Skip to content

fix(api): Update Flask and Werkzeug to address vulnerabilities#10431

Merged
josema-xyz merged 3 commits intov5.21from
backport/v5.21/pr-10430
Mar 23, 2026
Merged

fix(api): Update Flask and Werkzeug to address vulnerabilities#10431
josema-xyz merged 3 commits intov5.21from
backport/v5.21/pr-10430

Conversation

@prowler-bot
Copy link
Collaborator

@prowler-bot prowler-bot commented Mar 23, 2026

Backport

This will backport the following commits from master to v5.21:

Questions ?

Please refer to the Backport tool documentation

@josema-xyz
fix(api): Update Flask and Werkzeug to address vulnerabilities (#10430)
e6d8c9b 
(cherry picked from commit d60b4f0)

# Conflicts:
#	api/CHANGELOG.md
#	api/poetry.lock
@prowler-bot prowler-bot requested a review from a team as a code owner March 23, 2026 16:00
@prowler-bot prowler-bot added the backport This PR contains a backport - Do not set this manually label Mar 23, 2026
@prowler-bot prowler-bot mentioned this pull request Mar 23, 2026
Merged
13 tasks
@github-actions
Copy link
Contributor

github-actions bot commented Mar 23, 2026
edited
Loading

✅ All necessary CHANGELOG.md files have been updated.

@github-actions github-actions bot added the has-conflicts The PR has conflicts that needs to be resolved. label Mar 23, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 23, 2026
edited
Loading

Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

josema-xyz
josema-xyz previously approved these changes Mar 23, 2026
View reviewed changes
@github-actions
Copy link
Contributor

github-actions bot commented Mar 23, 2026
edited
Loading

🔒 Container Security Scan

Image: prowler-api:d4f8367
Last scan: 2026-03-23 16:30:26 UTC

📊 Vulnerability Summary

Severity Count
🔴 Critical 5
Total 5

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

  • Review the detailed scan results
  • Update affected packages to patched versions
  • Consider using a different base image if updates are unavailable

📋 Resources:

josema-xyz
josema-xyz previously approved these changes Mar 23, 2026
View reviewed changes
@github-actions github-actions bot removed the has-conflicts The PR has conflicts that needs to be resolved. label Mar 23, 2026
@codecov
Copy link

codecov bot commented Mar 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.38%. Comparing base (a002ec8) to head (8908247).
⚠️ Report is 1 commits behind head on v5.21.

Additional details and impacted files 
@@            Coverage Diff             @@
##            v5.21   #10431      +/-   ##
==========================================
+ Coverage   86.13%   93.38%   +7.24%     
==========================================
  Files         223      218       -5     
  Lines        5747    30393   +24646     
==========================================
+ Hits         4950    28381   +23431     
- Misses        797     2012    +1215
Flag Coverage Δ
api 93.38% <ø> (?)
prowler-py3.10-azure ?
prowler-py3.11-azure ?
prowler-py3.12-azure ?
prowler-py3.9-azure ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler ∅ <ø> (∅)
api 93.38% <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@josema-xyz josema-xyz merged commit b06379b into v5.21 Mar 23, 2026
40 checks passed
@josema-xyz josema-xyz deleted the backport/v5.21/pr-10430 branch March 23, 2026 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josema-xyz josema-xyz josema-xyz left review comments

@AdriiiPRodri AdriiiPRodri Awaiting requested review from AdriiiPRodri

@HugoPBrito HugoPBrito Awaiting requested review from HugoPBrito

Assignees

@josema-xyz josema-xyz

Labels

backport This PR contains a backport - Do not set this manually component/api

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prowler-bot @josema-xyz