Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency flask to v2.2.5 - autoclosed #5

Closed
wants to merge 1 commit into from
Closed

Update dependency flask to v2.2.5 - autoclosed #5

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link
Contributor

@mend-for-github-com mend-for-github-com bot commented Dec 11, 2023
edited
Loading

This PR contains the following updates:

Package Update Change
flask (changelog) patch ==2.2.2 -> ==2.2.5

By merging this PR, the issue #4 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2023-30861

Release Notes

pallets/flask (flask)

v2.2.5

Compare Source

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

v2.2.4

Compare Source

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

v2.2.3

Compare Source

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Dec 11, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Dec 17, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 6e1dfa2 to 9e932ae Compare December 17, 2023 07:01
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Dec 23, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 9e932ae to 0d16b04 Compare December 23, 2023 06:57
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Dec 26, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 0d16b04 to 2b723bd Compare December 26, 2023 10:08
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Dec 27, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 2b723bd to 42bf08c Compare December 27, 2023 08:36
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Jan 14, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 42bf08c to 8a8b94f Compare January 14, 2024 07:32
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Jan 16, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch 2 times, most recently from 44c519d to d77cc9d Compare January 21, 2024 08:12
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Jan 21, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Jan 23, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from d77cc9d to 228665e Compare January 23, 2024 07:36
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Jan 29, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 228665e to ce15596 Compare January 29, 2024 07:31
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Feb 2, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from ce15596 to f2dbf74 Compare February 2, 2024 07:21
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Apr 3, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from f2dbf74 to a79ebd5 Compare April 3, 2024 00:06
@rafikmojr
Copy link
Contributor

rafikmojr commented Apr 3, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details96b6bbc1-7559-4a5d-a771-837873569cb0

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2024-1135 Python-gunicorn-20.1.0 Vulnerable Package
HIGH CVE-2024-34069 Python-Werkzeug-2.2.3 Vulnerable Package
HIGH CVE-2024-49767 Python-Werkzeug-2.2.3 Vulnerable Package
LOW CVE-2024-49766 Python-Werkzeug-2.2.3 Vulnerable Package

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2023-30861 Python-Flask-2.2.2
MEDIUM Host Namespace is Shared /docker-compose.yaml: 11
MEDIUM Host Namespace is Shared /docker-compose.yaml: 3
MEDIUM Networks Not Set /docker-compose.yaml: 3
MEDIUM Networks Not Set /docker-compose.yaml: 11
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/users.py: 34
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/books.py: 22
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/users.py: 34
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/books.py: 22
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/users.py: 34
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/books.py: 22
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/users.py: 34
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/books.py: 22
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/users.py: 34
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/books.py: 22
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/users.py: 34
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/books.py: 22
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/books.py: 22
LOW Trust_Boundary_Violation_in_Session_Variables /api_views/users.py: 34

@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Apr 4, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from a79ebd5 to 75dfba9 Compare April 4, 2024 12:11
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Apr 18, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 75dfba9 to 7b62a1b Compare April 18, 2024 18:17
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 May 21, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 7b62a1b to 6b5897c Compare May 21, 2024 06:10
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 May 21, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 6b5897c to a072659 Compare May 21, 2024 12:04
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from a072659 to 0f6ed68 Compare June 12, 2024 00:06
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Jun 12, 2024
@socket-security Socket Security
Copy link

socket-security bot commented Jun 12, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
pypi/flask@2.2.5 environment, eval, filesystem, network, shell Transitive: unsafe +512 790 MB

🚮 Removed packages: pypi/flask@2.2.2

View full report↗︎

@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 0f6ed68 to 2cd9263 Compare June 18, 2024 12:08
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Jun 18, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 2cd9263 to 6b1dc77 Compare July 8, 2024 12:07
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Jul 8, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 6b1dc77 to e80e93c Compare July 11, 2024 18:02
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Jul 11, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from e80e93c to c7c94f1 Compare September 7, 2024 08:25
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Sep 7, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from c7c94f1 to 1285908 Compare September 8, 2024 06:09
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Sep 8, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.3.2 Sep 21, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 1285908 to 734a541 Compare September 21, 2024 00:05
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.3.2 Update dependency flask to v2.2.5 Dec 25, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/flask-2.x branch from 734a541 to f56df3c Compare December 25, 2024 12:03
@mend-for-github-com mend-for-github-com bot changed the title Update dependency flask to v2.2.5 Update dependency flask to v2.2.5 - autoclosed Feb 12, 2025
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/flask-2.x branch February 12, 2025 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rafikmojr