Bump flask-security-too from 5.3.3 to 5.5.2

[dependabot]

Bumps flask-security-too from 5.3.3 to 5.5.2.

Release notes

Sourced from flask-security-too's releases.

Release 5.5.2

Fix to publish to both flask-security and flask-security-too

5.5.1

Flask-Security-Too is now part os pallets-eco and is now the official Flask-Security. This release changes docs, links, etc.

There are NO code changes.

Release 5.5.0

A small feature release including:

• a new 'change email' feature
• convert SQLalchemy access to modern select(xx).where(xx) syntax
• support for Flask-SQLAlchemy-Lite
• change default password hash to argon2
• auth tokens now support freshness checks
• drop python 3.8 support

See Changes for complete list and any backwards compatibility concerns.

Release 5.4.3

A few small fixes.

Release 5.4.2

Lost API docs - that's not good.

Release 5.4.1

Features and fixes release. As always - consult CHANGES for complete details.

Note: 5.4.0 had some logistics issues - so this is 5.4.1

Changelog

Sourced from flask-security-too's changelog.

Version 5.5.2

Released August 5, 2024

More attempts to upload to pypi both flask-security and flask-security-too. No code changes - however the build manifest changed so the source distribution contents might be slightly different.

Docs and Chores +++++++++++++++

• (:pr:1019) Separate publish workflows for each pypi package

Version 5.5.1

Released August 1, 2024

I am pleased to announce that Flask-Security-Too is now part of pallets-eco and has returned to be released as 'Flask-Security'. For the foreseeable future, we will publish the same release to both Flask-Security and Flask-Security-Too on PyPI.

There are no code changes.

Docs and Chores +++++++++++++++

• (:pr:1015) Convert docs, links, badges, etc to pallets-eco

Version 5.5.0

Released July 24, 2024

Features & Improvements +++++++++++++++++++++++

• (:issue:956) Add support for changing registered user's email (:py:data:SECURITY_CHANGE_EMAIL).
• (:issue:944) Change default password hash to argon2 (was bcrypt). See below for details.
• (:pr:990) Add freshness capability to auth tokens (enables /us-setup to function w/ just auth tokens).
• (:pr:991) Add support to /tf-setup to not require sessions (use a state token).
• (:issue:994) Add support for Flask-SQLAlchemy-Lite - including new all-inclusive models that conform to sqlalchemy latest best-practice (type-annotated).
• (:pr:1007) Convert other sqlalchemy-based datastores from legacy 'model.query' to best-practice 'select'
• (:issue:983) Allow applications more flexibility defining allowable redirects.

Fixes +++++

• (:pr:972) Set :py:data:SECURITY_CSRF_COOKIE at beginning (GET /login) of authentication ritual - just as we return the CSRF token. (thanks @​e-goto)
• (:issue:973) login and unified sign in should handle GET for authenticated user consistently.
• (:pr:995) Don't show sms options if not defined in US_ENABLED_METHODS. (fredipevcin)

... (truncated)

Commits

• 0f5ba0e Ready for 5.5.2
• 77982fc Build 2 different packages (#1019)
• 726327c Release 5.5.1 (#1017)
• fe222a1 Convert publishing workflow to pallets-eco (#1016)
• 3755a44 Update to new home - pallets-eco (#1015)
• 49a7429 codecov trying to get working again (#1014)
• a024bf3 Bump the github-actions group with 3 updates (#1013)
• 83fe995 Ready for 5.5.0 (#1012)
• 26e6325 Allow more flexibility in allowed redirect targets. (#1011)
• 8970b35 Change DEPRECATED_HASHING_SCHEMES to "auto". (#1009)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.