CVS commit: pkgsrc/www/py-flask-security

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/py-flask-security
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Thu, 8 Jan 2026 10:11:03 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu Jan  8 10:11:03 UTC 2026

Modified Files:
        pkgsrc/www/py-flask-security: Makefile PLIST distinfo

Log Message:
py-flask-security: updated to 5.7.1

Version 5.7.1

Fixes

- (:issue:`1147`) Regression when updating hash algorithm from bcrypt (willcroft)

Version 5.7.0

This release contains a set of small backward incompatible changes. Please read these notes carefully.

Features & Improvements

- (:pr:`1132`) Add Arabic translations (samialfattani)
- (:issue:`1123`) Enable forgot-password workflow for authenticated users.

Fixes

- (:pr:`1115`) Fix broken link in docs and improve docstrings/typing for util classes.
- (:issue:`1127`) Add nonce to script tags if configured to support nonce-based Content-Security-Policy (ahanak).
- (:issue:`1133`) Remove unnecessary (optional) dependency on sqlalchemy_utils.
- (:pr:`1140`) Fix localization of tf_select choices.
- (:pr:`1143`) Support bcrypt 5.0 - See below for important compatibility concerns.
   This also replaces passlib with libpass for all versions.

Docs and Chores

- (:pr:`1144`) Update ES and IT translations (gissimo)
- (:pr:`1106`) Drop support for Python 3.9. This removes the dependency on importlib_resources,
   updates pypy to 3.10, and uses 3.12 as base python for tests/tox.
- (:pr:`1112`) Flip :py:data:`SECURITY_USE_REGISTER_V2` default to ``True``.
- (:pr:`1117`) Flip default mail package back to Flask-Mail (from Flask-Mailman).
- (:issue:`1139`) Change external facing terminology from 'WebAuthn Credential' to 'passkey'.
- (:pr:`1142`) Setting of xx_util_cls from kwargs which was deprecated in 5.6.1 has been removed.
   The BACKWARDS_COMPAT_UNAUTHN option (code) which has been deprecated since 5.4 has been removed.

Backwards Compatibility Concerns

 - Flask-Security now depends on ``libpass`` (https://pypi.org/project/libpass/) for all versions. Be sure to UNINSTALL
   passlib, ensure the passlib directory is empty and then install libpass - we have seen reports when both are installed -
   it doesn't work!

   In bcrypt 5.0 they started throwing a ValueError for passwords/secrets longer than 72 bytes. It is important to know that by default
   Flask-Security performs a double hash - taking the secret, using HMAC(SHA512) then b64encodng the result. This means that ANY password
   will be longer than 72 bytes (86 to be exact). In the past bcrypt would silently truncate the input - now we have to do that explicitly.
   OWASP says truncation concerns are negligible: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#input-limits-of-bcrypt

 - The default RegisterForm is now the new RegisterFormV2 - Please read :ref:`register_form_migration`.
   Flask-Security will emit a DeprecationWarning if the :py:data:`SECURITY_USE_REGISTER_V2` is set to False.

 - In 5.0 we changed the default mailer package to Flask-Mailman since Flask-Mail was no longer supported.
   Flask-Mail is again supported and is part of Pallets-Eco. Both packages are still supported based on which one
   an application initializes. The only backwards compatibility concern is that if you use the setup extras 'common',
   it will install Flask-Mail rather than Flask-Mailman.

 - In the optional dependencies 'fsqla' we removed sqlalchemy_utils - while many applications might want these useful
   add-ons - they aren't required for standard SQLAlchemy use.


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/py-flask-security/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/py-flask-security/PLIST
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/py-flask-security/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-flask-security/Makefile
diff -u pkgsrc/www/py-flask-security/Makefile:1.23 pkgsrc/www/py-flask-security/Makefile:1.24
--- pkgsrc/www/py-flask-security/Makefile:1.23  Sat Apr 12 07:08:22 2025
+++ pkgsrc/www/py-flask-security/Makefile       Thu Jan  8 10:11:03 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.23 2025/04/12 07:08:22 adam Exp $
+# $NetBSD: Makefile,v 1.24 2026/01/08 10:11:03 adam Exp $
 
-DISTNAME=      flask_security-5.6.1
+DISTNAME=      flask_security-5.7.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME:S/_/-/}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=F/Flask-Security/}
@@ -12,13 +12,12 @@ LICENSE=    mit
 
