Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump flask-security-too from 4.1.6 to 5.3.3 #81

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 10, 2024

Bumps flask-security-too from 4.1.6 to 5.3.3.

Release notes

Sourced from flask-security-too's releases.

5.3.3 Release

Fix for CVE-2023-49438

5.3.2 Release

Small bug-fix release - with many JSON API documentation fixes.

5.3.1 Release

A small release to support latest Flask/Werkzeug and pick up some small bug fixes.

Please read CHANGES/release note carefully.

Release 5.3.0

Improvements to recoverability and confirmation to align with OWASP best practices and reduce possible exploitation.

See Changes for complete list and any backwards compatibility concerns.

Release 5.2.0

Small updates to work with latest Flask/Werkzeug.

Drop support for Python 3.7 Drop support for older versions of dependent packages (such as Flask).

Release 5.1.2

Pick up a few small fixes.

Release 5.1.1

Small fixes - see CHANGES for details.

Release 5.1.0

New features: encrypted recovery codes, social 'oauth'.

Other minor fixes, documentation updates.

See Changes for complete list and any backwards compatibility concerns.

Release 5.0.2

A quick release to fix a regression with respect to role permissions.

Release 5.0.1

A single fix for a regression in Change Password.

Flask-Security-Too 5.0.0 Release

A major feature release with some breaking changes. Please read Change Notes carefully.

Changelog

Sourced from flask-security-too's changelog.

Version 5.3.3

Released December 29, 2023

Fixes +++++

  • (:issue:893) Once again work on open-redirect vulnerability - this time due to newer Werkzeug. Addresses: CVE-2023-49438

Version 5.3.2

Released October 23, 2023

Fixes ++++++

  • (:issue:859) Update Quickstart to show how to properly handle SQLAlchemy connections.
  • (:issue:861) Auth Token not returned from /tf-validate. (thanks lilz-egoto)
  • (:pr:864) Fix for latest email_validator deprecation - bump minimum to 2.0.0
  • (:pr:865) Deprecate passing in the anonymous_user class (sent to Flask-Login).

Version 5.3.1

Released October 14, 2023

Please Note:

  • If your application uses webauthn you must use pydantic < 2.0 until the issue with user_handle is resolved.

Fixes ++++++

  • (:issue:847) Compatability with Flask 3.0 (wangsha)
  • (:issue:829) Revert change in 5.3.0 that added a Referrer-Policy header.
  • (:issue:826) Fix error in quickstart (codycollier)
  • (:pr:835) Update Armenian translations (amkrtchyan-tmp)
  • (:pr:831) Update German translations. (sr-verde)
  • (:issue:853) Fix 'next' propagation when passed as form.next (thanks cariaso)

Version 5.3.0

Released July 27, 2023

This is a minor version bump due to some small backwards incompatible changes to WebAuthn, recoverability (/reset), confirmation (/confirm) and the two factor validity feature.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 21.2.0 to 22.0.0.
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@21.2.0...22.0.0)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 10, 2024
rernst and others added 2 commits June 10, 2024 16:17
Bumps [flask-security-too](https://github.com/Flask-Middleware/flask-security) from 4.1.6 to 5.3.3.
- [Release notes](https://github.com/Flask-Middleware/flask-security/releases)
- [Changelog](https://github.com/Flask-Middleware/flask-security/blob/master/CHANGES.rst)
- [Commits](Flask-Middleware/flask-security@4.1.6...5.3.3)

---
updated-dependencies:
- dependency-name: flask-security-too
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/flask-security-too-5.3.3 branch from 9d2bd24 to 0855b26 Compare June 10, 2024 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant