Skip to content

[Snyk] Security upgrade flask-appbuilder from 3.3.0 to 4.8.1#622

Closed
terrorizer1980 wants to merge 1 commit intomasterfrom
snyk-fix-043cf0a35c4a20eb03c29b5d9865d5ae
Closed

[Snyk] Security upgrade flask-appbuilder from 3.3.0 to 4.8.1#622
terrorizer1980 wants to merge 1 commit intomasterfrom
snyk-fix-043cf0a35c4a20eb03c29b5d9865d5ae

Conversation

@terrorizer1980
Copy link
Copy Markdown

@terrorizer1980 terrorizer1980 commented Sep 20, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • requirements/base.txt
⚠️ Warning 
ich 13.8.1 has requirement typing-extensions<5.0,>=4.0.0; python_version < "3.9", but you have typing-extensions 3.7.4.3.
limits 3.10.1 has requirement packaging<25,>=21, but you have packaging 20.4.
Flask-Limiter 3.5.0 has requirement Flask>=2, but you have Flask 1.1.2.
Flask-Limiter 3.5.0 has requirement typing-extensions>=4, but you have typing-extensions 3.7.4.3.
Flask-AppBuilder 4.8.1 has requirement Flask<3.0.0,>=2, but you have Flask 1.1.2.
Flask-AppBuilder 4.8.1 has requirement Flask-JWT-Extended<5.0.0,>=4.0.0, but you have Flask-JWT-Extended 3.24.1.
Flask-AppBuilder 4.8.1 has requirement marshmallow<5,>=3.18.0, but you have marshmallow 3.9.0.
Flask-AppBuilder 4.8.1 has requirement PyJWT<3.0.0,>=2.0.0, but you have PyJWT 1.7.1.
Flask-AppBuilder 4.8.1 has requirement prison<1.0.0,>=0.2.1, but you have prison 0.1.3.
Flask-AppBuilder 4.8.1 has requirement apispec[yaml]<7,>=6.0.0, but you have apispec 3.3.2.
Flask-AppBuilder 4.8.1 has requirement click<9,>=8, but you have click 7.1.2.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authentication

@snyk-bot
fix: requirements/base.txt to reduce vulnerabilities
cd05450 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FLASKAPPBUILDER-12670878
@stale
Copy link
Copy Markdown

stale bot commented Nov 21, 2025

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

@stale stale bot added the inactive label Nov 21, 2025
@stale stale bot closed this Nov 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

inactive

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@terrorizer1980 @snyk-bot