Skip to content
This repository has been archived by the owner on Feb 12, 2022. It is now read-only.

Bump django-allauth from 0.45.0 to 0.48.0 #533

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 4, 2022

Bumps django-allauth from 0.45.0 to 0.48.0.

Changelog

Sourced from django-allauth's changelog.

0.48.0 (2022-02-03)


Note worthy changes

  • New translations: Catalan, Bulgarian.

  • Introduced a new setting ACCOUNT_PREVENT_ENUMERATION that controls whether or not information is revealed about whether or not a user account exists. Warning: this is a work in progress, password reset is covered, yet, signing up is not.

  • The ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN is now also respected when using HMAC based email confirmations. In earlier versions, users could trigger email verification mails without any limits.

  • Added builtin rate limitting (see ACCOUNT_RATE_LIMITS).

  • Added reset_url_token attribute in allauth.account.views.PasswordResetFromKeyView which allows specifying a token parameter displayed as a component of password reset URLs.

  • It is now possible to use allauth without having sites installed. Whether or not sites is used affects the data models. For example, the social app model uses a many-to-many pointing to the sites model if the sites app is installed. Therefore, enabling or disabling sites is not something you can do on the fly.

  • The facebook provider no longer raises ImproperlyConfigured within {% providers_media_js %} when it is not configured.

Backwards incompatible changes

  • The newly introduced ACCOUNT_PREVENT_ENUMERATION defaults to True impacting the current behavior of the password reset flow.

  • The newly introduced rate limitting is by default turned on. You will need to provide a 429.html template.

  • The default of SOCIALACCOUNT_STORE_TOKENS has been changed to False. Rationale is that storing sensitive information should be opt in, not opt out. If you were relying on this functionality without having it explicitly turned on, please add it to your settings.py.

0.47.0 (2021-12-09)


... (truncated)

Commits
  • 422c3f5 chore: Release 0.48.0
  • d30b5a1 chore(i18n): sync .po files
  • affcfa0 fix(facebook): don't raise ImproperlyConfigured in media_js()
  • 6e8f0a9 chore(account): move emailconfirmation key generation into adapter
  • 61c76aa chore: Black
  • fdf7ee1 chore(setup.py): Use intenct.nl project page for home page
  • 9fb1408 chore(setup.py): Add project URLs for PyPi
  • afd916d chore(i18n/ko): updated Korean translations
  • 212cbb3 update(changelog): add catalan translation to changelog
  • 1bd7cff feat(i18n): add Catalan translations
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 4, 2022
Bumps [django-allauth](https://github.com/pennersr/django-allauth) from 0.45.0 to 0.48.0.
- [Release notes](https://github.com/pennersr/django-allauth/releases)
- [Changelog](https://github.com/pennersr/django-allauth/blob/master/ChangeLog.rst)
- [Commits](pennersr/django-allauth@0.45.0...0.48.0)

---
updated-dependencies:
- dependency-name: django-allauth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/django-allauth-0.48.0 branch from 0a579b7 to 1f63ada Compare February 10, 2022 11:09
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants