Bump flask-cors from 4.0.2 to 6.0.0

[dependabot[bot]]

Bumps flask-cors from 4.0.2 to 6.0.0.

Release notes

Sourced from flask-cors's releases.

6.0.0

Breaking

Path specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.

• [CVE-2024-6839] Sort Paths by Regex Specificity by @​adrianosela in corydolphin/flask-cors#391
• [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by @​adrianosela in corydolphin/flask-cors#389

What's Changed

• [CVE-2024-6866] Case Sensitive Request Path Matching by @​adrianosela in corydolphin/flask-cors#390

Full Changelog: https://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0

5.0.1

What's Changed

This primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements

• [Docs] Fix links to documentation by @​coren-frankel in corydolphin/flask-cors#369
• Fix minor typos by @​kkirsche in corydolphin/flask-cors#371
• Migrate packaging and environment management to use uv by @​corydolphin in corydolphin/flask-cors#377
• Fix release pipeline by @​corydolphin in corydolphin/flask-cors#378
• Always use trusted publishing by @​corydolphin in corydolphin/flask-cors#379
• Workaround license publishing issue by @​corydolphin in corydolphin/flask-cors#380
• Fix packaging: missing source files by @​corydolphin in corydolphin/flask-cors#381

New Contributors

• @​coren-frankel made their first contribution in corydolphin/flask-cors#369
• @​kkirsche made their first contribution in corydolphin/flask-cors#371

Full Changelog: https://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01

5.0.0

What's Changed

• Breaking: Change default to disable private network access by @​corydolphin in corydolphin/flask-cors#368 This effectively resolves https://github.com/advisories/GHSA-hxwh-jpp2-84pm https://osv.dev/vulnerability/PYSEC-2024-71

Full Changelog: https://github.com/corydolphin/flask-cors/compare/4.0.2...5.0.0

Commits

• 35d8753 [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...
• e970988 [CVE-2024-6839] Sort Paths by Regex Specificity (#391)
• eb39516 [CVE-2024-6866] Case Sensitive Request Path Matching (#390)
• 5da9be4 Fix packaging: missing source files (#381)
• 65a5132 Workaround license publishing issue (#380)
• 7127e7e Always use trusted publishing (#379)
• 01e2e68 Fix release pipeline (#378)
• ade65a1 Major Packaging Refactor: migrate to uv (#377)
• eb44bff fix: typos (#371)
• 1225e78 replace documentation links in README (#369)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)