fix(sec): resolve Dependabot security alerts

[hainenber]

fix(sec): resolve Dependabot security alerts

SUMMARY

The main purpose is to Trim down the project's security alerts. Most changes are of bumping patch versions so no breaking changes at all, except for changes in Yarn lockfile in docs/ but it's pretty safe as well from first glance.

• High: GHSA-9wv6-86v2-598j, GHSA-rhx6-c78j-4q9w (path-to-regexp), CVE-2024-53899 (virtualenv)
• Moderate: GHSA-gmj6-6f8f-6699, GHSA-q2x7-8rv6-6q7h (jinja2), GHSA-34jh-p97f-mpxf (urllib3), GHSA-84pr-m4jr-85g5 (flask-cors)
• Low: GHSA-pxg6-pf52-xh8x (cookie), GHSA-m6fv-jmcg-4jfg (send)

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[korbit-ai]

I've completed my review and didn't find any issues.

Need a new review? Comment /korbit-review on this PR and I'll review your latest changes.

Korbit Guide: Usage and Customization

Interacting with Korbit

• You can manually ask Korbit to review your PR using the /korbit-review command in a comment at the root of your PR.
• You can ask Korbit to generate a new PR description using the /korbit-generate-pr-description command in any comment on your PR.
• Too many Korbit comments? I can resolve all my comment threads if you use the /korbit-resolve command in any comment on your PR.
• Chat with Korbit on issues we post by tagging @korbit-ai in your reply.
• Help train Korbit to improve your reviews by giving a 👍 or 👎 on the comments Korbit posts.

Customizing Korbit

• Check out our docs on how you can make Korbit work best for you and your team.
• Customize Korbit for your organization through the Korbit Console.

Current Korbit Configuration

General Settings

​

Setting	Value
Review Schedule	Automatic excluding drafts
Max Issue Count	10
Automatic PR Descriptions	❌

Issue Categories

​

Category	Enabled
Documentation	✅
Logging	✅
Error Handling	✅
Readability	✅
Design	✅
Performance	✅
Security	✅
Functionality	✅

Feedback and Support

• Tell us what you think of Korbit
• Schedule a call with our team
• Email us @ support@korbit.ai

Note

Korbit Pro is free for open source projects 🎉

Looking to add Korbit to your team? Get started with a free 2 week trial here

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.45%. Comparing base (76d897e) to head (890fb2a).
Report is 1452 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #32274       +/-   ##
===========================================
+ Coverage   60.48%   83.45%   +22.96%     
===========================================
  Files        1931      546     -1385     
  Lines       76236    39097    -37139     
  Branches     8568        0     -8568     
===========================================
- Hits        46114    32629    -13485     
+ Misses      28017     6468    -21549     
+ Partials     2105        0     -2105     

Flag	Coverage Δ
hive	48.49% <ø> (-0.67%)	⬇️
javascript	?
mysql	75.85% <ø> (?)
postgres	75.92% <ø> (?)
presto	53.02% <ø> (-0.78%)	⬇️
python	83.45% <ø> (+19.96%)	⬆️
sqlite	75.43% <ø> (?)
unit	61.06% <ø> (+3.44%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[hainenber]

From my calculation, this PR should resolve ALL current High-severity Security Alerts and in general 60% of total vulnerability count.

[hainenber]

flask-cors is already at v4. I only added an upper bound to avoid accidental major version bumps

[rusackas]

Thanks for taking care of these!