grlc
grlc copied to clipboard
CLARIAH
Bump flask-cors from 4.0.0 to 5.0.0
Bumps flask-cors from 4.0.0 to 5.0.0.
Release notes
Sourced from flask-cors's releases.
5.0.0
What's Changed
- Breaking: Change default to disable private network access by
@corydolphinin corydolphin/flask-cors#368 This effectively resolves https://github.com/advisories/GHSA-hxwh-jpp2-84pm https://osv.dev/vulnerability/PYSEC-2024-71Full Changelog: https://github.com/corydolphin/flask-cors/compare/4.0.2...5.0.0
4.0.2
What's Changed
- Bump requests from 2.31.0 to 2.32.0 in /docs by
@dependabotin corydolphin/flask-cors#358- Backwards Compatible Fix for CVE-2024-6221 by
@adrianoselain corydolphin/flask-cors#363- Add unit tests for Private-Network by
@corydolphinin corydolphin/flask-cors#367New Contributors
@dependabotmade their first contribution in corydolphin/flask-cors#358@adrianoselamade their first contribution in corydolphin/flask-cors#363Full Changelog: https://github.com/corydolphin/flask-cors/compare/4.0.1...4.0.2
4.0.1
What's Changed
- Fix Read the Docs builds by
@kurtmckeein corydolphin/flask-cors#345- Update extension.py to clean request.path before logging it by
@aneshujevicin corydolphin/flask-cors#351- Update CI to include Python 3.12 and flask 3.0.3 by
@corydolphinin corydolphin/flask-cors#354- Release 4.0.1 by
@corydolphinin corydolphin/flask-cors#353New Contributors
@kurtmckeemade their first contribution in corydolphin/flask-cors#345@aneshujevicmade their first contribution in corydolphin/flask-cors#351Full Changelog: https://github.com/corydolphin/flask-cors/compare/4.0.0...4.0.1
Changelog
Sourced from flask-cors's changelog.
Change Log
4.0.1
Security
- Address CVE-2024-1681 which is a log injection vulnerability when the log level is set to debug by
@aneshujevicin corydolphin/flask-cors#351
Commits
c851476V5: Breaking: Change default to disable private network access (#368)561ed26Add unit tests for Private-Network (#367)7ae310cBackwards Compatible Fix for CVE-2024-6221 (#363)f25c6b2--- (#358)1df178cRelease 0.4.1 (#353)5090b4aUpdate CI to include Python 3.12 and flask 3.0.3 (#354)6172c20Update extension.py to clean request.path before logging it (#351)cadade9Fix Read the Docs builds (#345)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}