Skip to content

Comments

fix(deps) Update dependency Flask to v3 - abandoned#90

Open
renovate[bot] wants to merge 1 commit intodevfrom
renovate/flask-3.x
Open

fix(deps) Update dependency Flask to v3 - abandoned#90
renovate[bot] wants to merge 1 commit intodevfrom
renovate/flask-3.x

Conversation

@renovate
Copy link

@renovate renovate bot commented Oct 1, 2023

This PR contains the following updates:

Package Change Age Confidence
Flask (changelog) ^2.2.2^3.0.0 age confidence

Release Notes

pallets/flask (Flask)

v3.1.2

Compare Source

Released 2025-08-19

  • stream_with_context does not fail inside async views. :issue:5774
  • When using follow_redirects in the test client, the final state
    of session is correct. :issue:5786
  • Relax type hint for passing bytes IO to send_file. :issue:5776

v3.1.1

Compare Source

Released 2025-05-13

  • Fix signing key selection order when key rotation is enabled via
    SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. :issue:5645
  • flask --help loads the app and plugins first to make sure all commands
    are shown. :issue:5673
  • Mark sans-io base class as being able to handle views that return
    AsyncIterable. This is not accurate for Flask, but makes typing easier
    for Quart. :pr:5659

v3.1.0

Compare Source

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases.
    Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option
    responses. :pr:5496
  • Flask.open_resource/open_instance_resource and
    Blueprint.open_resource take an encoding parameter to use when
    opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only
    through the MAX_CONTENT_LENGTH config. Added
    MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
    about resource limits to the security page. :issue:5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the
    SESSION_COOKIE_PARTITIONED config. :issue:5472
  • -e path takes precedence over default .env and .flaskenv files.
    load_dotenv loads default files in addition to a path unless
    load_defaults=False is passed. :issue:5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
    secret keys that can still be used for unsigning. Extensions will need to
    add support. :issue:5621
  • Fix how setting host_matching=True or subdomain_matching=False
    interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
    requests to only that domain. :issue:5553
  • Request.trusted_hosts is checked during routing, and can be set through
    the TRUSTED_HOSTS config. :issue:5636

v3.0.3

Compare Source

Released 2024-04-07

  • The default hashlib.sha1 may not be available in FIPS builds. Don't
    access it at import time so the developer has time to change the default.
    :issue:5448
  • Don't initialize the cli attribute in the sansio scaffold, but rather in
    the Flask concrete class. :pr:5270

v3.0.2

Compare Source

Released 2024-02-03

  • Correct type for jinja_loader property. :issue:5388
  • Fix error with --extra-files and --exclude-patterns CLI options.
    :issue:5391

v3.0.1

Compare Source

Released 2024-01-18

  • Correct type for path argument to send_file. :issue:5336
  • Fix a typo in an error message for the flask run --key option. :pr:5344
  • Session data is untagged without relying on the built-in json.loads
    object_hook. This allows other JSON providers that don't implement that.
    :issue:5381
  • Address more type findings when using mypy strict mode. :pr:5383

v3.0.0

Compare Source

Released 2023-09-30

  • Remove previously deprecated code. :pr:5223
  • Deprecate the __version__ attribute. Use feature detection, or
    importlib.metadata.version("flask"), instead. :issue:5230
  • Restructure the code such that the Flask (app) and Blueprint
    classes have Sans-IO bases. :pr:5127
  • Allow self as an argument to url_for. :pr:5264
  • Require Werkzeug >= 3.0.0.

v2.3.3

Compare Source

Released 2023-08-21

  • Python 3.12 compatibility.
  • Require Werkzeug >= 2.3.7.
  • Use flit_core instead of setuptools as build backend.
  • Refactor how an app's root and instance paths are determined. :issue:5160

v2.3.2

Compare Source

Released 2023-05-01

  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.
  • Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.
    :ghsa:m2qf-hxjv-5gpq

v2.3.1

Compare Source

Released 2023-04-25

  • Restore deprecated from flask import Markup. :issue:5084

v2.3.0

Compare Source

Released 2023-04-25

  • Drop support for Python 3.7. :pr:5072

  • Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
    itsdangerous>=2.1.2, click>=8.1.3.

  • Remove previously deprecated code. :pr:4995

    • The push and pop methods of the deprecated _app_ctx_stack and
      _request_ctx_stack objects are removed. top still exists to give
      extensions more time to update, but it will be removed.
    • The FLASK_ENV environment variable, ENV config key, and app.env
      property are removed.
    • The session_cookie_name, send_file_max_age_default, use_x_sendfile,
      propagate_exceptions, and templates_auto_reload properties on app
      are removed.
    • The JSON_AS_ASCII, JSON_SORT_KEYS, JSONIFY_MIMETYPE, and
      JSONIFY_PRETTYPRINT_REGULAR config keys are removed.
    • The app.before_first_request and bp.before_app_first_request decorators
      are removed.
    • json_encoder and json_decoder attributes on app and blueprint, and the
      corresponding json.JSONEncoder and JSONDecoder classes, are removed.
    • The json.htmlsafe_dumps and htmlsafe_dump functions are removed.
    • Calling setup methods on blueprints after registration is an error instead of a
      warning. :pr:4997
  • Importing escape and Markup from flask is deprecated. Import them
    directly from markupsafe instead. :pr:4996

  • The app.got_first_request property is deprecated. :pr:4997

  • The locked_cached_property decorator is deprecated. Use a lock inside the
    decorated function if locking is needed. :issue:4993

  • Signals are always available. blinker>=1.6.2 is a required dependency. The
    signals_available attribute is deprecated. :issue:5056

  • Signals support async subscriber functions. :pr:5049

  • Remove uses of locks that could cause requests to block each other very briefly.
    :issue:4993

  • Use modern packaging metadata with pyproject.toml instead of setup.cfg.
    :pr:4947

  • Ensure subdomains are applied with nested blueprints. :issue:4834

  • config.from_file can use text=False to indicate that the parser wants a
    binary file instead. :issue:4989

  • If a blueprint is created with an empty name it raises a ValueError.
    :issue:5010

  • SESSION_COOKIE_DOMAIN does not fall back to SERVER_NAME. The default is not
    to set the domain, which modern browsers interpret as an exact match rather than
    a subdomain match. Warnings about localhost and IP addresses are also removed.
    :issue:5051

  • The routes command shows each rule's subdomain or host when domain
    matching is in use. :issue:5004

  • Use postponed evaluation of annotations. :pr:5071


Configuration

📅 Schedule: Branch creation - "before 10pm on Sunday" in timezone America/Chicago, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Author

renovate bot commented Oct 1, 2023

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock
Updating dependencies
Resolving dependencies...


The current project's Python requirement (>=3.7.2,<4.0.0) is not compatible with some of the required packages Python requirement:
  - flask requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8
  - flask requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8

Because no versions of flask match >3.0.0,<3.0.1 || >3.0.1,<4.0.0
 and flask (3.0.0) requires Python >=3.8, flask is forbidden.
So, because flask (3.0.1) requires Python >=3.8
 and flask-session2 depends on Flask (^3.0.0), version solving failed.

  • Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties
    
    For flask, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"

    https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
    https://python-poetry.org/docs/dependency-specification/#using-environment-markers

@renovate renovate bot force-pushed the renovate/flask-3.x branch from fe8df9c to a5247ed Compare October 1, 2023 10:20
@renovate renovate bot force-pushed the renovate/flask-3.x branch from a5247ed to 236a651 Compare October 8, 2023 10:32
@renovate renovate bot force-pushed the renovate/flask-3.x branch 3 times, most recently from 9315304 to 6d61700 Compare October 22, 2023 09:29
@renovate renovate bot force-pushed the renovate/flask-3.x branch from 6d61700 to cb4aa85 Compare October 29, 2023 10:04
@dmtzs
Copy link

dmtzs commented Nov 5, 2023

@christopherpickering , can we merge this PR? I need this library for flask 3.0.0, also dont know if should be necessary to correct some of the checks before merging? also some of the fails are because of the limit in flask version

