Skip to content

Bump the pip group across 1 directory with 2 updates#338

Closed
dependabot[bot] wants to merge 377 commits intomainfrom
dependabot/pip/backend/src/pip-2ef4e9d2eb
Closed

Bump the pip group across 1 directory with 2 updates#338
dependabot[bot] wants to merge 377 commits intomainfrom
dependabot/pip/backend/src/pip-2ef4e9d2eb

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 2, 2025
edited
Loading

Bumps the pip group with 2 updates in the /backend/src directory: flask and werkzeug.

Updates flask from 3.1.0 to 3.1.1

Release notes

Sourced from flask's releases.

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

  • Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. #5645
  • flask --help loads the app and plugins first to make sure all commands are shown. #5673
  • Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659
Changelog

Sourced from flask's changelog.

Version 3.1.1

Released 2025-05-13

  • Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. :issue:5645
  • flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673
  • Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659
Commits

Updates werkzeug from 3.1.3 to 3.1.4

Release notes

Sourced from werkzeug's releases.

3.1.4

This is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.4/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4 Milestone: https://github.com/pallets/werkzeug/milestone/42?closed=1

  • safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. ghsa-hgf8-39gv-g3f2
  • The debugger pin fails after 10 attempts instead of 11. #3020
  • The multipart form parser handles a \r\n sequence at a chunk boundary. #3065
  • Improve CPU usage during Watchdog reloader. #3054
  • Request.json annotation is more accurate. #3067
  • Traceback rendering handles when the line number is beyond the available source lines. #3044
  • HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. #3056
Changelog

Sourced from werkzeug's changelog.

Version 3.1.4

Released 2025-11-28

  • safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. :ghsa:hgf8-39gv-g3f2
  • The debugger pin fails after 10 attempts instead of 11. :pr:3020
  • The multipart form parser handles a \r\n sequence at a chunk boundary. :issue:3065
  • Improve CPU usage during Watchdog reloader. :issue:3054
  • Request.json annotation is more accurate. :issue:3067
  • Traceback rendering handles when the line number is beyond the available source lines. :issue:3044
  • HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. :issue:3056
Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

symysak and others added 30 commits March 3, 2024 00:56
@symysak
Merge pull request #51 from ProgrammingLab/dependabot/npm_and_yarn/fr…
6e52006 
…ontend/framer-motion-11.0.8

Bump framer-motion from 11.0.7 to 11.0.8 in /frontend
@symysak
Merge pull request #50 from ProgrammingLab/dependabot/npm_and_yarn/fr…
ae7241c 
…ontend/types/node-20.11.24

Bump @types/node from 20.11.23 to 20.11.24 in /frontend
@dependabot
Bump autoprefixer from 10.4.17 to 10.4.18 in /frontend
517391f 
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 10.4.17 to 10.4.18.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@10.4.17...10.4.18)

---
updated-dependencies:
- dependency-name: autoprefixer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump eslint-config-next from 14.1.0 to 14.1.1 in /frontend
bb31947 
Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 14.1.0 to 14.1.1.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v14.1.1/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump next from 14.1.0 to 14.1.1 in /frontend
b240244 
Bumps [next](https://github.com/vercel/next.js) from 14.1.0 to 14.1.1.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.1.0...v14.1.1)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #52 from ProgrammingLab/dependabot/npm_and_yarn/fr…
903869c 
…ontend/autoprefixer-10.4.18
@symysak
Merge pull request #53 from ProgrammingLab/dependabot/npm_and_yarn/fr…
f00110a 
…ontend/eslint-config-next-14.1.1
@symysak
Merge pull request #54 from ProgrammingLab/dependabot/npm_and_yarn/fr…
f94da21 
…ontend/next-14.1.1
@dependabot
Bump @types/react from 18.2.61 to 18.2.62 in /frontend
b466b9e 
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.2.61 to 18.2.62.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

---
updated-dependencies:
- dependency-name: "@types/react"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump @nextui-org/snippet from 2.0.30 to 2.0.31 in /frontend
294eb16 
Bumps [@nextui-org/snippet](https://github.com/nextui-org/nextui/tree/HEAD/packages/components/snippet) from 2.0.30 to 2.0.31.
- [Release notes](https://github.com/nextui-org/nextui/releases)
- [Changelog](https://github.com/nextui-org/nextui/blob/main/packages/components/snippet/CHANGELOG.md)
- [Commits](https://github.com/nextui-org/nextui/commits/@nextui-org/snippet@2.0.31/packages/components/snippet)

---
updated-dependencies:
- dependency-name: "@nextui-org/snippet"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump @cloudflare/next-on-pages from 1.9.0 to 1.10.0 in /frontend
03ed4cb 
Bumps [@cloudflare/next-on-pages](https://github.com/cloudflare/next-on-pages) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/cloudflare/next-on-pages/releases)
- [Commits](https://github.com/cloudflare/next-on-pages/compare/@cloudflare/next-on-pages@1.9.0...@cloudflare/next-on-pages@1.10.0)

---
updated-dependencies:
- dependency-name: "@cloudflare/next-on-pages"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #55 from ProgrammingLab/dependabot/npm_and_yarn/fr…
ca92e11 
…ontend/types/react-18.2.62
@symysak
Merge pull request #56 from ProgrammingLab/dependabot/npm_and_yarn/fr…
c86a367 
…ontend/nextui-org/snippet-2.0.31
@symysak
Merge pull request #57 from ProgrammingLab/dependabot/npm_and_yarn/fr…
28b1992 
…ontend/cloudflare/next-on-pages-1.10.0
@dependabot
Bump @nextui-org/button from 2.0.26 to 2.0.27 in /frontend
ed28851 
Bumps [@nextui-org/button](https://github.com/nextui-org/nextui/tree/HEAD/packages/components/button) from 2.0.26 to 2.0.27.
- [Release notes](https://github.com/nextui-org/nextui/releases)
- [Changelog](https://github.com/nextui-org/nextui/blob/main/packages/components/button/CHANGELOG.md)
- [Commits](https://github.com/nextui-org/nextui/commits/@nextui-org/button@2.0.27/packages/components/button)

---
updated-dependencies:
- dependency-name: "@nextui-org/button"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #58 from ProgrammingLab/dependabot/npm_and_yarn/fr…
f1adc54 
…ontend/nextui-org/button-2.0.27

Bump @nextui-org/button from 2.0.26 to 2.0.27 in /frontend
@dependabot
Bump @nextui-org/theme from 2.1.17 to 2.1.18 in /frontend
17cbe9f 
Bumps [@nextui-org/theme](https://github.com/nextui-org/nextui/tree/HEAD/packages/core/theme) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/nextui-org/nextui/releases)
- [Changelog](https://github.com/nextui-org/nextui/blob/main/packages/core/theme/CHANGELOG.md)
- [Commits](https://github.com/nextui-org/nextui/commits/@nextui-org/theme@2.1.18/packages/core/theme)

---
updated-dependencies:
- dependency-name: "@nextui-org/theme"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump @nextui-org/react from 2.2.9 to 2.2.10 in /frontend
58b1f4a 
Bumps [@nextui-org/react](https://github.com/nextui-org/nextui/tree/HEAD/packages/core/react) from 2.2.9 to 2.2.10.
- [Release notes](https://github.com/nextui-org/nextui/releases)
- [Changelog](https://github.com/nextui-org/nextui/blob/main/packages/core/react/CHANGELOG.md)
- [Commits](https://github.com/nextui-org/nextui/commits/@nextui-org/react@2.2.10/packages/core/react)

---
updated-dependencies:
- dependency-name: "@nextui-org/react"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #60 from ProgrammingLab/dependabot/npm_and_yarn/fr…
d3b2b9e 
…ontend/nextui-org/theme-2.1.18

Bump @nextui-org/theme from 2.1.17 to 2.1.18 in /frontend
@symysak
Merge pull request #61 from ProgrammingLab/dependabot/npm_and_yarn/fr…
5932de5 
…ontend/nextui-org/react-2.2.10

Bump @nextui-org/react from 2.2.9 to 2.2.10 in /frontend
@dependabot
Bump @nextui-org/input from 2.1.16 to 2.1.17 in /frontend
ae774fb 
Bumps [@nextui-org/input](https://github.com/nextui-org/nextui/tree/HEAD/packages/components/input) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/nextui-org/nextui/releases)
- [Changelog](https://github.com/nextui-org/nextui/blob/main/packages/components/input/CHANGELOG.md)
- [Commits](https://github.com/nextui-org/nextui/commits/@nextui-org/input@2.1.17/packages/components/input)

---
updated-dependencies:
- dependency-name: "@nextui-org/input"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #59 from ProgrammingLab/dependabot/npm_and_yarn/fr…
adb429d 
…ontend/nextui-org/input-2.1.17

Bump @nextui-org/input from 2.1.16 to 2.1.17 in /frontend
@dependabot
Bump @types/react from 18.2.62 to 18.2.63 in /frontend
feb291b 
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.2.62 to 18.2.63.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

---
updated-dependencies:
- dependency-name: "@types/react"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump eslint-config-next from 14.1.1 to 14.1.2 in /frontend
e311f74 
Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 14.1.1 to 14.1.2.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v14.1.2/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump next from 14.1.1 to 14.1.2 in /frontend
d1af79d 
Bumps [next](https://github.com/vercel/next.js) from 14.1.1 to 14.1.2.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.1.1...v14.1.2)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #62 from ProgrammingLab/dependabot/npm_and_yarn/fr…
f680589 
…ontend/types/react-18.2.63

Bump @types/react from 18.2.62 to 18.2.63 in /frontend
@symysak
Merge pull request #64 from ProgrammingLab/dependabot/npm_and_yarn/fr…
b5132c6 
…ontend/next-14.1.2

Bump next from 14.1.1 to 14.1.2 in /frontend
@symysak
Merge pull request #63 from ProgrammingLab/dependabot/npm_and_yarn/fr…
f117dd4 
…ontend/eslint-config-next-14.1.2

Bump eslint-config-next from 14.1.1 to 14.1.2 in /frontend
@dependabot
Bump @types/react-dom from 18.2.19 to 18.2.20 in /frontend
d9a6a92 
Bumps [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) from 18.2.19 to 18.2.20.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom)

---
updated-dependencies:
- dependency-name: "@types/react-dom"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #65 from ProgrammingLab/dependabot/npm_and_yarn/fr…
d8c4b97 
…ontend/types/react-dom-18.2.20

Bump @types/react-dom from 18.2.19 to 18.2.20 in /frontend
symysak and others added 22 commits March 21, 2025 16:59
@symysak
Merge pull request #223 from ProgrammingLab/dependabot/pip/backend/sr…
fad6f96 
…c/markupsafe-3.0.2

Bump markupsafe from 3.0.1 to 3.0.2 in /backend/src
@symysak
Merge pull request #233 from ProgrammingLab/dependabot/pip/backend/sr…
e70cfd4 
…c/blinker-1.9.0

Bump blinker from 1.8.2 to 1.9.0 in /backend/src
@symysak
Merge pull request #234 from ProgrammingLab/dependabot/pip/backend/sr…
7f563c7 
…c/flask-3.1.0

Bump flask from 3.0.3 to 3.1.0 in /backend/src
@dependabot
Bump werkzeug from 3.0.4 to 3.0.6 in /backend/src in the pip group
41d53ca 
Bumps the pip group in /backend/src with 1 update: [werkzeug](https://github.com/pallets/werkzeug).


Updates `werkzeug` from 3.0.4 to 3.0.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.0.4...3.0.6)

---
updated-dependencies:
- dependency-name: werkzeug
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #225 from ProgrammingLab/dependabot/pip/backend/sr…
f7fdd7b 
…c/pip-ffbef7d71c

Bump werkzeug from 3.0.4 to 3.0.6 in /backend/src in the pip group
@dependabot
Bump werkzeug from 3.0.4 to 3.1.3 in /backend/src
541e3f0 
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.0.4 to 3.1.3.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.0.4...3.1.3)

---
updated-dependencies:
- dependency-name: werkzeug
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump jinja2 from 3.1.4 to 3.1.6 in /backend/src in the pip group
cf9e2b7 
Bumps the pip group in /backend/src with 1 update: [jinja2](https://github.com/pallets/jinja).


Updates `jinja2` from 3.1.4 to 3.1.6
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.4...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #245 from ProgrammingLab/dependabot/pip/backend/sr…
b8fd2c2 
…c/pip-23b04c1fc7

Bump jinja2 from 3.1.4 to 3.1.6 in /backend/src in the pip group
@symysak
Merge pull request #232 from ProgrammingLab/dependabot/pip/backend/sr…
05aa9bf 
…c/werkzeug-3.1.3

Bump werkzeug from 3.0.4 to 3.1.3 in /backend/src
@symysak
Merge pull request #243 from ProgrammingLab/dependabot/npm_and_yarn/f…
1ced91a 
…rontend/typescript-5.7.3

Bump typescript from 5.6.2 to 5.7.3 in /frontend
@symysak
Merge pull request #241 from ProgrammingLab/dependabot/npm_and_yarn/f…
2f0b811 
…rontend/nextui-org/code-2.2.4

Bump @nextui-org/code from 2.0.27 to 2.2.4 in /frontend
@symysak
Merge pull request #238 from ProgrammingLab/dependabot/npm_and_yarn/f…
11a7c3a 
…rontend/npm_and_yarn-0189ad7b96

Bump cross-spawn from 7.0.3 to 7.0.6 in /frontend in the npm_and_yarn group
@symysak
Update dependabot.yml
0a96243
@symysak
Merge pull request #246 from ProgrammingLab/symysak-patch-2
5c137ed 
Update dependabot.yml
@dependabot
Bump docker/build-push-action from 5 to 6
802dc5e 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v5...v6)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump click from 8.1.7 to 8.1.8 in /backend/src
30d6fcc 
Bumps [click](https://github.com/pallets/click) from 8.1.7 to 8.1.8.
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.1.7...8.1.8)

---
updated-dependencies:
- dependency-name: click
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@symysak
Merge pull request #247 from ProgrammingLab/dependabot/github_actions…
c8af64f 
…/docker/build-push-action-6

Bump docker/build-push-action from 5 to 6
@symysak
Merge pull request #248 from ProgrammingLab/dependabot/pip/backend/sr…
1d79458 
…c/click-8.1.8

Bump click from 8.1.7 to 8.1.8 in /backend/src
@symysak
fix: deps
053afc7
@symysak @github-advanced-security
Potential fix for code scanning alert no. 3: Flask app is run in debu…
141992e 
…g mode

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@symysak
Merge pull request #254 from ProgrammingLab/alert-autofix-3
656f986 
Potential fix for code scanning alert no. 3: Flask app is run in debug mode
@dependabot
Bump the pip group across 1 directory with 2 updates
6bf889c 
Bumps the pip group with 2 updates in the /backend/src directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).


Updates `flask` from 3.1.0 to 3.1.1
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.1.0...3.1.1)

Updates `werkzeug` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: flask
  dependency-version: 3.1.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-version: 3.1.4
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 2, 2025
@waryu-YND waryu-YND closed this Mar 5, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 5, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/backend/src/pip-2ef4e9d2eb branch March 5, 2026 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waryu-YND @symysak