Bump flask from 1.1.2 to 2.0.0

[dependabot-preview[bot]]

Bumps flask from 1.1.2 to 2.0.0.

Release notes

Sourced from flask's releases.

2.0.0

New major versions of all the core Pallets libraries, including Flask 2.0, have been released! :tada:

• Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
• Read the full list of changes: https://flask.palletsprojects.com/changes/#version-2-0-0
• Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
• Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

2.0.0rc2

• Changes: https://flask.palletsprojects.com/en/master/changes#version-2-0-0

2.0.0rc1

• Changes: https://flask.palletsprojects.com/en/master/changes/#version-2-0-0

Changelog

Sourced from flask's changelog.

Version 2.0.0

Released 2021-05-11

• Drop support for Python 2 and 3.5.
• Bump minimum versions of other Pallets projects: Werkzeug >= 2, Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
• JSON support no longer uses simplejson. To use another JSON module, override app.json_encoder and json_decoder. 3555
• The encoding option to JSON functions is deprecated. 3562
• Passing script_info to app factory functions is deprecated. This was not portable outside the flask command. Use click.get_current_context().obj if it's needed. 3552
• The CLI shows better error messages when the app failed to load when looking up commands. 2741
• Add sessions.SessionInterface.get_cookie_name to allow setting the session cookie name dynamically. 3369
• Add Config.from_file to load config using arbitrary file loaders, such as toml.load or json.load. Config.from_json is deprecated in favor of this. 3398
• The flask run command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. 3431
• send_file raises a ValueError when passed an io object in text mode. Previously, it would respond with 200 OK and an empty file. 3358
• When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. 3492
• When specifying a factory function with FLASK_APP, keyword argument can be passed. 3553
• When loading a .env or .flaskenv file, the current working directory is no longer changed to the location of the file. 3560
• When returning a (response, headers) tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the Content-Type for jsonify(). Use response.headers.extend() if extending is desired. 3628
• The Scaffold class provides a common API for the Flask and Blueprint classes. Blueprint information is stored in attributes just like Flask, rather than opaque lambda functions. This is intended to improve consistency and maintainability. 3215
• Include samesite and secure options when removing the session cookie. 3726
• Support passing a pathlib.Path to static_folder. 3579
• send_file and send_from_directory are wrappers around the implementations in werkzeug.utils. 3828
• Some send_file parameters have been renamed, the old names are deprecated. attachment_filename is renamed to download_name. cache_timeout is renamed to max_age. add_etags is renamed to etag. 3828, 3883
• send_file passes download_name even if as_attachment=False by using Content-Disposition: inline. 3828
• send_file sets conditional=True and max_age=None by default. Cache-Control is set to no-cache if max_age is not set, otherwise public. This tells browsers to validate conditional requests instead of using a timed cache. 3828
• helpers.safe_join is deprecated. Use werkzeug.utils.safe_join instead. 3828
• The request context does route matching before opening the session. This could allow a session interface to change behavior based on request.endpoint. 3776
• Use Jinja's implementation of the |tojson filter. 3881
• Add route decorators for common HTTP methods. For example, @app.post("/login") is a shortcut for @app.route("/login", methods=["POST"]). 3907
• Support async views, error handlers, before and after request, and teardown functions. 3412
• Support nesting blueprints. 593, 1548, 3923
• Set the default encoding to "UTF-8" when loading .env and .flaskenv files to allow to use non-ASCII characters. 3931
• flask shell sets up tab and history completion like the default python shell if readline is installed. 3941
• helpers.total_seconds() is deprecated. Use timedelta.total_seconds() instead. 3962
• Add type hinting. 3973.

Commits

• 2f0c62f Merge pull request #4007 from pallets/release-2.0.0
• f8e63d3 release version 2.0.0
• 1403d35 update type annotations
• 3a5532b update pallets projects minimum versions
• f8f0caf update requirements
• 9c1e7f6 Merge pull request #4005 from pallets/pre-commit-ci-schedule
• 8b72f6a update pre-commit monthly
• 28262c3 Merge pull request #3999 from greyli/improve-cli-docs
• 531671c Improve the wording of using FLASK_APP
• 2c88e8a Merge pull request #4003 from pallets/autodoc-typehints
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #32.