Skip to content
This repository has been archived by the owner on Nov 21, 2023. It is now read-only.

build(deps): bump django-allauth from 0.57.0 to 0.58.0 #72

Merged
merged 1 commit into from
Oct 27, 2023
Merged

build(deps): bump django-allauth from 0.57.0 to 0.58.0 #72

merged 1 commit into from
Oct 27, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2023

Bumps django-allauth from 0.57.0 to 0.58.0.

Changelog

Sourced from django-allauth's changelog.

0.58.0 (2023-10-26)

Note worthy changes

  • The SocialAccount.exra_data field was a custom JSON field that used TextField as the underlying implementation. It was once needed because Django had no JSONField support. Now, this field is changed to use the official JSONField(). Migrations are in place.

  • Officially support Django 5.0.

  • In previous versions, users could never remove their primary email address. This is constraint is now relaxed. In case the email address is not required, for example, because the user logs in by username, removal of the email address is allowed.

  • Added a new setting ACCOUNT_REAUTHENTICATION_REQUIRED that, when enabled, requires the user to reauthenticate before changes (such as changing the primary email address, adding a new email address, etc.) can be performed.

Backwards incompatible changes

  • Refactored the built-in templates, with the goal of being able to adjust the look and feel of the whole project by only overriding a few core templates. This approach allows you to achieve visual results fast, but is of course more limited compared to styling all templates yourself. If your project provided its own templates then this change will not affect anything, but if you rely on (some of) the built-in templates your project may be affected.

  • The Azure provider has been removed in favor of keeping the Microsoft provider. Both providers were targeting the same goal.

Security notice

  • Facebook: Using the JS SDK flow, it was possible to post valid access tokens originating from other apps. Facebook user IDs are scoped per app. By default that user ID (not the email address) is used as key while authenticating. Therefore, such access tokens can not be abused by default. However, in case SOCIALACCOUNT_EMAIL_AUTHENTICATION was explicitly enabled for the Facebook provider, these tokens could be used to login.
Commits
  • d8b33de chore: Release 0.58.0
  • 2b55add fix(facebook): Inspect POST'ed access token
  • e8a1035 fix(account/middleware): Check content type vs. dangling login
  • 67c5fbc docs(socialaccount): settings.py vs admin SocialApp
  • 104416b refactor(socialaccount): Move certificate_key into settings
  • 5fe150b fix(account): Don't attempt to lookup invalid email
  • d7d8d2f feat(account): Reauthentication required
  • 15c1223 fix(account): Email change form action url was empty
  • a0ff1aa feat(account): Allow removal of email depending on auth method
  • 0e29d46 chore(ci): Update to add Django 5.0 (alpha) support.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump django-allauth from 0.57.0 to 0.58.0
8d9aeb1 
Bumps [django-allauth](https://github.com/pennersr/django-allauth) from 0.57.0 to 0.58.0.
- [Changelog](https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst)
- [Commits](pennersr/django-allauth@0.57.0...0.58.0)

---
updated-dependencies:
- dependency-name: django-allauth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 27, 2023
@M0NsTeRRR M0NsTeRRR merged commit 4c58fe1 into main Oct 27, 2023
9 checks passed
@M0NsTeRRR M0NsTeRRR deleted the dependabot/pip/django-allauth-0.58.0 branch October 27, 2023 09:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@M0NsTeRRR M0NsTeRRR

Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@M0NsTeRRR