Open renovate[bot] opened 2 months ago
This PR contains the following updates:
==3.1.0
==5.4.1
Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match.
This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1.
An immediate workaround would be to change collation of the affected field:
ALTER TABLE `social_auth_association` MODIFY `uid` varchar(255) COLLATE `utf8_bin`;
This issue was discovered by folks at https://opencraft.com/.
📅 Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==3.1.0
->==5.4.1
GitHub Vulnerability Alerts
CVE-2024-32879
Impact
Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match.
Patches
This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1.
Workarounds
An immediate workaround would be to change collation of the affected field:
References
This issue was discovered by folks at https://opencraft.com/.
Release Notes
python-social-auth/social-app-django (social-auth-app-django)
### [`v5.4.1`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#541---2024-04-24) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/5.4.0...5.4.1) ##### Changed - Added reverse migration for JSON field - Fixed improper handling of case sensitivity with MySQL/MariaDB (CVE-2024-32879) ### [`v5.4.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#540---2023-10-17) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/5.3.0...5.4.0) ##### Changed - Improved JSON field migration performance - Introduce configuration to request POST only requests for social authentication - Updated list of supported Django and Python versions ### [`v5.3.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#530---2023-09-01) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/5.2.0...5.3.0) ##### Changed - Uses Django native JSON field ### [`v5.2.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#520---2023-03-31) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/5.1.0...5.2.0) ##### Changed - Removed support for Django<3.2 - Fixed missing migration issue ### [`v5.1.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#510---2023-03-15) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/5.0.0...5.1.0) ##### Changed - Compatibility with recent Django and Python versions - Coding style improvements - Improved error handling in SocialAuthExceptionMiddleware ### [`v5.0.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#500---2021-08-05) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/4.0.0...5.0.0) ##### Changed - Removed compat shims for obsolete Django versions - Switch from deprecated `django.conf.urls.url` to `django.urls.path` - Use query `.exists()` instead of `.count() > 0` - Added testing for Django 3.0 - Drop support for Python 2 - Django generic `JSONField` support, details documented [here](https://python-social-auth.readthedocs.io/en/latest/configuration/django.html#json-field-support) - Django 3.2+ compatibility - Use `_default_manager` instead of `objects` ### [`v4.0.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#400---2020-06-20) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/3.4.0...4.0.0) ##### Changed - Dropped support for older Django versions (1.8, 1.9, 1.10, 2.0) - Fix `TypeError` when continuing a pipeline in Django 2.1 ### [`v3.4.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#340---2020-05-30) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/3.3.0...3.4.0) ##### Changed - Correct release mechanism ### [`v3.3.0`](https://togithub.com/python-social-auth/social-app-django/blob/HEAD/CHANGELOG.md#330---2020-05-30) [Compare Source](https://togithub.com/python-social-auth/social-app-django/compare/3.1.0...3.3.0) ##### Changed - Updated release and tests mechanismConfiguration
📅 Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.