Skip to content

chore(deps-dev): bump authlib from 1.6.9 to 1.6.11 in the pip group across 1 directory#823

Merged
marcusburghardt merged 1 commit intomainfrom
dependabot/pip/pip-6f760ee6d8
Apr 20, 2026
Merged

chore(deps-dev): bump authlib from 1.6.9 to 1.6.11 in the pip group across 1 directory#823
marcusburghardt merged 1 commit intomainfrom
dependabot/pip/pip-6f760ee6d8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps the pip group with 1 update in the / directory: authlib.

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

  • Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.
Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

  • Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Version 1.6.10

Released on Apr 13, 2026

  • Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.
Commits
  • 0dc0e5b chore: bump to 1.6.11
  • aa7b8e4 Merge commit from fork
  • 401a770 fix: CSRF issue with starlette client
  • ef09aeb chore: release 1.6.10
  • 3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 17, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 17, 2026

🤖 Standardized Dependabot Review Summary 🤖

This PR was processed by the organization's reusable CI pipeline.

  • Dependencies Review: success
  • Calculated Risk: high
  • Dependency Usage: At least 0 repositories are using this dependency version

Maintainer check list:

  1. Ensure the PR passed all CI tests (required status checks).
  2. Investigate failures for Major updates or any manual review requirement.
  3. Don't overlook breaking changes and changelog information.
  4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
  5. Be diligent. When in doubt, ask another maintainer for additional review.

@marcusburghardt
Copy link
Copy Markdown
Contributor

marcusburghardt commented Apr 20, 2026

@dependabot rebase

@dependabot
chore(deps-dev): bump authlib in the pip group across 1 directory
611bdcb 
Bumps the pip group with 1 update in the / directory: [authlib](https://github.com/authlib/authlib).


Updates `authlib` from 1.6.9 to 1.6.11
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.9...v1.6.11)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.11
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/pip-6f760ee6d8 branch from 58f3b2a to 611bdcb Compare April 20, 2026 16:02
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2026

🤖 Standardized Dependabot Review Summary 🤖

This PR was processed by the organization's reusable CI pipeline.

Criterion Status Detail
Dependencies Review success View logs
Calculated Risk high authlib v1.6.11
Release Age 104h Released 104 hours ago
Dependency Usage unavailable Informational only — does not affect approval

Auto-approval: ⏳ Manual review required

Maintainer check list:

  1. Ensure the PR passed all CI tests (required status checks).
  2. Investigate failures for Major updates or any manual review requirement.
  3. Don't overlook breaking changes and changelog information.
  4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
  5. Be diligent. When in doubt, ask another maintainer for additional review.

marcusburghardt
marcusburghardt approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marcusburghardt marcusburghardt merged commit 81cb337 into main Apr 20, 2026
17 of 18 checks passed
@marcusburghardt marcusburghardt deleted the dependabot/pip/pip-6f760ee6d8 branch April 20, 2026 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcusburghardt