Release notes
*Sourced from [flask's releases](https://github.com/pallets/flask/releases).*
> ## 1.0
> The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/
>
> There are over a year's worth of changes in this release. Many features have been improved or changed. [Read the changelog](http://flask.pocoo.org/docs/1.0/changelog/) to understand how your project's code will be affected.
>
>
> JSON Security Fix
> ------------------
>
> Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.
>
> Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.
>
>
> Install or Upgrade
> -------------------
>
> Install from [PyPI](https://pypi.org/project/Flask/) with pip:
>
> pip install -U Flask
>
> ## 0.12.4
> This is a repackage of [0.12.3](https://github.com/pallets/flask/releases/0.12.3) to fix an issue with how the package was built.
>
>
> Upgrade
> --------
>
> Upgrade from [PyPI](https://pypi.org/project/Flask/0.12.4/) with pip. Use a version identifier if you want to stay at 0.12:
>
> pip install -U 'Flask~=0.12.4'
>
> ## 0.12.3
> This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the [1.0 announcement](https://github.com/pallets/flask/blob/flask-1-0-released) and update to it instead if possible.
>
>
> JSON Security Fix
> ------------------
>
> Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.
>
> Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.
>
>
> Upgrade
> --------
>
> Upgrade from [PyPI](https://pypi.org/project/Flask/) with pip. Use a version identifier if you want to stay at 0.12:
>
> pip install -U 'Flask~=0.12.3'
> ... (truncated)
Changelog
*Sourced from [flask's changelog](https://github.com/pallets/flask/blob/master/CHANGES.rst).*
> Version 1.0
> -----------
>
> Released 2018-04-26
>
> - Python 2.6 and 3.3 are no longer supported.
> - Bump minimum dependency versions to the latest stable versions:
> Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1.
> :issue:`2586`
> - Skip :meth:`app.run ` when a Flask application is run
> from the command line. This avoids some behavior that was confusing
> to debug.
> - Change the default for :data:`JSONIFY_PRETTYPRINT_REGULAR` to
> ``False``. :func:`~json.jsonify` returns a compact format by
> default, and an indented format in debug mode. :pr:`2193`
> - :meth:`Flask.__init__ ` accepts the ``host_matching``
> argument and sets it on :attr:`~Flask.url_map`. :issue:`1559`
> - :meth:`Flask.__init__ ` accepts the ``static_host`` argument
> and passes it as the ``host`` argument when defining the static
> route. :issue:`1559`
> - :func:`send_file` supports Unicode in ``attachment_filename``.
> :pr:`2223`
> - Pass ``_scheme`` argument from :func:`url_for` to
> :meth:`~Flask.handle_url_build_error`. :pr:`2017`
> - :meth:`~Flask.add_url_rule` accepts the
> ``provide_automatic_options`` argument to disable adding the
> ``OPTIONS`` method. :pr:`1489`
> - :class:`~views.MethodView` subclasses inherit method handlers from
> base classes. :pr:`1936`
> - Errors caused while opening the session at the beginning of the
> request are handled by the app's error handlers. :pr:`2254`
> - Blueprints gained :attr:`~Blueprint.json_encoder` and
> :attr:`~Blueprint.json_decoder` attributes to override the app's
> encoder and decoder. :pr:`1898`
> - :meth:`Flask.make_response` raises ``TypeError`` instead of
> ``ValueError`` for bad response types. The error messages have been
> improved to describe why the type is invalid. :pr:`2256`
> - Add ``routes`` CLI command to output routes registered on the
> application. :pr:`2259`
> - Show warning when session cookie domain is a bare hostname or an IP
> address, as these may not behave properly in some browsers, such as
> Chrome. :pr:`2282`
> - Allow IP address as exact session cookie domain. :pr:`2282`
> - ``SESSION_COOKIE_DOMAIN`` is set if it is detected through
> ``SERVER_NAME``. :pr:`2282`
> - Auto-detect zero-argument app factory called ``create_app`` or
> ``make_app`` from ``FLASK_APP``. :pr:`2297`
> - Factory functions are not required to take a ``script_info``
> parameter to work with the ``flask`` command. If they take a single
> parameter or a parameter named ``script_info``, the
> ... (truncated)
Commits
- [`291f3c3`](https://github.com/pallets/flask/commit/291f3c338c4d302dbde01ab9153a7817e5a780f5) Bump version number to 1.0
- [`36e68a4`](https://github.com/pallets/flask/commit/36e68a439a073e927b1801704fc7921be58262e1) release 1.0
- [`216151c`](https://github.com/pallets/flask/commit/216151c8a3c02e805fe5d1824708253f7e01e77f) Merge branch '0.12-maintenance'
- [`23047a7`](https://github.com/pallets/flask/commit/23047a71fd7da13be7b545f30807f38f4d9ecb25) Bump version number to 0.12.4.dev
- [`1a9e58e`](https://github.com/pallets/flask/commit/1a9e58e8c97c47c969736d46410f724f4e834f54) Bump version number to 0.12.3
- [`63deee0`](https://github.com/pallets/flask/commit/63deee0a8b0963f1657e2d327773d65632a387d3) release 0.12.3
- [`062745b`](https://github.com/pallets/flask/commit/062745b23f7abaafb144e3d94b6fbdf8ccc456b9) Merge pull request [#2720](https://github-redirect.dependabot.com/pallets/flask/issues/2720) from pallets/setup-link
- [`5c8110d`](https://github.com/pallets/flask/commit/5c8110de25f08bf20e9fda6611403dc5c59ec849) ensure order of project urls
- [`10a77a5`](https://github.com/pallets/flask/commit/10a77a54309876a6aba2e3303d291498c0a9318c) Add project_urls so that PyPI will show GitHub stats.
- [`22992a0`](https://github.com/pallets/flask/commit/22992a0d533f7f68e9fa1845c86dae230d8ff9ba) add donate link
- Additional commits viewable in [compare view](https://github.com/pallets/flask/compare/0.10.1...1.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/not-nexus/shelf/network/alerts).
Bumps flask from 0.10.1 to 1.0.
Release notes
*Sourced from [flask's releases](https://github.com/pallets/flask/releases).* > ## 1.0 > The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/ > > There are over a year's worth of changes in this release. Many features have been improved or changed. [Read the changelog](http://flask.pocoo.org/docs/1.0/changelog/) to understand how your project's code will be affected. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Install or Upgrade > ------------------- > > Install from [PyPI](https://pypi.org/project/Flask/) with pip: > > pip install -U Flask > > ## 0.12.4 > This is a repackage of [0.12.3](https://github.com/pallets/flask/releases/0.12.3) to fix an issue with how the package was built. > > > Upgrade > -------- > > Upgrade from [PyPI](https://pypi.org/project/Flask/0.12.4/) with pip. Use a version identifier if you want to stay at 0.12: > > pip install -U 'Flask~=0.12.4' > > ## 0.12.3 > This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the [1.0 announcement](https://github.com/pallets/flask/blob/flask-1-0-released) and update to it instead if possible. > > > JSON Security Fix > ------------------ > > Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request. > > Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request. > > > Upgrade > -------- > > Upgrade from [PyPI](https://pypi.org/project/Flask/) with pip. Use a version identifier if you want to stay at 0.12: > > pip install -U 'Flask~=0.12.3' > ... (truncated)Changelog
*Sourced from [flask's changelog](https://github.com/pallets/flask/blob/master/CHANGES.rst).* > Version 1.0 > ----------- > > Released 2018-04-26 > > - Python 2.6 and 3.3 are no longer supported. > - Bump minimum dependency versions to the latest stable versions: > Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1. > :issue:`2586` > - Skip :meth:`app.runCommits
- [`291f3c3`](https://github.com/pallets/flask/commit/291f3c338c4d302dbde01ab9153a7817e5a780f5) Bump version number to 1.0 - [`36e68a4`](https://github.com/pallets/flask/commit/36e68a439a073e927b1801704fc7921be58262e1) release 1.0 - [`216151c`](https://github.com/pallets/flask/commit/216151c8a3c02e805fe5d1824708253f7e01e77f) Merge branch '0.12-maintenance' - [`23047a7`](https://github.com/pallets/flask/commit/23047a71fd7da13be7b545f30807f38f4d9ecb25) Bump version number to 0.12.4.dev - [`1a9e58e`](https://github.com/pallets/flask/commit/1a9e58e8c97c47c969736d46410f724f4e834f54) Bump version number to 0.12.3 - [`63deee0`](https://github.com/pallets/flask/commit/63deee0a8b0963f1657e2d327773d65632a387d3) release 0.12.3 - [`062745b`](https://github.com/pallets/flask/commit/062745b23f7abaafb144e3d94b6fbdf8ccc456b9) Merge pull request [#2720](https://github-redirect.dependabot.com/pallets/flask/issues/2720) from pallets/setup-link - [`5c8110d`](https://github.com/pallets/flask/commit/5c8110de25f08bf20e9fda6611403dc5c59ec849) ensure order of project urls - [`10a77a5`](https://github.com/pallets/flask/commit/10a77a54309876a6aba2e3303d291498c0a9318c) Add project_urls so that PyPI will show GitHub stats. - [`22992a0`](https://github.com/pallets/flask/commit/22992a0d533f7f68e9fa1845c86dae230d8ff9ba) add donate link - Additional commits viewable in [compare view](https://github.com/pallets/flask/compare/0.10.1...1.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/not-nexus/shelf/network/alerts).