CTF
CTF copied to clipboard
Published
20 hours ago •
abdesslem
abdesslem
Update flask to 2.2.2
This PR updates Flask from 1.0.2 to 2.2.2.
Changelog
2.2.2
-------------
Released 2022-08-08
- Update Werkzeug dependency to >= 2.2.2. This includes fixes related
to the new faster router, header parsing, and the development
server. :pr:`4754`
- Fix the default value for ``app.env`` to be ``"production"``. This
attribute remains deprecated. :issue:`4740`
2.2.1
-------------
Released 2022-08-03
- Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
deprecation warning. :issue:`4732`
2.2.0
-------------
Released 2022-08-01
- Remove previously deprecated code. :pr:`4667`
- Old names for some ``send_file`` parameters have been removed.
``download_name`` replaces ``attachment_filename``, ``max_age``
replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
Additionally, ``path`` replaces ``filename`` in
``send_from_directory``.
- The ``RequestContext.g`` property returning ``AppContext.g`` is
removed.
- Update Werkzeug dependency to >= 2.2.
- The app and request contexts are managed using Python context vars
directly rather than Werkzeug's ``LocalStack``. This should result
in better performance and memory use. :pr:`4682`
- Extension maintainers, be aware that ``_app_ctx_stack.top``
and ``_request_ctx_stack.top`` are deprecated. Store data on
``g`` instead using a unique prefix, like
``g._extension_name_attr``.
- The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
deprecated, removing the distinction between development and debug
mode. Debug mode should be controlled directly using the ``--debug``
option or ``app.run(debug=True)``. :issue:`4714`
- Some attributes that proxied config keys on ``app`` are deprecated:
``session_cookie_name``, ``send_file_max_age_default``,
``use_x_sendfile``, ``propagate_exceptions``, and
``templates_auto_reload``. Use the relevant config keys instead.
:issue:`4716`
- Add new customization points to the ``Flask`` app object for many
previously global behaviors.
- ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
- ``flask.abort`` will call ``app.aborter``.
``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
to customize this aborter. :issue:`4567`
- ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
- ``flask.json`` is an instance of ``JSONProvider``. A different
provider can be set to use a different JSON library.
``flask.jsonify`` will call ``app.json.response``, other
functions in ``flask.json`` will call corresponding functions in
``app.json``. :pr:`4692`
- JSON configuration is moved to attributes on the default
``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
deprecated. :pr:`4692`
- Setting custom ``json_encoder`` and ``json_decoder`` classes on the
app or a blueprint, and the corresponding ``json.JSONEncoder`` and
``JSONDecoder`` classes, are deprecated. JSON behavior can now be
overridden using the ``app.json`` provider interface. :pr:`4692`
- ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
the function is built-in to Jinja now. :pr:`4692`
- Refactor ``register_error_handler`` to consolidate error checking.
Rewrite some error messages to be more consistent. :issue:`4559`
- Use Blueprint decorators and functions intended for setup after
registering the blueprint will show a warning. In the next version,
this will become an error just like the application setup methods.
:issue:`4571`
- ``before_first_request`` is deprecated. Run setup code when creating
the application instead. :issue:`4605`
- Added the ``View.init_every_request`` class attribute. If a view
subclass sets this to ``False``, the view will not create a new
instance on every request. :issue:`2520`.
- A ``flask.cli.FlaskGroup`` Click group can be nested as a
sub-command in a custom CLI. :issue:`3263`
- Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
of requiring that they are set through environment variables.
:issue:`2836`
- Add ``--env-file`` option to the ``flask`` CLI. This allows
specifying a dotenv file to load in addition to ``.env`` and
``.flaskenv``. :issue:`3108`
- It is no longer required to decorate custom CLI commands on
``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
context will already be active at that point. :issue:`2410`
- ``SessionInterface.get_expiration_time`` uses a timezone-aware
value. :pr:`4645`
- View functions can return generators directly instead of wrapping
them in a ``Response``. :pr:`4629`
- Add ``stream_template`` and ``stream_template_string`` functions to
render a template as a stream of pieces. :pr:`4629`
- A new implementation of context preservation during debugging and
testing. :pr:`4666`
- ``request``, ``g``, and other context-locals point to the
correct data when running code in the interactive debugger
console. :issue:`2836`
- Teardown functions are always run at the end of the request,
even if the context is preserved. They are also run after the
preserved context is popped.
- ``stream_with_context`` preserves context separately from a
``with client`` block. It will be cleaned up when
``response.get_data()`` or ``response.close()`` is called.
- Allow returning a list from a view function, to convert it to a
JSON response like a dict is. :issue:`4672`
- When type checking, allow ``TypedDict`` to be returned from view
functions. :pr:`4695`
- Remove the ``--eager-loading/--lazy-loading`` options from the
``flask run`` command. The app is always eager loaded the first
time, then lazily loaded in the reloader. The reloader always prints
errors immediately but continues serving. Remove the internal
``DispatchingApp`` middleware used by the previous implementation.
:issue:`4715`
2.1.3
-------------
Released 2022-07-13
- Inline some optional imports that are only used for certain CLI
commands. :pr:`4606`
- Relax type annotation for ``after_request`` functions. :issue:`4600`
- ``instance_path`` for namespace packages uses the path closest to
the imported submodule. :issue:`4610`
- Clearer error message when ``render_template`` and
``render_template_string`` are used outside an application context.
:pr:`4693`
2.1.2
-------------
Released 2022-04-28
- Fix type annotation for ``json.loads``, it accepts str or bytes.
:issue:`4519`
- The ``--cert`` and ``--key`` options on ``flask run`` can be given
in either order. :issue:`4459`
2.1.1
-------------
Released on 2022-03-30
- Set the minimum required version of importlib_metadata to 3.6.0,
which is required on Python < 3.10. :issue:`4502`
2.1.0
-------------
Released 2022-03-28
- Drop support for Python 3.6. :pr:`4335`
- Update Click dependency to >= 8.0. :pr:`4008`
- Remove previously deprecated code. :pr:`4337`
- The CLI does not pass ``script_info`` to app factory functions.
- ``config.from_json`` is replaced by
``config.from_file(name, load=json.load)``.
- ``json`` functions no longer take an ``encoding`` parameter.
- ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
instead.
- ``total_seconds`` is removed, use ``timedelta.total_seconds``
instead.
- The same blueprint cannot be registered with the same name. Use
``name=`` when registering to specify a unique name.
- The test client's ``as_tuple`` parameter is removed. Use
``response.request.environ`` instead. :pr:`4417`
- Some parameters in ``send_file`` and ``send_from_directory`` were
renamed in 2.0. The deprecation period for the old names is extended
to 2.2. Be sure to test with deprecation warnings visible.
- ``attachment_filename`` is renamed to ``download_name``.
- ``cache_timeout`` is renamed to ``max_age``.
- ``add_etags`` is renamed to ``etag``.
- ``filename`` is renamed to ``path``.
- The ``RequestContext.g`` property is deprecated. Use ``g`` directly
or ``AppContext.g`` instead. :issue:`3898`
- ``copy_current_request_context`` can decorate async functions.
:pr:`4303`
- The CLI uses ``importlib.metadata`` instead of ``setuptools`` to
load command entry points. :issue:`4419`
- Overriding ``FlaskClient.open`` will not cause an error on redirect.
:issue:`3396`
- Add an ``--exclude-patterns`` option to the ``flask run`` CLI
command to specify patterns that will be ignored by the reloader.
:issue:`4188`
- When using lazy loading (the default with the debugger), the Click
context from the ``flask run`` command remains available in the
loader thread. :issue:`4460`
- Deleting the session cookie uses the ``httponly`` flag.
:issue:`4485`
- Relax typing for ``errorhandler`` to allow the user to use more
precise types and decorate the same function multiple times.
:issue:`4095, 4295, 4297`
- Fix typing for ``__exit__`` methods for better compatibility with
``ExitStack``. :issue:`4474`
- From Werkzeug, for redirect responses the ``Location`` header URL
will remain relative, and exclude the scheme and domain, by default.
:pr:`4496`
- Add ``Config.from_prefixed_env()`` to load config values from
environment variables that start with ``FLASK_`` or another prefix.
This parses values as JSON by default, and allows setting keys in
nested dicts. :pr:`4479`
2.0.3
-------------
Released 2022-02-14
- The test client's ``as_tuple`` parameter is deprecated and will be
removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
removed in Flask 2.1, while remaining compatible with both in
2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
- Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
- Revert a change to the CLI that caused it to hide ``ImportError``
tracebacks when importing the application. :issue:`4307`
- ``app.json_encoder`` and ``json_decoder`` are only passed to
``dumps`` and ``loads`` if they have custom behavior. This improves
performance, mainly on PyPy. :issue:`4349`
- Clearer error message when ``after_this_request`` is used outside a
request context. :issue:`4333`
2.0.2
-------------
Released 2021-10-04
- Fix type annotation for ``teardown_*`` methods. :issue:`4093`
- Fix type annotation for ``before_request`` and ``before_app_request``
decorators. :issue:`4104`
- Fixed the issue where typing requires template global
decorators to accept functions with no arguments. :issue:`4098`
- Support View and MethodView instances with async handlers. :issue:`4112`
- Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
- Fix registering a blueprint twice with differing names. :issue:`4124`
- Fix the type of ``static_folder`` to accept ``pathlib.Path``.
:issue:`4150`
- ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
:issue:`4157`
- Correctly handle raising deferred errors in CLI lazy loading.
:issue:`4096`
- The CLI loader handles ``**kwargs`` in a ``create_app`` function.
:issue:`4170`
- Fix the order of ``before_request`` and other callbacks that trigger
before the view returns. They are called from the app down to the
closest nested blueprint. :issue:`4229`
2.0.1
-------------
Released 2021-05-21
- Re-add the ``filename`` parameter in ``send_from_directory``. The
``filename`` parameter has been renamed to ``path``, the old name
is deprecated. :pr:`4019`
- Mark top-level names as exported so type checking understands
imports in user projects. :issue:`4024`
- Fix type annotation for ``g`` and inform mypy that it is a namespace
object that has arbitrary attributes. :issue:`4020`
- Fix some types that weren't available in Python 3.6.0. :issue:`4040`
- Improve typing for ``send_file``, ``send_from_directory``, and
``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
- Show an error when a blueprint name contains a dot. The ``.`` has
special meaning, it is used to separate (nested) blueprint names and
the endpoint name. :issue:`4041`
- Combine URL prefixes when nesting blueprints that were created with
a ``url_prefix`` value. :issue:`4037`
- Revert a change to the order that URL matching was done. The
URL is again matched after the session is loaded, so the session is
available in custom URL converters. :issue:`4053`
- Re-add deprecated ``Config.from_json``, which was accidentally
removed early. :issue:`4078`
- Improve typing for some functions using ``Callable`` in their type
signatures, focusing on decorator factories. :issue:`4060`
- Nested blueprints are registered with their dotted name. This allows
different blueprints with the same name to be nested at different
locations. :issue:`4069`
- ``register_blueprint`` takes a ``name`` option to change the
(pre-dotted) name the blueprint is registered with. This allows the
same blueprint to be registered multiple times with unique names for
``url_for``. Registering the same blueprint with the same name
multiple times is deprecated. :issue:`1091`
- Improve typing for ``stream_with_context``. :issue:`4052`
2.0.0
-------------
Released 2021-05-11
- Drop support for Python 2 and 3.5.
- Bump minimum versions of other Pallets projects: Werkzeug >= 2,
Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
to check the change logs for each project. For better compatibility
with other applications (e.g. Celery) that still require Click 7,
there is no hard dependency on Click 8 yet, but using Click 7 will
trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
- JSON support no longer uses simplejson. To use another JSON module,
override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
- The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
- Passing ``script_info`` to app factory functions is deprecated. This
was not portable outside the ``flask`` command. Use
``click.get_current_context().obj`` if it's needed. :issue:`3552`
- The CLI shows better error messages when the app failed to load
when looking up commands. :issue:`2741`
- Add ``SessionInterface.get_cookie_name`` to allow setting the
session cookie name dynamically. :pr:`3369`
- Add ``Config.from_file`` to load config using arbitrary file
loaders, such as ``toml.load`` or ``json.load``.
``Config.from_json`` is deprecated in favor of this. :pr:`3398`
- The ``flask run`` command will only defer errors on reload. Errors
present during the initial call will cause the server to exit with
the traceback immediately. :issue:`3431`
- ``send_file`` raises a ``ValueError`` when passed an ``io`` object
in text mode. Previously, it would respond with 200 OK and an empty
file. :issue:`3358`
- When using ad-hoc certificates, check for the cryptography library
instead of PyOpenSSL. :pr:`3492`
- When specifying a factory function with ``FLASK_APP``, keyword
argument can be passed. :issue:`3553`
- When loading a ``.env`` or ``.flaskenv`` file, the current working
directory is no longer changed to the location of the file.
:pr:`3560`
- When returning a ``(response, headers)`` tuple from a view, the
headers replace rather than extend existing headers on the response.
For example, this allows setting the ``Content-Type`` for
``jsonify()``. Use ``response.headers.extend()`` if extending is
desired. :issue:`3628`
- The ``Scaffold`` class provides a common API for the ``Flask`` and
``Blueprint`` classes. ``Blueprint`` information is stored in
attributes just like ``Flask``, rather than opaque lambda functions.
This is intended to improve consistency and maintainability.
:issue:`3215`
- Include ``samesite`` and ``secure`` options when removing the
session cookie. :pr:`3726`
- Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
- ``send_file`` and ``send_from_directory`` are wrappers around the
implementations in ``werkzeug.utils``. :pr:`3828`
- Some ``send_file`` parameters have been renamed, the old names are
deprecated. ``attachment_filename`` is renamed to ``download_name``.
``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
renamed to ``etag``. :pr:`3828, 3883`
- ``send_file`` passes ``download_name`` even if
``as_attachment=False`` by using ``Content-Disposition: inline``.
:pr:`3828`
- ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
not set, otherwise ``public``. This tells browsers to validate
conditional requests instead of using a timed cache. :pr:`3828`
- ``helpers.safe_join`` is deprecated. Use
``werkzeug.utils.safe_join`` instead. :pr:`3828`
- The request context does route matching before opening the session.
This could allow a session interface to change behavior based on
``request.endpoint``. :issue:`3776`
- Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
- Add route decorators for common HTTP methods. For example,
``app.post("/login")`` is a shortcut for
``app.route("/login", methods=["POST"])``. :pr:`3907`
- Support async views, error handlers, before and after request, and
teardown functions. :pr:`3412`
- Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
- Set the default encoding to "UTF-8" when loading ``.env`` and
``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
- ``flask shell`` sets up tab and history completion like the default
``python`` shell if ``readline`` is installed. :issue:`3941`
- ``helpers.total_seconds()`` is deprecated. Use
``timedelta.total_seconds()`` instead. :pr:`3962`
- Add type hinting. :pr:`3973`.
1.1.4
-------------
Released 2021-05-13
- Update ``static_folder`` to use ``_compat.fspath`` instead of
``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`
1.1.3
-------------
Released 2021-05-13
- Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
:issue:`4043`
- Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
:pr:`3579`
1.1.2
-------------
Released 2020-04-03
- Work around an issue when running the ``flask`` command with an
external debugger on Windows. :issue:`3297`
- The static route will not catch all URLs if the ``Flask``
``static_folder`` argument ends with a slash. :issue:`3452`
1.1.1
-------------
Released 2019-07-08
- The ``flask.json_available`` flag was added back for compatibility
with some extensions. It will raise a deprecation warning when used,
and will be removed in version 2.0.0. :issue:`3288`
1.1.0
-------------
Released 2019-07-04
- Bump minimum Werkzeug version to >= 0.15.
- Drop support for Python 3.4.
- Error handlers for ``InternalServerError`` or ``500`` will always be
passed an instance of ``InternalServerError``. If they are invoked
due to an unhandled exception, that original exception is now
available as ``e.original_exception`` rather than being passed
directly to the handler. The same is true if the handler is for the
base ``HTTPException``. This makes error handler behavior more
consistent. :pr:`3266`
- ``Flask.finalize_request`` is called for all unhandled
exceptions even if there is no ``500`` error handler.
- ``Flask.logger`` takes the same name as ``Flask.name`` (the value
passed as ``Flask(import_name)``. This reverts 1.0's behavior of
always logging to ``"flask.app"``, in order to support multiple apps
in the same process. A warning will be shown if old configuration is
detected that needs to be moved. :issue:`2866`
- ``RequestContext.copy`` includes the current session object in the
request context copy. This prevents ``session`` pointing to an
out-of-date object. :issue:`2935`
- Using built-in RequestContext, unprintable Unicode characters in
Host header will result in a HTTP 400 response and not HTTP 500 as
previously. :pr:`2994`
- ``send_file`` supports ``PathLike`` objects as described in
:pep:`519`, to support ``pathlib`` in Python 3. :pr:`3059`
- ``send_file`` supports ``BytesIO`` partial content.
:issue:`2957`
- ``open_resource`` accepts the "rt" file mode. This still does the
same thing as "r". :issue:`3163`
- The ``MethodView.methods`` attribute set in a base class is used by
subclasses. :issue:`3138`
- ``Flask.jinja_options`` is a ``dict`` instead of an
``ImmutableDict`` to allow easier configuration. Changes must still
be made before creating the environment. :pr:`3190`
- Flask's ``JSONMixin`` for the request and response wrappers was
moved into Werkzeug. Use Werkzeug's version with Flask-specific
support. This bumps the Werkzeug dependency to >= 0.15.
:issue:`3125`
- The ``flask`` command entry point is simplified to take advantage
of Werkzeug 0.15's better reloader support. This bumps the Werkzeug
dependency to >= 0.15. :issue:`3022`
- Support ``static_url_path`` that ends with a forward slash.
:issue:`3134`
- Support empty ``static_folder`` without requiring setting an empty
``static_url_path`` as well. :pr:`3124`
- ``jsonify`` supports ``dataclass`` objects. :pr:`3195`
- Allow customizing the ``Flask.url_map_class`` used for routing.
:pr:`3069`
- The development server port can be set to 0, which tells the OS to
pick an available port. :issue:`2926`
- The return value from ``cli.load_dotenv`` is more consistent with
the documentation. It will return ``False`` if python-dotenv is not
installed, or if the given path isn't a file. :issue:`2937`
- Signaling support has a stub for the ``connect_via`` method when
the Blinker library is not installed. :pr:`3208`
- Add an ``--extra-files`` option to the ``flask run`` CLI command to
specify extra files that will trigger the reloader on change.
:issue:`2897`
- Allow returning a dictionary from a view function. Similar to how
returning a string will produce a ``text/html`` response, returning
a dict will call ``jsonify`` to produce a ``application/json``
response. :pr:`3111`
- Blueprints have a ``cli`` Click group like ``app.cli``. CLI commands
registered with a blueprint will be available as a group under the
``flask`` command. :issue:`1357`.
- When using the test client as a context manager (``with client:``),
all preserved request contexts are popped when the block exits,
ensuring nested contexts are cleaned up correctly. :pr:`3157`
- Show a better error message when the view return type is not
supported. :issue:`3214`
- ``flask.testing.make_test_environ_builder()`` has been deprecated in
favour of a new class ``flask.testing.EnvironBuilder``. :pr:`3232`
- The ``flask run`` command no longer fails if Python is not built
with SSL support. Using the ``--cert`` option will show an
appropriate error message. :issue:`3211`
- URL matching now occurs after the request context is pushed, rather
than when it's created. This allows custom URL converters to access
the app and request contexts, such as to query a database for an id.
:issue:`3088`
1.0.4
-------------
Released 2019-07-04
- The key information for ``BadRequestKeyError`` is no longer cleared
outside debug mode, so error handlers can still access it. This
requires upgrading to Werkzeug 0.15.5. :issue:`3249`
- ``send_file`` url quotes the ":" and "/" characters for more
compatible UTF-8 filename support in some browsers. :issue:`3074`
- Fixes for :pep:`451` import loaders and pytest 5.x. :issue:`3275`
- Show message about dotenv on stderr instead of stdout. :issue:`3285`
1.0.3
-------------
Released 2019-05-17
- ``send_file`` encodes filenames as ASCII instead of Latin-1
(ISO-8859-1). This fixes compatibility with Gunicorn, which is
stricter about header encodings than :pep:`3333`. :issue:`2766`
- Allow custom CLIs using ``FlaskGroup`` to set the debug flag without
it always being overwritten based on environment variables.
:pr:`2765`
- ``flask --version`` outputs Werkzeug's version and simplifies the
Python version. :pr:`2825`
- ``send_file`` handles an ``attachment_filename`` that is a native
Python 2 string (bytes) with UTF-8 coded bytes. :issue:`2933`
- A catch-all error handler registered for ``HTTPException`` will not
handle ``RoutingException``, which is used internally during
routing. This fixes the unexpected behavior that had been introduced
in 1.0. :pr:`2986`
- Passing the ``json`` argument to ``app.test_client`` does not
push/pop an extra app context. :issue:`2900`
Links
- PyPI: https://pypi.org/project/flask
- Changelog: https://pyup.io/changelogs/flask/
- Homepage: https://palletsprojects.com/p/flask
