search

hash-gaming / slackproval

The lightweight slack approved system for managing invites to an open slack community
MIT License
4 stars 0 forks source link

Bump sorcery from 0.11.0 to 0.15.0 #56

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps sorcery from 0.11.0 to 0.15.0.

Release notes

Sourced from sorcery's releases.

v0.15.0

  • Fix brute force vuln due to callbacks no being ran #235
  • Revert on_load change due to breaking existing applications #234
  • Add forget_me! and force_forget_me! test cases #216
  • In generic_send_email, check responds_to #211
  • Fix typo #219
  • Fix deprecation warnings in Rails 6 #209
  • Add ruby 2.6.5 to the travis build #215
  • Add discord provider #185
  • Remove MySQL database creation call #214
  • Use id instead of uid for VK provider #199
  • Don't :return_t JSON requests after login #197
  • Fix email scope for LinkedIn Provider #191
  • Ignore cookies when undefined cookies #187
  • Allow for custom providers with multi-word class names. #190

v0.13.0

  • Add support for Rails 5.2 / Ruby 2.5 #129
  • Fix migration files not being generated #128
  • Add support for ActionController::API #133, #150, #159
  • Update activation email to use after_commit callback #130
  • Add opt-in invalidate_active_sessions! method #110
  • Pass along remember_me to #auto_login #136
  • Respect SessionTimeout on login via RememberMe #102
  • Added demodulize on authentication class name association name fetch #147
  • Remove Gemnasium badge #140
  • Add Instragram provider #51
  • Remove publish_actions permission for facebook #139
  • Prepare for 1.0.0 #157
  • Add Auth0 provider #160

v0.12.0

  • Fix magic_login not inheriting from migration_class_name #99
  • Update YARD dependency #100
  • Make #update_attributes behave like #update #98
  • Add tests to the magic login submodule #95
  • Set user.stretches to 1 in test env by default #81
  • Allow user to be loaded from other source when session expires. fix #89 #94
  • Added a new ArgumentError for not defined user_class in config #82
  • Updated Required Ruby version to 2.2 #85
  • Add configuration for token randomness #67
  • Add facebook user_info_path option to initializer.rb #63
  • Add new function: build_from (allows building a user instance from OAuth without saving) #54
  • Add rubocop configuration and TODO list #107
  • Add support for VK OAuth (thanks to @Hirurg103) #109
  • Fix token leak via referrer header #56
  • Add login_user helper for request specs #57
Changelog

Sourced from sorcery's changelog.

0.15.0

  • Fix brute force vuln due to callbacks no being ran #235
  • Revert on_load change due to breaking existing applications #234
  • Add forget_me! and force_forget_me! test cases #216
  • In generic_send_email, check responds_to #211
  • Fix typo #219
  • Fix deprecation warnings in Rails 6 #209
  • Add ruby 2.6.5 to the travis build #215
  • Add discord provider #185
  • Remove MySQL database creation call #214
  • Use id instead of uid for VK provider #199
  • Don't :return_t JSON requests after login #197
  • Fix email scope for LinkedIn Provider #191
  • Ignore cookies when undefined cookies #187
  • Allow for custom providers with multi-word class names. #190

0.14.0

  • Update LinkedIn to use OAuth 2 #189
  • Support the LINE login auth #80
  • Allow BCrypt to have app-specific secret token #173
  • Add #change_password method to reset_password module. #165
  • Clean up initializer comments #153
  • Allow load_from_magic_login_token to accept a block #152
  • Fix CipherError class name #142
  • Fix update_failed_logins_count being called twice when login failed #163
  • Update migration templates to use new hash syntax #170
  • Support for Rails 4.2 and lower soft-dropped #171

0.13.0

  • Add support for Rails 5.2 / Ruby 2.5 #129
  • Fix migration files not being generated #128
  • Add support for ActionController::API #133, #150, #159
  • Update activation email to use after_commit callback #130
  • Add opt-in invalidate_active_sessions! method #110
  • Pass along remember_me to #auto_login #136
  • Respect SessionTimeout on login via RememberMe #102
  • Added demodulize on authentication class name association name fetch #147
  • Remove Gemnasium badge #140
  • Add Instragram provider #51
  • Remove publish_actions permission for facebook #139
  • Prepare for 1.0.0 #157
  • Add Auth0 provider #160

0.12.0

  • Fix magic_login not inheriting from migration_class_name #99
  • Update YARD dependency #100
... (truncated)
Commits
  • e81c64c Release 0.15.0
  • eee5653 Add recent changes to changelog
  • 0f116d2 Fix brute force vuln due to callbacks not being ran (#235)
  • 6b72ca3 Revert on_load change due to breaking existing applications (#234)
  • c30cefa Add forget_me! and force_forget_me! test cases (#216)
  • f87d14e In generic_send_email, check if mail object responds to delivery method ins...
  • 16bb809 Fix typo (#219)
  • 26dd64b Fix deprecation warnings in Rails 6 (#209)
  • a973ae4 Add ruby 2.6.5 to the travis build (#215)
  • dd03140 Add discord provider (#185)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hash-gaming/slackproval/network/alerts).