From 7e4a9f963789aab0e76414b13e59748df1a3522d Mon Sep 17 00:00:00 2001
From: "aieng-bot[bot]" <aieng-bot@vectorinstitute.ai>
Date: Fri, 17 Apr 2026 16:39:10 +0000
Subject: [PATCH] chore: fix authlib GHSA references in constraint-dependencies

Update authlib constraint comment to correctly reference the vulnerability
IDs (GHSA-xm59-rqc7-hhvf, GHSA-7gcm-g887-7qv7) that are fixed by
bumping authlib to 1.6.11 (from dependabot PR #78).

Co-authored-by: aieng-bot <aieng-bot@vectorinstitute.ai>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 543aedee..a7a9c122 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -53,7 +53,7 @@ docs = [
 default-groups = ["dev", "docs"]
 constraint-dependencies = [
     "aiohttp>=3.13.4",    # GHSA-p998-jp59-783m, GHSA-hcc4-c3v8-rx92, and others
-    "authlib>=1.6.11",    # GHSA-jj8c-mmj3-mmgv
+    "authlib>=1.6.11",    # GHSA-xm59-rqc7-hhvf GHSA-7gcm-g887-7qv7
     "cryptography>=46.0.7",  # GHSA-m959-cc7f-wv43, GHSA-p423-j2cm-9vmq
     "pyasn1>=0.6.3",      # GHSA-jr27-m4p2-rc6r
     "pygments>=2.20.0",   # GHSA-5239-wwwm-4pmq