Bump flask from 0.12.3 to 1.0.3

[dependabot-preview[bot]]

Bumps flask from 0.12.3 to 1.0.3.

Release notes

*Sourced from [flask's releases](https://github.com/pallets/flask/releases).* > ## 1.0.2 > This release includes bug fixes and minor changes since 1.0.1. See the [changelog](http://flask.pocoo.org/docs/changelog/#version-1-0-2) for details. > > > Install or Upgrade > ------------------- > > Install from [PyPI](https://pypi.org/project/Flask/1.0.1/) with pip: > > pip install -U Flask > > ## 1.0.1 > This release includes bug fixes and minor changes since 1.0. See the [changelog](http://flask.pocoo.org/docs/changelog/#version-1-0-1) for details. > > > Install or Upgrade > ------------------- > > Install from [PyPI](https://pypi.org/project/Flask/1.0.1/) with pip: > > pip install -U Flask > > ## 1.0 > The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/ > > There are over a year's worth of changes in this release. Many features have been improved or changed. [Read the changelog](http://flask.pocoo.org/docs/1.0/changelog/) to understand how your project's code will be affected. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Install or Upgrade > ------------------- > > Install from [PyPI](https://pypi.org/project/Flask/) with pip: > > pip install -U Flask > > ## 0.12.4 > This is a repackage of [0.12.3](https://github.com/pallets/flask/releases/0.12.3) to fix an issue with how the package was built. > > > Upgrade > -------- > > ... (truncated)

Changelog

*Sourced from [flask's changelog](https://github.com/pallets/flask/blob/master/CHANGES.rst).* > Version 1.0.3 > ============= > > Released 2019-05-17 > > - send\_file encodes filenames as ASCII instead of Latin-1 (ISO-8859-1). This fixes compatibility with Gunicorn, which is stricter about header encodings than PEP 3333. ([\#2766](https://github-redirect.dependabot.com/pallets/flask/issues/2766)) > - Allow custom CLIs using `FlaskGroup` to set the debug flag without it always being overwritten based on environment variables. ([\#2765](https://github-redirect.dependabot.com/pallets/flask/pull/2765)) > - `flask --version` outputs Werkzeug's version and simplifies the Python version. ([\#2825](https://github-redirect.dependabot.com/pallets/flask/pull/2825)) > - send\_file handles an `attachment_filename` that is a native Python 2 string (bytes) with UTF-8 coded bytes. ([\#2933](https://github-redirect.dependabot.com/pallets/flask/issues/2933)) > - A catch-all error handler registered for `HTTPException` will not handle `RoutingException`, which is used internally during routing. This fixes the unexpected behavior that had been introduced in 1.0. ([\#2986](https://github-redirect.dependabot.com/pallets/flask/pull/2986)) > - Passing the `json` argument to `app.test_client` does not push/pop an extra app context. ([\#2900](https://github-redirect.dependabot.com/pallets/flask/issues/2900)) > > Version 1.0.2 > ============= > > Released 2018-05-02 > > - Fix more backwards compatibility issues with merging slashes between a blueprint prefix and route. ([\#2748](https://github-redirect.dependabot.com/pallets/flask/pull/2748)) > - Fix error with `flask routes` command when there are no routes. ([\#2751](https://github-redirect.dependabot.com/pallets/flask/issues/2751)) > > Version 1.0.1 > ============= > > Released 2018-04-29 > > - Fix registering partials (with no `__name__`) as view functions. ([\#2730](https://github-redirect.dependabot.com/pallets/flask/pull/2730)) > - Don't treat lists returned from view functions the same as tuples. Only tuples are interpreted as response data. ([\#2736](https://github-redirect.dependabot.com/pallets/flask/issues/2736)) > - Extra slashes between a blueprint's `url_prefix` and a route URL are merged. This fixes some backwards compatibility issues with the change in 1.0. ([\#2731](https://github-redirect.dependabot.com/pallets/flask/issues/2731), [\#2742](https://github-redirect.dependabot.com/pallets/flask/issues/2742)) > - Only trap `BadRequestKeyError` errors in debug mode, not all `BadRequest` errors. This allows `abort(400)` to continue working as expected. ([\#2735](https://github-redirect.dependabot.com/pallets/flask/issues/2735)) > - The `FLASK_SKIP_DOTENV` environment variable can be set to `1` to skip automatically loading dotenv files. ([\#2722](https://github-redirect.dependabot.com/pallets/flask/issues/2722)) > > Version 1.0 > =========== > > Released 2018-04-26 > > - **Python 2.6 and 3.3 are no longer supported.** ([pallets/meta\#24](https://github-redirect.dependabot.com/pallets/meta/issues/24)) > - Bump minimum dependency versions to the latest stable versions: Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1. ([\#2586](https://github-redirect.dependabot.com/pallets/flask/issues/2586)) > - Skip app.run <Flask.run> when a Flask application is run from the command line. This avoids some behavior that was confusing to debug. > - Change the default for JSONIFY\_PRETTYPRINT\_REGULAR to `False`. \~json.jsonify returns a compact format by default, and an indented format in debug mode. ([\#2193](https://github-redirect.dependabot.com/pallets/flask/pull/2193)) > - Flask.\_\_init\_\_ <Flask> accepts the `host_matching` argument and sets it on \~Flask.url\_map. ([\#1559](https://github-redirect.dependabot.com/pallets/flask/issues/1559)) > - Flask.\_\_init\_\_ <Flask> accepts the `static_host` argument and passes it as the `host` argument when defining the static route. ([\#1559](https://github-redirect.dependabot.com/pallets/flask/issues/1559)) > - send\_file supports Unicode in `attachment_filename`. ([\#2223](https://github-redirect.dependabot.com/pallets/flask/pull/2223)) > - Pass `_scheme` argument from url\_for to \~Flask.handle\_url\_build\_error. ([\#2017](https://github-redirect.dependabot.com/pallets/flask/pull/2017)) > - \~Flask.add\_url\_rule accepts the `provide_automatic_options` argument to disable adding the `OPTIONS` method. ([\#1489](https://github-redirect.dependabot.com/pallets/flask/pull/1489)) > - \~views.MethodView subclasses inherit method handlers from base classes. ([\#1936](https://github-redirect.dependabot.com/pallets/flask/pull/1936)) > - Errors caused while opening the session at the beginning of the request are handled by the app's error handlers. ([\#2254](https://github-redirect.dependabot.com/pallets/flask/pull/2254)) > - Blueprints gained \~Blueprint.json\_encoder and \~Blueprint.json\_decoder attributes to override the app's encoder and decoder. ([\#1898](https://github-redirect.dependabot.com/pallets/flask/pull/1898)) > - Flask.make\_response raises `TypeError` instead of `ValueError` for bad response types. The error messages have been improved to describe why the type is invalid. ([\#2256](https://github-redirect.dependabot.com/pallets/flask/pull/2256)) > - Add `routes` CLI command to output routes registered on the application. ([\#2259](https://github-redirect.dependabot.com/pallets/flask/pull/2259)) > ... (truncated)

Commits

- [`99660cc`](https://github.com/pallets/flask/commit/99660cc40984015cbbcd27d1cdc19376b2536443) release version 1.0.3 - [`3dc84ec`](https://github.com/pallets/flask/commit/3dc84ec4609de0c08fd159ebe991453309952fa8) Merge pull request [#3206](https://github-redirect.dependabot.com/pallets/flask/issues/3206) from pallets/test-client-json - [`a4f0f19`](https://github.com/pallets/flask/commit/a4f0f197962b27a002c45f5e27b13a8d4a27ee63) don't push app context for test client json - [`f2c8540`](https://github.com/pallets/flask/commit/f2c854060adf021347a6c4217fdb06a77a38bf58) Merge pull request [#3169](https://github-redirect.dependabot.com/pallets/flask/issues/3169) from DamianSkrzypczak/3168-improve-warning-about-dev... - [`e2f4b53`](https://github.com/pallets/flask/commit/e2f4b53396f4676978f86492dae5d3952446df89) Fix dev-server warning message readability ([#3168](https://github-redirect.dependabot.com/pallets/flask/issues/3168)) - [`ab3f922`](https://github.com/pallets/flask/commit/ab3f92253388df031d2947a5a76c980cba7cb694) Merge pull request [#3154](https://github-redirect.dependabot.com/pallets/flask/issues/3154) from brunoais/more-explicit-session-transaction - [`6142aa6`](https://github.com/pallets/flask/commit/6142aa64ae4d0957d735b6b86c5abe15fea06504) More explicit explanation: session testing - [`55801b5`](https://github.com/pallets/flask/commit/55801b5653bd5c290b10731c80bc15456e261217) Merge pull request [#3166](https://github-redirect.dependabot.com/pallets/flask/issues/3166) from mekarpeles/refactor/unused-url_join - [`ac78da0`](https://github.com/pallets/flask/commit/ac78da0bb02fc5c07c896a77d3fc2b32e7924407) removed unused reference to url_join - [`814a7ea`](https://github.com/pallets/flask/commit/814a7ea96f1f0aa124537cee98fed0955ebbf6c4) Merge pull request [#3204](https://github-redirect.dependabot.com/pallets/flask/issues/3204) from pallets/azure - Additional commits viewable in [compare view](https://github.com/pallets/flask/compare/0.12.3...1.0.3)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #7.