Bump flask-cors from 3.0.10 to 6.0.0 in /backend in the pip group across 1 directory

[dependabot]

Bumps the pip group with 1 update in the /backend directory: flask-cors.

Updates flask-cors from 3.0.10 to 6.0.0

Release notes

Sourced from flask-cors's releases.

6.0.0

Breaking

Path specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.

• [CVE-2024-6839] Sort Paths by Regex Specificity by @​adrianosela in corydolphin/flask-cors#391
• [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by @​adrianosela in corydolphin/flask-cors#389

What's Changed

• [CVE-2024-6866] Case Sensitive Request Path Matching by @​adrianosela in corydolphin/flask-cors#390

Full Changelog: corydolphin/flask-cors@5.0.1...6.0.0

5.0.1

What's Changed

This primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements

• [Docs] Fix links to documentation by @​coren-frankel in corydolphin/flask-cors#369
• Fix minor typos by @​kkirsche in corydolphin/flask-cors#371
• Migrate packaging and environment management to use uv by @​corydolphin in corydolphin/flask-cors#377
• Fix release pipeline by @​corydolphin in corydolphin/flask-cors#378
• Always use trusted publishing by @​corydolphin in corydolphin/flask-cors#379
• Workaround license publishing issue by @​corydolphin in corydolphin/flask-cors#380
• Fix packaging: missing source files by @​corydolphin in corydolphin/flask-cors#381

New Contributors

• @​coren-frankel made their first contribution in corydolphin/flask-cors#369
• @​kkirsche made their first contribution in corydolphin/flask-cors#371

Full Changelog: corydolphin/flask-cors@5.0.0...5.0.01

5.0.0

What's Changed

• Breaking: Change default to disable private network access by @​corydolphin in corydolphin/flask-cors#368 This effectively resolves GHSA-hxwh-jpp2-84pm https://osv.dev/vulnerability/PYSEC-2024-71

Full Changelog: corydolphin/flask-cors@4.0.2...5.0.0

4.0.2

What's Changed

• Bump requests from 2.31.0 to 2.32.0 in /docs by @​dependabot in corydolphin/flask-cors#358
• Backwards Compatible Fix for CVE-2024-6221 by @​adrianosela in corydolphin/flask-cors#363
• Add unit tests for Private-Network by @​corydolphin in corydolphin/flask-cors#367

New Contributors

• @​dependabot made their first contribution in corydolphin/flask-cors#358
• @​adrianosela made their first contribution in corydolphin/flask-cors#363

Full Changelog: corydolphin/flask-cors@4.0.1...4.0.2

... (truncated)

Changelog

Sourced from flask-cors's changelog.

Change Log

4.0.1

Security

• Address CVE-2024-1681 which is a log injection vulnerability when the log level is set to debug by @​aneshujevic in corydolphin/flask-cors#351

4.0.0

• Remove support for Python versions older than 3.8 by @​WAKayser in corydolphin/flask-cors#330
• Add GHA tooling by @​corydolphin in corydolphin/flask-cors#331

3.1.01

• Include examples to specify that schema and port must be included in … by @​YPCrumble in corydolphin/flask-cors#294
• two small changes to the documentation, based on issue #290 by @​bbbart in corydolphin/flask-cors#291
• Fix typo by @​sunarch in corydolphin/flask-cors#304
• FIX: typo in CSRF by @​sattamjh in corydolphin/flask-cors#315
• Test against recent Python versions by @​pylipp in corydolphin/flask-cors#314
• Correct spelling mistakes by @​EdwardBetts in corydolphin/flask-cors#311
• 'Access-Control-Allow-Private-Network = true' header for http response by @​chelo-kjml in corydolphin/flask-cors#318
• docs: Fix a few typos by @​timgates42 in corydolphin/flask-cors#323
• [Docs] Fix typo in configuration documentation by @​sachit-shroff in corydolphin/flask-cors#316

Commits

• 35d8753 [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...
• e970988 [CVE-2024-6839] Sort Paths by Regex Specificity (#391)
• eb39516 [CVE-2024-6866] Case Sensitive Request Path Matching (#390)
• 5da9be4 Fix packaging: missing source files (#381)
• 65a5132 Workaround license publishing issue (#380)
• 7127e7e Always use trusted publishing (#379)
• 01e2e68 Fix release pipeline (#378)
• ade65a1 Major Packaging Refactor: migrate to uv (#377)
• eb44bff fix: typos (#371)
• 1225e78 replace documentation links in README (#369)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[Nate-Wessel]

@dependabot rebase

[dependabot]

Looks like flask-cors is no longer updatable, so this is no longer needed.