atexio / mercure

Mercure is a tool for security managers who want to train their colleague to phishing.
https://hub.docker.com/r/atexio/mercure/
GNU General Public License v3.0
267 stars 56 forks source link

Update django-axes to 5.4.3 #362

Closed pyup-bot closed 4 years ago

pyup-bot commented 4 years ago

This PR updates django-axes from 4.5.4 to 5.4.3.

Changelog ### 5.4.3 ``` ------------------ - Add Django 3.1 support. [hramezani] ``` ### 5.4.2 ``` ------------------ - Add ABC or abstract base class implementation for handlers. [jorlugaqui] ``` ### 5.4.1 ``` ------------------ - Fix code styling for linters. [aleksihakli] ``` ### 5.4.0 ``` ------------------ - Propagate username to lockout view in URL parameters. [PetrDlouhy] - Update CAPTCHA examples. [PetrDlouhy] - Upgrade django-ipware to version 3. [hramezani,mnislam01] ``` ### 5.3.5 ``` ------------------ - Restrict ipware version for version compatibility. [aleksihakli] ``` ### 5.3.4 ``` ------------------ - Deprecate Django 1.11 LTS support. [aleksihakli] ``` ### 5.3.3 ``` ------------------ - Fix ``AXES_ONLY_ADMIN_SITE`` functionality when no default admin site is defined in the URL configuration. [igor-shevchenko] ``` ### 5.3.2 ``` ------------------ - Fix AppConf settings prefix for Fargate. [marksweb] ``` ### 5.3.1 ``` ------------------ - Fix null byte ValueError bug in ORM. [ddimmich] ``` ### 5.3.0 ``` ------------------ - Improve Django REST Framework compatibility. [I0x4dI] ``` ### 5.2.2 ``` ------------------ - Add missing proxy implementation for ``axes.handlers.proxy.AxesProxyHandler.get_failures``. [aleksihakli] ``` ### 5.2.1 ``` ------------------ - Add django-reversion compatibility notes. [mark-mishyn] - Add pluggable lockout responses and the ``AXES_LOCKOUT_CALLABLE`` configuration flag. [aleksihakli] ``` ### 5.2.0 ``` ------------------ - Add a test handler. [aidanlister] ``` ### 5.1.0 ``` ------------------ - Add pluggable user account whitelisting and the ``AXES_WHITELIST_CALLABLE`` configuration flag. [aleksihakli] ``` ### 5.0.20 ``` ------------------- - Fix django-allauth compatibility issue. [hramezani] - Improve tests for login attempt monitoring. [hramezani] - Add reverse proxy documentation. [ckcollab] - Update OAuth documentation examples. [aleksihakli] ``` ### 5.0.19 ``` ------------------- - Optimize access attempt fetching in database handler. [hramezani] - Optimize request data fetching in proxy handler. [hramezani] ``` ### 5.0.18 ``` ------------------- - Add ``cooloff_timedelta`` context variable to lockout responses. [jstockwin] ``` ### 5.0.17 ``` ------------------- - Safer string formatting for user input. [aleksihakli] ``` ### 5.0.16 ``` ------------------- - Fix string formatting bug in logging. [zerolab] ``` ### 5.0.15 ``` ------------------- - Add ``AXES_ENABLE_ADMIN`` flag. [flannelhead] ``` ### 5.0.14 ``` ------------------- - Docs, CI pipeline, and code formatting improvements [aleksihakli] ``` ### 5.0.13 ``` ------------------- - Python 3.8 and PyPy support. [aleksihakli] - Migrate to ``setuptools_scm`` and automatic versioning. [aleksihakli] ``` ### 5.0.12 ``` ------------------- - Support callables for ``AXES_COOLOFF_TIME`` setting. [DariaPlotnikova] ``` ### 5.0.11 ``` ------------------- - Fix typo in rST formatting that prevented 5.0.10 release to PyPI. [aleksihakli] ``` ### 5.0.10 ``` ------------------- - Refactor type checks for ``axes.helpers.get_client_cache_key`` for framework compatibility, fixes 471. [aleksihakli] ``` ### 5.0.9 ``` ------------------ - Add better handling for attempt and log resets by moving them into handlers which allows customization and more configurability. Unimplemented handlers raise ``NotImplementedError`` by default. [aleksihakli] - Add Python 3.8 dev version and PyPy to the Travis test matrix. [aleksihakli] ``` ### 5.0.8 ``` ------------------ - Add ``AXES_ONLY_ADMIN_SITE`` flag for only running Axes on admin site. [hramezani] - Add ``axes_reset_logs`` command for removing old AccessLog records. [tlebrize] - Allow ``AxesBackend`` subclasses to pass the ``axes.W003`` system