Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update flask to 3.1.0 #3136

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

pyup-bot
Copy link
Collaborator

This PR updates Flask from 2.0.2 to 3.1.0.

Changelog

3.1.0

-------------

Unreleased

3.0.3

-------------

Released 2024-04-07

-   The default ``hashlib.sha1`` may not be available in FIPS builds. Don't
 access it at import time so the developer has time to change the default.
 :issue:`5448`
-   Don't initialize the ``cli`` attribute in the sansio scaffold, but rather in
 the ``Flask`` concrete class. :pr:`5270`

3.0.2

-------------

Released 2024-02-03

-   Correct type for ``jinja_loader`` property. :issue:`5388`
-   Fix error with ``--extra-files`` and ``--exclude-patterns`` CLI options.
 :issue:`5391`

3.0.1

-------------

Released 2024-01-18

-   Correct type for ``path`` argument to ``send_file``. :issue:`5230`
-   Fix a typo in an error message for the ``flask run --key`` option. :pr:`5344`
-   Session data is untagged without relying on the built-in ``json.loads``
 ``object_hook``. This allows other JSON providers that don't implement that.
 :issue:`5381`
-   Address more type findings when using mypy strict mode. :pr:`5383`

3.0.0

-------------

Released 2023-09-30

-   Remove previously deprecated code. :pr:`5223`
-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask")``, instead. :issue:`5230`
-   Restructure the code such that the Flask (app) and Blueprint
 classes have Sans-IO bases. :pr:`5127`
-   Allow self as an argument to url_for. :pr:`5264`
-   Require Werkzeug >= 3.0.0.

2.3.3

-------------

Released 2023-08-21

-   Python 3.12 compatibility.
-   Require Werkzeug >= 2.3.7.
-   Use ``flit_core`` instead of ``setuptools`` as build backend.
-   Refactor how an app's root and instance paths are determined. :issue:`5160`

2.3.2

-------------

Released 2023-05-01

-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.
-   Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

2.3.1

-------------

Released 2023-04-25

-   Restore deprecated ``from flask import Markup``. :issue:`5084`

2.3.0

-------------

Released 2023-04-25

-   Drop support for Python 3.7. :pr:`5072`
-   Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
 itsdangerous>=2.1.2, click>=8.1.3.
-   Remove previously deprecated code. :pr:`4995`

 -   The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and
     ``_request_ctx_stack`` objects are removed. ``top`` still exists to give
     extensions more time to update, but it will be removed.
 -   The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env``
     property are removed.
 -   The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``,
     ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app``
     are removed.
 -   The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and
     ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed.
 -   The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators
     are removed.
 -   ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the
     corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed.
 -   The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed.
 -   Calling setup methods on blueprints after registration is an error instead of a
     warning. :pr:`4997`

-   Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them
 directly from ``markupsafe`` instead. :pr:`4996`
-   The ``app.got_first_request`` property is deprecated. :pr:`4997`
-   The ``locked_cached_property`` decorator is deprecated. Use a lock inside the
 decorated function if locking is needed. :issue:`4993`
-   Signals are always available. ``blinker>=1.6.2`` is a required dependency. The
 ``signals_available`` attribute is deprecated. :issue:`5056`
-   Signals support ``async`` subscriber functions. :pr:`5049`
-   Remove uses of locks that could cause requests to block each other very briefly.
 :issue:`4993`
-   Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
 :pr:`4947`
-   Ensure subdomains are applied with nested blueprints. :issue:`4834`
-   ``config.from_file`` can use ``text=False`` to indicate that the parser wants a
 binary file instead. :issue:`4989`
-   If a blueprint is created with an empty name it raises a ``ValueError``.
 :issue:`5010`
-   ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not
 to set the domain, which modern browsers interpret as an exact match rather than
 a subdomain match. Warnings about ``localhost`` and IP addresses are also removed.
 :issue:`5051`
-   The ``routes`` command shows each rule's ``subdomain`` or ``host`` when domain
 matching is in use. :issue:`5004`
-   Use postponed evaluation of annotations. :pr:`5071`

2.2.5

-------------

Released 2023-05-02

-   Update for compatibility with Werkzeug 2.3.3.
-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.

2.2.4

-------------

Released 2023-04-25

-   Update for compatibility with Werkzeug 2.3.

2.2.3

-------------

Released 2023-02-15

-   Autoescape is enabled by default for ``.svg`` template files. :issue:`4831`
-   Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892`
-   Add ``--debug`` option to the ``flask run`` command. :issue:`4777`

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`
Links

@pyup-bot pyup-bot mentioned this pull request Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant