From 86453881699b52dba59168e4625706977af849da Mon Sep 17 00:00:00 2001
From: Dirk Kulawiak <dirk@semi.technology>
Date: Wed, 29 Apr 2026 13:34:40 +0200
Subject: [PATCH] Raise minimum version of authlib to avoid CVE

---
 requirements-devel.txt | 2 +-
 setup.cfg              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-devel.txt b/requirements-devel.txt
index 0f48469f4..16ebe7fe0 100644
--- a/requirements-devel.txt
+++ b/requirements-devel.txt
@@ -1,6 +1,6 @@
 httpx==0.26.0
 validators==0.34.0
-authlib==1.6.9
+authlib==1.6.11
 grpcio==1.75.1
 grpcio-tools==1.75.1
 grpcio-health-checking==1.75.1
diff --git a/setup.cfg b/setup.cfg
index 0b5ba855a..a019311ff 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -36,7 +36,7 @@ include_package_data = True
 install_requires =
     httpx>=0.26.0,<0.29.0
     validators>=0.34.0,<1.0.0
-    authlib>=1.6.7,<2.0.0
+    authlib>=1.6.11,<2.0.0
     # When bumping authlib to >=2.0.0, remove the `authlib.jose` deprecation
     # warning filter implemented in `weaviate/_authlib_compat.py`.
     pydantic>=2.12.0,<3.0.0