Changelog
### 2.0.1
```
-------------
Released 2021-05-21
- Re-add the ``filename`` parameter in ``send_from_directory``. The
``filename`` parameter has been renamed to ``path``, the old name
is deprecated. :pr:`4019`
- Mark top-level names as exported so type checking understands
imports in user projects. :issue:`4024`
- Fix type annotation for ``g`` and inform mypy that it is a namespace
object that has arbitrary attributes. :issue:`4020`
- Fix some types that weren't available in Python 3.6.0. :issue:`4040`
- Improve typing for ``send_file``, ``send_from_directory``, and
``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
- Show an error when a blueprint name contains a dot. The ``.`` has
special meaning, it is used to separate (nested) blueprint names and
the endpoint name. :issue:`4041`
- Combine URL prefixes when nesting blueprints that were created with
a ``url_prefix`` value. :issue:`4037`
- Roll back a change to the order that URL matching was done. The
URL is again matched after the session is loaded, so the session is
available in custom URL converters. :issue:`4053`
- Re-add deprecated ``Config.from_json``, which was accidentally
removed early. :issue:`4078`
- Improve typing for some functions using ``Callable`` in their type
signatures, focusing on decorator factories. :issue:`4060`
- Nested blueprints are registered with their dotted name. This allows
different blueprints with the same name to be nested at different
locations. :issue:`4069`
- ``register_blueprint`` takes a ``name`` option to change the
(pre-dotted) name the blueprint is registered with. This allows the
same blueprint to be registered multiple times with unique names for
``url_for``. Registering the same blueprint with the same name
multiple times is deprecated. :issue:`1091`
- Improve typing for ``stream_with_context``. :issue:`4052`
```
### 2.0.0
```
-------------
Released 2021-05-11
- Drop support for Python 2 and 3.5.
- Bump minimum versions of other Pallets projects: Werkzeug >= 2,
Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
to check the change logs for each project. For better compatibility
with other applications (e.g. Celery) that still require Click 7,
there is no hard dependency on Click 8 yet, but using Click 7 will
trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
- JSON support no longer uses simplejson. To use another JSON module,
override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
- The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
- Passing ``script_info`` to app factory functions is deprecated. This
was not portable outside the ``flask`` command. Use
``click.get_current_context().obj`` if it's needed. :issue:`3552`
- The CLI shows better error messages when the app failed to load
when looking up commands. :issue:`2741`
- Add :meth:`sessions.SessionInterface.get_cookie_name` to allow
setting the session cookie name dynamically. :pr:`3369`
- Add :meth:`Config.from_file` to load config using arbitrary file
loaders, such as ``toml.load`` or ``json.load``.
:meth:`Config.from_json` is deprecated in favor of this. :pr:`3398`
- The ``flask run`` command will only defer errors on reload. Errors
present during the initial call will cause the server to exit with
the traceback immediately. :issue:`3431`
- :func:`send_file` raises a :exc:`ValueError` when passed an
:mod:`io` object in text mode. Previously, it would respond with
200 OK and an empty file. :issue:`3358`
- When using ad-hoc certificates, check for the cryptography library
instead of PyOpenSSL. :pr:`3492`
- When specifying a factory function with ``FLASK_APP``, keyword
argument can be passed. :issue:`3553`
- When loading a ``.env`` or ``.flaskenv`` file, the current working
directory is no longer changed to the location of the file.
:pr:`3560`
- When returning a ``(response, headers)`` tuple from a view, the
headers replace rather than extend existing headers on the response.
For example, this allows setting the ``Content-Type`` for
``jsonify()``. Use ``response.headers.extend()`` if extending is
desired. :issue:`3628`
- The ``Scaffold`` class provides a common API for the ``Flask`` and
``Blueprint`` classes. ``Blueprint`` information is stored in
attributes just like ``Flask``, rather than opaque lambda functions.
This is intended to improve consistency and maintainability.
:issue:`3215`
- Include ``samesite`` and ``secure`` options when removing the
session cookie. :pr:`3726`
- Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
- ``send_file`` and ``send_from_directory`` are wrappers around the
implementations in ``werkzeug.utils``. :pr:`3828`
- Some ``send_file`` parameters have been renamed, the old names are
deprecated. ``attachment_filename`` is renamed to ``download_name``.
``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
renamed to ``etag``. :pr:`3828, 3883`
- ``send_file`` passes ``download_name`` even if
``as_attachment=False`` by using ``Content-Disposition: inline``.
:pr:`3828`
- ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
not set, otherwise ``public``. This tells browsers to validate
conditional requests instead of using a timed cache. :pr:`3828`
- ``helpers.safe_join`` is deprecated. Use
``werkzeug.utils.safe_join`` instead. :pr:`3828`
- The request context does route matching before opening the session.
This could allow a session interface to change behavior based on
``request.endpoint``. :issue:`3776`
- Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
- Add route decorators for common HTTP methods. For example,
``app.post("/login")`` is a shortcut for
``app.route("/login", methods=["POST"])``. :pr:`3907`
- Support async views, error handlers, before and after request, and
teardown functions. :pr:`3412`
- Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
- Set the default encoding to "UTF-8" when loading ``.env`` and
``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
- ``flask shell`` sets up tab and history completion like the default
``python`` shell if ``readline`` is installed. :issue:`3941`
- ``helpers.total_seconds()`` is deprecated. Use
``timedelta.total_seconds()`` instead. :pr:`3962`
- Add type hinting. :pr:`3973`.
```
### 1.1.4
```
-------------
Released 2021-05-13
- Update ``static_folder`` to use ``_compat.fspath`` instead of
``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`
```
### 1.1.3
```
-------------
Released 2021-05-13
- Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
:issue:`4043`
- Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
:pr:`3579`
```
Links
- PyPI: https://pypi.org/project/flask
- Changelog: https://pyup.io/changelogs/flask/
- Homepage: https://palletsprojects.com/p/flask
Changelog
### 4.2.0
```
++++++++++++++++++
* You may now set a proxy to use when making web service requests by passing
the ``proxy`` parameter to the ``AsyncClient`` or ``Client`` constructor.
```
Links
- PyPI: https://pypi.org/project/geoip2
- Changelog: https://pyup.io/changelogs/geoip2/
- Homepage: http://www.maxmind.com/
- Docs: https://pythonhosted.org/geoip2/
Changelog
### 3.9.0
```
-----
* New option ``allow_loading_external_files=False`` when loading externally
referenced file URLs. E.g. ``<link rel=stylesheet href=/path/to/file.css>``
Be careful to enable this if the HTML loaded isn't trusted. **Big security risk
otherwise**.
```
Links
- PyPI: https://pypi.org/project/premailer
- Changelog: https://pyup.io/changelogs/premailer/
- Repo: http://github.com/peterbe/premailer
Changelog
### 1.4.17
```
:released: May 29, 2021
.. change::
:tags: bug, orm, regression
:tickets: 6558
Fixed regression caused by just-released performance fix mentioned in 6550
where a query.join() to a relationship could produce an AttributeError if
the query were made against non-ORM structures only, a fairly unusual
calling pattern.
.. changelog::
```
### 1.4.16
```
:released: May 28, 2021
.. change::
:tags: bug, engine
:tickets: 6482
Fixed issue where an ` sign in the database portion of a URL would not
be interpreted correctly if the URL also had a username:password section.
.. change::
:tags: bug, ext
:tickets: 6529
Fixed a deprecation warning that was emitted when using
:func:`_automap.automap_base` without passing an existing
``Base``.
.. change::
:tags: bug, pep484
:tickets: 6461
Remove pep484 types from the code.
Current effort is around the stub package, and having typing in
two places makes thing worse, since the types in the SQLAlchemy
source were usually outdated compared to the version in the stubs.
.. change::
:tags: usecase, mssql
:tickets: 6464
Implemented support for a :class:`_sql.CTE` construct to be used directly
as the target of a :func:`_sql.delete` construct, i.e. "WITH ... AS cte
DELETE FROM cte". This appears to be a useful feature of SQL Server.
.. change::
:tags: bug, general
:tickets: 6540, 6543
Resolved various deprecation warnings which were appearing as of Python
version 3.10.0b1.
.. change::
:tags: bug, orm
:tickets: 6471
Fixed issue when using :paramref:`_orm.relationship.cascade_backrefs`
parameter set to ``False``, which per :ref:`change_5150` is set to become
the standard behavior in SQLAlchemy 2.0, where adding the item to a
collection that uniquifies, such as ``set`` or ``dict`` would fail to fire
a cascade event if the object were already associated in that collection
via the backref. This fix represents a fundamental change in the collection
mechanics by introducing a new event state which can fire off for a
collection mutation even if there is no net change on the collection; the
action is now suited using a new event hook
:meth:`_orm.AttributeEvents.append_wo_mutation`.
.. change::
:tags: bug, orm, regression
:tickets: 6550
Fixed regression involving clause adaption of labeled ORM compound
elements, such as single-table inheritance discriminator expressions with
conditionals or CASE expressions, which could cause aliased expressions
such as those used in ORM join / joinedload operations to not be adapted
correctly, such as referring to the wrong table in the ON clause in a join.
This change also improves a performance bump that was located within the
process of invoking :meth:`_sql.Select.join` given an ORM attribute
as a target.
.. change::
:tags: bug, orm, regression
:tickets: 6495
Fixed regression where the full combination of joined inheritance, global
with_polymorphic, self-referential relationship and joined loading would
fail to be able to produce a query with the scope of lazy loads and object
refresh operations that also attempted to render the joined loader.
.. change::
:tags: bug, engine
:tickets: 6329
Fixed a long-standing issue with :class:`.URL` where query parameters
following the question mark would not be parsed correctly if the URL did
not contain a database portion with a backslash.
.. change::
:tags: bug, sql, regression
:tickets: 6549
Fixed regression in dynamic loader strategy and :func:`_orm.relationship`
overall where the :paramref:`_orm.relationship.order_by` parameter were
stored as a mutable list, which could then be mutated when combined with
additional "order_by" methods used against the dynamic query object,
causing the ORDER BY criteria to continue to grow repetitively.
.. change::
:tags: bug, orm
:tickets: 6484
Enhanced the bind resolution rules for :meth:`_orm.Session.execute` so that
when a non-ORM statement such as an :func:`_sql.insert` construct
nonetheless is built against ORM objects, to the greatest degree possible
the ORM entity will be used to resolve the bind, such as for a
:class:`_orm.Session` that has a bind map set up on a common superclass
without specific mappers or tables named in the map.
.. change::
:tags: bug, regression, ext
:tickets: 6390
Fixed regression in the ``sqlalchemy.ext.instrumentation`` extension that
prevented instrumentation disposal from working completely. This fix
includes both a 1.4 regression fix as well as a fix for a related issue
that existed in 1.3 also. As part of this change, the
:class:`sqlalchemy.ext.instrumentation.InstrumentationManager` class now
has a new method ``unregister()``, which replaces the previous method
``dispose()``, which was not called as of version 1.4.
.. changelog::
```
### 1.4.15
```
:released: May 11, 2021
.. change::
:tags: bug, documentation, mysql
:tickets: 5397
Added support for the ``ssl_check_hostname=`` parameter in mysql connection
URIs and updated the mysql dialect documentation regarding secure
connections. Original pull request courtesy of Jerry Zhao.
.. change::
:tags: bug, orm, regression
:tickets: 6449
Fixed additional regression caused by "eager loaders run on unexpire"
feature :ticket:`1763` where the feature would run for a
``contains_eager()`` eagerload option in the case that the
``contains_eager()`` were chained to an additional eager loader option,
which would then produce an incorrect query as the original query-bound
join criteria were no longer present.
.. change::
:tags: feature, general
:tickets: 6241
A new approach has been applied to the warnings system in SQLAlchemy to
accurately predict the appropriate stack level for each warning
dynamically. This allows evaluating the source of SQLAlchemy-generated
warnings and deprecation warnings to be more straightforward as the warning
will indicate the source line within end-user code, rather than from an
arbitrary level within SQLAlchemy's own source code.
.. change::
:tags: bug, orm
:tickets: 6459
Fixed issue in subquery loader strategy which prevented caching from
working correctly. This would have been seen in the logs as a "generated"
message instead of "cached" for all subqueryload SQL emitted, which by
saturating the cache with new keys would degrade overall performance; it
also would produce "LRU size alert" warnings.
.. change::
:tags: bug, sql
:tickets: 6460
Adjusted the logic added as part of :ticket:`6397` in 1.4.12 so that
internal mutation of the :class:`.BindParameter` object occurs within the
clause construction phase as it did before, rather than in the compilation
phase. In the latter case, the mutation still produced side effects against
the incoming construct and additionally could potentially interfere with
other internal mutation routines.
.. changelog::
```
### 1.4.14
```
:released: May 6, 2021
.. change::
:tags: bug, regression, orm
:tickets: 6426
Fixed regression involving ``lazy='dynamic'`` loader in conjunction with a
detached object. The previous behavior was that the dynamic loader upon
calling methods like ``.all()`` returns empty lists for detached objects
without error, this has been restored; however a warning is now emitted as
this is not the correct result. Other dynamic loader scenarios correctly
raise ``DetachedInstanceError``.
.. change::
:tags: bug, regression, sql
:tickets: 6428
Fixed regression caused by the "empty in" change just made in
:ticket:`6397` 1.4.12 where the expression needs to be parenthesized for
the "not in" use case, otherwise the condition will interfere with the
other filtering criteria.
.. change::
:tags: bug, sql, regression
:tickets: 6436
The :class:`.TypeDecorator` class will now emit a warning when used in SQL
compilation with caching unless the ``.cache_ok`` flag is set to ``True``
or ``False``. A new class-level attribute :attr:`.TypeDecorator.cache_ok`
may be set which will be used as an indication that all the parameters
passed to the object are safe to be used as a cache key if set to ``True``,
``False`` means they are not.
.. change::
:tags: engine, bug, regression
:tickets: 6427
Established a deprecation path for calling upon the
:meth:`_cursor.CursorResult.keys` method for a statement that returns no
rows to provide support for legacy patterns used by the "records" package
as well as any other non-migrated applications. Previously, this would
raise :class:`.ResourceClosedException` unconditionally in the same way as
it does when attempting to fetch rows. While this is the correct behavior
going forward, the :class:`_cursor.LegacyCursorResult` object will now in
this case return an empty list for ``.keys()`` as it did in 1.3, while also
emitting a 2.0 deprecation warning. The :class:`_cursor.CursorResult`, used
when using a 2.0-style "future" engine, will continue to raise as it does
now.
.. change::
:tags: usecase, engine, orm
:tickets: 6288
Applied consistent behavior to the use case of
calling ``.commit()`` or ``.rollback()`` inside of an existing
``.begin()`` context manager, with the addition of potentially
emitting SQL within the block subsequent to the commit or rollback.
This change continues upon the change first added in
:ticket:`6155` where the use case of calling "rollback" inside of
a ``.begin()`` contextmanager block was proposed:
* calling ``.commit()`` or ``.rollback()`` will now be allowed
without error or warning within all scopes, including
that of legacy and future :class:`_engine.Engine`, ORM
:class:`_orm.Session`, asyncio :class:`.AsyncEngine`. Previously,
the :class:`_orm.Session` disallowed this.
* The remaining scope of the context manager is then closed;
when the block ends, a check is emitted to see if the transaction
was already ended, and if so the block returns without action.
* It will now raise **an error** if subsequent SQL of any kind
is emitted within the block, **after** ``.commit()`` or
``.rollback()`` is called. The block should be closed as
the state of the executable object would otherwise be undefined
in this state.
.. changelog::
```
### 1.4.13
```
:released: May 3, 2021
.. change::
:tags: bug, regression, orm
:tickets: 6410
Fixed regression in ``selectinload`` loader strategy that would cause it to
cache its internal state incorrectly when handling relationships that join
across more than one column, such as when using a composite foreign key.
The invalid caching would then cause other unrelated loader operations to
fail.
.. change::
:tags: bug, orm, regression
:tickets: 6414
Fixed regression where :meth:`_orm.Query.filter_by` would not work if the
lead entity were a SQL function or other expression derived from the
primary entity in question, rather than a simple entity or column of that
entity. Additionally, improved the behavior of
:meth:`_sql.Select.filter_by` overall to work with column expressions even
in a non-ORM context.
.. change::
:tags: bug, engine, regression
:tickets: 6408
Restored a legacy transactional behavior that was inadvertently removed
from the :class:`_engine.Connection` as it was never tested as a known use
case in previous versions, where calling upon the
:meth:`_engine.Connection.begin_nested` method, when no transaction is
present, does not create a SAVEPOINT at all and instead starts an outer
transaction, returning a :class:`.RootTransaction` object instead of a
:class:`.NestedTransaction` object. This :class:`.RootTransaction` then
will emit a real COMMIT on the database connection when committed.
Previously, the 2.0 style behavior was present in all cases that would
autobegin a transaction but not commit it, which is a behavioral change.
When using a :term:`2.0 style` connection object, the behavior is unchanged
from previous 1.4 versions; calling :meth:`_future.Connection.begin_nested`
will "autobegin" the outer transaction if not already present, and then as
instructed emit a SAVEPOINT, returning the :class:`.NestedTransaction`
object. The outer transaction is committed by calling upon
:meth:`_future.Connection.commit`, as is "commit-as-you-go" style usage.
In non-"future" mode, while the old behavior is restored, it also
emits a 2.0 deprecation warning as this is a legacy behavior.
.. change::
:tags: bug, asyncio, regression
:tickets: 6409
Fixed a regression introduced by :ticket:`6337` that would create an
``asyncio.Lock`` which could be attached to the wrong loop when
instantiating the async engine before any asyncio loop was started, leading
to an asyncio error message when attempting to use the engine under certain
circumstances.
.. change::
:tags: bug, orm, regression
:tickets: 6419
Fixed regression where using :func:`_orm.selectinload` and
:func:`_orm.subqueryload` to load a two-level-deep path would lead to an
attribute error.
.. change::
:tags: bug, orm, regression
:tickets: 6420
Fixed regression where using the :func:`_orm.noload` loader strategy in
conjunction with a "dynamic" relationship would lead to an attribute error
as the noload strategy would attempt to apply itself to the dynamic loader.
.. change::
:tags: usecase, postgresql
:tickets: 6198
Add support for server side cursors in the pg8000 dialect for PostgreSQL.
This allows use of the
:paramref:`.Connection.execution_options.stream_results` option.
.. changelog::
```
### 1.4.12
```
:released: April 29, 2021
.. change::
:tags: bug, orm, regression, caching
:tickets: 6391
Fixed critical regression where bound parameter tracking as used in the SQL
caching system could fail to track all parameters for the case where the
same SQL expression containing a parameter were used in an ORM-related
query using a feature such as class inheritance, which was then embedded in
an enclosing expression which would make use of that same expression
multiple times, such as a UNION. The ORM would individually copy the
individual SELECT statements as part of compilation with class inheritance,
which then embedded in the enclosing statement would fail to accommodate
for all parameters. The logic that tracks this condition has been adjusted
to work for multiple copies of a parameter.
.. change::
:tags: bug, sql
:tickets: 6258, 6397
Revised the "EMPTY IN" expression to no longer rely upon using a subquery,
as this was causing some compatibility and performance problems. The new
approach for selected databases takes advantage of using a NULL-returning
IN expression combined with the usual "1 != 1" or "1 = 1" expression
appended by AND or OR. The expression is now the default for all backends
other than SQLite, which still had some compatibility issues regarding
tuple "IN" for older SQLite versions.
Third party dialects can still override how the "empty set" expression
renders by implementing a new compiler method
``def visit_empty_set_op_expr(self, type_, expand_op)``, which takes
precedence over the existing
``def visit_empty_set_expr(self, element_types)`` which remains in place.
.. change::
:tags: bug, orm
:tickets: 6350
Fixed two distinct issues mostly affecting
:class:`_hybrid.hybrid_property`, which would come into play under common
mis-configuration scenarios that were silently ignored in 1.3, and now
failed in 1.4, where the "expression" implementation would return a non
:class:`_sql.ClauseElement` such as a boolean value. For both issues, 1.3's
behavior was to silently ignore the mis-configuration and ultimately
attempt to interpret the value as a SQL expression, which would lead to an
incorrect query.
* Fixed issue regarding interaction of the attribute system with
hybrid_property, where if the ``__clause_element__()`` method of the
attribute returned a non-:class:`_sql.ClauseElement` object, an internal
``AttributeError`` would lead the attribute to return the ``expression``
function on the hybrid_property itself, as the attribute error was
against the name ``.expression`` which would invoke the ``__getattr__()``
method as a fallback. This now raises explicitly. In 1.3 the
non-:class:`_sql.ClauseElement` was returned directly.
* Fixed issue in SQL argument coercions system where passing the wrong
kind of object to methods that expect column expressions would fail if
the object were altogether not a SQLAlchemy object, such as a Python
function, in cases where the object were not just coerced into a bound
value. Again 1.3 did not have a comprehensive argument coercion system
so this case would also pass silently.
.. change::
:tags: bug, orm
:tickets: 6378
Fixed issue where using a :class:`_sql.Select` as a subquery in an ORM
context would modify the :class:`_sql.Select` in place to disable
eagerloads on that object, which would then cause that same
:class:`_sql.Select` to not eagerload if it were then re-used in a
top-level execution context.
.. change::
:tags: bug, regression, sql
:tickets: 6343
Fixed regression where usage of the :func:`_sql.text` construct inside the
columns clause of a :class:`_sql.Select` construct, which is better handled
by using a :func:`_sql.literal_column` construct, would nonetheless prevent
constructs like :func:`_sql.union` from working correctly. Other use cases,
such as constructing subuqeries, continue to work the same as in prior
versions where the :func:`_sql.text` construct is silently omitted from the
collection of exported columns. Also repairs similar use within the
ORM.
.. change::
:tags: bug, regression, sql
:tickets: 6261
Fixed regression involving legacy methods such as
:meth:`_sql.Select.append_column` where internal assertions would fail.
.. change::
:tags: usecase, sqlite
:tickets: 6379
Default to using ``SingletonThreadPool`` for in-memory SQLite databases
created using URI filenames. Previously the default pool used was the
``NullPool`` that precented sharing the same database between multiple
engines.
.. change::
:tags: bug, regression, sql
:tickets: 6300
Fixed regression caused by :ticket:`5395` where tuning back the check for
sequences in :func:`_sql.select` now caused failures when doing 2.0-style
querying with a mapped class that also happens to have an ``__iter__()``
method. Tuned the check some more to accommodate this as well as some other
interesting ``__iter__()`` scenarios.
.. change::
:tags: bug, mssql, schema
:tickets: 6345
Add :meth:`_types.TypeEngine.as_generic` support for
:class:`sqlalchemy.dialects.mysql.BIT` columns, mapping
them to :class:`_sql.sqltypes.Boolean`.
.. change::
:tags: bug, orm, regression
:tickets: 6360, 6359
Fixed issue where the new :ref:`autobegin <session_autobegin>` behavior
failed to "autobegin" in the case where an existing persistent object has
an attribute change, which would then impact the behavior of
:meth:`_orm.Session.rollback` in that no snapshot was created to be rolled
back. The "attribute modify" mechanics have been updated to ensure
"autobegin", which does not perform any database work, does occur when
persistent attributes change in the same manner as when
:meth:`_orm.Session.add` is called. This is a regression as in 1.3, the
rollback() method always had a transaction to roll back and would expire
every time.
.. change::
:tags: bug, mssql, regression
:tickets: 6366
Fixed regression caused by :ticket:`6306` which added support for
``DateTime(timezone=True)``, where the previous behavior of the pyodbc
driver of implicitly dropping the tzinfo from a timezone-aware date when
INSERTing into a timezone-naive DATETIME column were lost, leading to a SQL
Server error when inserting timezone-aware datetime objects into
timezone-native database columns.
.. change::
:tags: orm, bug, regression
:tickets: 6386
Fixed regression in ORM where using hybrid property to indicate an
expression from a different entity would confuse the column-labeling logic
in the ORM and attempt to derive the name of the hybrid from that other
class, leading to an attribute error. The owning class of the hybrid
attribute is now tracked along with the name.
.. change::
:tags: orm, bug, regression
:tickets: 6401
Fixed regression in hybrid_property where a hybrid against a SQL function
would generate an ``AttributeError`` when attempting to generate an entry
for the ``.c`` collection of a subquery in some cases; among other things
this would impact its use in cases like that of ``Query.count()``.
.. change::
:tags: bug, postgresql
:tickets: 6373
Fixed very old issue where the :class:`_types.Enum` datatype would not
inherit the :paramref:`_schema.MetaData.schema` parameter of a
:class:`_schema.MetaData` object when that object were passed to the
:class:`_types.Enum` using :paramref:`_types.Enum.metadata`.
.. change::
:tags: bug, orm, dataclasses
:tickets: 6346
Adjusted the declarative scan for dataclasses so that the inheritance
behavior of :func:`_orm.declared_attr` established on a mixin, when using
the new form of having it inside of a ``dataclasses.field()`` construct and
not actually a descriptor attribute on the class, correctly accommodates
the case when the target class to be mapped is a subclass of an existing
mapped class which has already mapped that :func:`_orm.declared_attr`, and
therefore should not be re-applied to this class.
.. change::
:tags: bug, schema, mysql, mariadb, oracle, postgresql
:tickets: 6338
Ensure that the MySQL and MariaDB dialect ignore the
:class:`_sql.Identity` construct while rendering the ``AUTO_INCREMENT``
keyword in a create table.
The Oracle and PostgreSQL compiler was updated to not render
:class:`_sql.Identity` if the database version does not support it
(Oracle < 12 and PostgreSQL < 10). Previously it was rendered regardless
of the database version.
.. change::
:tags: bug, orm
:tickets: 6353
Fixed an issue with the (deprecated in 1.4)
:meth:`_schema.ForeignKeyConstraint.copy` method that caused an error when
invoked with the ``schema`` argument.
.. change::
:tags: bug, engine
:tickets: 6361
Fixed issue where usage of an explicit :class:`.Sequence` would produce
inconsistent "inline" behavior for an :class:`.Insert` construct that
includes multiple values phrases; the first seq would be inline but
subsequent ones would be "pre-execute", leading to inconsistent sequence
ordering. The sequence expressions are now fully inline.
.. changelog::
```
### 1.4.11
```
:released: April 21, 2021
.. change::
:tags: bug, engine, regression
:tickets: 6337
Fixed critical regression caused by the change in :ticket:`5497` where the
connection pool "init" phase no longer occurred within mutexed isolation,
allowing other threads to proceed with the dialect uninitialized, which
could then impact the compilation of SQL statements.
.. change::
:tags: bug, orm, regression, declarative
:tickets: 6331
Fixed regression where recent changes to support Python dataclasses had the
inadvertent effect that an ORM mapped class could not successfully override
the ``__new__()`` method.
.. changelog::
```
### 1.4.10
```
:released: April 20, 2021
.. change::
:tags: bug, declarative, regression
:tickets: 6291
Fixed :func:`_declarative.instrument_declarative` that called
a non existing registry method.
.. change::
:tags: bug, orm
:tickets: 6320
Fixed bug in new :func:`_orm.with_loader_criteria` feature where using a
mixin class with :func:`_orm.declared_attr` on an attribute that were
accessed inside the custom lambda would emit a warning regarding using an
unmapped declared attr, when the lambda callable were first initialized.
This warning is now prevented using special instrumentation for this
lambda initialization step.
.. change::
:tags: usecase, mssql
:tickets: 6306
The :paramref:`_types.DateTime.timezone` parameter when set to ``True``
will now make use of the ``DATETIMEOFFSET`` column type with SQL Server
when used to emit DDL, rather than ``DATETIME`` where the flag was silently
ignored.
.. change::
:tags: orm, bug, regression
:tickets: 6326
Fixed additional regression caused by the "eagerloaders on refresh" feature
added in :ticket:`1763` where the refresh operation historically would set
``populate_existing``, which given the new feature now overwrites pending
changes on eagerly loaded objects when autoflush is false. The
populate_existing flag has been turned off for this case and a more
specific method used to ensure the correct attributes refreshed.
.. change::
:tags: bug, orm, result
:tickets: 6299
Fixed an issue when using 2.0 style execution that prevented using
:meth:`_result.Result.scalar_one` or
:meth:`_result.Result.scalar_one_or_none` after calling
:meth:`_result.Result.unique`, for the case where the ORM is returning a
single-element row in any case.
.. change::
:tags: bug, sql
:tickets: 6327
Fixed issue in SQL compiler where the bound parameters set up for a
:class:`.Values` construct wouldn't be positionally tracked correctly if
inside of a :class:`_sql.CTE`, affecting database drivers that support
VALUES + ctes and use positional parameters such as SQL Server in
particular as well as asyncpg. The fix also repairs support for
compiler flags such as ``literal_binds``.
.. change::
:tags: bug, schema
:tickets: 6287
Fixed issue where :func:`_functions.next_value` was not deriving its type
from the corresponding :class:`_schema.Sequence`, instead hardcoded to
:class:`_types.Integer`. The specific numeric type is now used.
.. change::
:tags: bug, mypy
:tickets: 6255
Fixed issue where mypy plugin would not correctly interpret an explicit
:class:`_orm.Mapped` annotation in conjunction with a
:func:`_orm.relationship` that refers to a class by string name; the
correct annotation would be downgraded to a less specific one leading to
typing errors.
.. change::
:tags: bug, sql
:tickets: 6256
Repaired and solidified issues regarding custom functions and other
arbitrary expression constructs which within SQLAlchemy's column labeling
mechanics would seek to use ``str(obj)`` to get a string representation to
use as an anonymous column name in the ``.c`` collection of a subquery.
This is a very legacy behavior that performs poorly and leads to lots of
issues, so has been revised to no longer perform any compilation by
establishing specific methods on :class:`.FunctionElement` to handle this
case, as SQL functions are the only use case that it came into play. An
effect of this behavior is that an unlabeled column expression with no
derivable name will be given an arbitrary label starting with the prefix
``"_no_label"`` in the ``.c`` collection of a subquery; these were
previously being represented either as the generic stringification of that
expression, or as an internal symbol.
.. change::
:tags: usecase, orm
:ticketS: 6301
Altered some of the behavior repaired in :ticket:`6232` where the
``immediateload`` loader strategy no longer goes into recursive loops; the
modification is that an eager load (joinedload, selectinload, or
subqueryload) from A->bs->B which then states ``immediateload`` for a
simple manytoone B->a->A that's in the identity map will populate the B->A,
so that this attribute is back-populated when the collection of A/A.bs are
loaded. This allows the objects to be functional when detached.
.. changelog::
```
### 1.4.9
```
:released: April 17, 2021
.. change::
:tags: bug, sql, regression
:tickets: 6290
Fixed regression where an empty in statement on a tuple would result
in an error when compiled with the option ``literal_binds=True``.
.. change::
:tags: bug, regression, orm, performance, sql
:tickets: 6304
Fixed a critical performance issue where the traversal of a
:func:`_sql.select` construct would traverse a repetitive product of the
represented FROM clauses as they were each referred towards by columns in
the columns clause; for a series of nested subqueries with lots of columns
this could cause a large delay and significant memory growth. This
traversal is used by a wide variety of SQL and ORM functions, including by
the ORM :class:`_orm.Session` when it's configured to have
"table-per-bind", which while this is not a common use case, it seems to be
what Flask-SQLAlchemy is hardcoded as using, so the issue impacts
Flask-SQLAlchemy users. The traversal has been repaired to uniqify on FROM
clauses which was effectively what would happen implicitly with the pre-1.4
architecture.
.. change::
:tags: bug, postgresql, sql, regression
:tickets: 6303
Fixed an argument error in the default and PostgreSQL compilers that
would interfere with an UPDATE..FROM or DELETE..FROM..USING statement
that was then SELECTed from as a CTE.
.. change::
:tags: bug, orm, regression
:tickets: 6272
Fixed regression where an attribute that is mapped to a
:func:`_orm.synonym` could not be used in column loader options such as
:func:`_orm.load_only`.
.. change::
:tags: usecase, orm
:tickets: 6267
Established support for :func:`_orm.synoynm` in conjunction with
hybrid property, assocaitionproxy is set up completely, including that
synonyms can be established linking to these constructs which work
fully. This is a behavior that was semi-explicitly disallowed previously,
however since it did not fail in every scenario, explicit support
for assoc proxy and hybrids has been added.
.. changelog::
```
### 1.4.8
```
:released: April 15, 2021
.. change::
:tags: change, mypy
Updated Mypy plugin to only use the public plugin interface of the
semantic analyzer.
.. change::
:tags: bug, mssql, regression
:tickets: 6265
Fixed an additional regression in the same area as that of :ticket:`6173`,
:ticket:`6184`, where using a value of 0 for OFFSET in conjunction with
LIMIT with SQL Server would create a statement using "TOP", as was the
behavior in 1.3, however due to caching would then fail to respond
accordingly to other values of OFFSET. If the "0" wasn't first, then it
would be fine. For the fix, the "TOP" syntax is now only emitted if the
OFFSET value is omitted entirely, that is, :meth:`_sql.Select.offset` is
not used. Note that this change now requires that if the "with_ties" or
"percent" modifiers are used, the statement can't specify an OFFSET of
zero, it now needs to be omitted entirely.
.. change::
:tags: bug, engine
The :meth:`_engine.Dialect.has_table` method now raises an informative
exception if a non-Connection is passed to it, as this incorrect behavior
seems to be common. This method is not intended for external use outside
of a dialect. Please use the :meth:`.Inspector.has_table` method
or for cross-compatibility with older SQLAlchemy versions, the
:meth:`_engine.Engine.has_table` method.
.. change::
:tags: bug, regression, sql
:tickets: 6249
Fixed regression where the :class:`_sql.BindParameter` object would not
properly render for an IN expression (i.e. using the "post compile" feature
in 1.4) if the object were copied from either an internal cloning
operation, or from a pickle operation, and the parameter name contained
spaces or other special characters.
.. change::
:tags: bug, mypy
:tickets: 6205
Revised the fix for ``OrderingList`` from version 1.4.7 which was testing
against the incorrect API.
.. change::
:tags: bug, asyncio
:tickets: 6220
Fix typo that prevented setting the ``bind`` attribute of an
:class:`_asyncio.AsyncSession` to the correct value.
.. change::
:tags: feature, sql
:tickets: 3314
The tuple returned by :attr:`.CursorResult.inserted_primary_key` is now a
:class:`_result.Row` object with a named tuple interface on top of the
existing tuple interface.
.. change::
:tags: bug, regression, sql, sqlite
:tickets: 6254
Fixed regression where the introduction of the INSERT syntax "INSERT...
VALUES (DEFAULT)" was not supported on some backends that do however
support "INSERT..DEFAULT VALUES", including SQLite. The two syntaxes are
now each individually supported or non-supported for each dialect, for
example MySQL supports "VALUES (DEFAULT)" but not "DEFAULT VALUES".
Support for Oracle has also been enabled.
.. change::
:tags: bug, regression, orm
:tickets: 6259
Fixed a cache leak involving the :func:`_orm.with_expression` loader
option, where the given SQL expression would not be correctly considered as
part of the cache key.
Additionally, fixed regression involving the corresponding
:func:`_orm.query_expression` feature. While the bug technically exists in
1.3 as well, it was not exposed until 1.4. The "default expr" value of
``null()`` would be rendered when not needed, and additionally was also not
adapted correctly when the ORM rewrites statements such as when using
joined eager loading. The fix ensures "singleton" expressions like ``NULL``
and ``true`` aren't "adapted" to refer to columns in ORM statements, and
additionally ensures that a :func:`_orm.query_expression` with no default
expression doesn't render in the statement if a
:func:`_orm.with_expression` isn't used.
.. change::
:tags: bug, orm
:tickets: 6252
Fixed issue in the new feature of :meth:`_orm.Session.refresh` introduced
by :ticket:`1763` where eagerly loaded relationships are also refreshed,
where the ``lazy="raise"`` and ``lazy="raise_on_sql"`` loader strategies
would interfere with the :func:`_orm.immediateload` loader strategy, thus
breaking the feature for relationships that were loaded with
:func:`_orm.selectinload`, :func:`_orm.subqueryload` as well.
.. changelog::
```
### 1.4.7
```
:released: April 9, 2021
.. change::
:tags: bug, sql, regression
:tickets: 6222
Enhanced the "expanding" feature used for :meth:`_sql.ColumnOperators.in_`
operations to infer the type of expression from the right hand list of
elements, if the left hand side does not have any explicit type set up.
This allows the expression to support stringification among other things.
In 1.3, "expanding" was not automatically used for
:meth:`_sql.ColumnOperators.in_` expressions, so in that sense this change
fixes a behavioral regression.
.. change::
:tags: bug, mypy
Fixed issue in Mypy plugin where the plugin wasn’t inferring the correct
type for columns of subclasses that don’t directly descend from
``TypeEngine``, in particular that of ``TypeDecorator`` and
``UserDefinedType``.
.. change::
:tags: bug, orm, regression
:tickets: 6221
Fixed regression where the :func:`_orm.subqueryload` loader strategy would
fail to correctly accommodate sub-options, such as a :func:`_orm.defer`
option on a column, if the "path" of the subqueryload were more than one
level deep.
.. change::
:tags: bug, sql
Fixed the "stringify" compiler to support a basic stringification
of a "multirow" INSERT statement, i.e. one with multiple tuples
following the VALUES keyword.
.. change::
:tags: bug, orm, regression
:tickets: 6211
Fixed regression where the :func:`_orm.merge_frozen_result` function relied
upon by the dogpile.caching example was not included in tests and began
failing due to incorrect internal arguments.
.. change::
:tags: bug, engine, regression
:tickets: 6218
Fixed up the behavior of the :class:`_result.Row` object when dictionary
access is used upon it, meaning converting to a dict via ``dict(row)`` or
accessing members using strings or other objects i.e. ``row["some_key"]``
works as it would with a dictionary, rather than raising ``TypeError`` as
would be the case with a tuple, whether or not the C extensions are in
place. This was originally supposed to emit a 2.0 deprecation warning for
the "non-future" case using :class:`_result.LegacyRow`, and was to raise
``TypeError`` for the "future" :class:`_result.Row` class. However, the C
version of :class:`_result.Row` was failing to raise this ``TypeError``,
and to complicate matters, the :meth:`_orm.Session.execute` method now
returns :class:`_result.Row` in all cases to maintain consistency with the
ORM result case, so users who didn't have C extensions installed would
see different behavior in this one case for existing pre-1.4 style
code.
Therefore, in order to soften the overall upgrade scheme as most users have
not been exposed to the more strict behavior of :class:`_result.Row` up
through 1.4.6, :class:`_result.LegacyRow` and :class:`_result.Row` both
provide for string-key access as well as support for ``dict(row)``, in all
cases emitting the 2.0 deprecation warning when ``SQLALCHEMY_WARN_20`` is
enabled. The :class:`_result.Row` object still uses tuple-like behavior for
``__contains__``, which is probably the only noticeable behavioral change
compared to :class:`_result.LegacyRow`, other than the removal of
dictionary-style methods ``values()`` and ``items()``.
.. change::
:tags: bug, regression, orm
:tickets: 6233
Fixed critical regression where the :class:`_orm.Session` could fail to
"autobegin" a new transaction when a flush occurred without an existing
transaction in place, implicitly placing the :class:`_orm.Session` into
legacy autocommit mode which commit the transaction. The
:class:`_orm.Session` now has a check that will prevent this condition from
occurring, in addition to repairing the flush issue.
Additionally, scaled back part of the change made as part of :ticket:`5226`
which can run autoflush during an unexpire operation, to not actually
do this in the case of a :class:`_orm.Session` using legacy
:paramref:`_orm.Session.autocommit` mode, as this incurs a commit within
a refresh operation.
.. change::
:tags: change, tests
Added a new flag to :class:`.DefaultDialect` called ``supports_schemas``;
third party dialects may set this flag to ``False`` to disable SQLAlchemy's
schema-level tests when running the test suite for a third party dialect.
.. change::
:tags: bug, regression, schema
:tickets: 6216
Fixed regression where usage of a token in the
:paramref:`_engine.Connection.execution_options.schema_translate_map`
dictionary which contained special characters such as braces would fail to
be substituted properly. Use of square bracket characters ``[]`` is now
explicitly disallowed as these are used as a delimiter character in the
current implementation.
.. change::
:tags: bug, regression, orm
:tickets: 6215
Fixed regression where the ORM compilation scheme would assume the function
name of a hybrid property would be the same as the attribute name in such a
way that an ``AttributeError`` would be raised, when it would attempt to
determine the correct name for each element in a result tuple. A similar
issue exists in 1.3 but only impacts the names of tuple rows. The fix here
adds a check that the hybrid's function name is actually present in the
``__dict__`` of the class or its superclasses before assigning this name;
otherwise, the hybrid is considered to be "unnamed" and ORM result tuples
will use the naming scheme of the underlying expression.
.. change::
:tags: bug, orm, regression
:tickets: 6232
Fixed critical regression caused by the new feature added as part of
:ticket:`1763`, eager loaders are invoked on unexpire operations. The new
feature makes use of the "immediateload" eager loader strategy as a
substitute for a collection loading strategy, which unlike the other
"post-load" strategies was not accommodating for recursive invocations
between mutually-dependent relationships, leading to recursion overflow
errors.
.. changelog::
```
### 1.4.6
```
:released: April 6, 2021
.. change::
:tags: bug, sql, regression, oracle, mssql
:tickets: 6202
Fixed further regressions in the same area as that of :ticket:`6173` released in
1.4.5, where a "postcompile" parameter, again most typically those used for
LIMIT/OFFSET rendering in Oracle and SQL Server, would fail to be processed
correctly if the same parameter rendered in multiple places in the
statement.
.. change::
:tags: bug, orm, regression
:tickets: 6203
Fixed regression where a deprecated form of :meth:`_orm.Query.join` were
used, passing a series of entities to join from without any ON clause in a
single :meth:`_orm.Query.join` call, would fail to function correctly.
.. change::
:tags: bug, mypy
:tickets: 6147
Applied a series of refactorings and fixes to accommodate for Mypy
"incremental" mode across multiple files, which previously was not taken
into account. In this mode the Mypy plugin has to accommodate Python
datatypes expressed in other files coming in with less information than
they have on a direct run.
Additionally, a new decorator :func:`_orm.declarative_mixin` is added,
which is necessary for the Mypy plugin to be able to definifitely identify
a Declarative mixin class that is otherwise not used inside a particular
Python file.
.. seealso::
:ref:`mypy_declarative_mixins`
.. change::
:tags: bug, mypy
:tickets: 6205
Fixed issue where the Mypy plugin would fail to interpret the
"collection_class" of a relationship if it were a callable and not a class.
Also improved type matching and error reporting for collection-oriented
relationships.
.. change::
:tags: bug, sql
:tickets: 6204
Executing a :class:`_sql.Subquery` using :meth:`_engine.Connection.execute`
is deprecated and will emit a deprecation warning; this use case was an
oversight that should have been removed from 1.4. The operation will now
execute the underlying :class:`_sql.Select` object directly for backwards
compatibility. Similarly, the :class:`_sql.CTE` class is also not
appropriate for execution. In 1.3, attempting to execute a CTE would result
in an invalid "blank" SQL statement being executed; since this use case was
not working it now raises :class:`_exc.ObjectNotExecutableError`.
Previously, 1.4 was attempting to execute the CTE as a statement however it
was working only erratically.
.. change::
:tags: bug, regression, orm
:tickets: 6206
Fixed critical regression where the :meth:`_orm.Query.yield_per` method in
the ORM would set up the internal :class:`_engine.Result` to yield chunks
at a time, however made use of the new :meth:`_engine.Result.unique` method
which uniques across the entire result. This would lead to lost rows since
the ORM is using ``id(obj)`` as the uniquing function, which leads to
repeated identifiers for new objects as already-seen objects are garbage
collected. 1.3's behavior here was to "unique" across each chunk, which
does not actually produce "uniqued" results when results are yielded in
chunks. As the :meth:`_orm.Query.yield_per` method is already explicitly
disallowed when joined eager loading is in place, which is the primary
rationale for the "uniquing" feature, the "uniquing" feature is now turned
off entirely when :meth:`_orm.Query.yield_per` is used.
This regression only applies to the legacy :class:`_orm.Query` object; when
using :term:`2.0 style` execution, "uniquing" is not automatically applied.
To prevent the issue from arising from explicit use of
:meth:`_engine.Result.unique`, an error is now raised if rows are fetched
from a "uniqued" ORM-level :class:`_engine.Result` if any
:ref:`yield per <orm_queryguide_yield_per>` API is also in use, as the
purpose of ``yield_per`` is to allow for arbitrarily large numbers of rows,
which cannot be uniqued in memory without growing the number of entries to
fit the complete result size.
.. change::
:tags: usecase, asyncio, postgresql
:tickets: 6199
Added accessors ``.sqlstate`` and synonym ``.pgcode`` to the ``.orig``
attribute of the SQLAlchemy exception class raised by the asyncpg DBAPI
adapter, that is, the intermediary exception object that wraps on top of
that raised by the asyncpg library itself, but below the level of the
SQLAlchemy dialect.
.. changelog::
```
### 1.4.5
```
:released: April 2, 2021
.. change::
:tags: bug, sql, postgresql
:tickets: 6183
Fixed bug in new :meth:`_functions.FunctionElement.render_derived` feature
where column names rendered out explicitly in the alias SQL would not have
proper quoting applied for case sensitive names and other non-alphanumeric
names.
.. change::
:tags: bug, regression, orm
:tickets: 6172
Fixed regression where the :func:`_orm.joinedload` loader strategy would
not successfully joinedload to a mapper that is mapper against a
:class:`.CTE` construct.
.. change::
:tags: bug, regression, sql
:tickets: 6181
Fixed regression where use of the :meth:`.Operators.in_` method with a
:class:`_sql.Select` object against a non-table-bound column would produce
an ``AttributeError``, or more generally using a :class:`_sql.ScalarSelect`
that has no datatype in a binary expression would produce invalid state.
.. change::
:tags: bug, mypy
:tickets: sqlalchemy/sqlalchemy2-stubs/14
Fixed issue in mypy plugin where newly added support for
:func:`_orm.as_declarative` needed to more fully add the
``DeclarativeMeta`` class to the mypy interpreter's state so that it does
not result in a name not found error; additionally improves how global
names are setup for the plugin including the ``Mapped`` name.
.. change::
:tags: bug, mysql, regression
:tickets: 6163
Fixed regression in the MySQL dialect where the reflection query used to
detect if a table exists would fail on very old MySQL 5.0 and 5.1 versions.
.. change::
:tags: bug, sql
:tickets: 6184
Added a new flag to the :class:`_engine.Dialect` class called
:at
Update Flask from 1.1.2 to 2.0.1.
Changelog
### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren't available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Roll back a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug >= 2, Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it's needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add :meth:`sessions.SessionInterface.get_cookie_name` to allow setting the session cookie name dynamically. :pr:`3369` - Add :meth:`Config.from_file` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. :meth:`Config.from_json` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - :func:`send_file` raises a :exc:`ValueError` when passed an :mod:`io` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post("/login")`` is a shortcut for ``app.route("/login", methods=["POST"])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to "UTF-8" when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ```Links
- PyPI: https://pypi.org/project/flask - Changelog: https://pyup.io/changelogs/flask/ - Homepage: https://palletsprojects.com/p/flaskUpdate Flask-Migrate from 2.7.0 to 3.0.1.
Changelog
### 3.0.1 ``` - Add support for Alchemical in addition to Flask-SQLAlchemy ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/113115d7f37a713d1f32be53a1e43564b9bb3dea)) - Remove Flask-Script references from the documentation ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/699e136e1ff8e2e75e6fcd957c4ebf332a4969a9)) ``` ### 3.0.0 ``` - Remove support for Flask-Script [403](https://github.com/miguelgrinberg/flask-migrate/issues/403) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/a1787cf18fb4d5ec7369280afe1a59349f7544b8)) - Use unittest testrunner [397](https://github.com/miguelgrinberg/flask-migrate/issues/397) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/5e75b1b574dd7ee991ca2fae0b2ccd63a0f98d81)) (thanks **Jürgen Gmach**!) - Remove dependency on six package [395](https://github.com/miguelgrinberg/flask-migrate/issues/395) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/4ad897f1c3522ecf529cb83f70ef72bc3c32ba6f)) (thanks **Jürgen Gmach**!) - Added sphinx build files to .gitignore file [394](https://github.com/miguelgrinberg/flask-migrate/issues/394) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/6566e3dc5d5aa6dc7ca7a6228655f0a9d78d42e6)) (thanks **Jürgen Gmach**!) - Fix Sphinx warning [393](https://github.com/miguelgrinberg/flask-migrate/issues/393) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/a2d31b723517a9f72a9735ff70d858f7158dd4b3)) (thanks **Jürgen Gmach**!) ```Links
- PyPI: https://pypi.org/project/flask-migrate - Changelog: https://pyup.io/changelogs/flask-migrate/ - Repo: http://github.com/miguelgrinberg/flask-migrate/ - Docs: https://pythonhosted.org/Flask-Migrate/Update Flask-WTF from 0.14.3 to 0.15.1.
Changelog
### 0.15.1 ``` -------------- Released 2021-05-25 - Add ``python_requires`` metadata to avoid installing on unsupported Python versions. `442`_ .. _442: https://github.com/wtforms/flask-wtf/pull/442 ``` ### 0.15.0 ``` -------------- Released 2021-05-24 - Drop support for Python < 3.6. `416`_ - ``FileSize`` validator. `307`_, `365`_ - Extra requirement ``email`` installs the ``email_validator`` package. `423`_ - Fixed Flask 2.0 warnings. `434`_ - Various documentation fixes. `315`_, `321`_, `335`_, `344`_, `386`_, `400`_, `404`_, `420`_, `437`_ - Various CI fixes. `405`_, `438`_ .. _307: https://github.com/wtforms/flask-wtf/pull/307 .. _315: https://github.com/wtforms/flask-wtf/pull/315 .. _321: https://github.com/wtforms/flask-wtf/pull/321 .. _335: https://github.com/wtforms/flask-wtf/pull/335 .. _344: https://github.com/wtforms/flask-wtf/pull/344 .. _365: https://github.com/wtforms/flask-wtf/pull/365 .. _386: https://github.com/wtforms/flask-wtf/pull/386 .. _400: https://github.com/wtforms/flask-wtf/pull/400 .. _404: https://github.com/wtforms/flask-wtf/pull/404 .. _405: https://github.com/wtforms/flask-wtf/pull/405 .. _416: https://github.com/wtforms/flask-wtf/pull/416 .. _420: https://github.com/wtforms/flask-wtf/pull/420 .. _423: https://github.com/wtforms/flask-wtf/pull/423 .. _434: https://github.com/wtforms/flask-wtf/pull/434 .. _437: https://github.com/wtforms/flask-wtf/pull/437 .. _438: https://github.com/wtforms/flask-wtf/pull/438 ```Links
- PyPI: https://pypi.org/project/flask-wtf - Changelog: https://pyup.io/changelogs/flask-wtf/ - Repo: https://github.com/wtforms/flask-wtf - Docs: https://pythonhosted.org/Flask-WTF/Update geoip2 from 4.1.0 to 4.2.0.
Changelog
### 4.2.0 ``` ++++++++++++++++++ * You may now set a proxy to use when making web service requests by passing the ``proxy`` parameter to the ``AsyncClient`` or ``Client`` constructor. ```Links
- PyPI: https://pypi.org/project/geoip2 - Changelog: https://pyup.io/changelogs/geoip2/ - Homepage: http://www.maxmind.com/ - Docs: https://pythonhosted.org/geoip2/Update premailer from 3.8.0 to 3.9.0.
Changelog
### 3.9.0 ``` ----- * New option ``allow_loading_external_files=False`` when loading externally referenced file URLs. E.g. ``<link rel=stylesheet href=/path/to/file.css>`` Be careful to enable this if the HTML loaded isn't trusted. **Big security risk otherwise**. ```Links
- PyPI: https://pypi.org/project/premailer - Changelog: https://pyup.io/changelogs/premailer/ - Repo: http://github.com/peterbe/premailerUpdate SQLAlchemy from 1.3.24 to 1.4.17.
Changelog
### 1.4.17 ``` :released: May 29, 2021 .. change:: :tags: bug, orm, regression :tickets: 6558 Fixed regression caused by just-released performance fix mentioned in 6550 where a query.join() to a relationship could produce an AttributeError if the query were made against non-ORM structures only, a fairly unusual calling pattern. .. changelog:: ``` ### 1.4.16 ``` :released: May 28, 2021 .. change:: :tags: bug, engine :tickets: 6482 Fixed issue where an ` sign in the database portion of a URL would not be interpreted correctly if the URL also had a username:password section. .. change:: :tags: bug, ext :tickets: 6529 Fixed a deprecation warning that was emitted when using :func:`_automap.automap_base` without passing an existing ``Base``. .. change:: :tags: bug, pep484 :tickets: 6461 Remove pep484 types from the code. Current effort is around the stub package, and having typing in two places makes thing worse, since the types in the SQLAlchemy source were usually outdated compared to the version in the stubs. .. change:: :tags: usecase, mssql :tickets: 6464 Implemented support for a :class:`_sql.CTE` construct to be used directly as the target of a :func:`_sql.delete` construct, i.e. "WITH ... AS cte DELETE FROM cte". This appears to be a useful feature of SQL Server. .. change:: :tags: bug, general :tickets: 6540, 6543 Resolved various deprecation warnings which were appearing as of Python version 3.10.0b1. .. change:: :tags: bug, orm :tickets: 6471 Fixed issue when using :paramref:`_orm.relationship.cascade_backrefs` parameter set to ``False``, which per :ref:`change_5150` is set to become the standard behavior in SQLAlchemy 2.0, where adding the item to a collection that uniquifies, such as ``set`` or ``dict`` would fail to fire a cascade event if the object were already associated in that collection via the backref. This fix represents a fundamental change in the collection mechanics by introducing a new event state which can fire off for a collection mutation even if there is no net change on the collection; the action is now suited using a new event hook :meth:`_orm.AttributeEvents.append_wo_mutation`. .. change:: :tags: bug, orm, regression :tickets: 6550 Fixed regression involving clause adaption of labeled ORM compound elements, such as single-table inheritance discriminator expressions with conditionals or CASE expressions, which could cause aliased expressions such as those used in ORM join / joinedload operations to not be adapted correctly, such as referring to the wrong table in the ON clause in a join. This change also improves a performance bump that was located within the process of invoking :meth:`_sql.Select.join` given an ORM attribute as a target. .. change:: :tags: bug, orm, regression :tickets: 6495 Fixed regression where the full combination of joined inheritance, global with_polymorphic, self-referential relationship and joined loading would fail to be able to produce a query with the scope of lazy loads and object refresh operations that also attempted to render the joined loader. .. change:: :tags: bug, engine :tickets: 6329 Fixed a long-standing issue with :class:`.URL` where query parameters following the question mark would not be parsed correctly if the URL did not contain a database portion with a backslash. .. change:: :tags: bug, sql, regression :tickets: 6549 Fixed regression in dynamic loader strategy and :func:`_orm.relationship` overall where the :paramref:`_orm.relationship.order_by` parameter were stored as a mutable list, which could then be mutated when combined with additional "order_by" methods used against the dynamic query object, causing the ORDER BY criteria to continue to grow repetitively. .. change:: :tags: bug, orm :tickets: 6484 Enhanced the bind resolution rules for :meth:`_orm.Session.execute` so that when a non-ORM statement such as an :func:`_sql.insert` construct nonetheless is built against ORM objects, to the greatest degree possible the ORM entity will be used to resolve the bind, such as for a :class:`_orm.Session` that has a bind map set up on a common superclass without specific mappers or tables named in the map. .. change:: :tags: bug, regression, ext :tickets: 6390 Fixed regression in the ``sqlalchemy.ext.instrumentation`` extension that prevented instrumentation disposal from working completely. This fix includes both a 1.4 regression fix as well as a fix for a related issue that existed in 1.3 also. As part of this change, the :class:`sqlalchemy.ext.instrumentation.InstrumentationManager` class now has a new method ``unregister()``, which replaces the previous method ``dispose()``, which was not called as of version 1.4. .. changelog:: ``` ### 1.4.15 ``` :released: May 11, 2021 .. change:: :tags: bug, documentation, mysql :tickets: 5397 Added support for the ``ssl_check_hostname=`` parameter in mysql connection URIs and updated the mysql dialect documentation regarding secure connections. Original pull request courtesy of Jerry Zhao. .. change:: :tags: bug, orm, regression :tickets: 6449 Fixed additional regression caused by "eager loaders run on unexpire" feature :ticket:`1763` where the feature would run for a ``contains_eager()`` eagerload option in the case that the ``contains_eager()`` were chained to an additional eager loader option, which would then produce an incorrect query as the original query-bound join criteria were no longer present. .. change:: :tags: feature, general :tickets: 6241 A new approach has been applied to the warnings system in SQLAlchemy to accurately predict the appropriate stack level for each warning dynamically. This allows evaluating the source of SQLAlchemy-generated warnings and deprecation warnings to be more straightforward as the warning will indicate the source line within end-user code, rather than from an arbitrary level within SQLAlchemy's own source code. .. change:: :tags: bug, orm :tickets: 6459 Fixed issue in subquery loader strategy which prevented caching from working correctly. This would have been seen in the logs as a "generated" message instead of "cached" for all subqueryload SQL emitted, which by saturating the cache with new keys would degrade overall performance; it also would produce "LRU size alert" warnings. .. change:: :tags: bug, sql :tickets: 6460 Adjusted the logic added as part of :ticket:`6397` in 1.4.12 so that internal mutation of the :class:`.BindParameter` object occurs within the clause construction phase as it did before, rather than in the compilation phase. In the latter case, the mutation still produced side effects against the incoming construct and additionally could potentially interfere with other internal mutation routines. .. changelog:: ``` ### 1.4.14 ``` :released: May 6, 2021 .. change:: :tags: bug, regression, orm :tickets: 6426 Fixed regression involving ``lazy='dynamic'`` loader in conjunction with a detached object. The previous behavior was that the dynamic loader upon calling methods like ``.all()`` returns empty lists for detached objects without error, this has been restored; however a warning is now emitted as this is not the correct result. Other dynamic loader scenarios correctly raise ``DetachedInstanceError``. .. change:: :tags: bug, regression, sql :tickets: 6428 Fixed regression caused by the "empty in" change just made in :ticket:`6397` 1.4.12 where the expression needs to be parenthesized for the "not in" use case, otherwise the condition will interfere with the other filtering criteria. .. change:: :tags: bug, sql, regression :tickets: 6436 The :class:`.TypeDecorator` class will now emit a warning when used in SQL compilation with caching unless the ``.cache_ok`` flag is set to ``True`` or ``False``. A new class-level attribute :attr:`.TypeDecorator.cache_ok` may be set which will be used as an indication that all the parameters passed to the object are safe to be used as a cache key if set to ``True``, ``False`` means they are not. .. change:: :tags: engine, bug, regression :tickets: 6427 Established a deprecation path for calling upon the :meth:`_cursor.CursorResult.keys` method for a statement that returns no rows to provide support for legacy patterns used by the "records" package as well as any other non-migrated applications. Previously, this would raise :class:`.ResourceClosedException` unconditionally in the same way as it does when attempting to fetch rows. While this is the correct behavior going forward, the :class:`_cursor.LegacyCursorResult` object will now in this case return an empty list for ``.keys()`` as it did in 1.3, while also emitting a 2.0 deprecation warning. The :class:`_cursor.CursorResult`, used when using a 2.0-style "future" engine, will continue to raise as it does now. .. change:: :tags: usecase, engine, orm :tickets: 6288 Applied consistent behavior to the use case of calling ``.commit()`` or ``.rollback()`` inside of an existing ``.begin()`` context manager, with the addition of potentially emitting SQL within the block subsequent to the commit or rollback. This change continues upon the change first added in :ticket:`6155` where the use case of calling "rollback" inside of a ``.begin()`` contextmanager block was proposed: * calling ``.commit()`` or ``.rollback()`` will now be allowed without error or warning within all scopes, including that of legacy and future :class:`_engine.Engine`, ORM :class:`_orm.Session`, asyncio :class:`.AsyncEngine`. Previously, the :class:`_orm.Session` disallowed this. * The remaining scope of the context manager is then closed; when the block ends, a check is emitted to see if the transaction was already ended, and if so the block returns without action. * It will now raise **an error** if subsequent SQL of any kind is emitted within the block, **after** ``.commit()`` or ``.rollback()`` is called. The block should be closed as the state of the executable object would otherwise be undefined in this state. .. changelog:: ``` ### 1.4.13 ``` :released: May 3, 2021 .. change:: :tags: bug, regression, orm :tickets: 6410 Fixed regression in ``selectinload`` loader strategy that would cause it to cache its internal state incorrectly when handling relationships that join across more than one column, such as when using a composite foreign key. The invalid caching would then cause other unrelated loader operations to fail. .. change:: :tags: bug, orm, regression :tickets: 6414 Fixed regression where :meth:`_orm.Query.filter_by` would not work if the lead entity were a SQL function or other expression derived from the primary entity in question, rather than a simple entity or column of that entity. Additionally, improved the behavior of :meth:`_sql.Select.filter_by` overall to work with column expressions even in a non-ORM context. .. change:: :tags: bug, engine, regression :tickets: 6408 Restored a legacy transactional behavior that was inadvertently removed from the :class:`_engine.Connection` as it was never tested as a known use case in previous versions, where calling upon the :meth:`_engine.Connection.begin_nested` method, when no transaction is present, does not create a SAVEPOINT at all and instead starts an outer transaction, returning a :class:`.RootTransaction` object instead of a :class:`.NestedTransaction` object. This :class:`.RootTransaction` then will emit a real COMMIT on the database connection when committed. Previously, the 2.0 style behavior was present in all cases that would autobegin a transaction but not commit it, which is a behavioral change. When using a :term:`2.0 style` connection object, the behavior is unchanged from previous 1.4 versions; calling :meth:`_future.Connection.begin_nested` will "autobegin" the outer transaction if not already present, and then as instructed emit a SAVEPOINT, returning the :class:`.NestedTransaction` object. The outer transaction is committed by calling upon :meth:`_future.Connection.commit`, as is "commit-as-you-go" style usage. In non-"future" mode, while the old behavior is restored, it also emits a 2.0 deprecation warning as this is a legacy behavior. .. change:: :tags: bug, asyncio, regression :tickets: 6409 Fixed a regression introduced by :ticket:`6337` that would create an ``asyncio.Lock`` which could be attached to the wrong loop when instantiating the async engine before any asyncio loop was started, leading to an asyncio error message when attempting to use the engine under certain circumstances. .. change:: :tags: bug, orm, regression :tickets: 6419 Fixed regression where using :func:`_orm.selectinload` and :func:`_orm.subqueryload` to load a two-level-deep path would lead to an attribute error. .. change:: :tags: bug, orm, regression :tickets: 6420 Fixed regression where using the :func:`_orm.noload` loader strategy in conjunction with a "dynamic" relationship would lead to an attribute error as the noload strategy would attempt to apply itself to the dynamic loader. .. change:: :tags: usecase, postgresql :tickets: 6198 Add support for server side cursors in the pg8000 dialect for PostgreSQL. This allows use of the :paramref:`.Connection.execution_options.stream_results` option. .. changelog:: ``` ### 1.4.12 ``` :released: April 29, 2021 .. change:: :tags: bug, orm, regression, caching :tickets: 6391 Fixed critical regression where bound parameter tracking as used in the SQL caching system could fail to track all parameters for the case where the same SQL expression containing a parameter were used in an ORM-related query using a feature such as class inheritance, which was then embedded in an enclosing expression which would make use of that same expression multiple times, such as a UNION. The ORM would individually copy the individual SELECT statements as part of compilation with class inheritance, which then embedded in the enclosing statement would fail to accommodate for all parameters. The logic that tracks this condition has been adjusted to work for multiple copies of a parameter. .. change:: :tags: bug, sql :tickets: 6258, 6397 Revised the "EMPTY IN" expression to no longer rely upon using a subquery, as this was causing some compatibility and performance problems. The new approach for selected databases takes advantage of using a NULL-returning IN expression combined with the usual "1 != 1" or "1 = 1" expression appended by AND or OR. The expression is now the default for all backends other than SQLite, which still had some compatibility issues regarding tuple "IN" for older SQLite versions. Third party dialects can still override how the "empty set" expression renders by implementing a new compiler method ``def visit_empty_set_op_expr(self, type_, expand_op)``, which takes precedence over the existing ``def visit_empty_set_expr(self, element_types)`` which remains in place. .. change:: :tags: bug, orm :tickets: 6350 Fixed two distinct issues mostly affecting :class:`_hybrid.hybrid_property`, which would come into play under common mis-configuration scenarios that were silently ignored in 1.3, and now failed in 1.4, where the "expression" implementation would return a non :class:`_sql.ClauseElement` such as a boolean value. For both issues, 1.3's behavior was to silently ignore the mis-configuration and ultimately attempt to interpret the value as a SQL expression, which would lead to an incorrect query. * Fixed issue regarding interaction of the attribute system with hybrid_property, where if the ``__clause_element__()`` method of the attribute returned a non-:class:`_sql.ClauseElement` object, an internal ``AttributeError`` would lead the attribute to return the ``expression`` function on the hybrid_property itself, as the attribute error was against the name ``.expression`` which would invoke the ``__getattr__()`` method as a fallback. This now raises explicitly. In 1.3 the non-:class:`_sql.ClauseElement` was returned directly. * Fixed issue in SQL argument coercions system where passing the wrong kind of object to methods that expect column expressions would fail if the object were altogether not a SQLAlchemy object, such as a Python function, in cases where the object were not just coerced into a bound value. Again 1.3 did not have a comprehensive argument coercion system so this case would also pass silently. .. change:: :tags: bug, orm :tickets: 6378 Fixed issue where using a :class:`_sql.Select` as a subquery in an ORM context would modify the :class:`_sql.Select` in place to disable eagerloads on that object, which would then cause that same :class:`_sql.Select` to not eagerload if it were then re-used in a top-level execution context. .. change:: :tags: bug, regression, sql :tickets: 6343 Fixed regression where usage of the :func:`_sql.text` construct inside the columns clause of a :class:`_sql.Select` construct, which is better handled by using a :func:`_sql.literal_column` construct, would nonetheless prevent constructs like :func:`_sql.union` from working correctly. Other use cases, such as constructing subuqeries, continue to work the same as in prior versions where the :func:`_sql.text` construct is silently omitted from the collection of exported columns. Also repairs similar use within the ORM. .. change:: :tags: bug, regression, sql :tickets: 6261 Fixed regression involving legacy methods such as :meth:`_sql.Select.append_column` where internal assertions would fail. .. change:: :tags: usecase, sqlite :tickets: 6379 Default to using ``SingletonThreadPool`` for in-memory SQLite databases created using URI filenames. Previously the default pool used was the ``NullPool`` that precented sharing the same database between multiple engines. .. change:: :tags: bug, regression, sql :tickets: 6300 Fixed regression caused by :ticket:`5395` where tuning back the check for sequences in :func:`_sql.select` now caused failures when doing 2.0-style querying with a mapped class that also happens to have an ``__iter__()`` method. Tuned the check some more to accommodate this as well as some other interesting ``__iter__()`` scenarios. .. change:: :tags: bug, mssql, schema :tickets: 6345 Add :meth:`_types.TypeEngine.as_generic` support for :class:`sqlalchemy.dialects.mysql.BIT` columns, mapping them to :class:`_sql.sqltypes.Boolean`. .. change:: :tags: bug, orm, regression :tickets: 6360, 6359 Fixed issue where the new :ref:`autobegin <session_autobegin>` behavior failed to "autobegin" in the case where an existing persistent object has an attribute change, which would then impact the behavior of :meth:`_orm.Session.rollback` in that no snapshot was created to be rolled back. The "attribute modify" mechanics have been updated to ensure "autobegin", which does not perform any database work, does occur when persistent attributes change in the same manner as when :meth:`_orm.Session.add` is called. This is a regression as in 1.3, the rollback() method always had a transaction to roll back and would expire every time. .. change:: :tags: bug, mssql, regression :tickets: 6366 Fixed regression caused by :ticket:`6306` which added support for ``DateTime(timezone=True)``, where the previous behavior of the pyodbc driver of implicitly dropping the tzinfo from a timezone-aware date when INSERTing into a timezone-naive DATETIME column were lost, leading to a SQL Server error when inserting timezone-aware datetime objects into timezone-native database columns. .. change:: :tags: orm, bug, regression :tickets: 6386 Fixed regression in ORM where using hybrid property to indicate an expression from a different entity would confuse the column-labeling logic in the ORM and attempt to derive the name of the hybrid from that other class, leading to an attribute error. The owning class of the hybrid attribute is now tracked along with the name. .. change:: :tags: orm, bug, regression :tickets: 6401 Fixed regression in hybrid_property where a hybrid against a SQL function would generate an ``AttributeError`` when attempting to generate an entry for the ``.c`` collection of a subquery in some cases; among other things this would impact its use in cases like that of ``Query.count()``. .. change:: :tags: bug, postgresql :tickets: 6373 Fixed very old issue where the :class:`_types.Enum` datatype would not inherit the :paramref:`_schema.MetaData.schema` parameter of a :class:`_schema.MetaData` object when that object were passed to the :class:`_types.Enum` using :paramref:`_types.Enum.metadata`. .. change:: :tags: bug, orm, dataclasses :tickets: 6346 Adjusted the declarative scan for dataclasses so that the inheritance behavior of :func:`_orm.declared_attr` established on a mixin, when using the new form of having it inside of a ``dataclasses.field()`` construct and not actually a descriptor attribute on the class, correctly accommodates the case when the target class to be mapped is a subclass of an existing mapped class which has already mapped that :func:`_orm.declared_attr`, and therefore should not be re-applied to this class. .. change:: :tags: bug, schema, mysql, mariadb, oracle, postgresql :tickets: 6338 Ensure that the MySQL and MariaDB dialect ignore the :class:`_sql.Identity` construct while rendering the ``AUTO_INCREMENT`` keyword in a create table. The Oracle and PostgreSQL compiler was updated to not render :class:`_sql.Identity` if the database version does not support it (Oracle < 12 and PostgreSQL < 10). Previously it was rendered regardless of the database version. .. change:: :tags: bug, orm :tickets: 6353 Fixed an issue with the (deprecated in 1.4) :meth:`_schema.ForeignKeyConstraint.copy` method that caused an error when invoked with the ``schema`` argument. .. change:: :tags: bug, engine :tickets: 6361 Fixed issue where usage of an explicit :class:`.Sequence` would produce inconsistent "inline" behavior for an :class:`.Insert` construct that includes multiple values phrases; the first seq would be inline but subsequent ones would be "pre-execute", leading to inconsistent sequence ordering. The sequence expressions are now fully inline. .. changelog:: ``` ### 1.4.11 ``` :released: April 21, 2021 .. change:: :tags: bug, engine, regression :tickets: 6337 Fixed critical regression caused by the change in :ticket:`5497` where the connection pool "init" phase no longer occurred within mutexed isolation, allowing other threads to proceed with the dialect uninitialized, which could then impact the compilation of SQL statements. .. change:: :tags: bug, orm, regression, declarative :tickets: 6331 Fixed regression where recent changes to support Python dataclasses had the inadvertent effect that an ORM mapped class could not successfully override the ``__new__()`` method. .. changelog:: ``` ### 1.4.10 ``` :released: April 20, 2021 .. change:: :tags: bug, declarative, regression :tickets: 6291 Fixed :func:`_declarative.instrument_declarative` that called a non existing registry method. .. change:: :tags: bug, orm :tickets: 6320 Fixed bug in new :func:`_orm.with_loader_criteria` feature where using a mixin class with :func:`_orm.declared_attr` on an attribute that were accessed inside the custom lambda would emit a warning regarding using an unmapped declared attr, when the lambda callable were first initialized. This warning is now prevented using special instrumentation for this lambda initialization step. .. change:: :tags: usecase, mssql :tickets: 6306 The :paramref:`_types.DateTime.timezone` parameter when set to ``True`` will now make use of the ``DATETIMEOFFSET`` column type with SQL Server when used to emit DDL, rather than ``DATETIME`` where the flag was silently ignored. .. change:: :tags: orm, bug, regression :tickets: 6326 Fixed additional regression caused by the "eagerloaders on refresh" feature added in :ticket:`1763` where the refresh operation historically would set ``populate_existing``, which given the new feature now overwrites pending changes on eagerly loaded objects when autoflush is false. The populate_existing flag has been turned off for this case and a more specific method used to ensure the correct attributes refreshed. .. change:: :tags: bug, orm, result :tickets: 6299 Fixed an issue when using 2.0 style execution that prevented using :meth:`_result.Result.scalar_one` or :meth:`_result.Result.scalar_one_or_none` after calling :meth:`_result.Result.unique`, for the case where the ORM is returning a single-element row in any case. .. change:: :tags: bug, sql :tickets: 6327 Fixed issue in SQL compiler where the bound parameters set up for a :class:`.Values` construct wouldn't be positionally tracked correctly if inside of a :class:`_sql.CTE`, affecting database drivers that support VALUES + ctes and use positional parameters such as SQL Server in particular as well as asyncpg. The fix also repairs support for compiler flags such as ``literal_binds``. .. change:: :tags: bug, schema :tickets: 6287 Fixed issue where :func:`_functions.next_value` was not deriving its type from the corresponding :class:`_schema.Sequence`, instead hardcoded to :class:`_types.Integer`. The specific numeric type is now used. .. change:: :tags: bug, mypy :tickets: 6255 Fixed issue where mypy plugin would not correctly interpret an explicit :class:`_orm.Mapped` annotation in conjunction with a :func:`_orm.relationship` that refers to a class by string name; the correct annotation would be downgraded to a less specific one leading to typing errors. .. change:: :tags: bug, sql :tickets: 6256 Repaired and solidified issues regarding custom functions and other arbitrary expression constructs which within SQLAlchemy's column labeling mechanics would seek to use ``str(obj)`` to get a string representation to use as an anonymous column name in the ``.c`` collection of a subquery. This is a very legacy behavior that performs poorly and leads to lots of issues, so has been revised to no longer perform any compilation by establishing specific methods on :class:`.FunctionElement` to handle this case, as SQL functions are the only use case that it came into play. An effect of this behavior is that an unlabeled column expression with no derivable name will be given an arbitrary label starting with the prefix ``"_no_label"`` in the ``.c`` collection of a subquery; these were previously being represented either as the generic stringification of that expression, or as an internal symbol. .. change:: :tags: usecase, orm :ticketS: 6301 Altered some of the behavior repaired in :ticket:`6232` where the ``immediateload`` loader strategy no longer goes into recursive loops; the modification is that an eager load (joinedload, selectinload, or subqueryload) from A->bs->B which then states ``immediateload`` for a simple manytoone B->a->A that's in the identity map will populate the B->A, so that this attribute is back-populated when the collection of A/A.bs are loaded. This allows the objects to be functional when detached. .. changelog:: ``` ### 1.4.9 ``` :released: April 17, 2021 .. change:: :tags: bug, sql, regression :tickets: 6290 Fixed regression where an empty in statement on a tuple would result in an error when compiled with the option ``literal_binds=True``. .. change:: :tags: bug, regression, orm, performance, sql :tickets: 6304 Fixed a critical performance issue where the traversal of a :func:`_sql.select` construct would traverse a repetitive product of the represented FROM clauses as they were each referred towards by columns in the columns clause; for a series of nested subqueries with lots of columns this could cause a large delay and significant memory growth. This traversal is used by a wide variety of SQL and ORM functions, including by the ORM :class:`_orm.Session` when it's configured to have "table-per-bind", which while this is not a common use case, it seems to be what Flask-SQLAlchemy is hardcoded as using, so the issue impacts Flask-SQLAlchemy users. The traversal has been repaired to uniqify on FROM clauses which was effectively what would happen implicitly with the pre-1.4 architecture. .. change:: :tags: bug, postgresql, sql, regression :tickets: 6303 Fixed an argument error in the default and PostgreSQL compilers that would interfere with an UPDATE..FROM or DELETE..FROM..USING statement that was then SELECTed from as a CTE. .. change:: :tags: bug, orm, regression :tickets: 6272 Fixed regression where an attribute that is mapped to a :func:`_orm.synonym` could not be used in column loader options such as :func:`_orm.load_only`. .. change:: :tags: usecase, orm :tickets: 6267 Established support for :func:`_orm.synoynm` in conjunction with hybrid property, assocaitionproxy is set up completely, including that synonyms can be established linking to these constructs which work fully. This is a behavior that was semi-explicitly disallowed previously, however since it did not fail in every scenario, explicit support for assoc proxy and hybrids has been added. .. changelog:: ``` ### 1.4.8 ``` :released: April 15, 2021 .. change:: :tags: change, mypy Updated Mypy plugin to only use the public plugin interface of the semantic analyzer. .. change:: :tags: bug, mssql, regression :tickets: 6265 Fixed an additional regression in the same area as that of :ticket:`6173`, :ticket:`6184`, where using a value of 0 for OFFSET in conjunction with LIMIT with SQL Server would create a statement using "TOP", as was the behavior in 1.3, however due to caching would then fail to respond accordingly to other values of OFFSET. If the "0" wasn't first, then it would be fine. For the fix, the "TOP" syntax is now only emitted if the OFFSET value is omitted entirely, that is, :meth:`_sql.Select.offset` is not used. Note that this change now requires that if the "with_ties" or "percent" modifiers are used, the statement can't specify an OFFSET of zero, it now needs to be omitted entirely. .. change:: :tags: bug, engine The :meth:`_engine.Dialect.has_table` method now raises an informative exception if a non-Connection is passed to it, as this incorrect behavior seems to be common. This method is not intended for external use outside of a dialect. Please use the :meth:`.Inspector.has_table` method or for cross-compatibility with older SQLAlchemy versions, the :meth:`_engine.Engine.has_table` method. .. change:: :tags: bug, regression, sql :tickets: 6249 Fixed regression where the :class:`_sql.BindParameter` object would not properly render for an IN expression (i.e. using the "post compile" feature in 1.4) if the object were copied from either an internal cloning operation, or from a pickle operation, and the parameter name contained spaces or other special characters. .. change:: :tags: bug, mypy :tickets: 6205 Revised the fix for ``OrderingList`` from version 1.4.7 which was testing against the incorrect API. .. change:: :tags: bug, asyncio :tickets: 6220 Fix typo that prevented setting the ``bind`` attribute of an :class:`_asyncio.AsyncSession` to the correct value. .. change:: :tags: feature, sql :tickets: 3314 The tuple returned by :attr:`.CursorResult.inserted_primary_key` is now a :class:`_result.Row` object with a named tuple interface on top of the existing tuple interface. .. change:: :tags: bug, regression, sql, sqlite :tickets: 6254 Fixed regression where the introduction of the INSERT syntax "INSERT... VALUES (DEFAULT)" was not supported on some backends that do however support "INSERT..DEFAULT VALUES", including SQLite. The two syntaxes are now each individually supported or non-supported for each dialect, for example MySQL supports "VALUES (DEFAULT)" but not "DEFAULT VALUES". Support for Oracle has also been enabled. .. change:: :tags: bug, regression, orm :tickets: 6259 Fixed a cache leak involving the :func:`_orm.with_expression` loader option, where the given SQL expression would not be correctly considered