Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump django-allauth from 0.54.0 to 0.63.1 #568

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 19, 2024

Bumps django-allauth from 0.54.0 to 0.63.1.

Changelog

Sourced from django-allauth's changelog.

0.63.1 (2024-05-17)


Note worthy changes

  • When only allauth.account was installed, you could run into an exception stating "allauth.socialaccount not installed, yet its models are imported.". This has been fixed.

  • When SOCIALACCOUNT_EMAIL_AUTHENTICATION was turned on, and a user would connect a third-party account for which email authentication would kick in, the connect was implicitly skipped. Fixed.

  • The recommendation from the documentation to protect the Django admin login could cause an infinite redirect loop in case of AUTHENTICATED_LOGIN_REDIRECTS. A decorator secure_admin_login() is now offered out of the box to ensure that the Django admin is properly secured by allauth (e.g. rate limits, 2FA).

  • Subpackages from the tests package were packaged, fixed.

0.63.0 (2024-05-14)


Note worthy changes

  • New providers: TikTok, Lichess.

  • Starting since version 0.62.0, new email addresses are always stored as lower case. In this version, we take the final step and also convert existing data to lower case, alter the database indices and perform lookups accordingly. Migrations are in place. For rationale, see the note about email case sensitivity in the documentation.

  • An official API for single-page and mobile application support is now available, via the new allauth.headless app.

  • Added support for a honeypot field on the signup form. Real users do not see the field and therefore leave it empty. When bots do fill out the field account creation is silently skipped.

0.62.1 (2024-04-24)


  • The tests package was accidentally packaged, fixed.

... (truncated)

Commits
  • e409ac9 chore: Release 0.63.1
  • 8fd365f docs(ChangeLog): Add account-only note
  • 2021e0b fix(socialaccount): is_existing caused repeated db queries
  • 6da7730 fix: Don't import mfa/socialaccount models when not installed
  • 7e8c262 feat(templates): add form tags for email
  • b1786ed feat: secure_admin_login() decorator
  • 9731a41 fix(socialaccount): Email authentication vs connect
  • ed37642 fix(setup): tests subpackages being packaged
  • b9c1f3a chore: Opening 0.63.1-dev
  • 0a3040f fix(README): PyPi vs raw::html
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 19, 2024
Bumps [django-allauth](https://github.com/pennersr/django-allauth) from 0.54.0 to 0.63.1.
- [Changelog](https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst)
- [Commits](pennersr/django-allauth@0.54.0...0.63.1)

---
updated-dependencies:
- dependency-name: django-allauth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/django-allauth-0.63.1 branch from db93eee to dae95ed Compare May 23, 2024 16:33
Copy link
Contributor Author

dependabot bot commented on behalf of github May 26, 2024

Superseded by #575.

@dependabot dependabot bot closed this May 26, 2024
@dependabot dependabot bot deleted the dependabot/pip/django-allauth-0.63.1 branch May 26, 2024 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants