Skip to content

chore(deps): bump authlib from 1.6.8 to 1.6.11 in /run/mcp-server#14092

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/run/mcp-server/authlib-1.6.11
Closed

chore(deps): bump authlib from 1.6.8 to 1.6.11 in /run/mcp-server#14092
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/run/mcp-server/authlib-1.6.11

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps authlib from 1.6.8 to 1.6.11.

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

  • Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

  • Not using header's jwk automatically
  • Add ES256K into default jwt algorithms
  • Remove deprecated algorithm from default registry
  • Generate random cek when cek length doesn't match
Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

  • Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Version 1.6.10

Released on Apr 13, 2026

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Version 1.6.9

Released on Mar 2, 2026

  • Not using header's jwk automatically.
  • Add ES256K into default jwt algorithms.
  • Remove deprecated algorithm from default registry.
  • Generate random cek when cek length doesn't match.
Commits
  • 0dc0e5b chore: bump to 1.6.11
  • aa7b8e4 Merge commit from fork
  • 401a770 fix: CSRF issue with starlette client
  • ef09aeb chore: release 1.6.10
  • 3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
  • 9266eaa chore: release 1.6.9
  • b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
  • 1b0a1d9 fix(jose): generate random cek when cek length doesn't match
  • 5be3c51 fix(jose): add ES256K into default jwt algorithms
  • 48b345f fix(jose): remove deprecated algorithm from default registry
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 17, 2026
@dependabot dependabot Bot requested review from a team as code owners April 17, 2026 01:00
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Apr 17, 2026
@product-auto-label product-auto-label Bot added samples Issues that are directly related to samples. api: run Issues related to the Cloud Run API. labels Apr 17, 2026
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/run/mcp-server/authlib-1.6.11 branch from 1140c9e to 5fd928a Compare April 21, 2026 22:38
@trusted-contributions-gcf trusted-contributions-gcf Bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 21, 2026
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 21, 2026
@dependabot
chore(deps): bump authlib from 1.6.8 to 1.6.11 in /run/mcp-server
ffaf81c 
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.8 to 1.6.11.
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.8...v1.6.11)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.11
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/run/mcp-server/authlib-1.6.11 branch from 5fd928a to ffaf81c Compare May 1, 2026 00:46
@trusted-contributions-gcf trusted-contributions-gcf Bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 1, 2026
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 1, 2026
@dependabot @github

dependabot Bot commented on behalf of github May 13, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #14181.

@dependabot dependabot Bot closed this May 13, 2026
@dependabot dependabot Bot deleted the dependabot/uv/run/mcp-server/authlib-1.6.11 branch May 13, 2026 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

api: run Issues related to the Cloud Run API. dependencies Pull requests that update a dependency file owlbot:run Add this label to trigger the Owlbot post processor. python:uv Pull requests that update python:uv code samples Issues that are directly related to samples.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kokoro-team