package/python-flask-cors: security bump to version 3.0.9

Fixes the following security issue:

- CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware
  for Flask) before 3.0.9.  It allows ../ directory traversal to access
  private resources because resource matching does not ensure that pathnames
  are in a canonical format.

Also drop outdated md5 checksum and fix .hash indentation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-flask-cors/python-flask-cors.hash

@@ -1,5 +1,4 @@
-# md5, sha256 from https://pypi.org/pypi/flask-cors/json
-md5	551cc4c0305a171d28caa2b3bc838867  Flask-Cors-3.0.8.tar.gz
-sha256	72170423eb4612f0847318afff8c247b38bd516b7737adfc10d1c2cdbb382d16  Flask-Cors-3.0.8.tar.gz
+# sha256 from https://pypi.org/pypi/flask-cors/json
+sha256  6bcfc100288c5d1bcb1dbb854babd59beee622ffd321e444b05f24d6d58466b8  Flask-Cors-3.0.9.tar.gz
 # Locally computed sha256 checksums
-sha256	6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d  LICENSE
+sha256  6e1a1bdc54834c1e0740cbce5d5f6f2cae1c846fd2a7f482b11649594fafbd5d  LICENSE

package/python-flask-cors/python-flask-cors.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-PYTHON_FLASK_CORS_VERSION = 3.0.8
+PYTHON_FLASK_CORS_VERSION = 3.0.9
 PYTHON_FLASK_CORS_SOURCE = Flask-Cors-$(PYTHON_FLASK_CORS_VERSION).tar.gz
-PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/9e/11/ca8b95c5bf9644471601e425f0de8cbd09a506bb6c24842cb17a6cd1eea8
+PYTHON_FLASK_CORS_SITE = https://files.pythonhosted.org/packages/99/fc/cd117ea122e28037a5ec60356a7ffae8b77af527713f7b5e4eb63089f669
 PYTHON_FLASK_CORS_SETUP_TYPE = setuptools
 PYTHON_FLASK_CORS_LICENSE = MIT
 PYTHON_FLASK_CORS_LICENSE_FILES = LICENSE