Skip to content

Update dependency Werkzeug to v3.0.6 #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency Werkzeug to v3.0.6 #41

mend-for-github-com wants to merge 1 commit into from

Conversation

@mend-for-github-com
Copy link
Contributor

@mend-for-github-com mend-for-github-com bot commented Nov 28, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
Werkzeug (changelog) patch ==3.0.3 -> ==3.0.6

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability
High High 7.5 CVE-2024-49767

Release Notes

pallets/werkzeug (Werkzeug)

v3.0.6

Compare Source

Released 2024-10-25

  • Fix how max_form_memory_size is applied when parsing large non-file
    fields. :ghsa:q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by
    ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

v3.0.5

Compare Source

Released 2024-10-24

  • The Watchdog reloader ignores file closed no write events. :issue:2945
  • Logging works with client addresses containing an IPv6 scope :issue:2952
  • Ignore invalid authorization parameters. :issue:2955
  • Improve type annotation fore SharedDataMiddleware. :issue:2958
  • Compatibility with Python 3.13 when generating debugger pin and the current
    UID does not have an associated name. :issue:2957

v3.0.4

Compare Source

Released 2024-08-21

  • Restore behavior where parsing multipart/x-www-form-urlencoded data with
    invalid UTF-8 bytes in the body results in no form data parsed rather than a
    413 error. :issue:2930
  • Improve parse_options_header performance when parsing unterminated
    quoted string values. :issue:2904
  • Debugger pin auth is synchronized across threads/processes when tracking
    failed entries. :issue:2916
  • Dev server handles unexpected SSLEOFError due to issue in Python < 3.13.
    :issue:2926
  • Debugger pin auth works when the URL already contains a query string.
    :issue:2918
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 28, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/werkzeug-3.x branch from 84fe03c to 7a082c7 Compare January 7, 2026 12:31
@mend-for-github-com mend-for-github-com bot changed the title Update dependency Werkzeug to v3.0.6 Update dependency Werkzeug to v3.1.4 Jan 7, 2026
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/werkzeug-3.x branch from 7a082c7 to 9c68157 Compare January 8, 2026 13:57
@mend-for-github-com mend-for-github-com bot changed the title Update dependency Werkzeug to v3.1.4 Update dependency Werkzeug to v3.0.6 Jan 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant