[PR #305] [CLOSED] Scheduled weekly dependency update for week 02 #314

New issue

Closed

opened 2026-02-26 01:34:00 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 01:34:00 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/jeffknupp/sandman2/pull/305
Author: @pyup-bot
Created: 1/9/2023
Status: ❌ Closed

Base: master ← Head: pyup-scheduled-update-2023-01-09

---

📝 Commits (10+)

• d152e6c Update flask from 1.1.2 to 2.2.2
• c418c40 Update flask-admin from 1.5.7 to 1.6.0
• 53a4925 Update flask-sqlalchemy from 2.4.4 to 3.0.2
• 752a9a9 Update sqlalchemy from 1.3.20 to 1.4.46
• 3e96ffb Update wtforms from 2.3.3 to 3.0.1
• b0c2dfd Update coverage from 5.3 to 7.0.4
• 63a512f Update pytest from 6.2.0 to 7.2.0
• 3ef4698 Update flask-cors from 3.0.9 to 3.0.10
• 28cfe78 Update pytest-cov from 2.10.1 to 4.0.0
• 8ff7241 Update pytest-flask from 1.1.0 to 1.2.0

📊 Changes

1 file changed (+14 additions, -14 deletions)

View changed files

📝 requirements.txt (+14 -14)

📄 Description

Update Flask from 1.1.2 to 2.2.2.

Changelog

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``setuptools`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://pyup.io/changelogs/flask/
• Homepage: https://palletsprojects.com/p/flask

Update Flask-Admin from 1.5.7 to 1.6.0.

Changelog

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://pyup.io/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.0.2.

Changelog

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have
 changed to return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://pyup.io/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/flask-sqlalchemy/

Update SQLAlchemy from 1.3.20 to 1.4.46.

Changelog

1.4.46

:released: January 3, 2023

 .. change::
     :tags: bug, engine
     :tickets: 8974
     :versions: 2.0.0rc1

     Fixed a long-standing race condition in the connection pool which could
     occur under eventlet/gevent monkeypatching schemes in conjunction with the
     use of eventlet/gevent ``Timeout`` conditions, where a connection pool
     checkout that's interrupted due to the timeout would fail to clean up the
     failed state, causing the underlying connection record and sometimes the
     database connection itself to "leak", leaving the pool in an invalid state
     with unreachable entries. This issue was first identified and fixed in
     SQLAlchemy 1.2 for :ticket:`4225`, however the failure modes detected in
     that fix failed to accommodate for ``BaseException``, rather than
     ``Exception``, which prevented eventlet/gevent ``Timeout`` from being
     caught. In addition, a block within initial pool connect has also been
     identified and hardened with a ``BaseException`` -> "clean failed connect"
     block to accommodate for the same condition in this location.
     Big thanks to Github user niklaus for their tenacious efforts in
     identifying and describing this intricate issue.

 .. change::
     :tags: bug, postgresql
     :tickets: 9023
     :versions: 2.0.0rc1

     Fixed bug where the PostgreSQL
     :paramref:`_postgresql.Insert.on_conflict_do_update.constraint` parameter
     would accept an :class:`.Index` object, however would not expand this index
     out into its individual index expressions, instead rendering its name in an
     ON CONFLICT ON CONSTRAINT clause, which is not accepted by PostgreSQL; the
     "constraint name" form only accepts unique or exclude constraint names. The
     parameter continues to accept the index but now expands it out into its
     component expressions for the render.

 .. change::
     :tags: bug, general
     :tickets: 8995
     :versions: 2.0.0rc1

     Fixed regression where the base compat module was calling upon
     ``platform.architecture()`` in order to detect some system properties,
     which results in an over-broad system call against the system-level
     ``file`` call that is unavailable under some circumstances, including
     within some secure environment configurations.

 .. change::
     :tags: usecase, postgresql
     :tickets: 8393
     :versions: 2.0.0b5

     Added the PostgreSQL type ``MACADDR8``.
     Pull request courtesy of Asim Farooq.

 .. change::
     :tags: bug, sqlite
     :tickets: 8969
     :versions: 2.0.0b5

     Fixed regression caused by new support for reflection of partial indexes on
     SQLite added in 1.4.45 for :ticket:`8804`, where the ``index_list`` pragma
     command in very old versions of SQLite (possibly prior to 3.8.9) does not
     return the current expected number of columns, leading to exceptions raised
     when reflecting tables and indexes.

 .. change::
     :tags: bug, tests
     :versions: 2.0.0rc1

     Fixed issue in tox.ini file where changes in the tox 4.0 series to the
     format of "passenv" caused tox to not function correctly, in particular
     raising an error as of tox 4.0.6.

 .. change::
     :tags: bug, tests
     :tickets: 9002
     :versions: 2.0.0rc1

     Added new exclusion rule for third party dialects called
     ``unusual_column_name_characters``, which can be "closed" for third party
     dialects that don't support column names with unusual characters such as
     dots, slashes, or percent signs in them, even if the name is properly
     quoted.


 .. change::
     :tags: bug, sql
     :tickets: 9009
     :versions: 2.0.0b5

     Added parameter
     :paramref:`.FunctionElement.column_valued.joins_implicitly`, which is
     useful in preventing the "cartesian product" warning when making use of
     table-valued or column-valued functions. This parameter was already
     introduced for :meth:`.FunctionElement.table_valued` in :ticket:`7845`,
     however it failed to be added for :meth:`.FunctionElement.column_valued`
     as well.

 .. change::
     :tags: change, general
     :tickets: 8983

     A new deprecation "uber warning" is now emitted at runtime the
     first time any SQLAlchemy 2.0 deprecation warning would normally be
     emitted, but the ``SQLALCHEMY_WARN_20`` environment variable is not set.
     The warning emits only once at most, before setting a boolean to prevent
     it from emitting a second time.

     This deprecation warning intends to notify users who may not have set an
     appropriate constraint in their requirements files to block against a
     surprise SQLAlchemy 2.0 upgrade and also alert that the SQLAlchemy 2.0
     upgrade process is available, as the first full 2.0 release is expected
     very soon. The deprecation warning can be silenced by setting the
     environment variable ``SQLALCHEMY_SILENCE_UBER_WARNING`` to ``"1"``.

     .. seealso::

         :ref:`migration_20_toplevel`

 .. change::
     :tags: bug, orm
     :tickets: 9033
     :versions: 2.0.0rc1

     Fixed issue in the internal SQL traversal for DML statements like
     :class:`_dml.Update` and :class:`_dml.Delete` which would cause among other
     potential issues, a specific issue using lambda statements with the ORM
     update/delete feature.

 .. change::
     :tags: bug, sql
     :tickets: 8989
     :versions: 2.0.0b5

     Fixed bug where SQL compilation would fail (assertion fail in 2.0, NoneType
     error in 1.4) when using an expression whose type included
     :meth:`_types.TypeEngine.bind_expression`, in the context of an "expanding"
     (i.e. "IN") parameter in conjunction with the ``literal_binds`` compiler
     parameter.

 .. change::
     :tags: bug, sql
     :tickets: 9029
     :versions: 2.0.0rc1

     Fixed issue in lambda SQL feature where the calculated type of a literal
     value would not take into account the type coercion rules of the "compared
     to type", leading to a lack of typing information for SQL expressions, such
     as comparisons to :class:`_types.JSON` elements and similar.

.. changelog::

1.4.45

:released: December 10, 2022

 .. change::
     :tags: bug, orm
     :tickets: 8862
     :versions: 2.0.0rc1

     Fixed bug where :meth:`_orm.Session.merge` would fail to preserve the
     current loaded contents of relationship attributes that were indicated with
     the :paramref:`_orm.relationship.viewonly` parameter, thus defeating
     strategies that use :meth:`_orm.Session.merge` to pull fully loaded objects
     from caches and other similar techniques. In a related change, fixed issue
     where an object that contains a loaded relationship that was nonetheless
     configured as ``lazy='raise'`` on the mapping would fail when passed to
     :meth:`_orm.Session.merge`; checks for "raise" are now suspended within
     the merge process assuming the :paramref:`_orm.Session.merge.load`
     parameter remains at its default of ``True``.

     Overall, this is a behavioral adjustment to a change introduced in the 1.4
     series as of :ticket:`4994`, which took "merge" out of the set of cascades
     applied by default to "viewonly" relationships. As "viewonly" relationships
     aren't persisted under any circumstances, allowing their contents to
     transfer during "merge" does not impact the persistence behavior of the
     target object. This allows :meth:`_orm.Session.merge` to correctly suit one
     of its use cases, that of adding objects to a :class:`.Session` that were
     loaded elsewhere, often for the purposes of restoring from a cache.


 .. change::
     :tags: bug, orm
     :tickets: 8881
     :versions: 2.0.0rc1

     Fixed issues in :func:`_orm.with_expression` where expressions that were
     composed of columns that were referenced from the enclosing SELECT would
     not render correct SQL in some contexts, in the case where the expression
     had a label name that matched the attribute which used
     :func:`_orm.query_expression`, even when :func:`_orm.query_expression` had
     no default expression. For the moment, if the :func:`_orm.query_expression`
     does have a default expression, that label name is still used for that
     default, and an additional label with the same name will continue to be
     ignored. Overall, this case is pretty thorny so further adjustments might
     be warranted.

 .. change::
     :tags: bug, sqlite
     :tickets: 8866

     Backported a fix for SQLite reflection of unique constraints in attached
     schemas, released in 2.0 as a small part of :ticket:`4379`. Previously,
     unique constraints in attached schemas would be ignored by SQLite
     reflection. Pull request courtesy Michael Gorven.

 .. change::
     :tags: bug, asyncio
     :tickets: 8952
     :versions: 2.0.0rc1

     Removed non-functional ``merge()`` method from
     :class:`_asyncio.AsyncResult`.  This method has never worked and was
     included with :class:`_asyncio.AsyncResult` in error.

 .. change::
     :tags: bug, oracle
     :tickets: 8708
     :versions: 2.0.0b4

     Continued fixes for Oracle fix :ticket:`8708` released in 1.4.43 where
     bound parameter names that start with underscores, which are disallowed by
     Oracle, were still not being properly escaped in all circumstances.


 .. change::
     :tags: bug, postgresql
     :tickets: 8748
     :versions: 2.0.0rc1

     Made an adjustment to how the PostgreSQL dialect considers column types
     when it reflects columns from a table, to accommodate for alternative
     backends which may return NULL from the PG ``format_type()`` function.

 .. change::
     :tags: usecase, sqlite
     :tickets: 8903
     :versions: 2.0.0rc1

     Added support for the SQLite backend to reflect the "DEFERRABLE" and
     "INITIALLY" keywords which may be present on a foreign key construct. Pull
     request courtesy Michael Gorven.

 .. change::
     :tags: usecase, sql
     :tickets: 8800
     :versions: 2.0.0rc1

     An informative re-raise is now thrown in the case where any "literal
     bindparam" render operation fails, indicating the value itself and
     the datatype in use, to assist in debugging when literal params
     are being rendered in a statement.

 .. change::
     :tags: usecase, sqlite
     :tickets: 8804
     :versions: 2.0.0rc1

     Added support for reflection of expression-oriented WHERE criteria included
     in indexes on the SQLite dialect, in a manner similar to that of the
     PostgreSQL dialect. Pull request courtesy Tobias Pfeiffer.

 .. change::
     :tags: bug, sql
     :tickets: 8827
     :versions: 2.0.0rc1

     Fixed a series of issues regarding the position and sometimes the identity
     of rendered bound parameters, such as those used for SQLite, asyncpg,
     MySQL, Oracle and others. Some compiled forms would not maintain the order
     of parameters correctly, such as the PostgreSQL ``regexp_replace()``
     function, the "nesting" feature of the :class:`.CTE` construct first
     introduced in :ticket:`4123`, and selectable tables formed by using the
     :meth:`.FunctionElement.column_valued` method with Oracle.


 .. change::
     :tags: bug, oracle
     :tickets: 8945
     :versions: 2.0.0rc1

     Fixed issue in Oracle compiler where the syntax for
     :meth:`.FunctionElement.column_valued` was incorrect, rendering the name
     ``COLUMN_VALUE`` without qualifying the source table correctly.

 .. change::
     :tags: bug, engine
     :tickets: 8963
     :versions: 2.0.0rc1

     Fixed issue where :meth:`_engine.Result.freeze` method would not work for
     textual SQL using either :func:`_sql.text` or
     :meth:`_engine.Connection.exec_driver_sql`.


.. changelog::

1.4.44

:released: November 12, 2022

 .. change::
     :tags: bug, sql
     :tickets: 8790
     :versions: 2.0.0b4

     Fixed critical memory issue identified in cache key generation, where for
     very large and complex ORM statements that make use of lots of ORM aliases
     with subqueries, cache key generation could produce excessively large keys
     that were orders of magnitude bigger than the statement itself. Much thanks
     to Rollo Konig Brock for their very patient, long term help in finally
     identifying this issue.

 .. change::
     :tags: bug, postgresql, mssql
     :tickets: 8770
     :versions: 2.0.0b4

     For the PostgreSQL and SQL Server dialects only, adjusted the compiler so
     that when rendering column expressions in the RETURNING clause, the "non
     anon" label that's used in SELECT statements is suggested for SQL
     expression elements that generate a label; the primary example is a SQL
     function that may be emitting as part of the column's type, where the label
     name should match the column's name by default. This restores a not-well
     defined behavior that had changed in version 1.4.21 due to :ticket:`6718`,
     :ticket:`6710`. The Oracle dialect has a different RETURNING implementation
     and was not affected by this issue. Version 2.0 features an across the
     board change for its widely expanded support of RETURNING on other
     backends.


 .. change::
     :tags: bug, oracle

     Fixed issue in the Oracle dialect where an INSERT statement that used
     ``insert(some_table).values(...).returning(some_table)`` against a full
     :class:`.Table` object at once would fail to execute, raising an exception.

 .. change::
     :tags: bug, tests
     :tickets: 8793
     :versions: 2.0.0b4

     Fixed issue where the ``--disable-asyncio`` parameter to the test suite
     would fail to not actually run greenlet tests and would also not prevent
     the suite from using a "wrapping" greenlet for the whole suite. This
     parameter now ensures that no greenlet or asyncio use will occur within the
     entire run when set.

 .. change::
     :tags: bug, tests

     Adjusted the test suite which tests the Mypy plugin to accommodate for
     changes in Mypy 0.990 regarding how it handles message output, which affect
     how sys.path is interpreted when determining if notes and errors should be
     printed for particular files. The change broke the test suite as the files
     within the test directory itself no longer produced messaging when run
     under the mypy API.

.. changelog::

1.4.43

:released: November 4, 2022

 .. change::
     :tags: bug, orm
     :tickets: 8738
     :versions: 2.0.0b3

     Fixed issue in joined eager loading where an assertion fail would occur
     with a particular combination of outer/inner joined eager loads, when
     eager loading across three mappers where the middle mapper was
     an inherited subclass mapper.


 .. change::
     :tags: bug, oracle
     :tickets: 8708
     :versions: 2.0.0b3

     Fixed issue where bound parameter names, including those automatically
     derived from similarly-named database columns, which contained characters
     that normally require quoting with Oracle would not be escaped when using
     "expanding parameters" with the Oracle dialect, causing execution errors.
     The usual "quoting" for bound parameters used by the Oracle dialect is not
     used with the "expanding parameters" architecture, so escaping for a large
     range of characters is used instead, now using a list of characters/escapes
     that are specific to Oracle.



 .. change::
     :tags: bug, orm
     :tickets: 8721
     :versions: 2.0.0b3

     Fixed bug involving :class:`.Select` constructs, where combinations of
     :meth:`.Select.select_from` with :meth:`.Select.join`, as well as when
     using :meth:`.Select.join_from`, would cause the
     :func:`_orm.with_loader_criteria` feature as well as the IN criteria needed
     for single-table inheritance queries to not render, in cases where the
     columns clause of the query did not explicitly include the left-hand side
     entity of the JOIN. The correct entity is now transferred to the
     :class:`.Join` object that's generated internally, so that the criteria
     against the left side entity is correctly added.


 .. change::
     :tags: bug, mssql
     :tickets: 8714
     :versions: 2.0.0b3

     Fixed issue with :meth:`.Inspector.has_table`, which when used against a
     temporary table with the SQL Server dialect would fail on some Azure
     variants, due to an unnecessary information schema query that is not
     supported on those server versions. Pull request courtesy Mike Barry.

 .. change::
     :tags: bug, orm
     :tickets: 8711
     :versions: 2.0.0b3

     An informative exception is now raised when the
     :func:`_orm.with_loader_criteria` option is used as a loader option added
     to a specific "loader path", such as when using it within
     :meth:`.Load.options`. This use is not supported as
     :func:`_orm.with_loader_criteria` is only intended to be used as a top
     level loader option. Previously, an internal error would be generated.

 .. change::
     :tags: bug, oracle
     :tickets: 8744
     :versions: 2.0.0b3

     Fixed issue where the ``nls_session_parameters`` view queried on first
     connect in order to get the default decimal point character may not be
     available depending on Oracle connection modes, and would therefore raise
     an error.  The approach to detecting decimal char has been simplified to
     test a decimal value directly, instead of reading system views, which
     works on any backend / driver.


 .. change::
     :tags: bug, orm
     :tickets: 8753
     :versions: 2.0.0b3

     Improved "dictionary mode" for :meth:`_orm.Session.get` so that synonym
     names which refer to primary key attribute names may be indicated in the
     named dictionary.

 .. change::
     :tags: bug, engine, regression
     :tickets: 8717
     :versions: 2.0.0b3

     Fixed issue where the :meth:`.PoolEvents.reset` event hook would not be be
     called in all cases when a :class:`_engine.Connection` were closed and was
     in the process of returning its DBAPI connection to the connection pool.

     The scenario was when the :class:`_engine.Connection` had already emitted
     ``.rollback()`` on its DBAPI connection within the process of returning
     the connection to the pool, where it would then instruct the connection
     pool to forego doing its own "reset" to save on the additional method
     call.  However, this prevented custom pool reset schemes from being
     used within this hook, as such hooks by definition are doing more than
     just calling ``.rollback()``, and need to be invoked under all
     circumstances.  This was a regression that appeared in version 1.4.

     For version 1.4, the :meth:`.PoolEvents.checkin` remains viable as an
     alternate event hook to use for custom "reset" implementations. Version 2.0
     will feature an improved version of :meth:`.PoolEvents.reset` which is
     called for additional scenarios such as termination of asyncio connections,
     and is also passed contextual information about the reset, to allow for
     "custom connection reset" schemes which can respond to different reset
     scenarios in different ways.

 .. change::
     :tags: bug, orm
     :tickets: 8704
     :versions: 2.0.0b3

     Fixed issue where "selectin_polymorphic" loading for inheritance mappers
     would not function correctly if the :paramref:`_orm.Mapper.polymorphic_on`
     parameter referred to a SQL expression that was not directly mapped on the
     class.

 .. change::
     :tags: bug, orm
     :tickets: 8710
     :versions: 2.0.0b3

     Fixed issue where the underlying DBAPI cursor would not be closed when
     using the :class:`_orm.Query` object as an iterator, if a user-defined exception
     case were raised within the iteration process, thereby causing the iterator
     to be closed by the Python interpreter.  When using
     :meth:`_orm.Query.yield_per` to create server-side cursors, this would lead
     to the usual MySQL-related issues with server side cursors out of sync,
     and without direct access to the :class:`.Result` object, end-user code
     could not access the cursor in order to close it.

     To resolve, a catch for ``GeneratorExit`` is applied within the iterator
     method, which will close the result object in those cases when the
     iterator were interrupted, and by definition will be closed by the
     Python interpreter.

     As part of this change as implemented for the 1.4 series, ensured that
     ``.close()`` methods are available on all :class:`.Result` implementations
     including :class:`.ScalarResult`, :class:`.MappingResult`.  The 2.0
     version of this change also includes new context manager patterns for use
     with :class:`.Result` classes.

 .. change::
     :tags: bug, engine
     :tickets: 8710

     Ensured all :class:`.Result` objects include a :meth:`.Result.close` method
     as well as a :attr:`.Result.closed` attribute, including on
     :class:`.ScalarResult` and :class:`.MappingResult`.

 .. change::
     :tags: bug, mssql, reflection
     :tickets: 8700
     :versions: 2.0.0b3

     Fixed issue with :meth:`.Inspector.has_table`, which when used against a
     view with the SQL Server dialect would erroneously return ``False``, due to
     a regression in the 1.4 series which removed support for this on SQL
     Server. The issue is not present in the 2.0 series which uses a different
     reflection architecture. Test support is added to ensure ``has_table()``
     remains working per spec re: views.

 .. change::
     :tags: bug, sql
     :tickets: 8724
     :versions: 2.0.0b3

     Fixed issue which prevented the :func:`_sql.literal_column` construct from
     working properly within the context of a :class:`.Select` construct as well
     as other potential places where "anonymized labels" might be generated, if
     the literal expression contained characters which could interfere with
     format strings, such as open parenthesis, due to an implementation detail
     of the "anonymous label" structure.


.. changelog::

1.4.42

:released: October 16, 2022

 .. change::
     :tags: bug, asyncio
     :tickets: 8516

     Improved implementation of ``asyncio.shield()`` used in context managers as
     added in :ticket:`8145`, such that the "close" operation is enclosed within
     an ``asyncio.Task`` which is then strongly referenced as the operation
     proceeds. This is per Python documentation indicating that the task is
     otherwise not strongly referenced.

 .. change::
     :tags: bug, orm
     :tickets: 8614

     The :paramref:`_orm.Session.execute.bind_arguments` dictionary is no longer
     mutated when passed to :meth:`_orm.Session.execute` and similar; instead,
     it's copied to an internal dictionary for state changes. Among other
     things, this fixes and issue where the "clause" passed to the
     :meth:`_orm.Session.get_bind` method would be incorrectly referring to the
     :class:`_sql.Select` construct used for the "fetch" synchronization
     strategy, when the actual query being emitted was a :class:`_dml.Delete` or
     :class:`_dml.Update`. This would interfere with recipes for "routing
     sessions".

 .. change::
     :tags: bug, orm
     :tickets: 7094

     A warning is emitted in ORM configurations when an explicit
     :func:`_orm.remote` annotation is applied to columns that are local to the
     immediate mapped class, when the referenced class does not include any of
     the same table columns. Ideally this would raise an error at some point as
     it's not correct from a mapping point of view.

 .. change::
     :tags: bug, orm
     :tickets: 7545

     A warning is emitted when attempting to configure a mapped class within an
     inheritance hierarchy where the mapper is not given any polymorphic
     identity, however there is a polymorphic discriminator column assigned.
     Such classes should be abstract if they never intend to load directly.


 .. change::
     :tags: bug, mssql, regression
     :tickets: 8525

     Fixed yet another regression in SQL Server isolation level fetch (see
     :ticket:`8231`, :ticket:`8475`), this time with "Microsoft Dynamics CRM
     Database via Azure Active Directory", which apparently lacks the
     ``system_views`` view entirely. Error catching has been extended that under
     no circumstances will this method ever fail, provided database connectivity
     is present.

 .. change::
     :tags: orm, bug, regression
     :tickets: 8569

     Fixed regression for 1.4 in :func:`_orm.contains_eager` where the "wrap in
     subquery" logic of :func:`_orm.joinedload` would be inadvertently triggered
     for use of the :func:`_orm.contains_eager` function with similar statements
     (e.g. those that use ``distinct()``, ``limit()`` or ``offset()``), which
     would then lead to secondary issues with queries that used some
     combinations of SQL label names and aliasing. This "wrapping" is not
     appropriate for :func:`_orm.contains_eager` which has always had the
     contract that the user-defined SQL statement is unmodified with the
     exception of adding the appropriate columns to be fetched.

 .. change::
     :tags: bug, orm, regression
     :tickets: 8507

     Fixed regression where using ORM update() with synchronize_session='fetch'
     would fail due to the use of evaluators that are now used to determine the
     in-Python value for expressions in the the SET clause when refreshing
     objects; if the evaluators make use of math operators against non-numeric
     values such as PostgreSQL JSONB, the non-evaluable condition would fail to
     be detected correctly. The evaluator now limits the use of math mutation
     operators to numeric types only, with the exception of "+" that continues
     to work for strings as well. SQLAlchemy 2.0 may alter this further by
     fetching the SET values completely rather than using evaluation.

 .. change::
     :tags: usecase, postgresql
     :tickets: 8574

     :class:`_postgresql.aggregate_order_by` now supports cache generation.

 .. change::
     :tags: bug, mysql
     :tickets: 8588

     Adjusted the regular expression used to match "CREATE VIEW" when
     testing for views to work more flexibly, no longer requiring the
     special keyword "ALGORITHM" in the middle, which was intended to be
     optional but was not working correctly.  The change allows view reflection
     to work more completely on MySQL-compatible variants such as StarRocks.
     Pull request courtesy John Bodley.

 .. change::
     :tags: bug, engine
     :tickets: 8536

     Fixed issue where mixing "*" with additional explicitly-named column
     expressions within the columns clause of a :func:`_sql.select` construct
     would cause result-column targeting to sometimes consider the label name or
     other non-repeated names to be an ambiguous target.

.. changelog::

1.4.41

:released: September 6, 2022

 .. change::
     :tags: bug, sql
     :tickets: 8441

     Fixed issue where use of the :func:`_sql.table` construct, passing a string
     for the :paramref:`_sql.table.schema` parameter, would fail to take the
     "schema" string into account when producing a cache key, thus leading to
     caching collisions if multiple, same-named :func:`_sql.table` constructs
     with different schemas were used.


 .. change::
     :tags: bug, events, orm
     :tickets: 8467

     Fixed event listening issue where event listeners added to a superclass
     would be lost if a subclass were created which then had its own listeners
     associated. The practical example is that of the :class:`.sessionmaker`
     class created after events have been associated with the
     :class:`_orm.Session` class.

 .. change::
     :tags: orm, bug
     :tickets: 8401

     Hardened the cache key strategy for the :func:`_orm.aliased` and
     :func:`_orm.with_polymorphic` constructs. While no issue involving actual
     statements being cached can easily be demonstrated (if at all), these two
     constructs were not including enough of what makes them unique in their
     cache keys for caching on the aliased construct alone to be accurate.

 .. change::
     :tags: bug, orm, regression
     :tickets: 8456

     Fixed regression appearing in the 1.4 series where a joined-inheritance
     query placed as a subquery within an enclosing query for that same entity
     would fail to render the JOIN correctly for the inner query. The issue
     manifested in two different ways prior and subsequent to version 1.4.18
     (related issue :ticket:`6595`), in one case rendering JOIN twice, in the
     other losing the JOIN entirely. To resolve, the conditions under which
     "polymorphic loading" are applied have been scaled back to not be invoked
     for simple joined inheritance queries.

 .. change::
     :tags: bug, orm
     :tickets: 8446

     Fixed issue in :mod:`sqlalchemy.ext.mutable` extension where collection
     links to the parent object would be lost if the object were merged with
     :meth:`.Session.merge` while also passing :paramref:`.Session.merge.load`
     as False.

 .. change::
     :tags: bug, orm
     :tickets: 8399

     Fixed issue involving :func:`_orm.with_loader_criteria` where a closure
     variable used as bound parameter value within the lambda would not carry
     forward correctly into additional relationship loaders such as
     :func:`_orm.selectinload` and :func:`_orm.lazyload` after the statement
     were cached, using the stale originally-cached value instead.


 .. change::
     :tags: bug, mssql, regression
     :tickets: 8475

     Fixed regression caused by the fix for :ticket:`8231` released in 1.4.40
     where connection would fail if the user did not have permission to query
     the ``dm_exec_sessions`` or ``dm_pdw_nodes_exec_sessions`` system views
     when trying to determine the current transaction isolation level.

 .. change::
     :tags: bug, asyncio
     :tickets: 8419

     Integrated support for asyncpg's ``terminate()`` method call for cases
     where the connection pool is recycling a possibly timed-out connection,
     where a connection is being garbage collected that wasn't gracefully
     closed, as well as when the connection has been invalidated. This allows
     asyncpg to abandon the connection without waiting for a response that may
     incur long timeouts.

.. changelog::

1.4.40

:released: August 8, 2022

 .. change::
     :tags: bug, orm
     :tickets: 8357

     Fixed issue where referencing a CTE multiple times in conjunction with a
     polymorphic SELECT could result in multiple "clones" of the same CTE being
     constructed, which would then trigger these two CTEs as duplicates. To
     resolve, the two CTEs are deep-compared when this occurs to ensure that
     they are equivalent, then are treated as equivalent.


 .. change::
     :tags: bug, orm, declarative
     :tickets: 8190

     Fixed issue where a hierarchy of classes set up as an abstract or mixin
     declarative classes could not declare standalone columns on a superclass
     that would then be copied correctly to a :class:`_orm.declared_attr`
     callable that wanted to make use of them on a descendant class.

 .. change::
     :tags: bug, types
     :tickets: 7249

     Fixed issue where :class:`.TypeDecorator` would not correctly proxy the
     ``__getitem__()`` operator when decorating the :class:`_types.ARRAY`
     datatype, without explicit workarounds.

 .. change::
     :tags: bug, asyncio
     :tickets: 8145

     Added ``asyncio.shield()`` to the connection and session release process
     specifically within the ``__aexit__()`` context manager exit, when using
     :class:`.AsyncConnection` or :class:`.AsyncSession` as a context manager
     that releases the object when the context manager is complete. This appears
     to help with task cancellation when using alternate concurrency libraries
     such as ``anyio``, ``uvloop`` that otherwise don't provide an async context
     for the connection pool to release the connection properly during task
     cancellation.



 .. change::
     :tags: bug, postgresql
     :tickets: 4392

     Fixed issue in psycopg2 dialect where the "multiple hosts" feature
     implemented for :ticket:`4392`, where multiple ``host:port`` pairs could be
     passed in the query string as
     ``?host=host1:port1&host=host2:port2&host=host3:port3`` was not implemented
     correctly, as it did not propagate the "port" parameter appropriately.
     Connections that didn't use a different "port" likely worked without issue,
     and connections that had "port" for some of the entries may have
     incorrectly passed on that hostname. The format is now corrected to pass
     hosts/ports appropriately.

     As part of this change, maintained support for another multihost style that
     worked unintentionally, which is comma-separated
     ``?host=h1,h2,h3&port=p1,p2,p3``. This format is more consistent with
     libpq's query-string format, whereas the previous format is inspired by a
     different aspect of libpq's URI format but is not quite the same thing.

     If the two styles are mixed together, an error is raised as this is
     ambiguous.

 .. change::
     :tags: bug, sql
     :tickets: 8253

     Adjusted the SQL compilation for string containment functions
     ``.contains()``, ``.startswith()``, ``.endswith()`` to force the use of the
     string concatenation operator, rather than relying upon the overload of the
     addition operator, so that non-standard use of these operators with for
     example bytestrings still produces string concatenation operators.


 .. change::
     :tags: bug, orm
     :tickets: 8235

     A :func:`_sql.select` construct that is passed a sole '*' argument for
     ``SELECT *``, either via string, :func:`_sql.text`, or
     :func:`_sql.literal_column`, will be interpreted as a Core-level SQL
     statement rather than as an ORM level statement. This is so that the ``*``,
     when expanded to match any number of columns, will result in all columns
     returned in the result. the ORM- level interpretation of
     :func:`_sql.select` needs to know the names and types of all ORM columns up
     front which can't be achieved when ``'*'`` is used.

     If ``'*`` is used amongst other expressions simultaneously with an ORM
     statement, an error is raised as this can't be interpreted correctly by the
     ORM.

 .. change::
     :tags: bug, mssql
     :tickets: 8210

     Fixed issues that prevented the new usage patterns for using DML with ORM
     objects presented at :ref:`orm_dml_returning_objects` from working
     correctly with the SQL Server pyodbc dialect.


 .. change::
     :tags: bug, mssql
     :tickets: 8231

     Fixed issue where the SQL Server dialect's query for the current isolation
     level would fail on Azure Synapse Analytics, due to the way in which this
     database handles transaction rollbacks after an error has occurred. The
     initial query has been modified to no longer rely upon catching an error
     when attempting to detect the appropriate system view. Additionally, to
     better support this database's very specific "rollback" behavior,
     implemented new parameter ``ignore_no_transaction_on_rollback`` indicating
     that a rollback should ignore Azure Synapse error 'No corresponding
     transaction found. (111214)', which is raised if no transaction is

---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

## 📋 Pull Request Information **Original PR:** https://github.com/jeffknupp/sandman2/pull/305 **Author:** [@pyup-bot](https://github.com/pyup-bot) **Created:** 1/9/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `pyup-scheduled-update-2023-01-09` --- ### 📝 Commits (10+) - [`d152e6c`](https://github.com/jeffknupp/sandman2/commit/d152e6c1ce2e7542d91fba302d7bcb73558ed87e) Update flask from 1.1.2 to 2.2.2 - [`c418c40`](https://github.com/jeffknupp/sandman2/commit/c418c407b09cc8526d3068a4b885d54ea38ba461) Update flask-admin from 1.5.7 to 1.6.0 - [`53a4925`](https://github.com/jeffknupp/sandman2/commit/53a49258ee58ca49544895bf406011aa4e0b96ee) Update flask-sqlalchemy from 2.4.4 to 3.0.2 - [`752a9a9`](https://github.com/jeffknupp/sandman2/commit/752a9a9c1946c41ad02051f5dde10d41a62c8eb0) Update sqlalchemy from 1.3.20 to 1.4.46 - [`3e96ffb`](https://github.com/jeffknupp/sandman2/commit/3e96ffb42b4cd5d12dd2b2f93cfb82701faa4b6e) Update wtforms from 2.3.3 to 3.0.1 - [`b0c2dfd`](https://github.com/jeffknupp/sandman2/commit/b0c2dfde3406b5edb8a76f88eb2d0886702a5570) Update coverage from 5.3 to 7.0.4 - [`63a512f`](https://github.com/jeffknupp/sandman2/commit/63a512faf6e4ef488699720fbfd3a46d38b9c3b2) Update pytest from 6.2.0 to 7.2.0 - [`3ef4698`](https://github.com/jeffknupp/sandman2/commit/3ef46989359504569c895ee42a7be9148ebc47cf) Update flask-cors from 3.0.9 to 3.0.10 - [`28cfe78`](https://github.com/jeffknupp/sandman2/commit/28cfe7831c93c5504ab910a615536885addbdce8) Update pytest-cov from 2.10.1 to 4.0.0 - [`8ff7241`](https://github.com/jeffknupp/sandman2/commit/8ff72410c0159219ec9cf0074f4155469794cadc) Update pytest-flask from 1.1.0 to 1.2.0 ### 📊 Changes **1 file changed** (+14 additions, -14 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+14 -14) </details> ### 📄 Description ### Update [Flask](https://pypi.org/project/Flask) from **1.1.2** to **2.2.2**. <details> <summary>Changelog</summary> ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to &gt;= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``&quot;production&quot;``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to &gt;= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug&#x27;s ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python &lt; 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to &gt;= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client&#x27;s ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``setuptools`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client&#x27;s ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.request.environ`` instead. :pr:`4341` - Fix type annotation for ``errorhandler`` decorator. :issue:`4295` - Revert a change to the CLI that caused it to hide ``ImportError`` tracebacks when importing the application. :issue:`4307` - ``app.json_encoder`` and ``json_decoder`` are only passed to ``dumps`` and ``loads`` if they have custom behavior. This improves performance, mainly on PyPy. :issue:`4349` - Clearer error message when ``after_this_request`` is used outside a request context. :issue:`4333` ``` ### 2.0.2 ``` ------------- Released 2021-10-04 - Fix type annotation for ``teardown_*`` methods. :issue:`4093` - Fix type annotation for ``before_request`` and ``before_app_request`` decorators. :issue:`4104` - Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:`4098` - Support View and MethodView instances with async handlers. :issue:`4112` - Enhance typing of ``app.errorhandler`` decorator. :issue:`4095` - Fix registering a blueprint twice with differing names. :issue:`4124` - Fix the type of ``static_folder`` to accept ``pathlib.Path``. :issue:`4150` - ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``. :issue:`4157` - Correctly handle raising deferred errors in CLI lazy loading. :issue:`4096` - The CLI loader handles ``**kwargs`` in a ``create_app`` function. :issue:`4170` - Fix the order of ``before_request`` and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:`4229` ``` ### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren&#x27;t available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Revert a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug &gt;= 2, Jinja2 &gt;= 3, MarkupSafe &gt;= 2, ItsDangerous &gt;= 2, Click &gt;= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it&#x27;s needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add ``SessionInterface.get_cookie_name`` to allow setting the session cookie name dynamically. :pr:`3369` - Add ``Config.from_file`` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. ``Config.from_json`` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - ``send_file`` raises a ``ValueError`` when passed an ``io`` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja&#x27;s implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post(&quot;/login&quot;)`` is a shortcut for ``app.route(&quot;/login&quot;, methods=[&quot;POST&quot;])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to &quot;UTF-8&quot; when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python &lt; 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask - Changelog: https://pyup.io/changelogs/flask/ - Homepage: https://palletsprojects.com/p/flask </details> ### Update [Flask-Admin](https://pypi.org/project/Flask-Admin) from **1.5.7** to **1.6.0**. <details> <summary>Changelog</summary> ### 1.6.0 ``` ----- * Dropped Python 2 support * WTForms 3.0 support * Various fixes ``` ### 1.5.8 ``` ----- * SQLAlchemy 1.4.5+ compatibility fixes * Redis CLI fixes ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-admin - Changelog: https://pyup.io/changelogs/flask-admin/ - Repo: https://github.com/flask-admin/flask-admin/ - Docs: https://pythonhosted.org/Flask-Admin/ </details> ### Update [Flask-SQLAlchemy](https://pypi.org/project/Flask-SQLAlchemy) from **2.4.4** to **3.0.2**. <details> <summary>Changelog</summary> ### 3.0.2 ``` ------------- Released 2022-10-14 - Update compatibility with SQLAlchemy 2. :issue:`1122` ``` ### 3.0.1 ``` ------------- Released 2022-10-11 - Export typing information instead of using external typeshed definitions. :issue:`1112` - If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an invalid default bind will not be configured. :issue:`1117` ``` ### 3.0.0 ``` ------------- Released 2022-10-04 - Drop support for Python 2, 3.4, 3.5, and 3.6. - Bump minimum version of Flask to 2.2. - Bump minimum version of SQLAlchemy to 1.4.18. - Remove previously deprecated code. - The session is scoped to the current app context instead of the thread. This requires that an app context is active. This ensures that the session is cleaned up after every request. - An active Flask application context is always required to access ``session`` and ``engine``, regardless of if an application was passed to the constructor. :issue:`508, 944` - Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing tables in different databases to have the same name. Bind keys are stored and looked up on the resulting metadata rather than the model or table. - ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731` - Configuring SQLite with a relative path is relative to ``app.instance_path`` instead of ``app.root_path``. The instance folder is created if necessary. :issue:`462` - Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to the extension object. These use SQLAlchemy&#x27;s preferred ``session.execute(select())`` pattern instead of the legacy query interface. :issue:`1088` - Setup methods that create the engines and session are renamed with a leading underscore. They are considered internal interfaces which may change at any time. - All parameters to ``SQLAlchemy`` except ``app`` are keyword-only. - Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter from various ``SQLAlchemy`` methods. - The extension object uses ``__getattr__`` to alias names from the SQLAlchemy package, rather than copying them as attributes. - The extension object is stored directly as ``app.extensions[&quot;sqlalchemy&quot;]``. :issue:`698` - The session class can be customized by passing the ``class_`` key in the ``session_options`` parameter. :issue:`327` - ``SignallingSession`` is renamed to ``Session``. - ``Session.get_bind`` more closely matches the base implementation. - Model classes and the ``db`` instance are available without imports in ``flask shell``. :issue:`1089` - The ``CamelCase`` to ``snake_case`` table name converter handles more patterns correctly. If model that was already created in the database changed, either use Alembic to rename the table, or set ``__tablename__`` to keep the old name. :issue:`406` - ``Model`` ``repr`` distinguishes between transient and pending instances. :issue:`967` - A custom model class can implement ``__init_subclass__`` with class parameters. :issue:`1002` - ``db.Table`` is a subclass instead of a function. - The ``engine_options`` parameter is applied as defaults before per-engine configuration. - ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence. :issue:`783` - Engines are created when calling ``init_app`` rather than the first time they are accessed. :issue:`698` - ``db.engines`` exposes the map of bind keys to engines for the current app. - ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated. - SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are supported. :issue:`998, 1045` - SQLite engines do not use ``NullPool`` if ``pool_size`` is 0. - MySQL engines use the &quot;utf8mb4&quot; charset by default. :issue:`875` - MySQL engines do not set ``pool_size`` to 10. - MySQL engines don&#x27;t set a default for ``pool_recycle`` if not using a queue pool. :issue:`803` - ``Query`` is renamed from ``BaseQuery``. - Added ``Query.one_or_404``. - The query class is applied to ``backref`` in ``relationship``. :issue:`417` - Creating ``Pagination`` objects manually is no longer a public API. They should be created with ``db.paginate`` or ``query.paginate``. :issue:`1088` - ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only. - ``Pagination`` is iterable, iterating over its items. :issue:`70` - Pagination count query is more efficient. - ``Pagination.iter_pages`` is more efficient. :issue:`622` - ``Pagination.iter_pages`` ``right_current`` parameter is inclusive. - Pagination ``per_page`` cannot be 0. :issue:`1091` - Pagination ``max_per_page`` defaults to 100. :issue:`1091` - Added ``Pagination.first`` and ``last`` properties, which give the number of the first and last item on the page. :issue:`567` - ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled automatically with ``app.debug`` or ``app.testing``. :issue:`1092` - ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the config and functionality. - Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is renamed to ``location``. Finding the location uses a more inclusive check. - ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727` - ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues that are difficult to debug. Call ``db.session.commit()`` directly instead. :issue:`216` ``` ### 2.5.1 ``` ------------- Released 2021-03-18 - Fix compatibility with Python 2.7. ``` ### 2.5.0 ``` ------------- Released 2021-03-18 - Update to support SQLAlchemy 1.4. - SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to return a new URL instead of ``None``. :issue:`885` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-sqlalchemy - Changelog: https://pyup.io/changelogs/flask-sqlalchemy/ - Docs: https://pythonhosted.org/flask-sqlalchemy/ </details> ### Update [SQLAlchemy](https://pypi.org/project/SQLAlchemy) from **1.3.20** to **1.4.46**. <details> <summary>Changelog</summary> ### 1.4.46 ``` :released: January 3, 2023 .. change:: :tags: bug, engine :tickets: 8974 :versions: 2.0.0rc1 Fixed a long-standing race condition in the connection pool which could occur under eventlet/gevent monkeypatching schemes in conjunction with the use of eventlet/gevent ``Timeout`` conditions, where a connection pool checkout that&#x27;s interrupted due to the timeout would fail to clean up the failed state, causing the underlying connection record and sometimes the database connection itself to &quot;leak&quot;, leaving the pool in an invalid state with unreachable entries. This issue was first identified and fixed in SQLAlchemy 1.2 for :ticket:`4225`, however the failure modes detected in that fix failed to accommodate for ``BaseException``, rather than ``Exception``, which prevented eventlet/gevent ``Timeout`` from being caught. In addition, a block within initial pool connect has also been identified and hardened with a ``BaseException`` -&gt; &quot;clean failed connect&quot; block to accommodate for the same condition in this location. Big thanks to Github user niklaus for their tenacious efforts in identifying and describing this intricate issue. .. change:: :tags: bug, postgresql :tickets: 9023 :versions: 2.0.0rc1 Fixed bug where the PostgreSQL :paramref:`_postgresql.Insert.on_conflict_do_update.constraint` parameter would accept an :class:`.Index` object, however would not expand this index out into its individual index expressions, instead rendering its name in an ON CONFLICT ON CONSTRAINT clause, which is not accepted by PostgreSQL; the &quot;constraint name&quot; form only accepts unique or exclude constraint names. The parameter continues to accept the index but now expands it out into its component expressions for the render. .. change:: :tags: bug, general :tickets: 8995 :versions: 2.0.0rc1 Fixed regression where the base compat module was calling upon ``platform.architecture()`` in order to detect some system properties, which results in an over-broad system call against the system-level ``file`` call that is unavailable under some circumstances, including within some secure environment configurations. .. change:: :tags: usecase, postgresql :tickets: 8393 :versions: 2.0.0b5 Added the PostgreSQL type ``MACADDR8``. Pull request courtesy of Asim Farooq. .. change:: :tags: bug, sqlite :tickets: 8969 :versions: 2.0.0b5 Fixed regression caused by new support for reflection of partial indexes on SQLite added in 1.4.45 for :ticket:`8804`, where the ``index_list`` pragma command in very old versions of SQLite (possibly prior to 3.8.9) does not return the current expected number of columns, leading to exceptions raised when reflecting tables and indexes. .. change:: :tags: bug, tests :versions: 2.0.0rc1 Fixed issue in tox.ini file where changes in the tox 4.0 series to the format of &quot;passenv&quot; caused tox to not function correctly, in particular raising an error as of tox 4.0.6. .. change:: :tags: bug, tests :tickets: 9002 :versions: 2.0.0rc1 Added new exclusion rule for third party dialects called ``unusual_column_name_characters``, which can be &quot;closed&quot; for third party dialects that don&#x27;t support column names with unusual characters such as dots, slashes, or percent signs in them, even if the name is properly quoted. .. change:: :tags: bug, sql :tickets: 9009 :versions: 2.0.0b5 Added parameter :paramref:`.FunctionElement.column_valued.joins_implicitly`, which is useful in preventing the &quot;cartesian product&quot; warning when making use of table-valued or column-valued functions. This parameter was already introduced for :meth:`.FunctionElement.table_valued` in :ticket:`7845`, however it failed to be added for :meth:`.FunctionElement.column_valued` as well. .. change:: :tags: change, general :tickets: 8983 A new deprecation &quot;uber warning&quot; is now emitted at runtime the first time any SQLAlchemy 2.0 deprecation warning would normally be emitted, but the ``SQLALCHEMY_WARN_20`` environment variable is not set. The warning emits only once at most, before setting a boolean to prevent it from emitting a second time. This deprecation warning intends to notify users who may not have set an appropriate constraint in their requirements files to block against a surprise SQLAlchemy 2.0 upgrade and also alert that the SQLAlchemy 2.0 upgrade process is available, as the first full 2.0 release is expected very soon. The deprecation warning can be silenced by setting the environment variable ``SQLALCHEMY_SILENCE_UBER_WARNING`` to ``&quot;1&quot;``. .. seealso:: :ref:`migration_20_toplevel` .. change:: :tags: bug, orm :tickets: 9033 :versions: 2.0.0rc1 Fixed issue in the internal SQL traversal for DML statements like :class:`_dml.Update` and :class:`_dml.Delete` which would cause among other potential issues, a specific issue using lambda statements with the ORM update/delete feature. .. change:: :tags: bug, sql :tickets: 8989 :versions: 2.0.0b5 Fixed bug where SQL compilation would fail (assertion fail in 2.0, NoneType error in 1.4) when using an expression whose type included :meth:`_types.TypeEngine.bind_expression`, in the context of an &quot;expanding&quot; (i.e. &quot;IN&quot;) parameter in conjunction with the ``literal_binds`` compiler parameter. .. change:: :tags: bug, sql :tickets: 9029 :versions: 2.0.0rc1 Fixed issue in lambda SQL feature where the calculated type of a literal value would not take into account the type coercion rules of the &quot;compared to type&quot;, leading to a lack of typing information for SQL expressions, such as comparisons to :class:`_types.JSON` elements and similar. .. changelog:: ``` ### 1.4.45 ``` :released: December 10, 2022 .. change:: :tags: bug, orm :tickets: 8862 :versions: 2.0.0rc1 Fixed bug where :meth:`_orm.Session.merge` would fail to preserve the current loaded contents of relationship attributes that were indicated with the :paramref:`_orm.relationship.viewonly` parameter, thus defeating strategies that use :meth:`_orm.Session.merge` to pull fully loaded objects from caches and other similar techniques. In a related change, fixed issue where an object that contains a loaded relationship that was nonetheless configured as ``lazy=&#x27;raise&#x27;`` on the mapping would fail when passed to :meth:`_orm.Session.merge`; checks for &quot;raise&quot; are now suspended within the merge process assuming the :paramref:`_orm.Session.merge.load` parameter remains at its default of ``True``. Overall, this is a behavioral adjustment to a change introduced in the 1.4 series as of :ticket:`4994`, which took &quot;merge&quot; out of the set of cascades applied by default to &quot;viewonly&quot; relationships. As &quot;viewonly&quot; relationships aren&#x27;t persisted under any circumstances, allowing their contents to transfer during &quot;merge&quot; does not impact the persistence behavior of the target object. This allows :meth:`_orm.Session.merge` to correctly suit one of its use cases, that of adding objects to a :class:`.Session` that were loaded elsewhere, often for the purposes of restoring from a cache. .. change:: :tags: bug, orm :tickets: 8881 :versions: 2.0.0rc1 Fixed issues in :func:`_orm.with_expression` where expressions that were composed of columns that were referenced from the enclosing SELECT would not render correct SQL in some contexts, in the case where the expression had a label name that matched the attribute which used :func:`_orm.query_expression`, even when :func:`_orm.query_expression` had no default expression. For the moment, if the :func:`_orm.query_expression` does have a default expression, that label name is still used for that default, and an additional label with the same name will continue to be ignored. Overall, this case is pretty thorny so further adjustments might be warranted. .. change:: :tags: bug, sqlite :tickets: 8866 Backported a fix for SQLite reflection of unique constraints in attached schemas, released in 2.0 as a small part of :ticket:`4379`. Previously, unique constraints in attached schemas would be ignored by SQLite reflection. Pull request courtesy Michael Gorven. .. change:: :tags: bug, asyncio :tickets: 8952 :versions: 2.0.0rc1 Removed non-functional ``merge()`` method from :class:`_asyncio.AsyncResult`. This method has never worked and was included with :class:`_asyncio.AsyncResult` in error. .. change:: :tags: bug, oracle :tickets: 8708 :versions: 2.0.0b4 Continued fixes for Oracle fix :ticket:`8708` released in 1.4.43 where bound parameter names that start with underscores, which are disallowed by Oracle, were still not being properly escaped in all circumstances. .. change:: :tags: bug, postgresql :tickets: 8748 :versions: 2.0.0rc1 Made an adjustment to how the PostgreSQL dialect considers column types when it reflects columns from a table, to accommodate for alternative backends which may return NULL from the PG ``format_type()`` function. .. change:: :tags: usecase, sqlite :tickets: 8903 :versions: 2.0.0rc1 Added support for the SQLite backend to reflect the &quot;DEFERRABLE&quot; and &quot;INITIALLY&quot; keywords which may be present on a foreign key construct. Pull request courtesy Michael Gorven. .. change:: :tags: usecase, sql :tickets: 8800 :versions: 2.0.0rc1 An informative re-raise is now thrown in the case where any &quot;literal bindparam&quot; render operation fails, indicating the value itself and the datatype in use, to assist in debugging when literal params are being rendered in a statement. .. change:: :tags: usecase, sqlite :tickets: 8804 :versions: 2.0.0rc1 Added support for reflection of expression-oriented WHERE criteria included in indexes on the SQLite dialect, in a manner similar to that of the PostgreSQL dialect. Pull request courtesy Tobias Pfeiffer. .. change:: :tags: bug, sql :tickets: 8827 :versions: 2.0.0rc1 Fixed a series of issues regarding the position and sometimes the identity of rendered bound parameters, such as those used for SQLite, asyncpg, MySQL, Oracle and others. Some compiled forms would not maintain the order of parameters correctly, such as the PostgreSQL ``regexp_replace()`` function, the &quot;nesting&quot; feature of the :class:`.CTE` construct first introduced in :ticket:`4123`, and selectable tables formed by using the :meth:`.FunctionElement.column_valued` method with Oracle. .. change:: :tags: bug, oracle :tickets: 8945 :versions: 2.0.0rc1 Fixed issue in Oracle compiler where the syntax for :meth:`.FunctionElement.column_valued` was incorrect, rendering the name ``COLUMN_VALUE`` without qualifying the source table correctly. .. change:: :tags: bug, engine :tickets: 8963 :versions: 2.0.0rc1 Fixed issue where :meth:`_engine.Result.freeze` method would not work for textual SQL using either :func:`_sql.text` or :meth:`_engine.Connection.exec_driver_sql`. .. changelog:: ``` ### 1.4.44 ``` :released: November 12, 2022 .. change:: :tags: bug, sql :tickets: 8790 :versions: 2.0.0b4 Fixed critical memory issue identified in cache key generation, where for very large and complex ORM statements that make use of lots of ORM aliases with subqueries, cache key generation could produce excessively large keys that were orders of magnitude bigger than the statement itself. Much thanks to Rollo Konig Brock for their very patient, long term help in finally identifying this issue. .. change:: :tags: bug, postgresql, mssql :tickets: 8770 :versions: 2.0.0b4 For the PostgreSQL and SQL Server dialects only, adjusted the compiler so that when rendering column expressions in the RETURNING clause, the &quot;non anon&quot; label that&#x27;s used in SELECT statements is suggested for SQL expression elements that generate a label; the primary example is a SQL function that may be emitting as part of the column&#x27;s type, where the label name should match the column&#x27;s name by default. This restores a not-well defined behavior that had changed in version 1.4.21 due to :ticket:`6718`, :ticket:`6710`. The Oracle dialect has a different RETURNING implementation and was not affected by this issue. Version 2.0 features an across the board change for its widely expanded support of RETURNING on other backends. .. change:: :tags: bug, oracle Fixed issue in the Oracle dialect where an INSERT statement that used ``insert(some_table).values(...).returning(some_table)`` against a full :class:`.Table` object at once would fail to execute, raising an exception. .. change:: :tags: bug, tests :tickets: 8793 :versions: 2.0.0b4 Fixed issue where the ``--disable-asyncio`` parameter to the test suite would fail to not actually run greenlet tests and would also not prevent the suite from using a &quot;wrapping&quot; greenlet for the whole suite. This parameter now ensures that no greenlet or asyncio use will occur within the entire run when set. .. change:: :tags: bug, tests Adjusted the test suite which tests the Mypy plugin to accommodate for changes in Mypy 0.990 regarding how it handles message output, which affect how sys.path is interpreted when determining if notes and errors should be printed for particular files. The change broke the test suite as the files within the test directory itself no longer produced messaging when run under the mypy API. .. changelog:: ``` ### 1.4.43 ``` :released: November 4, 2022 .. change:: :tags: bug, orm :tickets: 8738 :versions: 2.0.0b3 Fixed issue in joined eager loading where an assertion fail would occur with a particular combination of outer/inner joined eager loads, when eager loading across three mappers where the middle mapper was an inherited subclass mapper. .. change:: :tags: bug, oracle :tickets: 8708 :versions: 2.0.0b3 Fixed issue where bound parameter names, including those automatically derived from similarly-named database columns, which contained characters that normally require quoting with Oracle would not be escaped when using &quot;expanding parameters&quot; with the Oracle dialect, causing execution errors. The usual &quot;quoting&quot; for bound parameters used by the Oracle dialect is not used with the &quot;expanding parameters&quot; architecture, so escaping for a large range of characters is used instead, now using a list of characters/escapes that are specific to Oracle. .. change:: :tags: bug, orm :tickets: 8721 :versions: 2.0.0b3 Fixed bug involving :class:`.Select` constructs, where combinations of :meth:`.Select.select_from` with :meth:`.Select.join`, as well as when using :meth:`.Select.join_from`, would cause the :func:`_orm.with_loader_criteria` feature as well as the IN criteria needed for single-table inheritance queries to not render, in cases where the columns clause of the query did not explicitly include the left-hand side entity of the JOIN. The correct entity is now transferred to the :class:`.Join` object that&#x27;s generated internally, so that the criteria against the left side entity is correctly added. .. change:: :tags: bug, mssql :tickets: 8714 :versions: 2.0.0b3 Fixed issue with :meth:`.Inspector.has_table`, which when used against a temporary table with the SQL Server dialect would fail on some Azure variants, due to an unnecessary information schema query that is not supported on those server versions. Pull request courtesy Mike Barry. .. change:: :tags: bug, orm :tickets: 8711 :versions: 2.0.0b3 An informative exception is now raised when the :func:`_orm.with_loader_criteria` option is used as a loader option added to a specific &quot;loader path&quot;, such as when using it within :meth:`.Load.options`. This use is not supported as :func:`_orm.with_loader_criteria` is only intended to be used as a top level loader option. Previously, an internal error would be generated. .. change:: :tags: bug, oracle :tickets: 8744 :versions: 2.0.0b3 Fixed issue where the ``nls_session_parameters`` view queried on first connect in order to get the default decimal point character may not be available depending on Oracle connection modes, and would therefore raise an error. The approach to detecting decimal char has been simplified to test a decimal value directly, instead of reading system views, which works on any backend / driver. .. change:: :tags: bug, orm :tickets: 8753 :versions: 2.0.0b3 Improved &quot;dictionary mode&quot; for :meth:`_orm.Session.get` so that synonym names which refer to primary key attribute names may be indicated in the named dictionary. .. change:: :tags: bug, engine, regression :tickets: 8717 :versions: 2.0.0b3 Fixed issue where the :meth:`.PoolEvents.reset` event hook would not be be called in all cases when a :class:`_engine.Connection` were closed and was in the process of returning its DBAPI connection to the connection pool. The scenario was when the :class:`_engine.Connection` had already emitted ``.rollback()`` on its DBAPI connection within the process of returning the connection to the pool, where it would then instruct the connection pool to forego doing its own &quot;reset&quot; to save on the additional method call. However, this prevented custom pool reset schemes from being used within this hook, as such hooks by definition are doing more than just calling ``.rollback()``, and need to be invoked under all circumstances. This was a regression that appeared in version 1.4. For version 1.4, the :meth:`.PoolEvents.checkin` remains viable as an alternate event hook to use for custom &quot;reset&quot; implementations. Version 2.0 will feature an improved version of :meth:`.PoolEvents.reset` which is called for additional scenarios such as termination of asyncio connections, and is also passed contextual information about the reset, to allow for &quot;custom connection reset&quot; schemes which can respond to different reset scenarios in different ways. .. change:: :tags: bug, orm :tickets: 8704 :versions: 2.0.0b3 Fixed issue where &quot;selectin_polymorphic&quot; loading for inheritance mappers would not function correctly if the :paramref:`_orm.Mapper.polymorphic_on` parameter referred to a SQL expression that was not directly mapped on the class. .. change:: :tags: bug, orm :tickets: 8710 :versions: 2.0.0b3 Fixed issue where the underlying DBAPI cursor would not be closed when using the :class:`_orm.Query` object as an iterator, if a user-defined exception case were raised within the iteration process, thereby causing the iterator to be closed by the Python interpreter. When using :meth:`_orm.Query.yield_per` to create server-side cursors, this would lead to the usual MySQL-related issues with server side cursors out of sync, and without direct access to the :class:`.Result` object, end-user code could not access the cursor in order to close it. To resolve, a catch for ``GeneratorExit`` is applied within the iterator method, which will close the result object in those cases when the iterator were interrupted, and by definition will be closed by the Python interpreter. As part of this change as implemented for the 1.4 series, ensured that ``.close()`` methods are available on all :class:`.Result` implementations including :class:`.ScalarResult`, :class:`.MappingResult`. The 2.0 version of this change also includes new context manager patterns for use with :class:`.Result` classes. .. change:: :tags: bug, engine :tickets: 8710 Ensured all :class:`.Result` objects include a :meth:`.Result.close` method as well as a :attr:`.Result.closed` attribute, including on :class:`.ScalarResult` and :class:`.MappingResult`. .. change:: :tags: bug, mssql, reflection :tickets: 8700 :versions: 2.0.0b3 Fixed issue with :meth:`.Inspector.has_table`, which when used against a view with the SQL Server dialect would erroneously return ``False``, due to a regression in the 1.4 series which removed support for this on SQL Server. The issue is not present in the 2.0 series which uses a different reflection architecture. Test support is added to ensure ``has_table()`` remains working per spec re: views. .. change:: :tags: bug, sql :tickets: 8724 :versions: 2.0.0b3 Fixed issue which prevented the :func:`_sql.literal_column` construct from working properly within the context of a :class:`.Select` construct as well as other potential places where &quot;anonymized labels&quot; might be generated, if the literal expression contained characters which could interfere with format strings, such as open parenthesis, due to an implementation detail of the &quot;anonymous label&quot; structure. .. changelog:: ``` ### 1.4.42 ``` :released: October 16, 2022 .. change:: :tags: bug, asyncio :tickets: 8516 Improved implementation of ``asyncio.shield()`` used in context managers as added in :ticket:`8145`, such that the &quot;close&quot; operation is enclosed within an ``asyncio.Task`` which is then strongly referenced as the operation proceeds. This is per Python documentation indicating that the task is otherwise not strongly referenced. .. change:: :tags: bug, orm :tickets: 8614 The :paramref:`_orm.Session.execute.bind_arguments` dictionary is no longer mutated when passed to :meth:`_orm.Session.execute` and similar; instead, it&#x27;s copied to an internal dictionary for state changes. Among other things, this fixes and issue where the &quot;clause&quot; passed to the :meth:`_orm.Session.get_bind` method would be incorrectly referring to the :class:`_sql.Select` construct used for the &quot;fetch&quot; synchronization strategy, when the actual query being emitted was a :class:`_dml.Delete` or :class:`_dml.Update`. This would interfere with recipes for &quot;routing sessions&quot;. .. change:: :tags: bug, orm :tickets: 7094 A warning is emitted in ORM configurations when an explicit :func:`_orm.remote` annotation is applied to columns that are local to the immediate mapped class, when the referenced class does not include any of the same table columns. Ideally this would raise an error at some point as it&#x27;s not correct from a mapping point of view. .. change:: :tags: bug, orm :tickets: 7545 A warning is emitted when attempting to configure a mapped class within an inheritance hierarchy where the mapper is not given any polymorphic identity, however there is a polymorphic discriminator column assigned. Such classes should be abstract if they never intend to load directly. .. change:: :tags: bug, mssql, regression :tickets: 8525 Fixed yet another regression in SQL Server isolation level fetch (see :ticket:`8231`, :ticket:`8475`), this time with &quot;Microsoft Dynamics CRM Database via Azure Active Directory&quot;, which apparently lacks the ``system_views`` view entirely. Error catching has been extended that under no circumstances will this method ever fail, provided database connectivity is present. .. change:: :tags: orm, bug, regression :tickets: 8569 Fixed regression for 1.4 in :func:`_orm.contains_eager` where the &quot;wrap in subquery&quot; logic of :func:`_orm.joinedload` would be inadvertently triggered for use of the :func:`_orm.contains_eager` function with similar statements (e.g. those that use ``distinct()``, ``limit()`` or ``offset()``), which would then lead to secondary issues with queries that used some combinations of SQL label names and aliasing. This &quot;wrapping&quot; is not appropriate for :func:`_orm.contains_eager` which has always had the contract that the user-defined SQL statement is unmodified with the exception of adding the appropriate columns to be fetched. .. change:: :tags: bug, orm, regression :tickets: 8507 Fixed regression where using ORM update() with synchronize_session=&#x27;fetch&#x27; would fail due to the use of evaluators that are now used to determine the in-Python value for expressions in the the SET clause when refreshing objects; if the evaluators make use of math operators against non-numeric values such as PostgreSQL JSONB, the non-evaluable condition would fail to be detected correctly. The evaluator now limits the use of math mutation operators to numeric types only, with the exception of &quot;+&quot; that continues to work for strings as well. SQLAlchemy 2.0 may alter this further by fetching the SET values completely rather than using evaluation. .. change:: :tags: usecase, postgresql :tickets: 8574 :class:`_postgresql.aggregate_order_by` now supports cache generation. .. change:: :tags: bug, mysql :tickets: 8588 Adjusted the regular expression used to match &quot;CREATE VIEW&quot; when testing for views to work more flexibly, no longer requiring the special keyword &quot;ALGORITHM&quot; in the middle, which was intended to be optional but was not working correctly. The change allows view reflection to work more completely on MySQL-compatible variants such as StarRocks. Pull request courtesy John Bodley. .. change:: :tags: bug, engine :tickets: 8536 Fixed issue where mixing &quot;*&quot; with additional explicitly-named column expressions within the columns clause of a :func:`_sql.select` construct would cause result-column targeting to sometimes consider the label name or other non-repeated names to be an ambiguous target. .. changelog:: ``` ### 1.4.41 ``` :released: September 6, 2022 .. change:: :tags: bug, sql :tickets: 8441 Fixed issue where use of the :func:`_sql.table` construct, passing a string for the :paramref:`_sql.table.schema` parameter, would fail to take the &quot;schema&quot; string into account when producing a cache key, thus leading to caching collisions if multiple, same-named :func:`_sql.table` constructs with different schemas were used. .. change:: :tags: bug, events, orm :tickets: 8467 Fixed event listening issue where event listeners added to a superclass would be lost if a subclass were created which then had its own listeners associated. The practical example is that of the :class:`.sessionmaker` class created after events have been associated with the :class:`_orm.Session` class. .. change:: :tags: orm, bug :tickets: 8401 Hardened the cache key strategy for the :func:`_orm.aliased` and :func:`_orm.with_polymorphic` constructs. While no issue involving actual statements being cached can easily be demonstrated (if at all), these two constructs were not including enough of what makes them unique in their cache keys for caching on the aliased construct alone to be accurate. .. change:: :tags: bug, orm, regression :tickets: 8456 Fixed regression appearing in the 1.4 series where a joined-inheritance query placed as a subquery within an enclosing query for that same entity would fail to render the JOIN correctly for the inner query. The issue manifested in two different ways prior and subsequent to version 1.4.18 (related issue :ticket:`6595`), in one case rendering JOIN twice, in the other losing the JOIN entirely. To resolve, the conditions under which &quot;polymorphic loading&quot; are applied have been scaled back to not be invoked for simple joined inheritance queries. .. change:: :tags: bug, orm :tickets: 8446 Fixed issue in :mod:`sqlalchemy.ext.mutable` extension where collection links to the parent object would be lost if the object were merged with :meth:`.Session.merge` while also passing :paramref:`.Session.merge.load` as False. .. change:: :tags: bug, orm :tickets: 8399 Fixed issue involving :func:`_orm.with_loader_criteria` where a closure variable used as bound parameter value within the lambda would not carry forward correctly into additional relationship loaders such as :func:`_orm.selectinload` and :func:`_orm.lazyload` after the statement were cached, using the stale originally-cached value instead. .. change:: :tags: bug, mssql, regression :tickets: 8475 Fixed regression caused by the fix for :ticket:`8231` released in 1.4.40 where connection would fail if the user did not have permission to query the ``dm_exec_sessions`` or ``dm_pdw_nodes_exec_sessions`` system views when trying to determine the current transaction isolation level. .. change:: :tags: bug, asyncio :tickets: 8419 Integrated support for asyncpg&#x27;s ``terminate()`` method call for cases where the connection pool is recycling a possibly timed-out connection, where a connection is being garbage collected that wasn&#x27;t gracefully closed, as well as when the connection has been invalidated. This allows asyncpg to abandon the connection without waiting for a response that may incur long timeouts. .. changelog:: ``` ### 1.4.40 ``` :released: August 8, 2022 .. change:: :tags: bug, orm :tickets: 8357 Fixed issue where referencing a CTE multiple times in conjunction with a polymorphic SELECT could result in multiple &quot;clones&quot; of the same CTE being constructed, which would then trigger these two CTEs as duplicates. To resolve, the two CTEs are deep-compared when this occurs to ensure that they are equivalent, then are treated as equivalent. .. change:: :tags: bug, orm, declarative :tickets: 8190 Fixed issue where a hierarchy of classes set up as an abstract or mixin declarative classes could not declare standalone columns on a superclass that would then be copied correctly to a :class:`_orm.declared_attr` callable that wanted to make use of them on a descendant class. .. change:: :tags: bug, types :tickets: 7249 Fixed issue where :class:`.TypeDecorator` would not correctly proxy the ``__getitem__()`` operator when decorating the :class:`_types.ARRAY` datatype, without explicit workarounds. .. change:: :tags: bug, asyncio :tickets: 8145 Added ``asyncio.shield()`` to the connection and session release process specifically within the ``__aexit__()`` context manager exit, when using :class:`.AsyncConnection` or :class:`.AsyncSession` as a context manager that releases the object when the context manager is complete. This appears to help with task cancellation when using alternate concurrency libraries such as ``anyio``, ``uvloop`` that otherwise don&#x27;t provide an async context for the connection pool to release the connection properly during task cancellation. .. change:: :tags: bug, postgresql :tickets: 4392 Fixed issue in psycopg2 dialect where the &quot;multiple hosts&quot; feature implemented for :ticket:`4392`, where multiple ``host:port`` pairs could be passed in the query string as ``?host=host1:port1&amp;host=host2:port2&amp;host=host3:port3`` was not implemented correctly, as it did not propagate the &quot;port&quot; parameter appropriately. Connections that didn&#x27;t use a different &quot;port&quot; likely worked without issue, and connections that had &quot;port&quot; for some of the entries may have incorrectly passed on that hostname. The format is now corrected to pass hosts/ports appropriately. As part of this change, maintained support for another multihost style that worked unintentionally, which is comma-separated ``?host=h1,h2,h3&amp;port=p1,p2,p3``. This format is more consistent with libpq&#x27;s query-string format, whereas the previous format is inspired by a different aspect of libpq&#x27;s URI format but is not quite the same thing. If the two styles are mixed together, an error is raised as this is ambiguous. .. change:: :tags: bug, sql :tickets: 8253 Adjusted the SQL compilation for string containment functions ``.contains()``, ``.startswith()``, ``.endswith()`` to force the use of the string concatenation operator, rather than relying upon the overload of the addition operator, so that non-standard use of these operators with for example bytestrings still produces string concatenation operators. .. change:: :tags: bug, orm :tickets: 8235 A :func:`_sql.select` construct that is passed a sole &#x27;*&#x27; argument for ``SELECT *``, either via string, :func:`_sql.text`, or :func:`_sql.literal_column`, will be interpreted as a Core-level SQL statement rather than as an ORM level statement. This is so that the ``*``, when expanded to match any number of columns, will result in all columns returned in the result. the ORM- level interpretation of :func:`_sql.select` needs to know the names and types of all ORM columns up front which can&#x27;t be achieved when ``&#x27;*&#x27;`` is used. If ``&#x27;*`` is used amongst other expressions simultaneously with an ORM statement, an error is raised as this can&#x27;t be interpreted correctly by the ORM. .. change:: :tags: bug, mssql :tickets: 8210 Fixed issues that prevented the new usage patterns for using DML with ORM objects presented at :ref:`orm_dml_returning_objects` from working correctly with the SQL Server pyodbc dialect. .. change:: :tags: bug, mssql :tickets: 8231 Fixed issue where the SQL Server dialect&#x27;s query for the current isolation level would fail on Azure Synapse Analytics, due to the way in which this database handles transaction rollbacks after an error has occurred. The initial query has been modified to no longer rely upon catching an error when attempting to detect the appropriate system view. Additionally, to better support this database&#x27;s very specific &quot;rollback&quot; behavior, implemented new parameter ``ignore_no_transaction_on_rollback`` indicating that a rollback should ignore Azure Synapse error &#x27;No corresponding transaction found. (111214)&#x27;, which is raised if no transaction is --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 01:34:00 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 01:34:01 +03:00

