Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-Flask-Security for 
openSUSE:Factory checked in at 2026-07-01 16:54:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Flask-Security (Old)
 and      /work/SRC/openSUSE:Factory/.python-Flask-Security.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-Flask-Security"

Wed Jul  1 16:54:20 2026 rev:4 rq:1362908 version:5.8.1

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-Flask-Security/python-Flask-Security.changes  
    2025-04-10 21:58:51.567625503 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-Flask-Security.new.11887/python-Flask-Security.changes
   2026-07-01 16:54:39.526599500 +0200
@@ -1,0 +2,136 @@
+Wed Jul  1 08:20:54 UTC 2026 - Daniel Garcia <[email protected]>
+
+- Drop ignore-resourcewarning.patch, not nedded anymore
+
+-------------------------------------------------------------------
+Fri Jun 26 13:02:55 UTC 2026 - Antonio Larrosa <[email protected]>
+
+- Update to 5.8.1:
+  ## Fixes
+  * 1222: Fix for GHSA-w2j7-f3c6-g8cw - Possible open-redirect
+    with ALLOW_SUBDOMAIN option.
+  * 1215: Fix for GHSA-97r5-pg8x-p63p - possible oauth bypass in
+    /verify
+
+- Update to 5.8.0:
+  ## Features & Improvements
+  * 1170: Add API :py:meth:`.UserMixin.check_tf_required` to allow
+    applications to control which users require two-factor
+    authentication.
+  * 1178: Add Cache-Control headers.
+  * 1165: Add support for using Social Login (OAuth) for
+    verification.
+  * 1188: Add tracking of failed authentication attempts via
+    :py:meth:`.UserMixin.track_failed_authn` and signal
+    :py:data:`user_failed_authn`
+  * 1192: Add API for application to decide if a particular user
+    account is locked.
+  ## Fixes
+  * 1179: Fix verify_password for bcrypt 5.0 (mephi42)
+  * 1200: Fix username_recovery w.r.t. inactive and non-confirmed
+    users
+  * 1189: Return additional fields for JSON responses with QR codes
+  ## Docs and Chores
+  * 1150: Update de_DE translations (swaeberle)
+  * 1151: Update ca_ES translations (arielvb)
+  * 1152: Update es_ES translations (arielvb)
+  * 1196: Update arabic translations (samialfattani)
+  * 1199: Update it_IT translations (gissimo)
+  * 1185: Change external facing terminology from 'Social OAuth' to
+    'Social Login'.
+
+- Update to 5.7.1:
+  ## Fixes
+  * #1147: Regression when updating hash algorithm from bcrypt
+    (willcroft)
+
+- Update to 5.7.0:
+  * This release contains a set of small backward incompatible
+    changes. Please read these notes carefully.
+  ## Features & Improvements
+  * #1132: Add Arabic translations (samialfattani)
+  * #1123: Enable forgot-password workflow for authenticated users.
+  ## Fixes
+  * #1115: Fix broken link in docs and improve docstrings/typing
+    for util classes.
+  * #1127: Add nonce to script tags if configured to support
+    nonce-based Content-Security-Policy (ahanak).
+  * #1133: Remove unnecessary (optional) dependency on
+    sqlalchemy_utils.
+  * #1140: Fix localization of tf_select choices.
+  * #1143: Support bcrypt 5.0 - See below for important
+    compatibility concerns.  This also replaces passlib with
+    libpass for all versions.
+  ## Docs and Chores
+  * #1144: Update ES and IT translations (gissimo)
+
+  * #1106: Drop support for Python 3.9. This removes the dependency
+    on importlib_resources, updates pypy to 3.10, and uses 3.12 as
+    base python for tests/tox.
+
+  * #1112: Flip :py:data:`SECURITY_USE_REGISTER_V2` default to
+    True.
+  * #1117: Flip default mail package back to Flask-Mail (from
+    Flask-Mailman).
+  * #1139: Change external facing terminology from 'WebAuthn
+    Credential' to 'passkey'.
+  * #1142: Setting of xx_util_cls from kwargs which was deprecated
+    in 5.6.1 has been removed. The BACKWARDS_COMPAT_UNAUTHN option
+     (code) which has been deprecated since 5.4 has been removed.
+  ## Backwards Compatibility Concerns
+  * Flask-Security now depends on libpass
+    (https://pypi.org/project/libpass/) for all versions. Be sure
+    to UNINSTALL passlib, ensure the passlib directory is empty and
+    then install libpass - we have seen reports when both are
+    installed - it doesn't work!
+
+  * In bcrypt 5.0 they started throwing a ValueError for
+    passwords/secrets longer than 72 bytes. It is important to know
+    that by default Flask-Security performs a double hash - taking
+    the secret, using HMAC(SHA512) then b64encodng the result. This
+    means that ANY password will be longer than 72 bytes (86 to be
+    exact). In the past bcrypt would silently truncate the input -
+    now we have to do that explicitly. OWASP says truncation
+    concerns are negligible:
+    
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#input-limits-of-bcrypt
+
+  * The default RegisterForm is now the new RegisterFormV2 - Please
+    read :ref:`register_form_migration`. Flask-Security will emit a
+    DeprecationWarning if the :py:data:`SECURITY_USE_REGISTER_V2`
+    is set to False.
+
+  * In 5.0 we changed the default mailer package to Flask-Mailman
+    since Flask-Mail was no longer supported. Flask-Mail is again
+    supported and is part of Pallets-Eco. Both packages are still
+    supported based on which one an application initializes. The
+    only backwards compatibility concern is that if you use the
+    setup extras 'common', it will install Flask-Mail rather than
+    Flask-Mailman.
+
+  * In the optional dependencies 'fsqla' we removed
+    sqlalchemy_utils - while many applications might want these
+    useful add-ons - they aren't required for standard SQLAlchemy
+    use.
+
+- Update to 5.6.2:
+  ## Fixes
+  * #1032 and #1096: Use libpass for python >= 3.12
+  * #1086: Fix FR translation test for Change Password (nickcuenca)
+  * #1090: Properly document context variables available in email
+    templates.
+  * #1093: Add confirmation link/token and reset link/token to
+     welcome_existing email template.
+  ## Notes
+  * Since Python 3.12 no longer contains setuptools - the old
+    passlib failed to import. Rather than require setuptools,
+    for Python >=3.12 we now depend on the fork libpass
+    (https://pypi.org/project/libpass/) This is a very new package
+    and rather than possibly cause backwards compat issues for
+    projects not using Python >=3.12 - Flask-Security maintains the
+    dependency on passlib for Python <3.12.
+  * Note: you can still use passlib for 3.12 and 3.13 - you have to
+    manually add setuptools.
+
+- Rebase ignore-resourcewarning.patch
+
+-------------------------------------------------------------------

