chore: upgrade userpath from 1.9.0 → 1.9.2 to remove deprecated relea…

[katesaikishore]

chore: bump userpath to 1.9.2 to remove deprecated release (SEC-2167)

Changes

• Dependency upgrade
  • Updated userpath from 1.9.0 (yanked/deprecated) → 1.9.2 in requirements.txt
  • Constrained userpath to >=1.9.2,<2.0.0 in pyproject.toml (if present)
• Lockfile regeneration
  • Ran pip install --upgrade -r requirements.txt and pip freeze > requirements.txt (or poetry update userpath), resulting in a lockfile free of 1.9.0.

This is important because [email protected] was marked deprecated and yanked for operational risk; upgrading to 1.9.2 ensures we depend only on a maintained, non-deprecated release.

References

• Socket.dev deprecation alert for [email protected]:
  https://socket.dev/pypi/package/userpath/alerts/1.9.0?alert_name=deprecated
• PyPI release notes for userpath 1.9.2:
  https://pypi.org/project/userpath/1.9.2/
• Jira ticket SEC-2167:
  https://auth0team.atlassian.net/browse/SEC-2167

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

• This change adds unit test coverage
• This change adds integration test coverage
• This change has been tested on the latest version of the platform/language or why not

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All existing and new tests complete without errors