From 675b0b48b5e2e31b80c0796b566db18020996455 Mon Sep 17 00:00:00 2001
From: Vermeer GRANGE <vermeer.grange@gmail.com>
Date: Tue, 20 Aug 2019 14:25:59 +0200
Subject: [PATCH] Fix vulnerabilities as recommended by github Mainly upgrade
 Flask to 1.1.1 logging.DEBUG_LOG_FORMAT no longer exists, I dropped it as it
 is only used in development and I have no idea why we needed it.

---
 ROME_NAF/requirements_rome_naf.txt                | 2 +-
 labonneboite/conf/common/overrides/development.py | 7 +------
 labonneboite/web/api/views.py                     | 2 +-
 requirements.in                                   | 2 +-
 requirements.txt                                  | 4 ++--
 5 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/ROME_NAF/requirements_rome_naf.txt b/ROME_NAF/requirements_rome_naf.txt
index ab2586508..f1a9e6422 100644
--- a/ROME_NAF/requirements_rome_naf.txt
+++ b/ROME_NAF/requirements_rome_naf.txt
@@ -1,7 +1,7 @@
 jsonschema==2.5.1
 jupyter==1.0.0
 matplotlib==1.5.3
-notebook ~> 5.4.1
+notebook>=5.7.8
 numpy==1.11.3
 pandas==0.19.1
 python-slugify==1.2.4
diff --git a/labonneboite/conf/common/overrides/development.py b/labonneboite/conf/common/overrides/development.py
index 85c11fea9..da959d17b 100644
--- a/labonneboite/conf/common/overrides/development.py
+++ b/labonneboite/conf/common/overrides/development.py
@@ -1,18 +1,13 @@
-import flask.logging
-
 DEBUG = True
 SERVER_NAME = None
 
 DB_HOST = '127.0.0.1'
 DB_PORT = 3307
 
-LOG_FORMAT_USER_ACTIVITY = flask.logging.DEBUG_LOG_FORMAT
-
 PEAM_VERIFY_SSL = False
 
 SENTRY_ENVIRONMENT = "development"
 
-
 # Isochrone data available to work locally but only for the Metz area
 # and only for isochrones.
 # Concerning commute time available in office details (in results search page),
@@ -28,4 +23,4 @@
         'car': 'dummy',
         'public': 'dummy',
     },
-}
\ No newline at end of file
+}
diff --git a/labonneboite/web/api/views.py b/labonneboite/web/api/views.py
index ea735b077..9cc587a75 100644
--- a/labonneboite/web/api/views.py
+++ b/labonneboite/web/api/views.py
@@ -19,7 +19,7 @@
 from labonneboite.conf import settings
 from labonneboite.web.api import util as api_util
 from labonneboite.conf.common.settings_common import HEADCOUNT_VALUES
-from flask.ext.cors import cross_origin
+from flask_cors import cross_origin
 
 
 apiBlueprint = Blueprint('api', __name__)
diff --git a/requirements.in b/requirements.in
index e72eab018..2346c78ad 100644
--- a/requirements.in
+++ b/requirements.in
@@ -1,4 +1,4 @@
-Flask<0.13
+flask>=1.1.1
 Flask-Mandrill
 Flask-Script
 
diff --git a/requirements.txt b/requirements.txt
index 14fc14b9c..d26cb74e1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,7 +29,7 @@ flask-mandrill==0.2
 flask-script==2.0.6
 flask-testing==0.7.1
 flask-wtf==0.14.2
-flask==0.12.4
+flask==1.1.1
 future==0.16.0            # via pyjwkest
 geographiclib==1.49       # via geopy
 geopy==1.19.0
@@ -108,7 +108,7 @@ validators==0.11.2
 wcwidth==0.1.7            # via prompt-toolkit
 webassets==0.12.1         # via flask-assets
 webencodings==0.5.1       # via html5lib
-werkzeug==0.11.10         # via flask, flask-debugtoolbar
+werkzeug==0.15.5          # via flask, flask-debugtoolbar
 wrapt==1.10.10            # via astroid
 wtforms==2.1
 xhtml2pdf==0.2.2