DevOps-The-Hard-Way-Azure icon indicating copy to clipboard operation
DevOps-The-Hard-Way-Azure copied to clipboard

Published 20 hours ago verified publisher icon thomast1906

Update dependency Flask to v2.3.3

Open renovate[bot] opened this issue 5 months ago • 0 comments

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Flask (changelog) ==2.0.1 -> ==2.3.3 age adoption passing confidence

Release Notes

pallets/flask (Flask)

v2.3.3

Compare Source

Released 2023-08-21

  • Python 3.12 compatibility.
  • Require Werkzeug >= 2.3.7.
  • Use flit_core instead of setuptools as build backend.
  • Refactor how an app's root and instance paths are determined. :issue:5160

v2.3.2

Compare Source

Released 2023-05-01

  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.
  • Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

v2.3.1

Compare Source

Released 2023-04-25

  • Restore deprecated from flask import Markup. :issue:5084

v2.3.0

Compare Source

Released 2023-04-25

  • Drop support for Python 3.7. :pr:5072

  • Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2, itsdangerous>=2.1.2, click>=8.1.3.

  • Remove previously deprecated code. :pr:4995

    • The push and pop methods of the deprecated _app_ctx_stack and _request_ctx_stack objects are removed. top still exists to give extensions more time to update, but it will be removed.
    • The FLASK_ENV environment variable, ENV config key, and app.env property are removed.
    • The session_cookie_name, send_file_max_age_default, use_x_sendfile, propagate_exceptions, and templates_auto_reload properties on app are removed.
    • The JSON_AS_ASCII, JSON_SORT_KEYS, JSONIFY_MIMETYPE, and JSONIFY_PRETTYPRINT_REGULAR config keys are removed.
    • The app.before_first_request and bp.before_app_first_request decorators are removed.
    • json_encoder and json_decoder attributes on app and blueprint, and the corresponding json.JSONEncoder and JSONDecoder classes, are removed.
    • The json.htmlsafe_dumps and htmlsafe_dump functions are removed.
    • Calling setup methods on blueprints after registration is an error instead of a warning. :pr:4997

  • Importing escape and Markup from flask is deprecated. Import them directly from markupsafe instead. :pr:4996

  • The app.got_first_request property is deprecated. :pr:4997

  • The locked_cached_property decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:4993

  • Signals are always available. blinker>=1.6.2 is a required dependency. The signals_available attribute is deprecated. :issue:5056

  • Signals support async subscriber functions. :pr:5049

  • Remove uses of locks that could cause requests to block each other very briefly. :issue:4993

  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:4947

  • Ensure subdomains are applied with nested blueprints. :issue:4834

  • config.from_file can use text=False to indicate that the parser wants a binary file instead. :issue:4989

  • If a blueprint is created with an empty name it raises a ValueError. :issue:5010

  • SESSION_COOKIE_DOMAIN does not fall back to SERVER_NAME. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about localhost and IP addresses are also removed. :issue:5051

  • The routes command shows each rule's subdomain or host when domain matching is in use. :issue:5004

  • Use postponed evaluation of annotations. :pr:5071

v2.2.5

Compare Source

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

v2.2.4

Compare Source

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

v2.2.3

Compare Source

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

v2.2.2

Compare Source

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
  • Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

v2.2.1

Compare Source

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

v2.2.0

Compare Source

Released 2022-08-01

  • Remove previously deprecated code. :pr:4667

    • Old names for some send_file parameters have been removed. download_name replaces attachment_filename, max_age replaces cache_timeout, and etag replaces add_etags. Additionally, path replaces filename in send_from_directory.
    • The RequestContext.g property returning AppContext.g is removed.

  • Update Werkzeug dependency to >= 2.2.

  • The app and request contexts are managed using Python context vars directly rather than Werkzeug's LocalStack. This should result in better performance and memory use. :pr:4682

    • Extension maintainers, be aware that _app_ctx_stack.top and _request_ctx_stack.top are deprecated. Store data on g instead using a unique prefix, like g._extension_name_attr.

  • The FLASK_ENV environment variable and app.env attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the --debug option or app.run(debug=True). :issue:4714

  • Some attributes that proxied config keys on app are deprecated: session_cookie_name, send_file_max_age_default, use_x_sendfile, propagate_exceptions, and templates_auto_reload. Use the relevant config keys instead. :issue:4716

  • Add new customization points to the Flask app object for many previously global behaviors.

    • flask.url_for will call app.url_for. :issue:4568
    • flask.abort will call app.aborter. Flask.aborter_class and Flask.make_aborter can be used to customize this aborter. :issue:4567
    • flask.redirect will call app.redirect. :issue:4569
    • flask.json is an instance of JSONProvider. A different provider can be set to use a different JSON library. flask.jsonify will call app.json.response, other functions in flask.json will call corresponding functions in app.json. :pr:4692

  • JSON configuration is moved to attributes on the default app.json provider. JSON_AS_ASCII, JSON_SORT_KEYS, JSONIFY_MIMETYPE, and JSONIFY_PRETTYPRINT_REGULAR are deprecated. :pr:4692

  • Setting custom json_encoder and json_decoder classes on the app or a blueprint, and the corresponding json.JSONEncoder and JSONDecoder classes, are deprecated. JSON behavior can now be overridden using the app.json provider interface. :pr:4692

  • json.htmlsafe_dumps and json.htmlsafe_dump are deprecated, the function is built-in to Jinja now. :pr:4692

  • Refactor register_error_handler to consolidate error checking. Rewrite some error messages to be more consistent. :issue:4559

  • Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:4571

  • before_first_request is deprecated. Run setup code when creating the application instead. :issue:4605

  • Added the View.init_every_request class attribute. If a view subclass sets this to False, the view will not create a new instance on every request. :issue:2520.

  • A flask.cli.FlaskGroup Click group can be nested as a sub-command in a custom CLI. :issue:3263

  • Add --app and --debug options to the flask CLI, instead of requiring that they are set through environment variables. :issue:2836

  • Add --env-file option to the flask CLI. This allows specifying a dotenv file to load in addition to .env and .flaskenv. :issue:3108

  • It is no longer required to decorate custom CLI commands on app.cli or blueprint.cli with @with_appcontext, an app context will already be active at that point. :issue:2410

  • SessionInterface.get_expiration_time uses a timezone-aware value. :pr:4645

  • View functions can return generators directly instead of wrapping them in a Response. :pr:4629

  • Add stream_template and stream_template_string functions to render a template as a stream of pieces. :pr:4629

  • A new implementation of context preservation during debugging and testing. :pr:4666

    • request, g, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:2836
    • Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped.
    • stream_with_context preserves context separately from a with client block. It will be cleaned up when response.get_data() or response.close() is called.

  • Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:4672

  • When type checking, allow TypedDict to be returned from view functions. :pr:4695

  • Remove the --eager-loading/--lazy-loading options from the flask run command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal DispatchingApp middleware used by the previous implementation. :issue:4715

v2.1.3

Compare Source

Released 2022-07-13

  • Inline some optional imports that are only used for certain CLI commands. :pr:4606
  • Relax type annotation for after_request functions. :issue:4600
  • instance_path for namespace packages uses the path closest to the imported submodule. :issue:4610
  • Clearer error message when render_template and render_template_string are used outside an application context. :pr:4693

v2.1.2

Compare Source

Released 2022-04-28

  • Fix type annotation for json.loads, it accepts str or bytes. :issue:4519
  • The --cert and --key options on flask run can be given in either order. :issue:4459

v2.1.1

Compare Source

Released on 2022-03-30

  • Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python < 3.10. :issue:4502

v2.1.0

Compare Source

Released 2022-03-28

  • Drop support for Python 3.6. :pr:4335

  • Update Click dependency to >= 8.0. :pr:4008

  • Remove previously deprecated code. :pr:4337

    • The CLI does not pass script_info to app factory functions.
    • config.from_json is replaced by config.from_file(name, load=json.load).
    • json functions no longer take an encoding parameter.
    • safe_join is removed, use werkzeug.utils.safe_join instead.
    • total_seconds is removed, use timedelta.total_seconds instead.
    • The same blueprint cannot be registered with the same name. Use name= when registering to specify a unique name.
    • The test client's as_tuple parameter is removed. Use response.request.environ instead. :pr:4417

  • Some parameters in send_file and send_from_directory were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible.

    • attachment_filename is renamed to download_name.
    • cache_timeout is renamed to max_age.
    • add_etags is renamed to etag.
    • filename is renamed to path.

  • The RequestContext.g property is deprecated. Use g directly or AppContext.g instead. :issue:3898

  • copy_current_request_context can decorate async functions. :pr:4303

  • The CLI uses importlib.metadata instead of pkg_resources to load command entry points. :issue:4419

  • Overriding FlaskClient.open will not cause an error on redirect. :issue:3396

  • Add an --exclude-patterns option to the flask run CLI command to specify patterns that will be ignored by the reloader. :issue:4188

  • When using lazy loading (the default with the debugger), the Click context from the flask run command remains available in the loader thread. :issue:4460

  • Deleting the session cookie uses the httponly flag. :issue:4485

  • Relax typing for errorhandler to allow the user to use more precise types and decorate the same function multiple times. :issue:4095, 4295, 4297

  • Fix typing for __exit__ methods for better compatibility with ExitStack. :issue:4474

  • From Werkzeug, for redirect responses the Location header URL will remain relative, and exclude the scheme and domain, by default. :pr:4496

  • Add Config.from_prefixed_env() to load config values from environment variables that start with FLASK_ or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:4479

v2.0.3

Compare Source

Released 2022-02-14

  • The test client's as_tuple parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use response.request.environ instead. :pr:4341
  • Fix type annotation for errorhandler decorator. :issue:4295
  • Revert a change to the CLI that caused it to hide ImportError tracebacks when importing the application. :issue:4307
  • app.json_encoder and json_decoder are only passed to dumps and loads if they have custom behavior. This improves performance, mainly on PyPy. :issue:4349
  • Clearer error message when after_this_request is used outside a request context. :issue:4333

v2.0.2

Compare Source

Released 2021-10-04

  • Fix type annotation for teardown_* methods. :issue:4093
  • Fix type annotation for before_request and before_app_request decorators. :issue:4104
  • Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:4098
  • Support View and MethodView instances with async handlers. :issue:4112
  • Enhance typing of app.errorhandler decorator. :issue:4095
  • Fix registering a blueprint twice with differing names. :issue:4124
  • Fix the type of static_folder to accept pathlib.Path. :issue:4150
  • jsonify handles decimal.Decimal by encoding to str. :issue:4157
  • Correctly handle raising deferred errors in CLI lazy loading. :issue:4096
  • The CLI loader handles **kwargs in a create_app function. :issue:4170
  • Fix the order of before_request and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:4229

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar Sep 27 '24 09:09 renovate[bot]