Skip to content

chore(deps): bump webauthn from 2.2.0 to 2.7.1 in /backend#11

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/webauthn-2.7.1
Open

chore(deps): bump webauthn from 2.2.0 to 2.7.1 in /backend#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/webauthn-2.7.1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Bumps webauthn from 2.2.0 to 2.7.1.

Release notes

Sourced from webauthn's releases.

v2.7.1

Changes:

  • This project now uses the pyasn1 library to parse ASN.1-encoded values (#263, h/t @​ggirol-rc)
  • Some bare dict type annotations have been replaced with Dict[str, Any] to satisfy stricter type checking setups (#262, h/t @​typestring)

v2.7.0

Changes:

  • The webauthn.helpers.options_to_json_dict helper has a new, optional bytes_encoder argument that accepts a Callable[[bytes], Any] method. This enables the use of custom encoding logic when serializing bytes values. When this argument is unspecified, bytes values will continue to be encoded into Base64URL (#257)

v2.6.0

Changes:

  • The new webauthn.helpers.options_to_json_dict helper can be used to simplify registration and authentication options into a simple Dict[str, Any] value (#256)

v2.5.3

Changes:

  • More X.509 validation exceptions will include the cause of the exception as reported by the third-party library handling the validation (#255)

v2.5.2

Changes:

  • Update project to cryptography==44.0.2 and pyOpenSSL==25.0.0 (#250)

v2.5.1

Changes:

  • Prevented "android-key" attestation tests from failing when it's after February 2nd (#244)

v2.5.0

Changes:

  • A new require_user_presence argument has been added to verify_registration_response() to enable verification of WebAuthn responses generated through use of conditional create where the up bit in authData.flags will be False (#236, h/t @​bschoenmaeckers)
  • verify_authentication_response() has been updated to return user_verified as well to indicate whether or not the user performed user verification (#235, h/t @​ggirol-rc)
  • Verification of "android-key" attestation statements has been modernized in light of Android's latest observable behavior (#240)
  • Verification of "android-safetynet" attestation statements now enforces the "basicIntegrity" flag instead of the "ctsProfileMatch" flag when determining device integrity (#241)
  • The list of known TPM manufacturers has been updated (#242)

v2.4.0

Changes:

  • An optional hints argument has been added to generate_registration_options() to specify one or more categories of authenticators for the browser to prioritize registration of. See webauthn.helpers.structs.PublicKeyCredentialHint for more information (#234)

v2.3.0

Changes:

  • The minimum supported version of Python has been bumped up to Python 3.9, with ongoing testing from Python 3.9 through Python 3.13. Dependencies have been updated as well, including upgrading to cryptography==43.0.3 (#233, with thanks to @​ds-cbo)
Changelog

Sourced from webauthn's changelog.

v2.7.1

Changes:

  • This project now uses the pyasn1 library to parse ASN.1-encoded values (#263, h/t @​ggirol-rc)
  • Some bare dict type annotations have been replaced with Dict[str, Any] to satisfy stricter type checking setups (#262, h/t @​typestring)

v2.7.0

Changes:

  • The webauthn.helpers.options_to_json_dict helper has a new, optional bytes_encoder argument that accepts a Callable[[bytes], Any] method. This enables the use of custom encoding logic when serializing bytes values. When this argument is unspecified, bytes values will continue to be encoded into Base64URL (#257)

v2.6.0

Changes:

  • The new webauthn.helpers.options_to_json_dict helper can be used to simplify registration and authentication options into a simple Dict[str, Any] value (#256)

v2.5.3

Changes:

  • More X.509 validation exceptions will include the cause of the exception as reported by the third-party library handling the validation (#255)

v2.5.2

Changes:

  • Update project to cryptography==44.0.2 and pyOpenSSL==25.0.0 (#250)

v2.5.1

Changes:

  • Prevented "android-key" attestation tests from failing when it's after February 2nd (#244)

v2.5.0

Changes:

  • A new require_user_presence argument has been added to verify_registration_response() to enable verification of WebAuthn responses generated through use of conditional create where the up bit in authData.flags will be False (#236, h/t @​bschoenmaeckers)
  • verify_authentication_response() has been updated to return user_verified as well to indicate whether or not the user performed user verification (#235, h/t @​ggirol-rc)
  • Verification of "android-key" attestation statements has been modernized in light of Android's latest observable behavior (#240)
  • Verification of "android-safetynet" attestation statements now enforces the "basicIntegrity" flag instead of the "ctsProfileMatch" flag when determining device integrity (#241)
  • The list of known TPM manufacturers has been updated (#242)

v2.4.0

Changes:

... (truncated)

Commits
  • 91afa1f Update CHANGELOG for v2.7.1
  • 6ea6638 Bump version to v2.7.1
  • 6e6d9b3 Merge pull request #264 from duo-labs/revert-pqc-alpha-work
  • 2be3e05 Revert "Add ML-DSA unit tests"
  • a825746 Revert "Update CHANGELOG for v2.8.0-alpha1"
  • 953b65a Revert "Bump version to v2.8.0-alpha1"
  • 8ebe1b2 Revert "Merge pull request #260 from duo-labs/mm/pqc-dilithium-alpha"
  • 0424e37 Merge pull request #263 from ggirol-rc/pyasn1
  • bfdebf4 Merge pull request #262 from typestring/dict-type-hints
  • a768cd8 move from unmaintained asn1crypto to pyasn1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump webauthn from 2.2.0 to 2.7.1 in /backend
cac1085 
Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 2.2.0 to 2.7.1.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](duo-labs/py_webauthn@v2.2.0...v2.7.1)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 28, 2026

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants