 builds
  • a084d2d Bump pre-commit and fix ty issues
  • f0816a3 Bump dependencies and PSL data
  • bac45ad Add Pico controller support for automated device tests
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [fido2](https://github.com/Yubico/python-fido2) to permit the latest version.
- [Release notes](https://github.com/Yubico/python-fido2/releases)
- [Changelog](https://github.com/Yubico/python-fido2/blob/main/NEWS)
- [Commits](Yubico/python-fido2@1.2.0...2.2.1)

---
updated-dependencies:
- dependency-name: fido2
  dependency-version: 2.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 6, 2026
@dependabot dependabot Bot requested a review from rainzhang05 as a code owner July 6, 2026 20:54
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants