Update dependency flask to v2.3.3 #87

Merged
Brain merged 1 commits from renovate/flask-2.x into main 2024-08-28 15:19:37 +02:00
Member

This PR contains the following updates:

Package Type Update Change
flask (changelog) packages minor ==2.0.3 -> ==2.3.3

Release Notes

pallets/flask (flask)

v2.3.3

Compare Source

Released 2023-08-21

  • Python 3.12 compatibility.
  • Require Werkzeug >= 2.3.7.
  • Use flit_core instead of setuptools as build backend.
  • Refactor how an app's root and instance paths are determined. :issue:5160

v2.3.2

Compare Source

Released 2023-05-01

  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.
  • Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

v2.3.1

Compare Source

Released 2023-04-25

  • Restore deprecated from flask import Markup. :issue:5084

v2.3.0

Compare Source

Released 2023-04-25

  • Drop support for Python 3.7. :pr:5072

  • Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
    itsdangerous>=2.1.2, click>=8.1.3.

  • Remove previously deprecated code. :pr:4995

    • The push and pop methods of the deprecated _app_ctx_stack and
      _request_ctx_stack objects are removed. top still exists to give
      extensions more time to update, but it will be removed.
    • The FLASK_ENV environment variable, ENV config key, and app.env
      property are removed.
    • The session_cookie_name, send_file_max_age_default, use_x_sendfile,
      propagate_exceptions, and templates_auto_reload properties on app
      are removed.
    • The JSON_AS_ASCII, JSON_SORT_KEYS, JSONIFY_MIMETYPE, and
      JSONIFY_PRETTYPRINT_REGULAR config keys are removed.
    • The app.before_first_request and bp.before_app_first_request decorators
      are removed.
    • json_encoder and json_decoder attributes on app and blueprint, and the
      corresponding json.JSONEncoder and JSONDecoder classes, are removed.
    • The json.htmlsafe_dumps and htmlsafe_dump functions are removed.
    • Calling setup methods on blueprints after registration is an error instead of a
      warning. :pr:4997
  • Importing escape and Markup from flask is deprecated. Import them
    directly from markupsafe instead. :pr:4996

  • The app.got_first_request property is deprecated. :pr:4997

  • The locked_cached_property decorator is deprecated. Use a lock inside the
    decorated function if locking is needed. :issue:4993

  • Signals are always available. blinker>=1.6.2 is a required dependency. The
    signals_available attribute is deprecated. :issue:5056

  • Signals support async subscriber functions. :pr:5049

  • Remove uses of locks that could cause requests to block each other very briefly.
    :issue:4993

  • Use modern packaging metadata with pyproject.toml instead of setup.cfg.
    :pr:4947

  • Ensure subdomains are applied with nested blueprints. :issue:4834

  • config.from_file can use text=False to indicate that the parser wants a
    binary file instead. :issue:4989

  • If a blueprint is created with an empty name it raises a ValueError.
    :issue:5010

  • SESSION_COOKIE_DOMAIN does not fall back to SERVER_NAME. The default is not
    to set the domain, which modern browsers interpret as an exact match rather than
    a subdomain match. Warnings about localhost and IP addresses are also removed.
    :issue:5051

  • The routes command shows each rule's subdomain or host when domain
    matching is in use. :issue:5004

  • Use postponed evaluation of annotations. :pr:5071

v2.2.5

Compare Source

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

v2.2.4

Compare Source

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

v2.2.3

Compare Source

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

v2.2.2

Compare Source

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related
    to the new faster router, header parsing, and the development
    server. :pr:4754
  • Fix the default value for app.env to be "production". This
    attribute remains deprecated. :issue:4740

v2.2.1

Compare Source

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a
    deprecation warning. :issue:4732

v2.2.0

Compare Source

Released 2022-08-01

  • Remove previously deprecated code. :pr:4667

    • Old names for some send_file parameters have been removed.
      download_name replaces attachment_filename, max_age
      replaces cache_timeout, and etag replaces add_etags.
      Additionally, path replaces filename in
      send_from_directory.
    • The RequestContext.g property returning AppContext.g is
      removed.
  • Update Werkzeug dependency to >= 2.2.

  • The app and request contexts are managed using Python context vars
    directly rather than Werkzeug's LocalStack. This should result
    in better performance and memory use. :pr:4682

    • Extension maintainers, be aware that _app_ctx_stack.top
      and _request_ctx_stack.top are deprecated. Store data on
      g instead using a unique prefix, like
      g._extension_name_attr.
  • The FLASK_ENV environment variable and app.env attribute are
    deprecated, removing the distinction between development and debug
    mode. Debug mode should be controlled directly using the --debug
    option or app.run(debug=True). :issue:4714

  • Some attributes that proxied config keys on app are deprecated:
    session_cookie_name, send_file_max_age_default,
    use_x_sendfile, propagate_exceptions, and
    templates_auto_reload. Use the relevant config keys instead.
    :issue:4716

  • Add new customization points to the Flask app object for many
    previously global behaviors.

    • flask.url_for will call app.url_for. :issue:4568
    • flask.abort will call app.aborter.
      Flask.aborter_class and Flask.make_aborter can be used
      to customize this aborter. :issue:4567
    • flask.redirect will call app.redirect. :issue:4569
    • flask.json is an instance of JSONProvider. A different
      provider can be set to use a different JSON library.
      flask.jsonify will call app.json.response, other
      functions in flask.json will call corresponding functions in
      app.json. :pr:4692
  • JSON configuration is moved to attributes on the default
    app.json provider. JSON_AS_ASCII, JSON_SORT_KEYS,
    JSONIFY_MIMETYPE, and JSONIFY_PRETTYPRINT_REGULAR are
    deprecated. :pr:4692

  • Setting custom json_encoder and json_decoder classes on the
    app or a blueprint, and the corresponding json.JSONEncoder and
    JSONDecoder classes, are deprecated. JSON behavior can now be
    overridden using the app.json provider interface. :pr:4692

  • json.htmlsafe_dumps and json.htmlsafe_dump are deprecated,
    the function is built-in to Jinja now. :pr:4692

  • Refactor register_error_handler to consolidate error checking.
    Rewrite some error messages to be more consistent. :issue:4559

  • Use Blueprint decorators and functions intended for setup after
    registering the blueprint will show a warning. In the next version,
    this will become an error just like the application setup methods.
    :issue:4571

  • before_first_request is deprecated. Run setup code when creating
    the application instead. :issue:4605

  • Added the View.init_every_request class attribute. If a view
    subclass sets this to False, the view will not create a new
    instance on every request. :issue:2520.

  • A flask.cli.FlaskGroup Click group can be nested as a
    sub-command in a custom CLI. :issue:3263

  • Add --app and --debug options to the flask CLI, instead
    of requiring that they are set through environment variables.
    :issue:2836

  • Add --env-file option to the flask CLI. This allows
    specifying a dotenv file to load in addition to .env and
    .flaskenv. :issue:3108

  • It is no longer required to decorate custom CLI commands on
    app.cli or blueprint.cli with @with_appcontext, an app
    context will already be active at that point. :issue:2410

  • SessionInterface.get_expiration_time uses a timezone-aware
    value. :pr:4645

  • View functions can return generators directly instead of wrapping
    them in a Response. :pr:4629

  • Add stream_template and stream_template_string functions to
    render a template as a stream of pieces. :pr:4629

  • A new implementation of context preservation during debugging and
    testing. :pr:4666

    • request, g, and other context-locals point to the
      correct data when running code in the interactive debugger
      console. :issue:2836
    • Teardown functions are always run at the end of the request,
      even if the context is preserved. They are also run after the
      preserved context is popped.
    • stream_with_context preserves context separately from a
      with client block. It will be cleaned up when
      response.get_data() or response.close() is called.
  • Allow returning a list from a view function, to convert it to a
    JSON response like a dict is. :issue:4672

  • When type checking, allow TypedDict to be returned from view
    functions. :pr:4695

  • Remove the --eager-loading/--lazy-loading options from the
    flask run command. The app is always eager loaded the first
    time, then lazily loaded in the reloader. The reloader always prints
    errors immediately but continues serving. Remove the internal
    DispatchingApp middleware used by the previous implementation.
    :issue:4715

v2.1.3

Compare Source

Released 2022-07-13

  • Inline some optional imports that are only used for certain CLI
    commands. :pr:4606
  • Relax type annotation for after_request functions. :issue:4600
  • instance_path for namespace packages uses the path closest to
    the imported submodule. :issue:4610
  • Clearer error message when render_template and
    render_template_string are used outside an application context.
    :pr:4693

v2.1.2

Compare Source

Released 2022-04-28

  • Fix type annotation for json.loads, it accepts str or bytes.
    :issue:4519
  • The --cert and --key options on flask run can be given
    in either order. :issue:4459

v2.1.1

Compare Source

Released on 2022-03-30

  • Set the minimum required version of importlib_metadata to 3.6.0,
    which is required on Python < 3.10. :issue:4502

v2.1.0

Compare Source

Released 2022-03-28

  • Drop support for Python 3.6. :pr:4335

  • Update Click dependency to >= 8.0. :pr:4008

  • Remove previously deprecated code. :pr:4337

    • The CLI does not pass script_info to app factory functions.
    • config.from_json is replaced by
      config.from_file(name, load=json.load).
    • json functions no longer take an encoding parameter.
    • safe_join is removed, use werkzeug.utils.safe_join
      instead.
    • total_seconds is removed, use timedelta.total_seconds
      instead.
    • The same blueprint cannot be registered with the same name. Use
      name= when registering to specify a unique name.
    • The test client's as_tuple parameter is removed. Use
      response.request.environ instead. :pr:4417
  • Some parameters in send_file and send_from_directory were
    renamed in 2.0. The deprecation period for the old names is extended
    to 2.2. Be sure to test with deprecation warnings visible.

    • attachment_filename is renamed to download_name.
    • cache_timeout is renamed to max_age.
    • add_etags is renamed to etag.
    • filename is renamed to path.
  • The RequestContext.g property is deprecated. Use g directly
    or AppContext.g instead. :issue:3898

  • copy_current_request_context can decorate async functions.
    :pr:4303

  • The CLI uses importlib.metadata instead of pkg_resources to
    load command entry points. :issue:4419

  • Overriding FlaskClient.open will not cause an error on redirect.
    :issue:3396

  • Add an --exclude-patterns option to the flask run CLI
    command to specify patterns that will be ignored by the reloader.
    :issue:4188

  • When using lazy loading (the default with the debugger), the Click
    context from the flask run command remains available in the
    loader thread. :issue:4460

  • Deleting the session cookie uses the httponly flag.
    :issue:4485

  • Relax typing for errorhandler to allow the user to use more
    precise types and decorate the same function multiple times.
    :issue:4095, 4295, 4297

  • Fix typing for __exit__ methods for better compatibility with
    ExitStack. :issue:4474

  • From Werkzeug, for redirect responses the Location header URL
    will remain relative, and exclude the scheme and domain, by default.
    :pr:4496

  • Add Config.from_prefixed_env() to load config values from
    environment variables that start with FLASK_ or another prefix.
    This parses values as JSON by default, and allows setting keys in
    nested dicts. :pr:4479


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [flask](https://github.com/pallets/flask) ([changelog](https://flask.palletsprojects.com/changes/)) | packages | minor | `==2.0.3` -> `==2.3.3` | --- ### Release Notes <details> <summary>pallets/flask (flask)</summary> ### [`v2.3.3`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-233) [Compare Source](https://github.com/pallets/flask/compare/2.3.2...2.3.3) Released 2023-08-21 - Python 3.12 compatibility. - Require Werkzeug >= 2.3.7. - Use `flit_core` instead of `setuptools` as build backend. - Refactor how an app's root and instance paths are determined. :issue:`5160` ### [`v2.3.2`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-232) [Compare Source](https://github.com/pallets/flask/compare/2.3.1...2.3.2) Released 2023-05-01 - Set `Vary: Cookie` header when the session is accessed, modified, or refreshed. - Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes. ### [`v2.3.1`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-231) [Compare Source](https://github.com/pallets/flask/compare/2.3.0...2.3.1) Released 2023-04-25 - Restore deprecated `from flask import Markup`. :issue:`5084` ### [`v2.3.0`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-230) [Compare Source](https://github.com/pallets/flask/compare/2.2.5...2.3.0) Released 2023-04-25 - Drop support for Python 3.7. :pr:`5072` - Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2, itsdangerous>=2.1.2, click>=8.1.3. - Remove previously deprecated code. :pr:`4995` - The `push` and `pop` methods of the deprecated `_app_ctx_stack` and `_request_ctx_stack` objects are removed. `top` still exists to give extensions more time to update, but it will be removed. - The `FLASK_ENV` environment variable, `ENV` config key, and `app.env` property are removed. - The `session_cookie_name`, `send_file_max_age_default`, `use_x_sendfile`, `propagate_exceptions`, and `templates_auto_reload` properties on `app` are removed. - The `JSON_AS_ASCII`, `JSON_SORT_KEYS`, `JSONIFY_MIMETYPE`, and `JSONIFY_PRETTYPRINT_REGULAR` config keys are removed. - The `app.before_first_request` and `bp.before_app_first_request` decorators are removed. - `json_encoder` and `json_decoder` attributes on app and blueprint, and the corresponding `json.JSONEncoder` and `JSONDecoder` classes, are removed. - The `json.htmlsafe_dumps` and `htmlsafe_dump` functions are removed. - Calling setup methods on blueprints after registration is an error instead of a warning. :pr:`4997` - Importing `escape` and `Markup` from `flask` is deprecated. Import them directly from `markupsafe` instead. :pr:`4996` - The `app.got_first_request` property is deprecated. :pr:`4997` - The `locked_cached_property` decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:`4993` - Signals are always available. `blinker>=1.6.2` is a required dependency. The `signals_available` attribute is deprecated. :issue:`5056` - Signals support `async` subscriber functions. :pr:`5049` - Remove uses of locks that could cause requests to block each other very briefly. :issue:`4993` - Use modern packaging metadata with `pyproject.toml` instead of `setup.cfg`. :pr:`4947` - Ensure subdomains are applied with nested blueprints. :issue:`4834` - `config.from_file` can use `text=False` to indicate that the parser wants a binary file instead. :issue:`4989` - If a blueprint is created with an empty name it raises a `ValueError`. :issue:`5010` - `SESSION_COOKIE_DOMAIN` does not fall back to `SERVER_NAME`. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about `localhost` and IP addresses are also removed. :issue:`5051` - The `routes` command shows each rule's `subdomain` or `host` when domain matching is in use. :issue:`5004` - Use postponed evaluation of annotations. :pr:`5071` ### [`v2.2.5`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-225) [Compare Source](https://github.com/pallets/flask/compare/2.2.4...2.2.5) Released 2023-05-02 - Update for compatibility with Werkzeug 2.3.3. - Set `Vary: Cookie` header when the session is accessed, modified, or refreshed. ### [`v2.2.4`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-224) [Compare Source](https://github.com/pallets/flask/compare/2.2.3...2.2.4) Released 2023-04-25 - Update for compatibility with Werkzeug 2.3. ### [`v2.2.3`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-223) [Compare Source](https://github.com/pallets/flask/compare/2.2.2...2.2.3) Released 2023-02-15 - Autoescape is enabled by default for `.svg` template files. :issue:`4831` - Fix the type of `template_folder` to accept `pathlib.Path`. :issue:`4892` - Add `--debug` option to the `flask run` command. :issue:`4777` ### [`v2.2.2`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-222) [Compare Source](https://github.com/pallets/flask/compare/2.2.1...2.2.2) Released 2022-08-08 - Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for `app.env` to be `"production"`. This attribute remains deprecated. :issue:`4740` ### [`v2.2.1`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-221) [Compare Source](https://github.com/pallets/flask/compare/2.2.0...2.2.1) Released 2022-08-03 - Setting or accessing `json_encoder` or `json_decoder` raises a deprecation warning. :issue:`4732` ### [`v2.2.0`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-220) [Compare Source](https://github.com/pallets/flask/compare/2.1.3...2.2.0) Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some `send_file` parameters have been removed. `download_name` replaces `attachment_filename`, `max_age` replaces `cache_timeout`, and `etag` replaces `add_etags`. Additionally, `path` replaces `filename` in `send_from_directory`. - The `RequestContext.g` property returning `AppContext.g` is removed. - Update Werkzeug dependency to >= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug's `LocalStack`. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that `_app_ctx_stack.top` and `_request_ctx_stack.top` are deprecated. Store data on `g` instead using a unique prefix, like `g._extension_name_attr`. - The `FLASK_ENV` environment variable and `app.env` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the `--debug` option or `app.run(debug=True)`. :issue:`4714` - Some attributes that proxied config keys on `app` are deprecated: `session_cookie_name`, `send_file_max_age_default`, `use_x_sendfile`, `propagate_exceptions`, and `templates_auto_reload`. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the `Flask` app object for many previously global behaviors. - `flask.url_for` will call `app.url_for`. :issue:`4568` - `flask.abort` will call `app.aborter`. `Flask.aborter_class` and `Flask.make_aborter` can be used to customize this aborter. :issue:`4567` - `flask.redirect` will call `app.redirect`. :issue:`4569` - `flask.json` is an instance of `JSONProvider`. A different provider can be set to use a different JSON library. `flask.jsonify` will call `app.json.response`, other functions in `flask.json` will call corresponding functions in `app.json`. :pr:`4692` - JSON configuration is moved to attributes on the default `app.json` provider. `JSON_AS_ASCII`, `JSON_SORT_KEYS`, `JSONIFY_MIMETYPE`, and `JSONIFY_PRETTYPRINT_REGULAR` are deprecated. :pr:`4692` - Setting custom `json_encoder` and `json_decoder` classes on the app or a blueprint, and the corresponding `json.JSONEncoder` and `JSONDecoder` classes, are deprecated. JSON behavior can now be overridden using the `app.json` provider interface. :pr:`4692` - `json.htmlsafe_dumps` and `json.htmlsafe_dump` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor `register_error_handler` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - `before_first_request` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the `View.init_every_request` class attribute. If a view subclass sets this to `False`, the view will not create a new instance on every request. :issue:`2520`. - A `flask.cli.FlaskGroup` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add `--app` and `--debug` options to the `flask` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add `--env-file` option to the `flask` CLI. This allows specifying a dotenv file to load in addition to `.env` and `.flaskenv`. :issue:`3108` - It is no longer required to decorate custom CLI commands on `app.cli` or `blueprint.cli` with `@with_appcontext`, an app context will already be active at that point. :issue:`2410` - `SessionInterface.get_expiration_time` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a `Response`. :pr:`4629` - Add `stream_template` and `stream_template_string` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - `request`, `g`, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - `stream_with_context` preserves context separately from a `with client` block. It will be cleaned up when `response.get_data()` or `response.close()` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow `TypedDict` to be returned from view functions. :pr:`4695` - Remove the `--eager-loading/--lazy-loading` options from the `flask run` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal `DispatchingApp` middleware used by the previous implementation. :issue:`4715` ### [`v2.1.3`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-213) [Compare Source](https://github.com/pallets/flask/compare/2.1.2...2.1.3) Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for `after_request` functions. :issue:`4600` - `instance_path` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when `render_template` and `render_template_string` are used outside an application context. :pr:`4693` ### [`v2.1.2`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-212) [Compare Source](https://github.com/pallets/flask/compare/2.1.1...2.1.2) Released 2022-04-28 - Fix type annotation for `json.loads`, it accepts str or bytes. :issue:`4519` - The `--cert` and `--key` options on `flask run` can be given in either order. :issue:`4459` ### [`v2.1.1`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-211) [Compare Source](https://github.com/pallets/flask/compare/2.1.0...2.1.1) Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python < 3.10. :issue:`4502` ### [`v2.1.0`](https://github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-210) [Compare Source](https://github.com/pallets/flask/compare/2.0.3...2.1.0) Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to >= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass `script_info` to app factory functions. - `config.from_json` is replaced by `config.from_file(name, load=json.load)`. - `json` functions no longer take an `encoding` parameter. - `safe_join` is removed, use `werkzeug.utils.safe_join` instead. - `total_seconds` is removed, use `timedelta.total_seconds` instead. - The same blueprint cannot be registered with the same name. Use `name=` when registering to specify a unique name. - The test client's `as_tuple` parameter is removed. Use `response.request.environ` instead. :pr:`4417` - Some parameters in `send_file` and `send_from_directory` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - `attachment_filename` is renamed to `download_name`. - `cache_timeout` is renamed to `max_age`. - `add_etags` is renamed to `etag`. - `filename` is renamed to `path`. - The `RequestContext.g` property is deprecated. Use `g` directly or `AppContext.g` instead. :issue:`3898` - `copy_current_request_context` can decorate async functions. :pr:`4303` - The CLI uses `importlib.metadata` instead of `pkg_resources` to load command entry points. :issue:`4419` - Overriding `FlaskClient.open` will not cause an error on redirect. :issue:`3396` - Add an `--exclude-patterns` option to the `flask run` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the `flask run` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the `httponly` flag. :issue:`4485` - Relax typing for `errorhandler` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for `__exit__` methods for better compatibility with `ExitStack`. :issue:`4474` - From Werkzeug, for redirect responses the `Location` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add `Config.from_prefixed_env()` to load config values from environment variables that start with `FLASK_` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate-bot added 1 commit 2024-08-22 13:35:41 +02:00
Update dependency flask to v2.3.3
All checks were successful
continuous-integration/drone/pr Build is passing
ad49eab529
renovate-bot force-pushed renovate/flask-2.x from ad49eab529 to aaa89211db 2024-08-22 20:35:41 +02:00 Compare
renovate-bot force-pushed renovate/flask-2.x from aaa89211db to b6f5c47c4e 2024-08-23 12:35:39 +02:00 Compare
renovate-bot force-pushed renovate/flask-2.x from b6f5c47c4e to 40b6548cf9 2024-08-23 15:35:32 +02:00 Compare
renovate-bot force-pushed renovate/flask-2.x from 40b6548cf9 to 32aeb23305 2024-08-27 19:36:43 +02:00 Compare
renovate-bot force-pushed renovate/flask-2.x from 32aeb23305 to 28cf714217 2024-08-28 14:35:39 +02:00 Compare
Brain approved these changes 2024-08-28 15:18:13 +02:00
Brain left a comment
Owner

Ran locally without issues, also fixes CVE-2023-30861 (CVSS 7.5)

Ran locally without issues, also fixes [CVE-2023-30861](https://data.safetycli.com/v/55261/742) (CVSS 7.5)
Brain added the
security
label 2024-08-28 15:19:31 +02:00
Brain merged commit 56ade6de68 into main 2024-08-28 15:19:37 +02:00
Sign in to join this conversation.
No reviewers
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: kompetenzinventar/ki-backend#87
No description provided.