search

acidjunk / pricelist-backend

Pricelist backend
GNU General Public License v3.0
0 stars 0 forks source link

Bump flask-security-too from 3.3.2 to 4.0.1 in /requirements #18

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps flask-security-too from 3.3.2 to 4.0.1.

Release notes

Sourced from flask-security-too's releases.

4.0.1 Release

A very small release - mostly documentation fixes - thanks to all the early adopters!

4.0.0 Release

4.0.0, as a major release, is a non-backwards compatible release of Flask-Security. Please read the release/change notes carefully.

Release 4.0.0rc1

4.0.0, as a major release, is a non-backwards compatible release of Flask-Security. Please read the release/change notes carefully.

Fix CSRF Vulnerability

The /login and /change endpoints allowed a GET request to return the users authentication token. That's not good. Now, as prior to 3.3.0, only successful POSTs can return the token.

Release 3.4.4

Fix 3 regressions and a couple other bugs.

Release 3.4.3

Fix a regression in two-factor.

Backport some documentation fixes.

3.4.2 - Move repo to github organization

The flask-security repo was moved to a github organization - Flask-Middleware.

3.4.1 Bug-Fix Release

See CHANGES for details. Lots of small bug fixes in the new unified sign in feature. Fixed a regression in the alternative ID feature.

WTForms 2.3.0 just came out - that required a small change.

3.4.0 Feature Release

3.4.0 introduces a few major features:

  1. pluggable password validation, including a built-in version that does complexity checking and pwned checking.
  2. a unified sign in mechanism allowing for much more flexible ways for applications to enable authentication - including different forms of identity, and different ways to generate and accept password/pass codes.

Please see the CHANGES document for details.

3.3.3 Release

This fixes minor incompatibilities introduced with the latest Werkzeug and Flask-Login.

Changelog

Sourced from flask-security-too's changelog.

Version 4.0.1

Released April 2, 2021

Features ++++++++

Fixes +++++

  • (:issue:461) 4.0 doesn't accept 3.4 authentication tokens. (kuba-lilz)
  • (:issue:460) 2-fa error: Failed to send code - improved documentation and debuggability.
  • (:issue:454) 2-fa error: TypeError - fixed documentation.
  • (:issue:443) Calling create user without any arguments - fixed underlying cause of translating form errors in the CLI.
  • (:issue:442) Email validation confusion - added documentation.
  • (:issue:450) Add documentation on how to override specific error messages.
  • (:pr:439) Don't install global-scope tests. (mgorny)
  • (:pr:470) Add note about updating DB using MySQL. (jugmac00)
  • (:pr:468) Fix documentation - uia_phone_number should be uia_phone_mapper. (dvrg)
  • (:pr:457) Improve chinese translations. (zxjlm)
  • (:pr:453) Improve basque and spanish translations. (mmozos)
  • (:pr:448) Add Afrikaans translations. (lonelyvikingmichael)
  • (:pr:467) Add Blinker as explicit dependency, improve/fix celery usage docs, dont require pyqrcode unless authenticator configured, improve SMS configuration variables documentation.

Version 4.0.0

Released January 26, 2021

PLEASE READ CHANGE NOTES CAREFULLY - THERE ARE LIKELY REQUIRED CHANGES YOU WILL HAVE TO MAKE TO EVEN START YOUR APPLICATION WITH 4.0

Start Here +++++++++++

  • Your UserModel must contain fs_uniquifier
  • Either uninstall Flask-BabelEx (if you don't need translations) or add either Flask-Babel (>=2.0) or Flask-BabelEx to your dependencies AND be sure to initialize it in your app.
  • Add Flask-Mail to your dependencies.
  • If you have unicode emails or passwords read change notes below.

Version 4.0.0rc2

Released January 18, 2021

Features & Cleanup

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/acidjunk/pricelist-backend/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #23.