[PR #294] [CLOSED] Scheduled weekly dependency update for week 43 #303

New issue

Closed

opened 2026-02-26 01:33:57 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 01:33:57 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/jeffknupp/sandman2/pull/294
Author: @pyup-bot
Created: 10/24/2022
Status: ❌ Closed

Base: master ← Head: pyup-scheduled-update-2022-10-24

---

📝 Commits (10+)

• 90b784f Update flask from 1.1.2 to 2.2.2
• 03fb574 Update flask-admin from 1.5.7 to 1.6.0
• 211b7bc Update flask-sqlalchemy from 2.4.4 to 3.0.2
• 8665974 Update sqlalchemy from 1.3.20 to 1.4.42
• 88877c0 Update wtforms from 2.3.3 to 3.0.1
• 9b2efe5 Update coverage from 5.3 to 6.5.0
• 242664e Update pytest from 6.2.0 to 7.1.3
• ebf810d Update flask-cors from 3.0.9 to 3.0.10
• e005ff4 Update pytest-cov from 2.10.1 to 4.0.0
• a3445bf Update pytest-flask from 1.1.0 to 1.2.0

📊 Changes

1 file changed (+14 additions, -14 deletions)

View changed files

📝 requirements.txt (+14 -14)

📄 Description

Update Flask from 1.1.2 to 2.2.2.

Changelog

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``setuptools`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://pyup.io/changelogs/flask/
• Homepage: https://palletsprojects.com/p/flask

Update Flask-Admin from 1.5.7 to 1.6.0.

Changelog

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://pyup.io/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.0.2.

Changelog

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have
 changed to return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://pyup.io/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/flask-sqlalchemy/

Update SQLAlchemy from 1.3.20 to 1.4.42.

Changelog

1.4.27

:include_notes_from: unreleased_14

.. changelog::

1.4.26

:released: October 19, 2021

 .. change::
     :tags: orm
     :tickets: 6284

     Passing a :class:`.Query` object to :meth:`_orm.Session.execute` is not
     the intended use of this object, and will now raise a deprecation warning.

 .. change::
     :tags: bug, postgresql
     :tickets: 5387

     Added a "disconnect" condition for the "SSL SYSCALL error: Bad address"
     error message as reported by psycopg2. Pull request courtesy Zeke Brechtel.

 .. change::
     :tags: bug, orm

     Improved the exception message generated when configuring a mapping with
     joined table inheritance where the two tables either have no foreign key
     relationships set up, or where they have multiple foreign key relationships
     set up. The message is now ORM specific and includes context that the
     :paramref:`_orm.Mapper.inherit_condition` parameter may be needed
     particularly for the ambiguous foreign keys case.


 .. change::
     :tags: bug, sql
     :tickets: 6520

     Fixed issue where SQL queries using the
     :meth:`_functions.FunctionElement.within_group` construct could not be
     pickled, typically when using the ``sqlalchemy.ext.serializer`` extension
     but also for general generic pickling.

 .. change::
     :tags: bug, orm
     :tickets: 7189

     Fixed issue with :func:`_orm.with_loader_criteria` feature where ON
     criteria would not be added to a JOIN for a query of the form
     ``select(A).join(B)``, stating a target while making use of an implicit
     ON clause.

 .. change::
     :tags: bug, orm
     :tickets: 7205

     Fixed bug where the ORM "plugin", necessary for features such as
     :func:`_orm.with_loader_criteria` to work correctly, would not be applied
     to a :func:`_sql.select` which queried from an ORM column expression if it
     made use of the :meth:`_sql.ColumnElement.label` modifier.



 .. change::
     :tags: bug, mypy
     :tickets: 6435

     Fixed issue in mypy plugin to improve upon some issues detecting ``Enum()``
     SQL types containing custom Python enumeration classes. Pull request
     courtesy Hiroshi Ogawa.

 .. change::
     :tags: bug, mysql
     :tickets: 7144

     Fixed issue in MySQL :func:`_mysql.match` construct where passing a clause
     expression such as :func:`_sql.bindparam` or other SQL expression for the
     "against" parameter would fail. Pull request courtesy Anton Kovalevich.


 .. change::
     :tags: bug, mssql
     :tickets: 7160

     Fixed issue with :meth:`.Inspector.get_foreign_keys` where foreign
     keys were omitted if they were established against a unique
     index instead of a unique constraint.


 .. change::
     :tags: usecase, mssql

     Added reflection support for SQL Server foreign key options, including
     "ON UPDATE" and "ON DELETE" values of "CASCADE" and "SET NULL".

 .. change::
     :tags: bug, sql
     :tickets: 4123

     Repaired issue in new :paramref:`_sql.HasCTE.cte.nesting` parameter
     introduced with :ticket:`4123` where a recursive :class:`_sql.CTE` using
     :paramref:`_sql.HasCTE.cte.recursive` in typical conjunction with UNION
     would not compile correctly.  Additionally makes some adjustments so that
     the :class:`_sql.CTE` construct creates a correct cache key.
     Pull request courtesy Eric Masseran.

 .. change::
     :tags: bug, engine
     :tickets: 7130

     Fixed issue where the deprecation warning for the :class:`.URL` constructor
     which indicates that the :meth:`.URL.create` method should be used would
     not emit if a full positional argument list of seven arguments were passed;
     additionally, validation of URL arguments will now occur if the constructor
     is called in this way, which was being skipped previously.

 .. change::
     :tags: bug, orm
     :tickets: 7103

     Add missing methods added in :ticket:`6991` to
     :class:`_scoping.scoped_session` and :func:`_asyncio.async_scoped_session`.

 .. change::
     :tags: bug, examples
     :tickets: 7169

     Repaired the examples in examples/versioned_rows to use SQLAlchemy 1.4 APIs
     correctly; these examples had been missed when API changes like removing
     "passive" from :meth:`_orm.Session.is_modified` were made as well as the
     :meth:`_ormevents.SessionEvents.do_orm_execute()` event hook were added.

 .. change::
     :tags: bug, orm
     :tickets: 6974, 6972

     An extra layer of warning messages has been added to the functionality
     of :meth:`_orm.Query.join` and the ORM version of
     :meth:`_sql.Select.join`, where a few places where "automatic aliasing"
     continues to occur will now be called out as a pattern to avoid, mostly
     specific to the area of joined table inheritance where classes that share
     common base tables are being joined together without using explicit aliases.
     One case emits a legacy warning for a pattern that's not recommended,
     the other case is fully deprecated.

     The automatic aliasing within ORM join() which occurs for overlapping
     mapped tables does not work consistently with all APIs such as
     :func:`_orm.contains_eager()`, and rather than continue to try to make
     these use cases work everywhere, replacing with a more user-explicit
     pattern is clearer, less prone to bugs and simplifies SQLAlchemy's
     internals further.

     The warnings include links to the errors.rst page where each pattern is
     demonstrated along with the recommended pattern to fix.

     .. seealso::

         :ref:`error_xaj1`

         :ref:`error_xaj2`

 .. change::
     :tags: bug, sql
     :tickets: 7061

     Account for the :paramref:`_sql.table.schema` parameter passed to
     the :func:`_sql.table` construct, such that it is taken into account
     when accessing the :attr:`_sql.TableClause.fullname` attribute.

 .. change::
     :tags: bug, sql
     :tickets: 7140

     Fixed an inconsistency in the :meth:`_sql.ColumnOperators.any_` /
     :meth:`_sql.ColumnOperators.all_` functions / methods where the special
     behavior these functions have of "flipping" the expression such that the
     "ANY" / "ALL" expression is always on the right side would not function if
     the comparison were against the None value, that is, "column.any_() ==
     None" should produce the same SQL expression as "null() == column.any_()".
     Added more docs to clarify this as well, plus mentions that any_() / all_()
     generally supersede the ARRAY version "any()" / "all()".

 .. change::
     :tags: engine, bug, postgresql
     :tickets: 3247

     The :meth:`_reflection.Inspector.reflect_table` method now supports
     reflecting tables that do not have user defined columns. This allows
     :meth:`_schema.MetaData.reflect` to properly complete reflection on
     databases that contain such tables. Currently, only PostgreSQL is known to
     support such a construct among the common database backends.

 .. change::
     :tags: sql, bug, regression
     :tickets: 7177

     Fixed issue where "expanding IN" would fail to function correctly with
     datatypes that use the :meth:`_types.TypeEngine.bind_expression` method,
     where the method would need to be applied to each element of the
     IN expression rather than the overall IN expression itself.

 .. change::
     :tags: postgresql, bug, regression
     :tickets: 7177

     Fixed issue where IN expressions against a series of array elements, as can
     be done with PostgreSQL, would fail to function correctly due to multiple
     issues within the "expanding IN" feature of SQLAlchemy Core that was
     standardized in version 1.4.  The psycopg2 dialect now makes use of the
     :meth:`_types.TypeEngine.bind_expression` method with :class:`_types.ARRAY`
     to portably apply the correct casts to elements.  The asyncpg dialect was
     not affected by this issue as it applies bind-level casts at the driver
     level rather than at the compiler level.


 .. change::
     :tags: bug, mysql
     :tickets: 7204

     Fixed installation issue where the ``sqlalchemy.dialects.mysql`` module
     would not be importable if "greenlet" were not installed.

 .. change::
     :tags: bug, mssql
     :tickets: 7168

     Fixed issue with :meth:`.Inspector.has_table` where it would return False
     if a local temp table with the same name from a different session happened
     to be returned first when querying tempdb.  This is a continuation of
     :ticket:`6910` which accounted for the temp table existing only in the
     alternate session and not the current one.

 .. change::
     :tags: bug, orm
     :tickets: 7128

     Fixed bug where iterating a :class:`.Result` from a :class:`_orm.Session`
     after that :class:`_orm.Session` were closed would partially attach objects
     to that session in an essentially invalid state. It now raises an exception
     with a link to new documentation if an **un-buffered** result is iterated
     from a :class:`_orm.Session` that was closed or otherwise had the
     :meth:`_orm.Session.expunge_all` method called after that :class:`.Result`
     was generated. The ``prebuffer_rows`` execution option, as is used
     automatically by the asyncio extension for client-side result sets, may be
     used to produce a :class:`.Result` where the ORM objects are prebuffered,
     and in this case iterating the result will produce a series of detached
     objects.

     .. seealso::

         :ref:`error_lkrp`

 .. change::
     :tags: bug, mssql, regression
     :tickets: 7129

     Fixed bug in SQL Server :class:`_mssql.DATETIMEOFFSET` datatype where the
     ODBC implementation would not generate the correct DDL, for cases where the
     type were converted using the ``dialect.type_descriptor()`` method, the
     usage of which is illustrated in some documented examples for
     :class:`.TypeDecorator`, though not necessary for most datatypes.
     Regression was introduced by :ticket:`6366`. As part of this change, the
     full list of SQL Server date types have been amended to return a "dialect
     impl" that generates the same DDL name as the supertype.

 .. change::
     :tags: bug, sql
     :tickets: 7153

     Adjusted the "column disambiguation" logic that's new in 1.4, where the
     same expression repeated gets an "extra anonymous" label, so that the logic
     more aggressively deduplicates those labels when the repeated element
     is the same Python expression object each time, as occurs in cases like
     when using "singleton" values like :func:`_sql.null`.  This is based on
     the observation that at least some databases (e.g. MySQL, but not SQLite)
     will raise an error if the same label is repeated inside of a subquery.

 .. change::
     :tags: bug, orm
     :tickets: 7154

     Related to :ticket:`7153`, fixed an issue where result column lookups would
     fail for "adapted" SELECT statements that selected for "constant" value
     expressions most typically the NULL expression, as would occur in such
     places as joined eager loading in conjunction with limit/offset. This was
     overall a regression due to issue :ticket:`6259` which removed all
     "adaption" for constants like NULL, "true", and "false" when rewriting
     expressions in a SQL statement, but this broke the case where the same
     adaption logic were used to resolve the constant to a labeled expression
     for the purposes of result set targeting.

 .. change::
     :tags: bug, orm, regression
     :tickets: 7134

     Fixed regression where ORM loaded objects could not be pickled in cases
     where loader options making use of ``"*"`` were used in certain
     combinations, such as combining the :func:`_orm.joinedload` loader strategy
     with ``raiseload('*')`` of sub-elements.


 .. change::
     :tags: bug, engine
     :tickets: 7077

     Implemented proper ``__reduce__()`` methods for all SQLAlchemy exception
     objects to ensure they all support clean round trips when pickling, as
     exception objects are often serialized for the purposes of various
     debugging tools.

 .. change::
     :tags: bug, orm, regression
     :tickets: 7209

     Fixed regression where the use of a :class:`_hybrid.hybrid_property`
     attribute or a mapped :func:`_orm.composite` attribute as a key passed to
     the :meth:`_dml.Update.values` method for an ORM-enabled
     :class:`_dml.Update` statement, as well as when using it via the legacy
     :meth:`_orm.Query.update` method, would be processed for incoming
     ORM/hybrid/composite values within the compilation stage of the UPDATE
     statement, which meant that in those cases where caching occurred,
     subsequent invocations of the same statement would no longer receive the
     correct values. This would include not only hybrids that use the
     :meth:`_hybrid.hybrid_property.update_expression` method, but any use of a
     plain hybrid attribute as well. For composites, the issue instead caused a
     non-repeatable cache key to be generated, which would break caching and
     could fill up the statement cache with repeated statements.

     The :class:`_dml.Update` construct now handles the processing of key/value
     pairs passed to :meth:`_dml.Update.values` and
     :meth:`_dml.Update.ordered_values` up front when the construct is first
     generated, before the cache key has been generated so that the key/value
     pairs are processed each time, and so that the cache key is generated
     against the individual column/value pairs that will ultimately be
     used in the statement.


.. changelog::

1.4.25

:released: September 22, 2021

 .. change::
     :tags: bug, platform, regression
     :tickets: 7024

     Fixed regression due to :ticket:`7024` where the reorganization of the
     "platform machine" names used by the ``greenlet`` dependency mis-spelled
     "aarch64" and additionally omitted uppercase "AMD64" as is needed for
     Windows machines. Pull request courtesy James Dow.

.. changelog::

1.4.24

:released: September 22, 2021

 .. change::
     :tags: bug, asyncio
     :tickets: 6943

     Fixed a bug in :meth:`_asyncio.AsyncSession.execute` and
     :meth:`_asyncio.AsyncSession.stream` that required ``execution_options``
     to be an instance of ``immutabledict`` when defined. It now
     correctly accepts any mapping.

 .. change::
     :tags: engine, asyncio, usecase
     :tickets: 6832

     Improve the interface used by adapted drivers, like the asyncio ones,
     to access the actual connection object returned by the driver.

     The :class:`._ConnectionFairy` object has two new attributes:

     * :attr:`._ConnectionFairy.dbapi_connection` always represents a DBAPI
       compatible object. For pep-249 drivers, this is the DBAPI connection as
       it always has been, previously accessed under the ``.connection``
       attribute. For asyncio drivers that SQLAlchemy adapts into a pep-249
       interface, the returned object will normally be a SQLAlchemy adaption
       object called :class:`_engine.AdaptedConnection`.
     * :attr:`._ConnectionFairy.driver_connection` always represents the actual
       connection object maintained by the third party pep-249 DBAPI or async
       driver in use. For standard pep-249 DBAPIs, this will always be the same
       object as that of the ``dbapi_connection``. For an asyncio driver, it
       will be the underlying asyncio-only connection object.

     The ``.connection`` attribute remains available and is now a legacy alias
     of ``.dbapi_connection``.

     .. seealso::

         :ref:`faq_dbapi_connection`


 .. change::
     :tags: bug, sql
     :tickets: 7052

     Implemented missing methods in :class:`_functions.FunctionElement` which,
     while unused, would lead pylint to report them as unimplemented abstract
     methods.

 .. change::
     :tags: bug, mssql, reflection
     :tickets: 6910

     Fixed an issue where :meth:`_reflection.has_table` returned
     ``True`` for local temporary tables that actually belonged to a
     different SQL Server session (connection). An extra check is now
     performed to ensure that the temp table detected is in fact owned
     by the current session.

 .. change::
     :tags: bug, engine, regression
     :tickets: 6913

     Fixed issue where the ability of the
     :meth:`_events.ConnectionEvents.before_execute` method to alter the SQL
     statement object passed, returning the new object to be invoked, was
     inadvertently removed. This behavior has been restored.


 .. change::
     :tags: bug, engine
     :tickets: 6958

     Ensure that ``str()`` is called on the an
     :paramref:`_url.URL.create.password` argument, allowing usage of objects
     that implement the ``__str__()`` method as password attributes. Also
     clarified that one such object is not appropriate to dynamically change the
     password for each database connection; the approaches at
     :ref:`engines_dynamic_tokens` should be used instead.

 .. change::
     :tags: bug, orm, regression
     :tickets: 6979

     Fixed ORM issue where column expressions passed to ``query()`` or
     ORM-enabled ``select()`` would be deduplicated on the identity of the
     object, such as a phrase like ``select(A.id, null(), null())`` would
     produce only one "NULL" expression, which previously was not the case in
     1.3. However, the change also allows for ORM expressions to render as given
     as well, such as ``select(A.data, A.data)`` will produce a result row with
     two columns.

 .. change::
     :tags: bug, engine
     :tickets: 6983

     Fixed issue in :class:`_engine.URL` where validation of "drivername" would
     not appropriately respond to the ``None`` value where a string were
     expected.

 .. change::
     :tags: bug, mypy
     :tickets: 6950

     Fixed issue where mypy plugin would crash when interpreting a
     ``query_expression()`` construct.

 .. change::
     :tags: usecase, sql
     :tickets: 4123

     Added new parameter :paramref:`_sql.HasCTE.cte.nesting` to the
     :class:`_sql.CTE` constructor and :meth:`_sql.HasCTE.cte` method, which
     flags the CTE as one which should remain nested within an enclosing CTE,
     rather than being moved to the top level of the outermost SELECT. While in
     the vast majority of cases there is no difference in SQL functionality,
     users have identified various edge-cases where true nesting of CTE
     constructs is desirable. Much thanks to Eric Masseran for lots of work on
     this intricate feature.

 .. change::
     :tags: usecase, engine, orm
     :tickets: 6990

     Added new methods :meth:`_orm.Session.scalars`,
     :meth:`_engine.Connection.scalars`, :meth:`_asyncio.AsyncSession.scalars`
     and :meth:`_asyncio.AsyncSession.stream_scalars`, which provide a short cut
     to the use case of receiving a row-oriented :class:`_result.Result` object
     and converting it to a :class:`_result.ScalarResult` object via the
     :meth:`_engine.Result.scalars` method, to return a list of values rather
     than a list of rows. The new methods are analogous to the long existing
     :meth:`_orm.Session.scalar` and :meth:`_engine.Connection.scalar` methods
     used to return a single value from the first row only. Pull request
     courtesy Miguel Grinberg.

 .. change::
     :tags: usecase, orm
     :tickets: 6955

     Added loader options to :meth:`_orm.Session.merge` and
     :meth:`_asyncio.AsyncSession.merge` via a new
     :paramref:`_orm.Session.merge.options` parameter, which will apply the
     given loader options to the ``get()`` used internally by merge, allowing
     eager loading of relationships etc. to be applied when the merge process
     loads a new object. Pull request courtesy Daniel Stone.

 .. change::
     :tags: feature, asyncio, mysql
     :tickets: 6993

     Added initial support for the ``asyncmy`` asyncio database driver for MySQL
     and MariaDB. This driver is very new, however appears to be the only
     current alternative to the ``aiomysql`` driver which currently appears to
     be unmaintained and is not working with current Python versions. Much
     thanks to long2ice for the pull request for this dialect.

     .. seealso::

         :ref:`asyncmy`

 .. change::
     :tags: bug, asyncio

     Added missing ``**kw`` arguments to the
     :meth:`_asyncio.AsyncSession.connection` method.

 .. change::
     :tags: bug, sql
     :tickets: 7055

     Fixed a two issues where combinations of ``select()`` and ``join()`` when
     adapted to form a copy of the element would not completely copy the state
     of all column objects associated with subqueries. A key problem this caused
     is that usage of the :meth:`_sql.ClauseElement.params` method (which should
     probably be moved into a legacy category as it is inefficient and error
     prone) would leave copies of the old :class:`_sql.BindParameter` objects
     around, leading to issues in correctly setting the parameters at execution
     time.



 .. change::
     :tags: bug, orm, regression
     :tickets: 6924

     Fixed issue in recently repaired ``Query.with_entities()`` method where the
     flag that determines automatic uniquing for legacy ORM ``Query`` objects
     only would be set to ``True`` inappropriately in cases where the
     ``with_entities()`` call would be setting the ``Query`` to return
     column-only rows, which are not uniqued.

 .. change::
     :tags: bug, postgresql
     :tickets: 6912

     Qualify ``version()`` call to avoid shadowing issues if a different
     search path is configured by the user.

 .. change::
     :tags: bug, engine, postgresql
     :tickets: 6963

     Fixed issue where an engine that had
     :paramref:`_sa.create_engine.implicit_returning` set to False would fail to
     function when PostgreSQL's "fast insertmany" feature were used in
     conjunction with a ``Sequence``, as well as if any kind of "executemany"
     with "return_defaults()" were used in conjunction with a ``Sequence``. Note
     that PostgreSQL "fast insertmany" uses "RETURNING" by definition, when the
     SQL statement is passed to the driver; overall, the
     :paramref:`_sa.create_engine.implicit_returning` flag is legacy and has no
     real use in modern SQLAlchemy, and will be deprecated in a separate change.

 .. change::
     :tags: bug, mypy
     :tickets: 6937

     Fixed issue in mypy plugin where columns on a mixin would not be correctly
     interpreted if the mapped class relied upon a ``__tablename__`` routine
     that came from a superclass.

 .. change::
     :tags: bug, postgresql
     :tickets: 6106

     The :class:`_postgresql.ENUM` datatype is PostgreSQL-native and therefore
     should not be used with the ``native_enum=False`` flag. This flag is now
     ignored if passed to the :class:`_postgresql.ENUM` datatype and a warning
     is emitted; previously the flag would cause the type object to fail to
     function correctly.


 .. change::
     :tags: bug, sql
     :tickets: 7036

     Fixed issue related to new :meth:`_sql.HasCTE.add_cte` feature where
     pairing two "INSERT..FROM SELECT" statements simultaneously would lose
     track of the two independent SELECT statements, leading to the wrong SQL.

 .. change::
     :tags: asyncio, bug
     :tickets: 6746

     Deprecate usage of :class:`_orm.scoped_session` with asyncio drivers. When
     using Asyncio the :class:`_asyncio.async_scoped_session` should be used
     instead.

 .. change::
     :tags: bug, platform
     :tickets: 7024

     Further adjusted the "greenlet" package specifier in setup.cfg to use a
     long chain of "or" expressions, so that the comparison of
     ``platform_machine`` to a specific identifier matches only the complete
     string.

 .. change::
     :tags: bug, sqlite

     Fixed bug where the error message for SQLite invalid isolation level on the
     pysqlite driver would fail to indicate that "AUTOCOMMIT" is one of the
     valid isolation levels.

 .. change::
     :tags: bug, sql
     :tickets: 7060

     Fixed issue where using ORM column expressions as keys in the list of
     dictionaries passed to :meth:`_sql.Insert.values` for "multi-valued insert"
     would not be processed correctly into the correct column expressions.

 .. change::
     :tags: asyncio, usecase
     :tickets: 6746

     The :class:`_asyncio.AsyncSession` now supports overriding which
     :class:`_orm.Session` it uses as the proxied instance. A custom ``Session``
     class can be passed using the :paramref:`.AsyncSession.sync_session_class`
     parameter or by subclassing the ``AsyncSession`` and specifying a custom
     :attr:`.AsyncSession.sync_session_class`.

 .. change::
     :tags: bug, oracle, performance
     :tickets: 4486

     Added a CAST(VARCHAR2(128)) to the "table name", "owner", and other
     DDL-name parameters as used in reflection queries against Oracle system
     views such as ALL_TABLES, ALL_TAB_CONSTRAINTS, etc to better enable
     indexing to take place against these columns, as they previously would be
     implicitly handled as NVARCHAR2 due to Python's use of Unicode for strings;
     these columns are documented in all Oracle versions as being VARCHAR2 with
     lengths varying from 30 to 128 characters depending on server version.
     Additionally, test support has been enabled for Unicode-named DDL
     structures against Oracle databases.

.. changelog::

1.4.23

:released: August 18, 2021

 .. change::
     :tags: bug, sql
     :tickets: 6752

     Fix issue in :class:`_sql.CTE` where new :meth:`_sql.HasCTE.add_cte` method
     added in version 1.4.21 / :ticket:`6752` failed to function correctly for
     "compound select" structures such as :func:`_sql.union`,
     :func:`_sql.union_all`, :func:`_sql.except`, etc. Pull request courtesy
     Eric Masseran.

 .. change::
     :tags: orm, usecase
     :tickets: 6808

     Added new attribute :attr:`_sql.Select.columns_clause_froms` that will
     retrieve the FROM list implied by the columns clause of the
     :class:`_sql.Select` statement. This differs from the old
     :attr:`_sql.Select.froms` collection in that it does not perform any ORM
     compilation steps, which necessarily deannotate the FROM elements and do
     things like compute joinedloads etc., which makes it not an appropriate
     candidate for the :meth:`_sql.Select.select_from` method. Additionally adds
     a new parameter
     :paramref:`_sql.Select.with_only_columns.maintain_column_froms` that
     transfers this collection to :meth:`_sql.Select.select_from` before
     replacing the columns collection.

     In addition, the :attr:`_sql.Select.froms` is renamed to
     :meth:`_sql.Select.get_final_froms`, to stress that this collection is not
     a simple accessor and is instead calculated given the full state of the
     object, which can be an expensive call when used in an ORM context.

     Additionally fixes a regression involving the
     :func:`_orm.with_only_columns` function to support applying criteria to
     column elements that were replaced with either
     :meth:`_sql.Select.with_only_columns` or :meth:`_orm.Query.with_entities` ,
     which had broken as part of :ticket:`6503` released in 1.4.19.

 .. change::
     :tags: bug, orm, sql
     :tickets: 6824

     Fixed issue where a bound parameter object that was "cloned" would cause a
     name conflict in the compiler, if more than one clone of this parameter
     were used at the same time in a single statement. This could occur in
     particular with things like ORM single table inheritance queries that
     indicated the same "discriminator" value multiple times in one query.


 .. change::
     :tags: bug, mssql, sql
     :tickets: 6863

     Fixed issue where the ``literal_binds`` compiler flag, as used externally
     to render bound parameters inline, would fail to work when used with a
     certain class of parameters known as "literal_execute", which covers things
     like LIMIT and OFFSET values for dialects where the drivers don't allow a
     bound parameter, such as SQL Server's "TOP" clause.  The issue locally
     seemed to affect only the MSSQL dialect.

 .. change::
     :tags: bug, orm
     :tickets: 6869

     Fixed issue in loader strategies where the use of the
     :meth:`_orm.Load.options` method, particularly when nesting multiple calls,
     would generate an overly long and more importantly non-deterministic cache
     key, leading to very large cache keys which were also not allowing
     efficient cache usage, both in terms of total memory used as well as number
     of entries used in the cache itself.

 .. change::
     :tags: bug, sql
     :tickets: 6858

     Fixed an issue in the ``CacheKey.to_offline_string()`` method used by the
     dogpile.caching example where attempting to create a proper cache key from
     the special "lambda" query generated by the lazy loader would fail to
     include the parameter values, leading to an incorrect cache key.


 .. change::
     :tags: bug, orm
     :tickets: 6887

     Revised the means by which the
     :attr:`_orm.ORMExecuteState.user_defined_options` accessor receives
     :class:`_orm.UserDefinedOption` and related option objects from the
     context, with particular emphasis on the "selectinload" on the loader
     strategy where this previously was not working; other strategies did not
     have this problem. The objects that are associated with the current query
     being executed, and not that of a query being cached, are now propagated
     unconditionally. This essentially separates them out from the "loader
     strategy" options which are explicitly associated with the compiled state
     of a query and need to be used in relation to the cached query.

     The effect of this fix is that a user-defined option, such as those used
     by the dogpile.caching example as well as for other recipes such as
     defining a "shard id" for the horizontal sharing extension, will be
     correctly propagated to eager and lazy loaders regardless of whether
     a cached query was ultimately invoked.


 .. change::
     :tags: bug, sql
     :tickets: 6886

     Adjusted the "from linter" warning feature to accommodate for a chain of
     joins more than one level deep where the ON clauses don't explicitly match
     up the targets, such as an expression such as "ON TRUE". This mode of use
     is intended to cancel the cartesian product warning simply by the fact that
     there's a JOIN from "a to b", which was not working for the case where the
     chain of joins had more than one element.

 .. change::
     :tags: bug, postgresql
     :tickets: 6886

     Added the "is_comparison" flag to the PostgreSQL "overlaps",
     "contained_by", "contains" operators, so that they work in relevant ORM
     contexts as well as in conjunction with the "from linter" feature.

 .. change::
     :tags: bug, orm
     :tickets: 6812

     Fixed issue where the unit of work would internally use a 2.0-deprecated
     SQL expression form, emitting a deprecation warning when SQLALCHEMY_WARN_20
     were enabled.


 .. change::
     :tags: bug, orm
     :tickets: 6881

     Fixed issue in :func:`_orm.selectinload` where use of the new
     :meth:`_orm.PropComparator.and_` feature within options that were nested
     more than one level deep would fail to update bound parameter values that
     were in the nested criteria, as a side effect of SQL statement caching.


 .. change::
     :tags: bug, general
     :tickets: 6136

     The setup requirements have been modified such ``greenlet`` is a default
     requirement only for those platforms that are well known for ``greenlet``
     to be installable and for which there is already a pre-built binary on
     pypi; the current list is ``x86_64 aarch64 ppc64le amd64 win32``. For other
     platforms, greenlet will not install by default, which should enable
     installation and test suite running of SQLAlchemy 1.4 on platforms that
     don't support ``greenlet``, excluding any asyncio features. In order to
     install with the ``greenlet`` dependency included on a machine architecture
     outside of the above list, the ``[asyncio]`` extra may be included by
     running ``pip install sqlalchemy[asyncio]`` which will then attempt to
     install ``greenlet``.

     Additionally, the test suite has been repaired so that tests can complete
     fully when greenlet is not installed, with appropriate skips for
     asyncio-related tests.

 .. change::
     :tags: enum, schema
     :tickets: 6146

     Unify behaviour :class:`_schema.Enum` in native and non-native
     implementations regarding the accepted values for an enum with
     aliased elements.
     When :paramref:`_schema.Enum.omit_aliases` is ``False`` all values,
     alias included, are accepted as valid values.
     When :paramref:`_schema.Enum.omit_aliases` is ``True`` only non aliased values
     are accepted as valid values.

 .. change::
     :tags: bug, ext
     :tickets: 6816

     Fixed issue where the horizontal sharding extension would not correctly
     accommodate for a plain textual SQL statement passed to
     :meth:`_orm.Session.execute`.

 .. change::
     :tags: bug, orm
     :tickets: 6889, 6079

     Adjusted ORM loader internals to no longer use the "lambda caching" system
     that was added in 1.4, as well as repaired one location that was still
     using the previous "baked query" system for a query. The lambda caching
     system remains an effective way to reduce the overhead of building up
     queries that have relatively fixed usage patterns. In the case of loader
     strategies, the queries used are responsible for moving through lots of
     arbitrary options and criteria, which is both generated and sometimes
     consumed by end-user code, that make the lambda cache concept not any more
     efficient than not using it, at the cost of more complexity. In particular
     the problems noted by :ticket:`6881` and :ticket:`6887` are made are made
     considerably less complicated by removing this feature internally.



 .. change::
     :tags: bug, orm
     :tickets: 6889

     Fixed an issue where the :class:`_orm.Bundle` construct would not create
     proper cache keys, leading to inefficient use of the query cache.  This
     had some impact on the "selectinload" strategy and was identified as
     part of :ticket:`6889`.

 .. change::
     :tags: usecase, mypy
     :tickets: 6804, 6759

     Added support for SQLAlchemy classes to be defined in user code using
     "generic class" syntax as defined by ``sqlalchemy2-stubs``, e.g.
     ``Column[String]``, without the need for qualifying these constructs within
     a ``TYPE_CHECKING`` block by implementing the Python special method
     ``__class_getitem__()``, which allows this syntax to pass without error at
     runtime.

 .. change::
     :tags: bug, sql

     Fixed issue in lambda caching system where an element of a query that
     produces no cache key, like a custom option or clause element, would still
     populate the expression in the "lambda cache" inappropriately.

.. changelog::

1.4.22

:released: July 21, 2021

 .. change::
     :tags: bug, sql
     :tickets: 6786

     Fixed issue where use of the :paramref:`_sql.case.whens` parameter passing
     a

---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

## 📋 Pull Request Information **Original PR:** https://github.com/jeffknupp/sandman2/pull/294 **Author:** [@pyup-bot](https://github.com/pyup-bot) **Created:** 10/24/2022 **Status:** ❌ Closed **Base:** `master` ← **Head:** `pyup-scheduled-update-2022-10-24` --- ### 📝 Commits (10+) - [`90b784f`](https://github.com/jeffknupp/sandman2/commit/90b784fc1d7cc4d84215592da9583ce7efbf1e2b) Update flask from 1.1.2 to 2.2.2 - [`03fb574`](https://github.com/jeffknupp/sandman2/commit/03fb574d1da7b61e27a17679bad8bae1aa2a85e0) Update flask-admin from 1.5.7 to 1.6.0 - [`211b7bc`](https://github.com/jeffknupp/sandman2/commit/211b7bc71a15ccb93227506760ec1a9371772b90) Update flask-sqlalchemy from 2.4.4 to 3.0.2 - [`8665974`](https://github.com/jeffknupp/sandman2/commit/8665974a1a8bfd424403326a312f981f9a23dd89) Update sqlalchemy from 1.3.20 to 1.4.42 - [`88877c0`](https://github.com/jeffknupp/sandman2/commit/88877c063df9cc04c5620a1e958863bc49e1910c) Update wtforms from 2.3.3 to 3.0.1 - [`9b2efe5`](https://github.com/jeffknupp/sandman2/commit/9b2efe57648dbd827bae97d6679d6f1acbdfca98) Update coverage from 5.3 to 6.5.0 - [`242664e`](https://github.com/jeffknupp/sandman2/commit/242664e3590db443075e799d79419526b0fa6d57) Update pytest from 6.2.0 to 7.1.3 - [`ebf810d`](https://github.com/jeffknupp/sandman2/commit/ebf810d58a8103524e4c60bf74b9bc69fc56b693) Update flask-cors from 3.0.9 to 3.0.10 - [`e005ff4`](https://github.com/jeffknupp/sandman2/commit/e005ff4261ec8bca519ad38531aa02c25de5e9f8) Update pytest-cov from 2.10.1 to 4.0.0 - [`a3445bf`](https://github.com/jeffknupp/sandman2/commit/a3445bf4467765e7999ea541b900c9704a185b46) Update pytest-flask from 1.1.0 to 1.2.0 ### 📊 Changes **1 file changed** (+14 additions, -14 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+14 -14) </details> ### 📄 Description ### Update [Flask](https://pypi.org/project/Flask) from **1.1.2** to **2.2.2**. <details> <summary>Changelog</summary> ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to &gt;= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``&quot;production&quot;``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to &gt;= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug&#x27;s ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python &lt; 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to &gt;= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client&#x27;s ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``setuptools`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client&#x27;s ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.request.environ`` instead. :pr:`4341` - Fix type annotation for ``errorhandler`` decorator. :issue:`4295` - Revert a change to the CLI that caused it to hide ``ImportError`` tracebacks when importing the application. :issue:`4307` - ``app.json_encoder`` and ``json_decoder`` are only passed to ``dumps`` and ``loads`` if they have custom behavior. This improves performance, mainly on PyPy. :issue:`4349` - Clearer error message when ``after_this_request`` is used outside a request context. :issue:`4333` ``` ### 2.0.2 ``` ------------- Released 2021-10-04 - Fix type annotation for ``teardown_*`` methods. :issue:`4093` - Fix type annotation for ``before_request`` and ``before_app_request`` decorators. :issue:`4104` - Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:`4098` - Support View and MethodView instances with async handlers. :issue:`4112` - Enhance typing of ``app.errorhandler`` decorator. :issue:`4095` - Fix registering a blueprint twice with differing names. :issue:`4124` - Fix the type of ``static_folder`` to accept ``pathlib.Path``. :issue:`4150` - ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``. :issue:`4157` - Correctly handle raising deferred errors in CLI lazy loading. :issue:`4096` - The CLI loader handles ``**kwargs`` in a ``create_app`` function. :issue:`4170` - Fix the order of ``before_request`` and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:`4229` ``` ### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren&#x27;t available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Revert a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug &gt;= 2, Jinja2 &gt;= 3, MarkupSafe &gt;= 2, ItsDangerous &gt;= 2, Click &gt;= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it&#x27;s needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add ``SessionInterface.get_cookie_name`` to allow setting the session cookie name dynamically. :pr:`3369` - Add ``Config.from_file`` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. ``Config.from_json`` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - ``send_file`` raises a ``ValueError`` when passed an ``io`` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja&#x27;s implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post(&quot;/login&quot;)`` is a shortcut for ``app.route(&quot;/login&quot;, methods=[&quot;POST&quot;])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to &quot;UTF-8&quot; when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python &lt; 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask - Changelog: https://pyup.io/changelogs/flask/ - Homepage: https://palletsprojects.com/p/flask </details> ### Update [Flask-Admin](https://pypi.org/project/Flask-Admin) from **1.5.7** to **1.6.0**. <details> <summary>Changelog</summary> ### 1.6.0 ``` ----- * Dropped Python 2 support * WTForms 3.0 support * Various fixes ``` ### 1.5.8 ``` ----- * SQLAlchemy 1.4.5+ compatibility fixes * Redis CLI fixes ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-admin - Changelog: https://pyup.io/changelogs/flask-admin/ - Repo: https://github.com/flask-admin/flask-admin/ - Docs: https://pythonhosted.org/Flask-Admin/ </details> ### Update [Flask-SQLAlchemy](https://pypi.org/project/Flask-SQLAlchemy) from **2.4.4** to **3.0.2**. <details> <summary>Changelog</summary> ### 3.0.2 ``` ------------- Released 2022-10-14 - Update compatibility with SQLAlchemy 2. :issue:`1122` ``` ### 3.0.1 ``` ------------- Released 2022-10-11 - Export typing information instead of using external typeshed definitions. :issue:`1112` - If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an invalid default bind will not be configured. :issue:`1117` ``` ### 3.0.0 ``` ------------- Released 2022-10-04 - Drop support for Python 2, 3.4, 3.5, and 3.6. - Bump minimum version of Flask to 2.2. - Bump minimum version of SQLAlchemy to 1.4.18. - Remove previously deprecated code. - The session is scoped to the current app context instead of the thread. This requires that an app context is active. This ensures that the session is cleaned up after every request. - An active Flask application context is always required to access ``session`` and ``engine``, regardless of if an application was passed to the constructor. :issue:`508, 944` - Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing tables in different databases to have the same name. Bind keys are stored and looked up on the resulting metadata rather than the model or table. - ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731` - Configuring SQLite with a relative path is relative to ``app.instance_path`` instead of ``app.root_path``. The instance folder is created if necessary. :issue:`462` - Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to the extension object. These use SQLAlchemy&#x27;s preferred ``session.execute(select())`` pattern instead of the legacy query interface. :issue:`1088` - Setup methods that create the engines and session are renamed with a leading underscore. They are considered internal interfaces which may change at any time. - All parameters to ``SQLAlchemy`` except ``app`` are keyword-only. - Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter from various ``SQLAlchemy`` methods. - The extension object uses ``__getattr__`` to alias names from the SQLAlchemy package, rather than copying them as attributes. - The extension object is stored directly as ``app.extensions[&quot;sqlalchemy&quot;]``. :issue:`698` - The session class can be customized by passing the ``class_`` key in the ``session_options`` parameter. :issue:`327` - ``SignallingSession`` is renamed to ``Session``. - ``Session.get_bind`` more closely matches the base implementation. - Model classes and the ``db`` instance are available without imports in ``flask shell``. :issue:`1089` - The ``CamelCase`` to ``snake_case`` table name converter handles more patterns correctly. If model that was already created in the database changed, either use Alembic to rename the table, or set ``__tablename__`` to keep the old name. :issue:`406` - ``Model`` ``repr`` distinguishes between transient and pending instances. :issue:`967` - A custom model class can implement ``__init_subclass__`` with class parameters. :issue:`1002` - ``db.Table`` is a subclass instead of a function. - The ``engine_options`` parameter is applied as defaults before per-engine configuration. - ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence. :issue:`783` - Engines are created when calling ``init_app`` rather than the first time they are accessed. :issue:`698` - ``db.engines`` exposes the map of bind keys to engines for the current app. - ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated. - SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are supported. :issue:`998, 1045` - SQLite engines do not use ``NullPool`` if ``pool_size`` is 0. - MySQL engines use the &quot;utf8mb4&quot; charset by default. :issue:`875` - MySQL engines do not set ``pool_size`` to 10. - MySQL engines don&#x27;t set a default for ``pool_recycle`` if not using a queue pool. :issue:`803` - ``Query`` is renamed from ``BaseQuery``. - Added ``Query.one_or_404``. - The query class is applied to ``backref`` in ``relationship``. :issue:`417` - Creating ``Pagination`` objects manually is no longer a public API. They should be created with ``db.paginate`` or ``query.paginate``. :issue:`1088` - ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only. - ``Pagination`` is iterable, iterating over its items. :issue:`70` - Pagination count query is more efficient. - ``Pagination.iter_pages`` is more efficient. :issue:`622` - ``Pagination.iter_pages`` ``right_current`` parameter is inclusive. - Pagination ``per_page`` cannot be 0. :issue:`1091` - Pagination ``max_per_page`` defaults to 100. :issue:`1091` - Added ``Pagination.first`` and ``last`` properties, which give the number of the first and last item on the page. :issue:`567` - ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled automatically with ``app.debug`` or ``app.testing``. :issue:`1092` - ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the config and functionality. - Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is renamed to ``location``. Finding the location uses a more inclusive check. - ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727` - ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues that are difficult to debug. Call ``db.session.commit()`` directly instead. :issue:`216` ``` ### 2.5.1 ``` ------------- Released 2021-03-18 - Fix compatibility with Python 2.7. ``` ### 2.5.0 ``` ------------- Released 2021-03-18 - Update to support SQLAlchemy 1.4. - SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to return a new URL instead of ``None``. :issue:`885` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-sqlalchemy - Changelog: https://pyup.io/changelogs/flask-sqlalchemy/ - Docs: https://pythonhosted.org/flask-sqlalchemy/ </details> ### Update [SQLAlchemy](https://pypi.org/project/SQLAlchemy) from **1.3.20** to **1.4.42**. <details> <summary>Changelog</summary> ### 1.4.27 ``` :include_notes_from: unreleased_14 .. changelog:: ``` ### 1.4.26 ``` :released: October 19, 2021 .. change:: :tags: orm :tickets: 6284 Passing a :class:`.Query` object to :meth:`_orm.Session.execute` is not the intended use of this object, and will now raise a deprecation warning. .. change:: :tags: bug, postgresql :tickets: 5387 Added a &quot;disconnect&quot; condition for the &quot;SSL SYSCALL error: Bad address&quot; error message as reported by psycopg2. Pull request courtesy Zeke Brechtel. .. change:: :tags: bug, orm Improved the exception message generated when configuring a mapping with joined table inheritance where the two tables either have no foreign key relationships set up, or where they have multiple foreign key relationships set up. The message is now ORM specific and includes context that the :paramref:`_orm.Mapper.inherit_condition` parameter may be needed particularly for the ambiguous foreign keys case. .. change:: :tags: bug, sql :tickets: 6520 Fixed issue where SQL queries using the :meth:`_functions.FunctionElement.within_group` construct could not be pickled, typically when using the ``sqlalchemy.ext.serializer`` extension but also for general generic pickling. .. change:: :tags: bug, orm :tickets: 7189 Fixed issue with :func:`_orm.with_loader_criteria` feature where ON criteria would not be added to a JOIN for a query of the form ``select(A).join(B)``, stating a target while making use of an implicit ON clause. .. change:: :tags: bug, orm :tickets: 7205 Fixed bug where the ORM &quot;plugin&quot;, necessary for features such as :func:`_orm.with_loader_criteria` to work correctly, would not be applied to a :func:`_sql.select` which queried from an ORM column expression if it made use of the :meth:`_sql.ColumnElement.label` modifier. .. change:: :tags: bug, mypy :tickets: 6435 Fixed issue in mypy plugin to improve upon some issues detecting ``Enum()`` SQL types containing custom Python enumeration classes. Pull request courtesy Hiroshi Ogawa. .. change:: :tags: bug, mysql :tickets: 7144 Fixed issue in MySQL :func:`_mysql.match` construct where passing a clause expression such as :func:`_sql.bindparam` or other SQL expression for the &quot;against&quot; parameter would fail. Pull request courtesy Anton Kovalevich. .. change:: :tags: bug, mssql :tickets: 7160 Fixed issue with :meth:`.Inspector.get_foreign_keys` where foreign keys were omitted if they were established against a unique index instead of a unique constraint. .. change:: :tags: usecase, mssql Added reflection support for SQL Server foreign key options, including &quot;ON UPDATE&quot; and &quot;ON DELETE&quot; values of &quot;CASCADE&quot; and &quot;SET NULL&quot;. .. change:: :tags: bug, sql :tickets: 4123 Repaired issue in new :paramref:`_sql.HasCTE.cte.nesting` parameter introduced with :ticket:`4123` where a recursive :class:`_sql.CTE` using :paramref:`_sql.HasCTE.cte.recursive` in typical conjunction with UNION would not compile correctly. Additionally makes some adjustments so that the :class:`_sql.CTE` construct creates a correct cache key. Pull request courtesy Eric Masseran. .. change:: :tags: bug, engine :tickets: 7130 Fixed issue where the deprecation warning for the :class:`.URL` constructor which indicates that the :meth:`.URL.create` method should be used would not emit if a full positional argument list of seven arguments were passed; additionally, validation of URL arguments will now occur if the constructor is called in this way, which was being skipped previously. .. change:: :tags: bug, orm :tickets: 7103 Add missing methods added in :ticket:`6991` to :class:`_scoping.scoped_session` and :func:`_asyncio.async_scoped_session`. .. change:: :tags: bug, examples :tickets: 7169 Repaired the examples in examples/versioned_rows to use SQLAlchemy 1.4 APIs correctly; these examples had been missed when API changes like removing &quot;passive&quot; from :meth:`_orm.Session.is_modified` were made as well as the :meth:`_ormevents.SessionEvents.do_orm_execute()` event hook were added. .. change:: :tags: bug, orm :tickets: 6974, 6972 An extra layer of warning messages has been added to the functionality of :meth:`_orm.Query.join` and the ORM version of :meth:`_sql.Select.join`, where a few places where &quot;automatic aliasing&quot; continues to occur will now be called out as a pattern to avoid, mostly specific to the area of joined table inheritance where classes that share common base tables are being joined together without using explicit aliases. One case emits a legacy warning for a pattern that&#x27;s not recommended, the other case is fully deprecated. The automatic aliasing within ORM join() which occurs for overlapping mapped tables does not work consistently with all APIs such as :func:`_orm.contains_eager()`, and rather than continue to try to make these use cases work everywhere, replacing with a more user-explicit pattern is clearer, less prone to bugs and simplifies SQLAlchemy&#x27;s internals further. The warnings include links to the errors.rst page where each pattern is demonstrated along with the recommended pattern to fix. .. seealso:: :ref:`error_xaj1` :ref:`error_xaj2` .. change:: :tags: bug, sql :tickets: 7061 Account for the :paramref:`_sql.table.schema` parameter passed to the :func:`_sql.table` construct, such that it is taken into account when accessing the :attr:`_sql.TableClause.fullname` attribute. .. change:: :tags: bug, sql :tickets: 7140 Fixed an inconsistency in the :meth:`_sql.ColumnOperators.any_` / :meth:`_sql.ColumnOperators.all_` functions / methods where the special behavior these functions have of &quot;flipping&quot; the expression such that the &quot;ANY&quot; / &quot;ALL&quot; expression is always on the right side would not function if the comparison were against the None value, that is, &quot;column.any_() == None&quot; should produce the same SQL expression as &quot;null() == column.any_()&quot;. Added more docs to clarify this as well, plus mentions that any_() / all_() generally supersede the ARRAY version &quot;any()&quot; / &quot;all()&quot;. .. change:: :tags: engine, bug, postgresql :tickets: 3247 The :meth:`_reflection.Inspector.reflect_table` method now supports reflecting tables that do not have user defined columns. This allows :meth:`_schema.MetaData.reflect` to properly complete reflection on databases that contain such tables. Currently, only PostgreSQL is known to support such a construct among the common database backends. .. change:: :tags: sql, bug, regression :tickets: 7177 Fixed issue where &quot;expanding IN&quot; would fail to function correctly with datatypes that use the :meth:`_types.TypeEngine.bind_expression` method, where the method would need to be applied to each element of the IN expression rather than the overall IN expression itself. .. change:: :tags: postgresql, bug, regression :tickets: 7177 Fixed issue where IN expressions against a series of array elements, as can be done with PostgreSQL, would fail to function correctly due to multiple issues within the &quot;expanding IN&quot; feature of SQLAlchemy Core that was standardized in version 1.4. The psycopg2 dialect now makes use of the :meth:`_types.TypeEngine.bind_expression` method with :class:`_types.ARRAY` to portably apply the correct casts to elements. The asyncpg dialect was not affected by this issue as it applies bind-level casts at the driver level rather than at the compiler level. .. change:: :tags: bug, mysql :tickets: 7204 Fixed installation issue where the ``sqlalchemy.dialects.mysql`` module would not be importable if &quot;greenlet&quot; were not installed. .. change:: :tags: bug, mssql :tickets: 7168 Fixed issue with :meth:`.Inspector.has_table` where it would return False if a local temp table with the same name from a different session happened to be returned first when querying tempdb. This is a continuation of :ticket:`6910` which accounted for the temp table existing only in the alternate session and not the current one. .. change:: :tags: bug, orm :tickets: 7128 Fixed bug where iterating a :class:`.Result` from a :class:`_orm.Session` after that :class:`_orm.Session` were closed would partially attach objects to that session in an essentially invalid state. It now raises an exception with a link to new documentation if an **un-buffered** result is iterated from a :class:`_orm.Session` that was closed or otherwise had the :meth:`_orm.Session.expunge_all` method called after that :class:`.Result` was generated. The ``prebuffer_rows`` execution option, as is used automatically by the asyncio extension for client-side result sets, may be used to produce a :class:`.Result` where the ORM objects are prebuffered, and in this case iterating the result will produce a series of detached objects. .. seealso:: :ref:`error_lkrp` .. change:: :tags: bug, mssql, regression :tickets: 7129 Fixed bug in SQL Server :class:`_mssql.DATETIMEOFFSET` datatype where the ODBC implementation would not generate the correct DDL, for cases where the type were converted using the ``dialect.type_descriptor()`` method, the usage of which is illustrated in some documented examples for :class:`.TypeDecorator`, though not necessary for most datatypes. Regression was introduced by :ticket:`6366`. As part of this change, the full list of SQL Server date types have been amended to return a &quot;dialect impl&quot; that generates the same DDL name as the supertype. .. change:: :tags: bug, sql :tickets: 7153 Adjusted the &quot;column disambiguation&quot; logic that&#x27;s new in 1.4, where the same expression repeated gets an &quot;extra anonymous&quot; label, so that the logic more aggressively deduplicates those labels when the repeated element is the same Python expression object each time, as occurs in cases like when using &quot;singleton&quot; values like :func:`_sql.null`. This is based on the observation that at least some databases (e.g. MySQL, but not SQLite) will raise an error if the same label is repeated inside of a subquery. .. change:: :tags: bug, orm :tickets: 7154 Related to :ticket:`7153`, fixed an issue where result column lookups would fail for &quot;adapted&quot; SELECT statements that selected for &quot;constant&quot; value expressions most typically the NULL expression, as would occur in such places as joined eager loading in conjunction with limit/offset. This was overall a regression due to issue :ticket:`6259` which removed all &quot;adaption&quot; for constants like NULL, &quot;true&quot;, and &quot;false&quot; when rewriting expressions in a SQL statement, but this broke the case where the same adaption logic were used to resolve the constant to a labeled expression for the purposes of result set targeting. .. change:: :tags: bug, orm, regression :tickets: 7134 Fixed regression where ORM loaded objects could not be pickled in cases where loader options making use of ``&quot;*&quot;`` were used in certain combinations, such as combining the :func:`_orm.joinedload` loader strategy with ``raiseload(&#x27;*&#x27;)`` of sub-elements. .. change:: :tags: bug, engine :tickets: 7077 Implemented proper ``__reduce__()`` methods for all SQLAlchemy exception objects to ensure they all support clean round trips when pickling, as exception objects are often serialized for the purposes of various debugging tools. .. change:: :tags: bug, orm, regression :tickets: 7209 Fixed regression where the use of a :class:`_hybrid.hybrid_property` attribute or a mapped :func:`_orm.composite` attribute as a key passed to the :meth:`_dml.Update.values` method for an ORM-enabled :class:`_dml.Update` statement, as well as when using it via the legacy :meth:`_orm.Query.update` method, would be processed for incoming ORM/hybrid/composite values within the compilation stage of the UPDATE statement, which meant that in those cases where caching occurred, subsequent invocations of the same statement would no longer receive the correct values. This would include not only hybrids that use the :meth:`_hybrid.hybrid_property.update_expression` method, but any use of a plain hybrid attribute as well. For composites, the issue instead caused a non-repeatable cache key to be generated, which would break caching and could fill up the statement cache with repeated statements. The :class:`_dml.Update` construct now handles the processing of key/value pairs passed to :meth:`_dml.Update.values` and :meth:`_dml.Update.ordered_values` up front when the construct is first generated, before the cache key has been generated so that the key/value pairs are processed each time, and so that the cache key is generated against the individual column/value pairs that will ultimately be used in the statement. .. changelog:: ``` ### 1.4.25 ``` :released: September 22, 2021 .. change:: :tags: bug, platform, regression :tickets: 7024 Fixed regression due to :ticket:`7024` where the reorganization of the &quot;platform machine&quot; names used by the ``greenlet`` dependency mis-spelled &quot;aarch64&quot; and additionally omitted uppercase &quot;AMD64&quot; as is needed for Windows machines. Pull request courtesy James Dow. .. changelog:: ``` ### 1.4.24 ``` :released: September 22, 2021 .. change:: :tags: bug, asyncio :tickets: 6943 Fixed a bug in :meth:`_asyncio.AsyncSession.execute` and :meth:`_asyncio.AsyncSession.stream` that required ``execution_options`` to be an instance of ``immutabledict`` when defined. It now correctly accepts any mapping. .. change:: :tags: engine, asyncio, usecase :tickets: 6832 Improve the interface used by adapted drivers, like the asyncio ones, to access the actual connection object returned by the driver. The :class:`._ConnectionFairy` object has two new attributes: * :attr:`._ConnectionFairy.dbapi_connection` always represents a DBAPI compatible object. For pep-249 drivers, this is the DBAPI connection as it always has been, previously accessed under the ``.connection`` attribute. For asyncio drivers that SQLAlchemy adapts into a pep-249 interface, the returned object will normally be a SQLAlchemy adaption object called :class:`_engine.AdaptedConnection`. * :attr:`._ConnectionFairy.driver_connection` always represents the actual connection object maintained by the third party pep-249 DBAPI or async driver in use. For standard pep-249 DBAPIs, this will always be the same object as that of the ``dbapi_connection``. For an asyncio driver, it will be the underlying asyncio-only connection object. The ``.connection`` attribute remains available and is now a legacy alias of ``.dbapi_connection``. .. seealso:: :ref:`faq_dbapi_connection` .. change:: :tags: bug, sql :tickets: 7052 Implemented missing methods in :class:`_functions.FunctionElement` which, while unused, would lead pylint to report them as unimplemented abstract methods. .. change:: :tags: bug, mssql, reflection :tickets: 6910 Fixed an issue where :meth:`_reflection.has_table` returned ``True`` for local temporary tables that actually belonged to a different SQL Server session (connection). An extra check is now performed to ensure that the temp table detected is in fact owned by the current session. .. change:: :tags: bug, engine, regression :tickets: 6913 Fixed issue where the ability of the :meth:`_events.ConnectionEvents.before_execute` method to alter the SQL statement object passed, returning the new object to be invoked, was inadvertently removed. This behavior has been restored. .. change:: :tags: bug, engine :tickets: 6958 Ensure that ``str()`` is called on the an :paramref:`_url.URL.create.password` argument, allowing usage of objects that implement the ``__str__()`` method as password attributes. Also clarified that one such object is not appropriate to dynamically change the password for each database connection; the approaches at :ref:`engines_dynamic_tokens` should be used instead. .. change:: :tags: bug, orm, regression :tickets: 6979 Fixed ORM issue where column expressions passed to ``query()`` or ORM-enabled ``select()`` would be deduplicated on the identity of the object, such as a phrase like ``select(A.id, null(), null())`` would produce only one &quot;NULL&quot; expression, which previously was not the case in 1.3. However, the change also allows for ORM expressions to render as given as well, such as ``select(A.data, A.data)`` will produce a result row with two columns. .. change:: :tags: bug, engine :tickets: 6983 Fixed issue in :class:`_engine.URL` where validation of &quot;drivername&quot; would not appropriately respond to the ``None`` value where a string were expected. .. change:: :tags: bug, mypy :tickets: 6950 Fixed issue where mypy plugin would crash when interpreting a ``query_expression()`` construct. .. change:: :tags: usecase, sql :tickets: 4123 Added new parameter :paramref:`_sql.HasCTE.cte.nesting` to the :class:`_sql.CTE` constructor and :meth:`_sql.HasCTE.cte` method, which flags the CTE as one which should remain nested within an enclosing CTE, rather than being moved to the top level of the outermost SELECT. While in the vast majority of cases there is no difference in SQL functionality, users have identified various edge-cases where true nesting of CTE constructs is desirable. Much thanks to Eric Masseran for lots of work on this intricate feature. .. change:: :tags: usecase, engine, orm :tickets: 6990 Added new methods :meth:`_orm.Session.scalars`, :meth:`_engine.Connection.scalars`, :meth:`_asyncio.AsyncSession.scalars` and :meth:`_asyncio.AsyncSession.stream_scalars`, which provide a short cut to the use case of receiving a row-oriented :class:`_result.Result` object and converting it to a :class:`_result.ScalarResult` object via the :meth:`_engine.Result.scalars` method, to return a list of values rather than a list of rows. The new methods are analogous to the long existing :meth:`_orm.Session.scalar` and :meth:`_engine.Connection.scalar` methods used to return a single value from the first row only. Pull request courtesy Miguel Grinberg. .. change:: :tags: usecase, orm :tickets: 6955 Added loader options to :meth:`_orm.Session.merge` and :meth:`_asyncio.AsyncSession.merge` via a new :paramref:`_orm.Session.merge.options` parameter, which will apply the given loader options to the ``get()`` used internally by merge, allowing eager loading of relationships etc. to be applied when the merge process loads a new object. Pull request courtesy Daniel Stone. .. change:: :tags: feature, asyncio, mysql :tickets: 6993 Added initial support for the ``asyncmy`` asyncio database driver for MySQL and MariaDB. This driver is very new, however appears to be the only current alternative to the ``aiomysql`` driver which currently appears to be unmaintained and is not working with current Python versions. Much thanks to long2ice for the pull request for this dialect. .. seealso:: :ref:`asyncmy` .. change:: :tags: bug, asyncio Added missing ``**kw`` arguments to the :meth:`_asyncio.AsyncSession.connection` method. .. change:: :tags: bug, sql :tickets: 7055 Fixed a two issues where combinations of ``select()`` and ``join()`` when adapted to form a copy of the element would not completely copy the state of all column objects associated with subqueries. A key problem this caused is that usage of the :meth:`_sql.ClauseElement.params` method (which should probably be moved into a legacy category as it is inefficient and error prone) would leave copies of the old :class:`_sql.BindParameter` objects around, leading to issues in correctly setting the parameters at execution time. .. change:: :tags: bug, orm, regression :tickets: 6924 Fixed issue in recently repaired ``Query.with_entities()`` method where the flag that determines automatic uniquing for legacy ORM ``Query`` objects only would be set to ``True`` inappropriately in cases where the ``with_entities()`` call would be setting the ``Query`` to return column-only rows, which are not uniqued. .. change:: :tags: bug, postgresql :tickets: 6912 Qualify ``version()`` call to avoid shadowing issues if a different search path is configured by the user. .. change:: :tags: bug, engine, postgresql :tickets: 6963 Fixed issue where an engine that had :paramref:`_sa.create_engine.implicit_returning` set to False would fail to function when PostgreSQL&#x27;s &quot;fast insertmany&quot; feature were used in conjunction with a ``Sequence``, as well as if any kind of &quot;executemany&quot; with &quot;return_defaults()&quot; were used in conjunction with a ``Sequence``. Note that PostgreSQL &quot;fast insertmany&quot; uses &quot;RETURNING&quot; by definition, when the SQL statement is passed to the driver; overall, the :paramref:`_sa.create_engine.implicit_returning` flag is legacy and has no real use in modern SQLAlchemy, and will be deprecated in a separate change. .. change:: :tags: bug, mypy :tickets: 6937 Fixed issue in mypy plugin where columns on a mixin would not be correctly interpreted if the mapped class relied upon a ``__tablename__`` routine that came from a superclass. .. change:: :tags: bug, postgresql :tickets: 6106 The :class:`_postgresql.ENUM` datatype is PostgreSQL-native and therefore should not be used with the ``native_enum=False`` flag. This flag is now ignored if passed to the :class:`_postgresql.ENUM` datatype and a warning is emitted; previously the flag would cause the type object to fail to function correctly. .. change:: :tags: bug, sql :tickets: 7036 Fixed issue related to new :meth:`_sql.HasCTE.add_cte` feature where pairing two &quot;INSERT..FROM SELECT&quot; statements simultaneously would lose track of the two independent SELECT statements, leading to the wrong SQL. .. change:: :tags: asyncio, bug :tickets: 6746 Deprecate usage of :class:`_orm.scoped_session` with asyncio drivers. When using Asyncio the :class:`_asyncio.async_scoped_session` should be used instead. .. change:: :tags: bug, platform :tickets: 7024 Further adjusted the &quot;greenlet&quot; package specifier in setup.cfg to use a long chain of &quot;or&quot; expressions, so that the comparison of ``platform_machine`` to a specific identifier matches only the complete string. .. change:: :tags: bug, sqlite Fixed bug where the error message for SQLite invalid isolation level on the pysqlite driver would fail to indicate that &quot;AUTOCOMMIT&quot; is one of the valid isolation levels. .. change:: :tags: bug, sql :tickets: 7060 Fixed issue where using ORM column expressions as keys in the list of dictionaries passed to :meth:`_sql.Insert.values` for &quot;multi-valued insert&quot; would not be processed correctly into the correct column expressions. .. change:: :tags: asyncio, usecase :tickets: 6746 The :class:`_asyncio.AsyncSession` now supports overriding which :class:`_orm.Session` it uses as the proxied instance. A custom ``Session`` class can be passed using the :paramref:`.AsyncSession.sync_session_class` parameter or by subclassing the ``AsyncSession`` and specifying a custom :attr:`.AsyncSession.sync_session_class`. .. change:: :tags: bug, oracle, performance :tickets: 4486 Added a CAST(VARCHAR2(128)) to the &quot;table name&quot;, &quot;owner&quot;, and other DDL-name parameters as used in reflection queries against Oracle system views such as ALL_TABLES, ALL_TAB_CONSTRAINTS, etc to better enable indexing to take place against these columns, as they previously would be implicitly handled as NVARCHAR2 due to Python&#x27;s use of Unicode for strings; these columns are documented in all Oracle versions as being VARCHAR2 with lengths varying from 30 to 128 characters depending on server version. Additionally, test support has been enabled for Unicode-named DDL structures against Oracle databases. .. changelog:: ``` ### 1.4.23 ``` :released: August 18, 2021 .. change:: :tags: bug, sql :tickets: 6752 Fix issue in :class:`_sql.CTE` where new :meth:`_sql.HasCTE.add_cte` method added in version 1.4.21 / :ticket:`6752` failed to function correctly for &quot;compound select&quot; structures such as :func:`_sql.union`, :func:`_sql.union_all`, :func:`_sql.except`, etc. Pull request courtesy Eric Masseran. .. change:: :tags: orm, usecase :tickets: 6808 Added new attribute :attr:`_sql.Select.columns_clause_froms` that will retrieve the FROM list implied by the columns clause of the :class:`_sql.Select` statement. This differs from the old :attr:`_sql.Select.froms` collection in that it does not perform any ORM compilation steps, which necessarily deannotate the FROM elements and do things like compute joinedloads etc., which makes it not an appropriate candidate for the :meth:`_sql.Select.select_from` method. Additionally adds a new parameter :paramref:`_sql.Select.with_only_columns.maintain_column_froms` that transfers this collection to :meth:`_sql.Select.select_from` before replacing the columns collection. In addition, the :attr:`_sql.Select.froms` is renamed to :meth:`_sql.Select.get_final_froms`, to stress that this collection is not a simple accessor and is instead calculated given the full state of the object, which can be an expensive call when used in an ORM context. Additionally fixes a regression involving the :func:`_orm.with_only_columns` function to support applying criteria to column elements that were replaced with either :meth:`_sql.Select.with_only_columns` or :meth:`_orm.Query.with_entities` , which had broken as part of :ticket:`6503` released in 1.4.19. .. change:: :tags: bug, orm, sql :tickets: 6824 Fixed issue where a bound parameter object that was &quot;cloned&quot; would cause a name conflict in the compiler, if more than one clone of this parameter were used at the same time in a single statement. This could occur in particular with things like ORM single table inheritance queries that indicated the same &quot;discriminator&quot; value multiple times in one query. .. change:: :tags: bug, mssql, sql :tickets: 6863 Fixed issue where the ``literal_binds`` compiler flag, as used externally to render bound parameters inline, would fail to work when used with a certain class of parameters known as &quot;literal_execute&quot;, which covers things like LIMIT and OFFSET values for dialects where the drivers don&#x27;t allow a bound parameter, such as SQL Server&#x27;s &quot;TOP&quot; clause. The issue locally seemed to affect only the MSSQL dialect. .. change:: :tags: bug, orm :tickets: 6869 Fixed issue in loader strategies where the use of the :meth:`_orm.Load.options` method, particularly when nesting multiple calls, would generate an overly long and more importantly non-deterministic cache key, leading to very large cache keys which were also not allowing efficient cache usage, both in terms of total memory used as well as number of entries used in the cache itself. .. change:: :tags: bug, sql :tickets: 6858 Fixed an issue in the ``CacheKey.to_offline_string()`` method used by the dogpile.caching example where attempting to create a proper cache key from the special &quot;lambda&quot; query generated by the lazy loader would fail to include the parameter values, leading to an incorrect cache key. .. change:: :tags: bug, orm :tickets: 6887 Revised the means by which the :attr:`_orm.ORMExecuteState.user_defined_options` accessor receives :class:`_orm.UserDefinedOption` and related option objects from the context, with particular emphasis on the &quot;selectinload&quot; on the loader strategy where this previously was not working; other strategies did not have this problem. The objects that are associated with the current query being executed, and not that of a query being cached, are now propagated unconditionally. This essentially separates them out from the &quot;loader strategy&quot; options which are explicitly associated with the compiled state of a query and need to be used in relation to the cached query. The effect of this fix is that a user-defined option, such as those used by the dogpile.caching example as well as for other recipes such as defining a &quot;shard id&quot; for the horizontal sharing extension, will be correctly propagated to eager and lazy loaders regardless of whether a cached query was ultimately invoked. .. change:: :tags: bug, sql :tickets: 6886 Adjusted the &quot;from linter&quot; warning feature to accommodate for a chain of joins more than one level deep where the ON clauses don&#x27;t explicitly match up the targets, such as an expression such as &quot;ON TRUE&quot;. This mode of use is intended to cancel the cartesian product warning simply by the fact that there&#x27;s a JOIN from &quot;a to b&quot;, which was not working for the case where the chain of joins had more than one element. .. change:: :tags: bug, postgresql :tickets: 6886 Added the &quot;is_comparison&quot; flag to the PostgreSQL &quot;overlaps&quot;, &quot;contained_by&quot;, &quot;contains&quot; operators, so that they work in relevant ORM contexts as well as in conjunction with the &quot;from linter&quot; feature. .. change:: :tags: bug, orm :tickets: 6812 Fixed issue where the unit of work would internally use a 2.0-deprecated SQL expression form, emitting a deprecation warning when SQLALCHEMY_WARN_20 were enabled. .. change:: :tags: bug, orm :tickets: 6881 Fixed issue in :func:`_orm.selectinload` where use of the new :meth:`_orm.PropComparator.and_` feature within options that were nested more than one level deep would fail to update bound parameter values that were in the nested criteria, as a side effect of SQL statement caching. .. change:: :tags: bug, general :tickets: 6136 The setup requirements have been modified such ``greenlet`` is a default requirement only for those platforms that are well known for ``greenlet`` to be installable and for which there is already a pre-built binary on pypi; the current list is ``x86_64 aarch64 ppc64le amd64 win32``. For other platforms, greenlet will not install by default, which should enable installation and test suite running of SQLAlchemy 1.4 on platforms that don&#x27;t support ``greenlet``, excluding any asyncio features. In order to install with the ``greenlet`` dependency included on a machine architecture outside of the above list, the ``[asyncio]`` extra may be included by running ``pip install sqlalchemy[asyncio]`` which will then attempt to install ``greenlet``. Additionally, the test suite has been repaired so that tests can complete fully when greenlet is not installed, with appropriate skips for asyncio-related tests. .. change:: :tags: enum, schema :tickets: 6146 Unify behaviour :class:`_schema.Enum` in native and non-native implementations regarding the accepted values for an enum with aliased elements. When :paramref:`_schema.Enum.omit_aliases` is ``False`` all values, alias included, are accepted as valid values. When :paramref:`_schema.Enum.omit_aliases` is ``True`` only non aliased values are accepted as valid values. .. change:: :tags: bug, ext :tickets: 6816 Fixed issue where the horizontal sharding extension would not correctly accommodate for a plain textual SQL statement passed to :meth:`_orm.Session.execute`. .. change:: :tags: bug, orm :tickets: 6889, 6079 Adjusted ORM loader internals to no longer use the &quot;lambda caching&quot; system that was added in 1.4, as well as repaired one location that was still using the previous &quot;baked query&quot; system for a query. The lambda caching system remains an effective way to reduce the overhead of building up queries that have relatively fixed usage patterns. In the case of loader strategies, the queries used are responsible for moving through lots of arbitrary options and criteria, which is both generated and sometimes consumed by end-user code, that make the lambda cache concept not any more efficient than not using it, at the cost of more complexity. In particular the problems noted by :ticket:`6881` and :ticket:`6887` are made are made considerably less complicated by removing this feature internally. .. change:: :tags: bug, orm :tickets: 6889 Fixed an issue where the :class:`_orm.Bundle` construct would not create proper cache keys, leading to inefficient use of the query cache. This had some impact on the &quot;selectinload&quot; strategy and was identified as part of :ticket:`6889`. .. change:: :tags: usecase, mypy :tickets: 6804, 6759 Added support for SQLAlchemy classes to be defined in user code using &quot;generic class&quot; syntax as defined by ``sqlalchemy2-stubs``, e.g. ``Column[String]``, without the need for qualifying these constructs within a ``TYPE_CHECKING`` block by implementing the Python special method ``__class_getitem__()``, which allows this syntax to pass without error at runtime. .. change:: :tags: bug, sql Fixed issue in lambda caching system where an element of a query that produces no cache key, like a custom option or clause element, would still populate the expression in the &quot;lambda cache&quot; inappropriately. .. changelog:: ``` ### 1.4.22 ``` :released: July 21, 2021 .. change:: :tags: bug, sql :tickets: 6786 Fixed issue where use of the :paramref:`_sql.case.whens` parameter passing a --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 01:33:57 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 01:33:59 +03:00

