Bump django-allauth from 0.63.3 to 0.63.4 #1657

dependabot · 2024-07-11T01:33:01Z

Bumps django-allauth from 0.63.3 to 0.63.4.

Changelog

Sourced from django-allauth's changelog.

0.63.4 (2024-07-10)

Security notice

The __str__() method of the SocialToken model returned the access token. As a consequence, logging or printing tokens otherwise would expose the access token. Now, the method no longer returns the token. If you want to log/print tokens, you will now have to explicitly log the token field of the SocialToken instance.

Enumeration prevention: the behavior on the outside of an actual signup versus a signup where the user already existed was not fully identical, fixed.

Commits

a41085c chore: Release 0.63.4
a671ca6 fix(account): Prevent enumeration vs messages
663c7df fix(socialaccount): Don't return access token in str
aa33e2f chore: Opening 0.63.4-dev
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [django-allauth](https://github.com/pennersr/django-allauth) from 0.63.3 to 0.63.4. - [Changelog](https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst) - [Commits](pennersr/django-allauth@0.63.3...0.63.4) --- updated-dependencies: - dependency-name: django-allauth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions

Automatic approval for minor dependency update.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 11, 2024

github-actions bot approved these changes Jul 11, 2024

View reviewed changes

github-actions bot merged commit a04d6d1 into develop Jul 11, 2024
1 of 7 checks passed

github-actions bot deleted the dependabot/pip/django-allauth-0.63.4 branch July 11, 2024 01:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump django-allauth from 0.63.3 to 0.63.4 #1657

Bump django-allauth from 0.63.3 to 0.63.4 #1657

dependabot bot commented on behalf of github Jul 11, 2024

github-actions bot left a comment

Bump django-allauth from 0.63.3 to 0.63.4 #1657

Bump django-allauth from 0.63.3 to 0.63.4 #1657

Conversation

dependabot bot commented on behalf of github Jul 11, 2024

Security notice

github-actions bot left a comment

Choose a reason for hiding this comment