-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency flask to v2.2.5 [security] - autoclosed #4676
Conversation
☁️ Nx Cloud ReportCI is running/has finished running commands for commit b48985d. As they complete they will appear below. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this branch ✅ Successfully ran 8 targetsSent with 💌 from NxCloud. |
29029eb
to
7f1d5d8
Compare
Kudos, SonarCloud Quality Gate passed! |
7f1d5d8
to
b48985d
Compare
Kudos, SonarCloud Quality Gate passed! |
b48985d
to
682358e
Compare
Quality Gate passedIssues Measures |
☁️ Nx Cloud ReportCI is running/has finished running commands for commit 682358e. As they complete they will appear below. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this CI Pipeline Execution ✅ Successfully ran 9 targetsSent with 💌 from NxCloud. |
This PR contains the following updates:
2.2.3
->2.2.5
GitHub Vulnerability Alerts
CVE-2023-30861
When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches
Set-Cookie
headers, it may send one client'ssession
cookie to other clients. The severity depends on the application's use of the session, and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.session.permanent = True
.SESSION_REFRESH_EACH_REQUEST
is enabled (the default).Cache-Control
header to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the
Vary: Cookie
header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.Release Notes
pallets/flask (flask)
v2.2.5
Compare Source
Released 2023-05-02
Vary: Cookie
header when the session is accessed, modified, or refreshed.v2.2.4
Compare Source
Released 2023-04-25
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.