Bump flask-talisman from 0.7.0 to 1.0.0

[dependabot]

Bumps flask-talisman from 0.7.0 to 1.0.0.

Release notes

Sourced from flask-talisman's releases.

v1.0.0

What's Changed

• Increase default nonce size by @​tunetheweb in wntrblm/flask-talisman#15
• Deprecate Python 2.x support by @​eelkevdbos in wntrblm/flask-talisman#17
• Add the new default directive to the README by @​QEDK in wntrblm/flask-talisman#16
• Document disabling Content Security Policy by @​strugee in wntrblm/flask-talisman#18
• Remove obsolete Permissions Policy directive interest-cohort by @​bershanskiy in wntrblm/flask-talisman#21

New Contributors

• @​QEDK made their first contribution in wntrblm/flask-talisman#16
• @​strugee made their first contribution in wntrblm/flask-talisman#18
• @​eelkevdbos made their first contribution in wntrblm/flask-talisman#17
• @​bershanskiy made their first contribution in wntrblm/flask-talisman#21

Full Changelog: wntrblm/flask-talisman@v0.8.1...v1.0.0

v0.8.1

Fixed

• CSP nonces were applied to all directives, instead of only the specified directives (#13), thanks @​tunetheweb for fixing

v0.8.0

NOTE: This is the first release after the project was forked from GoogleCloudPlatform/flask-talisman.

Changes

• object-src is now a default CSP directive with value 'none'. @​QEDK (#2)
• Document Policy and Permissions Policy are now supported. @​tunetheweb (#3)
• The ingest cohort directive for Permissions Policy is by default turned off (#3)
• You can now disable the X-Content-Type-Options and X-XSS-Protection headers. By default they're turned on. @​ezelbanaan (#4)
• You can now specify SameSite attributes for session cookies; by default that's set to Lax. @​tylersalminen #5
• You can now customize nonce configuration per view / route. @​tunetheweb (#6)
• The length of the CSP nonce is now properly limited. @​tunetheweb
• Removed the legacy X-Content-Security-Policy header and its associated option, legacy_content_security_policy_header.

For maintainers

• Moved CI / CD to Github Actions from Travis (#1)
• Removed Python 3.4 from CI (#1)
• Increased line length to 120 (#1)

Commits

• 6ba7a37 Release 1.0.0
• 16148c8 Remove obsolete Permissions Policy directive interest-cohort
• f13ae18 Deprecate Python 2.x (#17)
• 3328051 AIncrease default nonce size (#15)
• 37f2720 Document disabling Content Security Policy (#18)
• a7a36f5 Add the new default directive to the README (#16)
• 838c772 Prepare for release 0.8.1 (#14)
• 69d1791 Fix CSP Nonce to only be applied to correct directives (#13)
• 6051751 Release v0.8.0 (#8)
• 3ae4d07 Update Permission Policy documentation (#10)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)