Closed dependabot[bot] closed 5 years ago
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version
or @dependabot ignore this minor version
.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
Bumps flask from 0.12.4 to 1.0.
Release notes
*Sourced from [flask's releases](https://github.com/pallets/flask/releases).* > ## 1.0 > The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/ > > There are over a year's worth of changes in this release. Many features have been improved or changed. [Read the changelog](http://flask.pocoo.org/docs/1.0/changelog/) to understand how your project's code will be affected. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Install or Upgrade > ------------------- > > Install from [PyPI](https://pypi.org/project/Flask/) with pip: > > pip install -U FlaskChangelog
*Sourced from [flask's changelog](https://github.com/pallets/flask/blob/master/CHANGES.rst).* > Version 1.0 > ----------- > > Released 2018-04-26 > > - Python 2.6 and 3.3 are no longer supported. > - Bump minimum dependency versions to the latest stable versions: > Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1. > :issue:`2586` > - Skip :meth:`app.runCommits
- [`291f3c3`](https://github.com/pallets/flask/commit/291f3c338c4d302dbde01ab9153a7817e5a780f5) Bump version number to 1.0 - [`36e68a4`](https://github.com/pallets/flask/commit/36e68a439a073e927b1801704fc7921be58262e1) release 1.0 - [`216151c`](https://github.com/pallets/flask/commit/216151c8a3c02e805fe5d1824708253f7e01e77f) Merge branch '0.12-maintenance' - [`062745b`](https://github.com/pallets/flask/commit/062745b23f7abaafb144e3d94b6fbdf8ccc456b9) Merge pull request [#2720](https://github-redirect.dependabot.com/pallets/flask/issues/2720) from pallets/setup-link - [`5c8110d`](https://github.com/pallets/flask/commit/5c8110de25f08bf20e9fda6611403dc5c59ec849) ensure order of project urls - [`10a77a5`](https://github.com/pallets/flask/commit/10a77a54309876a6aba2e3303d291498c0a9318c) Add project_urls so that PyPI will show GitHub stats. - [`2ede0b8`](https://github.com/pallets/flask/commit/2ede0b8ba944fbd8b7c2478f100dd117c85975a0) add donate link - [`4137aec`](https://github.com/pallets/flask/commit/4137aecca9c4add694146502cd3e6e5fc945f6dd) add donate link - [`4df5f82`](https://github.com/pallets/flask/commit/4df5f829142bb7a4c7a1e4115df35ecd44c54ad2) Merge pull request [#2719](https://github-redirect.dependabot.com/pallets/flask/issues/2719) from greyli/patch-9 - [`7df3524`](https://github.com/pallets/flask/commit/7df3524bb9f2683555186d0890c24576c1505766) Fix typo in docs - Additional commits viewable in [compare view](https://github.com/pallets/flask/compare/0.12.4...1.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alfg/guildbit/network/alerts).