From 5de0b3ef54b428f384d2af29d29f0a53d0a6b405 Mon Sep 17 00:00:00 2001
From: bakerboy448 <55419169+bakerboy448@users.noreply.github.com>
Date: Sun, 1 Mar 2026 17:20:52 -0600
Subject: [PATCH] fix: bump all pinned dependencies to resolve 11 Dependabot
 alerts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Flask 2.2.5 → 3.1.3 (session Vary header, low)
- Werkzeug 3.0.2 → 3.1.6 (safe_join device names, debugger RCE, resource exhaustion)
- Jinja2 3.1.4 → 3.1.6 (sandbox breakout via filenames/format/attr)
- requests 2.32.0 → 2.32.4 (.netrc credential leak)
- itsdangerous 2.1.2 → 2.2.0 (Flask 3.x requirement)
- click 8.1.7 → 8.1.8
- MarkupSafe 2.1.5 → 3.0.2
- Add blinker 1.9.0 (Flask 3.x requirement)

Resolves: #4, #7, #8, #10, #11, #12, #13, #14, #15, #16, #17
---
 requirements.txt | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index d8f6c95..c5baf74 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,8 +1,9 @@
-Flask==2.2.5
-requests==2.32.0
+Flask==3.1.3
+requests==2.32.4
 apprise==0.9.5.1
-Werkzeug==3.0.2
-Jinja2==3.1.4
-itsdangerous==2.1.2
-click==8.1.7
-MarkupSafe==2.1.5
+Werkzeug==3.1.6
+Jinja2==3.1.6
+itsdangerous==2.2.0
+click==8.1.8
+MarkupSafe==3.0.2
+blinker==1.9.0