Skip to content

Update flask-cors requirement from ~=5.0 to ~=6.0 in /pydatalab #1223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 7, 2025
Merged

Update flask-cors requirement from ~=5.0 to ~=6.0 in /pydatalab #1223

merged 2 commits into from
Jun 7, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 1, 2025

Updates the requirements on flask-cors to permit the latest version.

Release notes

Sourced from flask-cors's releases.

6.0.0

Breaking

Path specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.

What's Changed

Full Changelog: corydolphin/flask-cors@5.0.1...6.0.0

Changelog

Sourced from flask-cors's changelog.

Change Log

4.0.1

Security

4.0.0

3.1.01

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @​sreekanth370

3.0.9

Security

  • Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for "/api/*" whereas the path actually expands simply to "/foo.txt"

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from 'collections' in Python 3.7. Thank you @​juanmaneo and @​jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of '*' is never sent if supports_credentials is True (fixes Issue #202)

  • If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependency_updates For issues/PRs that update the dependencies of the package label Jun 1, 2025
@dependabot dependabot bot added the dependency_updates For issues/PRs that update the dependencies of the package label Jun 1, 2025
@codecov Codecov
Copy link

codecov bot commented Jun 7, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.73%. Comparing base (5568c51) to head (0a3334c).
⚠️ Report is 77 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1223   +/-   ##
=======================================
  Coverage   71.73%   71.73%           
=======================================
  Files          66       66           
  Lines        4482     4482           
=======================================
  Hits         3215     3215           
  Misses       1267     1267
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

dependabot bot and others added 2 commits June 7, 2025 16:30
@dependabot @ml-evs
Update flask-cors requirement from ~=5.0 to ~=6.0 in /pydatalab
4bc7cac 
Updates the requirements on [flask-cors](https://github.com/corydolphin/flask-cors) to permit the latest version.
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@5.0.0...6.0.0)

---
updated-dependencies:
- dependency-name: flask-cors
  dependency-version: 6.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ml-evs
Update lock file
0a3334c
@ml-evs ml-evs force-pushed the dependabot/pip/pydatalab/main/flask-cors-approx-eq-6.0 branch from 7df7c1a to 0a3334c Compare June 7, 2025 15:30
@ml-evs ml-evs enabled auto-merge (squash) June 7, 2025 15:35
@cypress Cypress
Copy link

cypress bot commented Jun 7, 2025

datalab    Run #3438

Run Properties:  status check failed Failed #3438  •  git commit 9a143e441b ℹ️: Merge 0a3334ca7a0bd306c05c6a4501fbe743e49738d5 into 5568c5171386e2b8ebb29a037885...
Project datalab
Branch Review dependabot/pip/pydatalab/main/flask-cors-approx-eq-6.0
Run status status check failed Failed #3438
Run duration 08m 25s
Commit git commit 9a143e441b ℹ️: Merge 0a3334ca7a0bd306c05c6a4501fbe743e49738d5 into 5568c5171386e2b8ebb29a037885...
Committer dependabot[bot]
View all properties for this run ↗︎
Test results
Tests that failed  Failures 1
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 0
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 385
View all changes introduced in this branch ↗︎

Tests for review

Failed  cypress/e2e/editPage.cy.js • 1 failed test • End-to-end tests (electron)

View Output

Test Artifacts
Edit Page > Clicks the upload buttons and checks that the modals are shown Test Replay Screenshots

@ml-evs ml-evs merged commit 747feb5 into main Jun 7, 2025
23 of 24 checks passed
@ml-evs ml-evs deleted the dependabot/pip/pydatalab/main/flask-cors-approx-eq-6.0 branch June 7, 2025 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ml-evs ml-evs ml-evs approved these changes

@jdbocarsly jdbocarsly Awaiting requested review from jdbocarsly jdbocarsly is a code owner

@BenjaminCharmes BenjaminCharmes Awaiting requested review from BenjaminCharmes BenjaminCharmes is a code owner

Assignees
No one assigned
Labels
dependency_updates For issues/PRs that update the dependencies of the package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ml-evs