chore(deps): bump the python-minor-patch group across 1 directory with 2 updates

[dependabot]

Bumps the python-minor-patch group with 2 updates in the /python directory: ruff and authlib.

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates authlib from 1.6.9 to 1.7.0

Release notes

Sourced from authlib's releases.

v1.7.0

What's Changed

• Authorization and token endpoints request empty scope parameter management by @​azmeuk in authlib/authlib#847
• Support from Python 3.10 to 3.14 by @​azmeuk in authlib/authlib#850
• Allow composition of AuthorizationServerMetadata by @​azmeuk in authlib/authlib#853
• Make require_oauth parenthesis optional by @​azmeuk in authlib/authlib#855
• Fix expires_at behavior when its value is 0 by @​azmeuk in authlib/authlib#854
• Migration to joserfc by @​lepture in authlib/authlib#852
• RP-initiated logout by @​frohrlich in authlib/authlib#849
• Fix get_jwt_config by @​lepture in authlib/authlib#858
• chore(ci): Update PyPy version from 3.10 to 3.11 by @​cclauss in authlib/authlib#863
• fix: remove "none" from default authlib.jose.jwt algorithms by @​lepture in authlib/authlib#860
• fix: normalize resolve_client_public_key method by @​lepture in authlib/authlib#861
• Implement rfc9700 PKCE downgrade countermeasure by @​azmeuk in authlib/authlib#864
• Use correct syntax for tox.requires in tox.ini by @​alex-ball in authlib/authlib#868
• Set client session User-Agent when fetching server metadata and JWKs by @​alex-ball in authlib/authlib#867
• fix: use the real application object for Flask by @​nblock in authlib/authlib#869
• Accept the issuer URL as a valid audience by @​azmeuk in authlib/authlib#865
• Don't nest InvalidTokenError extra attribute by @​azmeuk in authlib/authlib#872
• Documentation overhaul by @​azmeuk in authlib/authlib#875
• Update README.md docs.authlib.org/en/latest => docs.authlib.org/en/stable by @​guillett in authlib/authlib#876
• Merge release/1.6 branch by @​lepture in authlib/authlib#877

New Contributors

• @​frohrlich made their first contribution in authlib/authlib#849
• @​cclauss made their first contribution in authlib/authlib#863
• @​alex-ball made their first contribution in authlib/authlib#868
• @​nblock made their first contribution in authlib/authlib#869
• @​guillett made their first contribution in authlib/authlib#876

Full Changelog: authlib/authlib@v1.6.10...v1.7.0

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

• Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Commits

• 5d2e603 chore: release 1.7.0
• 767f08b fix: CSRF issue with starlette client
• e9aaef3 Merge pull request #877 from authlib/merge/1.6
• 3c8ec9a Merge branch 'main' into merge/1.6
• ef09aeb chore: release 1.6.10
• 3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
• 4cf6f97 Merge pull request #876 from guillett/patch-1
• 23f67b4 Update README.md docs.authlib.org/en/latest => docs.authlib.org/en/stable
• 1040163 chore: prek autoupdate
• 491209f Merge pull request #875 from azmeuk/doc
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.