Bump flask-login from 0.4.1 to 0.6.0

[dependabot]

Bumps flask-login from 0.4.1 to 0.6.0.

Release notes

Sourced from flask-login's releases.

0.6.0

• Changes: https://github.com/maxcountryman/flask-login/blob/main/CHANGES.md#version-060

This release sets new minimum versions of Python, Flask, and Werkzeug, and fixes compatibility with the latest versions of those.

• Python >= 3.7
• Flask >= 1.0.4, this will be bumped to reflect the latest supported release (2.1) in the future
• Werkzeug >= 1.0.1, this will be bumped to reflect the latest supported release (2.1) in the future

Changelog

Sourced from flask-login's changelog.

Version 0.6.0

Released on March 30th, 2022

• Drop support for Python 2.7, 3.5, and 3.6, which have all reached the end of their official support. #594, #638
• The minimum supported version of Flask is 1.0.4, and Werkzeug is 1.0.1. However, projects are advised to use the latest versions of both. #639
• Only flash "needs_refresh_message" if value is set #464
• Modify expand_login_view to allow for subdomain and host matching for login_view #462
• Add accessors for request_loader and user_loader callback functions #472
• Change "remember_me" cookie to match Werkzeug default value #488
• Change "remember_me" cookie to HttpOnly, matching Flask session cookie #488
• Add example for using unauthorized_handler #492
• Fix assertEqual deprecation warning in pytest #518
• Fix collections deprecation warning under Python 3.8 #525
• Replace safe_str_cmp with hmac.compare_digest #585
• Document REMEMBER_COOKIE_SAMESITE config #577
• Revise setup.py to use README.md for long description #598
• Various documentation corrections #484, #482, #487, #534
• Fix from flask_login import * behavior, although note that import * is not usually a good pattern in code. #485
• UserMixin.is_authenticated will return whatever is_active returns by default. This prevents inactive users from logging in. #486, #530
• Session protection will only mark the session as not fresh if it's not already marked as such, avoiding modifying the session cookie unnecessarily. #612

Version 0.5.0

Released on February 9th, 2020

• New custom test client: flask_login.FlaskLoginClient. You can use this to write clearer automated tests. #431
• Prefix authenticated user_id, remember, and remember_seconds in Flask Session with underscores to prevent accidental usage in application code. #470
• Simplify user loading. #378
• Various documentation improvements. #393, #394, #397, #417
• Set session ID when setting next. #403
• Clear session identifier on logout. #404
• Ensure use of a safe and up-to-date version of Flask.
• Drop support of Python versions: 2.6, 3.3, 3.4 #450

Commits

• 4140969 release version 0.6.0
• 6ef9140 only set _fresh when needed (#611)
• 082badd Merge pull request #649 from maxcountryman/style-tools
• 37df529 instruct git and github to ignore initial style commits
• 03a89e0 add pre-commit config
• 4323549 remove module docstring stubs
• 74db3c9 remove trailing spaces
• 064fab3 add flake8 config and fix findings
• ed14237 apply black formatting
• 3791663 apply reorder_python_imports
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #50.