Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

requirement: bump django-allauth from 64.1.0 to 64.2.0 #4641

Merged
merged 1 commit into from
Sep 9, 2024
Merged

requirement: bump django-allauth from 64.1.0 to 64.2.0 #4641

merged 1 commit into from
Sep 9, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 2, 2024
edited
Loading

Bumps django-allauth from 64.1.0 to 64.2.0.

Changelog

Sourced from django-allauth's changelog.

64.2.0 (2024-08-30)

Note worthy changes

  • Verifying email addresses by means of a code (instead of a link) is now supported. See settings.ACCOUNT_EMAIL_VERIFICATION_BY_CODE_ENABLED.

  • Added support for requiring logging in by code, so that every user logging in is required to input a login confirmation code sent by email. See settings.ACCOUNT_LOGIN_BY_CODE_REQUIRED.

Security notice

  • In case an ID token is used for authentication, the JTI is now respected to prevent the possibility of replays instead of solely relying on the expiration time.
Commits
  • 87edc03 chore: Release 64.2.0
  • 1d7f9e9 chore(i18n): Sync .po
  • 58ba217 chore(i18n): Sync weblate
  • 58db2be fix(socialaccount): Pass email to populate_user()
  • 7e99f3e chore(i18n/cs): Fix misplaced characters in cs localization
  • 20ab03c docs: update CERN provider
  • dd1412e chore(i18n/ko): fix typo and translation
  • 0304b1b fix(socialaccount): JWT: Prevent replay using JTI
  • d30b641 tests(headless): Verify email of other user while signed in
  • 560cb24 refactor(account): Email verification login & stage
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 2, 2024
@dependabot dependabot bot force-pushed the dependabot/pip/django-allauth-64.2.0 branch 6 times, most recently from b1da960 to 2619d25 Compare September 2, 2024 16:20
@dependabot dependabot bot force-pushed the dependabot/pip/django-allauth-64.2.0 branch 2 times, most recently from 59d539f to 3507c55 Compare September 2, 2024 16:59
@francoisfreitag
Copy link
Contributor

Bisected to pennersr/django-allauth@560cb24

@francoisfreitag francoisfreitag force-pushed the dependabot/pip/django-allauth-64.2.0 branch from 3507c55 to bf449cc Compare September 3, 2024 08:53
@francoisfreitag
Copy link
Contributor

pennersr/django-allauth#4086

@francoisfreitag francoisfreitag added the pending PR en attente, ne pas intégrer. label Sep 4, 2024
@francoisfreitag
Copy link
Contributor

pennersr/django-allauth#4089

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 9, 2024

A newer version of django-allauth exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@francoisfreitag francoisfreitag force-pushed the dependabot/pip/django-allauth-64.2.0 branch from bf449cc to 67c7c8d Compare September 9, 2024 13:42
@socket-security Socket Security
Copy link

socket-security bot commented Sep 9, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
pypi/[email protected] environment, eval, filesystem, network, unsafe 0 5.35 MB pennersr

🚮 Removed packages: pypi/[email protected])

View full report↗︎

@francoisfreitag francoisfreitag force-pushed the dependabot/pip/django-allauth-64.2.0 branch 2 times, most recently from e9250a1 to 8c62e51 Compare September 9, 2024 13:49
@dependabot @francoisfreitag
requirement: bump django-allauth from 64.1.0 to 64.2.1
f99fbbe 
With
pennersr/django-allauth@560cb24,
the LOGIN_ON_EMAIL_CONFIRMATION=True is now taken into account when
verifying an email.

Since that commit, the hook `get_signup_redirect_url()` is called on
email verification instead of `get_login_redirect_url()`.

Bumps [django-allauth](https://github.com/pennersr/django-allauth) from 64.1.0 to 64.2.1.
- [Changelog](https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst)
- [Commits](pennersr/django-allauth@64.1.0...64.2.1)

---
updated-dependencies:
- dependency-name: django-allauth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@francoisfreitag francoisfreitag force-pushed the dependabot/pip/django-allauth-64.2.0 branch from 8c62e51 to f99fbbe Compare September 9, 2024 13:49
@francoisfreitag francoisfreitag added this pull request to the merge queue Sep 9, 2024
Merged via the queue into master with commit adfee3d Sep 9, 2024
11 checks passed
@francoisfreitag francoisfreitag deleted the dependabot/pip/django-allauth-64.2.0 branch September 9, 2024 14:05
@francoisfreitag
Copy link
Contributor

Ah, il y a eu un raté. Je ne sais pas comment j’ai ajouté la PR dans la merge queue. Peut-être y était elle restée d’une tentative précédente, ou un misclick 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@francoisfreitag francoisfreitag francoisfreitag approved these changes

@tonial tonial Awaiting requested review from tonial

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file pending PR en attente, ne pas intégrer. python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@francoisfreitag @tonial