check. [adamchainz] ``` ### 5.0.7 ``` ------------------ - Fix lockout message showing when lockout is disabled with the ``AXES_LOCK_OUT_AT_FAILURE`` setting. [mogzol] - Add support for callable ``AXES_FAILURE_LIMIT`` setting. [bbayles] ``` ### 5.0.6 ``` ------------------ - Deprecate ``AXES_DISABLE_SUCCESS_ACCESS_LOG`` flag in favour of ``AXES_DISABLE_ACCESS_LOG`` which has mostly the same functionality. Update documentation to better reflect the behaviour of the flag. [aleksihakli] ``` ### 5.0.5 ``` ------------------ - Change the lockout response calculation to request flagging instead of exception throwing in the signal handler and middleware. Move request attribute calculation from middleware to handler layer. Deprecate ``axes.request.AxesHttpRequest`` object type definition. [aleksihakli] - Deprecate the old version 4.x ``axes.backends.AxesModelBackend`` class. [aleksihakli] - Improve documentation on attempt tracking, resets, Axes customization, project and component compatibility and integrations, and other things. [aleksihakli] ``` ### 5.0.4 ``` ------------------ - Fix regression with OAuth2 authentication backends not having remote IP addresses set and throwing an exception in cache key calculation. [aleksihakli] ``` ### 5.0.3 ``` ------------------ - Fix ``django.contrib.auth`` module ``login`` and ``logout`` functionality so that they work with the handlers without the an ``AxesHttpRequest`` to improve cross compatibility with other Django applications. [aleksihakli] - Change IP address resolution to allow empty or missing addresses. [aleksihakli] - Add error logging for missing request attributes in the handler layer so that users get better indicators of misconfigured applications. [aleksihakli] ``` ### 5.0.2 ``` ------------------ - Add ``AXES_ENABLED`` setting for disabling Axes with e.g. tests that use Django test client ``login``, ``logout``, and ``force_login`` methods, which do not supply the ``request`` argument to views, preventing Axes from functioning correctly in certain test setups. [aleksihakli] ``` ### 5.0.1 ``` ------------------ - Add changelog to documentation. [aleksihakli] ``` ### 5.0 ``` ---------------- - Deprecate Python 2.7, 3.4 and 3.5 support. [aleksihakli] - Remove automatic decoration and monkey-patching of Django views and forms. Decorators are available for login function and method decoration as before. [aleksihakli] - Use backend, middleware, and signal handlers for tracking login attempts and implementing user lockouts. [aleksihakli, jorlugaqui, joshua-s] - Add ``AxesDatabaseHandler``, ``AxesCacheHandler``, and ``AxesDummyHandler`` handler backends for processing user login and logout events and failures. Handlers are configurable with the ``AXES_HANDLER`` setting. [aleksihakli, jorlugaqui, joshua-s] - Improve management commands and separate commands for resetting all access attempts, attempts by IP, and attempts by username. New command names are ``axes_reset``, ``axes_reset_ip`` and ``axes_reset_username``. [aleksihakli] - Add support for string import for ``AXES_USERNAME_CALLABLE`` that supports dotted paths in addition to the old callable type such as a function or a class method. [aleksihakli] - Deprecate one argument call signature for ``AXES_USERNAME_CALLABLE``. From now on, the callable needs to accept two arguments, the HttpRequest and credentials that are supplied to the Django ``authenticate`` method in authentication backends. [aleksihakli] - Move ``axes.attempts.is_already_locked`` function to ``axes.handlers.AxesProxyHandler.is_locked``. Various other previously undocumented methods have been deprecated and moved inside the project. The new documented public APIs can be considered as stable and can be safely utilized by other projects. [aleksihakli] - Improve documentation layouting and contents. Add public API reference section. [aleksihakli] ```
Links - PyPI: https://pypi.org/project/django-axes - Changelog: https://pyup.io/changelogs/django-axes/ - Repo: https://github.com/jazzband/django-axes
pyup-bot commented 4 years ago

Closing this in favor of #365