Follow our blog, Twitter, or GitHub to see future announcements.
This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.
Re-add the filename parameter in send_from_directory. The filename parameter has been renamed to path, the old name is deprecated. 4019
Mark top-level names as exported so type checking understands imports in user projects. 4024
Fix type annotation for g and inform mypy that it is a namespace object that has arbitrary attributes. 4020
Fix some types that weren't available in Python 3.6.0. 4040
Improve typing for send_file, send_from_directory, and get_send_file_max_age. 4044, 4026
Show an error when a blueprint name contains a dot. The . has special meaning, it is used to separate (nested) blueprint names and the endpoint name. 4041
Combine URL prefixes when nesting blueprints that were created with a url_prefix value. 4037
Roll back a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. 4053
Re-add deprecated Config.from_json, which was accidentally removed early. 4078
Improve typing for some functions using Callable in their type signatures, focusing on decorator factories. 4060
Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. 4069
register_blueprint takes a name option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for url_for. Registering the same blueprint with the same name multiple times is deprecated. 1091
Improve typing for stream_with_context. 4052
Version 2.0.0
Released 2021-05-11
Drop support for Python 2 and 3.5.
Bump minimum versions of other Pallets projects: Werkzeug >= 2, Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
JSON support no longer uses simplejson. To use another JSON module, override app.json_encoder and json_decoder. 3555
The encoding option to JSON functions is deprecated. 3562
Passing script_info to app factory functions is deprecated. This was not portable outside the flask command. Use click.get_current_context().obj if it's needed. 3552
The CLI shows better error messages when the app failed to load when looking up commands. 2741
Add sessions.SessionInterface.get_cookie_name to allow setting the session cookie name dynamically. 3369
Add Config.from_file to load config using arbitrary file loaders, such as toml.load or json.load. Config.from_json is deprecated in favor of this. 3398
The flask run command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. 3431
send_file raises a ValueError when passed an io object in text mode. Previously, it would respond with 200 OK and an empty file. 3358
When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. 3492
When specifying a factory function with FLASK_APP, keyword argument can be passed. 3553
When loading a .env or .flaskenv file, the current working directory is no longer changed to the location of the file. 3560
When returning a (response, headers) tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the Content-Type for jsonify(). Use response.headers.extend() if extending is desired. 3628
The Scaffold class provides a common API for the Flask and Blueprint classes. Blueprint information is stored in attributes just like Flask, rather than opaque lambda functions. This is intended to improve consistency and maintainability. 3215
Include samesite and secure options when removing the session cookie. 3726
Support passing a pathlib.Path to static_folder. 3579
send_file and send_from_directory are wrappers around the implementations in werkzeug.utils. 3828
Some send_file parameters have been renamed, the old names are deprecated. attachment_filename is renamed to download_name. cache_timeout is renamed to max_age. add_etags is renamed to etag. 3828, 3883
send_file passes download_name even if as_attachment=False by using Content-Disposition: inline. 3828
send_file sets conditional=True and max_age=None by default. Cache-Control is set to no-cache if max_age is not set, otherwise public. This tells browsers to validate conditional requests instead of using a timed cache. 3828
helpers.safe_join is deprecated. Use werkzeug.utils.safe_join instead. 3828
The request context does route matching before opening the session. This could allow a session interface to change behavior based on request.endpoint. 3776
Use Jinja's implementation of the |tojson filter. 3881
Add route decorators for common HTTP methods. For example, @app.post("/login") is a shortcut for @app.route("/login", methods=["POST"]). 3907
Support async views, error handlers, before and after request, and teardown functions. 3412
... (truncated)
Commits
bc90801 Merge pull request #4091 from pallets/release-2.0.1
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot will not automatically merge this PR because it includes a major update to a production dependency.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps flask from 1.1.2 to 2.0.1.
Release notes
Sourced from flask's releases.
Changelog
Sourced from flask's changelog.
... (truncated)
Commits
bc90801
Merge pull request #4091 from pallets/release-2.0.1fe2d744
release version 2.0.19f606a8
Merge pull request #4090 from pallets/stream-type7ab934f
improve typing forstream_with_context
6b1c4e9
Merge pull request #4087 from greyli/gitignore255461d
Merge pull request #4074 from pgjones/bp3257b75
Fix blueprint renaming714b0a4
Fix blueprint self registration9409be6
warn when registering same blueprint with same name63b3067
changelog for blueprint registered nameDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot will not automatically merge this PR because it includes a major update to a production dependency.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)