Skip to content

Bump django-allauth from 0.60.0 to 0.60.1

HIFIS Bot requested to merge dependabot/pip/django-allauth-0.60.1 into master

Bumps django-allauth from 0.60.0 to 0.60.1.

Changelog

Sourced from django-allauth's changelog.

0.60.1 (2024-01-15)


Fixes

  • User sessions: after changing your password in case of ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = False, the list of sessions woud be empty instead of showing your current session.

  • SAML: accessing the SLS/ACS views using a GET request would result in a crash (500).

  • SAML: the login view did not obey the SOCIALACCOUNT_LOGIN_ON_GET = False setting.

Backwards incompatible changes

  • The rate limit mechanism has received an update. Previously, when specifying e.g. "5/m" it was handled implicitly whether or not that limit was per IP, per user, or per action specific key. This has now been made explicit: "5/m/user" vs "5/m/ip" vs "5/m/key". Combinations are also supported now: "20/m/ip,5/m/key" . Additionally, the rate limit mechanism is now used throughout, including email confirmation cooldown as well as limitting failed login attempts. Therefore, the ACCOUNT_LOGIN_ATTEMPTS_LIMIT and ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN settings are deprecated. See :doc:Rate Limits <../account/rate_limits> for details.
Commits
  • 0ad6c51 chore: Release 0.60.1
  • 11a549c docs(ChangeLog): Add SAML fixes
  • befdf9b fix(usersessions): Handle LOGOUT_ON_PASSWORD_CHANGE
  • 3b65b11 fix(saml): Respect SOCIALACCOUNT_LOGIN_ON_GET
  • 0c49379 fix(saml): Handle wrong methods at acs/sls
  • 5f4b584 chore: Opening 0.60.1-dev
  • See full diff in compare view

Merge request reports

Loading