Skip to content
This repository was archived by the owner on Aug 30, 2025. It is now read-only.

Bump the pip group across 1 directory with 4 updates#243

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/backend/pip-fc2868ec8d
Open

Bump the pip group across 1 directory with 4 updates#243
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/backend/pip-fc2868ec8d

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github May 20, 2024

Bumps the pip group with 4 updates in the /backend directory: flask, pyjwt, flask-cors and requests.

Updates flask from 0.12.1 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

2.2.3

This is a fix release for the 2.2.x release branch.

2.2.2

This is a fix release for the 2.2.0 feature release.

2.2.1

This is a fix release for the 2.2.0 feature release.

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

2.1.3

2.1.2

This is a fix release for the 2.1.0 feature release.

2.1.1

This is a fix release for the 2.1.0 feature release.

... (truncated)

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
  • Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

Updates pyjwt from 1.4.2 to 2.4.0

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.3.0...2.4.0

2.3.0

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

Changed



- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742

Fixed



- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added




v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__


Fixed



- Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__

Added



    

  • Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__
    • 



v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__


&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>


<ul>

<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653&quot;&gt;&lt;code&gt;83ff831&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9&quot;&gt;&lt;code&gt;4c1ce8f&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea&quot;&gt;&lt;code&gt;96f3f02&lt;/code&gt;&lt;/a> fix: failing advisory test</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc&quot;&gt;&lt;code&gt;9c52867&lt;/code&gt;&lt;/a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc&quot;&gt;&lt;code&gt;24b29ad&lt;/code&gt;&lt;/a> Update CHANGELOG.rst (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/751&quot;&gt;#751&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f&quot;&gt;&lt;code&gt;31f5acb&lt;/code&gt;&lt;/a> Replace various string interpolations with f-strings (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/744&quot;&gt;#744&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda&quot;&gt;&lt;code&gt;5581a31&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/748&quot;&gt;#748&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6&quot;&gt;&lt;code&gt;3d4d822&lt;/code&gt;&lt;/a> Don't mutate options dictionary in .decode_complete() (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/743&quot;&gt;#743&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613&quot;&gt;&lt;code&gt;1f1fe15&lt;/code&gt;&lt;/a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e&quot;&gt;&lt;code&gt;35fa28e&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/740&quot;&gt;#740&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.4.2...2.4.0&quot;&gt;compare view</a></li>

</ul>

</details>


<br />




Updates flask-cors from 3.0.2 to 4.0.1



Release notes

Sourced from flask-cors's releases.




4.0.1


What's Changed



New Contributors



Full Changelog: https://github.com/corydolphin/flask-cors/compare/4.0.0...4.0.1


Release 4.0.0


What's Changed



New Contributors



Full Changelog: https://github.com/corydolphin/flask-cors/compare/3.1.01...v4.0.0


3.1.01


What's Changed



New Contributors



Full Changelog: https://github.com/corydolphin/flask-cors/compare/3.0.10...3.1.01


Release 3.0.10


    

  • Adds support for PPC64 and ARM64 builds for distribution. Thanks @​sreekanth370
    • 

  • Fixes warnings for invalid escape sequences Thanks @​tirkarthi
    • 






... (truncated)





Changelog

Sourced from flask-cors's changelog.




4.0.1


Security



4.0.0



3.1.01



3.0.10


Adds support for PPC64 and ARM64 builds for distribution. Thanks @​sreekanth370


3.0.9


Security


    

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly
evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for
"/api/*" whereas the path actually expands simply to "/foo.txt"
    • 



3.0.8


Fixes : DeprecationWarning: Using or importing the ABCs from 'collections' in Python 3.7.
Thank you @​juanmaneo and @​jdevera for the contribution.


3.0.7


Updated logging.warn to logging.warning (#234) Thanks Vaibhav


3.0.6


Manual error in release process. Identical contents at 3.0.5.


3.0.5


Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212


3.0.4


Handle response.headers being None. (Fixes issue #217)


3.0.3


Ensure that an Origin of '*' is never sent if supports_credentials is True (fixes Issue #202)


    

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.
    • 








Commits






Updates requests from 2.13.0 to 2.32.0



Release notes

Sourced from requests's releases.




v2.32.0


2.32.0 (2024-05-20)


🐍 PYCON US 2024 EDITION 🐍


Security



Improvements


    

  • verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
    • 

  • Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
    • 



Bugfixes


    

  • Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
    • 

  • Fixed deserialization bug in JSONDecodeError. (#6629)
    • 

  • Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
    • 



Deprecations


    

  • Requests has officially added support for CPython 3.12 (#6503)
    • 

  • Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
    • 

  • Requests has officially dropped support for CPython 3.7 (#6642)
    • 

  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
    • 



Documentation


    

  • Various typo fixes and doc improvements.
    • 



Packaging


    

  • Requests has started adopting some modern packaging practices.
The source files for the projects (formerly requests) is now located
in src/requests in the Requests sdist. (#6506)
    • 

  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
using hatchling. This should not impact the average user, but extremely old
versions of packaging utilities may have issues with the new packaging format.
    • 



New Contributors






... (truncated)





Changelog

Sourced from requests's changelog.




2.32.0 (2024-05-20)


Security



Improvements


    

  • verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
    • 

  • Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
    • 



Bugfixes


    

  • Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
    • 

  • Fixed deserialization bug in JSONDecodeError. (#6629)
    • 

  • Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
    • 



Deprecations


    

  • Requests has officially added support for CPython 3.12 (#6503)
    • 

  • Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
    • 

  • Requests has officially dropped support for CPython 3.7 (#6642)
    • 

  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
    • 



Documentation


    

  • Various typo fixes and doc improvements.
    • 



Packaging


    

  • Requests has started adopting some modern packaging practices.
The source files for the projects (formerly requests) is now located
in src/requests in the Requests sdist. (#6506)
    • 

  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
using hatchling. This should not impact the average user, but extremely old
versions of packaging utilities may have issues with the new packaging format.
    • 



2.31.0 (2023-05-22)


Security





... (truncated)





Commits

    

  • d6ebc4a v2.32.0
    • 

  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
    • 

  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
    • 

  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
    • 

  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
    • 

  • bf24b7d Use an invalid URI that will not cause httpbin to throw 500
    • 

  • 2d5f547 Pin 3.8 and 3.9 runners back to macos-13 (#6688)
    • 

  • f1bb07d Merge pull request #6687 from psf/dependabot/github_actions/github/codeql-act...
    • 

  • 60047ad Bump github/codeql-action from 3.24.0 to 3.25.0
    • 

  • 31ebb81 Merge pull request #6682 from frenzymadness/pytest8
    • 

  • Additional commits viewable in compare view
    • 







Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.





Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:


    

  • @dependabot rebase will rebase this PR
    • 

  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • 

  • @dependabot merge will merge this PR after your CI passes on it
    • 

  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • 

  • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • 

  • @dependabot reopen will reopen this PR if it is closed
    • 

  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • 

  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
    • 

  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
    • 

  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
    • 

  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
    • 

  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
    • 

  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    
You can disable automated security fix PRs for this repo from the Security Alerts page.
    •

@dependabot
d2d4c2b 
---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyjwt
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-cors
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 20, 2024
This was referenced May 20, 2024
Closed
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants