Bump werkzeug from 1.0.1 to 3.0.3 in /tests/fuzz/wasm-mutator-fuzz/server #12

dependabot · 2024-05-22T09:54:52Z

Bumps werkzeug from 1.0.1 to 3.0.3.

Release notes

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985

Make reloader more robust when "" is in sys.path. #2823

Better TLS cert format with adhoc dev certs. #2891

Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828

Type annotation for Rule.endpoint and other uses of endpoint is Any. #2836

3.0.2

This is a fix release for the 3.0.x feature branch.

Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-2

3.0.1

This is a security release for the 3.0.x feature branch.

Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

3.0.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-0

Milestone: https://github.com/pallets/werkzeug/milestone/21?closed=1

2.3.8

This is a security release for the 2.3.x feature branch.

Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-8

2.3.7

This is a fix release for the 2.3.x feature branch.

Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-7

Milestone: https://github.com/pallets/werkzeug/milestone/33?closed=1

2.3.6

This is a fix release for the 2.3.x feature branch.

Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-6

Milestone: https://github.com/pallets/werkzeug/milestone/32?closed=1

2.3.5

This is a fix release for the 2.3.x feature branch.

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.0.3

Released 2024-05-05

Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. :ghsa:2g68-c3qc-8985

Make reloader more robust when "" is in sys.path. :pr:2823

Better TLS cert format with adhoc dev certs. :pr:2891

Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. :issue:2828

Type annotation for Rule.endpoint and other uses of endpoint is Any. :issue:2836

Make reloader more robust when "" is in sys.path. :pr:2823

Version 3.0.2

Released 2024-04-01

Ensure setting merge_slashes to False results in NotFound for repeated-slash requests against single slash routes. :issue:2834

Fix handling of TypeError in TypeConversionDict.get() to match ValueError. :issue:2843

Fix response_wrapper type check in test client. :issue:2831

Make the return type of MultiPartParser.parse more precise. :issue:2840

Raise an error if converter arguments cannot be parsed. :issue:2822

Version 3.0.1

Released 2023-10-24

Fix slow multipart parsing for large parts potentially enabling DoS attacks.

Version 3.0.0

Released 2023-09-30

Remove previously deprecated code. :pr:2768

... (truncated)

Commits

f9995e9 release version 3.0.3
3386395 Merge pull request from GHSA-2g68-c3qc-8985
890b6b6 only require trusted host for evalex
71b69df restrict debugger trusted hosts
d2d3869 endpoint type is Any (#2895)
7080b55 endpoint type is Any
7555eff remove iri_to_uri redirect workaround (#2894)
97fb2f7 remove _invalid_iri_to_uri workaround
249527f make cn field a valid single hostname, and use wildcard in SANs field. (#2892)
793be47 update adhoc tls dev cert format
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

---

8ccebdb

updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 22, 2024

lum1n0us force-pushed the main branch 2 times, most recently from 354d939 to 7c0088a Compare June 13, 2024 00:17

lum1n0us force-pushed the main branch 5 times, most recently from bd3adb4 to f082d9a Compare June 14, 2024 05:14

lum1n0us force-pushed the main branch 2 times, most recently from e6fe6e7 to d8aee30 Compare June 25, 2024 23:14

lum1n0us force-pushed the main branch 4 times, most recently from 7890565 to 4dc4b67 Compare July 7, 2024 11:27

lum1n0us force-pushed the main branch 3 times, most recently from 743bffb to 7e38083 Compare July 23, 2024 07:33

lum1n0us force-pushed the main branch from 7e38083 to d7e1410 Compare July 31, 2024 03:18

lum1n0us force-pushed the main branch 2 times, most recently from f82e931 to 338c8a8 Compare August 14, 2024 01:16

lum1n0us force-pushed the main branch 3 times, most recently from 4abf955 to c0c04a4 Compare August 23, 2024 00:49

lum1n0us force-pushed the main branch 5 times, most recently from 1044a1a to c4a0382 Compare September 11, 2024 01:54

lum1n0us force-pushed the main branch from c4a0382 to 78178bd Compare September 19, 2024 01:35

lum1n0us force-pushed the main branch from 78178bd to a2f7834 Compare September 28, 2024 23:55

lum1n0us force-pushed the main branch 2 times, most recently from 9840609 to d90ffaa Compare October 10, 2024 23:21

lum1n0us self-requested a review as a code owner October 10, 2024 23:21

lum1n0us force-pushed the main branch 3 times, most recently from 81f4e4f to 4889566 Compare October 20, 2024 22:29

lum1n0us force-pushed the main branch from 4889566 to e483544 Compare October 23, 2024 00:07

lum1n0us force-pushed the main branch from 0f1f684 to ddc5be4 Compare November 1, 2024 03:16

lum1n0us force-pushed the main branch from ddc5be4 to 4195f4c Compare November 8, 2024 05:56

lum1n0us force-pushed the main branch 3 times, most recently from 50d3995 to f2842ed Compare November 20, 2024 00:52

lum1n0us force-pushed the main branch from f2842ed to fe773f5 Compare December 12, 2024 05:34

lum1n0us force-pushed the main branch from 48648fa to 2863502 Compare December 22, 2024 10:35

lum1n0us force-pushed the main branch from 2863502 to 29b182a Compare December 30, 2024 07:25

lum1n0us requested a review from TianlongLiang as a code owner December 30, 2024 07:25

lum1n0us force-pushed the main branch 2 times, most recently from 4f5e0be to 638f3d2 Compare January 6, 2025 23:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump werkzeug from 1.0.1 to 3.0.3 in /tests/fuzz/wasm-mutator-fuzz/server #12

Bump werkzeug from 1.0.1 to 3.0.3 in /tests/fuzz/wasm-mutator-fuzz/server #12

dependabot bot commented on behalf of github May 22, 2024 •

edited

Loading

Bump werkzeug from 1.0.1 to 3.0.3 in /tests/fuzz/wasm-mutator-fuzz/server #12

Are you sure you want to change the base?

Bump werkzeug from 1.0.1 to 3.0.3 in /tests/fuzz/wasm-mutator-fuzz/server #12

Conversation

dependabot bot commented on behalf of github May 22, 2024 • edited Loading

3.0.3

3.0.2

3.0.1

3.0.0

2.3.8

2.3.7

2.3.6

2.3.5

Version 3.0.3

Version 3.0.2

Version 3.0.1

Version 3.0.0

dependabot bot commented on behalf of github May 22, 2024 •

edited

Loading