commit python-Flask-Security-Too for openSUSE:Factory

3 Jun 2024

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-Flask-Security-Too for openSUSE:Factory checked in at 2024-06-03 17:41:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Flask-Security-Too (Old)
 and      /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.24587 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-Flask-Security-Too"

Mon Jun  3 17:41:31 2024 rev:23 rq:1177933 version:5.4.3

Changes:
--------

--- /work/SRC/openSUSE:Factory/python-Flask-Security-Too/python-Flask-Security-Too.changes	2024-02-13 22:42:25.864377645 +0100
+++ /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.24587/python-Flask-Security-Too.changes	2024-06-03 17:41:40.323052730 +0200
@@ -1,0 +2,75 @@
+Fri May 31 12:12:17 UTC 2024 - Antonio Larrosa 
+
+- Update to 5.4.3:
+  + Fixes
+    * Regression - some templates no longer getting correct config
+    * CSRF not properly ignored for application forms using
+      :py SECURITY_CSRF_PROTECT_MECHANISMS.
+    * Improve jp translations
+    * Regression - datetime_factory should still be an attribute
+    * :py SECURITY_RETURN_GENERIC_RESPONSES hide email
+      validation/syntax errors.
+
+- Update to 5.4.2:
+  + Fixes
+    * OpenAPI spec missing.
+    * Doc fixes
+    * Update ES/IT translations
+
+- Update to 5.4.0 & 5.4.1:
+  + Features and improvements:
+    * Work with Flask[async]. view decorators and signals support
+      async handlers.
+    * CI support for python 3.12
+    * Work with py_webauthn 2.0 (and only 2.0+)
+    * Improve (and simplify) Two-Factor setup. See below for
+      backwards compatability issues and new functionality.
+    * Improve oauth debugging support. Handle next propagation in a
+      more general way.
+    * Make AnonymousUser (Flask-Login) optional and deprecated.
+    * Remove undocumented and untested looking in session for
+      possible 'next' redirect location.
+    * No longer rely on Flask-Login.unauthorized callback. See
+      below for implications.
+    * Changes to default unauthorized handler - remove use of
+      referrer header (see below) and document precise behavior.
+    * The authentication_token format has changed - adding
+      per-token expiry time and future session ID. Old tokens are
+      still accepted.
+  + Docs and Chores
+    * Improve method translations for unified signin and two
+      factor. Remove support for Flask-Babelex.
+    * Chore - stop setting all config as attributes.
+      init_app(**kwargs) can only set forms, flags, and utility
+      classes (see below for compatibility concerns).
+    * Update Spanish and Italian translations.
+    * Improve translations for two-factor method selection.
+    * Improve German translations.
+    * Remove deprecation of AUTO_LOGIN_AFTER_CONFIRM - it has a
+      reasonable use case.
+    * Update message extraction - note that the
+      CONFIRM_REGISTRATION message was changed to improve
+      readability.
+  + Fixes
+    * us-signin magic link should use fs_uniquifier (not email).
+    * Improve open-redirect vulnerability mitigation. (see below)
+    * user_datastore.create_user has side effects on mutable
+      inputs. (NoRePercussions)
+    * The long deprecated _unauthorized_callback/handler has been
+      removed.
+    * Oauth re-used POST_LOGIN_VIEW which caused confusion. See
+      below for the new configuration and implications.
+    * Improve CSRF documentation and testing. Fix bug where a CSRF
+      failure could return an HTML page even if the request was
+      JSON.
+    * Register with JSON and authentication token failed CSRF.
+    * Fix 2 issues with CSRF configuration.
+    * It was possible that if SECURITY_EMAIL_VALIDATOR_ARGS were
+      set that deliverability would be checked even for login.
+  + Backwards Compatibility Concerns
+    Please read the full changelog at
+    https://github.com/Flask-Middleware/flask-security/blob/master/CHANGES.rst#v...
+- Drop patch that's already included by upstream:
+  * support-python-312.patch
+
+-------------------------------------------------------------------

