⬆ Update flask requirement from <3.0.0,>=1.1.2 to >=1.1.2,<4.0.0 #12747

dependabot · 2024-11-01T11:05:52Z

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Updates the requirements on flask to permit the latest version.

Release notes

3.0.3

This is a fix release for the 3.0.x feature branch.

PyPI: https://pypi.org/project/Flask/3.0.3/ Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/flask/milestone/35?closed=1

The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. #5448

Don't initialize the cli attribute in the sansio scaffold, but rather in the Flask concrete class. #5270

Changelog

Sourced from flask's changelog.

Version 3.0.3

Released 2024-04-07

The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:5448

Don't initialize the cli attribute in the sansio scaffold, but rather in the Flask concrete class. :pr:5270

Version 3.0.2

Released 2024-02-03

Correct type for jinja_loader property. :issue:5388

Fix error with --extra-files and --exclude-patterns CLI options. :issue:5391

Version 3.0.1

Released 2024-01-18

Correct type for path argument to send_file. :issue:5336

Fix a typo in an error message for the flask run --key option. :pr:5344

Session data is untagged without relying on the built-in json.loads object_hook. This allows other JSON providers that don't implement that. :issue:5381

Address more type findings when using mypy strict mode. :pr:5383

Version 3.0.0

Released 2023-09-30

Remove previously deprecated code. :pr:5223

Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("flask"), instead. :issue:5230

Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:5127

Allow self as an argument to url_for. :pr:5264

Require Werkzeug >= 3.0.0.

Version 2.3.3

... (truncated)

Commits

c12a5d8 release version 3.0.3
5e22cc9 Don't set the cli attribute in the sansio scaffold (#5270)
5fdce4c Don't set the cli attribute in the sansio scaffold
adb7dd9 don't access app.logger when configuring app.logger
b739390 support FIPS builds without SHA-1 (#5460)
db46111 access sha1 lazily
7320e31 start version 3.0.3
87d5f5b update project files (#5457)
d5e321b release version 3.0.2 (#5403)
d203059 release version 3.0.2
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [flask](https://github.com/pallets/flask) to permit the latest version. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@1.1.2...3.0.3) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

…tapi#12747) Updates the requirements on [flask](https://github.com/pallets/flask) to permit the latest version. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@1.1.2...3.0.3) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 1, 2024

github-actions bot added the internal label Nov 1, 2024

alejsdev merged commit fd98edc into master Nov 1, 2024
34 checks passed

alejsdev deleted the dependabot/pip/flask-gte-1.1.2-and-lt-4.0.0 branch November 1, 2024 11:17

potiuk mentioned this pull request Mar 24, 2025

(Re)move old dependencies from the old FAB UI apache/airflow#48007

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

⬆ Update flask requirement from <3.0.0,>=1.1.2 to >=1.1.2,<4.0.0 #12747

⬆ Update flask requirement from <3.0.0,>=1.1.2 to >=1.1.2,<4.0.0 #12747

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

⬆ Update flask requirement from <3.0.0,>=1.1.2 to >=1.1.2,<4.0.0 #12747

⬆ Update flask requirement from <3.0.0,>=1.1.2 to >=1.1.2,<4.0.0 #12747

Uh oh!

Conversation

Uh oh!

3.0.3

Version 3.0.3

Version 3.0.2

Version 3.0.1

Version 3.0.0

Uh oh!

Uh oh!

Uh oh!