deps(pip): update webauthn requirement from >=2.7.1 to >=2.8.0

[dependabot]

Updates the requirements on webauthn to permit the latest version.

Release notes

Sourced from webauthn's releases.

v2.8.0

Changes:

• "android-key" attestation verification is more tolerant of X.509 leaf certificates with values that violate ASN.1 DER parsing rules (#277)
• Dependencies have been updated, including cbor2>=5.6.5,<6.0.0 (#269, h/t @​typestring; #272), and cryptography>=46.0.0 and pyOpenSSL>=26.0.0 (#278)
• Two expired trust anchors have been retired (#279)
• A new trust anchor for "android-key" attestation has been added (#268)
• TPM manufacturer IDs are now normalized during "tpm" attestation verification to prevent casing-related lookup issues (#275)
• Registration verification will more consistently raise webauthn.helpers.exceptions.InvalidRegistrationResponse when encountering bad data. Likewise, authentication verification will more consistently raise webauthn.helpers.exceptions.InvalidAuthenticationResponse when encountering bad data (#271, #273, #276, #280)
• A docstring typo in verify_authentication_response() has been fixed (#266, h/t @​Densaugeo)

Changelog

Sourced from webauthn's changelog.

v2.8.0

Changes:

• "android-key" attestation verification is more tolerant of X.509 leaf certificates with values that violate ASN.1 DER parsing rules (#277)
• Dependencies have been updated, including cbor2>=5.6.5,<6.0.0 (#269, h/t @​typestring; #272), and cryptography>=46.0.0 and pyOpenSSL>=26.0.0 (#278)
• Two expired trust anchors have been retired (#279)
• A new trust anchor for "android-key" attestation has been added (#268)
• TPM manufacturer IDs are now normalized during "tpm" attestation verification to prevent casing-related lookup issues (#275)
• Registration verification will more consistently raise webauthn.helpers.exceptions.InvalidRegistrationResponse when encountering bad data. Likewise, authentication verification will more consistently raise webauthn.helpers.exceptions.InvalidAuthenticationResponse when encountering bad data (#271, #273, #276, #280)
• A docstring typo in verify_authentication_response() has been fixed (#266, h/t @​Densaugeo)

v2.7.1

Changes:

• This project now uses the pyasn1 library to parse ASN.1-encoded values (#263, h/t @​ggirol-rc)
• Some bare dict type annotations have been replaced with Dict[str, Any] to satisfy stricter type checking setups (#262, h/t @​typestring)

v2.7.0

Changes:

• The webauthn.helpers.options_to_json_dict helper has a new, optional bytes_encoder argument that accepts a Callable[[bytes], Any] method. This enables the use of custom encoding logic when serializing bytes values. When this argument is unspecified, bytes values will continue to be encoded into Base64URL (#257)

v2.6.0

Changes:

• The new webauthn.helpers.options_to_json_dict helper can be used to simplify registration and authentication options into a simple Dict[str, Any] value (#256)

v2.5.3

Changes:

• More X.509 validation exceptions will include the cause of the exception as reported by the third-party library handling the validation (#255)

v2.5.2

Changes:

• Update project to cryptography==44.0.2 and pyOpenSSL==25.0.0 (#250)

v2.5.1

Changes:

• Prevented "android-key" attestation tests from failing when it's after February 2nd (#244)

v2.5.0

... (truncated)

Commits

• 4a4295f Update CHANGELOG for v2.8.0 (addendum 1)
• 748f6f2 Merge pull request #280 from duo-labs/more-exception-handling-auth
• f02a707 Add some tests around parse error handling
• 6c35856 Handle clientDataJSON and authData auth errors
• 99c5256 Update CHANGELOG for v2.8.0
• 755bf0f Bump version to v2.8.0
• b416811 Merge pull request #279 from duo-labs/retire-expired-trust-anchors
• 7840f30 Retire google_hardware_attestation_root_1
• 3ec92d5 Retire globalsign_r2
• cdb96c2 Merge pull request #278 from duo-labs/migrate-dx-to-uv
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.