Bump authlib to 1.6.9 to avoid high cve (#1975)

tsmith023 · web-flow · commit db8a91c514b0 · 2026-03-05T09:01:12.000Z
* Bump authlib to 1.6.9 to avoid high cve

* Reduce ver requirement in `setup.cfg`

* update changelog
diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -1,6 +1,11 @@
 Changelog
 =========
 
+Version 4.20.3
+--------------
+This patch version includes:
+    - Update of ``authlib`` dependency
+
 Version 4.20.2
 --------------
 This patch version includes:
diff --git a/requirements-devel.txt b/requirements-devel.txt
@@ -1,6 +1,6 @@
 httpx==0.26.0
 validators==0.34.0
-authlib==1.6.6
+authlib==1.6.9
 grpcio==1.75.1
 grpcio-tools==1.75.1
 grpcio-health-checking==1.75.1
diff --git a/setup.cfg b/setup.cfg
@@ -36,7 +36,7 @@ include_package_data = True
 install_requires =
     httpx>=0.26.0,<0.29.0
     validators>=0.34.0,<1.0.0
-    authlib>=1.6.5,<2.0.0
+    authlib>=1.6.7,<2.0.0
     pydantic>=2.12.0,<3.0.0
     grpcio>=1.59.5,<1.80.0
     protobuf>=4.21.6,<7.0.0
