Update dependency flask to v2.3.3 #87
No reviewers
Labels
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: kompetenzinventar/ki-backend#87
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "renovate/flask-2.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
==2.0.3
->==2.3.3
Release Notes
pallets/flask (flask)
v2.3.3
Compare Source
Released 2023-08-21
flit_core
instead ofsetuptools
as build backend.5160
v2.3.2
Compare Source
Released 2023-05-01
Vary: Cookie
header when the session is accessed, modified, or refreshed.v2.3.1
Compare Source
Released 2023-04-25
from flask import Markup
. :issue:5084
v2.3.0
Compare Source
Released 2023-04-25
Drop support for Python 3.7. :pr:
5072
Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
itsdangerous>=2.1.2, click>=8.1.3.
Remove previously deprecated code. :pr:
4995
push
andpop
methods of the deprecated_app_ctx_stack
and_request_ctx_stack
objects are removed.top
still exists to giveextensions more time to update, but it will be removed.
FLASK_ENV
environment variable,ENV
config key, andapp.env
property are removed.
session_cookie_name
,send_file_max_age_default
,use_x_sendfile
,propagate_exceptions
, andtemplates_auto_reload
properties onapp
are removed.
JSON_AS_ASCII
,JSON_SORT_KEYS
,JSONIFY_MIMETYPE
, andJSONIFY_PRETTYPRINT_REGULAR
config keys are removed.app.before_first_request
andbp.before_app_first_request
decoratorsare removed.
json_encoder
andjson_decoder
attributes on app and blueprint, and thecorresponding
json.JSONEncoder
andJSONDecoder
classes, are removed.json.htmlsafe_dumps
andhtmlsafe_dump
functions are removed.warning. :pr:
4997
Importing
escape
andMarkup
fromflask
is deprecated. Import themdirectly from
markupsafe
instead. :pr:4996
The
app.got_first_request
property is deprecated. :pr:4997
The
locked_cached_property
decorator is deprecated. Use a lock inside thedecorated function if locking is needed. :issue:
4993
Signals are always available.
blinker>=1.6.2
is a required dependency. Thesignals_available
attribute is deprecated. :issue:5056
Signals support
async
subscriber functions. :pr:5049
Remove uses of locks that could cause requests to block each other very briefly.
:issue:
4993
Use modern packaging metadata with
pyproject.toml
instead ofsetup.cfg
.:pr:
4947
Ensure subdomains are applied with nested blueprints. :issue:
4834
config.from_file
can usetext=False
to indicate that the parser wants abinary file instead. :issue:
4989
If a blueprint is created with an empty name it raises a
ValueError
.:issue:
5010
SESSION_COOKIE_DOMAIN
does not fall back toSERVER_NAME
. The default is notto set the domain, which modern browsers interpret as an exact match rather than
a subdomain match. Warnings about
localhost
and IP addresses are also removed.:issue:
5051
The
routes
command shows each rule'ssubdomain
orhost
when domainmatching is in use. :issue:
5004
Use postponed evaluation of annotations. :pr:
5071
v2.2.5
Compare Source
Released 2023-05-02
Vary: Cookie
header when the session is accessed, modified, or refreshed.v2.2.4
Compare Source
Released 2023-04-25
v2.2.3
Compare Source
Released 2023-02-15
.svg
template files. :issue:4831
template_folder
to acceptpathlib.Path
. :issue:4892
--debug
option to theflask run
command. :issue:4777
v2.2.2
Compare Source
Released 2022-08-08
to the new faster router, header parsing, and the development
server. :pr:
4754
app.env
to be"production"
. Thisattribute remains deprecated. :issue:
4740
v2.2.1
Compare Source
Released 2022-08-03
json_encoder
orjson_decoder
raises adeprecation warning. :issue:
4732
v2.2.0
Compare Source
Released 2022-08-01
Remove previously deprecated code. :pr:
4667
send_file
parameters have been removed.download_name
replacesattachment_filename
,max_age
replaces
cache_timeout
, andetag
replacesadd_etags
.Additionally,
path
replacesfilename
insend_from_directory
.RequestContext.g
property returningAppContext.g
isremoved.
Update Werkzeug dependency to >= 2.2.
The app and request contexts are managed using Python context vars
directly rather than Werkzeug's
LocalStack
. This should resultin better performance and memory use. :pr:
4682
_app_ctx_stack.top
and
_request_ctx_stack.top
are deprecated. Store data ong
instead using a unique prefix, likeg._extension_name_attr
.The
FLASK_ENV
environment variable andapp.env
attribute aredeprecated, removing the distinction between development and debug
mode. Debug mode should be controlled directly using the
--debug
option or
app.run(debug=True)
. :issue:4714
Some attributes that proxied config keys on
app
are deprecated:session_cookie_name
,send_file_max_age_default
,use_x_sendfile
,propagate_exceptions
, andtemplates_auto_reload
. Use the relevant config keys instead.:issue:
4716
Add new customization points to the
Flask
app object for manypreviously global behaviors.
flask.url_for
will callapp.url_for
. :issue:4568
flask.abort
will callapp.aborter
.Flask.aborter_class
andFlask.make_aborter
can be usedto customize this aborter. :issue:
4567
flask.redirect
will callapp.redirect
. :issue:4569
flask.json
is an instance ofJSONProvider
. A differentprovider can be set to use a different JSON library.
flask.jsonify
will callapp.json.response
, otherfunctions in
flask.json
will call corresponding functions inapp.json
. :pr:4692
JSON configuration is moved to attributes on the default
app.json
provider.JSON_AS_ASCII
,JSON_SORT_KEYS
,JSONIFY_MIMETYPE
, andJSONIFY_PRETTYPRINT_REGULAR
aredeprecated. :pr:
4692
Setting custom
json_encoder
andjson_decoder
classes on theapp or a blueprint, and the corresponding
json.JSONEncoder
andJSONDecoder
classes, are deprecated. JSON behavior can now beoverridden using the
app.json
provider interface. :pr:4692
json.htmlsafe_dumps
andjson.htmlsafe_dump
are deprecated,the function is built-in to Jinja now. :pr:
4692
Refactor
register_error_handler
to consolidate error checking.Rewrite some error messages to be more consistent. :issue:
4559
Use Blueprint decorators and functions intended for setup after
registering the blueprint will show a warning. In the next version,
this will become an error just like the application setup methods.
:issue:
4571
before_first_request
is deprecated. Run setup code when creatingthe application instead. :issue:
4605
Added the
View.init_every_request
class attribute. If a viewsubclass sets this to
False
, the view will not create a newinstance on every request. :issue:
2520
.A
flask.cli.FlaskGroup
Click group can be nested as asub-command in a custom CLI. :issue:
3263
Add
--app
and--debug
options to theflask
CLI, insteadof requiring that they are set through environment variables.
:issue:
2836
Add
--env-file
option to theflask
CLI. This allowsspecifying a dotenv file to load in addition to
.env
and.flaskenv
. :issue:3108
It is no longer required to decorate custom CLI commands on
app.cli
orblueprint.cli
with@with_appcontext
, an appcontext will already be active at that point. :issue:
2410
SessionInterface.get_expiration_time
uses a timezone-awarevalue. :pr:
4645
View functions can return generators directly instead of wrapping
them in a
Response
. :pr:4629
Add
stream_template
andstream_template_string
functions torender a template as a stream of pieces. :pr:
4629
A new implementation of context preservation during debugging and
testing. :pr:
4666
request
,g
, and other context-locals point to thecorrect data when running code in the interactive debugger
console. :issue:
2836
even if the context is preserved. They are also run after the
preserved context is popped.
stream_with_context
preserves context separately from awith client
block. It will be cleaned up whenresponse.get_data()
orresponse.close()
is called.Allow returning a list from a view function, to convert it to a
JSON response like a dict is. :issue:
4672
When type checking, allow
TypedDict
to be returned from viewfunctions. :pr:
4695
Remove the
--eager-loading/--lazy-loading
options from theflask run
command. The app is always eager loaded the firsttime, then lazily loaded in the reloader. The reloader always prints
errors immediately but continues serving. Remove the internal
DispatchingApp
middleware used by the previous implementation.:issue:
4715
v2.1.3
Compare Source
Released 2022-07-13
commands. :pr:
4606
after_request
functions. :issue:4600
instance_path
for namespace packages uses the path closest tothe imported submodule. :issue:
4610
render_template
andrender_template_string
are used outside an application context.:pr:
4693
v2.1.2
Compare Source
Released 2022-04-28
json.loads
, it accepts str or bytes.:issue:
4519
--cert
and--key
options onflask run
can be givenin either order. :issue:
4459
v2.1.1
Compare Source
Released on 2022-03-30
which is required on Python < 3.10. :issue:
4502
v2.1.0
Compare Source
Released 2022-03-28
Drop support for Python 3.6. :pr:
4335
Update Click dependency to >= 8.0. :pr:
4008
Remove previously deprecated code. :pr:
4337
script_info
to app factory functions.config.from_json
is replaced byconfig.from_file(name, load=json.load)
.json
functions no longer take anencoding
parameter.safe_join
is removed, usewerkzeug.utils.safe_join
instead.
total_seconds
is removed, usetimedelta.total_seconds
instead.
name=
when registering to specify a unique name.as_tuple
parameter is removed. Useresponse.request.environ
instead. :pr:4417
Some parameters in
send_file
andsend_from_directory
wererenamed in 2.0. The deprecation period for the old names is extended
to 2.2. Be sure to test with deprecation warnings visible.
attachment_filename
is renamed todownload_name
.cache_timeout
is renamed tomax_age
.add_etags
is renamed toetag
.filename
is renamed topath
.The
RequestContext.g
property is deprecated. Useg
directlyor
AppContext.g
instead. :issue:3898
copy_current_request_context
can decorate async functions.:pr:
4303
The CLI uses
importlib.metadata
instead ofpkg_resources
toload command entry points. :issue:
4419
Overriding
FlaskClient.open
will not cause an error on redirect.:issue:
3396
Add an
--exclude-patterns
option to theflask run
CLIcommand to specify patterns that will be ignored by the reloader.
:issue:
4188
When using lazy loading (the default with the debugger), the Click
context from the
flask run
command remains available in theloader thread. :issue:
4460
Deleting the session cookie uses the
httponly
flag.:issue:
4485
Relax typing for
errorhandler
to allow the user to use moreprecise types and decorate the same function multiple times.
:issue:
4095, 4295, 4297
Fix typing for
__exit__
methods for better compatibility withExitStack
. :issue:4474
From Werkzeug, for redirect responses the
Location
header URLwill remain relative, and exclude the scheme and domain, by default.
:pr:
4496
Add
Config.from_prefixed_env()
to load config values fromenvironment variables that start with
FLASK_
or another prefix.This parses values as JSON by default, and allows setting keys in
nested dicts. :pr:
4479
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
ad49eab529
toaaa89211db
aaa89211db
tob6f5c47c4e
b6f5c47c4e
to40b6548cf9
40b6548cf9
to32aeb23305
32aeb23305
to28cf714217
Ran locally without issues, also fixes CVE-2023-30861 (CVSS 7.5)