pallets/flask (flask)
### [`v3.1.0`](https://redirect.github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-310)
[Compare Source](https://redirect.github.com/pallets/flask/compare/3.0.3...3.1.0)
Released 2024-11-13
- Drop support for Python 3.8. :pr:`5623`
- Update minimum dependency versions to latest feature releases.
Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:`5624,5633`
- Provide a configuration option to control automatic option
responses. :pr:`5496`
- `Flask.open_resource`/`open_instance_resource` and
`Blueprint.open_resource` take an `encoding` parameter to use when
opening in text mode. It defaults to `utf-8`. :issue:`5504`
- `Request.max_content_length` can be customized per-request instead of only
through the `MAX_CONTENT_LENGTH` config. Added
`MAX_FORM_MEMORY_SIZE` and `MAX_FORM_PARTS` config. Added documentation
about resource limits to the security page. :issue:`5625`
- Add support for the `Partitioned` cookie attribute (CHIPS), with the
`SESSION_COOKIE_PARTITIONED` config. :issue:`5472`
- `-e path` takes precedence over default `.env` and `.flaskenv` files.
`load_dotenv` loads default files in addition to a path unless
`load_defaults=False` is passed. :issue:`5628`
- Support key rotation with the `SECRET_KEY_FALLBACKS` config, a list of old
secret keys that can still be used for unsigning. Extensions will need to
add support. :issue:`5621`
- Fix how setting `host_matching=True` or `subdomain_matching=False`
interacts with `SERVER_NAME`. Setting `SERVER_NAME` no longer restricts
requests to only that domain. :issue:`5553`
- `Request.trusted_hosts` is checked during routing, and can be set through
the `TRUSTED_HOSTS` config. :issue:`5636`
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==3.0.3
->==3.1.0
Release Notes
pallets/flask (flask)
### [`v3.1.0`](https://redirect.github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-310) [Compare Source](https://redirect.github.com/pallets/flask/compare/3.0.3...3.1.0) Released 2024-11-13 - Drop support for Python 3.8. :pr:`5623` - Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:`5624,5633` - Provide a configuration option to control automatic option responses. :pr:`5496` - `Flask.open_resource`/`open_instance_resource` and `Blueprint.open_resource` take an `encoding` parameter to use when opening in text mode. It defaults to `utf-8`. :issue:`5504` - `Request.max_content_length` can be customized per-request instead of only through the `MAX_CONTENT_LENGTH` config. Added `MAX_FORM_MEMORY_SIZE` and `MAX_FORM_PARTS` config. Added documentation about resource limits to the security page. :issue:`5625` - Add support for the `Partitioned` cookie attribute (CHIPS), with the `SESSION_COOKIE_PARTITIONED` config. :issue:`5472` - `-e path` takes precedence over default `.env` and `.flaskenv` files. `load_dotenv` loads default files in addition to a path unless `load_defaults=False` is passed. :issue:`5628` - Support key rotation with the `SECRET_KEY_FALLBACKS` config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:`5621` - Fix how setting `host_matching=True` or `subdomain_matching=False` interacts with `SERVER_NAME`. Setting `SERVER_NAME` no longer restricts requests to only that domain. :issue:`5553` - `Request.trusted_hosts` is checked during routing, and can be set through the `TRUSTED_HOSTS` config. :issue:`5636`Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.