Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.2.5
->==3.1.0
Release Notes
pallets/flask (Flask)
v3.1.0
Compare Source
Released 2024-11-13
5623
Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:
5624,5633
responses. :pr:
5496
Flask.open_resource
/open_instance_resource
andBlueprint.open_resource
take anencoding
parameter to use whenopening in text mode. It defaults to
utf-8
. :issue:5504
Request.max_content_length
can be customized per-request instead of onlythrough the
MAX_CONTENT_LENGTH
config. AddedMAX_FORM_MEMORY_SIZE
andMAX_FORM_PARTS
config. Added documentationabout resource limits to the security page. :issue:
5625
Partitioned
cookie attribute (CHIPS), with theSESSION_COOKIE_PARTITIONED
config. :issue:5472
-e path
takes precedence over default.env
and.flaskenv
files.load_dotenv
loads default files in addition to a path unlessload_defaults=False
is passed. :issue:5628
SECRET_KEY_FALLBACKS
config, a list of oldsecret keys that can still be used for unsigning. Extensions will need to
add support. :issue:
5621
host_matching=True
orsubdomain_matching=False
interacts with
SERVER_NAME
. SettingSERVER_NAME
no longer restrictsrequests to only that domain. :issue:
5553
Request.trusted_hosts
is checked during routing, and can be set throughthe
TRUSTED_HOSTS
config. :issue:5636
v3.0.3
Compare Source
Released 2024-04-07
hashlib.sha1
may not be available in FIPS builds. Don'taccess it at import time so the developer has time to change the default.
:issue:
5448
cli
attribute in the sansio scaffold, but rather inthe
Flask
concrete class. :pr:5270
v3.0.2
Compare Source
Released 2024-02-03
jinja_loader
property. :issue:5388
--extra-files
and--exclude-patterns
CLI options.:issue:
5391
v3.0.1
Compare Source
Released 2024-01-18
path
argument tosend_file
. :issue:5336
flask run --key
option. :pr:5344
json.loads
object_hook
. This allows other JSON providers that don't implement that.:issue:
5381
5383
v3.0.0
Compare Source
Released 2023-09-30
5223
__version__
attribute. Use feature detection, orimportlib.metadata.version("flask")
, instead. :issue:5230
classes have Sans-IO bases. :pr:
5127
5264
v2.3.3
Compare Source
Released 2023-08-21
flit_core
instead ofsetuptools
as build backend.5160
v2.3.2
Compare Source
Released 2023-05-01
Vary: Cookie
header when the session is accessed, modified, or refreshed.v2.3.1
Compare Source
Released 2023-04-25
from flask import Markup
. :issue:5084
v2.3.0
Compare Source
Released 2023-04-25
Drop support for Python 3.7. :pr:
5072
Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
itsdangerous>=2.1.2, click>=8.1.3.
Remove previously deprecated code. :pr:
4995
push
andpop
methods of the deprecated_app_ctx_stack
and_request_ctx_stack
objects are removed.top
still exists to giveextensions more time to update, but it will be removed.
FLASK_ENV
environment variable,ENV
config key, andapp.env
property are removed.
session_cookie_name
,send_file_max_age_default
,use_x_sendfile
,propagate_exceptions
, andtemplates_auto_reload
properties onapp
are removed.
JSON_AS_ASCII
,JSON_SORT_KEYS
,JSONIFY_MIMETYPE
, andJSONIFY_PRETTYPRINT_REGULAR
config keys are removed.app.before_first_request
andbp.before_app_first_request
decoratorsare removed.
json_encoder
andjson_decoder
attributes on app and blueprint, and thecorresponding
json.JSONEncoder
andJSONDecoder
classes, are removed.json.htmlsafe_dumps
andhtmlsafe_dump
functions are removed.warning. :pr:
4997
Importing
escape
andMarkup
fromflask
is deprecated. Import themdirectly from
markupsafe
instead. :pr:4996
The
app.got_first_request
property is deprecated. :pr:4997
The
locked_cached_property
decorator is deprecated. Use a lock inside thedecorated function if locking is needed. :issue:
4993
Signals are always available.
blinker>=1.6.2
is a required dependency. Thesignals_available
attribute is deprecated. :issue:5056
Signals support
async
subscriber functions. :pr:5049
Remove uses of locks that could cause requests to block each other very briefly.
:issue:
4993
Use modern packaging metadata with
pyproject.toml
instead ofsetup.cfg
.:pr:
4947
Ensure subdomains are applied with nested blueprints. :issue:
4834
config.from_file
can usetext=False
to indicate that the parser wants abinary file instead. :issue:
4989
If a blueprint is created with an empty name it raises a
ValueError
.:issue:
5010
SESSION_COOKIE_DOMAIN
does not fall back toSERVER_NAME
. The default is notto set the domain, which modern browsers interpret as an exact match rather than
a subdomain match. Warnings about
localhost
and IP addresses are also removed.:issue:
5051
The
routes
command shows each rule'ssubdomain
orhost
when domainmatching is in use. :issue:
5004
Use postponed evaluation of annotations. :pr:
5071
Configuration
📅 Schedule: Branch creation - "after 5am on saturday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test
.This PR has been generated by MintMaker (powered by Renovate Bot).