chore(deps): bump social-auth-app-django from 5.4.3 to 5.9.0

[dependabot]

Bumps social-auth-app-django from 5.4.3 to 5.9.0.

Release notes

Sourced from social-auth-app-django's releases.

5.9.0

Changed

• Added async support to SocialAuthExceptionMiddleware
• Dropped support for Django 5.1, Django 5.2 is now the minimum supported version
• Loosened the social-auth-core dependency to allow compatible 4.x releases
• Improved release automation and GitHub release asset publishing

5.8.0

Changed

• Added explicit Django 5.1, 5.2, and 6.0 package classifiers
• DjangoStrategy now lazily creates a session when initialized without a request
• Removed legacy replaces metadata from historical squashed migrations
• Updated historical unique_together migration declarations for newer Django compatibility

5.7.0

Changed

• Integrated with social_core using registry instead of monkey patching it

Donations

This project welcomes donations to make the development sustainable. The following platforms are available for funding Python Social Auth:

• GitHub Sponsors
• Open Collective

5.6.0

Changed

• Fixed possibly unsafe account association (CVE-2025-61783)
• Storage now filters for active users, you might need to customize SOCIAL_AUTH_ACTIVE_USERS_FILTER if your custom model does not have the is_active field

Added

• Django 6.0 and Python 3.14 compatibility
• Type annotations
• LoginRequiredMiddleware compatibility
• RAISE_EXCEPTIONS and LOGIN_ERROR_URL can be configured per backend

Release 5.5.1

Changed

• Fixed authentication with OpenID based services

Donations

This project welcomes donations to make the development sustainable, you can fund Python Social Auth on the following platforms:

... (truncated)

Changelog

Sourced from social-auth-app-django's changelog.

5.9.0 - 2026-04-29

Changed

• Added async support to SocialAuthExceptionMiddleware
• Dropped support for Django 5.1, Django 5.2 is now the minimum supported version
• Loosened the social-auth-core dependency to allow compatible 4.x releases
• Improved release automation and GitHub release asset publishing

5.8.0 - 2026-04-20

Changed

• Added explicit Django 5.1, 5.2, and 6.0 package classifiers
• DjangoStrategy now lazily creates a session when initialized without a request
• Removed legacy replaces metadata from historical squashed migrations
• Updated historical unique_together migration declarations for newer Django compatibility

5.7.0 - 2025-12-18

Changed

• Integrated with social_core using registry instead of monkey patching it

5.6.0 - 2025-10-09

Changed

• Fixed possibly unsafe account association (CVE-2025-61783)
• Storage now filters for active users, you might need to customize SOCIAL_AUTH_ACTIVE_USERS_FILTER if your custom model does not have the is_active field

Added

• Django 6.0 and Python 3.14 compatibility
• Type annotations
• LoginRequiredMiddleware compatibility
• RAISE_EXCEPTIONS and LOGIN_ERROR_URL can be configured per backend

5.5.1 - 2025-06-27

Changed

• Fixed authentication with OpenID based services

5.5.0 - 2025-06-27

Changed

• Dropped support for older Django versions.
• Added non-empty constraint on uid.

... (truncated)

Commits

• abbf394 chore: release 5.9.0
• 5e8f2c4 chore(deps): loosen the range of social-core dependency
• 5e3e5a0 chore: update shared files
• 43359f5 feat(middleware): add async support to SocialAuthExceptionMiddleware
• 2b71e37 chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.15.12 (#973)
• 2636e7f fix(deps): update dependency pyright to v1.1.409 (#972)
• d8e347a chrore: drop support for Django 5.1
• 1ac1095 fix(deps): update dependency mypy to v1.20.2 (#970)
• 60d286b chore: releasing 5.8.0
• f799997 chore: use tuple for unique together (#968)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)