Skip to content

⬆️ Bump the python-dashboard group across 1 directory with 3 updates#92

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/bundle/dashboard/python-dashboard-1162618e86
Open

⬆️ Bump the python-dashboard group across 1 directory with 3 updates#92
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/bundle/dashboard/python-dashboard-1162618e86

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 10, 2026
edited
Loading

Copy link
Copy Markdown

Updates the requirements on flask-wtf, gunicorn and tomli-w to permit the latest version.
Updates flask-wtf to 1.3.0

Release notes

Sourced from flask-wtf's releases.

v1.3.0

What's Changed

New Contributors

Full Changelog: pallets-eco/flask-wtf@v1.2.2...v1.3.0

Changelog

Sourced from flask-wtf's changelog.

Version 1.3.0

Released 2026-04-23

  • Don't read the whole uploaded files to know their size. :pr:635
  • Stop support for Python 3.9. Start support for Python 3.14. :pr:648
  • Migrate the project to uv. :pr:649
  • Allow setting a nonce on :class:~flask_wtf.recaptcha.RecaptchaField (string or zero-argument callable) for nonce-based Content Security Policies. :pr:312
  • Add csrf_meta_tag() helper and WTF_CSRF_META_NAME setting to render the CSRF token as an HTML <meta> tag.
  • Forward keyword arguments passed to the reCAPTCHA widget as HTML attributes on the captcha <div>, with the field id used as a default id. :pr:353
  • Add apply_exemptions parameter to :meth:~flask_wtf.csrf.CSRFProtect.protect so @csrf.exempt keeps working when validation is triggered manually. :pr:419
  • Add RECAPTCHA_ENABLED setting. :pr:509

Version 1.2.2

Released 2024-10-20

  • Move the project to the pallets-eco organization. :pr:602
  • Stop support for Python 3.8. Start support for Python 3.13. :pr:603

Version 1.2.1

Released 2023-10-02

  • Fix a bug introduced with :pr:556 where file validators were editing the file fields content. :pr:578

Version 1.2.0

Released 2023-10-01

  • Add field MultipleFileField. FileRequired, FileAllowed, FileSize now can be used to validate multiple files :pr:556 :issue:338

Version 1.1.2

Released 2023-09-29

... (truncated)

Commits

Updates gunicorn to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

  • Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

  • ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
  • ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

  • HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
    • Reject authority-form request-target outside CONNECT
    • Reject asterisk-form request-target outside OPTIONS
    • Reject relative-reference request-targets
  • Header Field Hardening (RFC 9110):
    • Reject control characters in header field-value (section 5.5)
    • Reject forbidden trailer field-names (section 6.5.1)
    • Reject Content-Length list form (RFC 9112 section 6.3)
  • Request Smuggling Hardening:
    • Tighten keepalive gate and scope finish_body byte cap
    • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
    • Address parser/protocol findings from a six-point WSGI/ASGI audit
  • PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
  • Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

  • Body Framing on HEAD/204/304:
    • Keep Content-Length on HEAD and 304 responses (#3621)
    • Drop body framing on HEAD/204/304 even when the framework set it
    • Warn once when an ASGI app emits a body for a no-body response
  • HTTP/2 ASGI:
    • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
    • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
  • HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
  • WebSocket Close Handshake (RFC 6455):
    • Comply with the close handshake state machine
    • Close the transport after the close handshake completes
    • Fix binary send when the text key is None
  • Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
  • ASGI Framework Fixes:
    • Fix ASGI disconnect handling for Django-style apps
    • Fix Litestar request handling (use raw ASGI receive for body/headers)
    • Fix Litestar HTTP endpoints for compatibility tests
    • Fix Quart headers endpoint to normalize keys to lowercase
    • Fix Quart WebSocket close test app (missing accept())
    • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits
  • 5d819cf release: 26.0.0
  • b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
  • 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
  • 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
  • 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
  • f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
  • 54d38af test: unblock docker fixtures on macOS hosts
  • 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
  • 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
  • 41ec752 fix: keep Content-Length on HEAD and 304 responses
  • Additional commits viewable in compare view

Updates tomli-w to 1.2.0

Changelog

Sourced from tomli-w's changelog.

1.2.0

  • Added
    • Always preserve decimal.Decimal type in parse round trips
  • Improved
    • Better TypeError message on invalid mapping keys
    • Unify type representation in error messages
  • Performance
    • Improve import time by removing typing import
    • Improve import time by removing string import
    • Improve import time by lazy importing decimal

1.1.0

  • Removed
    • Support for Python 3.7 and 3.8
  • Added
    • Accept generic collections.abc.Mapping, not just dict, as input. Thank you Watal M. Iwasaki for the PR.
    • indent keyword argument for customizing indent width of arrays. Thank you Wim Jeantine-Glenn for the PR.
  • Type annotations
    • Type annotate dump function's output stream object as typing.IO[bytes] (previously typing.BinaryIO)

1.0.0

  • Removed
    • Support for Python 3.6
    • Positional arguments of dump and dumps can no longer be passed by keyword.
  • Changed
    • Revised logic for when the "Array of Tables" syntax will be used. AoT syntax is used when at least one of the tables needs multiple lines, or a single line wider than 100 chars, when rendered inline. A nested structure no longer alone triggers the AoT syntax.

0.4.0

  • Added
    • Support for formatting Python tuples as TOML arrays.
  • Fixed
    • Formatting of decimal.Decimal("inf"), decimal.Decimal("-inf") and decimal.Decimal("nan").
  • Changed
    • A list of dicts is now rendered using the "Array of Tables" syntax if at least one of the tables is a nested structure, or at least one of the tables would need a line wider than 100 chars when rendered inline. Thank you Anderson Bravalheri for the PR.

0.3.0

... (truncated)

Commits
  • a8f8017 Bump version: 1.1.0 → 1.2.0
  • 1b5c0d4 Add v1.2.0 change log
  • 90fff30 Reduce import time by lazy importing decimal
  • 95cc6c7 Reduce import time by removing typing import (#68)
  • 420897a improve: preserve Decimal type when round-tripping (#66)
  • e11e00e Reduce import time by removing string import
  • 21b8be3 [pre-commit.ci] pre-commit autoupdate and auto fixes
  • ce2a466 Unify type representation in error messages
  • ac553e1 Test against Python 3.13 final
  • 100394d Fix codecov
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
⬆️ Bump the python-dashboard group across 1 directory with 3 updates
2eeea05 
Updates the requirements on [flask-wtf](https://github.com/pallets-eco/flask-wtf), [gunicorn](https://github.com/benoitc/gunicorn) and [tomli-w](https://github.com/hukkin/tomli-w) to permit the latest version.

Updates `flask-wtf` to 1.3.0
- [Release notes](https://github.com/pallets-eco/flask-wtf/releases)
- [Changelog](https://github.com/pallets-eco/flask-wtf/blob/main/docs/changes.rst)
- [Commits](pallets-eco/flask-wtf@v1.2.0...v1.3.0)

Updates `gunicorn` to 26.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@25.0.0...26.0.0)

Updates `tomli-w` to 1.2.0
- [Changelog](https://github.com/hukkin/tomli-w/blob/master/CHANGELOG.md)
- [Commits](hukkin/tomli-w@1.0.0...1.2.0)

---
updated-dependencies:
- dependency-name: flask-wtf
  dependency-version: 1.3.0
  dependency-type: direct:production
  dependency-group: python-dashboard
- dependency-name: gunicorn
  dependency-version: 26.0.0
  dependency-type: direct:production
  dependency-group: python-dashboard
- dependency-name: tomli-w
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: python-dashboard
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 10, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants