[PR #309] [CLOSED] Scheduled weekly dependency update for week 06 #317

New issue

Closed

opened 2026-02-26 01:34:00 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 01:34:00 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/jeffknupp/sandman2/pull/309
Author: @pyup-bot
Created: 2/6/2023
Status: ❌ Closed

Base: master ← Head: pyup-scheduled-update-2023-02-06

---

📝 Commits (10+)

• 1d646fe Update flask from 1.1.2 to 2.2.2
• 2d00d2e Update flask-admin from 1.5.7 to 1.6.0
• 38ffa70 Update flask-sqlalchemy from 2.4.4 to 3.0.3
• 68dfbf6 Update sqlalchemy from 1.3.20 to 2.0.1
• 3dba065 Update wtforms from 2.3.3 to 3.0.1
• 3cc4c10 Update coverage from 5.3 to 7.1.0
• 9373314 Update pytest from 6.2.0 to 7.2.1
• b083262 Update flask-cors from 3.0.9 to 3.0.10
• 5338dc3 Update pytest-cov from 2.10.1 to 4.0.0
• 6ceffdf Update pytest-flask from 1.1.0 to 1.2.0

📊 Changes

1 file changed (+15 additions, -15 deletions)

View changed files

📝 requirements.txt (+15 -15)

📄 Description

Update Flask from 1.1.2 to 2.2.2.

Changelog

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``setuptools`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://pyup.io/changelogs/flask/
• Homepage: https://palletsprojects.com/p/flask

Update Flask-Admin from 1.5.7 to 1.6.0.

Changelog

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://pyup.io/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.0.3.

Changelog

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have
 changed to return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://pyup.io/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/Flask-SQLAlchemy/

Update SQLAlchemy from 1.3.20 to 2.0.1.

Changelog

2.0.0rc3

:released: January 18, 2023

 .. change::
     :tags: bug, typing
     :tickets: 9096

     Fixes to the annotations within the ``sqlalchemy.ext.hybrid`` extension for
     more effective typing of user-defined methods. The typing now uses
     :pep:`612` features, now supported by recent versions of Mypy, to maintain
     argument signatures for :class:`.hybrid_method`. Return values for hybrid
     methods are accepted as SQL expressions in contexts such as
     :meth:`_sql.Select.where` while still supporting SQL methods.

 .. change::
     :tags: bug, orm
     :tickets: 9099

     Fixed issue where using a pep-593 ``Annotated`` type in the
     :paramref:`_orm.registry.type_annotation_map` which itself contained a
     generic plain container or ``collections.abc`` type (e.g. ``list``,
     ``dict``, ``collections.abc.Sequence``, etc. ) as the target type would
     produce an internal error when the ORM were trying to interpret the
     ``Annotated`` instance.



 .. change::
     :tags: bug, orm
     :tickets: 9100

     Added an error message when a :func:`_orm.relationship` is mapped against
     an abstract container type, such as ``Mapped[Sequence[B]]``, without
     providing the :paramref:`_orm.relationship.container_class` parameter which
     is necessary when the type is abstract. Previously the the abstract
     container would attempt to be instantiated at a later step and fail.



 .. change::
     :tags: orm, feature
     :tickets: 9060

     Added a new parameter to :class:`_orm.Mapper` called
     :paramref:`_orm.Mapper.polymorphic_abstract`. The purpose of this directive
     is so that the ORM will not consider the class to be instantiated or loaded
     directly, only subclasses. The actual effect is that the
     :class:`_orm.Mapper` will prevent direct instantiation of instances
     of the class and will expect that the class does not have a distinct
     polymorphic identity configured.

     In practice, the class that is mapped with
     :paramref:`_orm.Mapper.polymorphic_abstract` can be used as the target of a
     :func:`_orm.relationship` as well as be used in queries; subclasses must of
     course include polymorphic identities in their mappings.

     The new parameter is automatically applied to classes that subclass
     the :class:`.AbstractConcreteBase` class, as this class is not intended
     to be instantiated.

     .. seealso::

         :ref:`orm_inheritance_abstract_poly`


 .. change::
     :tags: bug, postgresql
     :tickets: 9106

     Fixed regression where psycopg3 changed an API call as of version 3.1.8 to
     expect a specific object type that was previously not enforced, breaking
     connectivity for the psycopg3 dialect.

 .. change::
     :tags: oracle, usecase
     :tickets: 9086

     Added support for the Oracle SQL type ``TIMESTAMP WITH LOCAL TIME ZONE``,
     using a newly added Oracle-specific :class:`_oracle.TIMESTAMP` datatype.

.. changelog::

2.0.0rc2

:released: January 9, 2023

 .. change::
     :tags: bug, typing
     :tickets: 9067

     The Data Class Transforms argument ``field_descriptors`` was renamed
     to ``field_specifiers`` in the accepted version of PEP 681.

 .. change::
     :tags: bug, oracle
     :tickets: 9059

     Supported use case for foreign key constraints where the local column is
     marked as "invisible". The errors normally generated when a
     :class:`.ForeignKeyConstraint` is created that check for the target column
     are disabled when reflecting, and the constraint is skipped with a warning
     in the same way which already occurs for an :class:`.Index` with a similar
     issue.

 .. change::
     :tags: bug, orm
     :tickets: 9071

     Fixed issue where an overly restrictive ORM mapping rule were added in 2.0
     which prevented mappings against :class:`.TableClause` objects, such as
     those used in the view recipe on the wiki.

 .. change::
     :tags: bug, mysql
     :tickets: 9058

     Restored the behavior of :meth:`.Inspector.has_table` to report on
     temporary tables for MySQL / MariaDB. This is currently the behavior for
     all other included dialects, but was removed for MySQL in 1.4 due to no
     longer using the DESCRIBE command; there was no documented support for temp
     tables being reported by the :meth:`.Inspector.has_table` method in this
     version or on any previous version, so the previous behavior was undefined.

     As SQLAlchemy 2.0 has added formal support for temp table status via
     :meth:`.Inspector.has_table`, the MySQL /MariaDB dialect has been reverted
     to use the "DESCRIBE" statement as it did in the SQLAlchemy 1.3 series and
     previously, and test support is added to include MySQL / MariaDB for
     this behavior.   The previous issues with ROLLBACK being emitted which
     1.4 sought to improve upon don't apply in SQLAlchemy 2.0 due to
     simplifications in how :class:`.Connection` handles transactions.

     DESCRIBE is necessary as MariaDB in particular has no consistently
     available public information schema of any kind in order to report on temp
     tables other than DESCRIBE/SHOW COLUMNS, which rely on throwing an error
     in order to report no results.

 .. change::
     :tags: json, postgresql
     :tickets: 7147

     Implemented missing ``JSONB`` operations:

     * ` using :meth:`_postgresql.JSONB.Comparator.path_match`
     * ``?`` using :meth:`_postgresql.JSONB.Comparator.path_exists`
     * ``-`` using :meth:`_postgresql.JSONB.Comparator.delete_path`

     Pull request curtesy of Guilherme Martins Crocetti.

.. changelog::

2.0.0rc1

:released: December 28, 2022

 .. change::
     :tags: bug, typing
     :tickets: 6810, 9025

     pep-484 typing has been completed for the
     ``sqlalchemy.ext.horizontal_shard`` extension as well as the
     ``sqlalchemy.orm.events`` module. Thanks to Gleb Kisenkov for their
     efforts.


 .. change::
     :tags: postgresql, bug
     :tickets: 8977
     :versions: 2.0.0rc1

     Added support for explicit use of PG full text functions with asyncpg and
     psycopg (SQLAlchemy 2.0 only), with regards to the ``REGCONFIG`` type cast
     for the first argument, which previously would be incorrectly cast to a
     VARCHAR, causing failures on these dialects that rely upon explicit type
     casts. This includes support for :class:`_postgresql.to_tsvector`,
     :class:`_postgresql.to_tsquery`, :class:`_postgresql.plainto_tsquery`,
     :class:`_postgresql.phraseto_tsquery`,
     :class:`_postgresql.websearch_to_tsquery`,
     :class:`_postgresql.ts_headline`, each of which will determine based on
     number of arguments passed if the first string argument should be
     interpreted as a PostgreSQL "REGCONFIG" value; if so, the argument is typed
     using a newly added type object :class:`_postgresql.REGCONFIG` which is
     then explicitly cast in the SQL expression.


 .. change::
     :tags: bug, orm
     :tickets: 4629

     A warning is emitted if a backref name used in :func:`_orm.relationship`
     names an attribute on the target class which already has a method or
     attribute assigned to that name, as the backref declaration will replace
     that attribute.

 .. change::
     :tags: bug, postgresql
     :tickets: 9020

     Fixed regression where newly revised PostgreSQL range types such as
     :class:`_postgresql.INT4RANGE` could not be set up as the impl of a
     :class:`.TypeDecorator` custom type, instead raising a ``TypeError``.

 .. change::
     :tags: usecase, orm
     :tickets: 7837

     Adjustments to the :class:`_orm.Session` in terms of extensibility,
     as well as updates to the :class:`.ShardedSession` extension:

     * :meth:`_orm.Session.get` now accepts
       :paramref:`_orm.Session.get.bind_arguments`, which in particular may be
       useful when using the horizontal sharding extension.

     * :meth:`_orm.Session.get_bind` accepts arbitrary kw arguments, which
       assists in developing code that uses a :class:`_orm.Session` class which
       overrides this method with additional arguments.

     * Added a new ORM execution option ``identity_token`` which may be used
       to directly affect the "identity token" that will be associated with
       newly loaded ORM objects.  This token is how sharding approaches
       (namely the :class:`.ShardedSession`, but can be used in other cases
       as well) separate object identities across different "shards".

       .. seealso::

           :ref:`queryguide_identity_token`

     * The :meth:`_orm.SessionEvents.do_orm_execute` event hook may now be used
       to affect all ORM-related options, including ``autoflush``,
       ``populate_existing``, and ``yield_per``; these options are re-consumed
       subsequent to event hooks being invoked before they are acted upon.
       Previously, options like ``autoflush`` would have been already evaluated
       at this point. The new ``identity_token`` option is also supported in
       this mode and is now used by the horizontal sharding extension.


     * The :class:`.ShardedSession` class replaces the
       :paramref:`.ShardedSession.id_chooser` hook with a new hook
       :paramref:`.ShardedSession.identity_chooser`, which no longer relies upon
       the legacy :class:`_orm.Query` object.
       :paramref:`.ShardedSession.id_chooser` is still accepted in place of
       :paramref:`.ShardedSession.identity_chooser` with a deprecation warning.

 .. change::
     :tags: usecase, orm
     :tickets: 9015

     The behavior of "joining an external transaction into a Session" has been
     revised and improved, allowing explicit control over how the
     :class:`_orm.Session` will accommodate an incoming
     :class:`_engine.Connection` that already has a transaction and possibly a
     savepoint already established. The new parameter
     :paramref:`_orm.Session.join_transaction_mode` includes a series of option
     values which can accommodate the existing transaction in several ways, most
     importantly allowing a :class:`_orm.Session` to operate in a fully
     transactional style using savepoints exclusively, while leaving the
     externally initiated transaction non-committed and active under all
     circumstances, allowing test suites to rollback all changes that take place
     within tests.

     Additionally, revised the :meth:`_orm.Session.close` method to fully close
     out savepoints that may still be present, which also allows the
     "external transaction" recipe to proceed without warnings if the
     :class:`_orm.Session` did not explicitly end its own SAVEPOINT
     transactions.

     .. seealso::

         :ref:`change_9015`


 .. change::
     :tags: bug, sql
     :tickets: 8988

     Added test support to ensure that all compiler ``visit_xyz()`` methods
     across all :class:`.Compiler` implementations in SQLAlchemy accept a
     ``**kw`` parameter, so that all compilers accept additional keyword
     arguments under all circumstances.

 .. change::
     :tags: bug, postgresql
     :tickets: 8984

     The :meth:`_postgresql.Range.__eq___` will now return ``NotImplemented``
     when comparing with an instance of a different class, instead of raising
     an :exc:`AttributeError` exception.

 .. change::
     :tags: bug, sql
     :tickets: 6114

     The :meth:`.SQLCompiler.construct_params` method, as well as the
     :attr:`.SQLCompiler.params` accessor, will now return the
     exact parameters that correspond to a compiled statement that used
     the ``render_postcompile`` parameter to compile.   Previously,
     the method returned a parameter structure that by itself didn't correspond
     to either the original parameters or the expanded ones.

     Passing a new dictionary of parameters to
     :meth:`.SQLCompiler.construct_params` for a :class:`.SQLCompiler` that was
     constructed with ``render_postcompile`` is now disallowed; instead, to make
     a new SQL string and parameter set for an alternate set of parameters, a
     new method :meth:`.SQLCompiler.construct_expanded_state` is added which
     will produce a new expanded form for the given parameter set, using the
     :class:`.ExpandedState` container which includes a new SQL statement
     and new parameter dictionary, as well as a positional parameter tuple.


 .. change::
     :tags: bug, orm
     :tickets: 8703, 8997, 8996

     A series of changes and improvements regarding
     :meth:`_orm.Session.refresh`. The overall change is that primary key
     attributes for an object are now included in a refresh operation
     unconditionally when relationship-bound attributes are to be refreshed,
     even if not expired and even if not specified in the refresh.

     * Improved :meth:`_orm.Session.refresh` so that if autoflush is enabled
       (as is the default for :class:`_orm.Session`), the autoflush takes place
       at an earlier part of the refresh process so that pending primary key
       changes are applied without errors being raised.  Previously, this
       autoflush took place too late in the process and the SELECT statement
       would not use the correct key to locate the row and an
       :class:`.InvalidRequestError` would be raised.

     * When the above condition is present, that is, unflushed primary key
       changes are present on the object, but autoflush is not enabled,
       the refresh() method now explicitly disallows the operation to proceed,
       and an informative :class:`.InvalidRequestError` is raised asking that
       the pending primary key changes be flushed first.  Previously,
       this use case was simply broken and :class:`.InvalidRequestError`
       would be raised anyway. This restriction is so that it's safe for the
       primary key attributes to be refreshed, as is necessary for the case of
       being able to refresh the object with relationship-bound secondary
       eagerloaders also being emitted. This rule applies in all cases to keep
       API behavior consistent regardless of whether or not the PK cols are
       actually needed in the refresh, as it is unusual to be refreshing
       some attributes on an object while keeping other attributes "pending"
       in any case.

     * The :meth:`_orm.Session.refresh` method has been enhanced such that
       attributes which are :func:`_orm.relationship`-bound and linked to an
       eager loader, either at mapping time or via last-used loader options,
       will be refreshed in all cases even when a list of attributes is passed
       that does not include any columns on the parent row. This builds upon the
       feature first implemented for non-column attributes as part of
       :ticket:`1763` fixed in 1.4 allowing eagerly-loaded relationship-bound
       attributes to participate in the :meth:`_orm.Session.refresh` operation.
       If the refresh operation does not indicate any columns on the parent row
       to be refreshed, the primary key columns will nonetheless be included
       in the refresh operation, which allows the load to proceed into the
       secondary relationship loaders indicated as it does normally.
       Previously an :class:`.InvalidRequestError` error would be raised
       for this condition (:ticket:`8703`)

     * Fixed issue where an unnecessary additional SELECT would be emitted in
       the case where :meth:`_orm.Session.refresh` were called with a
       combination of expired attributes, as well as an eager loader such as
       :func:`_orm.selectinload` that emits a "secondary" query, if the primary
       key attributes were also in an expired state.  As the primary key
       attributes are now included in the refresh automatically, there is no
       additional load for these attributes when a relationship loader
       goes to select for them (:ticket:`8997`)

     * Fixed regression caused by :ticket:`8126` released in 2.0.0b1 where the
       :meth:`_orm.Session.refresh` method would fail with an
       ``AttributeError``, if passed both an expired column name as well as the
       name of a relationship-bound attribute that was linked to a "secondary"
       eagerloader such as the :func:`_orm.selectinload` eager loader
       (:ticket:`8996`)

 .. change::
     :tags: bug, sql
     :tickets: 8994

     To accommodate for third party dialects with different character escaping
     needs regarding bound parameters, the system by which SQLAlchemy "escapes"
     (i.e., replaces with another character in its place) special characters in
     bound parameter names has been made extensible for third party dialects,
     using the :attr:`.SQLCompiler.bindname_escape_chars` dictionary which can
     be overridden at the class declaration level on any :class:`.SQLCompiler`
     subclass. As part of this change, also added the dot ``"."`` as a default
     "escaped" character.


 .. change::
     :tags: orm, feature
     :tickets: 8889

     Added a new default value for the :paramref:`.Mapper.eager_defaults`
     parameter "auto", which will automatically fetch table default values
     during a unit of work flush, if the dialect supports RETURNING for the
     INSERT being run, as well as
     :ref:`insertmanyvalues <engine_insertmanyvalues>` available. Eager fetches
     for server-side UPDATE defaults, which are very uncommon, continue to only
     take place if :paramref:`.Mapper.eager_defaults` is set to ``True``, as
     there is no batch-RETURNING form for UPDATE statements.


 .. change::
     :tags: usecase, orm
     :tickets: 8973

     Removed the requirement that the ``__allow_unmapped__`` attribute be used
     on Declarative Dataclass Mapped class when non-``Mapped[]`` annotations are
     detected; previously, an error message that was intended to support legacy
     ORM typed mappings would be raised, which additionally did not mention
     correct patterns to use with Dataclasses specifically. This error message
     is now no longer raised if :meth:`_orm.registry.mapped_as_dataclass` or
     :class:`_orm.MappedAsDataclass` is used.

     .. seealso::

         :ref:`orm_declarative_native_dataclasses_non_mapped_fields`


 .. change::
     :tags: bug, orm
     :tickets: 8168

     Improved a fix first made in version 1.4 for :ticket:`8456` which scaled
     back the usage of internal "polymorphic adapters", that are used to render
     ORM queries when the :paramref:`_orm.Mapper.with_polymorphic` parameter is
     used. These adapters, which are very complex and error prone, are now used
     only in those cases where an explicit user-supplied subquery is used for
     :paramref:`_orm.Mapper.with_polymorphic`, which includes only the use case
     of concrete inheritance mappings that use the
     :func:`_orm.polymorphic_union` helper, as well as the legacy use case of
     using an aliased subquery for joined inheritance mappings, which is not
     needed in modern use.

     For the most common case of joined inheritance mappings that use the
     built-in polymorphic loading scheme, which includes those which make use of
     the :paramref:`_orm.Mapper.polymorphic_load` parameter set to ``inline``,
     polymorphic adapters are now no longer used. This has both a positive
     performance impact on the construction of queries as well as a
     substantial simplification of the internal query rendering process.

     The specific issue targeted was to allow a :func:`_orm.column_property`
     to refer to joined-inheritance classes within a scalar subquery, which now
     works as intuitively as is feasible.



.. changelog::

2.0.0b4

:released: December 5, 2022

 .. change::
     :tags: usecase, orm
     :tickets: 8859

     Added support custom user-defined types which extend the Python
     ``enum.Enum`` base class to be resolved automatically
     to SQLAlchemy :class:`.Enum` SQL types, when using the Annotated
     Declarative Table feature.  The feature is made possible through new
     lookup features added to the ORM type map feature, and includes support
     for changing the arguments of the :class:`.Enum` that's generated by
     default as well as setting up specific ``enum.Enum`` types within
     the map with specific arguments.

     .. seealso::

         :ref:`orm_declarative_mapped_column_enums`

 .. change::
     :tags: bug, typing
     :tickets: 8783

     Adjusted internal use of the Python ``enum.IntFlag`` class which changed
     its behavioral contract in Python 3.11. This was not causing runtime
     failures however caused typing runs to fail under Python 3.11.

 .. change::
     :tags: usecase, typing
     :tickets: 8847

     Added a new type :class:`.SQLColumnExpression` which may be indicated in
     user code to represent any SQL column oriented expression, including both
     those based on :class:`.ColumnElement` as well as on ORM
     :class:`.QueryableAttribute`. This type is a real class, not an alias, so
     can also be used as the foundation for other objects.  An additional
     ORM-specific subclass :class:`.SQLORMExpression` is also included.


 .. change::
     :tags: bug, typing
     :tickets: 8667, 6810

     The ``sqlalchemy.ext.mutable`` extension and ``sqlalchemy.ext.automap``
     extensions are now fully pep-484 typed. Huge thanks to Gleb Kisenkov for
     their efforts on this.



 .. change::
     :tags: bug, sql
     :tickets: 8849

     The approach to the ``numeric`` pep-249 paramstyle has been rewritten, and
     is now fully supported, including by features such as "expanding IN" and
     "insertmanyvalues". Parameter names may also be repeated in the source SQL
     construct which will be correctly represented within the numeric format
     using a single parameter. Introduced an additional numeric paramstyle
     called ``numeric_dollar``, which is specifically what's used by the asyncpg
     dialect; the paramstyle is equivalent to ``numeric`` except numeric
     indicators are indicated by a dollar-sign rather than a colon. The asyncpg
     dialect now uses ``numeric_dollar`` paramstyle directly, rather than
     compiling to ``format`` style first.

     The ``numeric`` and ``numeric_dollar`` paramstyles assume that the target
     backend is capable of receiving the numeric parameters in any order,
     and will match the given parameter values to the statement based on
     matching their position (1-based) to the numeric indicator.  This is the
     normal behavior of "numeric" paramstyles, although it was observed that
     the SQLite DBAPI implements a not-used "numeric" style that does not honor
     parameter ordering.

 .. change::
     :tags: usecase, postgresql
     :tickets: 8765

     Complementing :ticket:`8690`, new comparison methods such as
     :meth:`_postgresql.Range.adjacent_to`,
     :meth:`_postgresql.Range.difference`, :meth:`_postgresql.Range.union`,
     etc., were added to the PG-specific range objects, bringing them in par
     with the standard operators implemented by the underlying
     :attr:`_postgresql.AbstractRange.comparator_factory`.

     In addition, the ``__bool__()`` method of the class has been corrected to
     be consistent with the common Python containers behavior as well as how
     other popular PostgreSQL drivers do: it now tells whether the range
     instance is *not* empty, rather than the other way around.

     Pull request courtesy Lele Gaifax.

 .. change::
     :tags: bug, sql
     :tickets: 8770

     Adjusted the rendering of ``RETURNING``, in particular when using
     :class:`_sql.Insert`, such that it now renders columns using the same logic
     as that of the :class:`.Select` construct to generate labels, which will
     include disambiguating labels, as well as that a SQL function surrounding a
     named column will be labeled using the column name itself. This establishes
     better cross-compatibility when selecting rows from either :class:`.Select`
     constructs or from DML statements that use :meth:`.UpdateBase.returning`. A
     narrower scale change was also made for the 1.4 series that adjusted the
     function label issue only.

 .. change::
     :tags: change, postgresql, asyncpg
     :tickets: 8926

     Changed the paramstyle used by asyncpg from ``format`` to
     ``numeric_dollar``. This has two main benefits since it does not require
     additional processing of the statement and allows for duplicate parameters
     to be present in the statements.

 .. change::
     :tags: bug, orm
     :tickets: 8888

     Fixed issue where use of an unknown datatype within a :class:`.Mapped`
     annotation for a column-based attribute would silently fail to map the
     attribute, rather than reporting an exception; an informative exception
     message is now raised.

 .. change::
     :tags: bug, orm
     :tickets: 8777

     Fixed a suite of issues involving :class:`.Mapped` use with dictionary
     types, such as ``Mapped[dict[str, str] | None]``, would not be correctly
     interpreted in Declarative ORM mappings. Support to correctly
     "de-optionalize" this type including for lookup in ``type_annotation_map``
     has been fixed.

 .. change::
     :tags: feature, orm
     :tickets: 8822

     Added a new parameter :paramref:`_orm.mapped_column.use_existing_column` to
     accommodate the use case of a single-table inheritance mapping that uses
     the pattern of more than one subclass indicating the same column to take
     place on the superclass. This pattern was previously possible by using
     :func:`_orm.declared_attr` in conjunction with locating the existing column
     in the ``.__table__`` of the superclass, however is now updated to work
     with :func:`_orm.mapped_column` as well as with pep-484 typing, in a
     simple and succinct way.

     .. seealso::

        :ref:`orm_inheritance_column_conflicts`




 .. change::
     :tags: bug, mssql
     :tickets: 8917

     Fixed regression caused by the combination of :ticket:`8177`, re-enable
     setinputsizes for SQL server unless fast_executemany + DBAPI executemany is
     used for a statement, along with :ticket:`6047`, implement
     "insertmanyvalues", which bypasses DBAPI executemany in place of a custom
     DBAPI execute for INSERT statements. setinputsizes would incorrectly not be
     used for a multiple parameter-set INSERT statement that used
     "insertmanyvalues" if fast_executemany were turned on, as the check would
     incorrectly assume this is a DBAPI executemany call.  The "regression"
     would then be that the "insertmanyvalues" statement format is apparently
     slightly more sensitive to multiple rows that don't use the same types
     for each row, so in such a case setinputsizes is especially needed.

     The fix repairs the fast_executemany check so that it only disables
     setinputsizes if true DBAPI executemany is to be used.

 .. change::
     :tags: bug, orm, performance
     :tickets: 8796

     Additional performance enhancements within ORM-enabled SQL statements,
     specifically targeting callcounts within the construction of ORM
     statements, using combinations of :func:`_orm.aliased` with
     :func:`_sql.union` and similar "compound" constructs, in addition to direct
     performance improvements to the ``corresponding_column()`` internal method
     that is used heavily by the ORM by constructs like :func:`_orm.aliased` and
     similar.


 .. change::
     :tags: bug, postgresql
     :tickets: 8884

     Added additional type-detection for the new PostgreSQL
     :class:`_postgresql.Range` type, where previous cases that allowed the
     psycopg2-native range objects to be received directly by the DBAPI without
     SQLAlchemy intercepting them stopped working, as we now have our own value
     object. The :class:`_postgresql.Range` object has been enhanced such that
     SQLAlchemy Core detects it in otherwise ambiguous situations (such as
     comparison to dates) and applies appropriate bind handlers. Pull request
     courtesy Lele Gaifax.

 .. change::
     :tags: bug, orm
     :tickets: 8880

     Fixed bug in :ref:`orm_declarative_native_dataclasses` feature where using
     plain dataclass fields with the ``__allow_unmapped__`` directive in a
     mapping would not create a dataclass with the correct class-level state for
     those fields, copying the raw ``Field`` object to the class inappropriately
     after dataclasses itself had replaced the ``Field`` object with the
     class-level default value.

 .. change::
     :tags: usecase, orm extensions
     :tickets: 8878

     Added support for the :func:`.association_proxy` extension function to
     take part within Python ``dataclasses`` configuration, when using
     the native dataclasses feature described at
     :ref:`orm_declarative_native_dataclasses`.  Included are attribute-level
     arguments including :paramref:`.association_proxy.init` and
     :paramref:`.association_proxy.default_factory`.

     Documentation for association proxy has also been updated to use
     "Annotated Declarative Table" forms within examples, including type
     annotations used for :class:`.AssocationProxy` itself.


 .. change::
     :tags: bug, typing

     Corrected typing support for the :paramref:`_orm.relationship.secondary`
     argument which may also accept a callable (lambda) that returns a
     :class:`.FromClause`.

 .. change::
     :tags: bug, orm, regression
     :tickets: 8812

     Fixed regression where flushing a mapped class that's mapped against a
     subquery, such as a direct mapping or some forms of concrete table
     inheritance, would fail if the :paramref:`_orm.Mapper.eager_defaults`
     parameter were used.

 .. change::
     :tags: bug, schema
     :tickets: 8925

     Stricter rules are in place for appending of :class:`.Column` objects to
     :class:`.Table` objects, both moving some previous deprecation warnings to
     exceptions, and preventing some previous scenarios that would cause
     duplicate columns to appear in tables, when
     :paramref:`.Table.extend_existing` were set to ``True``, for both
     programmatic :class:`.Table` construction as well as during reflection
     operations.

     See :ref:`change_8925` for a rundown of these changes.

     .. seealso::

         :ref:`change_8925`

 .. change::
     :tags: usecase, orm
     :tickets: 8905

     Added :paramref:`_orm.mapped_column.compare` parameter to relevant ORM
     attribute constructs including :func:`_orm.mapped_column`,
     :func:`_orm.relationship` etc. to provide for the Python dataclasses
     ``compare`` parameter on ``field()``, when using the
     :ref:`orm_declarative_native_dataclasses` feature. Pull request courtesy
     Simon Schiele.

 .. change::
     :tags: sql, usecase
     :tickets: 6289

     Added :class:`_expression.ScalarValues` that can be used as a column
     element allowing using :class:`_expression.Values` inside ``IN`` clauses
     or in conjunction with ``ANY`` or ``ALL`` collection aggregates.
     This new class is generated using the method
     :meth:`_expression.Values.scalar_values`.
     The :class:`_expression.Values` instance is now coerced to a
     :class:`_expression.ScalarValues` when used in a ``IN`` or ``NOT IN``
     operation.

 .. change::
     :tags: bug, orm
     :tickets: 8853

     Fixed regression in 2.0.0b3 caused by :ticket:`8759` where indicating the
     :class:`.Mapped` name using a qualified name such as
     ``sqlalchemy.orm.Mapped`` would fail to be recognized by Declarative as
     indicating the :class:`.Mapped` construct.

 .. change::
     :tags: bug, typing
     :tickets: 8842

     Improved the typing for :class:`.sessionmaker` and
     :class:`.async_sessionmaker`, so that the default type of their return value
     will be :class:`.Session` or :class:`.AsyncSession`, without the need to
     type this explicitly. Previously, Mypy would not automaticaly infer these
     return types from its generic base.

     As part of this change, arguments for :class:`.Session`,
     :class:`.AsyncSession`, :class:`.sessionmaker` and
     :class:`.async_sessionmaker` beyond the initial "bind" argument have been
     made keyword-only, which includes parameters that have always been
     documented as keyword arguments, such as :paramref:`.Session.autoflush`,
     :paramref:`.Session.class_`, etc.

     Pull request courtesy Sam Bull.


 .. change::
     :tags: bug, typing
     :tickets: 8776

     Fixed issue where passing a callbale function returning an iterable
     of column elements to :paramref:`_orm.relationship.order_by` was
     flagged as an error in type checkers.

.. changelog::

2.0.0b3

:released: November 4, 2022

 .. change::
     :tags: bug, orm, declarative
     :tickets: 8759

     Added support in ORM declarative annotations for class names specified for
     :func:`_orm.relationship`, as well as the name of the :class:`_orm.Mapped`
     symbol itself, to be different names than their direct class name, to
     support scenarios such as where :class:`_orm.Mapped` is imported as
     ``from sqlalchemy.orm import Mapped as M``, or where related class names
     are imported with an alternate name in a similar fashion. Additionally, a
     target class name given as the lead argument for :func:`_orm.relationship`
     will always supersede the name given in the left hand annotation, so that
     otherwise un-importable names that also don't match the class name can
     still be used in annotations.

 .. change::
     :tags: bug, orm, declarative
     :tickets: 8692

     Improved support for legacy 1.4 mappings that use annotations which don't
     include ``Mapped[]``, by ensuring the ``__allow_unmapped__`` attribute can
     be used to allow such legacy annotations to pass through Annotated
     Declarative without raising an error and without being interpreted in an
     ORM runtime context. Additionally improved the error message generated when
     this condition is detected, and added more documentation for how this
     situation should be handled. Unfortunately the 1.4 WARN_SQLALCHEMY_20
     migration warning cannot detect this particular configurational issue at
     runtime with its current architecture.

 .. change::
     :tags: usecase, postgresql
     :tickets: 8690

     Refined the new approach to range objects described at :ref:`change_7156`
     to accommodate driver-specific range and multirange objects, to better
     accommodate both legacy code as well as when passing results from raw SQL
     result sets back into new range or multirange expressions.

 .. change::
     :tags: usecase, engine
     :tickets: 8717

     Added new parameter :paramref:`.PoolEvents.reset.reset_state` parameter to
     the :meth:`.PoolEvents.reset` event, with deprecation logic in place that
     will continue to accept event hooks using the previous set of arguments.
     This indicates various state information about how the reset is taking
     place and is used to allow custom reset schemes to take place with full
     context given.

     Within this change a fix that's also backported to 1.4 is included which
     re-enables the :meth:`.PoolEvents.reset` event to continue to take place
     under all circumstances, including when :class:`.Connection` has already
     "reset" the connection.

     The two changes together allow custom reset schemes to be implemented using
     the :meth:`.PoolEvents.reset` event, instead of the
     :meth:`.PoolEvents.checkin` event (which continues to function as it always
     has).

 .. change::
     :tags: bug, orm, declarative
     :tickets: 8705

     Changed a fundamental configuration behavior of :class:`.Mapper`, where
     :class:`_schema.Column` objects that are explicitly present in the
     :paramref:`_orm.Mapper.properties` dictionary, either directly or enclosed
     within a mapper property object, will now be mapped within the order of how
     they appear

---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

## 📋 Pull Request Information **Original PR:** https://github.com/jeffknupp/sandman2/pull/309 **Author:** [@pyup-bot](https://github.com/pyup-bot) **Created:** 2/6/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `pyup-scheduled-update-2023-02-06` --- ### 📝 Commits (10+) - [`1d646fe`](https://github.com/jeffknupp/sandman2/commit/1d646fe549dcf11b2a3d386bfae010d444946b64) Update flask from 1.1.2 to 2.2.2 - [`2d00d2e`](https://github.com/jeffknupp/sandman2/commit/2d00d2e0b4c998c0e469126d7671b511e386235f) Update flask-admin from 1.5.7 to 1.6.0 - [`38ffa70`](https://github.com/jeffknupp/sandman2/commit/38ffa7051198cdd2ea3d24706d151b4f7a805885) Update flask-sqlalchemy from 2.4.4 to 3.0.3 - [`68dfbf6`](https://github.com/jeffknupp/sandman2/commit/68dfbf65beae70e4872eae19e2a6b05e5f3bccda) Update sqlalchemy from 1.3.20 to 2.0.1 - [`3dba065`](https://github.com/jeffknupp/sandman2/commit/3dba0658b7ffebe15415deedbb152ce026fe62d7) Update wtforms from 2.3.3 to 3.0.1 - [`3cc4c10`](https://github.com/jeffknupp/sandman2/commit/3cc4c10ece536ccc1ce11507721eb63122af9ab6) Update coverage from 5.3 to 7.1.0 - [`9373314`](https://github.com/jeffknupp/sandman2/commit/93733141bbb87474320ecbda4f7f3907e873acd5) Update pytest from 6.2.0 to 7.2.1 - [`b083262`](https://github.com/jeffknupp/sandman2/commit/b08326282a5307a5ee26f924489432e1b94b28fe) Update flask-cors from 3.0.9 to 3.0.10 - [`5338dc3`](https://github.com/jeffknupp/sandman2/commit/5338dc39d912d08fcb3b726e34cf812f9c74dc17) Update pytest-cov from 2.10.1 to 4.0.0 - [`6ceffdf`](https://github.com/jeffknupp/sandman2/commit/6ceffdf1c9c235ec07b631cd273030ff64f3ea95) Update pytest-flask from 1.1.0 to 1.2.0 ### 📊 Changes **1 file changed** (+15 additions, -15 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+15 -15) </details> ### 📄 Description ### Update [Flask](https://pypi.org/project/Flask) from **1.1.2** to **2.2.2**. <details> <summary>Changelog</summary> ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to &gt;= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``&quot;production&quot;``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to &gt;= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug&#x27;s ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python &lt; 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to &gt;= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client&#x27;s ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``setuptools`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client&#x27;s ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.request.environ`` instead. :pr:`4341` - Fix type annotation for ``errorhandler`` decorator. :issue:`4295` - Revert a change to the CLI that caused it to hide ``ImportError`` tracebacks when importing the application. :issue:`4307` - ``app.json_encoder`` and ``json_decoder`` are only passed to ``dumps`` and ``loads`` if they have custom behavior. This improves performance, mainly on PyPy. :issue:`4349` - Clearer error message when ``after_this_request`` is used outside a request context. :issue:`4333` ``` ### 2.0.2 ``` ------------- Released 2021-10-04 - Fix type annotation for ``teardown_*`` methods. :issue:`4093` - Fix type annotation for ``before_request`` and ``before_app_request`` decorators. :issue:`4104` - Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:`4098` - Support View and MethodView instances with async handlers. :issue:`4112` - Enhance typing of ``app.errorhandler`` decorator. :issue:`4095` - Fix registering a blueprint twice with differing names. :issue:`4124` - Fix the type of ``static_folder`` to accept ``pathlib.Path``. :issue:`4150` - ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``. :issue:`4157` - Correctly handle raising deferred errors in CLI lazy loading. :issue:`4096` - The CLI loader handles ``**kwargs`` in a ``create_app`` function. :issue:`4170` - Fix the order of ``before_request`` and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:`4229` ``` ### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren&#x27;t available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Revert a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug &gt;= 2, Jinja2 &gt;= 3, MarkupSafe &gt;= 2, ItsDangerous &gt;= 2, Click &gt;= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it&#x27;s needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add ``SessionInterface.get_cookie_name`` to allow setting the session cookie name dynamically. :pr:`3369` - Add ``Config.from_file`` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. ``Config.from_json`` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - ``send_file`` raises a ``ValueError`` when passed an ``io`` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja&#x27;s implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post(&quot;/login&quot;)`` is a shortcut for ``app.route(&quot;/login&quot;, methods=[&quot;POST&quot;])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to &quot;UTF-8&quot; when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python &lt; 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask - Changelog: https://pyup.io/changelogs/flask/ - Homepage: https://palletsprojects.com/p/flask </details> ### Update [Flask-Admin](https://pypi.org/project/Flask-Admin) from **1.5.7** to **1.6.0**. <details> <summary>Changelog</summary> ### 1.6.0 ``` ----- * Dropped Python 2 support * WTForms 3.0 support * Various fixes ``` ### 1.5.8 ``` ----- * SQLAlchemy 1.4.5+ compatibility fixes * Redis CLI fixes ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-admin - Changelog: https://pyup.io/changelogs/flask-admin/ - Repo: https://github.com/flask-admin/flask-admin/ - Docs: https://pythonhosted.org/Flask-Admin/ </details> ### Update [Flask-SQLAlchemy](https://pypi.org/project/Flask-SQLAlchemy) from **2.4.4** to **3.0.3**. <details> <summary>Changelog</summary> ### 3.0.2 ``` ------------- Released 2022-10-14 - Update compatibility with SQLAlchemy 2. :issue:`1122` ``` ### 3.0.1 ``` ------------- Released 2022-10-11 - Export typing information instead of using external typeshed definitions. :issue:`1112` - If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an invalid default bind will not be configured. :issue:`1117` ``` ### 3.0.0 ``` ------------- Released 2022-10-04 - Drop support for Python 2, 3.4, 3.5, and 3.6. - Bump minimum version of Flask to 2.2. - Bump minimum version of SQLAlchemy to 1.4.18. - Remove previously deprecated code. - The session is scoped to the current app context instead of the thread. This requires that an app context is active. This ensures that the session is cleaned up after every request. - An active Flask application context is always required to access ``session`` and ``engine``, regardless of if an application was passed to the constructor. :issue:`508, 944` - Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing tables in different databases to have the same name. Bind keys are stored and looked up on the resulting metadata rather than the model or table. - ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731` - Configuring SQLite with a relative path is relative to ``app.instance_path`` instead of ``app.root_path``. The instance folder is created if necessary. :issue:`462` - Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to the extension object. These use SQLAlchemy&#x27;s preferred ``session.execute(select())`` pattern instead of the legacy query interface. :issue:`1088` - Setup methods that create the engines and session are renamed with a leading underscore. They are considered internal interfaces which may change at any time. - All parameters to ``SQLAlchemy`` except ``app`` are keyword-only. - Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter from various ``SQLAlchemy`` methods. - The extension object uses ``__getattr__`` to alias names from the SQLAlchemy package, rather than copying them as attributes. - The extension object is stored directly as ``app.extensions[&quot;sqlalchemy&quot;]``. :issue:`698` - The session class can be customized by passing the ``class_`` key in the ``session_options`` parameter. :issue:`327` - ``SignallingSession`` is renamed to ``Session``. - ``Session.get_bind`` more closely matches the base implementation. - Model classes and the ``db`` instance are available without imports in ``flask shell``. :issue:`1089` - The ``CamelCase`` to ``snake_case`` table name converter handles more patterns correctly. If model that was already created in the database changed, either use Alembic to rename the table, or set ``__tablename__`` to keep the old name. :issue:`406` - ``Model`` ``repr`` distinguishes between transient and pending instances. :issue:`967` - A custom model class can implement ``__init_subclass__`` with class parameters. :issue:`1002` - ``db.Table`` is a subclass instead of a function. - The ``engine_options`` parameter is applied as defaults before per-engine configuration. - ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence. :issue:`783` - Engines are created when calling ``init_app`` rather than the first time they are accessed. :issue:`698` - ``db.engines`` exposes the map of bind keys to engines for the current app. - ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated. - SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are supported. :issue:`998, 1045` - SQLite engines do not use ``NullPool`` if ``pool_size`` is 0. - MySQL engines use the &quot;utf8mb4&quot; charset by default. :issue:`875` - MySQL engines do not set ``pool_size`` to 10. - MySQL engines don&#x27;t set a default for ``pool_recycle`` if not using a queue pool. :issue:`803` - ``Query`` is renamed from ``BaseQuery``. - Added ``Query.one_or_404``. - The query class is applied to ``backref`` in ``relationship``. :issue:`417` - Creating ``Pagination`` objects manually is no longer a public API. They should be created with ``db.paginate`` or ``query.paginate``. :issue:`1088` - ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only. - ``Pagination`` is iterable, iterating over its items. :issue:`70` - Pagination count query is more efficient. - ``Pagination.iter_pages`` is more efficient. :issue:`622` - ``Pagination.iter_pages`` ``right_current`` parameter is inclusive. - Pagination ``per_page`` cannot be 0. :issue:`1091` - Pagination ``max_per_page`` defaults to 100. :issue:`1091` - Added ``Pagination.first`` and ``last`` properties, which give the number of the first and last item on the page. :issue:`567` - ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled automatically with ``app.debug`` or ``app.testing``. :issue:`1092` - ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the config and functionality. - Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is renamed to ``location``. Finding the location uses a more inclusive check. - ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727` - ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues that are difficult to debug. Call ``db.session.commit()`` directly instead. :issue:`216` ``` ### 2.5.1 ``` ------------- Released 2021-03-18 - Fix compatibility with Python 2.7. ``` ### 2.5.0 ``` ------------- Released 2021-03-18 - Update to support SQLAlchemy 1.4. - SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to return a new URL instead of ``None``. :issue:`885` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-sqlalchemy - Changelog: https://pyup.io/changelogs/flask-sqlalchemy/ - Docs: https://pythonhosted.org/Flask-SQLAlchemy/ </details> ### Update [SQLAlchemy](https://pypi.org/project/SQLAlchemy) from **1.3.20** to **2.0.1**. <details> <summary>Changelog</summary> ### 2.0.0rc3 ``` :released: January 18, 2023 .. change:: :tags: bug, typing :tickets: 9096 Fixes to the annotations within the ``sqlalchemy.ext.hybrid`` extension for more effective typing of user-defined methods. The typing now uses :pep:`612` features, now supported by recent versions of Mypy, to maintain argument signatures for :class:`.hybrid_method`. Return values for hybrid methods are accepted as SQL expressions in contexts such as :meth:`_sql.Select.where` while still supporting SQL methods. .. change:: :tags: bug, orm :tickets: 9099 Fixed issue where using a pep-593 ``Annotated`` type in the :paramref:`_orm.registry.type_annotation_map` which itself contained a generic plain container or ``collections.abc`` type (e.g. ``list``, ``dict``, ``collections.abc.Sequence``, etc. ) as the target type would produce an internal error when the ORM were trying to interpret the ``Annotated`` instance. .. change:: :tags: bug, orm :tickets: 9100 Added an error message when a :func:`_orm.relationship` is mapped against an abstract container type, such as ``Mapped[Sequence[B]]``, without providing the :paramref:`_orm.relationship.container_class` parameter which is necessary when the type is abstract. Previously the the abstract container would attempt to be instantiated at a later step and fail. .. change:: :tags: orm, feature :tickets: 9060 Added a new parameter to :class:`_orm.Mapper` called :paramref:`_orm.Mapper.polymorphic_abstract`. The purpose of this directive is so that the ORM will not consider the class to be instantiated or loaded directly, only subclasses. The actual effect is that the :class:`_orm.Mapper` will prevent direct instantiation of instances of the class and will expect that the class does not have a distinct polymorphic identity configured. In practice, the class that is mapped with :paramref:`_orm.Mapper.polymorphic_abstract` can be used as the target of a :func:`_orm.relationship` as well as be used in queries; subclasses must of course include polymorphic identities in their mappings. The new parameter is automatically applied to classes that subclass the :class:`.AbstractConcreteBase` class, as this class is not intended to be instantiated. .. seealso:: :ref:`orm_inheritance_abstract_poly` .. change:: :tags: bug, postgresql :tickets: 9106 Fixed regression where psycopg3 changed an API call as of version 3.1.8 to expect a specific object type that was previously not enforced, breaking connectivity for the psycopg3 dialect. .. change:: :tags: oracle, usecase :tickets: 9086 Added support for the Oracle SQL type ``TIMESTAMP WITH LOCAL TIME ZONE``, using a newly added Oracle-specific :class:`_oracle.TIMESTAMP` datatype. .. changelog:: ``` ### 2.0.0rc2 ``` :released: January 9, 2023 .. change:: :tags: bug, typing :tickets: 9067 The Data Class Transforms argument ``field_descriptors`` was renamed to ``field_specifiers`` in the accepted version of PEP 681. .. change:: :tags: bug, oracle :tickets: 9059 Supported use case for foreign key constraints where the local column is marked as &quot;invisible&quot;. The errors normally generated when a :class:`.ForeignKeyConstraint` is created that check for the target column are disabled when reflecting, and the constraint is skipped with a warning in the same way which already occurs for an :class:`.Index` with a similar issue. .. change:: :tags: bug, orm :tickets: 9071 Fixed issue where an overly restrictive ORM mapping rule were added in 2.0 which prevented mappings against :class:`.TableClause` objects, such as those used in the view recipe on the wiki. .. change:: :tags: bug, mysql :tickets: 9058 Restored the behavior of :meth:`.Inspector.has_table` to report on temporary tables for MySQL / MariaDB. This is currently the behavior for all other included dialects, but was removed for MySQL in 1.4 due to no longer using the DESCRIBE command; there was no documented support for temp tables being reported by the :meth:`.Inspector.has_table` method in this version or on any previous version, so the previous behavior was undefined. As SQLAlchemy 2.0 has added formal support for temp table status via :meth:`.Inspector.has_table`, the MySQL /MariaDB dialect has been reverted to use the &quot;DESCRIBE&quot; statement as it did in the SQLAlchemy 1.3 series and previously, and test support is added to include MySQL / MariaDB for this behavior. The previous issues with ROLLBACK being emitted which 1.4 sought to improve upon don&#x27;t apply in SQLAlchemy 2.0 due to simplifications in how :class:`.Connection` handles transactions. DESCRIBE is necessary as MariaDB in particular has no consistently available public information schema of any kind in order to report on temp tables other than DESCRIBE/SHOW COLUMNS, which rely on throwing an error in order to report no results. .. change:: :tags: json, postgresql :tickets: 7147 Implemented missing ``JSONB`` operations: * ` using :meth:`_postgresql.JSONB.Comparator.path_match` * ``?`` using :meth:`_postgresql.JSONB.Comparator.path_exists` * ``-`` using :meth:`_postgresql.JSONB.Comparator.delete_path` Pull request curtesy of Guilherme Martins Crocetti. .. changelog:: ``` ### 2.0.0rc1 ``` :released: December 28, 2022 .. change:: :tags: bug, typing :tickets: 6810, 9025 pep-484 typing has been completed for the ``sqlalchemy.ext.horizontal_shard`` extension as well as the ``sqlalchemy.orm.events`` module. Thanks to Gleb Kisenkov for their efforts. .. change:: :tags: postgresql, bug :tickets: 8977 :versions: 2.0.0rc1 Added support for explicit use of PG full text functions with asyncpg and psycopg (SQLAlchemy 2.0 only), with regards to the ``REGCONFIG`` type cast for the first argument, which previously would be incorrectly cast to a VARCHAR, causing failures on these dialects that rely upon explicit type casts. This includes support for :class:`_postgresql.to_tsvector`, :class:`_postgresql.to_tsquery`, :class:`_postgresql.plainto_tsquery`, :class:`_postgresql.phraseto_tsquery`, :class:`_postgresql.websearch_to_tsquery`, :class:`_postgresql.ts_headline`, each of which will determine based on number of arguments passed if the first string argument should be interpreted as a PostgreSQL &quot;REGCONFIG&quot; value; if so, the argument is typed using a newly added type object :class:`_postgresql.REGCONFIG` which is then explicitly cast in the SQL expression. .. change:: :tags: bug, orm :tickets: 4629 A warning is emitted if a backref name used in :func:`_orm.relationship` names an attribute on the target class which already has a method or attribute assigned to that name, as the backref declaration will replace that attribute. .. change:: :tags: bug, postgresql :tickets: 9020 Fixed regression where newly revised PostgreSQL range types such as :class:`_postgresql.INT4RANGE` could not be set up as the impl of a :class:`.TypeDecorator` custom type, instead raising a ``TypeError``. .. change:: :tags: usecase, orm :tickets: 7837 Adjustments to the :class:`_orm.Session` in terms of extensibility, as well as updates to the :class:`.ShardedSession` extension: * :meth:`_orm.Session.get` now accepts :paramref:`_orm.Session.get.bind_arguments`, which in particular may be useful when using the horizontal sharding extension. * :meth:`_orm.Session.get_bind` accepts arbitrary kw arguments, which assists in developing code that uses a :class:`_orm.Session` class which overrides this method with additional arguments. * Added a new ORM execution option ``identity_token`` which may be used to directly affect the &quot;identity token&quot; that will be associated with newly loaded ORM objects. This token is how sharding approaches (namely the :class:`.ShardedSession`, but can be used in other cases as well) separate object identities across different &quot;shards&quot;. .. seealso:: :ref:`queryguide_identity_token` * The :meth:`_orm.SessionEvents.do_orm_execute` event hook may now be used to affect all ORM-related options, including ``autoflush``, ``populate_existing``, and ``yield_per``; these options are re-consumed subsequent to event hooks being invoked before they are acted upon. Previously, options like ``autoflush`` would have been already evaluated at this point. The new ``identity_token`` option is also supported in this mode and is now used by the horizontal sharding extension. * The :class:`.ShardedSession` class replaces the :paramref:`.ShardedSession.id_chooser` hook with a new hook :paramref:`.ShardedSession.identity_chooser`, which no longer relies upon the legacy :class:`_orm.Query` object. :paramref:`.ShardedSession.id_chooser` is still accepted in place of :paramref:`.ShardedSession.identity_chooser` with a deprecation warning. .. change:: :tags: usecase, orm :tickets: 9015 The behavior of &quot;joining an external transaction into a Session&quot; has been revised and improved, allowing explicit control over how the :class:`_orm.Session` will accommodate an incoming :class:`_engine.Connection` that already has a transaction and possibly a savepoint already established. The new parameter :paramref:`_orm.Session.join_transaction_mode` includes a series of option values which can accommodate the existing transaction in several ways, most importantly allowing a :class:`_orm.Session` to operate in a fully transactional style using savepoints exclusively, while leaving the externally initiated transaction non-committed and active under all circumstances, allowing test suites to rollback all changes that take place within tests. Additionally, revised the :meth:`_orm.Session.close` method to fully close out savepoints that may still be present, which also allows the &quot;external transaction&quot; recipe to proceed without warnings if the :class:`_orm.Session` did not explicitly end its own SAVEPOINT transactions. .. seealso:: :ref:`change_9015` .. change:: :tags: bug, sql :tickets: 8988 Added test support to ensure that all compiler ``visit_xyz()`` methods across all :class:`.Compiler` implementations in SQLAlchemy accept a ``**kw`` parameter, so that all compilers accept additional keyword arguments under all circumstances. .. change:: :tags: bug, postgresql :tickets: 8984 The :meth:`_postgresql.Range.__eq___` will now return ``NotImplemented`` when comparing with an instance of a different class, instead of raising an :exc:`AttributeError` exception. .. change:: :tags: bug, sql :tickets: 6114 The :meth:`.SQLCompiler.construct_params` method, as well as the :attr:`.SQLCompiler.params` accessor, will now return the exact parameters that correspond to a compiled statement that used the ``render_postcompile`` parameter to compile. Previously, the method returned a parameter structure that by itself didn&#x27;t correspond to either the original parameters or the expanded ones. Passing a new dictionary of parameters to :meth:`.SQLCompiler.construct_params` for a :class:`.SQLCompiler` that was constructed with ``render_postcompile`` is now disallowed; instead, to make a new SQL string and parameter set for an alternate set of parameters, a new method :meth:`.SQLCompiler.construct_expanded_state` is added which will produce a new expanded form for the given parameter set, using the :class:`.ExpandedState` container which includes a new SQL statement and new parameter dictionary, as well as a positional parameter tuple. .. change:: :tags: bug, orm :tickets: 8703, 8997, 8996 A series of changes and improvements regarding :meth:`_orm.Session.refresh`. The overall change is that primary key attributes for an object are now included in a refresh operation unconditionally when relationship-bound attributes are to be refreshed, even if not expired and even if not specified in the refresh. * Improved :meth:`_orm.Session.refresh` so that if autoflush is enabled (as is the default for :class:`_orm.Session`), the autoflush takes place at an earlier part of the refresh process so that pending primary key changes are applied without errors being raised. Previously, this autoflush took place too late in the process and the SELECT statement would not use the correct key to locate the row and an :class:`.InvalidRequestError` would be raised. * When the above condition is present, that is, unflushed primary key changes are present on the object, but autoflush is not enabled, the refresh() method now explicitly disallows the operation to proceed, and an informative :class:`.InvalidRequestError` is raised asking that the pending primary key changes be flushed first. Previously, this use case was simply broken and :class:`.InvalidRequestError` would be raised anyway. This restriction is so that it&#x27;s safe for the primary key attributes to be refreshed, as is necessary for the case of being able to refresh the object with relationship-bound secondary eagerloaders also being emitted. This rule applies in all cases to keep API behavior consistent regardless of whether or not the PK cols are actually needed in the refresh, as it is unusual to be refreshing some attributes on an object while keeping other attributes &quot;pending&quot; in any case. * The :meth:`_orm.Session.refresh` method has been enhanced such that attributes which are :func:`_orm.relationship`-bound and linked to an eager loader, either at mapping time or via last-used loader options, will be refreshed in all cases even when a list of attributes is passed that does not include any columns on the parent row. This builds upon the feature first implemented for non-column attributes as part of :ticket:`1763` fixed in 1.4 allowing eagerly-loaded relationship-bound attributes to participate in the :meth:`_orm.Session.refresh` operation. If the refresh operation does not indicate any columns on the parent row to be refreshed, the primary key columns will nonetheless be included in the refresh operation, which allows the load to proceed into the secondary relationship loaders indicated as it does normally. Previously an :class:`.InvalidRequestError` error would be raised for this condition (:ticket:`8703`) * Fixed issue where an unnecessary additional SELECT would be emitted in the case where :meth:`_orm.Session.refresh` were called with a combination of expired attributes, as well as an eager loader such as :func:`_orm.selectinload` that emits a &quot;secondary&quot; query, if the primary key attributes were also in an expired state. As the primary key attributes are now included in the refresh automatically, there is no additional load for these attributes when a relationship loader goes to select for them (:ticket:`8997`) * Fixed regression caused by :ticket:`8126` released in 2.0.0b1 where the :meth:`_orm.Session.refresh` method would fail with an ``AttributeError``, if passed both an expired column name as well as the name of a relationship-bound attribute that was linked to a &quot;secondary&quot; eagerloader such as the :func:`_orm.selectinload` eager loader (:ticket:`8996`) .. change:: :tags: bug, sql :tickets: 8994 To accommodate for third party dialects with different character escaping needs regarding bound parameters, the system by which SQLAlchemy &quot;escapes&quot; (i.e., replaces with another character in its place) special characters in bound parameter names has been made extensible for third party dialects, using the :attr:`.SQLCompiler.bindname_escape_chars` dictionary which can be overridden at the class declaration level on any :class:`.SQLCompiler` subclass. As part of this change, also added the dot ``&quot;.&quot;`` as a default &quot;escaped&quot; character. .. change:: :tags: orm, feature :tickets: 8889 Added a new default value for the :paramref:`.Mapper.eager_defaults` parameter &quot;auto&quot;, which will automatically fetch table default values during a unit of work flush, if the dialect supports RETURNING for the INSERT being run, as well as :ref:`insertmanyvalues &lt;engine_insertmanyvalues&gt;` available. Eager fetches for server-side UPDATE defaults, which are very uncommon, continue to only take place if :paramref:`.Mapper.eager_defaults` is set to ``True``, as there is no batch-RETURNING form for UPDATE statements. .. change:: :tags: usecase, orm :tickets: 8973 Removed the requirement that the ``__allow_unmapped__`` attribute be used on Declarative Dataclass Mapped class when non-``Mapped[]`` annotations are detected; previously, an error message that was intended to support legacy ORM typed mappings would be raised, which additionally did not mention correct patterns to use with Dataclasses specifically. This error message is now no longer raised if :meth:`_orm.registry.mapped_as_dataclass` or :class:`_orm.MappedAsDataclass` is used. .. seealso:: :ref:`orm_declarative_native_dataclasses_non_mapped_fields` .. change:: :tags: bug, orm :tickets: 8168 Improved a fix first made in version 1.4 for :ticket:`8456` which scaled back the usage of internal &quot;polymorphic adapters&quot;, that are used to render ORM queries when the :paramref:`_orm.Mapper.with_polymorphic` parameter is used. These adapters, which are very complex and error prone, are now used only in those cases where an explicit user-supplied subquery is used for :paramref:`_orm.Mapper.with_polymorphic`, which includes only the use case of concrete inheritance mappings that use the :func:`_orm.polymorphic_union` helper, as well as the legacy use case of using an aliased subquery for joined inheritance mappings, which is not needed in modern use. For the most common case of joined inheritance mappings that use the built-in polymorphic loading scheme, which includes those which make use of the :paramref:`_orm.Mapper.polymorphic_load` parameter set to ``inline``, polymorphic adapters are now no longer used. This has both a positive performance impact on the construction of queries as well as a substantial simplification of the internal query rendering process. The specific issue targeted was to allow a :func:`_orm.column_property` to refer to joined-inheritance classes within a scalar subquery, which now works as intuitively as is feasible. .. changelog:: ``` ### 2.0.0b4 ``` :released: December 5, 2022 .. change:: :tags: usecase, orm :tickets: 8859 Added support custom user-defined types which extend the Python ``enum.Enum`` base class to be resolved automatically to SQLAlchemy :class:`.Enum` SQL