chore(deps): bump authlib from 1.6.9 to 1.6.12 in /libs/python/cua-cli by dependabot[bot] · Pull Request #1507 · trycua/cua

dependabot · 2026-05-13T18:41:52Z

Bumps authlib from 1.6.9 to 1.6.12.

Release notes

v1.6.12

Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant. Full Changelog: authlib/authlib@v1.6.11...v1.6.12

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Changelog

Sourced from authlib's changelog.

Version 1.6.12

Released on may 4, 2026

Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Version 1.6.11

Released on Apr 16, 2026

Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Version 1.6.10

Released on Apr 13, 2026

Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Commits

e46e515 chore: bump to 1.6.12
9babc13 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
0dc0e5b chore: bump to 1.6.11
aa7b8e4 Merge commit from fork
401a770 fix: CSRF issue with starlette client
ef09aeb chore: release 1.6.10
3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [authlib](https://github.com/authlib/authlib) from 1.6.9 to 1.6.12. - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.9...1.6.12) --- updated-dependencies: - dependency-name: authlib dependency-version: 1.6.12 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-05-13T18:41:56Z

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Ignored	Preview	May 13, 2026 6:42pm

github-actions · 2026-05-13T18:42:03Z