 TOOL_DEPENDS+= ${PYPKGPREFIX}-flit_core>=3.11:../../devel/py-flit_core
 DEPENDS+=      ${PYPKGPREFIX}-email_validator>=2.0.0:../../mail/py-email_validator
-DEPENDS+=      ${PYPKGPREFIX}-flask>=3.0.0:../../www/py-flask
+DEPENDS+=      ${PYPKGPREFIX}-flask>=3.1.0:../../www/py-flask
 DEPENDS+=      ${PYPKGPREFIX}-flask-login>=0.6.3:../../www/py-flask-login
 DEPENDS+=      ${PYPKGPREFIX}-flask-principal>=0.4.0:../../www/py-flask-principal
 DEPENDS+=      ${PYPKGPREFIX}-flask-wtf>=1.1.2:../../www/py-flask-wtf
-DEPENDS+=      ${PYPKGPREFIX}-importlib-resources>=5.10.0:../../devel/py-importlib-resources
 DEPENDS+=      ${PYPKGPREFIX}-markupsafe>=2.1.0:../../textproc/py-markupsafe
-DEPENDS+=      ${PYPKGPREFIX}-passlib>=1.7.4:../../security/py-passlib
+DEPENDS+=      ${PYPKGPREFIX}-passlib>=1.9.3:../../security/py-passlib
 DEPENDS+=      ${PYPKGPREFIX}-wtforms>=3.0.0:../../www/py-wtforms
 
 USE_LANGUAGES= # none

Index: pkgsrc/www/py-flask-security/PLIST
diff -u pkgsrc/www/py-flask-security/PLIST:1.6 pkgsrc/www/py-flask-security/PLIST:1.7
--- pkgsrc/www/py-flask-security/PLIST:1.6      Sun Feb 23 20:55:13 2025
+++ pkgsrc/www/py-flask-security/PLIST  Thu Jan  8 10:11:03 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2025/02/23 20:55:13 wiz Exp $
+@comment $NetBSD: PLIST,v 1.7 2026/01/08 10:11:03 adam Exp $
 ${PYSITELIB}/${WHEEL_INFODIR}/METADATA
 ${PYSITELIB}/${WHEEL_INFODIR}/RECORD
 ${PYSITELIB}/${WHEEL_INFODIR}/WHEEL
@@ -155,6 +155,8 @@ ${PYSITELIB}/flask_security/totp.pyc
 ${PYSITELIB}/flask_security/totp.pyo
 ${PYSITELIB}/flask_security/translations/af_ZA/LC_MESSAGES/flask_security.mo
 ${PYSITELIB}/flask_security/translations/af_ZA/LC_MESSAGES/flask_security.po
+${PYSITELIB}/flask_security/translations/ar_SA/LC_MESSAGES/flask_security.mo
+${PYSITELIB}/flask_security/translations/ar_SA/LC_MESSAGES/flask_security.po
 ${PYSITELIB}/flask_security/translations/ca_ES/LC_MESSAGES/flask_security.mo
 ${PYSITELIB}/flask_security/translations/ca_ES/LC_MESSAGES/flask_security.po
 ${PYSITELIB}/flask_security/translations/da_DK/LC_MESSAGES/flask_security.mo

Index: pkgsrc/www/py-flask-security/distinfo
diff -u pkgsrc/www/py-flask-security/distinfo:1.16 pkgsrc/www/py-flask-security/distinfo:1.17
--- pkgsrc/www/py-flask-security/distinfo:1.16  Sat Apr 12 07:08:22 2025
+++ pkgsrc/www/py-flask-security/distinfo       Thu Jan  8 10:11:03 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.16 2025/04/12 07:08:22 adam Exp $
+$NetBSD: distinfo,v 1.17 2026/01/08 10:11:03 adam Exp $
 
-BLAKE2s (flask_security-5.6.1.tar.gz) = c5729c4d853d8327f3d0e67a887e6e9e7c741567366cc62a3f972ecb6252790f
-SHA512 (flask_security-5.6.1.tar.gz) = dbd940f7155ae19f7d642f6f0739275f99f70e490dd4d1bbcfee1b2ac7aba9b6efc5d4d5c256775a9b1c0ea1eeb0df0de8f23a1944c0c19df586c398b0056eeb
-Size (flask_security-5.6.1.tar.gz) = 694654 bytes
+BLAKE2s (flask_security-5.7.1.tar.gz) = 4743d742062e3fe11d9452f8b813e6efe8a5d9b80b1116b35b00d6f7c5f96ee8
+SHA512 (flask_security-5.7.1.tar.gz) = 7cf81d6995be7afd85e6728e29cfb6112195f08f807142447c5769bd3659a862c82b1f09f2fcb3a4a080ba20cfea9a55b3b85ac026421c0fdad456a7e97f9df5
+Size (flask_security-5.7.1.tar.gz) = 717615 bytes

Prev by Date: CVS commit: pkgsrc/security/py-passlib
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/security/py-passlib
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index