chore(deps): bump the uv group across 29 directories with 6 updates

[dependabot]

Bumps the uv group with 2 updates in the /python/agents/adk-ae-oauth directory: authlib and litellm.
Bumps the uv group with 1 update in the /python/agents/ai-security-agent directory: authlib.
Bumps the uv group with 1 update in the /python/agents/auto-insurance-agent directory: authlib.
Bumps the uv group with 2 updates in the /python/agents/bidi-demo directory: authlib and litellm.
Bumps the uv group with 3 updates in the /python/agents/brand-aligned-presentations directory: authlib, python-dotenv and lxml.
Bumps the uv group with 2 updates in the /python/agents/brand-search-optimization directory: authlib and litellm.
Bumps the uv group with 1 update in the /python/agents/claim-adjudication-agent directory: authlib.
Bumps the uv group with 2 updates in the /python/agents/cyber-guardian-agent directory: authlib and litellm.
Bumps the uv group with 2 updates in the /python/agents/data-engineering directory: authlib and litellm.
Bumps the uv group with 4 updates in the /python/agents/economic-research-agent directory: authlib, litellm, nbconvert and lxml.
Bumps the uv group with 2 updates in the /python/agents/fomc-research directory: authlib and litellm.
Bumps the uv group with 1 update in the /python/agents/genmedia-for-commerce directory: litellm.
Bumps the uv group with 2 updates in the /python/agents/global-kyc-agent directory: authlib and litellm.
Bumps the uv group with 1 update in the /python/agents/google-trends-agent directory: authlib.
Bumps the uv group with 2 updates in the /python/agents/hierarchical-workflow-automation directory: authlib and python-dotenv.
Bumps the uv group with 1 update in the /python/agents/incident-management directory: authlib.
Bumps the uv group with 3 updates in the /python/agents/llm-auditor directory: authlib, litellm and nltk.
Bumps the uv group with 3 updates in the /python/agents/machine-learning-engineering directory: authlib, litellm and nltk.
Bumps the uv group with 2 updates in the /python/agents/memory-bank directory: authlib and litellm.
Bumps the uv group with 4 updates in the /python/agents/on-brand-genmedia directory: authlib, litellm, nbconvert and nltk.
Bumps the uv group with 2 updates in the /python/agents/plumber-data-engineering-assistant directory: authlib and python-dotenv.
Bumps the uv group with 2 updates in the /python/agents/policy-as-code directory: authlib and litellm.
Bumps the uv group with 1 update in the /python/agents/sdlc-task-planner directory: litellm.
Bumps the uv group with 1 update in the /python/agents/sdlc-technical-designer directory: litellm.
Bumps the uv group with 1 update in the /python/agents/sdlc-user-story-refiner directory: litellm.
Bumps the uv group with 2 updates in the /python/agents/small-business-loan-agent directory: authlib and litellm.
Bumps the uv group with 2 updates in the /python/agents/supply-chain directory: authlib and litellm.
Bumps the uv group with 2 updates in the /python/agents/tau2-benchmark-agent directory: authlib and litellm.
Bumps the uv group with 1 update in the /python/agents/youtube-analyst directory: authlib.

Updates authlib from 1.6.10 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates litellm from 1.82.6 to 1.83.7

Commits

• See full diff in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates authlib from 1.6.6 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates litellm from 1.83.0 to 1.83.7

Commits

• See full diff in compare view

Updates python-dotenv from 1.2.1 to 1.0.1

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

v1.2.1

What's Changed

... (truncated)

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates python-dotenv from 1.1.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

v1.2.1

What's Changed

... (truncated)

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates lxml from 6.0.2 to 6.1.0

Changelog

Sourced from lxml's changelog.

6.1.0 (2026-04-17)

This release fixes a possible external entity injection (XXE) vulnerability in iterparse() and the ETCompatXMLParser.

Features added

• GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in lxml.html.defs. This allows lxml_html_clean to pass them through. Patch by oomsveta.

• The default chunk size for reading from file-likes in iterparse() is now configurable with a new chunk_size argument.

Bugs fixed

• LP#2146291: The resolve_entities option was still set to True for iterparse and ETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to 'internal' only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.

6.0.4 (2026-04-12)

Bugs fixed

• LP#2148019: Spurious MemoryError during namespace cleanup.

6.0.3 (2026-04-09)

Bugs fixed

• Several out of memory error cases now raise MemoryError that were not handled before.

• Slicing with large step values (outside of +/- sys.maxsize) could trigger undefined C behaviour.

• LP#2125399: Some failing tests were fixed or disabled in PyPy.

• LP#2138421: Memory leak in error cases when setting the public_id or system_url of a document.

... (truncated)

Commits

• 43722f4 Update changelog.
• 8747040 Name version of option change in docstring.
• 6c36e6c Fix pypistats URL in download statistics script.
• c7d76d6 Change security policy to point to Github security advisories.
• 378ccf8 Update project income report.
• 315270b Docs: Reduce TOC depth of package pages and move module contents first.
• 6dbba7f Docs: Show current year in copyright line.
• e4385bf Update project income report.
• 5bed1e1 Validate file hashes in release download script.
• c13ee10 Prepare release of 6.1.0.
• Additional commits viewable in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates litellm from 1.82.6 to 1.83.7

Commits

• See full diff in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates litellm from 1.82.6 to 1.83.7

Commits

• See full diff in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates litellm from 1.82.6 to 1.83.7

Commits

• See full diff in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates litellm from 1.82.6 to 1.83.7

Commits

• See full diff in compare view

Updates nbconvert from 7.17.0 to 7.17.1

Release notes

Sourced from nbconvert's releases.

v7.17.1

7.17.1

This is a security release, fixing two CVEs:

• CVE-2026-39377
• CVE-2026-39378

(full advisories will be published seven days after release, on 2026-04-14).

(Full Changelog)

Enhancements made

• Allow configureable WebPDF JavaScript processing timeout #2250 (@​timkpaine, @​Carreau)

Bugs fixed

• Fix PermissionError when checking template paths on shared filesystems #2252 (@​ctcjab, @​krassowski)
• Tweak webpdf template logic to fix duplicate extension problem #2249 (@​timkpaine, @​Carreau)

Maintenance and upkeep improvements

• specify python version for pre #2276 (@​minrk, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​akhmerov (activity) | @​bollwyvl (activity) | @​Carreau (activity) | @​ctcjab (activity) | @​davidbrochart (activity) | @​Ken-B (activity) | @​krassowski (activity) | @​mgeier (activity) | @​minrk (activity) | @​mpacer (activity) | @​MSeal (activity) | @​SylvainCorlay (activity) | @​takluyver (activity) | @​timkpaine (activity)

Changelog

Sourced from nbconvert's changelog.

7.17.1

This is a security release, fixing two CVEs:

• CVE-2026-39377
• CVE-2026-39378

(full advisories will be published seven days after release, on 2026-04-14).

(Full Changelog)

Enhancements made

• Allow configureable WebPDF JavaScript processing timeout #2250 (@​timkpaine, @​Carreau)

Bugs fixed

• Fix PermissionError when checking template paths on shared filesystems #2252 (@​ctcjab, @​krassowski)
• Tweak webpdf template logic to fix duplicate extension problem #2249 (@​timkpaine, @​Carreau)

Maintenance and upkeep improvements

• specify python version for pre #2276 (@​minrk, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​akhmerov (activity) | @​bollwyvl (activity) | @​Carreau (activity) | @​ctcjab (activity) | @​davidbrochart (activity) | @​Ken-B (activity) | @​krassowski (activity) | @​mgeier (activity) | @​minrk (activity) | @​mpacer (activity) | @​MSeal (activity) | @​SylvainCorlay (activity) | @​takluyver (activity) | @​timkpaine (activity)

Commits

• 78ed308 Publish 7.17.1
• f090a64 ruff format
• b3b6ec0 chore: update pre-commit hooks (#2277)
• be4841f ignore silly security lint in tests
• 26d57b2 fix type annotation on Lexer
• 0e6b8cc Merge commit from fork
• ba5e5cd Merge commit from fork
• 1db0c88 Specify python version for pre (#2276)
• 7473fc3 chore: update pre-commit hooks (#2242)
• 4322f7f Bump the actions group across 1 directory with 2 updates (#2273)
• Additional commits viewable in compare view

Updates lxml from 6.0.2 to 6.1.0

Changelog

Sourced from lxml's changelog.

6.1.0 (2026-04-17)

This release fixes a possible external entity injection (XXE) vulnerability in iterparse() and the ETCompatXMLParser.

Features added

• GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in lxml.html.defs. This allows lxml_html_clean to pass them through. Patch by oomsveta.

• The default chunk size for reading from file-likes in iterparse() is now configurable with a new chunk_size argument.

Bugs fixed

• LP#2146291: The resolve_entities option was still set to True for iterparse and ETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to 'internal' only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.

6.0.4 (2026-04-12)

Bugs fixed

• LP#2148019: Spurious MemoryError during namespace cleanup.

6.0.3 (2026-04-09)

Bugs fixed

• Several out of memory error cases now raise MemoryError that were not handled before.

• Slicing with large step values (outside of +/- sys.maxsize) could trigger undefined C behaviour.

• LP#2125399: Some failing tests were fixed or disabled in PyPy.

• LP#2138421: Memory leak in error cases when setting the public_id or system_url of a document.

... (truncated)

Commits

• 43722f4 Update changelog.
• 8747040 Name version of option change in docstring.
• 6c36e6c Fix pypistats URL in download statistics script.
• c7d76d6 Change security policy to point to Github security advisories.
• 378ccf8 Update project income report.
• 315270b Docs: Reduce TOC depth of package pages and move module contents first.
• 6dbba7f Docs: Show current year in copyright line.
• e4385bf Update project income report.
• 5bed1e1 Validate file hashes in release download script.
• c13ee10 Prepare release of 6.1.0.
• Additional commits viewable in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

• Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.

Commits

• 0dc0e5b chore: bump to 1.6.11
• aa7b8e4 Merge commit from fork
• 401a770 fix: CSRF issue with starlette client
• See full diff in compare view

Updates litellm from 1.82.6 to 1.83.7

Commits

• See full diff in compare view

Updates litellm from 1.82.6 to 1.83.7

Commits

• See full diff in compare view

Updates authlib from 1.6.9 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

Changelog

S...

Description has been truncated