This is a fix release for the 3.0.x feature release branch.
Fixes an issue where using other JSON providers, such as flask-orjson, previously caused loaded session data to have an incorrect format in some cases.
Correct type for path argument to send_file. :issue:5230
Fix a typo in an error message for the flask run --key option. :pr:5344
Session data is untagged without relying on the built-in json.loadsobject_hook. This allows other JSON providers that don't implement that.
:issue:5381
Address more type findings when using mypy strict mode. :pr:5383
Version 3.0.0
Released 2023-09-30
Remove previously deprecated code. :pr:5223
Deprecate the __version__ attribute. Use feature detection, or
importlib.metadata.version("flask"), instead. :issue:5230
Restructure the code such that the Flask (app) and Blueprint
classes have Sans-IO bases. :pr:5127
Allow self as an argument to url_for. :pr:5264
Require Werkzeug >= 3.0.0.
Version 2.3.3
Released 2023-08-21
Python 3.12 compatibility.
Require Werkzeug >= 2.3.7.
Use flit_core instead of setuptools as build backend.
Refactor how an app's root and instance paths are determined. :issue:5160
Version 2.3.2
Released 2023-05-01
Set Vary: Cookie header when the session is accessed, modified, or refreshed.
Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Updates the requirements on flask to permit the latest version.
Release notes
Sourced from flask's releases.
Changelog
Sourced from flask's changelog.
... (truncated)
Commits
f622b1c
release version 3.0.15fcc999
fix create release actionda3a0dd
fix slsa generator version5e059be
update actions versionsbae6ee8
address mypy strict findings (#5383)81b3c85
update requirements08d3185
update pre-commit hooks6000e80
address mypy strict findings5a48a0f
untag withoutobject_hook
(#5382)700fc7d
untag without object_hookDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show