clowdr / clowdr-paper

Repository for the Clowdr paper
Apache License 2.0
1 stars 1 forks source link

Bump flask from 0.12.2 to 1.0 in /experiment #5

Closed dependabot[bot] closed 5 years ago

dependabot[bot] commented 5 years ago

Bumps flask from 0.12.2 to 1.0.

Release notes *Sourced from [flask's releases](https://github.com/pallets/flask/releases).* > ## 1.0 > The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/ > > There are over a year's worth of changes in this release. Many features have been improved or changed. [Read the changelog](http://flask.pocoo.org/docs/1.0/changelog/) to understand how your project's code will be affected. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Install or Upgrade > ------------------- > > Install from [PyPI](https://pypi.org/project/Flask/) with pip: > > pip install -U Flask > > ## 0.12.4 > This is a repackage of [0.12.3](https://github.com/pallets/flask/releases/0.12.3) to fix an issue with how the package was built. > > > Upgrade > -------- > > Upgrade from [PyPI](https://pypi.org/project/Flask/0.12.4/) with pip. Use a version identifier if you want to stay at 0.12: > > pip install -U 'Flask~=0.12.4' > > ## 0.12.3 > This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the [1.0 announcement](https://github.com/pallets/flask/blob/flask-1-0-released) and update to it instead if possible. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Upgrade > -------- > > Upgrade from [PyPI](https://pypi.org/project/Flask/) with pip. Use a version identifier if you want to stay at 0.12: > > pip install -U 'Flask~=0.12.3' > ... (truncated)
Changelog *Sourced from [flask's changelog](https://github.com/pallets/flask/blob/master/CHANGES.rst).* > Version 1.0 > ----------- > > Released 2018-04-26 > > - Python 2.6 and 3.3 are no longer supported. > - Bump minimum dependency versions to the latest stable versions: > Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1. > :issue:`2586` > - Skip :meth:`app.run ` when a Flask application is run > from the command line. This avoids some behavior that was confusing > to debug. > - Change the default for :data:`JSONIFY_PRETTYPRINT_REGULAR` to > ``False``. :func:`~json.jsonify` returns a compact format by > default, and an indented format in debug mode. :pr:`2193` > - :meth:`Flask.__init__ ` accepts the ``host_matching`` > argument and sets it on :attr:`~Flask.url_map`. :issue:`1559` > - :meth:`Flask.__init__ ` accepts the ``static_host`` argument > and passes it as the ``host`` argument when defining the static > route. :issue:`1559` > - :func:`send_file` supports Unicode in ``attachment_filename``. > :pr:`2223` > - Pass ``_scheme`` argument from :func:`url_for` to > :meth:`~Flask.handle_url_build_error`. :pr:`2017` > - :meth:`~Flask.add_url_rule` accepts the > ``provide_automatic_options`` argument to disable adding the > ``OPTIONS`` method. :pr:`1489` > - :class:`~views.MethodView` subclasses inherit method handlers from > base classes. :pr:`1936` > - Errors caused while opening the session at the beginning of the > request are handled by the app's error handlers. :pr:`2254` > - Blueprints gained :attr:`~Blueprint.json_encoder` and > :attr:`~Blueprint.json_decoder` attributes to override the app's > encoder and decoder. :pr:`1898` > - :meth:`Flask.make_response` raises ``TypeError`` instead of > ``ValueError`` for bad response types. The error messages have been > improved to describe why the type is invalid. :pr:`2256` > - Add ``routes`` CLI command to output routes registered on the > application. :pr:`2259` > - Show warning when session cookie domain is a bare hostname or an IP > address, as these may not behave properly in some browsers, such as > Chrome. :pr:`2282` > - Allow IP address as exact session cookie domain. :pr:`2282` > - ``SESSION_COOKIE_DOMAIN`` is set if it is detected through > ``SERVER_NAME``. :pr:`2282` > - Auto-detect zero-argument app factory called ``create_app`` or > ``make_app`` from ``FLASK_APP``. :pr:`2297` > - Factory functions are not required to take a ``script_info`` > parameter to work with the ``flask`` command. If they take a single > parameter or a parameter named ``script_info``, the > ... (truncated)
Commits - [`291f3c3`](https://github.com/pallets/flask/commit/291f3c338c4d302dbde01ab9153a7817e5a780f5) Bump version number to 1.0 - [`36e68a4`](https://github.com/pallets/flask/commit/36e68a439a073e927b1801704fc7921be58262e1) release 1.0 - [`216151c`](https://github.com/pallets/flask/commit/216151c8a3c02e805fe5d1824708253f7e01e77f) Merge branch '0.12-maintenance' - [`23047a7`](https://github.com/pallets/flask/commit/23047a71fd7da13be7b545f30807f38f4d9ecb25) Bump version number to 0.12.4.dev - [`1a9e58e`](https://github.com/pallets/flask/commit/1a9e58e8c97c47c969736d46410f724f4e834f54) Bump version number to 0.12.3 - [`63deee0`](https://github.com/pallets/flask/commit/63deee0a8b0963f1657e2d327773d65632a387d3) release 0.12.3 - [`062745b`](https://github.com/pallets/flask/commit/062745b23f7abaafb144e3d94b6fbdf8ccc456b9) Merge pull request [#2720](https://github-redirect.dependabot.com/pallets/flask/issues/2720) from pallets/setup-link - [`5c8110d`](https://github.com/pallets/flask/commit/5c8110de25f08bf20e9fda6611403dc5c59ec849) ensure order of project urls - [`10a77a5`](https://github.com/pallets/flask/commit/10a77a54309876a6aba2e3303d291498c0a9318c) Add project_urls so that PyPI will show GitHub stats. - [`22992a0`](https://github.com/pallets/flask/commit/22992a0d533f7f68e9fa1845c86dae230d8ff9ba) add donate link - Additional commits viewable in [compare view](https://github.com/pallets/flask/compare/0.12.2...1.0)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/clowdr/clowdr-paper/network/alerts).