hawkpost icon indicating copy to clipboard operation
hawkpost copied to clipboard

Published 20 hours ago verified publisher icon whitesmith

Bump django-allauth from 0.47.0 to 0.54.0

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps django-allauth from 0.47.0 to 0.54.0.

Changelog

Sourced from django-allauth's changelog.

0.54.0 (2023-03-31)

Note worthy changes

  • Dropped support for EOL Python versions (3.5, 3.6).

Security notice

  • Even when account enumeration prevention was turned on, it was possible for an attacker to infer whether or not a given account exists based upon the response time of an authentication attempt. Fixed.

0.53.1 (2023-03-20)

Note worthy changes

  • Example base template was missing {% load i18n}, fixed.

0.53.0 (2023-03-16)

Note worthy changes

  • You can now override the use of the UserTokenForm over at the PasswordResetFromKeyView by configuring ACCOUNT_FORMS["user_token"] to allow the change of the password reset token generator.

  • The Google API URLs are now configurable via the provider setting which enables use-cases such as overriding the endpoint during integration tests to talk to a mocked version of the API.

0.52.0 (2022-12-29)

Note worthy changes

  • Officially support Django 4.1.

  • New providers: OpenID Connect, Twitter (OAuth2), Wahoo, DingTalk.

... (truncated)

Commits
  • 77368a8 chore: Preparing release 0.54.0
  • 6acb0dc fix(account): Account enumeration timing attack
  • 367865f docs: Remove ACCOUNT_PREVENT_ENUMERATION warning
  • 64d2477 chore: Run extra CI on Python 3.11
  • da299f8 chore: Run CI on Ubuntu 22
  • 632f37d chore!: Drop support for EOL Python 3.5 and 3.6, test on Python 3.11 too
  • afa3ea9 docs(README): Reworded inspite
  • 54d7280 chore(socialaccount): Remove hard-coded redirect URL
  • 0655cdf feat(accounts): add key to password reset template
  • 99b67e8 chore: Preparing release 0.53.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Apr 24 '23 23:04 dependabot[bot]