From a0166aede761ee3d97703ed98c0390f1f97586da Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Jan 2026 11:54:21 +0100
Subject: [PATCH] build(deps): bump django-allauth from 65.11.0 to 65.13.0 in
 /api (#9575)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>
---
 api/CHANGELOG.md   |  1 +
 api/poetry.lock    | 22 ++++++++++++----------
 api/pyproject.toml |  2 +-
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md
index 9262b2d02b..c5a267ba41 100644
--- a/api/CHANGELOG.md
+++ b/api/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to the **Prowler API** are documented in this file.
 
 ### Security
 - `pyasn1` to v0.6.2 to address [CVE-2026-23490](https://nvd.nist.gov/vuln/detail/CVE-2026-23490)
+- `django-allauth[saml]` to v65.13.0 to address [CVE-2025-65431](https://nvd.nist.gov/vuln/detail/CVE-2025-65431)
 
 ---
 
diff --git a/api/poetry.lock b/api/poetry.lock
index c6eed25700..a0f493a5e0 100644
--- a/api/poetry.lock
+++ b/api/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.3.0 and should not be changed by hand.
 
 [[package]]
 name = "about-time"
@@ -2676,13 +2676,14 @@ bcrypt = ["bcrypt"]
 
 [[package]]
 name = "django-allauth"
-version = "65.11.0"
+version = "65.13.0"
 description = "Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication."
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "django_allauth-65.11.0.tar.gz", hash = "sha256:d08ee0b60a1a54f84720bb749518628c517c9af40b6cfb3bc980206e182745ab"},
+    {file = "django_allauth-65.13.0-py3-none-any.whl", hash = "sha256:119c0cf1cc2e0d1a0fe2f13588f30951d64989256084de2d60f13ab9308f9fa0"},
+    {file = "django_allauth-65.13.0.tar.gz", hash = "sha256:7d7b7e7ad603eb3864c142f051e2cce7be2f9a9c6945a51172ec83d48c6c843b"},
 ]
 
 [package.dependencies]
@@ -2694,6 +2695,7 @@ python3-saml = {version = ">=1.15.0,<2.0.0", optional = true, markers = "extra =
 requests = {version = ">=2.0.0,<3", optional = true, markers = "extra == \"socialaccount\""}
 
 [package.extras]
+headless = ["pyjwt[crypto] (>=2.0,<3)"]
 headless-spec = ["PyYAML (>=6,<7)"]
 idp-oidc = ["oauthlib (>=3.3.0,<4)", "pyjwt[crypto] (>=2.0,<3)"]
 mfa = ["fido2 (>=1.1.2,<3)", "qrcode (>=7.0.0,<9)"]
@@ -2838,7 +2840,7 @@ files = [
 [package.dependencies]
 autopep8 = "*"
 Django = ">=4.2"
-gprof2dot = ">=2017.09.19"
+gprof2dot = ">=2017.9.19"
 sqlparse = "*"
 
 [[package]]
@@ -4336,7 +4338,7 @@ files = [
 
 [package.dependencies]
 attrs = ">=22.2.0"
-jsonschema-specifications = ">=2023.03.6"
+jsonschema-specifications = ">=2023.3.6"
 referencing = ">=0.28.4"
 rpds-py = ">=0.7.1"
 
@@ -4539,7 +4541,7 @@ files = [
 ]
 
 [package.dependencies]
-certifi = ">=14.05.14"
+certifi = ">=14.5.14"
 durationpy = ">=0.7"
 google-auth = ">=1.0.1"
 oauthlib = ">=3.2.2"
@@ -6755,7 +6757,7 @@ files = [
 ]
 
 [package.dependencies]
-astroid = ">=3.2.2,<=3.3.0-dev0"
+astroid = ">=3.2.2,<=3.3.0.dev0"
 colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""}
 dill = [
     {version = ">=0.3.7", markers = "python_version >= \"3.12\""},
@@ -7709,10 +7711,10 @@ files = [
 ]
 
 [package.dependencies]
-botocore = ">=1.37.4,<2.0a.0"
+botocore = ">=1.37.4,<2.0a0"
 
 [package.extras]
-crt = ["botocore[crt] (>=1.37.4,<2.0a.0)"]
+crt = ["botocore[crt] (>=1.37.4,<2.0a0)"]
 
 [[package]]
 name = "safety"
@@ -8878,4 +8880,4 @@ files = [
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "87a29ee9d43486c2769aedae09b8f37b1f3709b62d39d602962307072e4d71ab"
+content-hash = "db05649cd2bb04922c67ad9b2dd1ee92e8a976571edac74b5a38993f2062b71a"
diff --git a/api/pyproject.toml b/api/pyproject.toml
index 711b20092a..33bca82f23 100644
--- a/api/pyproject.toml
+++ b/api/pyproject.toml
@@ -8,7 +8,7 @@ dependencies = [
   "celery[pytest] (>=5.4.0,<6.0.0)",
   "dj-rest-auth[with_social,jwt] (==7.0.1)",
   "django (==5.1.15)",
-  "django-allauth[saml] (>=65.8.0,<66.0.0)",
+  "django-allauth[saml] (>=65.13.0,<66.0.0)",
   "django-celery-beat (>=2.7.0,<3.0.0)",
   "django-celery-results (>=2.5.1,<3.0.0)",
   "django-cors-headers==4.4.0",