Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump flask-security-too from 3.3.0 to 5.3.3 #512

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump flask-security-too from 3.3.0 to 5.3.3 #512

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 18, 2024
edited
Loading

Bumps flask-security-too from 3.3.0 to 5.3.3.

Release notes

Sourced from flask-security-too's releases.

5.3.3 Release

Fix for CVE-2023-49438

5.3.2 Release

Small bug-fix release - with many JSON API documentation fixes.

5.3.1 Release

A small release to support latest Flask/Werkzeug and pick up some small bug fixes.

Please read CHANGES/release note carefully.

Release 5.3.0

Improvements to recoverability and confirmation to align with OWASP best practices and reduce possible exploitation.

See Changes for complete list and any backwards compatibility concerns.

Release 5.2.0

Small updates to work with latest Flask/Werkzeug.

Drop support for Python 3.7 Drop support for older versions of dependent packages (such as Flask).

Release 5.1.2

Pick up a few small fixes.

Release 5.1.1

Small fixes - see CHANGES for details.

Release 5.1.0

New features: encrypted recovery codes, social 'oauth'.

Other minor fixes, documentation updates.

See Changes for complete list and any backwards compatibility concerns.

Release 5.0.2

A quick release to fix a regression with respect to role permissions.

Release 5.0.1

A single fix for a regression in Change Password.

Flask-Security-Too 5.0.0 Release

A major feature release with some breaking changes. Please read Change Notes carefully.

Release 4.1.6

Small fixes (mostly backports from 5.x) to work with latest Flask, Flask-SQLAlchemy, babel, mypy, WTForms, etc.

Patch Release - 4.1.5

A very small set of changes to get FS working with latest Flask, Flask-Login, Werkzeug.

... (truncated)

Changelog

Sourced from flask-security-too's changelog.

Version 5.3.3

Released December 29, 2023

Fixes +++++

  • (:issue:893) Once again work on open-redirect vulnerability - this time due to newer Werkzeug. Addresses: CVE-2023-49438

Version 5.3.2

Released October 23, 2023

Fixes ++++++

  • (:issue:859) Update Quickstart to show how to properly handle SQLAlchemy connections.
  • (:issue:861) Auth Token not returned from /tf-validate. (thanks lilz-egoto)
  • (:pr:864) Fix for latest email_validator deprecation - bump minimum to 2.0.0
  • (:pr:865) Deprecate passing in the anonymous_user class (sent to Flask-Login).

Version 5.3.1

Released October 14, 2023

Please Note:

  • If your application uses webauthn you must use pydantic < 2.0 until the issue with user_handle is resolved.

Fixes ++++++

  • (:issue:847) Compatability with Flask 3.0 (wangsha)
  • (:issue:829) Revert change in 5.3.0 that added a Referrer-Policy header.
  • (:issue:826) Fix error in quickstart (codycollier)
  • (:pr:835) Update Armenian translations (amkrtchyan-tmp)
  • (:pr:831) Update German translations. (sr-verde)
  • (:issue:853) Fix 'next' propagation when passed as form.next (thanks cariaso)

Version 5.3.0

Released July 27, 2023

This is a minor version bump due to some small backwards incompatible changes to WebAuthn, recoverability (/reset), confirmation (/confirm) and the two factor validity feature.

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump flask-security-too from 3.3.0 to 5.3.3
65c91f1 
Bumps [flask-security-too](https://github.com/Flask-Middleware/flask-security) from 3.3.0 to 5.3.3.
- [Release notes](https://github.com/Flask-Middleware/flask-security/releases)
- [Changelog](https://github.com/Flask-Middleware/flask-security/blob/master/CHANGES.rst)
- [Commits](Flask-Middleware/flask-security@3.3.0...5.3.3)

---
updated-dependencies:
- dependency-name: flask-security-too
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 18, 2024
@dependabot dependabot bot mentioned this pull request Jan 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants