More attempts to upload to pypi both flask-security and flask-security-too.
No code changes - however the build manifest changed so the source distribution
contents might be slightly different.
Docs and Chores
+++++++++++++++
(:pr:1019) Separate publish workflows for each pypi package
Version 5.5.1
Released August 1, 2024
I am pleased to announce that Flask-Security-Too is now part of pallets-eco and has returned
to be released as 'Flask-Security'. For the foreseeable future, we will publish the same release to both
Flask-Security and Flask-Security-Too on PyPI.
There are no code changes.
Docs and Chores
+++++++++++++++
(:pr:1015) Convert docs, links, badges, etc to pallets-eco
Version 5.5.0
Released July 24, 2024
Features & Improvements
+++++++++++++++++++++++
(:issue:956) Add support for changing registered user's email (:py:data:SECURITY_CHANGE_EMAIL).
(:issue:944) Change default password hash to argon2 (was bcrypt). See below for details.
(:pr:990) Add freshness capability to auth tokens (enables /us-setup to function w/ just auth tokens).
(:pr:991) Add support to /tf-setup to not require sessions (use a state token).
(:issue:994) Add support for Flask-SQLAlchemy-Lite - including new all-inclusive models
that conform to sqlalchemy latest best-practice (type-annotated).
(:pr:1007) Convert other sqlalchemy-based datastores from legacy 'model.query' to best-practice 'select'
(:issue:983) Allow applications more flexibility defining allowable redirects.
Fixes
+++++
(:pr:972) Set :py:data:SECURITY_CSRF_COOKIE at beginning (GET /login) of authentication
ritual - just as we return the CSRF token. (thanks @e-goto)
(:issue:973) login and unified sign in should handle GET for authenticated user consistently.
(:pr:995) Don't show sms options if not defined in US_ENABLED_METHODS. (fredipevcin)
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps flask-security-too from 5.3.3 to 5.5.2.
Release notes
Sourced from flask-security-too's releases.
Changelog
Sourced from flask-security-too's changelog.
... (truncated)
Commits
0f5ba0eReady for 5.5.277982fcBuild 2 different packages (#1019)726327cRelease 5.5.1 (#1017)fe222a1Convert publishing workflow to pallets-eco (#1016)3755a44Update to new home - pallets-eco (#1015)49a7429codecov trying to get working again (#1014)a024bf3Bump the github-actions group with 3 updates (#1013)83fe995Ready for 5.5.0 (#1012)26e6325Allow more flexibility in allowed redirect targets. (#1011)8970b35Change DEPRECATED_HASHING_SCHEMES to "auto". (#1009)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show