Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency flask to v2.2.5 [security] #17

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency flask to v2.2.5 [security] #17

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 2, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
flask (changelog) ==2.2.3 -> ==2.2.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-30861

When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the application's use of the session, and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.

  1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
  2. The application sets session.permanent = True.
  3. The application does not access or modify the session at any point during a request.
  4. SESSION_REFRESH_EACH_REQUEST is enabled (the default).
  5. The application does not set a Cache-Control header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the Vary: Cookie header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.

Release Notes

pallets/flask (flask)

v2.2.5

Compare Source

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

v2.2.4

Compare Source

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] chore(deps): update dependency flask to v2.3.2 [security] - autoclosed May 2, 2023
@renovate renovate bot closed this May 2, 2023
@renovate renovate bot deleted the renovate/pypi-flask-vulnerability branch May 2, 2023 17:23
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] - autoclosed chore(deps): update dependency flask to v2.3.2 [security] May 3, 2023
@renovate renovate bot reopened this May 3, 2023
@renovate renovate bot restored the renovate/pypi-flask-vulnerability branch May 3, 2023 00:27
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] chore(deps): update dependency flask to v2.2.5 [security] May 3, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 177c92c to 460d4f9 Compare May 3, 2023 00:28
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.2 [security] May 3, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 460d4f9 to 81abafd Compare May 3, 2023 07:33
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] chore(deps): update dependency flask to v2.2.5 [security] May 3, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 81abafd to 8adb627 Compare May 3, 2023 11:59
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.2 [security] May 4, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 8adb627 to ab77957 Compare May 4, 2023 07:59
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] chore(deps): update dependency flask to v2.2.5 [security] May 4, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from ab77957 to a7adffa Compare May 4, 2023 12:02
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.2 [security] May 11, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from a7adffa to d0c2019 Compare May 11, 2023 08:33
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] chore(deps): update dependency flask to v2.2.5 [security] Jun 2, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from d0c2019 to 67fc168 Compare June 2, 2023 02:14
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.2 [security] Jun 4, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 67fc168 to 1c7094a Compare June 4, 2023 05:51
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] chore(deps): update dependency flask to v2.2.5 [security] Jun 11, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 1c7094a to 9aaa126 Compare June 11, 2023 08:03
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.2 [security] Jun 22, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 9aaa126 to abbb8a8 Compare June 22, 2023 05:41
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.2 [security] chore(deps): update dependency flask to v2.2.5 [security] Jun 23, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from abbb8a8 to 6fcb8d0 Compare June 23, 2023 05:56
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.2 [security] Jul 11, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 6fcb8d0 to 8c0acea Compare July 11, 2023 02:30
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from b6ba5ad to 03d3f0b Compare October 17, 2023 02:08
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.3 [security] Oct 23, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 03d3f0b to 0476ad5 Compare October 23, 2023 20:32
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.3 [security] chore(deps): update dependency flask to v2.2.5 [security] Oct 24, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 0476ad5 to 708fb1f Compare October 24, 2023 23:50
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.3 [security] Nov 17, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 708fb1f to 9c1fac6 Compare November 17, 2023 08:20
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.3 [security] chore(deps): update dependency flask to v2.2.5 [security] Nov 18, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 9c1fac6 to ed184fe Compare November 18, 2023 11:39
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.3 [security] Dec 3, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from ed184fe to 748d60e Compare December 3, 2023 17:52
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.3 [security] chore(deps): update dependency flask to v2.2.5 [security] Dec 5, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 748d60e to db51d86 Compare December 5, 2023 02:25
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.3 [security] Dec 20, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from db51d86 to 4467f46 Compare December 20, 2023 02:10
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.3 [security] chore(deps): update dependency flask to v2.2.5 [security] Dec 21, 2023
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 4467f46 to 8798f37 Compare December 21, 2023 05:12
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.3 [security] Jan 5, 2024
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 8798f37 to c1459a6 Compare January 5, 2024 11:58
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.3 [security] chore(deps): update dependency flask to v2.2.5 [security] Jan 6, 2024
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from c1459a6 to 0e06357 Compare January 6, 2024 11:53
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.3 [security] Jan 10, 2024
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 0e06357 to de3d02a Compare January 10, 2024 11:59
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.3 [security] chore(deps): update dependency flask to v2.2.5 [security] Jan 11, 2024
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from de3d02a to 3bce231 Compare January 11, 2024 02:53
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.2.5 [security] chore(deps): update dependency flask to v2.3.3 [security] Jan 17, 2024
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from 3bce231 to f29fa6f Compare January 17, 2024 23:45
@renovate renovate bot changed the title chore(deps): update dependency flask to v2.3.3 [security] chore(deps): update dependency flask to v2.2.5 [security] Jan 18, 2024
@renovate renovate bot force-pushed the renovate/pypi-flask-vulnerability branch from f29fa6f to ff1b54d Compare January 18, 2024 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants