Flask (and other Pallets projects) don't pin/lock up versions, which is arguably a commonly accepted approach, but that means that all Flask users will need to do this to ensure future pip installs don't fail:
So, it looks like we might have to do the pinning ourselves.
Of course, that means having the risk of current packages not being compatible with future OS/Python releases (for example, with different manylinux versions, or any binary packages that might specify cp3x compatibility instead of the generic abi3).
As partially done in this PR, which we only noticed because we were building Mu after Flask/Werkzeug v3 were released: https://github.com/mu-editor/mu/pull/2465
Flask (and other Pallets projects) don't pin/lock up versions, which is arguably a commonly accepted approach, but that means that all Flask users will need to do this to ensure future pip installs don't fail:
More than that, Pallets often pushes breaking changes in "minor" releases, as they don't follow semver: https://blog.miguelgrinberg.com/post/some-more-to-talk-about-flask
So, it looks like we might have to do the pinning ourselves.
Of course, that means having the risk of current packages not being compatible with future OS/Python releases (for example, with different manylinux versions, or any binary packages that might specify
cp3xcompatibility instead of the genericabi3).