More attempts to upload to pypi both flask-security and flask-security-too.
No code changes - however the build manifest changed so the source distribution
contents might be slightly different.
Docs and Chores
+++++++++++++++
(:pr:1019) Separate publish workflows for each pypi package
Version 5.5.1
Released August 1, 2024
I am pleased to announce that Flask-Security-Too is now part of pallets-eco and has returned
to be released as 'Flask-Security'. For the foreseeable future, we will publish the same release to both
Flask-Security and Flask-Security-Too on PyPI.
There are no code changes.
Docs and Chores
+++++++++++++++
(:pr:1015) Convert docs, links, badges, etc to pallets-eco
Version 5.5.0
Released July 24, 2024
Features & Improvements
+++++++++++++++++++++++
(:issue:956) Add support for changing registered user's email (:py:data:SECURITY_CHANGE_EMAIL).
(:issue:944) Change default password hash to argon2 (was bcrypt). See below for details.
(:pr:990) Add freshness capability to auth tokens (enables /us-setup to function w/ just auth tokens).
(:pr:991) Add support to /tf-setup to not require sessions (use a state token).
(:issue:994) Add support for Flask-SQLAlchemy-Lite - including new all-inclusive models
that conform to sqlalchemy latest best-practice (type-annotated).
(:pr:1007) Convert other sqlalchemy-based datastores from legacy 'model.query' to best-practice 'select'
(:issue:983) Allow applications more flexibility defining allowable redirects.
Fixes
+++++
(:pr:972) Set :py:data:SECURITY_CSRF_COOKIE at beginning (GET /login) of authentication
ritual - just as we return the CSRF token. (thanks @e-goto)
(:issue:973) login and unified sign in should handle GET for authenticated user consistently.
(:pr:995) Don't show sms options if not defined in US_ENABLED_METHODS. (fredipevcin)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps flask-security-too from 5.4.3 to 5.5.2.
Release notes
Sourced from flask-security-too's releases.
Changelog
Sourced from flask-security-too's changelog.
... (truncated)
Commits
0f5ba0eReady for 5.5.277982fcBuild 2 different packages (#1019)726327cRelease 5.5.1 (#1017)fe222a1Convert publishing workflow to pallets-eco (#1016)3755a44Update to new home - pallets-eco (#1015)49a7429codecov trying to get working again (#1014)a024bf3Bump the github-actions group with 3 updates (#1013)83fe995Ready for 5.5.0 (#1012)26e6325Allow more flexibility in allowed redirect targets. (#1011)8970b35Change DEPRECATED_HASHING_SCHEMES to "auto". (#1009)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show