[PR #314] [CLOSED] Scheduled weekly dependency update for week 10 #322

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pyup-scheduled-update-2026-04-20

pyup-scheduled-update-2024-09-16

pyup-scheduled-update-2023-07-24

pyup-scheduled-update-2023-06-19

pyup-scheduled-update-2023-05-22

pyup-scheduled-update-2023-05-15

pyup-scheduled-update-2023-05-08

dependabot/pip/flask-2.3.2

pyup-scheduled-update-2023-05-01

pyup-scheduled-update-2023-04-03

dependabot/pip/werkzeug-2.2.3

pyup-scheduled-update-2022-11-14

pyup-scheduled-update-2022-10-03

pyup-scheduled-update-2022-08-01

pyup-scheduled-update-2022-06-13

pyup-scheduled-update-2022-05-30

pyup-scheduled-update-2022-03-07

pyup-scheduled-update-2022-01-10

pyup-scheduled-update-2021-11-01

pyup-scheduled-update-2020-10-05

pyup-scheduled-update-2019-09-30

pyup-scheduled-update-2019-07-29

pyup-scheduled-update-2019-07-22

pyup-scheduled-update-2019-05-27

pyup-scheduled-update-2019-03-11

marshmallow

pyup-scheduled-update-2019-02-25

pyup-scheduled-update-2019-02-18

pyup-scheduled-update-2019-01-28

pyup-scheduled-update-2019-01-14

docker

name-map-stupid

swagger

fix-pagination

doc-expansion

specify-schema

No results found.

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactoring

  

research

  

wontfix

No labels

bug

duplicate

enhancement

help wanted

invalid

pull-request

question

refactoring

research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sandman2-jeffknupp#314

No description provided.