Bump sorcery from 0.9.1 to 0.15.0

[dependabot]

Bumps sorcery from 0.9.1 to 0.15.0.

Release notes

Sourced from sorcery's releases.

v0.15.0

• Fix brute force vuln due to callbacks no being ran #235
• Revert on_load change due to breaking existing applications #234
• Add forget_me! and force_forget_me! test cases #216
• In generic_send_email, check responds_to #211
• Fix typo #219
• Fix deprecation warnings in Rails 6 #209
• Add ruby 2.6.5 to the travis build #215
• Add discord provider #185
• Remove MySQL database creation call #214
• Use id instead of uid for VK provider #199
• Don't :return_t JSON requests after login #197
• Fix email scope for LinkedIn Provider #191
• Ignore cookies when undefined cookies #187
• Allow for custom providers with multi-word class names. #190

v0.13.0

• Add support for Rails 5.2 / Ruby 2.5 #129
• Fix migration files not being generated #128
• Add support for ActionController::API #133, #150, #159
• Update activation email to use after_commit callback #130
• Add opt-in invalidate_active_sessions! method #110
• Pass along remember_me to #auto_login #136
• Respect SessionTimeout on login via RememberMe #102
• Added demodulize on authentication class name association name fetch #147
• Remove Gemnasium badge #140
• Add Instragram provider #51
• Remove publish_actions permission for facebook #139
• Prepare for 1.0.0 #157
• Add Auth0 provider #160

v0.12.0

• Fix magic_login not inheriting from migration_class_name #99
• Update YARD dependency #100
• Make #update_attributes behave like #update #98
• Add tests to the magic login submodule #95
• Set user.stretches to 1 in test env by default #81
• Allow user to be loaded from other source when session expires. fix #89 #94
• Added a new ArgumentError for not defined user_class in config #82
• Updated Required Ruby version to 2.2 #85
• Add configuration for token randomness #67
• Add facebook user_info_path option to initializer.rb #63
• Add new function: build_from (allows building a user instance from OAuth without saving) #54
• Add rubocop configuration and TODO list #107
• Add support for VK OAuth (thanks to @Hirurg103) #109
• Fix token leak via referrer header #56
• Add login_user helper for request specs #57

0.11.0

• Refer to User before calling remove_const to avoid NameError #58

... (truncated)

Changelog

Sourced from sorcery's changelog.

0.15.0

• Fix brute force vuln due to callbacks no being ran #235
• Revert on_load change due to breaking existing applications #234
• Add forget_me! and force_forget_me! test cases #216
• In generic_send_email, check responds_to #211
• Fix typo #219
• Fix deprecation warnings in Rails 6 #209
• Add ruby 2.6.5 to the travis build #215
• Add discord provider #185
• Remove MySQL database creation call #214
• Use id instead of uid for VK provider #199
• Don't :return_t JSON requests after login #197
• Fix email scope for LinkedIn Provider #191
• Ignore cookies when undefined cookies #187
• Allow for custom providers with multi-word class names. #190

0.14.0

• Update LinkedIn to use OAuth 2 #189
• Support the LINE login auth #80
• Allow BCrypt to have app-specific secret token #173
• Add #change_password method to reset_password module. #165
• Clean up initializer comments #153
• Allow load_from_magic_login_token to accept a block #152
• Fix CipherError class name #142
• Fix update_failed_logins_count being called twice when login failed #163
• Update migration templates to use new hash syntax #170
• Support for Rails 4.2 and lower soft-dropped #171

0.13.0

• Add support for Rails 5.2 / Ruby 2.5 #129
• Fix migration files not being generated #128
• Add support for ActionController::API #133, #150, #159
• Update activation email to use after_commit callback #130
• Add opt-in invalidate_active_sessions! method #110
• Pass along remember_me to #auto_login #136
• Respect SessionTimeout on login via RememberMe #102
• Added demodulize on authentication class name association name fetch #147
• Remove Gemnasium badge #140
• Add Instragram provider #51
• Remove publish_actions permission for facebook #139
• Prepare for 1.0.0 #157
• Add Auth0 provider #160

0.12.0

• Fix magic_login not inheriting from migration_class_name #99
• Update YARD dependency #100

... (truncated)

Commits

• e81c64c Release 0.15.0
• eee5653 Add recent changes to changelog
• 0f116d2 Fix brute force vuln due to callbacks not being ran (#235)
• 6b72ca3 Revert on_load change due to breaking existing applications (#234)
• c30cefa Add forget_me! and force_forget_me! test cases (#216)
• f87d14e In generic_send_email, check if mail object responds to delivery method ins...
• 16bb809 Fix typo (#219)
• 26dd64b Fix deprecation warnings in Rails 6 (#209)
• a973ae4 Add ruby 2.6.5 to the travis build (#215)
• dd03140 Add discord provider (#185)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.