Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] main from pallets:main #285

Merged
merged 15 commits into from
May 7, 2024
Merged

[pull] main from pallets:main #285

merged 15 commits into from
May 7, 2024

Conversation

pull[bot]
Copy link

@pull pull bot commented May 7, 2024

See Commits and Changes for more details.


Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

momotarogrp and others added 15 commits May 4, 2024 10:03
root={}
path=()
os.path.join(*path)
Traceback (most recent call last):
  File "<string>", line 1, in <module>
TypeError: join() missing 1 required positional argument: 'path'
single host in cn field
san extension for wildcard name
tell Python to handle itms-services scheme correctly
Add a list of `trusted_hosts` to the `DebuggedApplication` middleware. It defaults to only allowing `localhost`, `.localhost` subdomains, and `127.0.0.1`. `run_simple(use_debugger=True)` adds its `hostname` argument to the trusted list as well. The middleware can be used directly to further modify the trusted list in less common development scenarios.

The debugger UI uses the full `document.location` instead of only `document.location.pathname`.

Either of these fixes on their own mitigates the reported vulnerability.
restrict debugger trusted hosts
updates:
- [github.com/astral-sh/ruff-pre-commit: v0.3.5 → v0.4.3](astral-sh/ruff-pre-commit@v0.3.5...v0.4.3)
@pull pull bot added the ⤵️ pull label May 7, 2024
@pull pull bot merged commit 4b0af3b into MLH-Fellowship:main May 7, 2024
9 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants