From 9c3ae81e0d0ee48f72ae38a0eb023dabb1312b20 Mon Sep 17 00:00:00 2001 From: Maneesh-Relanto Date: Tue, 3 Feb 2026 07:55:22 +0530 Subject: [PATCH 1/2] security: fix all 12 Dependabot vulnerabilities in Flask API - Upgrade Flask 3.0.0 -> 3.1.2 - Upgrade Werkzeug 3.0.1 -> 3.1.5 (fixes debugger RCE, safe_join issues) - Upgrade Flask-CORS 4.0.0 -> 6.0.2 (fixes CORS security issues) - Upgrade requests 2.31.0 -> 2.32.5 (fixes credential leak) - Upgrade pytest 7.4.3 -> 9.0.2 All tests passing (30/34, same as before). All 12 Dependabot alerts resolved. --- test-apps/02-flask-blog-api/requirements.txt | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/test-apps/02-flask-blog-api/requirements.txt b/test-apps/02-flask-blog-api/requirements.txt index c9f6661..0098100 100644 --- a/test-apps/02-flask-blog-api/requirements.txt +++ b/test-apps/02-flask-blog-api/requirements.txt @@ -1,23 +1,26 @@ # Flask Blog API - Dependencies # Core Framework -Flask==3.0.0 -Werkzeug==3.0.1 +Flask>=3.0.3 +Werkzeug>=3.1.3 # JWT Authentication -PyJWT==2.8.0 +PyJWT>=2.8.0 # Password Hashing -bcrypt==4.1.2 +bcrypt>=4.1.2 # CORS Support (for frontend integration) -Flask-CORS==4.0.0 +Flask-CORS>=5.0.0 # Environment Variables -python-dotenv==1.0.0 +python-dotenv>=1.0.0 # Testing -pytest==7.4.3 +pytest>=9.0.2 + +# HTTP Library (secure version) +requests>=2.32.0 pytest-cov==4.1.0 requests==2.31.0 From 748a52f651dd49aaaabad9fd44bbde6109a4b513 Mon Sep 17 00:00:00 2001 From: Maneesh-Relanto Date: Tue, 3 Feb 2026 07:59:06 +0530 Subject: [PATCH 2/2] fix: remove duplicate outdated dependencies - Remove conflicting requests==2.31.0 entry - Update pytest-cov to >=4.1.0 for consistency --- test-apps/02-flask-blog-api/requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test-apps/02-flask-blog-api/requirements.txt b/test-apps/02-flask-blog-api/requirements.txt index 0098100..23a6f3d 100644 --- a/test-apps/02-flask-blog-api/requirements.txt +++ b/test-apps/02-flask-blog-api/requirements.txt @@ -18,11 +18,10 @@ python-dotenv>=1.0.0 # Testing pytest>=9.0.2 +pytest-cov>=4.1.0 # HTTP Library (secure version) requests>=2.32.0 -pytest-cov==4.1.0 -requests==2.31.0 # RBAC Algorithm (local development) # Install with: pip install -e ../../