chore(deps): update dependency social-auth-app-django to v5.6.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
social-auth-app-django (changelog)	5.4.3 -> 5.6.0

GitHub Vulnerability Alerts

CVE-2025-61783

Impact

Upon authentication, the user could be associated by e-mail even if the associate_by_email pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses.

Patches

• https://github.com/python-social-auth/social-app-django/pull/803

Workarounds

Review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

---

Release Notes

python-social-auth/social-app-django (social-auth-app-django)

v5.6.0

Compare Source

Changed

• Fixed possibly unsafe account association (CVE-2025-61783)
• Storage now filters for active users

Added

• Django 6.0 and Python 3.14 compatibility
• Type annotations
• LoginRequiredMiddleware compatibility
• RAISE_EXCEPTIONS and LOGIN_ERROR_URL can be configured per backend

v5.5.1

Compare Source

Changed

• Fixed authentication with OpenID based services

v5.5.0

Compare Source

Changed

• Dropped support for older Django versions.
• Added non-empty constraind on uid.
• Added support for session restore with stricter SameSite cookie policy.

---

Configuration

📅 Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled because a matching PR was automerged previously.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.