Bump flask-cors from 3.0.10 to 5.0.0 in /server (#4589) · datacommonsorg/website@553cf2d

Commit

Bump flask-cors from 3.0.10 to 5.0.0 in /server (#4589)

Bumps [flask-cors](https://github.com/corydolphin/flask-cors) from
3.0.10 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/corydolphin/flask-cors/releases">flask-cors's
releases</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Breaking: Change default to disable private network access by <a
href="https://github.com/corydolphin"><code>@corydolphin</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/368">corydolphin/flask-cors#368</a>
This effectively resolves <a
href="https://github.com/advisories/GHSA-hxwh-jpp2-84pm">https://github.com/advisories/GHSA-hxwh-jpp2-84pm</a>
<a
href="https://osv.dev/vulnerability/PYSEC-2024-71">https://osv.dev/vulnerability/PYSEC-2024-71</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/corydolphin/flask-cors/compare/4.0.2...5.0.0">https://github.com/corydolphin/flask-cors/compare/4.0.2...5.0.0</a></p>
<h2>4.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump requests from 2.31.0 to 2.32.0 in /docs by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/358">corydolphin/flask-cors#358</a></li>
<li>Backwards Compatible Fix for CVE-2024-6221 by <a
href="https://github.com/adrianosela"><code>@adrianosela</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/363">corydolphin/flask-cors#363</a></li>
<li>Add unit tests for Private-Network by <a
href="https://github.com/corydolphin"><code>@corydolphin</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/367">corydolphin/flask-cors#367</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/dependabot"><code>@dependabot</code></a> made
their first contribution in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/358">corydolphin/flask-cors#358</a></li>
<li><a
href="https://github.com/adrianosela"><code>@adrianosela</code></a>
made their first contribution in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/363">corydolphin/flask-cors#363</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/corydolphin/flask-cors/compare/4.0.1...4.0.2">https://github.com/corydolphin/flask-cors/compare/4.0.1...4.0.2</a></p>
<h2>4.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix Read the Docs builds by <a
href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/345">corydolphin/flask-cors#345</a></li>
<li>Update extension.py to clean request.path before logging it by <a
href="https://github.com/aneshujevic"><code>@aneshujevic</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/351">corydolphin/flask-cors#351</a></li>
<li>Update CI to include Python 3.12 and flask 3.0.3 by <a
href="https://github.com/corydolphin"><code>@corydolphin</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/354">corydolphin/flask-cors#354</a></li>
<li>Release 4.0.1 by <a
href="https://github.com/corydolphin"><code>@corydolphin</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/353">corydolphin/flask-cors#353</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a>
made their first contribution in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/345">corydolphin/flask-cors#345</a></li>
<li><a
href="https://github.com/aneshujevic"><code>@aneshujevic</code></a>
made their first contribution in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/351">corydolphin/flask-cors#351</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/corydolphin/flask-cors/compare/4.0.0...4.0.1">https://github.com/corydolphin/flask-cors/compare/4.0.0...4.0.1</a></p>
<h2>Release 4.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove support for Python versions older than 3.8 by <a
href="https://github.com/WAKayser"><code>@WAKayser</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/330">corydolphin/flask-cors#330</a></li>
<li>Add GHA tooling by <a
href="https://github.com/corydolphin"><code>@corydolphin</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/331">corydolphin/flask-cors#331</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/WAKayser"><code>@WAKayser</code></a>
made their first contribution in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/330">corydolphin/flask-cors#330</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/corydolphin/flask-cors/compare/3.1.01...v4.0.0">https://github.com/corydolphin/flask-cors/compare/3.1.01...v4.0.0</a></p>
<h2>3.1.01</h2>
<h2>What's Changed</h2>
<ul>
<li>Include examples to specify that schema and port must be included in
… by <a href="https://github.com/YPCrumble"><code>@YPCrumble</code></a>
in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/294">corydolphin/flask-cors#294</a></li>
<li>two small changes to the documentation, based on issue <a
href="https://redirect.github.com/corydolphin/flask-cors/issues/290">#290</a>
by <a href="https://github.com/bbbart"><code>@bbbart</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/291">corydolphin/flask-cors#291</a></li>
<li>Fix typo by <a
href="https://github.com/sunarch"><code>@sunarch</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/304">corydolphin/flask-cors#304</a></li>
<li>FIX: typo in CSRF by <a
href="https://github.com/sattamjh"><code>@sattamjh</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/315">corydolphin/flask-cors#315</a></li>
<li>Test against recent Python versions by <a
href="https://github.com/pylipp"><code>@pylipp</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/314">corydolphin/flask-cors#314</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md">flask-cors's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<h2>4.0.1</h2>
<h3>Security</h3>
<ul>
<li>Address <a
href="https://github.com/advisories/GHSA-84pr-m4jr-85g5">CVE-2024-1681</a>
which is a log injection vulnerability when the log level is set to
