Skip to content

Bump authlib from 1.6.5 to 1.6.12#197

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/authlib-1.6.12
Open

Bump authlib from 1.6.5 to 1.6.12#197
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/authlib-1.6.12

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 13, 2026
edited
Loading

Copy link
Copy Markdown

Bumps authlib from 1.6.5 to 1.6.12.

Release notes

Sourced from authlib's releases.

v1.6.12

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

  • Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

  • Not using header's jwk automatically
  • Add ES256K into default jwt algorithms
  • Remove deprecated algorithm from default registry
  • Generate random cek when cek length doesn't match

v1.6.8

Full Changelog: authlib/authlib@v1.6.7...v1.6.8

  • Add EdDSA to default jwt instance.

v1.6.7

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

v1.6.6

What's Changed

New Contributors

Full Changelog: authlib/authlib@v1.6.5...v1.6.6

Changelog

Sourced from authlib's changelog.

Version 1.6.12

Released on may 4, 2026

  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Version 1.6.11

Released on Apr 16, 2026

  • Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Version 1.6.10

Released on Apr 13, 2026

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Version 1.6.9

Released on Mar 2, 2026

  • Not using header's jwk automatically.
  • Add ES256K into default jwt algorithms.
  • Remove deprecated algorithm from default registry.
  • Generate random cek when cek length doesn't match.

Version 1.6.8

Released on Feb 17, 2026

  • Add EdDSA to default jwt instance.

Version 1.6.7

Released on Feb 6, 2026

  • Set supported algorithms for the default jwt instance.

Version 1.6.6

... (truncated)

Commits
  • e46e515 chore: bump to 1.6.12
  • 9babc13 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • 0dc0e5b chore: bump to 1.6.11
  • aa7b8e4 Merge commit from fork
  • 401a770 fix: CSRF issue with starlette client
  • ef09aeb chore: release 1.6.10
  • 3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
  • 9266eaa chore: release 1.6.9
  • b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
  • 1b0a1d9 fix(jose): generate random cek when cek length doesn't match
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 13, 2026
@dependabot dependabot Bot mentioned this pull request May 13, 2026
Closed
@dependabot
Bump authlib from 1.6.5 to 1.6.12
b19346f 
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.5 to 1.6.12.
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.5...1.6.12)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/authlib-1.6.12 branch from ee6d4d0 to b19346f Compare June 11, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants