Skip to content

Bump flask-security from 1.7.5 to 5.8.1#16

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/flask-security-5.8.1
Open

Bump flask-security from 1.7.5 to 5.8.1#16
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/flask-security-5.8.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps flask-security from 1.7.5 to 5.8.1.

Release notes

Sourced from flask-security's releases.

Release 5.8.1

No release notes provided.

Release 5.8.0

No release notes provided.

Release 5.7.1

This release contains a single fix for a regression in password automatic algorithm upgrade. See #1147

Release 5.7.0

No release notes provided.

Release 5.6.2

  • Fix setuptool issues with Python 3.12/3.13 and passlib
  • Improve welcome_existing email template (include confirmation and reset links)

Release 5.6.1

No release notes provided.

Release 5.6.0 - Flask-Security

No release notes provided.

Release 5.5.2

Fix to publish to both flask-security and flask-security-too

5.5.1

Flask-Security-Too is now part os pallets-eco and is now the official Flask-Security. This release changes docs, links, etc.

There are NO code changes.

Release 5.5.0

A small feature release including:

  • a new 'change email' feature
  • convert SQLalchemy access to modern select(xx).where(xx) syntax
  • support for Flask-SQLAlchemy-Lite
  • change default password hash to argon2
  • auth tokens now support freshness checks
  • drop python 3.8 support

See Changes for complete list and any backwards compatibility concerns.

Release 5.4.3

A few small fixes.

Release 5.4.2

Lost API docs - that's not good.

Release 5.4.1

... (truncated)

Changelog

Sourced from flask-security's changelog.

Version 5.8.1

Released May 21, 2026

Fixes +++++

Version 5.8.0

Released April 15, 2026

Features & Improvements +++++++++++++++++++++++

  • (:pr:1170) Add API :py:meth:.UserMixin.check_tf_required to allow applications to control which users require two-factor authentication.
  • (:issue:1178) Add Cache-Control headers.
  • (:issue:1165) Add support for using Social Login (OAuth) for verification.
  • (:issue:1188) Add tracking of failed authentication attempts via :py:meth:.UserMixin.track_failed_authn and signal :py:data:user_failed_authn
  • (:issue:1192) Add API for application to decide if a particular user account is locked.

Fixes +++++

  • (:issue:1179) Fix verify_password for bcrypt 5.0 (mephi42)
  • (:issue:1200) Fix username_recovery w.r.t. inactive and non-confirmed users
  • (:issue:1189) Return additional fields for JSON responses with QR codes

Docs and Chores +++++++++++++++

  • (:pr:1150) Update de_DE translations (swaeberle)
  • (:pr:1151) Update ca_ES translations (arielvb)
  • (:pr:1152) Update es_ES translations (arielvb)
  • (:pr:1196) Update arabic translations (samialfattani)
  • (:pr:1199) Update it_IT translations (gissimo)
  • (:pr:1185) Change external facing terminology from 'Social OAuth' to 'Social Login'.

Version 5.7.1

Released November 23, 2025

Fixes +++++

  • (:issue:1147) Regression when updating hash algorithm from bcrypt (willcroft)

Version 5.7.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [flask-security](https://github.com/pallets-eco/flask-security) from 1.7.5 to 5.8.1.
- [Release notes](https://github.com/pallets-eco/flask-security/releases)
- [Changelog](https://github.com/pallets-eco/flask-security/blob/main/CHANGES.rst)
- [Commits](pallets-eco/flask-security@1.7.5...5.8.1)

---
updated-dependencies:
- dependency-name: flask-security
  dependency-version: 5.8.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants