Update dependency flask to v3 #109

Open

renovate-bot wants to merge 1 commits from renovate/flask-3.x into main

pull from: renovate/flask-3.x

merge into: kompetenzinventar:main

kompetenzinventar:main

kompetenzinventar:renovate/minor-3.13-python

kompetenzinventar:renovate/minor-3.11-python

kompetenzinventar:renovate/minor-3.10-python

kompetenzinventar:renovate/minor-3.12-python

kompetenzinventar:renovate/pre-commit-4.x

kompetenzinventar:renovate/werkzeug-3.x

kompetenzinventar:renovate/pre-commit-3.x

kompetenzinventar:renovate/yapf-0.x

kompetenzinventar:renovate/waitress-3.x

kompetenzinventar:verify-lockfile

kompetenzinventar:docker-dry-run

kompetenzinventar:implement_jsonresume

kompetenzinventar:pyenv

kompetenzinventar:revert-python-3.11

kompetenzinventar:docker-improvements

kompetenzinventar:upgrade

kompetenzinventar:feature/#68-Neuer-Arbeitsbereich-für-Akquise-und-Vertrieb

kompetenzinventar:gitea-registry

kompetenzinventar:docker-labels

kompetenzinventar:drone-config

kompetenzinventar:test/docker-dry-run

kompetenzinventar:fix/pyyaml-version-bump

kompetenzinventar:feature/tag-trigger

kompetenzinventar:fix/code-style

kompetenzinventar:delete-a-user

kompetenzinventar:fix/flags

kompetenzinventar:feature/#48-mehr-skill_icons

kompetenzinventar:ext_skills

kompetenzinventar:auth-with-exceptions

Conversation 1 Commits 1 Files Changed 1 +1 -1

renovate-bot commented 2024-08-28 16:36:22 +02:00

Member

Copy Link

This PR contains the following updates:

Package	Type	Update	Change
flask (changelog)	packages	major	==2.3.3 -> ==3.1.1

---

Release Notes

pallets/flask (flask)

v3.1.1

Compare Source

Released 2025-05-13

• Fix signing key selection order when key rotation is enabled via
  SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
• Fix type hint for cli_runner.invoke. :issue:5645
• flask --help loads the app and plugins first to make sure all commands
  are shown. :issue:5673
• Mark sans-io base class as being able to handle views that return
  AsyncIterable. This is not accurate for Flask, but makes typing easier
  for Quart. :pr:5659

v3.1.0

Compare Source

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases.
  Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option
  responses. :pr:5496
• Flask.open_resource/open_instance_resource and
  Blueprint.open_resource take an encoding parameter to use when
  opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only
  through the MAX_CONTENT_LENGTH config. Added
  MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
  about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the
  SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files.
  load_dotenv loads default files in addition to a path unless
  load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
  secret keys that can still be used for unsigning. Extensions will need to
  add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False
  interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
  requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through
  the TRUSTED_HOSTS config. :issue:5636

v3.0.3

Compare Source

Released 2024-04-07

• The default hashlib.sha1 may not be available in FIPS builds. Don't
  access it at import time so the developer has time to change the default.
  :issue:5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in
  the Flask concrete class. :pr:5270

v3.0.2

Compare Source

Released 2024-02-03

• Correct type for jinja_loader property. :issue:5388
• Fix error with --extra-files and --exclude-patterns CLI options.
  :issue:5391

v3.0.1

Compare Source

Released 2024-01-18

• Correct type for path argument to send_file. :issue:5336
• Fix a typo in an error message for the flask run --key option. :pr:5344
• Session data is untagged without relying on the built-in json.loads
object_hook. This allows other JSON providers that don't implement that.
  :issue:5381
• Address more type findings when using mypy strict mode. :pr:5383

v3.0.0

Compare Source

Released 2023-09-30

• Remove previously deprecated code. :pr:5223
• Deprecate the __version__ attribute. Use feature detection, or
  importlib.metadata.version("flask"), instead. :issue:5230
• Restructure the code such that the Flask (app) and Blueprint
  classes have Sans-IO bases. :pr:5127
• Allow self as an argument to url_for. :pr:5264
• Require Werkzeug >= 3.0.0.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [flask](https://github.com/pallets/flask) ([changelog](https://flask.palletsprojects.com/page/changes/)) | packages | major | `==2.3.3` -> `==3.1.1` | --- ### Release Notes <details> <summary>pallets/flask (flask)</summary> ### [`v3.1.1`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-311) [Compare Source](https://github.com/pallets/flask/compare/3.1.0...3.1.1) Released 2025-05-13 - Fix signing key selection order when key rotation is enabled via `SECRET_KEY_FALLBACKS`. :ghsa:`4grg-w6v8-c28g` - Fix type hint for `cli_runner.invoke`. :issue:`5645` - `flask --help` loads the app and plugins first to make sure all commands are shown. :issue:`5673` - Mark sans-io base class as being able to handle views that return `AsyncIterable`. This is not accurate for Flask, but makes typing easier for Quart. :pr:`5659` ### [`v3.1.0`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-310) [Compare Source](https://github.com/pallets/flask/compare/3.0.3...3.1.0) Released 2024-11-13 - Drop support for Python 3.8. :pr:`5623` - Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:`5624,5633` - Provide a configuration option to control automatic option responses. :pr:`5496` - `Flask.open_resource`/`open_instance_resource` and `Blueprint.open_resource` take an `encoding` parameter to use when opening in text mode. It defaults to `utf-8`. :issue:`5504` - `Request.max_content_length` can be customized per-request instead of only through the `MAX_CONTENT_LENGTH` config. Added `MAX_FORM_MEMORY_SIZE` and `MAX_FORM_PARTS` config. Added documentation about resource limits to the security page. :issue:`5625` - Add support for the `Partitioned` cookie attribute (CHIPS), with the `SESSION_COOKIE_PARTITIONED` config. :issue:`5472` - `-e path` takes precedence over default `.env` and `.flaskenv` files. `load_dotenv` loads default files in addition to a path unless `load_defaults=False` is passed. :issue:`5628` - Support key rotation with the `SECRET_KEY_FALLBACKS` config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:`5621` - Fix how setting `host_matching=True` or `subdomain_matching=False` interacts with `SERVER_NAME`. Setting `SERVER_NAME` no longer restricts requests to only that domain. :issue:`5553` - `Request.trusted_hosts` is checked during routing, and can be set through the `TRUSTED_HOSTS` config. :issue:`5636` ### [`v3.0.3`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-303) [Compare Source](https://github.com/pallets/flask/compare/3.0.2...3.0.3) Released 2024-04-07 - The default `hashlib.sha1` may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:`5448` - Don't initialize the `cli` attribute in the sansio scaffold, but rather in the `Flask` concrete class. :pr:`5270` ### [`v3.0.2`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-302) [Compare Source](https://github.com/pallets/flask/compare/3.0.1...3.0.2) Released 2024-02-03 - Correct type for `jinja_loader` property. :issue:`5388` - Fix error with `--extra-files` and `--exclude-patterns` CLI options. :issue:`5391` ### [`v3.0.1`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-301) [Compare Source](https://github.com/pallets/flask/compare/3.0.0...3.0.1) Released 2024-01-18 - Correct type for `path` argument to `send_file`. :issue:`5336` - Fix a typo in an error message for the `flask run --key` option. :pr:`5344` - Session data is untagged without relying on the built-in `json.loads` `object_hook`. This allows other JSON providers that don't implement that. :issue:`5381` - Address more type findings when using mypy strict mode. :pr:`5383` ### [`v3.0.0`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-300) [Compare Source](https://github.com/pallets/flask/compare/2.3.3...3.0.0) Released 2023-09-30 - Remove previously deprecated code. :pr:`5223` - Deprecate the `__version__` attribute. Use feature detection, or `importlib.metadata.version("flask")`, instead. :issue:`5230` - Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:`5127` - Allow self as an argument to url_for. :pr:`5264` - Require Werkzeug >= 3.0.0. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM4LjE0Mi43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate-bot added 1 commit 2024-08-28 16:36:23 +02:00

Update dependency flask to v3 a7ed73e0c4

renovate-bot commented 2024-08-28 16:36:23 +02:00

Author

Member

Copy Link

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Pipfile.lock

Command failed: pipenv lock
Locking  dependencies...
CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot 
install -r /tmp/pipenv-214206t1-requirements/pipenv-0chhlxw6-constraints.txt 
(line 10) and werkzeug==2.3.8 because these package versions have conflicting 
dependencies.
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/resolver.py", line 451, in main
[ResolutionFailure]:       _main(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/resolver.py", line 436, in _main
[ResolutionFailure]:       resolve_packages(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/resolver.py", line 400, in resolve_packages
[ResolutionFailure]:       results, resolver = resolve_deps(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/utils/resolver.py", line 979, in resolve_deps
[ResolutionFailure]:       results, hashes, internal_resolver = 
actually_resolve_deps(
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/utils/resolver.py", line 747, in actually_resolve_deps
[ResolutionFailure]:       resolver.resolve()
[ResolutionFailure]:   File 
"/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip
env/utils/resolver.py", line 474, in resolve
[ResolutionFailure]:       raise ResolutionFailure(message=e)
Your dependencies could not be resolved. You likely have a mismatch in your 
sub-dependencies.
You can use $ pipenv run pip install <requirement_name> to bypass this 
mechanism, then run $ pipenv graph to inspect the versions actually installed in
the virtualenv.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: ResolutionImpossible: for help visit 
https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-depende
ncy-conflicts

Your dependencies could not be resolved. You likely have a mismatch in your 
sub-dependencies.
You can use $ pipenv run pip install <requirement_name> to bypass this 
mechanism, then run $ pipenv graph to inspect the versions actually installed in
the virtualenv.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: Failed to lock Pipfile.lock!

### ⚠️ Artifact update problem Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens: - any of the package files in this branch needs updating, or - the branch becomes conflicted, or - you click the rebase/retry checkbox if found above, or - you rename this PR's title to start with "rebase!" to trigger it manually The artifact failure details are included below: ##### File name: Pipfile.lock ``` Command failed: pipenv lock Locking dependencies... CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot install -r /tmp/pipenv-214206t1-requirements/pipenv-0chhlxw6-constraints.txt (line 10) and werkzeug==2.3.8 because these package versions have conflicting dependencies. [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/resolver.py", line 451, in main [ResolutionFailure]: _main( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/resolver.py", line 436, in _main [ResolutionFailure]: resolve_packages( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/resolver.py", line 400, in resolve_packages [ResolutionFailure]: results, resolver = resolve_deps( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/utils/resolver.py", line 979, in resolve_deps [ResolutionFailure]: results, hashes, internal_resolver = actually_resolve_deps( [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/utils/resolver.py", line 747, in actually_resolve_deps [ResolutionFailure]: resolver.resolve() [ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2025.0.2/3.9.22/lib/python3.9/site-packages/pip env/utils/resolver.py", line 474, in resolve [ResolutionFailure]: raise ResolutionFailure(message=e) Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies. You can use $ pipenv run pip install <requirement_name> to bypass this mechanism, then run $ pipenv graph to inspect the versions actually installed in the virtualenv. Hint: try $ pipenv lock --pre if it is a pre-release dependency. ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-depende ncy-conflicts Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies. You can use $ pipenv run pip install <requirement_name> to bypass this mechanism, then run $ pipenv graph to inspect the versions actually installed in the virtualenv. Hint: try $ pipenv lock --pre if it is a pre-release dependency. ERROR: Failed to lock Pipfile.lock! ```

renovate-bot force-pushed renovate/flask-3.x from a7ed73e0c4 to 780bebb5be 2024-09-10 14:36:13 +02:00 Compare

renovate-bot force-pushed renovate/flask-3.x from 780bebb5be to cca71e659d 2024-11-13 19:36:34 +01:00 Compare

renovate-bot force-pushed renovate/flask-3.x from cca71e659d to e07b34ea4c 2025-01-08 16:36:57 +01:00 Compare

renovate-bot force-pushed renovate/flask-3.x from e07b34ea4c to c27158ac93 2025-05-13 17:36:58 +02:00 Compare

Some checks failed

Hide all checks

renovate/artifacts Artifact file update failure

continuous-integration/drone/pr Build is failing

Required

Details

Some required checks were not successful.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/flask-3.x:renovate/flask-3.x

git checkout renovate/flask-3.x

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something is not working

doing

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

ready

Bereit für Release

review

security

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Brain drone-bot frlan gulliver igk Lasagne marei Nikolai renovate-bot scammo srsh weeman

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kompetenzinventar/ki-backend#109

No description provided.