hotfix/update-social-auth-settings

[rf2tsl]

settings update for social auth

Summary by CodeRabbit

• Chores
  • Bumped the authentication library to a newer pinned version to incorporate upstream updates; no user-facing changes expected.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 261ffe9 and 4717138.

📒 Files selected for processing (1)

• setup.cfg

🚧 Files skipped from review as they are similar to previous changes (1)

• setup.cfg

---

Walkthrough

The social-auth-app-django requirement in setup.cfg was updated from == 5.4.3 to ==5.7.0 (spacing/formatting adjusted); no other dependency or config changes.

Changes

Cohort / File(s)	Summary
Dependency bump setup.cfg	Updated social-auth-app-django version from == 5.4.3 to ==5.7.0 in [options.extras_require] (formatting adjusted).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• hotfix/update social auth #389: Also modifies setup.cfg socialauth extras (related changes to social-auth package version constraints).

Suggested reviewers

• nossila
• Hercilio1
• vitorguima

Poem

🐰 A tiny hop, a version new,
Pins unpinned, the breezes blew.
From five-point-four-three to five-point-seven,
I munch on carrots and code in heaven. 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'hotfix/update-social-auth-settings' refers to updating social auth settings, which directly aligns with the changeset that updates the social-auth-app-django dependency version in setup.cfg.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch hotfix/update-social-auth-settings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@setup.cfg`:
- Line 83: The dependency pin for social-auth-app-django currently allows any
future release (specified as "social-auth-app-django >= 5.4.3"); update that
requirement to include an upper bound to prevent silent breaking-change upgrades
(for example change to "social-auth-app-django >=5.4.3,<6" or similar) so the
package line in setup.cfg is constrained; ensure the new range matches the
project's compatibility policy (rest-social-auth uses >=5.4.3,<6) and update
only the version specifier for the social-auth-app-django entry.

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0f22708 and 261ffe9.

📒 Files selected for processing (1)

• setup.cfg

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

social-auth-app-django latest version 2025 2026

💡 Result:

As of February 25, 2026, the latest released version of social-auth-app-django is 5.7.0, published on December 18, 2025 (PyPI). [1]

Relevant recent releases:

• 5.7.0 — Dec 18, 2025 (latest) [1]
• 5.6.0 — Oct 9, 2025 (includes a security fix for CVE-2025-61783) [1][2]
• 5.5.1 — Jun 27, 2025 [1]

Install/update:

pip install -U social-auth-app-django

---

🌐 Web query:

social-auth-app-django breaking changes compatibility 5.4.3 to 6.0

💡 Result:

As of Feb 25, 2026, there is no social-auth-app-django 6.0.0 release on PyPI; the latest is 5.7.0 (Dec 18, 2025). Django 6.0 compatibility was added in social-auth-app-django 5.6.0, so you don’t need a 6.x package version to run on Django 6.0. [1][2]

Notable breaking / behavior changes from 5.4.3 → 5.7.0 (incl. Django 6.0 support)

• 5.5.0: Dropped support for older Django versions (exact versions not listed in the changelog entry) and added a non-empty constraint on uid (can require cleaning data / handling migration issues if you have blank uids). Also added stricter SameSite session-restore support. [1]
• 5.6.0: Storage now filters for active users; if your User model doesn’t have is_active, you may need to set SOCIAL_AUTH_ACTIVE_USERS_FILTER. Also includes a security fix for unsafe account association (CVE-2025-61783). [1][3]
• 5.7.0: Integration with social_core changed to use a registry instead of monkey patching, which can affect projects that relied on monkey-patching behavior or import/order side effects. [1]

Compatibility note

• Django 6.0 final was scheduled for Dec 3, 2025, and social-auth-app-django added Django 6.0 compatibility in 5.6.0. [1][4]

Sources: changelog (5.4.3–5.7.0) [1], PyPI release history [2], CVE advisory [3], Django 6.0 roadmap [4].

---

🌐 Web query:

social-auth-app-django social-auth-core rest-social-auth compatibility requirements

💡 Result:

Compatibility / requirements (current releases)

• social-auth-app-django 5.7.0 (Dec 18, 2025) requires:

  • Python ≥ 3.10
  • Django ≥ 5.1
  • social-auth-core ~= 4.8.3 (i.e., 4.8.x) [1]

• social-auth-core (4.8.x; e.g., 4.8.5 uploaded Feb 10, 2026) requires:

  • Python ≥ 3.10 [2]

• rest-social-auth (v9.x) declares compatibility/requirements:

  • Python 3.9–3.12
  • Django 4.2 / 5.0 / 5.1 / 5.2
  • djangorestframework >=3.9, <4.0
  • social-auth-core >=4.6.1, <5.0
  • social-auth-app-django >=5.4.3, <6.0 [3]

Practical “works together” set

To satisfy all constraints above with current social-auth-app-django / social-auth-core, use roughly:

• Python ≥ 3.10
• Django 5.1 or 5.2
• social-auth-core 4.8.x
• social-auth-app-django 5.7.x
• rest-social-auth 9.x [1][2][3]

(If you try Python 3.9 or Django 4.2/5.0 per rest-social-auth’s broad range, that can conflict with social-auth-app-django 5.7.0’s Django>=5.1 and social-auth-core’s Python>=3.10.) [1][2][3]

Sources: [1] [2] [3]

---

Add an upper bound to prevent silent breaking-change upgrades

At Line 83, using only >= 5.4.3 allows automatic adoption of future minor releases with breaking changes. From 5.4.3 to 5.7.0, notable changes include:

• 5.5.0: Added non-empty constraint on uid fields; may require data migration if blank uids exist
• 5.6.0: Storage now filters for active users; may require setting SOCIAL_AUTH_ACTIVE_USERS_FILTER if your User model lacks is_active
• 5.7.0: Switched to registry-based integration instead of monkey patching

Use a bounded range such as >=5.4.3,<6 (which is the same constraint rest-social-auth itself declares) to avoid unexpected compatibility issues.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@setup.cfg` at line 83, The dependency pin for social-auth-app-django
currently allows any future release (specified as "social-auth-app-django >=
5.4.3"); update that requirement to include an upper bound to prevent silent
breaking-change upgrades (for example change to "social-auth-app-django
>=5.4.3,<6" or similar) so the package line in setup.cfg is constrained; ensure
the new range matches the project's compatibility policy (rest-social-auth uses
>=5.4.3,<6) and update only the version specifier for the social-auth-app-django
entry.