commit python-Flask-Security-Too for openSUSE:Factory

Source-Sync Tue, 15 Aug 2023 07:40:10 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-Flask-Security-Too for 
openSUSE:Factory checked in at 2023-08-15 16:39:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Flask-Security-Too (Old)
 and      /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.11712 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-Flask-Security-Too"

Tue Aug 15 16:39:54 2023 rev:16 rq:1102263 version:5.3.0

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-Flask-Security-Too/python-Flask-Security-Too.changes
      2023-04-11 13:51:14.671390327 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.11712/python-Flask-Security-Too.changes
   2023-08-15 16:40:01.194992647 +0200
@@ -1,0 +2,34 @@
+Thu Aug  3 11:48:11 UTC 2023 - Daniel Garcia <[email protected]>
+
+- Update to 5.3.0:
+  * Improvements to recoverability and confirmation to align with
+    OWASP best practices and reduce possible exploitation.
+  * Webauthn Updates to handling of transport.
+  * Fix MongoDB support by eliminating dependency on flask-mongoengine. 
Improve MongoDB quickstart.
+  * Fix Quickstart for SQLAlchemy with scoped session.
+  * Login no longer, by default, checks for email deliverability.
+  * Token authentication is no longer accepted on endpoints which only allow 
'session' as authentication-method. (N247S)
+  * /reset and /confirm and GENERIC_RESPONSES and additional form args don't 
mix.
+  * Reset password can be exploited and other OWASP improvements.
+  * Confirmation can be exploited and other OWASP improvements.
+  * Convert to pyproject.toml, build, remove setup.py/.cfg.
+  * the tf_validity feature now ONLY sets a cookie - and the token is no 
longer returned as part of a JSON response.
+  * Fix login/unified signin templates to properly send CSRF token. Add more 
tests.
+  * Improve Social Oauth example code.
+- 5.2.0:
+  * Small updates to work with latest Flask/Werkzeug.
+  * Drop support for Python 3.7
+  * Drop support for older versions of dependent packages (such as Flask).
+  * Remove old Werkzeug compatibility check.
+  * Compatibility with Quart.
+  * Remove dependence on pkg_resources / setuptools (use importlib_resources 
package)
+  * Fix tests to work with latest Werkzeug/Flask. Update requirements_low to 
match current releases.
+  * Drop support for Python 3.7
+- 5.1.2:
+  * Hungarian translations not working.
+  * Fix documentation for send_mail. (gg)
+  * Fix for latest mongoengine and mongomock.
+  * Fix inappropriate use of &thinsp& in French translations. (maxdup)
+  * Improve documentation around subclassing forms.
+
+-------------------------------------------------------------------