Old:
----
  Flask-Security-Too-5.3.3.tar.gz
  support-python-312.patch

New:
----
  Flask-Security-Too-5.4.3.tar.gz

BETA DEBUG BEGIN:
  Old:- Drop patch that's already included by upstream:
  * support-python-312.patch
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-Flask-Security-Too.spec ++++++
--- /var/tmp/diff_new_pack.umikXE/_old	2024-06-03 17:41:41.055080567 +0200
+++ /var/tmp/diff_new_pack.umikXE/_new	2024-06-03 17:41:41.055080567 +0200
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-Flask-Security-Too
-Version:        5.3.3
+Version:        5.4.3
 Release:        0
 Summary:        Security for Flask apps
 License:        MIT
@@ -27,8 +27,6 @@
 Patch0:         no-mongodb.patch
 # PATCH-FIX-OPENSUSE Use pyqrcodeng, we do not ship qrcode in OpenSUSE.
 Patch1:         use-pyqrcodeng.patch
-# PATCH-FIX-UPSTREAM Based on gh#Flask-Middleware/flask-security#900
-Patch2:         support-python-312.patch
 BuildRequires:  %{python_module Authlib}
 BuildRequires:  %{python_module Babel >= 2.10.0}
 BuildRequires:  %{python_module Flask >= 2.3.2}
@@ -37,7 +35,7 @@
 BuildRequires:  %{python_module Flask-Mailman >= 0.3.0}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
 BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.3}
-BuildRequires:  %{python_module Flask-WTF >= 1.1.1}
+BuildRequires:  %{python_module Flask-WTF >= 1.1.2}
 BuildRequires:  %{python_module MarkupSafe >= 2.1.0}
 BuildRequires:  %{python_module PyQRCode >= 1.2}
 BuildRequires:  %{python_module SQLAlchemy}
@@ -49,8 +47,8 @@
 BuildRequires:  %{python_module bleach >= 6.0.0}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
 BuildRequires:  %{python_module cryptography >= 40.0.2}
-BuildRequires:  %{python_module dateutil}
 BuildRequires:  %{python_module email-validator >= 2.0}
+BuildRequires:  %{python_module freezegun}
 BuildRequires:  %{python_module importlib_resources >= 5.10.0}
 BuildRequires:  %{python_module itsdangerous >= 1.1.0}
 BuildRequires:  %{python_module passlib >= 1.7.4}
@@ -61,6 +59,7 @@
 BuildRequires:  %{python_module pytest >= 6.2.5}
 BuildRequires:  %{python_module requests}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module webauthn >= 2.0.0}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  %{python_module zxcvbn >= 4.4.28}
 BuildRequires:  fdupes
@@ -69,7 +68,7 @@
 Requires:       python-Flask-Babel >= 3.1.0
 Requires:       python-Flask-Login >= 0.6.2
 Requires:       python-Flask-Principal >= 0.4.0
-Requires:       python-Flask-WTF >= 1.1.1
+Requires:       python-Flask-WTF >= 1.1.2
 Requires:       python-MarkupSafe >= 2.1.0
 Requires:       python-WTForms >= 3.0.0
 Requires:       python-Werkzeug >= 2.3.3
@@ -80,6 +79,7 @@
 Requires:       python-importlib_resources >= 5.10.0
 Requires:       python-itsdangerous >= 1.1.0
 Requires:       python-passlib >= 1.7.4
+Requires:       python-webauthn >= 2.0.0
 Recommends:     python-PyQRCode >= 1.2
 Recommends:     python-SQLAlchemy
 Recommends:     python-zxcvbn >= 4.4.28

++++++ Flask-Security-Too-5.3.3.tar.gz -> Flask-Security-Too-5.4.3.tar.gz ++++++
++++ 34550 lines of diff (skipped)

    

commit python-Flask-Security-Too for openSUSE:Factory

Source-Sync