New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add GHA tooling #331

Merged

corydolphin merged 3 commits into main from switch-to-gha

Jun 26, 2023

Owner

corydolphin commented Jun 24, 2023 •

edited

Loading

Travis seems to be complaining about running out of seats. Travis seems deprecated, moving to GHA.

corydolphin force-pushed the switch-to-gha branch 3 times, most recently from 2750573 to d3f536f Compare

June 25, 2023 22:39


          Add GHA tooling

dda3c51

corydolphin force-pushed the switch-to-gha branch 2 times, most recently from 1f49d76 to 48cdd2d Compare

June 25, 2023 23:00


          Reduce matrix

38effa4

corydolphin force-pushed the switch-to-gha branch from 48cdd2d to 38effa4 Compare

June 25, 2023 23:02

corydolphin had a problem deploying to release

June 26, 2023 01:09

— with

GitHub Actions Failure

corydolphin had a problem deploying to release

June 26, 2023 01:10

— with

GitHub Actions Failure

corydolphin force-pushed the switch-to-gha branch from 8e02839 to c6d9918 Compare

June 26, 2023 01:12

corydolphin had a problem deploying to release

June 26, 2023 01:13

— with

GitHub Actions Failure

corydolphin force-pushed the switch-to-gha branch 2 times, most recently from 8ba1082 to 4a3e46f Compare

June 26, 2023 01:14

corydolphin had a problem deploying to release

June 26, 2023 01:15

— with

GitHub Actions Failure

corydolphin temporarily deployed to release

June 26, 2023 01:18

— with

GitHub Actions Inactive

corydolphin force-pushed the switch-to-gha branch from 4a3e46f to 59746f2 Compare

June 26, 2023 05:33

corydolphin marked this pull request as ready for review

June 26, 2023 05:33


          Test release flow

943b2da

corydolphin force-pushed the switch-to-gha branch from 59746f2 to 943b2da Compare

June 26, 2023 05:35

corydolphin merged commit 0b74401 into main

corydolphin deleted the switch-to-gha branch

June 26, 2023 05:35

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request


          py-flask-cors: Update to 4.0.0.

172b79f

## 4.0.0
* Remove support for Python versions older than 3.8 by @WAKayser in corydolphin/flask-cors#330
* Add GHA tooling by @corydolphin in corydolphin/flask-cors#331

## 3.1.01
* Include examples to specify that schema and port must be included in … by @YPCrumble in corydolphin/flask-cors#294
* two small changes to the documentation, based on issue #290 by @bbbart in corydolphin/flask-cors#291
* Fix typo by @sunarch in corydolphin/flask-cors#304
* FIX: typo in CSRF by @sattamjh in corydolphin/flask-cors#315
* Test against recent Python versions by @pylipp in corydolphin/flask-cors#314
* Correct spelling mistakes by @EdwardBetts in corydolphin/flask-cors#311
* 'Access-Control-Allow-Private-Network = true' header for http response by @chelo-kjml in corydolphin/flask-cors#318
* docs: Fix a few typos by @timgates42 in corydolphin/flask-cors#323
* [Docs] Fix typo in configuration documentation by @sachit-shroff in corydolphin/flask-cors#316

emmeowzing referenced this pull request in premiscale/premiscale


          chore(deps): update dependency flask-cors to v4 [security] (#161)

83b3372

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [flask-cors](https://github.com/corydolphin/flask-cors) | `==3.0.10`
-> `==4.0.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/flask-cors/4.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/flask-cors/4.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/flask-cors/3.0.10/4.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/flask-cors/3.0.10/4.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

#### [CVE-2024-1681](https://nvd.nist.gov/vuln/detail/CVE-2024-1681)

corydolphin/flask-cors is vulnerable to log injection when the log level
is set to debug. An attacker can inject fake log entries into the log
file by sending a specially crafted GET request containing a CRLF
sequence in the request path. This vulnerability allows attackers to
corrupt log files, potentially covering tracks of other attacks,
confusing log post-processing tools, and forging log entries. The issue
is due to improper output neutralization for logs.

---

### Release Notes

<details>
<summary>corydolphin/flask-cors (flask-cors)</summary>

###
[`v4.0.1`](https://github.com/corydolphin/flask-cors/blob/HEAD/CHANGELOG.md#401)

[Compare
Source](https://github.com/corydolphin/flask-cors/compare/4.0.0...4.0.1)

##### Security

- Address
[CVE-2024-1681](https://github.com/advisories/GHSA-84pr-m4jr-85g5)
which is a log injection vulnerability when the log level is set to
debug by [@&#8203;aneshujevic](https://github.com/aneshujevic) in
[https://github.com/corydolphin/flask-cors/pull/351](https://github.com/corydolphin/flask-cors/pull/351)

###
[`v4.0.0`](https://github.com/corydolphin/flask-cors/blob/HEAD/CHANGELOG.md#400)

[Compare
Source](https://github.com/corydolphin/flask-cors/compare/3.0.10...4.0.0)

- Remove support for Python versions older than 3.8 by
[@&#8203;WAKayser](https://github.com/WAKayser) in
[https://github.com/corydolphin/flask-cors/pull/330](https://github.com/corydolphin/flask-cors/pull/330)
- Add GHA tooling by
[@&#8203;corydolphin](https://github.com/corydolphin) in
[https://github.com/corydolphin/flask-cors/pull/331](https://github.com/corydolphin/flask-cors/pull/331)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/premiscale/premiscale).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet