Even though it seems like connexion 2.14.1 could support flask versions up until 3.XX:
po/apps/schematic/api$ poetry show connexion
name : connexion
version : 2.14.1
description : Connexion - API first applications with OpenAPI/Swagger and Flask
dependencies
- clickclick >=1.2,<21
- flask >=1.0.4,<3
- inflection >=0.3.1,<0.6
- itsdangerous >=0.24
- jsonschema >=2.5.1,<5
- packaging >=20
- PyYAML >=5.1,<7
- requests >=2.9.1,<3
- swagger-ui-bundle >=0.0.2,<0.1
- werkzeug >=1.0,<3
In reality, when importing connexion with flask 2.3 and above, it would trigger an error below:
============================================== ERRORS ==============================================
__________________________________ ERROR collecting test session ___________________________________
/home/vscode/.pyenv/versions/3.10.14/lib/python3.10/importlib/__init__.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
<frozen importlib._bootstrap>:1050: in _gcd_import
???
<frozen importlib._bootstrap>:1027: in _find_and_load
???
<frozen importlib._bootstrap>:992: in _find_and_load_unlocked
???
<frozen importlib._bootstrap>:241: in _call_with_frames_removed
???
<frozen importlib._bootstrap>:1050: in _gcd_import
???
<frozen importlib._bootstrap>:1027: in _find_and_load
???
<frozen importlib._bootstrap>:1006: in _find_and_load_unlocked
???
<frozen importlib._bootstrap>:688: in _load_unlocked
???
<frozen importlib._bootstrap_external>:883: in exec_module
???
<frozen importlib._bootstrap>:241: in _call_with_frames_removed
???
schematic_api/test/__init__.py:3: in <module>
import connexion
.venv/lib/python3.10/site-packages/connexion/__init__.py:32: in <module>
from .apps.flask_app import FlaskApp
.venv/lib/python3.10/site-packages/connexion/apps/flask_app.py:151: in <module>
class FlaskJSONEncoder(json.JSONEncoder):
E AttributeError: module 'flask.json' has no attribute 'JSONEncoder'
Some security risks might be able to resolve after updating connexion to 3.0.0 but I decided not to update connexion in this PR since it will involve resolving breaking changes in the code. (see details in ticket: https://sagebionetworks.jira.com/browse/FDS-2045)
For other packages, cryptography is showing as 42.0.5 and werkzeug is showing as 2.3.8
Context
Related to: https://sagebionetworks.jira.com/browse/FDS-1966 Updated packages to avoid security issues.
Important note
Even though it seems like connexion 2.14.1 could support flask versions up until 3.XX:
In reality, when importing connexion with flask 2.3 and above, it would trigger an error below:
Some security risks might be able to resolve after updating connexion to 3.0.0 but I decided not to update connexion in this PR since it will involve resolving breaking changes in the code. (see details in ticket: https://sagebionetworks.jira.com/browse/FDS-2045)
For other packages, cryptography is showing as 42.0.5 and werkzeug is showing as 2.3.8