chore(deps): bring dependabot upgrades (#589, #595, #596, #597) onto dev (AB#44960)

[Shreyas-Microsoft]

Summary

Brings the four open Dependabot dependency upgrades onto dev so they ship to the dev branch ahead of the upstream Dependabot PRs (which all target main).

Each commit is a byte-perfect replication of the corresponding Dependabot patch — no transitive re-resolution or lockfile churn beyond what Dependabot itself produced.

Changes (one commit per upstream PR)

Commit	Mirrors	Project	Change
1	#589	ContentProcessorWorkflow	authlib 1.6.11 → 1.6.12 (pyproject.toml + uv.lock)
2	#595	ContentProcessorAPI	idna 3.11 → 3.15 (requirements.txt)
3	#596	ContentProcessor	idna 3.11 → 3.15 (requirements.txt)
4	#597	ContentProcessorWorkflow	idna 3.11 → 3.15 (uv.lock)

Validation

Locally, in isolated Python 3.12 venvs (one per project, mirroring CI):

• pip install -r ... / pip install -e src/ContentProcessorWorkflow succeed
• pip check reports no dependency conflicts
• pip show idna / pip show authlib confirm the bumped versions are resolved
• pytest (same invocation as .github/workflows/test.yml) executes the backend, API, and workflow suites

CI will re-run the full suite on this PR.

Notes for reviewers

• This PR overlaps in scope with fix: dependabot package upgrades #605 (which also pulls these four bumps onto dev plus broader workflow-pin updates). Whichever merges first will require rebasing or closing the other.
• Each commit stages only the files touched by its source Dependabot PR. There are no incidental edits.
• Source diffs were fetched via gh pr diff <n> and applied with git apply to preserve byte-for-byte equivalence with Dependabot's output.

Related

• ADO Work Item #44960 — [Content Processing] Review and Validate changes in dependabotchanges branch and Upgrade the Packages from dependabotchanges PR
• Replaces / coordinates with: chore(deps): bump authlib from 1.6.11 to 1.6.12 in /src/ContentProcessorWorkflow #589, build(deps): bump idna from 3.11 to 3.15 in /src/ContentProcessorAPI #595, build(deps): bump idna from 3.11 to 3.15 in /src/ContentProcessor #596, chore(deps): bump idna from 3.11 to 3.15 in /src/ContentProcessorWorkflow #597
• Sibling PR: fix: dependabot package upgrades #605

[github-actions]

Coverage Report •

File	Stmts	Miss	Cover	Missing
TOTAL	1217	161	86%

report-only-changed-files is enabled. No files were changed during this commit :)

Tests	Skipped	Failures	Errors	Time
244	0 💤	0 ❌	0 🔥	3.769s ⏱️

[Copilot]

Pull request overview

This PR ports four Dependabot dependency bumps onto the dev branch so they can ship ahead of the upstream Dependabot PRs that target main.

Changes:

• Bump authlib from 1.6.11 to 1.6.12 in src/ContentProcessorWorkflow (pyproject.toml + corresponding uv.lock entries).
• Bump idna from 3.11 to 3.15 in src/ContentProcessorAPI/requirements.txt and src/ContentProcessor/requirements.txt.
• Update src/ContentProcessorWorkflow/uv.lock to reflect the idna 3.15 resolution.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
src/ContentProcessorWorkflow/uv.lock	Updates locked versions/artefact hashes for authlib 1.6.12 and idna 3.15.
src/ContentProcessorWorkflow/pyproject.toml	Pins authlib==1.6.12 in workflow project dependencies.
src/ContentProcessorAPI/requirements.txt	Pins idna==3.15 for the API project.
src/ContentProcessor/requirements.txt	Pins idna==3.15 for the backend project.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.