Skip to content

core: bump xmlsec from 1.3.16 to 1.3.17#19411

Merged
rissson merged 1 commit intomainfrom
dependabot/uv/xmlsec-1.3.17
Jan 14, 2026
Merged

core: bump xmlsec from 1.3.16 to 1.3.17#19411
rissson merged 1 commit intomainfrom
dependabot/uv/xmlsec-1.3.17

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 14, 2026

Bumps xmlsec from 1.3.16 to 1.3.17.

Release notes

Sourced from xmlsec's releases.

1.3.17

Release Date: 2025-11-11 Version: 1.3.17

Compatibility and Wheel Support

This release provides binary wheels that are fully compatible with lxml v6.0.2. The compatibility is ensured by using the same underlying libxml2 version in both python-xmlsec and lxml.

Because of this strict requirement, the wheels cannot be used with versions of lxml lower than 6.0.2. Mixing versions will lead to runtime errors.

Common Error

If you see the following message:

lxml & xmlsec libxml2 library version mismatch

it indicates that the version of libxml2 used to build lxml does not match the version used to build python-xmlsec.

Recommended Solutions

  • Upgrade lxml to v6.0.2, or
  • Build both lxml and python-xmlsec manually from source using the same libxml2 version

Wheel Build Configuration

Linux and macOS Wheels

These wheels are built against the following versions, which match those used in lxml v6.0.2:

  • libxml2 v2.14.6
  • libxslt v1.1.43
  • xmlsec1 v1.3.9
  • zlib v1.3.1
  • libiconv v1.18
  • openssl v3.6.0

Windows Binary Wheels

The Windows binary wheels were compiled using Visual Studio 2022 and include the following libraries:

  • iconv v1.18-1
  • libxml2 v2.11.9-3
  • libxslt v1.1.39
  • openssl v3.0.16.pl1

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
core: bump xmlsec from 1.3.16 to 1.3.17
9c9ebfe 
Bumps [xmlsec](https://github.com/mehcode/python-xmlsec) from 1.3.16 to 1.3.17.
- [Release notes](https://github.com/mehcode/python-xmlsec/releases)
- [Commits](xmlsec/python-xmlsec@1.3.16...1.3.17)

---
updated-dependencies:
- dependency-name: xmlsec
  dependency-version: 1.3.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 14, 2026
@dependabot dependabot bot requested a review from a team as a code owner January 14, 2026 13:23
@netlify
Copy link

netlify bot commented Jan 14, 2026

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 9c9ebfe
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/696798c99017e100089bc388
😎 Deploy Preview https://deploy-preview-19411--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link

codecov bot commented Jan 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.30%. Comparing base (a72b77e) to head (9c9ebfe).
⚠️ Report is 4 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #19411      +/-   ##
==========================================
+ Coverage   93.10%   93.30%   +0.20%     
==========================================
  Files         949      949              
  Lines       52423    52423              
==========================================
+ Hits        48807    48912     +105     
+ Misses       3616     3511     -105
Flag Coverage Δ
conformance 38.78% <ø> (+<0.01%) ⬆️
e2e 44.67% <ø> (+0.99%) ⬆️
integration 23.37% <ø> (-0.06%) ⬇️
unit 91.57% <ø> (+<0.01%) ⬆️
unit-migrate 91.61% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rissson rissson enabled auto-merge (squash) January 14, 2026 13:39
@rissson rissson merged commit ed7d9fd into main Jan 14, 2026
100 checks passed
@rissson rissson deleted the dependabot/uv/xmlsec-1.3.17 branch January 14, 2026 13:56
kensternberg-authentik added a commit that referenced this pull request Jan 14, 2026
@kensternberg-authentik
Merge branch 'main' into dev
42ad526 
* main: (87 commits)
  core: bump importlib-metadata from 8.6.1 to 8.7.1 (#19430)
  core: bump geoip2 from 5.1.0 to 5.2.0 (#19429)
  core: bump debugpy from 1.8.14 to 1.8.19 (#19414)
  core: remove session migration (#14568)
  website/docs: add 2026.2 release notes draft page (#19418)
  core: bump wsproto from 1.2.0 to 1.3.2 (#19417)
  core: bump bpython from 0.25 to 0.26 (#19408)
  core: bump pdoc from 15.0.3 to 16.0.0 (#19413)
  core: bump ruff from 0.11.9 to 0.14.11 (#19410)
  core: bump python-kadmin-rs from 0.6.1 to 0.6.3 (#19416)
  core: bump drf-orjson-renderer from 1.7.3 to 1.8.0 (#19415)
  core: bump black from 25.1.0 to 25.12.0 (#19412)
  core: bump lxml from 6.0.0 to 6.0.2 (#19409)
  core: bump xmlsec from 1.3.16 to 1.3.17 (#19411)
  core: bump library/nginx from `06eb0c8` to `e3a22a7` in /website (#19394)
  core: bump library/node from `03729a7` to `6222695` in /website (#19393)
  website/docs: remove "beta" tag from 2025.12 (#19404)
  website/docs: add import to discord policy (#19397)
  web: bump @types/node from 25.0.7 to 25.0.8 in /web (#19392)
  website/docs: mention dynamic overrides in redirect stage documentation (#19368)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BeryJu BeryJu BeryJu approved these changes

@rissson rissson rissson approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BeryJu @rissson