as part of the cache key. Additionally, fixed regression involving the corresponding :func:`_orm.query_expression` feature. While the bug technically exists in 1.3 as well, it was not exposed until 1.4. The "default expr" value of ``null()`` would be rendered when not needed, and additionally was also not adapted correctly when the ORM rewrites statements such as when using joined eager loading. The fix ensures "singleton" expressions like ``NULL`` and ``true`` aren't "adapted" to refer to columns in ORM statements, and additionally ensures that a :func:`_orm.query_expression` with no default expression doesn't render in the statement if a :func:`_orm.with_expression` isn't used. .. change:: :tags: bug, orm :tickets: 6252 Fixed issue in the new feature of :meth:`_orm.Session.refresh` introduced by :ticket:`1763` where eagerly loaded relationships are also refreshed, where the ``lazy="raise"`` and ``lazy="raise_on_sql"`` loader strategies would interfere with the :func:`_orm.immediateload` loader strategy, thus breaking the feature for relationships that were loaded with :func:`_orm.selectinload`, :func:`_orm.subqueryload` as well. .. changelog:: ``` ### 1.4.7 ``` :released: April 9, 2021 .. change:: :tags: bug, sql, regression :tickets: 6222 Enhanced the "expanding" feature used for :meth:`_sql.ColumnOperators.in_` operations to infer the type of expression from the right hand list of elements, if the left hand side does not have any explicit type set up. This allows the expression to support stringification among other things. In 1.3, "expanding" was not automatically used for :meth:`_sql.ColumnOperators.in_` expressions, so in that sense this change fixes a behavioral regression. .. change:: :tags: bug, mypy Fixed issue in Mypy plugin where the plugin wasn’t inferring the correct type for columns of subclasses that don’t directly descend from ``TypeEngine``, in particular that of ``TypeDecorator`` and ``UserDefinedType``. .. change:: :tags: bug, orm, regression :tickets: 6221 Fixed regression where the :func:`_orm.subqueryload` loader strategy would fail to correctly accommodate sub-options, such as a :func:`_orm.defer` option on a column, if the "path" of the subqueryload were more than one level deep. .. change:: :tags: bug, sql Fixed the "stringify" compiler to support a basic stringification of a "multirow" INSERT statement, i.e. one with multiple tuples following the VALUES keyword. .. change:: :tags: bug, orm, regression :tickets: 6211 Fixed regression where the :func:`_orm.merge_frozen_result` function relied upon by the dogpile.caching example was not included in tests and began failing due to incorrect internal arguments. .. change:: :tags: bug, engine, regression :tickets: 6218 Fixed up the behavior of the :class:`_result.Row` object when dictionary access is used upon it, meaning converting to a dict via ``dict(row)`` or accessing members using strings or other objects i.e. ``row["some_key"]`` works as it would with a dictionary, rather than raising ``TypeError`` as would be the case with a tuple, whether or not the C extensions are in place. This was originally supposed to emit a 2.0 deprecation warning for the "non-future" case using :class:`_result.LegacyRow`, and was to raise ``TypeError`` for the "future" :class:`_result.Row` class. However, the C version of :class:`_result.Row` was failing to raise this ``TypeError``, and to complicate matters, the :meth:`_orm.Session.execute` method now returns :class:`_result.Row` in all cases to maintain consistency with the ORM result case, so users who didn't have C extensions installed would see different behavior in this one case for existing pre-1.4 style code. Therefore, in order to soften the overall upgrade scheme as most users have not been exposed to the more strict behavior of :class:`_result.Row` up through 1.4.6, :class:`_result.LegacyRow` and :class:`_result.Row` both provide for string-key access as well as support for ``dict(row)``, in all cases emitting the 2.0 deprecation warning when ``SQLALCHEMY_WARN_20`` is enabled. The :class:`_result.Row` object still uses tuple-like behavior for ``__contains__``, which is probably the only noticeable behavioral change compared to :class:`_result.LegacyRow`, other than the removal of dictionary-style methods ``values()`` and ``items()``. .. change:: :tags: bug, regression, orm :tickets: 6233 Fixed critical regression where the :class:`_orm.Session` could fail to "autobegin" a new transaction when a flush occurred without an existing transaction in place, implicitly placing the :class:`_orm.Session` into legacy autocommit mode which commit the transaction. The :class:`_orm.Session` now has a check that will prevent this condition from occurring, in addition to repairing the flush issue. Additionally, scaled back part of the change made as part of :ticket:`5226` which can run autoflush during an unexpire operation, to not actually do this in the case of a :class:`_orm.Session` using legacy :paramref:`_orm.Session.autocommit` mode, as this incurs a commit within a refresh operation. .. change:: :tags: change, tests Added a new flag to :class:`.DefaultDialect` called ``supports_schemas``; third party dialects may set this flag to ``False`` to disable SQLAlchemy's schema-level tests when running the test suite for a third party dialect. .. change:: :tags: bug, regression, schema :tickets: 6216 Fixed regression where usage of a token in the :paramref:`_engine.Connection.execution_options.schema_translate_map` dictionary which contained special characters such as braces would fail to be substituted properly. Use of square bracket characters ``[]`` is now explicitly disallowed as these are used as a delimiter character in the current implementation. .. change:: :tags: bug, regression, orm :tickets: 6215 Fixed regression where the ORM compilation scheme would assume the function name of a hybrid property would be the same as the attribute name in such a way that an ``AttributeError`` would be raised, when it would attempt to determine the correct name for each element in a result tuple. A similar issue exists in 1.3 but only impacts the names of tuple rows. The fix here adds a check that the hybrid's function name is actually present in the ``__dict__`` of the class or its superclasses before assigning this name; otherwise, the hybrid is considered to be "unnamed" and ORM result tuples will use the naming scheme of the underlying expression. .. change:: :tags: bug, orm, regression :tickets: 6232 Fixed critical regression caused by the new feature added as part of :ticket:`1763`, eager loaders are invoked on unexpire operations. The new feature makes use of the "immediateload" eager loader strategy as a substitute for a collection loading strategy, which unlike the other "post-load" strategies was not accommodating for recursive invocations between mutually-dependent relationships, leading to recursion overflow errors. .. changelog:: ``` ### 1.4.6 ``` :released: April 6, 2021 .. change:: :tags: bug, sql, regression, oracle, mssql :tickets: 6202 Fixed further regressions in the same area as that of :ticket:`6173` released in 1.4.5, where a "postcompile" parameter, again most typically those used for LIMIT/OFFSET rendering in Oracle and SQL Server, would fail to be processed correctly if the same parameter rendered in multiple places in the statement. .. change:: :tags: bug, orm, regression :tickets: 6203 Fixed regression where a deprecated form of :meth:`_orm.Query.join` were used, passing a series of entities to join from without any ON clause in a single :meth:`_orm.Query.join` call, would fail to function correctly. .. change:: :tags: bug, mypy :tickets: 6147 Applied a series of refactorings and fixes to accommodate for Mypy "incremental" mode across multiple files, which previously was not taken into account. In this mode the Mypy plugin has to accommodate Python datatypes expressed in other files coming in with less information than they have on a direct run. Additionally, a new decorator :func:`_orm.declarative_mixin` is added, which is necessary for the Mypy plugin to be able to definifitely identify a Declarative mixin class that is otherwise not used inside a particular Python file. .. seealso:: :ref:`mypy_declarative_mixins` .. change:: :tags: bug, mypy :tickets: 6205 Fixed issue where the Mypy plugin would fail to interpret the "collection_class" of a relationship if it were a callable and not a class. Also improved type matching and error reporting for collection-oriented relationships. .. change:: :tags: bug, sql :tickets: 6204 Executing a :class:`_sql.Subquery` using :meth:`_engine.Connection.execute` is deprecated and will emit a deprecation warning; this use case was an oversight that should have been removed from 1.4. The operation will now execute the underlying :class:`_sql.Select` object directly for backwards compatibility. Similarly, the :class:`_sql.CTE` class is also not appropriate for execution. In 1.3, attempting to execute a CTE would result in an invalid "blank" SQL statement being executed; since this use case was not working it now raises :class:`_exc.ObjectNotExecutableError`. Previously, 1.4 was attempting to execute the CTE as a statement however it was working only erratically. .. change:: :tags: bug, regression, orm :tickets: 6206 Fixed critical regression where the :meth:`_orm.Query.yield_per` method in the ORM would set up the internal :class:`_engine.Result` to yield chunks at a time, however made use of the new :meth:`_engine.Result.unique` method which uniques across the entire result. This would lead to lost rows since the ORM is using ``id(obj)`` as the uniquing function, which leads to repeated identifiers for new objects as already-seen objects are garbage collected. 1.3's behavior here was to "unique" across each chunk, which does not actually produce "uniqued" results when results are yielded in chunks. As the :meth:`_orm.Query.yield_per` method is already explicitly disallowed when joined eager loading is in place, which is the primary rationale for the "uniquing" feature, the "uniquing" feature is now turned off entirely when :meth:`_orm.Query.yield_per` is used. This regression only applies to the legacy :class:`_orm.Query` object; when using :term:`2.0 style` execution, "uniquing" is not automatically applied. To prevent the issue from arising from explicit use of :meth:`_engine.Result.unique`, an error is now raised if rows are fetched from a "uniqued" ORM-level :class:`_engine.Result` if any :ref:`yield per <orm_queryguide_yield_per>` API is also in use, as the purpose of ``yield_per`` is to allow for arbitrarily large numbers of rows, which cannot be uniqued in memory without growing the number of entries to fit the complete result size. .. change:: :tags: usecase, asyncio, postgresql :tickets: 6199 Added accessors ``.sqlstate`` and synonym ``.pgcode`` to the ``.orig`` attribute of the SQLAlchemy exception class raised by the asyncpg DBAPI adapter, that is, the intermediary exception object that wraps on top of that raised by the asyncpg library itself, but below the level of the SQLAlchemy dialect. .. changelog:: ``` ### 1.4.5 ``` :released: April 2, 2021 .. change:: :tags: bug, sql, postgresql :tickets: 6183 Fixed bug in new :meth:`_functions.FunctionElement.render_derived` feature where column names rendered out explicitly in the alias SQL would not have proper quoting applied for case sensitive names and other non-alphanumeric names. .. change:: :tags: bug, regression, orm :tickets: 6172 Fixed regression where the :func:`_orm.joinedload` loader strategy would not successfully joinedload to a mapper that is mapper against a :class:`.CTE` construct. .. change:: :tags: bug, regression, sql :tickets: 6181 Fixed regression where use of the :meth:`.Operators.in_` method with a :class:`_sql.Select` object against a non-table-bound column would produce an ``AttributeError``, or more generally using a :class:`_sql.ScalarSelect` that has no datatype in a binary expression would produce invalid state. .. change:: :tags: bug, mypy :tickets: sqlalchemy/sqlalchemy2-stubs/14 Fixed issue in mypy plugin where newly added support for :func:`_orm.as_declarative` needed to more fully add the ``DeclarativeMeta`` class to the mypy interpreter's state so that it does not result in a name not found error; additionally improves how global names are setup for the plugin including the ``Mapped`` name. .. change:: :tags: bug, mysql, regression :tickets: 6163 Fixed regression in the MySQL dialect where the reflection query used to detect if a table exists would fail on very old MySQL 5.0 and 5.1 versions. .. change:: :tags: bug, sql :tickets: 6184 Added a new flag to the :class:`_engine.Dialect` class called :at