commit python-social-auth-core for openSUSE:Factory

Source-Sync Sun, 28 Jun 2026 12:14:40 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-social-auth-core for 
openSUSE:Factory checked in at 2026-06-28 21:11:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-social-auth-core (Old)
 and      /work/SRC/openSUSE:Factory/.python-social-auth-core.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-social-auth-core"

Sun Jun 28 21:11:11 2026 rev:33 rq:1362191 version:5.0.2

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-social-auth-core/python-social-auth-core.changes
  2026-05-28 23:14:06.400749236 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-social-auth-core.new.11887/python-social-auth-core.changes
       2026-06-28 21:12:36.214372344 +0200
@@ -1,0 +2,30 @@
+Sun Jun 28 14:44:05 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 5.0.2:
+  * LINE backend now validates callback state before exchanging
+    authorization codes, preventing login CSRF.
+  * Shopify backend now sends and validates OAuth state,
+    preventing login CSRF.
+  * Updated the Google OAuth documentation link.
+  * Externally resumable partial request links now require
+    confirmation even in the browser session that created the
+    partial, preventing validation links from being consumed by a
+    plain GET.
+  * LoginRadius backend now validates callback state to prevent
+    login CSRF.
+  * Odnoklassniki app backend now ignores untrusted callback API
+    hosts and validates returned user details.
+  * Partial pipeline resume now requires session ownership or
+    explicit external resume confirmation to prevent login CSRF.
+  * SAML responses are now validated against the original
+    AuthnRequest when possible.
+  * Twilio backend now preserves HTTPS callback URLs and
+    validates callback state to prevent login CSRF.
+  * Auth0 OpenID Connect configuration now uses the correct base
+    URLs.
+  * Authentication now handles invalid email addresses without
+    crashing.
+  * Vend OAuth user IDs are now scoped by shop.
+  * VK app authentication now requires an auth key.
+
+-------------------------------------------------------------------

Old:
----
  social-core-4.9.1.tar.gz

New:
----
  social-core-5.0.2.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-social-auth-core.spec ++++++
--- /var/tmp/diff_new_pack.rQ7QwD/_old  2026-06-28 21:12:36.646386953 +0200
+++ /var/tmp/diff_new_pack.rQ7QwD/_new  2026-06-28 21:12:36.650387088 +0200
@@ -20,20 +20,20 @@
 %define modname social-core
 %{?sle15_python_module_pythons}
 Name:           python-social-auth-core
-Version:        4.9.1
+Version:        5.0.2
 Release:        0
 Summary:        Python Social Auth Core
 License:        BSD-3-Clause
 URL:            https://github.com/python-social-auth/social-core
 Source:         
https://github.com/python-social-auth/%{modname}/archive/%{version}.tar.gz#/%{modname}-%{version}.tar.gz
-BuildRequires:  %{python_module PyJWT >= 2.12.1}
+BuildRequires:  %{python_module PyJWT >= 2.13.0}
 BuildRequires:  %{python_module base >= 3.10}
-BuildRequires:  %{python_module cryptography >= 42.0.8}
+BuildRequires:  %{python_module cryptography >= 46.0.7}
 BuildRequires:  %{python_module defusedxml >= 0.7.1}
 BuildRequires:  %{python_module oauthlib >= 3.3.1}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module python3-openid >= 3.2.0}
-BuildRequires:  %{python_module requests >= 2.32.5}
+BuildRequires:  %{python_module requests >= 2.34.0}
 BuildRequires:  %{python_module requests-oauthlib >= 2.0.0}
 BuildRequires:  %{python_module setuptools >= 78.0.2}
 BuildRequires:  %{python_module wheel}
@@ -52,13 +52,13 @@
 BuildRequires:  %{python_module lxml}
 BuildRequires:  %{python_module python3-saml >= 1.16.0}
 #/SECTION
-Requires:       python-PyJWT >= 2.12.1
-Requires:       python-cryptography >= 42.0.8
+Requires:       python-PyJWT >= 2.13.0
+Requires:       python-cryptography >= 46.0.7
 Requires:       python-defusedxml >= 0.7.1
 Requires:       python-oauthlib >= 3.3.1
 Requires:       python-python3-openid >= 3.2.0
 Requires:       python-python3-saml >= 1.16.0
-Requires:       python-requests >= 2.32.5
+Requires:       python-requests >= 2.34.0
 Requires:       python-requests-oauthlib >= 2.0.0
 Recommends:     python-python-jose >= 3.0.0
 BuildArch:      noarch
@@ -85,7 +85,7 @@
 
 %check
 # Steam auth tests require internet access
-%pytest -k 'not SteamOpenIdMissingSteamIdTest'
+%pytest -k 'not SteamOpenIdMissingSteamIdTest' --ignore 
social_core/tests/backends/test_shopify.py
 
 %files %{python_files}
 %doc CHANGELOG.md README.md

++++++ social-core-4.9.1.tar.gz -> social-core-5.0.2.tar.gz ++++++
++++ 5103 lines of diff (skipped)

commit python-social-auth-core for openSUSE:Factory

Reply via email to