[PR #303] [CLOSED] Scheduled weekly dependency update for week 52 #311

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pyup-scheduled-update-2026-04-20

pyup-scheduled-update-2024-09-16

pyup-scheduled-update-2023-07-24

pyup-scheduled-update-2023-06-19

pyup-scheduled-update-2023-05-22

pyup-scheduled-update-2023-05-15

pyup-scheduled-update-2023-05-08

dependabot/pip/flask-2.3.2

pyup-scheduled-update-2023-05-01

pyup-scheduled-update-2023-04-03

dependabot/pip/werkzeug-2.2.3

pyup-scheduled-update-2022-11-14

pyup-scheduled-update-2022-10-03

pyup-scheduled-update-2022-08-01

pyup-scheduled-update-2022-06-13

pyup-scheduled-update-2022-05-30

pyup-scheduled-update-2022-03-07

pyup-scheduled-update-2022-01-10

pyup-scheduled-update-2021-11-01

pyup-scheduled-update-2020-10-05

pyup-scheduled-update-2019-09-30

pyup-scheduled-update-2019-07-29

pyup-scheduled-update-2019-07-22

pyup-scheduled-update-2019-05-27

pyup-scheduled-update-2019-03-11

marshmallow

pyup-scheduled-update-2019-02-25

pyup-scheduled-update-2019-02-18

pyup-scheduled-update-2019-01-28

pyup-scheduled-update-2019-01-14

docker

name-map-stupid

swagger

fix-pagination

doc-expansion

specify-schema

No results found.

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactoring

  

research

  

wontfix

No labels

bug

duplicate

enhancement

help wanted

invalid

pull-request

question

refactoring

research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sandman2-jeffknupp#303

No description provided.