Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update flask-cors to 4.0.1 #143

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update flask-cors to 4.0.1 #143

wants to merge 1 commit into from

Conversation

pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented May 4, 2024

This PR updates flask-cors from 3.0.8 to 4.0.1.

Changelog

4.0.1

Security
* Address [CVE-2024-1681](https://github.com/advisories/GHSA-84pr-m4jr-85g5) which is a log injection vulnerability when the log level is set to debug by aneshujevic in https://github.com/corydolphin/flask-cors/pull/351

4.0.0

* Remove support for Python versions older than 3.8 by WAKayser in https://github.com/corydolphin/flask-cors/pull/330
* Add GHA tooling by corydolphin in https://github.com/corydolphin/flask-cors/pull/331

3.1.01

* Include examples to specify that schema and port must be included in … by YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
* two small changes to the documentation, based on issue 290 by bbbart in https://github.com/corydolphin/flask-cors/pull/291
* Fix typo by sunarch in https://github.com/corydolphin/flask-cors/pull/304
* FIX: typo in CSRF by sattamjh in https://github.com/corydolphin/flask-cors/pull/315
* Test against recent Python versions by pylipp in https://github.com/corydolphin/flask-cors/pull/314
* Correct spelling mistakes by EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
* 'Access-Control-Allow-Private-Network = true' header for http response by chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
* docs: Fix a few typos by timgates42 in https://github.com/corydolphin/flask-cors/pull/323
* [Docs] Fix typo in configuration documentation by sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks sreekanth370

3.0.9

Security
- Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly
evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for
"/api/*" whereas the path actually expands simply to "/foo.txt"
Links

@pyup-bot pyup-bot mentioned this pull request May 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@pyup-bot