@renovate renovate bot force-pushed the renovate/flask-3.x branch 3 times, most recently from 4f1012a to bbd060f Compare November 12, 2023 09:48
@renovate renovate bot force-pushed the renovate/flask-3.x branch 2 times, most recently from e4decf5 to b51de5b Compare November 19, 2023 10:41
@renovate renovate bot force-pushed the renovate/flask-3.x branch 2 times, most recently from 912d846 to ce2cdef Compare November 26, 2023 09:54
@renovate renovate bot force-pushed the renovate/flask-3.x branch 3 times, most recently from bca7db8 to 04813d2 Compare December 10, 2023 09:21
@renovate renovate bot force-pushed the renovate/flask-3.x branch 4 times, most recently from a3c982d to c99fe8d Compare December 17, 2023 09:13
@renovate renovate bot force-pushed the renovate/flask-3.x branch from c99fe8d to fcf2e75 Compare December 24, 2023 09:58
@renovate renovate bot force-pushed the renovate/flask-3.x branch 2 times, most recently from d7ff77a to d2fcbe9 Compare January 4, 2024 14:07
@renovate renovate bot force-pushed the renovate/flask-3.x branch from d2fcbe9 to 1698aa2 Compare January 14, 2024 09:06
@renovate renovate bot force-pushed the renovate/flask-3.x branch 2 times, most recently from b0f3952 to b802ad0 Compare January 21, 2024 14:12
@renovate
Copy link
Author

renovate bot commented Aug 6, 2024

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock
Updating dependencies
Resolving dependencies...


The current project's Python requirement (>=3.7.2,<4.0.0) is not compatible with some of the required packages Python requirement:
  - flask requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8
  - flask requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8
  - flask requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8
  - flask requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8
  - flask requires Python >=3.9, so it will not be satisfied for Python >=3.7.2,<3.9
  - flask requires Python >=3.9, so it will not be satisfied for Python >=3.7.2,<3.9
  - flask requires Python >=3.9, so it will not be satisfied for Python >=3.7.2,<3.9
  - flask requires Python >=3.9, so it will not be satisfied for Python >=3.7.2,<3.9

Because no versions of flask match >3.0.0,<3.0.1 || >3.0.1,<3.0.2 || >3.0.2,<3.0.3 || >3.0.3,<3.1.0 || >3.1.0,<3.1.1 || >3.1.1,<3.1.2 || >3.1.2,<3.1.3 || >3.1.3,<4.0.0
 and flask (3.0.0) requires Python >=3.8, flask is forbidden.
And because flask (3.0.1) requires Python >=3.8
 and flask (3.0.2) requires Python >=3.8, flask is forbidden.
And because flask (3.0.3) requires Python >=3.8
 and flask (3.1.0) requires Python >=3.9, flask is forbidden.
And because flask (3.1.1) requires Python >=3.9
 and flask (3.1.2) requires Python >=3.9, flask is forbidden.
So, because flask (3.1.3) requires Python >=3.9
 and flask-session2 depends on Flask (^3.0.0), version solving failed.

  • Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties
    
    For flask, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.9,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.9,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.9,<4.0.0"
    For flask, a possible solution would be to set the `python` property to ">=3.9,<4.0.0"

    https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
    https://python-poetry.org/docs/dependency-specification/#using-environment-markers

@renovate renovate bot force-pushed the renovate/flask-3.x branch from b802ad0 to 60b3be9 Compare August 6, 2024 11:08
@renovate renovate bot changed the title fix(deps) Update dependency Flask to v3 fix(deps) Update dependency Flask to v3 - abandoned Feb 19, 2026
@renovate
Copy link
Author

renovate bot commented Feb 19, 2026

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant