Skip to content

build(deps-dev): bump authlib from 1.6.7 to 1.6.9#65

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/authlib-1.6.9
Open

build(deps-dev): bump authlib from 1.6.7 to 1.6.9#65
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/authlib-1.6.9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps authlib from 1.6.7 to 1.6.9.

Release notes

Sourced from authlib's releases.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

  • Not using header's jwk automatically
  • Add ES256K into default jwt algorithms
  • Remove deprecated algorithm from default registry
  • Generate random cek when cek length doesn't match

v1.6.8

Full Changelog: authlib/authlib@v1.6.7...v1.6.8

  • Add EdDSA to default jwt instance.
Commits
  • 9266eaa chore: release 1.6.9
  • b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
  • 1b0a1d9 fix(jose): generate random cek when cek length doesn't match
  • 5be3c51 fix(jose): add ES256K into default jwt algorithms
  • 48b345f fix(jose): remove deprecated algorithm from default registry
  • a5d4b2d fix(jose): do not use header's jwk automatically
  • a769f34 chore: release 1.6.8
  • 84f3fa2 fix: add EdDSA to default jwt algorithms
  • See full diff in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 16, 2026
@github-actions github-actions bot enabled auto-merge (squash) March 16, 2026 15:45
@dependabot
build(deps-dev): bump authlib from 1.6.7 to 1.6.9
81efec9 
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.7 to 1.6.9.
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](authlib/authlib@v1.6.7...v1.6.9)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/authlib-1.6.9 branch from 9114af4 to 81efec9 Compare March 29, 2026 04:03
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 29, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants