Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-social-auth-core for
openSUSE:Factory checked in at 2026-05-04 12:53:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-social-auth-core (Old)
and /work/SRC/openSUSE:Factory/.python-social-auth-core.new.30200 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-social-auth-core"
Mon May 4 12:53:45 2026 rev:31 rq:1350487 version:4.8.7
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-social-auth-core/python-social-auth-core.changes
2026-04-01 19:52:53.846784925 +0200
+++
/work/SRC/openSUSE:Factory/.python-social-auth-core.new.30200/python-social-auth-core.changes
2026-05-04 12:56:50.965708512 +0200
@@ -1,0 +2,20 @@
+Sat Apr 25 21:43:55 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 4.8.7:
+ * OpenID Connect backends can now opt in to PKCE support
+ * PKCE defaults now match RFC 7636 requirements
+ * Tightened redirect URL validation
+ * Tightened OAuth state handling for Clever, Eventbrite,
+ GoClio, MailChimp, SurveyMonkey and Untappd backends
+ * SAML authentication now restores saved sessions only after
+ response validation
+ * `storage.UserProtocol` now supports read-only attributes for
+ better type-checker compatibility
+ * Improved type annotations and enabled mypy type checking in
+ CI
+ * `sanitize_redirect()` now handles invalid redirect values
+ that raise `ValueError`
+ * Fixed timezone handling when working with dates
+ * Require `PyJWT >= 2.12.0` to address CVE-2026-32597
+
+-------------------------------------------------------------------
Old:
----
social-core-4.8.5.tar.gz
New:
----
social-core-4.8.7.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-social-auth-core.spec ++++++
--- /var/tmp/diff_new_pack.rUyhxV/_old 2026-05-04 12:56:51.457728762 +0200
+++ /var/tmp/diff_new_pack.rUyhxV/_new 2026-05-04 12:56:51.469729256 +0200
@@ -20,13 +20,13 @@
%define modname social-core
%{?sle15_python_module_pythons}
Name: python-social-auth-core
-Version: 4.8.5
+Version: 4.8.7
Release: 0
Summary: Python Social Auth Core
License: BSD-3-Clause
URL: https://github.com/python-social-auth/social-core
Source:
https://github.com/python-social-auth/%{modname}/archive/%{version}.tar.gz#/%{modname}-%{version}.tar.gz
-BuildRequires: %{python_module PyJWT >= 2.11.0}
+BuildRequires: %{python_module PyJWT >= 2.12.1}
BuildRequires: %{python_module base >= 3.10}
BuildRequires: %{python_module cryptography >= 42.0.8}
BuildRequires: %{python_module defusedxml >= 0.7.1}
@@ -35,14 +35,14 @@
BuildRequires: %{python_module python3-openid >= 3.2.0}
BuildRequires: %{python_module requests >= 2.32.5}
BuildRequires: %{python_module requests-oauthlib >= 2.0.0}
-BuildRequires: %{python_module setuptools}
+BuildRequires: %{python_module setuptools >= 78.0.2}
BuildRequires: %{python_module wheel}
BuildRequires: ca-certificates
BuildRequires: fdupes
BuildRequires: python-rpm-macros
# SECTION test requirements
BuildRequires: %{python_module pytest}
-BuildRequires: %{python_module google-auth}
+BuildRequires: %{python_module google-auth >= 2.40.0}
BuildRequires: %{python_module pytest-cov}
BuildRequires: %{python_module responses}
BuildRequires: %{python_module typing_extensions}
@@ -52,7 +52,7 @@
BuildRequires: %{python_module lxml}
BuildRequires: %{python_module python3-saml >= 1.16.0}
#/SECTION
-Requires: python-PyJWT >= 2.11.0
+Requires: python-PyJWT >= 2.12.1
Requires: python-cryptography >= 42.0.8
Requires: python-defusedxml >= 0.7.1
Requires: python-oauthlib >= 3.3.1
++++++ social-core-4.8.5.tar.gz -> social-core-4.8.7.tar.gz ++++++
++++ 2830 lines of diff (skipped)
