Django-allauth

*******************

Note worthy changes
-------------------

- Dropped support for EOL Python versions (3.5, 3.6).


Security notice
---------------

- Even when account enumeration prevention was turned on, it was possible for an
attacker to infer whether or not a given account exists based upon the
response time of an authentication attempt. Fixed.

*******************

Note worthy changes
-------------------

- Example base template was missing ``{% load i18n %}``, fixed.

*******************

Note worthy changes
-------------------

- You can now override the use of the ``UserTokenForm`` over at the
``PasswordResetFromKeyView`` by configuring ``ACCOUNT_FORMS["user_token"]`` to
allow the change of the password reset token generator.

- The Google API URLs are now configurable via the provider setting which
enables use-cases such as overriding the endpoint during integration tests to
talk to a mocked version of the API.

*******************

Note worthy changes
-------------------

- Officially support Django 4.1.

- New providers: OpenID Connect, Twitter (OAuth2), Wahoo, DingTalk.

- Introduced a new provider setting ``OAUTH_PKCE_ENABLED`` that enables the
PKCE-enhanced Authorization Code Flow for OAuth 2.0 providers.

- When ``ACCOUNT_PREVENT_ENUMERATION`` is turned on, enumeration is now also
prevented during signup, provided you are using mandatory email
verification. There is a new email template
(`templates/account/email/acccount_already_exists_message.txt`) that will be
used in this scenario.

- Updated URLs of Google's endpoints to the latest version; removed a redundant
``userinfo`` call.

- Fixed Pinterest provider on new api version.

*******************

Note worthy changes
-------------------

- New providers: Snapchat, Hubspot, Pocket, Clever.


Security notice
---------------

The reset password form is protected by rate limits. There is a limit per IP,
and per email. In previous versions, the latter rate limit could be bypassed by
changing the casing of the email address. Note that in that case, the former
rate limit would still kick in.

*******************

Note worthy changes
-------------------

- Fixed compatibility issue with setuptools 61.

- New providers: Drip.

- The Facebook API version now defaults to v13.0.