Old:
----
  Flask-Security-Too-5.1.1.tar.gz

New:
----
  Flask-Security-Too-5.3.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-Flask-Security-Too.spec ++++++
--- /var/tmp/diff_new_pack.Uyo22a/_old  2023-08-15 16:40:01.958997858 +0200
+++ /var/tmp/diff_new_pack.Uyo22a/_new  2023-08-15 16:40:01.962997885 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           python-Flask-Security-Too
-Version:        5.1.1
+Version:        5.3.0
 Release:        0
 Summary:        Security for Flask apps
 License:        MIT
@@ -30,54 +30,59 @@
 Patch2:         filterwarnings-ignore-pkg_resources.patch
 BuildRequires:  %{python_module Authlib}
 BuildRequires:  %{python_module Babel >= 2.10.0}
-BuildRequires:  %{python_module Flask >= 1.1.1}
-BuildRequires:  %{python_module Flask-Babel >= 2.0.0}
-BuildRequires:  %{python_module Flask-Login >= 0.4.1}
+BuildRequires:  %{python_module Flask >= 2.3.2}
+BuildRequires:  %{python_module Flask-Babel >= 3.1.0}
+BuildRequires:  %{python_module Flask-Login >= 0.6.2}
 BuildRequires:  %{python_module Flask-Mailman >= 0.3.0}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
-BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.2}
-BuildRequires:  %{python_module Flask-WTF >= 0.14.3}
+BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.3}
+BuildRequires:  %{python_module Flask-WTF >= 1.1.1}
 BuildRequires:  %{python_module PyQRCode >= 1.2}
-BuildRequires:  %{python_module SQLAlchemy >= 1.4.35}
+BuildRequires:  %{python_module SQLAlchemy}
 BuildRequires:  %{python_module WTForms-lang}
 BuildRequires:  %{python_module WTForms}
-BuildRequires:  %{python_module Werkzeug >= 0.14.1}
-BuildRequires:  %{python_module argon2_cffi >= 19.1.0}
+BuildRequires:  %{python_module Werkzeug >= 2.3.3}
+BuildRequires:  %{python_module argon2_cffi >= 21.3.0}
 BuildRequires:  %{python_module bcrypt >= 4.0.1}
-BuildRequires:  %{python_module bleach >= 5.0.0}
+BuildRequires:  %{python_module bleach >= 6.0.0}
 BuildRequires:  %{python_module blinker >= 1.4}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
-BuildRequires:  %{python_module cryptography >= 37.0.4}
+BuildRequires:  %{python_module cryptography >= 40.0.2}
 BuildRequires:  %{python_module dateutil}
 BuildRequires:  %{python_module email-validator >= 1.1.1}
+BuildRequires:  %{python_module importlib_resources >= 5.10.0}
 BuildRequires:  %{python_module itsdangerous >= 1.1.0}
-BuildRequires:  %{python_module passlib >= 1.7.2}
-BuildRequires:  %{python_module peewee >= 3.7.1}
-BuildRequires:  %{python_module phonenumbers >= 8.12.18}
-BuildRequires:  %{python_module pony}
+BuildRequires:  %{python_module passlib >= 1.7.4}
+BuildRequires:  %{python_module peewee >= 3.16.2}
+BuildRequires:  %{python_module phonenumbers}
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module pony if %python-base < 3.11}
 BuildRequires:  %{python_module pytest >= 6.2.5}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  %{python_module zxcvbn >= 4.4.28}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-Flask >= 1.1.1
-Requires:       python-Flask-Babel >= 2.0.0
-Requires:       python-Flask-Login >= 0.4.1
+Requires:       python-Flask >= 2.3.2
+Requires:       python-Flask-Babel >= 3.1.0
+Requires:       python-Flask-Login >= 0.6.2
 Requires:       python-Flask-Principal >= 0.4.0
-Requires:       python-Flask-WTF >= 0.14.3
-Requires:       python-Werkzeug >= 0.14.1
+Requires:       python-Flask-WTF >= 1.1.1
+Requires:       python-WTForms >= 3.0.0
+Requires:       python-Werkzeug >= 2.3.3
 Requires:       python-bcrypt >= 4.0.1
-Requires:       python-bleach >= 5.0.0
+Requires:       python-bleach >= 6.0.0
 Requires:       python-blinker >= 1.4
-Requires:       python-cryptography >= 37.0.4
+Requires:       python-cryptography >= 40.0.2
 Requires:       python-email-validator >= 1.1.1
+Requires:       python-importlib_resources >= 5.10.0
 Requires:       python-itsdangerous >= 1.1.0
-Requires:       python-passlib >= 1.7.2
+Requires:       python-passlib >= 1.7.4
 Recommends:     python-PyQRCode >= 1.2
-Recommends:     python-SQLAlchemy >= 1.4.35
+Recommends:     python-SQLAlchemy
 Recommends:     python-zxcvbn >= 4.4.28
-Suggests:       python-argon2_cffi >= 19.1.0
-Suggests:       python-phonenumbers >= 8.12.18
+Suggests:       python-argon2_cffi >= 21.3.0
+Suggests:       python-phonenumbers
 Conflicts:      python-Flask-Security < 3.2.0
 Obsoletes:      python-Flask-Security < 3.2.0
 Provides:       python-Flask-Security = %{version}
@@ -99,20 +104,19 @@
 %endif
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-# gh#Flask-Middleware/flask-security#605 for test_two_factor_flag
-%pytest -k 'not test_two_factor_flag'
+%pytest -k 'not test_login_email_whatever'
 
 %files %{python_files}
 %doc AUTHORS CHANGES.rst README.rst
 %license LICENSE
 %{python_sitelib}/flask_security
-%{python_sitelib}/Flask_Security_Too-%{version}-py%{python_version}.egg-info
+%{python_sitelib}/Flask_Security_Too-%{version}*-info
 
 %changelog

++++++ Flask-Security-Too-5.1.1.tar.gz -> Flask-Security-Too-5.3.0.tar.gz ++++++
++++ 19956 lines of diff (skipped)

++++++ filterwarnings-ignore-pkg_resources.patch ++++++
--- /var/tmp/diff_new_pack.Uyo22a/_old  2023-08-15 16:40:02.262999931 +0200
+++ /var/tmp/diff_new_pack.Uyo22a/_new  2023-08-15 16:40:02.270999985 +0200
@@ -1,13 +1,13 @@
-Index: Flask-Security-Too-5.1.1/pytest.ini
+Index: Flask-Security-Too-5.3.0/pytest.ini
 ===================================================================
---- Flask-Security-Too-5.1.1.orig/pytest.ini
-+++ Flask-Security-Too-5.1.1/pytest.ini
-@@ -21,6 +21,7 @@ filterwarnings =
-     ignore:.*Setting 'json_encoder'.*:DeprecationWarning:flask:0
-     ignore:.*'JSONEncoder'.*:DeprecationWarning:flask:0
+--- Flask-Security-Too-5.3.0.orig/pytest.ini
++++ Flask-Security-Too-5.3.0/pytest.ini
+@@ -20,6 +20,7 @@ filterwarnings =
+     ignore:.*'locked_cached_property'.*:DeprecationWarning:flask:0
+     ignore:.*'flask.Markup'.*:DeprecationWarning:flask:0
      ignore::DeprecationWarning:mongoengine:
 +    ignore:.*pkg_resources.*:DeprecationWarning::
+     ignore::DeprecationWarning:flask_login:0
      ignore:.*passwordless feature.*:DeprecationWarning:flask_security:0
      ignore:.*passing settings to bcrypt.*:DeprecationWarning:passlib:0
-     ignore:.*'crypt' is deprecated.*:DeprecationWarning:passlib:0

commit python-Flask-Security-Too for openSUSE:Factory

Reply via email to