Update fido2 requirement from ~=1.1 to ~=2.1

[dependabot]

Updates the requirements on fido2 to permit the latest version.

Release notes

Sourced from fido2's releases.

python-fido2 2.1.0

Version 2.1.0 (released 2026-01-14)

• CTAP 2.3 support:
  • Add new GetInfo fields: enc_cred_store_state.
  • Add support for pinComplexityPolicy extension.
  • Add thirdPartyPayment bit to credman.
  • Check support for config subcommands.
• WebAuthn:
  • Allow UserEntity without 'name' field for improved spec compliance.
  • Update MDS3 dataclasses with new fields.
• Fido2Client:
  • Fallback to PIN after UV_BLOCKED error.
  • Improve preflight handling when message exceeds maximum size.
• WindowsClient:
  • Fix: Parse 'credentialProtectionPolicy' properly.
  • Update win_api.py from latest webauthn.h.
  • Add support for hmac-secret-mc extension.
  • Add support for hints.
• Development:
  • Switch from Poetry to uv for project management.
  • Add pyright and ty for improved type checking.
  • Replace bandit and flake8 with ruff for linting.

Changelog

Sourced from fido2's changelog.

• Version 2.1.0 (released 2026-01-14) ** CTAP 2.3 support: *** Add new GetInfo fields: enc_cred_store_state. *** Add support for pinComplexityPolicy extension. *** Add thirdPartyPayment bit to credman. *** Check support for config subcommands. ** WebAuthn: *** Allow UserEntity without 'name' field for improved spec compliance. *** Update MDS3 dataclasses with new fields. ** Fido2Client: *** Fallback to PIN after UV_BLOCKED error. *** Improve preflight handling when message exceeds maximum size. ** WindowsClient: *** Fix: Parse 'credentialProtectionPolicy' properly. *** Update win_api.py from latest webauthn.h. *** Add support for hmac-secret-mc extension. *** Add support for hints. ** Development: *** Switch from Poetry to uv for project management. *** Add pyright and ty for improved type checking. *** Replace bandit and flake8 with ruff for linting.

• Version 2.0.0 (released 2025-05-20) ** See also the migration guide: doc/Migration_1-2.adoc. ** Python 3.10 or later is now required. ** WebAuthn dataclasses have been updated to align with the WebAuthn Level 3 Working Draft. Constructors now require keyword arguments (kwargs_only=True), and serialization to/from dictionaries is compatible with standardized JSON formats. ** The features.webauthn_json_mapping flag has been removed, as its behavior (standardized JSON mapping) is now default. ** Fido2Client and WindowsClient constructors now accept a ClientDataCollector instance instead of origin and verify parameters. ** WindowsClient has been relocated to fido2.client.windows. Importing this class on non-Windows platforms will now raise an ImportError. ** Fido2Client methods now return RegistrationResponse and AuthenticationResponse objects, instead of raw attestation/assertion data. ** CTAP2/WebAuthn extension handling has been redesigned. Fido2Client now expects a list of Ctap2Extension instances. Default behavior includes extensions commonly supported by browsers. ** The fido2.cbor module's load_x and dump_x functions have been made private (renamed with a leading underscore) and should not be used directly. ** Previously deprecated functions and APIs have been removed. ** The __version__ attribute in fido2/__init__.py has been removed. Use importlib.metadata.version('fido2') to get the package version. ** Add new GetInfo fields based on CTAP 2.2. ** Add support for Persistent PinUvAuthToken and encIdentifier. ** Add support for hmac-secret-mc and thirdPartyPayments exensions. ** Update COSE algorithm types. ** Building the library now requires Poetry version 2.0 or later.

... (truncated)

Commits

• d27a282 Prepare version
• 1c6dc42 Improve test cleanup for certain keys
• c4e0867 Fix tests for non-HID devices
• dd25d38 Bump example deps
• eb4e1d8 Bump actions
• 9f93c6e Bump pre-commit hooks
• b8d976c Win: Fix parsing credprot string
• 7f8a42f Add ty check to pre-commit
• 7a18aa5 Fix typing for ty
• 72aa95c Add MDS3.1 fields
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Test Results

0 tests   - 5   0 ✅  - 5   0s ⏱️ ±0s
0 suites  - 4   0 💤 ±0 
0 files    - 1   0 ❌ ±0 

Results for commit 25df295. ± Comparison against base commit 9de3fe6.