Skip to content

Bump flask-cors from 4.0.2 to 6.0.0 in /servicex_app #1057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 30, 2025
Merged

Bump flask-cors from 4.0.2 to 6.0.0 in /servicex_app #1057

merged 1 commit into from
May 30, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 17, 2025

Bumps flask-cors from 4.0.2 to 6.0.0.

Release notes

Sourced from flask-cors's releases.

6.0.0

Breaking

Path specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.

What's Changed

Full Changelog: corydolphin/flask-cors@5.0.1...6.0.0

5.0.1

What's Changed

This primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements

New Contributors

Full Changelog: corydolphin/flask-cors@5.0.0...5.0.01

5.0.0

What's Changed

Full Changelog: corydolphin/flask-cors@4.0.2...5.0.0

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump flask-cors from 4.0.2 to 6.0.0 in /servicex_app
3d87e64 
Bumps [flask-cors](https://github.com/corydolphin/flask-cors) from 4.0.2 to 6.0.0.
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@4.0.2...6.0.0)

---
updated-dependencies:
- dependency-name: flask-cors
  dependency-version: 6.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 17, 2025
@ponyisi ponyisi requested review from BenGalewsky and Copilot May 20, 2025 03:27
@ponyisi
Copy link
Collaborator

ponyisi commented May 20, 2025

This should be fine since we don't specify any specific CORS paths. Let's have an expert though.

Copilot
Copilot AI reviewed May 20, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR upgrades the flask-cors dependency in pyproject.toml from version 4.0.1 to 6.0.0 to address CVEs and apply breaking changes introduced upstream.

  • Bumps flask-cors from ^4.0.1 to ^6.0.0
  • Calls out new path specificity ordering and case sensitivity in CORS matching
Comments suppressed due to low confidence (2)

servicex_app/pyproject.toml:20

  • After upgrading to flask-cors 6.0.0, add or update integration tests to cover the new path specificity ordering and case-sensitive matching changes to ensure CORS rules still behave as expected.
flask-cors = "^6.0.0"

servicex_app/pyproject.toml:20

  • [nitpick] Consider updating project documentation or README to note the upgrade to flask-cors 6.0.0 and highlight any breaking changes (path ordering, case sensitivity) so consumers are aware.
flask-cors = "^6.0.0"

ponyisi
ponyisi approved these changes May 30, 2025
View reviewed changes
Copy link
Collaborator

@ponyisi ponyisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's give it a go

@ponyisi ponyisi merged commit 6e3f588 into develop May 30, 2025
38 checks passed
@ponyisi ponyisi deleted the dependabot/pip/servicex_app/flask-cors-6.0.0 branch May 30, 2025 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@ponyisi ponyisi ponyisi approved these changes

@BenGalewsky BenGalewsky Awaiting requested review from BenGalewsky

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ponyisi