Bump social-auth-app-django from 5.4.0 to 5.4.1

[dependabot]

Bumps social-auth-app-django from 5.4.0 to 5.4.1.

Release notes

Sourced from social-auth-app-django's releases.

Release 5.4.1

Changed

• Added reverse migration for JSON field
• Fixed improper handling of case sensitivity with MySQL/MariaDB (CVE-2024-32879)

Changelog

Sourced from social-auth-app-django's changelog.

5.4.1 - 2024-04-24

Changed

• Added reverse migration for JSON field
• Fixed improper handling of case sensitivity with MySQL/MariaDB (CVE-2024-32879)

Commits

• 593ee46 Version bump 5.4.1
• 31c3e0c models: make sure uid is compared case-sensitive
• 7033ff7 [pre-commit.ci] pre-commit autoupdate
• 39da389 [pre-commit.ci] pre-commit autoupdate
• 0ec1bca [pre-commit.ci] pre-commit autoupdate
• 03bce61 [pre-commit.ci] pre-commit autoupdate
• 2278da6 [pre-commit.ci] pre-commit autoupdate
• 033302c build(deps-dev): bump tox from 4.14.1 to 4.14.2
• c50bc4a [pre-commit.ci] pre-commit autoupdate
• 13e10d9 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	1 finding
Authn/Authz Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Powered by DryRun Security

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[mtesauro]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[mtesauro]

@dependabot recreate

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved