Flask update (#2700)

* Flask security update The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656. Signed-off-by: David Dashyan <mail@davie.li> * Make send_naughty_tx error regex more robust Signed-off-by: David Dashyan <mail@davie.li>
2024-10-13 13:34:05 +00:00 · 2020-06-02 07:36:56 +00:00 · 2020-06-02 07:36:56 +00:00 · d9dfa98819
commit d9dfa98819
parent 4a008e51e3
2 changed files with 4 additions and 3 deletions
--- a/acceptance/python/src/test_naughty_strings.py
+++ b/acceptance/python/src/test_naughty_strings.py
@ -68,8 +68,9 @@ def send_naughty_tx(asset, metadata):
        error = sent_transaction.error
        regex = (
            r'\{\s*\n*'
-            r'\s*"message": "Invalid transaction \(ValidationError\): Invalid key name.*The key name cannot contain characters.*\n*' # noqa
-            r'\s*"status": 400\n*'
+            r'\s*"message":\s*"Invalid transaction \(ValidationError\):\s*'
+            r'Invalid key name.*The key name cannot contain characters.*\n*'
+            r'\s*"status":\s*400\n*'
            r'\s*\}\n*')
        assert status_code == 400
        assert re.fullmatch(regex, error), sent_transaction
--- a/setup.py
+++ b/setup.py
@ -77,7 +77,7 @@ install_requires = [
    'cryptoconditions==0.8.0',
    'python-rapidjson~=0.6.0',
    'logstats~=0.2.1',
-    'flask~=0.12.4',
+    'flask==1.0.0',
    'flask-cors~=3.0.0',
    'flask-restful~=0.3.0',
    'requests~=2.20.0',