Bump flask-security-too from 5.3.3 to 5.6.2

[dependabot]

Bumps flask-security-too from 5.3.3 to 5.6.2.

Release notes

Sourced from flask-security-too's releases.

Release 5.6.2

• Fix setuptool issues with Python 3.12/3.13 and passlib
• Improve welcome_existing email template (include confirmation and reset links)

Release 5.6.1

No release notes provided.

Release 5.6.0 - Flask-Security

No release notes provided.

Release 5.5.2

Fix to publish to both flask-security and flask-security-too

5.5.1

Flask-Security-Too is now part os pallets-eco and is now the official Flask-Security. This release changes docs, links, etc.

There are NO code changes.

Release 5.5.0

A small feature release including:

• a new 'change email' feature
• convert SQLalchemy access to modern select(xx).where(xx) syntax
• support for Flask-SQLAlchemy-Lite
• change default password hash to argon2
• auth tokens now support freshness checks
• drop python 3.8 support

See Changes for complete list and any backwards compatibility concerns.

Release 5.4.3

A few small fixes.

Release 5.4.2

Lost API docs - that's not good.

Release 5.4.1

Features and fixes release. As always - consult CHANGES for complete details.

Note: 5.4.0 had some logistics issues - so this is 5.4.1

Changelog

Sourced from flask-security-too's changelog.

Version 5.6.2

Released May 4, 2025

Fixes +++++

• (:issue:1032 and :issue:1096) Use libpass for python >= 3.12
• (:pr:1086) Fix FR translation test for Change Password (nickcuenca)
• (:issue:1090) Properly document context variables available in email templates.
• (:issue:1093) Add confirmation link/token and reset link/token to welcome_existing email template.

Notes +++++ Since Python 3.12 no longer contains setuptools - the old passlib failed to import. Rather than require setuptools, for Python >=3.12 we now depend on the fork libpass (https://pypi.org/project/libpass/) This is a very new package and rather than possibly cause backwards compat issues for projects not using Python >=3.12 - Flask-Security maintains the dependency on passlib for Python <3.12.

Note: you can still use passlib for 3.12 and 3.13 - you have to manually add setuptools.

Version 5.6.1

Released March 18, 2025

Fixes +++++

• (:issue:1077) Fix runtime modification of a config string (TWO_FACTOR_METHODS)
• (:issue:1078) Fix CLI user_create when model doesn't contain username
• (:issue:1076) xxx_util_cls instances should be public and documented.

Backwards Compatibility Concerns +++++++++++++++++++++++++++++++++ As part of :issue:1076 the following cleanup was done:

• The xxx_util_cls arguments are now stored in 'private' instance variables - they are never used after Flask-Security initialization and have never been documented.
• The xxx_util_cls options should only be set as part of Flask-Security construction. Setting them via init_app(kwargs) or app.config["SECURITY_XX"] has been deprecated.

Version 5.6.0

Released February 12, 2025

Features & Improvements +++++++++++++++++++++++

• (:issue:1038) Add support for 'secret_key' rotation (jamesejr)
• (:issue:980) Add support for username recovery in simple login flows (jamesejr)

... (truncated)

Commits

• 9b3185a Ready for 5.6.2
• c2ce816 Use libpass for >= 3.12 (#1098)
• 132e89d Add confirmation_link and reset_link to welcome_existing email template. (#1097)
• 18d4108 Bump actions/download-artifact in the github-actions group (#1095)
• 0fb82b3 Added phone_util.py test coverage for invalid/malformed numbers (#1094)
• c1b5771 Fix documentation on context variables available for email templates. (#1092)
• 654060c Use libpass for Python >=3.13 (#1088)
• 774173f Fix test_xlation to correctly test French locale password change flow (#1086)
• 508cdcf Bump the github-actions group with 2 updates (#1083)
• 10f2739 Ready for 5.6.1 (#1082)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.