chore(deps): update dependency flask-cors to v6 by renovate[bot] · Pull Request #228 · A-aung/python-docs-samples
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| flask-cors | ==3.0.10 -> ==6.0.0 |
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
corydolphin/flask-cors (flask-cors)
v6.0.0
Breaking
Path specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.
- [CVE-2024-6839] Sort Paths by Regex Specificity by @adrianosela in https://github.com/corydolphin/flask-cors/pull/391
- [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by @adrianosela in https://github.com/corydolphin/flask-cors/pull/389
What's Changed
- [CVE-2024-6866] Case Sensitive Request Path Matching by @adrianosela in https://github.com/corydolphin/flask-cors/pull/390
Full Changelog: corydolphin/flask-cors@5.0.1...6.0.0
v5.0.1
What's Changed
This primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements
- [Docs] Fix links to documentation by @coren-frankel in https://github.com/corydolphin/flask-cors/pull/369
- Fix minor typos by @kkirsche in https://github.com/corydolphin/flask-cors/pull/371
- Migrate packaging and environment management to use uv by @corydolphin in https://github.com/corydolphin/flask-cors/pull/377
- Fix release pipeline by @corydolphin in https://github.com/corydolphin/flask-cors/pull/378
- Always use trusted publishing by @corydolphin in https://github.com/corydolphin/flask-cors/pull/379
- Workaround license publishing issue by @corydolphin in https://github.com/corydolphin/flask-cors/pull/380
- Fix packaging: missing source files by @corydolphin in https://github.com/corydolphin/flask-cors/pull/381
New Contributors
- @coren-frankel made their first contribution in https://github.com/corydolphin/flask-cors/pull/369
- @kkirsche made their first contribution in https://github.com/corydolphin/flask-cors/pull/371
Full Changelog: corydolphin/flask-cors@5.0.0...5.0.01
v5.0.0
What's Changed
- Breaking: Change default to disable private network access by @corydolphin in https://github.com/corydolphin/flask-cors/pull/368
This effectively resolves GHSA-hxwh-jpp2-84pm https://osv.dev/vulnerability/PYSEC-2024-71
Full Changelog: corydolphin/flask-cors@4.0.2...5.0.0
v4.0.2
What's Changed
- Bump requests from 2.31.0 to 2.32.0 in /docs by @dependabot in https://github.com/corydolphin/flask-cors/pull/358
- Backwards Compatible Fix for CVE-2024-6221 by @adrianosela in https://github.com/corydolphin/flask-cors/pull/363
- Add unit tests for Private-Network by @corydolphin in https://github.com/corydolphin/flask-cors/pull/367
New Contributors
- @dependabot made their first contribution in https://github.com/corydolphin/flask-cors/pull/358
- @adrianosela made their first contribution in https://github.com/corydolphin/flask-cors/pull/363
Full Changelog: corydolphin/flask-cors@4.0.1...4.0.2
v4.0.1
Security
- Address CVE-2024-1681 which is a log injection vulnerability when the log level is set to debug by @aneshujevic in https://github.com/corydolphin/flask-cors/pull/351
v4.0.0
- Remove support for Python versions older than 3.8 by @WAKayser in https://github.com/corydolphin/flask-cors/pull/330
- Add GHA tooling by @corydolphin in https://github.com/corydolphin/flask-cors/pull/331
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.