blabla1337 / skf-labs

Repo for all the OWASP-SKF Docker lab examples
Apache License 2.0
439 stars 201 forks source link

Bump werkzeug from 0.14.1 to 0.15.3 in /CSRF-SameSite #67

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps werkzeug from 0.14.1 to 0.15.3.

Release notes *Sourced from [werkzeug's releases](https://github.com/pallets/werkzeug/releases).* > ## 0.15.3 > * Blog: https://palletsprojects.com/blog/werkzeug-0-15-3-released/ > * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-3 > > > ## 0.15.2 > * Blog: https://palletsprojects.com/blog/werkzeug-0-15-2-released/ > * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-2 > > ## 0.15.1 > * Blog: https://palletsprojects.com/blog/werkzeug-0-15-1-released/ > * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/ > > ## 0.15.0 > * Blog: https://palletsprojects.com/blog/werkzeug-0-15-0-released/ > * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/
Changelog *Sourced from [werkzeug's changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst).* > Version 0.15.3 > -------------- > > Released 2019-05-14 > > - Properly handle multi-line header folding in development server in > Python 2.7. (:issue:`1080`) > - Restore the ``response`` argument to :exc:`~exceptions.Unauthorized`. > (:pr:`1527`) > - :exc:`~exceptions.Unauthorized` doesn't add the ``WWW-Authenticate`` > header if ``www_authenticate`` is not given. (:issue:`1516`) > - The default URL converter correctly encodes bytes to string rather > than representing them with ``b''``. (:issue:`1502`) > - Fix the filename format string in > :class:`~middleware.profiler.ProfilerMiddleware` to correctly handle > float values. (:issue:`1511`) > - Update :class:`~middleware.lint.LintMiddleware` to work on Python 3. > (:issue:`1510`) > - The debugger detects cycles in chained exceptions and does not time > out in that case. (:issue:`1536`) > - When running the development server in Docker, the debugger security > pin is now unique per container. > > > Version 0.15.2 > -------------- > > Released 2019-04-02 > > - ``Rule`` code generation uses a filename that coverage will ignore. > The previous value, "generated", was causing coverage to fail. > (:issue:`1487`) > - The test client removes the cookie header if there are no persisted > cookies. This fixes an issue introduced in 0.15.0 where the cookies > from the original request were used for redirects, causing functions > such as logout to fail. (:issue:`1491`) > - The test client copies the environ before passing it to the app, to > prevent in-place modifications from affecting redirect requests. > (:issue:`1498`) > - The ``"werkzeug"`` logger only adds a handler if there is no handler > configured for its level in the logging chain. This avoids double > logging if other code configures logging first. (:issue:`1492`) > > > Version 0.15.1 > -------------- > > Released 2019-03-21 > > - :exc:`~exceptions.Unauthorized` takes ``description`` as the first > ... (truncated)
Commits - [`9b1123a`](https://github.com/pallets/werkzeug/commit/9b1123a779e95b5c38ca911ce1329e87a3348a92) release version 0.15.3 - [`00bc43b`](https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246) unique debugger pin in Docker containers - [`2cbdf2b`](https://github.com/pallets/werkzeug/commit/2cbdf2b02273daccf85845b1e1569096e65ffe58) Merge pull request [#1542](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1542) from asottile/exceptions_arent_always_hashable - [`0e669f6`](https://github.com/pallets/werkzeug/commit/0e669f6be532801267d35de23c5f5237b8406d8a) Fix unhashable exception types - [`bdc17e4`](https://github.com/pallets/werkzeug/commit/bdc17e4cd10bbb17449006cef385ec953a11fc36) Merge pull request [#1540](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1540) from pallets/break-tb-cycle - [`44e38c2`](https://github.com/pallets/werkzeug/commit/44e38c2985bcd3a7c17467bead901b8f36528f5f) break cycle in chained exceptions - [`777500b`](https://github.com/pallets/werkzeug/commit/777500b64647ea47b21e52e5e113ba1d86014c05) Merge pull request [#1518](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1518) from NiklasMM/fix/1510_lint-middleware-python3-compa... - [`e00c7c2`](https://github.com/pallets/werkzeug/commit/e00c7c2cedcbcad3772e4522813c78bc9a860fbe) Make LintMiddleware Python 3 compatible and add tests - [`d590cc7`](https://github.com/pallets/werkzeug/commit/d590cc7cf2fcb34ebc0783eb3c2913e8ce016ed8) Merge pull request [#1539](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1539) from pallets/profiler-format - [`0388fc9`](https://github.com/pallets/werkzeug/commit/0388fc95e696513bbefbde293f3f76cc482df8fa) update filename_format for ProfilerMiddleware. - Additional commits viewable in [compare view](https://github.com/pallets/werkzeug/compare/0.14.1...0.15.3)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/blabla1337/skf-labs/network/alerts).
dependabot[bot] commented 4 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.