Old:
----
  flask_security-5.6.1.tar.gz
  ignore-resourcewarning.patch

New:
----
  flask_security-5.8.1.tar.gz

----------(Old B)----------
  Old:
- Drop ignore-resourcewarning.patch, not nedded anymore
----------(Old E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-Flask-Security.spec ++++++
--- /var/tmp/diff_new_pack.AOfnYn/_old  2026-07-01 16:54:40.130620342 +0200
+++ /var/tmp/diff_new_pack.AOfnYn/_new  2026-07-01 16:54:40.130620342 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package python-Flask-Security
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-Flask-Security
-Version:        5.6.1
+Version:        5.8.1
 Release:        0
 Summary:        Quickly add security features to your Flask application
 License:        MIT
@@ -26,52 +26,49 @@
 Source:         
https://files.pythonhosted.org/packages/source/F/Flask-Security/flask_security-%{version}.tar.gz
 # PATCH-FIX-OPENSUSE Do not require mongodb during testing
 Patch0:         no-mongodb.patch
-# PATCH-FIX-OPENSUSE Ignore ResourceWarning during the testsuite
-Patch1:         ignore-resourcewarning.patch
 BuildRequires:  %{python_module Authlib}
-BuildRequires:  %{python_module Babel >= 2.10.0}
-BuildRequires:  %{python_module Flask >= 2.3.2}
+BuildRequires:  %{python_module Babel >= 2.16.0}
+BuildRequires:  %{python_module Flask >= 3.1.1}
 BuildRequires:  %{python_module Flask-Babel >= 4}
-BuildRequires:  %{python_module Flask-Login >= 0.6.2}
-BuildRequires:  %{python_module Flask-Mailman >= 0.3.0}
+BuildRequires:  %{python_module Flask-Login >= 0.6.3}
+BuildRequires:  %{python_module Flask-Mail >= 0.10.0}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
-BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.3}
-BuildRequires:  %{python_module Flask-WTF >= 1.1.1}
-BuildRequires:  %{python_module MarkupSafe >= 2.1.0}
-BuildRequires:  %{python_module SQLAlchemy}
+BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.1.1}
+BuildRequires:  %{python_module Flask-WTF >= 1.1.2}
+BuildRequires:  %{python_module MarkupSafe >= 2.1.2}
+BuildRequires:  %{python_module SQLAlchemy >= 2.0.41}
+BuildRequires:  %{python_module WTForms >= 3.0.0}
 BuildRequires:  %{python_module WTForms-lang}
-BuildRequires:  %{python_module WTForms}
 BuildRequires:  %{python_module argon2_cffi >= 21.3.0}
 BuildRequires:  %{python_module bcrypt >= 4.0.1}
 BuildRequires:  %{python_module bleach >= 6.0.0}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
-BuildRequires:  %{python_module cryptography >= 40.0.2}
+BuildRequires:  %{python_module cryptography >= 45.0.7}
 BuildRequires:  %{python_module dateutil}
-BuildRequires:  %{python_module email-validator >= 2.0}
+BuildRequires:  %{python_module email-validator >= 2.3.0}
 BuildRequires:  %{python_module flit-core}
 BuildRequires:  %{python_module freezegun}
-BuildRequires:  %{python_module passlib >= 1.7.4}
-BuildRequires:  %{python_module peewee >= 3.16.2}
-BuildRequires:  %{python_module phonenumbers}
+BuildRequires:  %{python_module libpass >= 1.9.3}
+BuildRequires:  %{python_module peewee >= 3.17.9}
+BuildRequires:  %{python_module phonenumberslite >= 8.13.11}
 BuildRequires:  %{python_module pip}
-BuildRequires:  %{python_module pony if %python-base < 3.11}
 BuildRequires:  %{python_module pytest >= 6.2.5}
 BuildRequires:  %{python_module qrcode >= 7.4.2}
 BuildRequires:  %{python_module requests}
 BuildRequires:  %{python_module zxcvbn >= 4.4.28}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-Flask >= 2.3.2
-Requires:       python-Flask-Login >= 0.6.2
+Requires:       python-Flask >= 3.1.1
+Requires:       python-Flask-Login >= 0.6.3
 Requires:       python-Flask-Principal >= 0.4.0
-Requires:       python-Flask-WTF >= 1.1.1
-Requires:       python-MarkupSafe >= 2.1.0
+Requires:       python-Flask-WTF >= 1.1.2
+Requires:       python-MarkupSafe >= 2.1.2
 Requires:       python-WTForms >= 3.0.0
 Requires:       python-bcrypt >= 4.0.1
 Requires:       python-bleach >= 6.0.0
 Requires:       python-cryptography >= 40.0.2
-Requires:       python-email-validator >= 2.0
-Requires:       python-passlib >= 1.7.4
+Requires:       python-email-validator >= 2.3.0
+Requires:       python-libpass >= 1.9.3
 Recommends:     python-Flask-Babel >= 4
 Recommends:     python-SQLAlchemy
 Recommends:     python-qrcode >= 7.4.2

++++++ flask_security-5.6.1.tar.gz -> flask_security-5.8.1.tar.gz ++++++
++++ 35132 lines of diff (skipped)

Reply via email to