Update dependency flask to v2.2.5 [SECURITY] #20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
abb2be2
to
d6d5387
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
d6d5387
to
d18c974
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
d18c974
to
a290be4
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
a290be4
to
424e2a8
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
424e2a8
to
0e09f71
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
0e09f71
to
7ef9501
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
7ef9501
to
b82a279
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
b82a279
to
32067e1
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
32067e1
to
f669b96
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
f669b96
to
e764516
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
e764516
to
916a070
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
916a070
to
aec557a
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
aec557a
to
c63f350
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
c63f350
to
6ad1f8c
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
6ad1f8c
to
415e515
Compare
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
f48ef0d
to
37947ec
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
37947ec
to
ce10757
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
ce10757
to
e66e2ec
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
e66e2ec
to
a3e29c1
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
a3e29c1
to
f11ecc0
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
f11ecc0
to
ccab1ca
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
ccab1ca
to
41494d7
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
41494d7
to
8fe0b40
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
8fe0b40
to
bb8e687
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
bb8e687
to
df66acc
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
df66acc
to
1275efd
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
1275efd
to
32f6adb
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
32f6adb
to
85a8033
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
85a8033
to
031a3fa
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-flask-vulnerability
branch
from
031a3fa
to
5ba6edb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.0.3->==2.2.5GitHub Vulnerability Alerts
CVE-2023-30861
When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches
Set-Cookieheaders, it may send one client'ssessioncookie to other clients. The severity depends on the application's use of the session, and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.session.permanent = True.SESSION_REFRESH_EACH_REQUESTis enabled (the default).Cache-Controlheader to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the
Vary: Cookieheader when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.