search

openwisp / openwisp-users

Implementation of user management and multi-tenancy for OpenWISP
https://openwisp.io/docs/dev/users/
BSD 3-Clause "New" or "Revised" License
163 stars 74 forks source link

[deps] Update django-allauth requirement from ~=0.54.0 to ~=0.63.5 #394

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Updates the requirements on django-allauth to permit the latest version.

Changelog

Sourced from django-allauth's changelog.

0.63.5 (2024-07-11)

Fixes

  • The security fix in 0.63.4 that altered the __str__() of SocialToken caused issues within the Amazon Cognito, Atlassian, JupyterHub, LemonLDAP, Nextcloud and OpenID Connect providers. Fixed.

0.63.4 (2024-07-10)

Security notice

  • The __str__() method of the SocialToken model returned the access token. As a consequence, logging or printing tokens otherwise would expose the access token. Now, the method no longer returns the token. If you want to log/print tokens, you will now have to explicitly log the token field of the SocialToken instance.

  • Enumeration prevention: the behavior on the outside of an actual signup versus a signup where the user already existed was not fully identical, fixed.

0.63.3 (2024-05-31)

Note worthy changes

  • In HEADLESS_ONLY mode, the /accounts/<provider>/login/ URLs were still available, fixed.

  • The few remaining OAuth 1.0 providers were not compatible with headless mode, fixed.

  • Depending on where you placed the secure_admin_login(admin.site.login) protection you could run into circular import errors, fixed.

Backwards incompatible changes

  • SAML: IdP initiated SSO is disabled by default, see security notice below.

Security notice

... (truncated)

Commits
  • 11fa4e8 fix(socialaccount): Drop use of SocialToken.str
  • a41085c chore: Release 0.63.4
  • a671ca6 fix(account): Prevent enumeration vs messages
  • 663c7df fix(socialaccount): Don't return access token in str
  • aa33e2f chore: Opening 0.63.4-dev
  • f6577fa chore: Release 0.63.3
  • 1f631a1 fix(saml): Secure SP initiated SSO, disable IdP initiated SSO
  • 165abe0 docs: Don't rely on test settings
  • 73efc84 docs: Added examples section
  • c5d4d54 refactor(account/forms): Move email2 lower to clean()
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 months ago

Superseded by #397.