Bump flask-login from 0.5.0 to 0.6.0

[dependabot[bot]]

Bumps flask-login from 0.5.0 to 0.6.0.

Release notes

Sourced from flask-login's releases.

0.6.0

• Changes: https://github.com/maxcountryman/flask-login/blob/main/CHANGES.md#version-060

This release sets new minimum versions of Python, Flask, and Werkzeug, and fixes compatibility with the latest versions of those.

• Python >= 3.7
• Flask >= 1.0.4, this will be bumped to reflect the latest supported release (2.1) in the future
• Werkzeug >= 1.0.1, this will be bumped to reflect the latest supported release (2.1) in the future

Changelog

Sourced from flask-login's changelog.

Version 0.6.0

Released on March 30th, 2022

• Drop support for Python 2.7, 3.5, and 3.6, which have all reached the end of their official support. #594, #638
• The minimum supported version of Flask is 1.0.4, and Werkzeug is 1.0.1. However, projects are advised to use the latest versions of both. #639
• Only flash "needs_refresh_message" if value is set #464
• Modify expand_login_view to allow for subdomain and host matching for login_view #462
• Add accessors for request_loader and user_loader callback functions #472
• Change "remember_me" cookie to match Werkzeug default value #488
• Change "remember_me" cookie to HttpOnly, matching Flask session cookie #488
• Add example for using unauthorized_handler #492
• Fix assertEqual deprecation warning in pytest #518
• Fix collections deprecation warning under Python 3.8 #525
• Replace safe_str_cmp with hmac.compare_digest #585
• Document REMEMBER_COOKIE_SAMESITE config #577
• Revise setup.py to use README.md for long description #598
• Various documentation corrections #484, #482, #487, #534
• Fix from flask_login import * behavior, although note that import * is not usually a good pattern in code. #485
• UserMixin.is_authenticated will return whatever is_active returns by default. This prevents inactive users from logging in. #486, #530
• Session protection will only mark the session as not fresh if it's not already marked as such, avoiding modifying the session cookie unnecessarily. #612

Commits

• 4140969 release version 0.6.0
• 6ef9140 only set _fresh when needed (#611)
• 082badd Merge pull request #649 from maxcountryman/style-tools
• 37df529 instruct git and github to ignore initial style commits
• 03a89e0 add pre-commit config
• 4323549 remove module docstring stubs
• 74db3c9 remove trailing spaces
• 064fab3 add flake8 config and fix findings
• ed14237 apply black formatting
• 3791663 apply reorder_python_imports
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)