Bump the poetry-dependencies group with 2 updates

[dependabot]

Updates the requirements on flask-cors and cryptography to permit the latest version.
Updates flask-cors to 6.0.0

Release notes

Sourced from flask-cors's releases.

6.0.0

Breaking

Path specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.

• [CVE-2024-6839] Sort Paths by Regex Specificity by @​adrianosela in corydolphin/flask-cors#391
• [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by @​adrianosela in corydolphin/flask-cors#389

What's Changed

• [CVE-2024-6866] Case Sensitive Request Path Matching by @​adrianosela in corydolphin/flask-cors#390

Full Changelog: corydolphin/flask-cors@5.0.1...6.0.0

Changelog

Sourced from flask-cors's changelog.

Change Log

4.0.1

Security

• Address CVE-2024-1681 which is a log injection vulnerability when the log level is set to debug by @​aneshujevic in corydolphin/flask-cors#351

4.0.0

• Remove support for Python versions older than 3.8 by @​WAKayser in corydolphin/flask-cors#330
• Add GHA tooling by @​corydolphin in corydolphin/flask-cors#331

3.1.01

• Include examples to specify that schema and port must be included in … by @​YPCrumble in corydolphin/flask-cors#294
• two small changes to the documentation, based on issue #290 by @​bbbart in corydolphin/flask-cors#291
• Fix typo by @​sunarch in corydolphin/flask-cors#304
• FIX: typo in CSRF by @​sattamjh in corydolphin/flask-cors#315
• Test against recent Python versions by @​pylipp in corydolphin/flask-cors#314
• Correct spelling mistakes by @​EdwardBetts in corydolphin/flask-cors#311
• 'Access-Control-Allow-Private-Network = true' header for http response by @​chelo-kjml in corydolphin/flask-cors#318
• docs: Fix a few typos by @​timgates42 in corydolphin/flask-cors#323
• [Docs] Fix typo in configuration documentation by @​sachit-shroff in corydolphin/flask-cors#316

3.0.10

Adds support for PPC64 and ARM64 builds for distribution. Thanks @​sreekanth370

3.0.9

Security

• Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for "/api/*" whereas the path actually expands simply to "/foo.txt"

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from 'collections' in Python 3.7. Thank you @​juanmaneo and @​jdevera for the contribution.

3.0.7

Updated logging.warn to logging.warning (#234) Thanks Vaibhav

3.0.6

Manual error in release process. Identical contents at 3.0.5.

3.0.5

Fixes incorrect handling of regexes containing [, and a few other special characters. Fixes Issue #212

3.0.4

Handle response.headers being None. (Fixes issue #217)

3.0.3

Ensure that an Origin of '*' is never sent if supports_credentials is True (fixes Issue #202)

• If always_send=True, and '*' is in the allowed origins, and a request is made without an Origin header, no Access-Control-Allow-Origins header will now be returned. This is breaking if you depended on it, but was a bug as it goes against the spec.

... (truncated)

Commits

• 35d8753 [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...
• e970988 [CVE-2024-6839] Sort Paths by Regex Specificity (#391)
• eb39516 [CVE-2024-6866] Case Sensitive Request Path Matching (#390)
• 5da9be4 Fix packaging: missing source files (#381)
• 65a5132 Workaround license publishing issue (#380)
• 7127e7e Always use trusted publishing (#379)
• 01e2e68 Fix release pipeline (#378)
• ade65a1 Major Packaging Refactor: migrate to uv (#377)
• eb44bff fix: typos (#371)
• 1225e78 replace documentation links in README (#369)
• See full diff in compare view

Updates cryptography to 45.0.2

Changelog

Sourced from cryptography's changelog.

45.0.2 - 2025-05-17

* Fixed using ``mypy`` with ``cryptography`` on older versions of Python.
.. _v45-0-1:
45.0.1 - 2025-05-17

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0.

.. _v45-0-0:

45.0.0 - 2025-05-17 (YANKED)

* Support for Python 3.7 is deprecated and will be removed in the next
  ``cryptography`` release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores in
  :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded` and
  :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.verify_phc_encoded` methods
  to support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using AES-256 as the
  content algorithm, in addition to AES-128.
* **BACKWARDS INCOMPATIBLE:** Made SSH private key loading more consistent with
  other private key loading:
  :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`
  now raises a ``TypeError`` if the key is unencrypted but a password is
  provided (previously no exception was raised), and raises a ``TypeError`` if
  the key is encrypted but no password is provided (previously a ``ValueError``
  was raised).
* Added ``__copy__`` to the
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`, and
</tr></table> 

... (truncated)

Commits

• f81c075 Backport mypy fixes for release (#12930)
• 8ea28e0 bump for 45.0.1 (#12922)
• 6784097 bump for 45 release (#12886)
• 2d9c1c9 bump MSRV to 1.74 (#12919)
• 6c18874 Bump BoringSSL, OpenSSL, AWS-LC in CI (#12918)
• 43fd312 add test vectors for upcoming explicit curve loading (#12913)
• 6bfa0a3 chore(deps): bump asn1 from 0.21.2 to 0.21.3 (#12914)
• a88dd66 chore(deps): bump cc from 1.2.22 to 1.2.23 (#12912)
• e4e9840 chore(deps): bump uv from 0.7.3 to 0.7.4 in /.github/requirements (#12911)
• e140233 chore(deps): bump uv from 0.7.3 to 0.7.4 (#12910)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
manim-website-api	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 19, 2025 9:38pm