fix(deps): update dependency social-auth-app-django to v5.6.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
social-auth-app-django (changelog)	5.4.3 -> 5.6.0

GitHub Vulnerability Alerts

CVE-2025-61783

Impact

Upon authentication, the user could be associated by e-mail even if the associate_by_email pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses.

Patches

• https://github.com/python-social-auth/social-app-django/pull/803

Workarounds

Review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

---

Release Notes

python-social-auth/social-app-django (social-auth-app-django)

v5.6.0

Compare Source

Changed

• Fixed possibly unsafe account association (CVE-2025-61783)
• Storage now filters for active users, you might need to customize SOCIAL_AUTH_ACTIVE_USERS_FILTER if your custom model does not have the is_active field

Added

• Django 6.0 and Python 3.14 compatibility
• Type annotations
• LoginRequiredMiddleware compatibility
• RAISE_EXCEPTIONS and LOGIN_ERROR_URL can be configured per backend

v5.5.1

Compare Source

Changed

• Fixed authentication with OpenID based services

v5.5.0

Compare Source

Changed

• Dropped support for older Django versions.
• Added non-empty constraind on uid.
• Added support for session restore with stricter SameSite cookie policy.

---

Configuration

📅 Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

Updating dependencies
Resolving dependencies...


Because social-auth-app-django (5.6.0) depends on Django (>=5.1)
 and mitx online depends on django (5.0.14), social-auth-app-django is forbidden.
So, because mitx online depends on social-auth-app-django (5.6.0), version solving failed.