corydolphin/flask-cors (flask-cors)
### [`v3.0.9`](https://togithub.com/corydolphin/flask-cors/blob/HEAD/CHANGELOG.md#309)
[Compare Source](https://togithub.com/corydolphin/flask-cors/compare/3.0.8...3.0.9)
##### Security
- Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly
evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for
"/api/\*" whereas the path actually expands simply to "/foo.txt"
### [`v3.0.8`](https://togithub.com/corydolphin/flask-cors/blob/HEAD/CHANGELOG.md#308)
[Compare Source](https://togithub.com/corydolphin/flask-cors/compare/3.0.7...3.0.8)
Fixes : DeprecationWarning: Using or importing the ABCs from 'collections' in Python 3.7.
Thank you [@juanmaneo](https://togithub.com/juanmaneo) and [@jdevera](https://togithub.com/jdevera) for the contribution.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==3.0.7->==3.0.9By merging this PR, the below vulnerabilities will be automatically resolved:
Release Notes
corydolphin/flask-cors (flask-cors)
### [`v3.0.9`](https://togithub.com/corydolphin/flask-cors/blob/HEAD/CHANGELOG.md#309) [Compare Source](https://togithub.com/corydolphin/flask-cors/compare/3.0.8...3.0.9) ##### Security - Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for "/api/\*" whereas the path actually expands simply to "/foo.txt" ### [`v3.0.8`](https://togithub.com/corydolphin/flask-cors/blob/HEAD/CHANGELOG.md#308) [Compare Source](https://togithub.com/corydolphin/flask-cors/compare/3.0.7...3.0.8) Fixes : DeprecationWarning: Using or importing the ABCs from 'collections' in Python 3.7. Thank you [@juanmaneo](https://togithub.com/juanmaneo) and [@jdevera](https://togithub.com/jdevera) for the contribution.