Update dependency flask to v3 #109

Open
renovate-bot wants to merge 1 commits from renovate/flask-3.x into main
Member

This PR contains the following updates:

Package Type Update Change
flask (changelog) packages major ==2.3.3 -> ==3.1.1

Release Notes

pallets/flask (flask)

v3.1.1

Compare Source

Released 2025-05-13

  • Fix signing key selection order when key rotation is enabled via
    SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. :issue:5645
  • flask --help loads the app and plugins first to make sure all commands
    are shown. :issue:5673
  • Mark sans-io base class as being able to handle views that return
    AsyncIterable. This is not accurate for Flask, but makes typing easier
    for Quart. :pr:5659

v3.1.0

Compare Source

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases.
    Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option
    responses. :pr:5496
  • Flask.open_resource/open_instance_resource and
    Blueprint.open_resource take an encoding parameter to use when
    opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only
    through the MAX_CONTENT_LENGTH config. Added
    MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
    about resource limits to the security page. :issue:5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the
    SESSION_COOKIE_PARTITIONED config. :issue:5472
  • -e path takes precedence over default .env and .flaskenv files.
    load_dotenv loads default files in addition to a path unless
    load_defaults=False is passed. :issue:5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
    secret keys that can still be used for unsigning. Extensions will need to
    add support. :issue:5621
  • Fix how setting host_matching=True or subdomain_matching=False
    interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
    requests to only that domain. :issue:5553
  • Request.trusted_hosts is checked during routing, and can be set through
    the TRUSTED_HOSTS config. :issue:5636

v3.0.3

Compare Source

Released 2024-04-07

  • The default hashlib.sha1 may not be available in FIPS builds. Don't
    access it at import time so the developer has time to change the default.
    :issue:5448
  • Don't initialize the cli attribute in the sansio scaffold, but rather in
    the Flask concrete class. :pr:5270

v3.0.2

Compare Source

Released 2024-02-03

  • Correct type for jinja_loader property. :issue:5388
  • Fix error with --extra-files and --exclude-patterns CLI options.
    :issue:5391

v3.0.1

Compare Source

Released 2024-01-18

  • Correct type for path argument to send_file. :issue:5336
  • Fix a typo in an error message for the flask run --key option. :pr:5344
  • Session data is untagged without relying on the built-in json.loads
    object_hook. This allows other JSON providers that don't implement that.
    :issue:5381
  • Address more type findings when using mypy strict mode. :pr:5383

v3.0.0

Compare Source

Released 2023-09-30

  • Remove previously deprecated code. :pr:5223
  • Deprecate the __version__ attribute. Use feature detection, or
    importlib.metadata.version("flask"), instead. :issue:5230
  • Restructure the code such that the Flask (app) and Blueprint
    classes have Sans-IO bases. :pr:5127
  • Allow self as an argument to url_for. :pr:5264
  • Require Werkzeug >= 3.0.0.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [flask](https://github.com/pallets/flask) ([changelog](https://flask.palletsprojects.com/page/changes/)) | packages | major | `==2.3.3` -> `==3.1.1` | --- ### Release Notes <details> <summary>pallets/flask (flask)</summary> ### [`v3.1.1`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-311) [Compare Source](https://github.com/pallets/flask/compare/3.1.0...3.1.1) Released 2025-05-13 - Fix signing key selection order when key rotation is enabled via `SECRET_KEY_FALLBACKS`. :ghsa:`4grg-w6v8-c28g` - Fix type hint for `cli_runner.invoke`. :issue:`5645` - `flask --help` loads the app and plugins first to make sure all commands are shown. :issue:`5673` - Mark sans-io base class as being able to handle views that return `AsyncIterable`. This is not accurate for Flask, but makes typing easier for Quart. :pr:`5659` ### [`v3.1.0`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-310) [Compare Source](https://github.com/pallets/flask/compare/3.0.3...3.1.0) Released 2024-11-13 - Drop support for Python 3.8. :pr:`5623` - Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:`5624,5633` - Provide a configuration option to control automatic option responses. :pr:`5496` - `Flask.open_resource`/`open_instance_resource` and `Blueprint.open_resource` take an `encoding` parameter to use when opening in text mode. It defaults to `utf-8`. :issue:`5504` - `Request.max_content_length` can be customized per-request instead of only through the `MAX_CONTENT_LENGTH` config. Added `MAX_FORM_MEMORY_SIZE` and `MAX_FORM_PARTS` config. Added documentation about resource limits to the security page. :issue:`5625` - Add support for the `Partitioned` cookie attribute (CHIPS), with the `SESSION_COOKIE_PARTITIONED` config. :issue:`5472` - `-e path` takes precedence over default `.env` and `.flaskenv` files. `load_dotenv` loads default files in addition to a path unless `load_defaults=False` is passed. :issue:`5628` - Support key rotation with the `SECRET_KEY_FALLBACKS` config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:`5621` - Fix how setting `host_matching=True` or `subdomain_matching=False` interacts with `SERVER_NAME`. Setting `SERVER_NAME` no longer restricts requests to only that domain. :issue:`5553` - `Request.trusted_hosts` is checked during routing, and can be set through the `TRUSTED_HOSTS` config. :issue:`5636` ### [`v3.0.3`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-303) [Compare Source](https://github.com/pallets/flask/compare/3.0.2...3.0.3) Released 2024-04-07 - The default `hashlib.sha1` may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:`5448` - Don't initialize the `cli` attribute in the sansio scaffold, but rather in the `Flask` concrete class. :pr:`5270` ### [`v3.0.2`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-302) [Compare Source](https://github.com/pallets/flask/compare/3.0.1...3.0.2) Released 2024-02-03 - Correct type for `jinja_loader` property. :issue:`5388` - Fix error with `--extra-files` and `--exclude-patterns` CLI options. :issue:`5391` ### [`v3.0.1`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-301) [Compare Source](https://github.com/pallets/flask/compare/3.0.0...3.0.1) Released 2024-01-18 - Correct type for `path` argument to `send_file`. :issue:`5336` - Fix a typo in an error message for the `flask run --key` option. :pr:`5344` - Session data is untagged without relying on the built-in `json.loads` `object_hook`. This allows other JSON providers that don't implement that. :issue:`5381` - Address more type findings when using mypy strict mode. :pr:`5383` ### [`v3.0.0`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-300) [Compare Source](https://github.com/pallets/flask/compare/2.3.3...3.0.0) Released 2023-09-30 - Remove previously deprecated code. :pr:`5223` - Deprecate the `__version__` attribute. Use feature detection, or `importlib.metadata.version("flask")`, instead. :issue:`5230` - Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:`5127` - Allow self as an argument to url_for. :pr:`5264` - Require Werkzeug >= 3.0.0. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM4LjE0Mi43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate-bot added 1 commit 2024-08-28 16:36:23 +02:00
Update dependency flask to v3
Some checks failed
renovate/artifacts Artifact file update failure
continuous-integration/drone/pr Build is failing
a7ed73e0c4
Author
Member

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Pipfile.lock
Command failed: pipenv lock
Locking  dependencies...
CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot 
install -r /tmp/pipenv-214206t1-requirements/pipenv-0chhlxw6-constraints.txt 
(line 10) and werkzeug==2.3.8 because these package versions have conflicting 
dependencies.
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/resolver.py", line 451, in main
[ResolutionFailure]:       _main(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/resolver.py", line 436, in _main
[ResolutionFailure]:       resolve_packages(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/resolver.py", line 400, in resolve_packages
[ResolutionFailure]:       results, resolver = resolve_deps(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/utils/resolver.py", line 979, in resolve_deps
[ResolutionFailure]:       results, hashes, internal_resolver = 
actually_resolve_deps(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/utils/resolver.py", line 747, in actually_resolve_deps
[ResolutionFailure]:       resolver.resolve()
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/utils/resolver.py", line 474, in resolve
[ResolutionFailure]:       raise ResolutionFailure(message=e)
Your dependencies could not be resolved. You likely have a mismatch in your 
sub-dependencies.
You can use $ pipenv run pip install <requirement_name> to bypass this 
mechanism, then run $ pipenv graph to inspect the versions actually installed in
the virtualenv.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: ResolutionImpossible: for help visit 
https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-depende
ncy-conflicts

Your dependencies could not be resolved. You likely have a mismatch in your 
sub-dependencies.
You can use $ pipenv run pip install <requirement_name> to bypass this 
mechanism, then run $ pipenv graph to inspect the versions actually installed in
the virtualenv.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: Failed to lock Pipfile.lock!

### ⚠️ Artifact update problem Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens: - any of the package files in this branch needs updating, or - the branch becomes conflicted, or - you click the rebase/retry checkbox if found above, or - you rename this PR's title to start with "rebase!" to trigger it manually The artifact failure details are included below: ##### File name: Pipfile.lock ``` Command failed: pipenv lock Locking dependencies... CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot install -r /tmp/pipenv-214206t1-requirements/pipenv-0chhlxw6-constraints.txt (line 10) and werkzeug==2.3.8 because these package versions have conflicting dependencies. [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/resolver.py", line 451, in main [ResolutionFailure]: _main( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/resolver.py", line 436, in _main [ResolutionFailure]: resolve_packages( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/resolver.py", line 400, in resolve_packages [ResolutionFailure]: results, resolver = resolve_deps( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/utils/resolver.py", line 979, in resolve_deps [ResolutionFailure]: results, hashes, internal_resolver = actually_resolve_deps( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/utils/resolver.py", line 747, in actually_resolve_deps [ResolutionFailure]: resolver.resolve() [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/utils/resolver.py", line 474, in resolve [ResolutionFailure]: raise ResolutionFailure(message=e) Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies. You can use $ pipenv run pip install <requirement_name> to bypass this mechanism, then run $ pipenv graph to inspect the versions actually installed in the virtualenv. Hint: try $ pipenv lock --pre if it is a pre-release dependency. ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-depende ncy-conflicts Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies. You can use $ pipenv run pip install <requirement_name> to bypass this mechanism, then run $ pipenv graph to inspect the versions actually installed in the virtualenv. Hint: try $ pipenv lock --pre if it is a pre-release dependency. ERROR: Failed to lock Pipfile.lock! ```
renovate-bot force-pushed renovate/flask-3.x from a7ed73e0c4 to 780bebb5be 2024-09-10 14:36:13 +02:00 Compare
renovate-bot force-pushed renovate/flask-3.x from 780bebb5be to cca71e659d 2024-11-13 19:36:34 +01:00 Compare
renovate-bot force-pushed renovate/flask-3.x from cca71e659d to e07b34ea4c 2025-01-08 16:36:57 +01:00 Compare
renovate-bot force-pushed renovate/flask-3.x from e07b34ea4c to c27158ac93 2025-05-13 17:36:58 +02:00 Compare
Some checks failed
renovate/artifacts Artifact file update failure
continuous-integration/drone/pr Build is failing
Required
Details
Some required checks were not successful.
You are not authorized to merge this pull request.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/flask-3.x:renovate/flask-3.x
git checkout renovate/flask-3.x
Sign in to join this conversation.
No description provided.