search

maxcountryman / flask-login

Flask user session management.
https://flask-login.readthedocs.io/
MIT License
3.59k stars 803 forks source link

Running with werkzeug 3.0.2 doesn't work. #858

Closed HugoNikanor closed 6 months ago

HugoNikanor commented 6 months ago

flask login fails when trying to import url_quote from werkzeug 3.0.2. Downgrading to the latest 2.x.x version (2.3.8) however works.

This uses flask-login 0.6.3, installed through pip at 2024-05-20. See attached trace.

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/home/hugo/code/mu4web/mu4web/__main__.py", line 8, in <module>
    from .main import app
  File "/home/hugo/code/mu4web/mu4web/main.py", line 9, in <module>
    from flask_login import (
  File "/home/hugo/code/mu4web/venv/lib/python3.12/site-packages/flask_login/__init__.py", line 12, in <module>
    from .login_manager import LoginManager
  File "/home/hugo/code/mu4web/venv/lib/python3.12/site-packages/flask_login/login_manager.py", line 5, in <module>
    from flask import _request_ctx_stack
  File "/home/hugo/code/mu4web/venv/lib/python3.12/site-packages/flask/__init__.py", line 5, in <module>
    from .app import Flask as Flask
  File "/home/hugo/code/mu4web/venv/lib/python3.12/site-packages/flask/app.py", line 30, in <module>
    from werkzeug.urls import url_quote
ImportError: cannot import name 'url_quote' from 'werkzeug.urls' (/home/hugo/code/mu4web/venv/lib/python3.12/site-packages/werkzeug/urls.py). Did you mean: 'unquote'?
mchineboy commented 6 months ago

+1 Werzeug 2.3.8 has a nasty vulnerability. Can we get this fixed?

davidism commented 6 months ago

Looks like you have an older version of Flask installed. Update Flask. The latest version of Flask-Login does pass all tests with the latest version of Flask and Werkzeug.