Open dependabot[bot] opened 4 years ago
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase
.
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase
.
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase
.
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase
.
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase
.
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase
.
Bumps flask from 0.11.1 to 1.0.
Release notes
*Sourced from [flask's releases](https://github.com/pallets/flask/releases).* > ## 1.0 > The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/ > > There are over a year's worth of changes in this release. Many features have been improved or changed. [Read the changelog](http://flask.pocoo.org/docs/1.0/changelog/) to understand how your project's code will be affected. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Install or Upgrade > ------------------- > > Install from [PyPI](https://pypi.org/project/Flask/) with pip: > > pip install -U Flask > > ## 0.12.4 > This is a repackage of [0.12.3](https://github.com/pallets/flask/releases/0.12.3) to fix an issue with how the package was built. > > > Upgrade > -------- > > Upgrade from [PyPI](https://pypi.org/project/Flask/0.12.4/) with pip. Use a version identifier if you want to stay at 0.12: > > pip install -U 'Flask~=0.12.4' > > ## 0.12.3 > This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the [1.0 announcement](https://github.com/pallets/flask/blob/flask-1-0-released) and update to it instead if possible. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Upgrade > -------- > > Upgrade from [PyPI](https://pypi.org/project/Flask/) with pip. Use a version identifier if you want to stay at 0.12: > > pip install -U 'Flask~=0.12.3' > ... (truncated)Changelog
*Sourced from [flask's changelog](https://github.com/pallets/flask/blob/master/CHANGES.rst).* > Version 1.0 > ----------- > > Released 2018-04-26 > > - Python 2.6 and 3.3 are no longer supported. > - Bump minimum dependency versions to the latest stable versions: > Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1. > :issue:`2586` > - Skip :meth:`app.runCommits
- [`291f3c3`](https://github.com/pallets/flask/commit/291f3c338c4d302dbde01ab9153a7817e5a780f5) Bump version number to 1.0 - [`36e68a4`](https://github.com/pallets/flask/commit/36e68a439a073e927b1801704fc7921be58262e1) release 1.0 - [`216151c`](https://github.com/pallets/flask/commit/216151c8a3c02e805fe5d1824708253f7e01e77f) Merge branch '0.12-maintenance' - [`23047a7`](https://github.com/pallets/flask/commit/23047a71fd7da13be7b545f30807f38f4d9ecb25) Bump version number to 0.12.4.dev - [`1a9e58e`](https://github.com/pallets/flask/commit/1a9e58e8c97c47c969736d46410f724f4e834f54) Bump version number to 0.12.3 - [`63deee0`](https://github.com/pallets/flask/commit/63deee0a8b0963f1657e2d327773d65632a387d3) release 0.12.3 - [`062745b`](https://github.com/pallets/flask/commit/062745b23f7abaafb144e3d94b6fbdf8ccc456b9) Merge pull request [#2720](https://github-redirect.dependabot.com/pallets/flask/issues/2720) from pallets/setup-link - [`5c8110d`](https://github.com/pallets/flask/commit/5c8110de25f08bf20e9fda6611403dc5c59ec849) ensure order of project urls - [`10a77a5`](https://github.com/pallets/flask/commit/10a77a54309876a6aba2e3303d291498c0a9318c) Add project_urls so that PyPI will show GitHub stats. - [`22992a0`](https://github.com/pallets/flask/commit/22992a0d533f7f68e9fa1845c86dae230d8ff9ba) add donate link - Additional commits viewable in [compare view](https://github.com/pallets/flask/compare/0.11.1...1.0)You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EUDAT-B2SHARE/b2share/network/alerts).