debug by <a
href="https://github.com/aneshujevic"><code>@aneshujevic</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/351">corydolphin/flask-cors#351</a></li>
</ul>
<h2>4.0.0</h2>
<ul>
<li>Remove support for Python versions older than 3.8 by <a
href="https://github.com/WAKayser"><code>@WAKayser</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/330">corydolphin/flask-cors#330</a></li>
<li>Add GHA tooling by <a
href="https://github.com/corydolphin"><code>@corydolphin</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/331">corydolphin/flask-cors#331</a></li>
</ul>
<h2>3.1.01</h2>
<ul>
<li>Include examples to specify that schema and port must be included in
… by <a href="https://github.com/YPCrumble"><code>@YPCrumble</code></a>
in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/294">corydolphin/flask-cors#294</a></li>
<li>two small changes to the documentation, based on issue <a
href="https://redirect.github.com/corydolphin/flask-cors/issues/290">#290</a>
by <a href="https://github.com/bbbart"><code>@bbbart</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/291">corydolphin/flask-cors#291</a></li>
<li>Fix typo by <a
href="https://github.com/sunarch"><code>@sunarch</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/304">corydolphin/flask-cors#304</a></li>
<li>FIX: typo in CSRF by <a
href="https://github.com/sattamjh"><code>@sattamjh</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/315">corydolphin/flask-cors#315</a></li>
<li>Test against recent Python versions by <a
href="https://github.com/pylipp"><code>@pylipp</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/314">corydolphin/flask-cors#314</a></li>
<li>Correct spelling mistakes by <a
href="https://github.com/EdwardBetts"><code>@EdwardBetts</code></a> in
<a
href="https://redirect.github.com/corydolphin/flask-cors/pull/311">corydolphin/flask-cors#311</a></li>
<li>'Access-Control-Allow-Private-Network = true' header for http
response by <a
href="https://github.com/chelo-kjml"><code>@chelo-kjml</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/318">corydolphin/flask-cors#318</a></li>
<li>docs: Fix a few typos by <a
href="https://github.com/timgates42"><code>@timgates42</code></a> in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/323">corydolphin/flask-cors#323</a></li>
<li>[Docs] Fix typo in configuration documentation by <a
href="https://github.com/sachit-shroff"><code>@sachit-shroff</code></a>
in <a
href="https://redirect.github.com/corydolphin/flask-cors/pull/316">corydolphin/flask-cors#316</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548"><code>c851476</code></a>
V5: Breaking: Change default to disable private network access (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/368">#368</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/561ed263e605c35c6b928aee40db9343a318f4a6"><code>561ed26</code></a>
Add unit tests for Private-Network (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/367">#367</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec"><code>7ae310c</code></a>
Backwards Compatible Fix for CVE-2024-6221 (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/363">#363</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/f25c6b2ed243457a64567a8fe40e5df6da0cb3dc"><code>f25c6b2</code></a>
--- (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/358">#358</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/1df178ccc019c5aa7282246288c04f867d716790"><code>1df178c</code></a>
Release 0.4.1 (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/353">#353</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/5090b4a43f3d45511057f5a2fb1ae8cca9542522"><code>5090b4a</code></a>
Update CI to include Python 3.12 and flask 3.0.3 (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/354">#354</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/6172c2000dba965fedb8e9a8a916ad56f0fb2630"><code>6172c20</code></a>
Update extension.py to clean request.path before logging it (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/351">#351</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/cadade9403de251a42bc63a38bafb065d380f4e3"><code>cadade9</code></a>
Fix Read the Docs builds (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/345">#345</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/40acc8092332dfed4bb54d7a4f89a6d479466de7"><code>40acc80</code></a>
Update CHANGELOG to reflect 4.0.0 release (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/335">#335</a>)</li>
<li><a
href="https://github.com/corydolphin/flask-cors/commit/dbabb27884f55d0328482ba92c51ca8397c58974"><code>dbabb27</code></a>
Testing: Move from deprecated assertEquals to assertEqual (<a
href="https://redirect.github.com/corydolphin/flask-cors/issues/332">#332</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/corydolphin/flask-cors/compare/3.0.10...5.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=flask-cors&package-manager=pip&previous-version=3.0.10&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/datacommonsorg/website/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chejennifer <[email protected]>

Loading branch information

dependabot[bot] and chejennifer authored Dec 27, 2024

1 parent fc4828a commit 553cf2d

server/requirements.txt

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -4,7 +4,7 @@ CacheControl==0.12.11
  
    Flask==2.3.2

    Flask-Babel==2.0.0

    Flask-Caching==2.0.1

    flask_cors==3.0.10

    flask_cors==5.0.0

    flask_testing==0.8.1

    frozendict==2.3.4

    geojson_rewind==1.0.1

0 comments on commit `553cf2d`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `553cf2d`

Commit

There are no files selected for viewing

0 comments on commit 553cf2d

0 comments on commit `553cf2d`