chore(deps): lock file maintenance

[renovate]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "before 4am on monday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Security Review - PR #838

Summary: Lock file maintenance updating authlib (1.6.5→1.6.6) and coverage (7.12.0→7.13.0).

Findings

⚠️ Potential Issue: Anomalous Timestamps

The lock file contains future upload timestamps:

• authlib-1.6.5: upload-time = "2025-10-02T13:36:09.489Z"
• coverage-7.12.0: upload-time = "2025-11-18T13:34:20.766Z"

These dates are in the future and should be investigated. This could indicate:

• Incorrect system clock during lock generation
• Timezone handling issues in the tooling
• Data corruption (less likely given all hashes validate)

✅ Positive Indicators:

• All CI/CD checks passing (CodeQL, safety, mypy, tests)
• SHA256 hashes present for all artifacts
• Renovate bot authorship (legitimate automation)
• Minor version bumps only

Recommendation

Verify the package timestamps against PyPI before merging. If timestamps are legitimate on PyPI, this is safe to merge.