types, when using the Annotated Declarative Table feature. The feature is made possible through new lookup features added to the ORM type map feature, and includes support for changing the arguments of the :class:`.Enum` that&#x27;s generated by default as well as setting up specific ``enum.Enum`` types within the map with specific arguments. .. seealso:: :ref:`orm_declarative_mapped_column_enums` .. change:: :tags: bug, typing :tickets: 8783 Adjusted internal use of the Python ``enum.IntFlag`` class which changed its behavioral contract in Python 3.11. This was not causing runtime failures however caused typing runs to fail under Python 3.11. .. change:: :tags: usecase, typing :tickets: 8847 Added a new type :class:`.SQLColumnExpression` which may be indicated in user code to represent any SQL column oriented expression, including both those based on :class:`.ColumnElement` as well as on ORM :class:`.QueryableAttribute`. This type is a real class, not an alias, so can also be used as the foundation for other objects. An additional ORM-specific subclass :class:`.SQLORMExpression` is also included. .. change:: :tags: bug, typing :tickets: 8667, 6810 The ``sqlalchemy.ext.mutable`` extension and ``sqlalchemy.ext.automap`` extensions are now fully pep-484 typed. Huge thanks to Gleb Kisenkov for their efforts on this. .. change:: :tags: bug, sql :tickets: 8849 The approach to the ``numeric`` pep-249 paramstyle has been rewritten, and is now fully supported, including by features such as &quot;expanding IN&quot; and &quot;insertmanyvalues&quot;. Parameter names may also be repeated in the source SQL construct which will be correctly represented within the numeric format using a single parameter. Introduced an additional numeric paramstyle called ``numeric_dollar``, which is specifically what&#x27;s used by the asyncpg dialect; the paramstyle is equivalent to ``numeric`` except numeric indicators are indicated by a dollar-sign rather than a colon. The asyncpg dialect now uses ``numeric_dollar`` paramstyle directly, rather than compiling to ``format`` style first. The ``numeric`` and ``numeric_dollar`` paramstyles assume that the target backend is capable of receiving the numeric parameters in any order, and will match the given parameter values to the statement based on matching their position (1-based) to the numeric indicator. This is the normal behavior of &quot;numeric&quot; paramstyles, although it was observed that the SQLite DBAPI implements a not-used &quot;numeric&quot; style that does not honor parameter ordering. .. change:: :tags: usecase, postgresql :tickets: 8765 Complementing :ticket:`8690`, new comparison methods such as :meth:`_postgresql.Range.adjacent_to`, :meth:`_postgresql.Range.difference`, :meth:`_postgresql.Range.union`, etc., were added to the PG-specific range objects, bringing them in par with the standard operators implemented by the underlying :attr:`_postgresql.AbstractRange.comparator_factory`. In addition, the ``__bool__()`` method of the class has been corrected to be consistent with the common Python containers behavior as well as how other popular PostgreSQL drivers do: it now tells whether the range instance is *not* empty, rather than the other way around. Pull request courtesy Lele Gaifax. .. change:: :tags: bug, sql :tickets: 8770 Adjusted the rendering of ``RETURNING``, in particular when using :class:`_sql.Insert`, such that it now renders columns using the same logic as that of the :class:`.Select` construct to generate labels, which will include disambiguating labels, as well as that a SQL function surrounding a named column will be labeled using the column name itself. This establishes better cross-compatibility when selecting rows from either :class:`.Select` constructs or from DML statements that use :meth:`.UpdateBase.returning`. A narrower scale change was also made for the 1.4 series that adjusted the function label issue only. .. change:: :tags: change, postgresql, asyncpg :tickets: 8926 Changed the paramstyle used by asyncpg from ``format`` to ``numeric_dollar``. This has two main benefits since it does not require additional processing of the statement and allows for duplicate parameters to be present in the statements. .. change:: :tags: bug, orm :tickets: 8888 Fixed issue where use of an unknown datatype within a :class:`.Mapped` annotation for a column-based attribute would silently fail to map the attribute, rather than reporting an exception; an informative exception message is now raised. .. change:: :tags: bug, orm :tickets: 8777 Fixed a suite of issues involving :class:`.Mapped` use with dictionary types, such as ``Mapped[dict[str, str] | None]``, would not be correctly interpreted in Declarative ORM mappings. Support to correctly &quot;de-optionalize&quot; this type including for lookup in ``type_annotation_map`` has been fixed. .. change:: :tags: feature, orm :tickets: 8822 Added a new parameter :paramref:`_orm.mapped_column.use_existing_column` to accommodate the use case of a single-table inheritance mapping that uses the pattern of more than one subclass indicating the same column to take place on the superclass. This pattern was previously possible by using :func:`_orm.declared_attr` in conjunction with locating the existing column in the ``.__table__`` of the superclass, however is now updated to work with :func:`_orm.mapped_column` as well as with pep-484 typing, in a simple and succinct way. .. seealso:: :ref:`orm_inheritance_column_conflicts` .. change:: :tags: bug, mssql :tickets: 8917 Fixed regression caused by the combination of :ticket:`8177`, re-enable setinputsizes for SQL server unless fast_executemany + DBAPI executemany is used for a statement, along with :ticket:`6047`, implement &quot;insertmanyvalues&quot;, which bypasses DBAPI executemany in place of a custom DBAPI execute for INSERT statements. setinputsizes would incorrectly not be used for a multiple parameter-set INSERT statement that used &quot;insertmanyvalues&quot; if fast_executemany were turned on, as the check would incorrectly assume this is a DBAPI executemany call. The &quot;regression&quot; would then be that the &quot;insertmanyvalues&quot; statement format is apparently slightly more sensitive to multiple rows that don&#x27;t use the same types for each row, so in such a case setinputsizes is especially needed. The fix repairs the fast_executemany check so that it only disables setinputsizes if true DBAPI executemany is to be used. .. change:: :tags: bug, orm, performance :tickets: 8796 Additional performance enhancements within ORM-enabled SQL statements, specifically targeting callcounts within the construction of ORM statements, using combinations of :func:`_orm.aliased` with :func:`_sql.union` and similar &quot;compound&quot; constructs, in addition to direct performance improvements to the ``corresponding_column()`` internal method that is used heavily by the ORM by constructs like :func:`_orm.aliased` and similar. .. change:: :tags: bug, postgresql :tickets: 8884 Added additional type-detection for the new PostgreSQL :class:`_postgresql.Range` type, where previous cases that allowed the psycopg2-native range objects to be received directly by the DBAPI without SQLAlchemy intercepting them stopped working, as we now have our own value object. The :class:`_postgresql.Range` object has been enhanced such that SQLAlchemy Core detects it in otherwise ambiguous situations (such as comparison to dates) and applies appropriate bind handlers. Pull request courtesy Lele Gaifax. .. change:: :tags: bug, orm :tickets: 8880 Fixed bug in :ref:`orm_declarative_native_dataclasses` feature where using plain dataclass fields with the ``__allow_unmapped__`` directive in a mapping would not create a dataclass with the correct class-level state for those fields, copying the raw ``Field`` object to the class inappropriately after dataclasses itself had replaced the ``Field`` object with the class-level default value. .. change:: :tags: usecase, orm extensions :tickets: 8878 Added support for the :func:`.association_proxy` extension function to take part within Python ``dataclasses`` configuration, when using the native dataclasses feature described at :ref:`orm_declarative_native_dataclasses`. Included are attribute-level arguments including :paramref:`.association_proxy.init` and :paramref:`.association_proxy.default_factory`. Documentation for association proxy has also been updated to use &quot;Annotated Declarative Table&quot; forms within examples, including type annotations used for :class:`.AssocationProxy` itself. .. change:: :tags: bug, typing Corrected typing support for the :paramref:`_orm.relationship.secondary` argument which may also accept a callable (lambda) that returns a :class:`.FromClause`. .. change:: :tags: bug, orm, regression :tickets: 8812 Fixed regression where flushing a mapped class that&#x27;s mapped against a subquery, such as a direct mapping or some forms of concrete table inheritance, would fail if the :paramref:`_orm.Mapper.eager_defaults` parameter were used. .. change:: :tags: bug, schema :tickets: 8925 Stricter rules are in place for appending of :class:`.Column` objects to :class:`.Table` objects, both moving some previous deprecation warnings to exceptions, and preventing some previous scenarios that would cause duplicate columns to appear in tables, when :paramref:`.Table.extend_existing` were set to ``True``, for both programmatic :class:`.Table` construction as well as during reflection operations. See :ref:`change_8925` for a rundown of these changes. .. seealso:: :ref:`change_8925` .. change:: :tags: usecase, orm :tickets: 8905 Added :paramref:`_orm.mapped_column.compare` parameter to relevant ORM attribute constructs including :func:`_orm.mapped_column`, :func:`_orm.relationship` etc. to provide for the Python dataclasses ``compare`` parameter on ``field()``, when using the :ref:`orm_declarative_native_dataclasses` feature. Pull request courtesy Simon Schiele. .. change:: :tags: sql, usecase :tickets: 6289 Added :class:`_expression.ScalarValues` that can be used as a column element allowing using :class:`_expression.Values` inside ``IN`` clauses or in conjunction with ``ANY`` or ``ALL`` collection aggregates. This new class is generated using the method :meth:`_expression.Values.scalar_values`. The :class:`_expression.Values` instance is now coerced to a :class:`_expression.ScalarValues` when used in a ``IN`` or ``NOT IN`` operation. .. change:: :tags: bug, orm :tickets: 8853 Fixed regression in 2.0.0b3 caused by :ticket:`8759` where indicating the :class:`.Mapped` name using a qualified name such as ``sqlalchemy.orm.Mapped`` would fail to be recognized by Declarative as indicating the :class:`.Mapped` construct. .. change:: :tags: bug, typing :tickets: 8842 Improved the typing for :class:`.sessionmaker` and :class:`.async_sessionmaker`, so that the default type of their return value will be :class:`.Session` or :class:`.AsyncSession`, without the need to type this explicitly. Previously, Mypy would not automaticaly infer these return types from its generic base. As part of this change, arguments for :class:`.Session`, :class:`.AsyncSession`, :class:`.sessionmaker` and :class:`.async_sessionmaker` beyond the initial &quot;bind&quot; argument have been made keyword-only, which includes parameters that have always been documented as keyword arguments, such as :paramref:`.Session.autoflush`, :paramref:`.Session.class_`, etc. Pull request courtesy Sam Bull. .. change:: :tags: bug, typing :tickets: 8776 Fixed issue where passing a callbale function returning an iterable of column elements to :paramref:`_orm.relationship.order_by` was flagged as an error in type checkers. .. changelog:: ``` ### 2.0.0b3 ``` :released: November 4, 2022 .. change:: :tags: bug, orm, declarative :tickets: 8759 Added support in ORM declarative annotations for class names specified for :func:`_orm.relationship`, as well as the name of the :class:`_orm.Mapped` symbol itself, to be different names than their direct class name, to support scenarios such as where :class:`_orm.Mapped` is imported as ``from sqlalchemy.orm import Mapped as M``, or where related class names are imported with an alternate name in a similar fashion. Additionally, a target class name given as the lead argument for :func:`_orm.relationship` will always supersede the name given in the left hand annotation, so that otherwise un-importable names that also don&#x27;t match the class name can still be used in annotations. .. change:: :tags: bug, orm, declarative :tickets: 8692 Improved support for legacy 1.4 mappings that use annotations which don&#x27;t include ``Mapped[]``, by ensuring the ``__allow_unmapped__`` attribute can be used to allow such legacy annotations to pass through Annotated Declarative without raising an error and without being interpreted in an ORM runtime context. Additionally improved the error message generated when this condition is detected, and added more documentation for how this situation should be handled. Unfortunately the 1.4 WARN_SQLALCHEMY_20 migration warning cannot detect this particular configurational issue at runtime with its current architecture. .. change:: :tags: usecase, postgresql :tickets: 8690 Refined the new approach to range objects described at :ref:`change_7156` to accommodate driver-specific range and multirange objects, to better accommodate both legacy code as well as when passing results from raw SQL result sets back into new range or multirange expressions. .. change:: :tags: usecase, engine :tickets: 8717 Added new parameter :paramref:`.PoolEvents.reset.reset_state` parameter to the :meth:`.PoolEvents.reset` event, with deprecation logic in place that will continue to accept event hooks using the previous set of arguments. This indicates various state information about how the reset is taking place and is used to allow custom reset schemes to take place with full context given. Within this change a fix that&#x27;s also backported to 1.4 is included which re-enables the :meth:`.PoolEvents.reset` event to continue to take place under all circumstances, including when :class:`.Connection` has already &quot;reset&quot; the connection. The two changes together allow custom reset schemes to be implemented using the :meth:`.PoolEvents.reset` event, instead of the :meth:`.PoolEvents.checkin` event (which continues to function as it always has). .. change:: :tags: bug, orm, declarative :tickets: 8705 Changed a fundamental configuration behavior of :class:`.Mapper`, where :class:`_schema.Column` objects that are explicitly present in the :paramref:`_orm.Mapper.properties` dictionary, either directly or enclosed within a mapper property object, will now be mapped within the order of how they appear --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 01:34:00 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 01:34:02 +03:00

[PR #317] [CLOSED] Scheduled weekly dependency update for week 13 #326

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pyup-scheduled-update-2026-04-20

pyup-scheduled-update-2024-09-16

pyup-scheduled-update-2023-07-24

pyup-scheduled-update-2023-06-19

pyup-scheduled-update-2023-05-22

pyup-scheduled-update-2023-05-15

pyup-scheduled-update-2023-05-08

dependabot/pip/flask-2.3.2

pyup-scheduled-update-2023-05-01

pyup-scheduled-update-2023-04-03

dependabot/pip/werkzeug-2.2.3

pyup-scheduled-update-2022-11-14

pyup-scheduled-update-2022-10-03

pyup-scheduled-update-2022-08-01

pyup-scheduled-update-2022-06-13

pyup-scheduled-update-2022-05-30

pyup-scheduled-update-2022-03-07

pyup-scheduled-update-2022-01-10

pyup-scheduled-update-2021-11-01

pyup-scheduled-update-2020-10-05

pyup-scheduled-update-2019-09-30

pyup-scheduled-update-2019-07-29

pyup-scheduled-update-2019-07-22

pyup-scheduled-update-2019-05-27

pyup-scheduled-update-2019-03-11

marshmallow

pyup-scheduled-update-2019-02-25

pyup-scheduled-update-2019-02-18

pyup-scheduled-update-2019-01-28

pyup-scheduled-update-2019-01-14

docker

name-map-stupid

swagger

fix-pagination

doc-expansion

specify-schema

No results found.

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactoring

  

research

  

wontfix

No labels

bug

duplicate

enhancement

help wanted

invalid

pull-request

question

refactoring

research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sandman2-jeffknupp#317

No description provided.