Bump flask-security-too from 5.2.0 to 5.3.3 in /requirements

[dependabot[bot]]

Bumps flask-security-too from 5.2.0 to 5.3.3.

Release notes

Sourced from flask-security-too's releases.

5.3.3 Release

Fix for CVE-2023-49438

5.3.2 Release

Small bug-fix release - with many JSON API documentation fixes.

5.3.1 Release

A small release to support latest Flask/Werkzeug and pick up some small bug fixes.

Please read CHANGES/release note carefully.

Release 5.3.0

Improvements to recoverability and confirmation to align with OWASP best practices and reduce possible exploitation.

See Changes for complete list and any backwards compatibility concerns.

Changelog

Sourced from flask-security-too's changelog.

Version 5.3.3

Released December 29, 2023

Fixes +++++

• (:issue:893) Once again work on open-redirect vulnerability - this time due to newer Werkzeug. Addresses: CVE-2023-49438

Version 5.3.2

Released October 23, 2023

Fixes ++++++

• (:issue:859) Update Quickstart to show how to properly handle SQLAlchemy connections.
• (:issue:861) Auth Token not returned from /tf-validate. (thanks lilz-egoto)
• (:pr:864) Fix for latest email_validator deprecation - bump minimum to 2.0.0
• (:pr:865) Deprecate passing in the anonymous_user class (sent to Flask-Login).

Version 5.3.1

Released October 14, 2023

Please Note:

• If your application uses webauthn you must use pydantic < 2.0 until the issue with user_handle is resolved.
• If you want to use the latest Flask (3.0.0) you need to have Flask-Login changes - those aren't currently released - use the 'main' branch.

Fixes ++++++

• (:issue:847) Compatability with Flask 3.0 (wangsha)
• (:issue:829) Revert change in 5.3.0 that added a Referrer-Policy header.
• (:issue:826) Fix error in quickstart (codycollier)
• (:pr:835) Update Armenian translations (amkrtchyan-tmp)
• (:pr:831) Update German translations. (sr-verde)
• (:issue:853) Fix 'next' propagation when passed as form.next (thanks cariaso)

Version 5.3.0

Released July 27, 2023

... (truncated)

Commits

• 8b5abc4 Fix (again) possible open redirect vulnerability. (#897)
• 2555df3 Ready for 5.3.2 (#866)
• e57aee5 Deprecate passing in anonymous_user class. (#865)
• 98ef2e5 Fix tf-validate returning authorization_token. (#864)
• 346a41c Fix quickstart to show how to properly handle connections. (#863)
• d848340 Ready for 5.3.1 (#858)
• 509aac7 Fix form.next for newer authentication mechanisms - including two-factor. (#854)
• 8dba976 Update to latest webauthn (1.11) (#851)
• 8c9c774 Ready for 5.3.1 (#849)
• dc342d4 Revert Referrer-Policy header commit. (#842)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Taapeli/stk-upload/network/alerts).

[dependabot[bot]]

Dependabot couldn't find any dependency files in the directory. Because of this, Dependabot cannot update this pull request.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.