[PR #325] [CLOSED] Scheduled weekly dependency update for week 24 #333

New issue

Closed

opened 2026-02-26 01:34:04 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 01:34:04 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/jeffknupp/sandman2/pull/325
Author: @pyup-bot
Created: 6/12/2023
Status: ❌ Closed

Base: master ← Head: pyup-scheduled-update-2023-06-12

---

📝 Commits (10+)

• ee4b1f0 Update flask from 1.1.2 to 2.3.2
• 0a73f41 Update flask-admin from 1.5.7 to 1.6.1
• 1e5d46a Update flask-sqlalchemy from 2.4.4 to 3.0.3
• d690a0d Update sqlalchemy from 1.3.20 to 2.0.16
• 37d0925 Update wtforms from 2.3.3 to 3.0.1
• e2e2660 Update coverage from 5.3 to 7.2.7
• 5fc1998 Update pytest from 6.2.0 to 7.3.2
• 888e2de Update flask-cors from 3.0.9 to 3.0.10
• f0b780c Update pytest-cov from 2.10.1 to 4.1.0
• c1c0000 Update pytest-flask from 1.1.0 to 1.2.0

📊 Changes

1 file changed (+15 additions, -15 deletions)

View changed files

📝 requirements.txt (+15 -15)

📄 Description

Update Flask from 1.1.2 to 2.3.2.

Changelog

2.3.2

-------------

Released 2023-05-01

-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.
-   Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

2.3.1

-------------

Released 2023-04-25

-   Restore deprecated ``from flask import Markup``. :issue:`5084`

2.3.0

-------------

Released 2023-04-25

-   Drop support for Python 3.7. :pr:`5072`
-   Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
 itsdangerous>=2.1.2, click>=8.1.3.
-   Remove previously deprecated code. :pr:`4995`

 -   The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and
     ``_request_ctx_stack`` objects are removed. ``top`` still exists to give
     extensions more time to update, but it will be removed.
 -   The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env``
     property are removed.
 -   The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``,
     ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app``
     are removed.
 -   The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and
     ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed.
 -   The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators
     are removed.
 -   ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the
     corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed.
 -   The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed.
 -   Calling setup methods on blueprints after registration is an error instead of a
     warning. :pr:`4997`

-   Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them
 directly from ``markupsafe`` instead. :pr:`4996`
-   The ``app.got_first_request`` property is deprecated. :pr:`4997`
-   The ``locked_cached_property`` decorator is deprecated. Use a lock inside the
 decorated function if locking is needed. :issue:`4993`
-   Signals are always available. ``blinker>=1.6.2`` is a required dependency. The
 ``signals_available`` attribute is deprecated. :issue:`5056`
-   Signals support ``async`` subscriber functions. :pr:`5049`
-   Remove uses of locks that could cause requests to block each other very briefly.
 :issue:`4993`
-   Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
 :pr:`4947`
-   Ensure subdomains are applied with nested blueprints. :issue:`4834`
-   ``config.from_file`` can use ``text=False`` to indicate that the parser wants a
 binary file instead. :issue:`4989`
-   If a blueprint is created with an empty name it raises a ``ValueError``.
 :issue:`5010`
-   ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not
 to set the domain, which modern browsers interpret as an exact match rather than
 a subdomain match. Warnings about ``localhost`` and IP addresses are also removed.
 :issue:`5051`
-   The ``routes`` command shows each rule's ``subdomain`` or ``host`` when domain
 matching is in use. :issue:`5004`
-   Use postponed evaluation of annotations. :pr:`5071`

2.2.5

-------------

Released 2023-05-02

-   Update for compatibility with Werkzeug 2.3.3.
-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.

2.2.4

-------------

Released 2023-04-25

-   Update for compatibility with Werkzeug 2.3.

2.2.3

-------------

Released 2023-02-15

-   Autoescape is enabled by default for ``.svg`` template files. :issue:`4831`
-   Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892`
-   Add ``--debug`` option to the ``flask run`` command. :issue:`4777`

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``setuptools`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://pyup.io/changelogs/flask/

Update Flask-Admin from 1.5.7 to 1.6.1.

Changelog

1.6.1

-----

* SQLAlchemy 2.x support
* General updates and bug fixes
* Dropped WTForms 1 support

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://pyup.io/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.0.3.

Changelog

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have
 changed to return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://pyup.io/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/Flask-SQLAlchemy/

Update SQLAlchemy from 1.3.20 to 2.0.16.

Changelog

2.0.16

:include_notes_from: unreleased_20

.. changelog::

2.0.15

:released: May 19, 2023

 .. change::
     :tags: bug, orm
     :tickets: 9805

     As more projects are using new-style "2.0" ORM querying, it's becoming
     apparent that the conditional nature of "autoflush", being based on whether
     or not the given statement refers to ORM entities, is becoming more of a
     key behavior. Up until now, the "ORM" flag for a statement has been loosely
     based around whether or not the statement returns rows that correspond to
     ORM entities or columns; the original purpose of the "ORM" flag was to
     enable ORM-entity fetching rules which apply post-processing to Core result
     sets as well as ORM loader strategies to the statement.  For statements
     that don't build on rows that contain ORM entities, the "ORM" flag was
     considered to be mostly unnecessary.

     It still may be the case that "autoflush" would be better taking effect for
     *all* usage of :meth:`_orm.Session.execute` and related methods, even for
     purely Core SQL constructs. However, this still could impact legacy cases
     where this is not expected and may be more of a 2.1 thing. For now however,
     the rules for the "ORM-flag" have been opened up so that a statement that
     includes ORM entities or attributes anywhere within, including in the WHERE
     / ORDER BY / GROUP BY clause alone, within scalar subqueries, etc. will
     enable this flag.  This will cause "autoflush" to occur for such statements
     and also be visible via the :attr:`_orm.ORMExecuteState.is_orm_statement`
     event-level attribute.



 .. change::
     :tags: bug, postgresql, regression
     :tickets: 9808

     Repaired the base :class:`.Uuid` datatype for the PostgreSQL dialect to
     make full use of the PG-specific ``UUID`` dialect-specific datatype when
     "native_uuid" is selected, so that PG driver behaviors are included. This
     issue became apparent due to the insertmanyvalues improvement made as part
     of :ticket:`9618`, where in a similar manner as that of :ticket:`9739`, the
     asyncpg driver is very sensitive to datatype casts being present or not,
     and the PostgreSQL driver-specific native ``UUID`` datatype must be invoked
     when this generic type is used so that these casts take place.


.. changelog::

2.0.14

:released: May 18, 2023

 .. change::
     :tags: bug, sql
     :tickets: 9772

     Fixed issue in :func:`_sql.values` construct where an internal compilation
     error would occur if the construct were used inside of a scalar subquery.

 .. change::
     :tags: usecase, sql
     :tickets: 9752


     Generalized the MSSQL :func:`_sql.try_cast` function into the
     ``sqlalchemy.`` import namespace so that it may be implemented by third
     party dialects as well. Within SQLAlchemy, the :func:`_sql.try_cast`
     function remains a SQL Server-only construct that will raise
     :class:`.CompileError` if used with backends that don't support it.

     :func:`_sql.try_cast` implements a CAST where un-castable conversions are
     returned as NULL, instead of raising an error. Theoretically, the construct
     could be implemented by third party dialects for Google BigQuery, DuckDB,
     and Snowflake, and possibly others.

     Pull request courtesy Nick Crews.

 .. change::
     :tags: bug, tests, pypy
     :tickets: 9789

     Fixed test that relied on the ``sys.getsizeof()`` function to not run on
     pypy, where this function appears to have different behavior than it does
     on cpython.

 .. change::
     :tags: bug, orm
     :tickets: 9777

     Modified the ``JoinedLoader`` implementation to use a simpler approach in
     one particular area where it previously used a cached structure that would
     be shared among threads. The rationale is to avoid a potential race
     condition which is suspected of being the cause of a particular crash
     that's been reported multiple times. The cached structure in question is
     still ultimately "cached" via the compiled SQL cache, so a performance
     degradation is not anticipated.

 .. change::
     :tags: bug, orm, regression
     :tickets: 9767

     Fixed regression where use of :func:`_dml.update` or :func:`_dml.delete`
     within a :class:`_sql.CTE` construct, then used in a :func:`_sql.select`,
     would raise a :class:`.CompileError` as a result of ORM related rules for
     performing ORM-level update/delete statements.

 .. change::
     :tags: bug, orm
     :tickets: 9766

     Fixed issue in new ORM Annotated Declarative where using a
     :class:`_schema.ForeignKey` (or other column-level constraint) inside of
     :func:`_orm.mapped_column` which is then copied out to models via pep-593
     ``Annotated`` would apply duplicates of each constraint to the
     :class:`_schema.Column` as produced in the target :class:`_schema.Table`,
     leading to incorrect CREATE TABLE DDL as well as migration directives under
     Alembic.

 .. change::
     :tags: bug, orm
     :tickets: 9779

     Fixed issue where using additional relationship criteria with the
     :func:`_orm.joinedload` loader option, where the additional criteria itself
     contained correlated subqueries that referred to the joined entities and
     therefore also required "adaption" to aliased entities, would be excluded
     from this adaption, producing the wrong ON clause for the joinedload.

 .. change::
     :tags: bug, postgresql
     :tickets: 9773

     Fixed apparently very old issue where the
     :paramref:`_postgresql.ENUM.create_type` parameter, when set to its
     non-default of ``False``, would not be propagated when the
     :class:`_schema.Column` which it's a part of were copied, as is common when
     using ORM Declarative mixins.

.. changelog::

2.0.13

:released: May 10, 2023

 .. change::
     :tags: usecase, asyncio
     :tickets: 9731

     Added a new helper mixin :class:`_asyncio.AsyncAttrs` that seeks to improve
     the use of lazy-loader and other expired or deferred ORM attributes with
     asyncio, providing a simple attribute accessor that provides an ``await``
     interface to any ORM attribute, whether or not it needs to emit SQL.

     .. seealso::

         :class:`_asyncio.AsyncAttrs`

 .. change::
     :tags: bug, orm
     :tickets: 9717

     Fixed issue where ORM Annotated Declarative would not resolve forward
     references correctly in all cases; in particular, when using
     ``from __future__ import annotations`` in combination with Pydantic
     dataclasses.

 .. change::
     :tags: typing, sql
     :tickets: 9656

     Added type :data:`_sql.ColumnExpressionArgument` as a public-facing type
     that indicates column-oriented arguments which are passed to SQLAlchemy
     constructs, such as :meth:`_sql.Select.where`, :func:`_sql.and_` and
     others. This may be used to add typing to end-user functions which call
     these methods.

 .. change::
     :tags: bug, orm
     :tickets: 9746

     Fixed issue in new :ref:`orm_queryguide_upsert_returning` feature where the
     ``populate_existing`` execution option was not being propagated to the
     loading option, preventing existing attributes from being refreshed
     in-place.

 .. change::
     :tags: bug, sql

     Fixed the base class for dialect-specific float/double types; Oracle
     :class:`_oracle.BINARY_DOUBLE` now subclasses :class:`_sqltypes.Double`,
     and internal types for :class:`_sqltypes.Float` for asyncpg and pg8000 now
     correctly subclass :class:`_sqltypes.Float`.

 .. change::
     :tags: bug, ext
     :tickets: 9676

     Fixed issue in :class:`_mutable.Mutable` where event registration for ORM
     mapped attributes would be called repeatedly for mapped inheritance
     subclasses, leading to duplicate events being invoked in inheritance
     hierarchies.

 .. change::
     :tags: bug, orm
     :tickets: 9715

     Fixed loader strategy pathing issues where eager loaders such as
     :func:`_orm.joinedload` / :func:`_orm.selectinload` would fail to traverse
     fully for many-levels deep following a load that had a
     :func:`_orm.with_polymorphic` or similar construct as an interim member.

 .. change::
     :tags: usecase, sql
     :tickets: 9721

     Implemented the "cartesian product warning" for UPDATE and DELETE
     statements, those which include multiple tables that are not correlated
     together in some way.

 .. change::
     :tags: bug, sql

     Fixed issue where :func:`_dml.update` construct that included multiple
     tables and no VALUES clause would raise with an internal error. Current
     behavior for :class:`_dml.Update` with no values is to generate a SQL
     UPDATE statement with an empty "set" clause, so this has been made
     consistent for this specific sub-case.

 .. change::
     :tags: oracle, reflection
     :tickets: 9597

     Added reflection support in the Oracle dialect to expression based indexes
     and the ordering direction of index expressions.

 .. change::
     :tags: performance, schema
     :tickets: 9597

     Improved how table columns are added, avoiding unnecessary allocations,
     significantly speeding up the creation of many table, like when reflecting
     entire schemas.

 .. change::
     :tags: bug, typing
     :tickets: 9762

     Fixed typing for the :paramref:`_orm.Session.get.with_for_update` parameter
     of :meth:`_orm.Session.get` and :meth:`_orm.Session.refresh` (as well as
     corresponding methods on :class:`_asyncio.AsyncSession`) to accept boolean
     ``True`` and all other argument forms accepted by the parameter at runtime.

 .. change::
     :tags: bug, postgresql, regression
     :tickets: 9739

     Fixed another regression due to the "insertmanyvalues" change in 2.0.10 as
     part of :ticket:`9618`, in a similar way as regression :ticket:`9701`, where
     :class:`.LargeBinary` datatypes also need additional casts on when using the
     asyncpg driver specifically in order to work with the new bulk INSERT
     format.

 .. change::
     :tags: bug, orm
     :tickets: 9630

     Fixed issue in :func:`_orm.mapped_column` construct where the correct
     warning for "column X named directly multiple times" would not be emitted
     when ORM mapped attributes referred to the same :class:`_schema.Column`, if
     the :func:`_orm.mapped_column` construct were involved, raising an internal
     assertion instead.

 .. change::
     :tags: bug, asyncio

     Fixed issue in semi-private ``await_only()`` and ``await_fallback()``
     concurrency functions where the given awaitable would remain un-awaited if
     the function threw a ``GreenletError``, which could cause "was not awaited"
     warnings later on if the program continued. In this case, the given
     awaitable is now cancelled before the exception is thrown.

.. changelog::

2.0.12

:released: April 30, 2023

 .. change::
     :tags: bug, mysql, mariadb
     :tickets: 9722

     Fixed issues regarding reflection of comments for :class:`_schema.Table`
     and :class:`_schema.Column` objects, where the comments contained control
     characters such as newlines. Additional testing support for these
     characters as well as extended Unicode characters in table and column
     comments (the latter of which aren't supported by MySQL/MariaDB) added to
     testing overall.

.. changelog::

2.0.11

:released: April 26, 2023

 .. change::
     :tags: bug, engine, regression
     :tickets: 9682

     Fixed regression which prevented the :attr:`_engine.URL.normalized_query`
     attribute of :class:`_engine.URL` from functioning.

 .. change::
     :tags: bug, postgresql, regression
     :tickets: 9701

     Fixed critical regression caused by :ticket:`9618`, which modified the
     architecture of the :term:`insertmanyvalues` feature for 2.0.10, which
     caused floating point values to lose all decimal places when being inserted
     using the insertmanyvalues feature with either the psycopg2 or psycopg
     drivers.


 .. change::
     :tags: bug, mssql

     Implemented the :class:`_sqltypes.Double` type for SQL Server, where it
     will render ``DOUBLE PRECISION`` at DDL time.  This is implemented using
     a new MSSQL datatype :class:`_mssql.DOUBLE_PRECISION` which also may
     be used directly.


 .. change::
     :tags: bug, oracle

     Fixed issue in Oracle dialects where ``Decimal`` returning types such as
     :class:`_sqltypes.Numeric` would return floating point values, rather than
     ``Decimal`` objects, when these columns were used in the
     :meth:`_dml.Insert.returning` clause to return INSERTed values.

 .. change::
     :tags: bug, orm
     :tickets: 9583, 9595

     Fixed 2.0 regression where use of :func:`_sql.bindparam()` inside of
     :meth:`_dml.Insert.values` would fail to be interpreted correctly when
     executing the :class:`_dml.Insert` statement using the ORM
     :class:`_orm.Session`, due to the new
     :ref:`ORM-enabled insert feature <orm_queryguide_bulk_insert>` not
     implementing this use case.

 .. change::
     :tags: usecase, orm
     :tickets: 9583, 9595

     The :ref:`ORM bulk INSERT and UPDATE <orm_expression_update_delete>`
     features now add these capabilities:

     * The requirement that extra parameters aren't passed when using ORM
       INSERT using the "orm" dml_strategy setting is lifted.
     * The requirement that additional WHERE criteria is not passed when using
       ORM UPDATE using the "bulk" dml_strategy setting is lifted.  Note that
       in this case, the check for expected row count is turned off.

 .. change::
     :tags: usecase, sql
     :tickets: 8285

     Added support for slice access with :class:`.ColumnCollection`, e.g.
     ``table.c[0:5]``, ``subquery.c[:-1]`` etc. Slice access returns a sub
     :class:`.ColumnCollection` in the same way as passing a tuple of keys. This
     is a natural continuation of the key-tuple access added for :ticket:`8285`,
     where it appears to be an oversight that the slice access use case was
     omitted.

 .. change::
     :tags: bug, typing
     :tickets: 9644

     Improved typing of :class:`_engine.RowMapping` to indicate that it
     support also :class:`_schema.Column` as index objects, not only
     string names. Pull request courtesy Andy Freeland.

 .. change::
     :tags: engine, performance
     :tickets: 9678, 9680

     A series of performance enhancements to :class:`_engine.Row`:

     * ``__getattr__`` performance of the row's "named tuple" interface has
       been improved; within this change, the :class:`_engine.Row`
       implementation has been streamlined, removing constructs and logic
       that were specific to the 1.4 and prior series of SQLAlchemy.
       As part of this change, the serialization format of :class:`_engine.Row`
       has been modified slightly, however rows which were pickled with previous
       SQLAlchemy 2.0 releases will be recognized within the new format.
       Pull request courtesy J. Nick Koston.

     * Improved row processing performance for "binary" datatypes by making the
       "bytes" handler conditional on a per driver basis.  As a result, the
       "bytes" result handler has been removed for nearly all drivers other than
       psycopg2, all of which in modern forms support returning Python "bytes"
       directly.  Pull request courtesy J. Nick Koston.

     * Additional refactorings inside of :class:`_engine.Row` to improve
       performance by Federico Caselli.




.. changelog::

2.0.10

:released: April 21, 2023

 .. change::
     :tags: bug, typing
     :tickets: 9650

     Added typing information for recently added operators
     :meth:`.ColumnOperators.icontains`, :meth:`.ColumnOperators.istartswith`,
     :meth:`.ColumnOperators.iendswith`, and bitwise operators
     :meth:`.ColumnOperators.bitwise_and`, :meth:`.ColumnOperators.bitwise_or`,
     :meth:`.ColumnOperators.bitwise_xor`, :meth:`.ColumnOperators.bitwise_not`,
     :meth:`.ColumnOperators.bitwise_lshift`
     :meth:`.ColumnOperators.bitwise_rshift`. Pull request courtesy Martijn
     Pieters.


 .. change::
     :tags: bug, oracle

     Fixed issue where the :class:`_sqltypes.Uuid` datatype could not be used in
     an INSERT..RETURNING clause with the Oracle dialect.

 .. change::
     :tags: usecase, engine
     :tickets: 9613

     Added :func:`_sa.create_pool_from_url` and
     :func:`_asyncio.create_async_pool_from_url` to create
     a :class:`_pool.Pool` instance from an input url passed as string
     or :class:`_sa.URL`.

 .. change::
     :tags: bug, engine
     :tickets: 9618, 9603

     Repaired a major shortcoming which was identified in the
     :ref:`engine_insertmanyvalues` performance optimization feature first
     introduced in the 2.0 series. This was a continuation of the change in
     2.0.9 which disabled the SQL Server version of the feature due to a
     reliance in the ORM on apparent row ordering that is not guaranteed to take
     place. The fix applies new logic to all "insertmanyvalues" operations,
     which takes effect when a new parameter
     :paramref:`_dml.Insert.returning.sort_by_parameter_order` on the
     :meth:`_dml.Insert.returning` or :meth:`_dml.UpdateBase.return_defaults`
     methods, that through a combination of alternate SQL forms, direct
     correspondence of client side parameters, and in some cases downgrading to
     running row-at-a-time, will apply sorting to each batch of returned rows
     using correspondence to primary key or other unique values in each row
     which can be correlated to the input data.

     Performance impact is expected to be minimal as nearly all common primary
     key scenarios are suitable for parameter-ordered batching to be
     achieved for all backends other than SQLite, while "row-at-a-time"
     mode operates with a bare minimum of Python overhead compared to the very
     heavyweight approaches used in the 1.x series. For SQLite, there is no
     difference in performance when "row-at-a-time" mode is used.

     It's anticipated that with an efficient "row-at-a-time" INSERT with
     RETURNING batching capability, the "insertmanyvalues" feature can be later
     be more easily generalized to third party backends that include RETURNING
     support but not necessarily easy ways to guarantee a correspondence
     with parameter order.

     .. seealso::

         :ref:`engine_insertmanyvalues_returning_order`


 .. change::
     :tags: bug, mssql
     :tickets: 9618, 9603

     Restored the :term:`insertmanyvalues` feature for Microsoft SQL Server.
     This feature was disabled in version 2.0.9 due to an apparent reliance
     on the ordering of RETURNING that is not guaranteed.   The architecture of
     the "insertmanyvalues" feature has been reworked to accommodate for
     specific organizations of INSERT statements and result row handling that
     can guarantee the correspondence of returned rows to input records.

     .. seealso::

       :ref:`engine_insertmanyvalues_returning_order`


 .. change::
     :tags: usecase, postgresql
     :tickets: 9608

     Added ``prepared_statement_name_func`` connection argument option in the
     asyncpg dialect. This option allows passing a callable used to customize
     the name of the prepared statement that will be created by the driver
     when executing queries.  Pull request courtesy Pavel Sirotkin.

     .. seealso::

         :ref:`asyncpg_prepared_statement_name`

 .. change::
     :tags: typing, bug

     Updates to the codebase to pass typing with Mypy 1.2.0.

 .. change::
     :tags: bug, typing
     :tickets: 9669

     Fixed typing issue where :meth:`_orm.PropComparator.and_` expressions would
     not be correctly typed inside of loader options such as
     :func:`_orm.selectinload`.

 .. change::
     :tags: bug, orm
     :tickets: 9625

     Fixed issue where the :meth:`_orm.declared_attr.directive` modifier was not
     correctly honored for subclasses when applied to the ``__mapper_args__``
     special method name, as opposed to direct use of
     :class:`_orm.declared_attr`. The two constructs should have identical
     runtime behaviors.

 .. change::
     :tags: bug, postgresql
     :tickets: 9611

     Restored the :paramref:`_postgresql.ENUM.name` parameter as optional in the
     signature for :class:`_postgresql.ENUM`, as this is chosen automatically
     from a given pep-435 ``Enum`` type.


 .. change::
     :tags: bug, postgresql
     :tickets: 9621

     Fixed issue where the comparison for :class:`_postgresql.ENUM` against a
     plain string would cast that right-hand side type as VARCHAR, which due to
     more explicit casting added to dialects such as asyncpg would produce a
     PostgreSQL type mismatch error.


 .. change::
     :tags: bug, orm
     :tickets: 9635

     Made an improvement to the :func:`_orm.with_loader_criteria` loader option
     to allow it to be indicated in the :meth:`.Executable.options` method of a
     top-level statement that is not itself an ORM statement. Examples include
     :func:`_sql.select` that's embedded in compound statements such as
     :func:`_sql.union`, within an :meth:`_dml.Insert.from_select` construct, as
     well as within CTE expressions that are not ORM related at the top level.

 .. change::
     :tags: bug, orm
     :tickets: 9685

     Fixed bug in ORM bulk insert feature where additional unnecessary columns
     would be rendered in the INSERT statement if RETURNING of individual columns
     were requested.

 .. change::
     :tags: bug, postgresql
     :tickets: 9615

     Fixed issue that prevented reflection of expression based indexes
     with long expressions in PostgreSQL. The expression where erroneously
     truncated to the identifier length (that's 63 bytes by default).

 .. change::
       :tags: usecase, postgresql
       :tickets: 9509

       Add missing :meth:`_postgresql.Range.intersection` method.
       Pull request courtesy Yurii Karabas.

 .. change::
     :tags: bug, orm
     :tickets: 9628

     Fixed bug in ORM Declarative Dataclasses where the
     :func:`_orm.query_expression` and :func:`_orm.column_property`
     constructs, which are documented as read-only constructs in the context of
     a Declarative mapping, could not be used with a
     :class:`_orm.MappedAsDataclass` class without adding ``init=False``, which
     in the case of :func:`_orm.query_expression` was not possible as no
     ``init`` parameter was included. These constructs have been modified from a
     dataclass perspective to be assumed to be "read only", setting
     ``init=False`` by default and no longer including them in the pep-681
     constructor. The dataclass parameters for :func:`_orm.column_property`
     ``init``, ``default``, ``default_factory``, ``kw_only`` are now deprecated;
     these fields don't apply to :func:`_orm.column_property` as used in a
     Declarative dataclasses configuration where the construct would be
     read-only. Also added read-specific parameter
     :paramref:`_orm.query_expression.compare` to
     :func:`_orm.query_expression`; :paramref:`_orm.query_expression.repr`
     was already present.



 .. change::
     :tags: bug, orm

     Added missing :paramref:`_orm.mapped_column.active_history` parameter
     to :func:`_orm.mapped_column` construct.

.. changelog::

2.0.9

:released: April 5, 2023

 .. change::
     :tags: bug, mssql
     :tickets: 9603

     The SQLAlchemy "insertmanyvalues" feature which allows fast INSERT of
     many rows while also supporting RETURNING is temporarily disabled for
     SQL Server. As the unit of work currently relies upon this feature such
     that it matches existing ORM objects to returned primary key
     identities, this particular use pattern does not work with SQL Server
     in all cases as the order of rows returned by "OUTPUT inserted" may not
     always match the order in which the tuples were sent, leading to
     the ORM making the wrong decisions about these objects in subsequent
     operations.

     The feature will be re-enabled in an upcoming release and will again
     take effect for multi-row INSERT statements, however the unit-of-work's
     use of the feature will be disabled, possibly for all dialects, unless
     ORM-mapped tables also include a "sentinel" column so that the
     returned rows can be referenced back to the original data passed in.


 .. change::
     :tags: bug, mariadb
     :tickets: 9588

     Added ``row_number`` as reserved word in MariaDb.

 .. change::
     :tags: bug, mssql
     :tickets: 9586

     Changed the bulk INSERT strategy used for SQL Server "executemany" with
     pyodbc when ``fast_executemany`` is set to ``True`` by using
     ``fast_executemany`` / ``cursor.executemany()`` for bulk INSERT that does
     not include RETURNING, restoring the same behavior as was used in
     SQLAlchemy 1.4 when this parameter is set.

     New performance details from end users have shown that ``fast_executemany``
     is still much faster for very large datasets as it uses ODBC commands that
     can receive all rows in a single round trip, allowing for much larger
     datasizes than the batches that can be sent by "insertmanyvalues"
     as was implemented for SQL Server.

     While this change was made such that "insertmanyvalues" continued to be
     used for INSERT that includes RETURNING, as well as if ``fast_executemany``
     were not set, due to :ticket:`9603`, the "insertmanyvalues" strategy has
     been disabled for SQL Server across the board in any case.

.. changelog::

2.0.8

:released: March 31, 2023

 .. change::
     :tags: bug, orm
     :tickets: 9553

     Fixed issue in ORM Annotated Declarative where using a recursive type (e.g.
     using a nested Dict type) would result in a recursion overflow in the ORM's
     annotation resolution logic, even if this datatype were not necessary to
     map the column.

 .. change::
     :tags: bug, examples

     Fixed issue in "versioned history" example where using a declarative base
     that is derived from :class:`_orm.DeclarativeBase` would fail to be mapped.
     Additionally, repaired the given test suite so that the documented
     instructions for running the example using Python unittest now work again.

 .. change::
     :tags: bug, orm
     :tickets: 9550

     Fixed issue where the :func:`_orm.mapped_column` construct would raise an
     internal error if used on a Declarative mixin and included the
     :paramref:`_orm.mapped_column.deferred` parameter.

 .. change::
     :tags: bug, mysql
     :tickets: 9544

     Fixed issue where string datatypes such as :class:`_sqltypes.CHAR`,
     :class:`_sqltypes.VARCHAR`, :class:`_sqltypes.TEXT`, as well as binary
     :class:`_sqltypes.BLOB`, could not be produced with an explicit length of
     zero, which has special meaning for MySQL. Pull request courtesy J. Nick
     Koston.

 .. change::
     :tags: bug, orm
     :tickets: 9537

     Expanded the warning emitted when a plain :func:`_sql.column` object is
     present in a Declarative mapping to include any arbitrary SQL expression
     that is not declared within an appropriate property type such as
     :func:`_orm.column_property`, :func:`_orm.deferred`, etc. These attributes
     are otherwise not mapped at all and remain unchanged within the class
     dictionary. As it seems likely that such an expression is usually not
     what's intended, this case now warns for all such otherwise ignored
     expressions, rather than just the :func:`_sql.column` case.

 .. change::
     :tags: bug, orm
     :tickets: 9519

     Fixed regression where accessing the expression value of a hybrid property
     on a class that was either unmapped or not-yet-mapped (such as calling upon
     it within a :func:`_orm.declared_attr` method) would raise an internal
     error, as an internal fetch for the parent class' mapper would fail and an
     instruction for this failure to be ignored were inadvertently removed in
     2.0.

 .. change::
     :tags: bug, orm
     :tickets: 9350

     Fields that are declared on Declarative Mixins and then combined with
     classes that make use of :class:`_orm.MappedAsDataclass`, where those mixin
     fields are not themselves part of a dataclass, now emit a deprecation
     warning as these fields will be ignored in a future release, as Python
     dataclasses behavior is to ignore these fields. Type checkers will not see
     these fields under pep-681.

     .. seealso::

         :ref:`error_dcmx` - background on rationale

         :ref:`orm_declarative_dc_mixins`

 .. change::
     :tags: bug, postgresql
     :tickets: 9511

     Fixed critical regression in PostgreSQL dialects such as asyncpg which rely
     upon explicit casts in SQL in order for datatypes to be passed to the
     driver correctly, where a :class:`.String` datatype would be cast along
     with the exact column length being compared, leading to implicit truncation
     when comparing a ``VARCHAR`` of a smaller length to a string of greater
     length regardless of operator in use (e.g. LIKE, MATCH, etc.). The
     PostgreSQL dialect now omits the length from ``VARCHAR`` when rendering
     these casts.

 .. change::
     :tags: bug, util
     :tickets: 9487

     Implemented missing methods ``copy`` and ``pop`` in
     OrderedSet class.

 .. change::
     :tags: bug, typing
     :tickets: 9536

     Fixed typing for :func:`_orm.deferred` and :func:`_orm.query_expression`
     to work correctly with 2.0 style mappings.

 .. change::
     :tags: bug, orm
     :tickets: 9526

     Fixed issue where the :meth:`_sql.BindParameter.render_literal_execute`
     method would fail when called on a parameter that also had ORM annotations
     associated with it. In practice, this would be observed as a failure of SQL
     compilation when using some combinations of a dialect that uses "FETCH
     FIRST" such as Oracle along with a :class:`_sql.Select` construct that uses
     :meth:`_sql.Select.limit`, within some ORM contexts, including if the
     statement were embedded within a relationship primaryjoin expression.


 .. change::
     :tags: usecase, orm
     :tickets: 9563

     Exceptions such as ``TypeError`` and ``ValueError`` raised by Python
     dataclasses when making use of the :class:`_orm.MappedAsDataclass` mixin
     class or :meth:`_orm.registry.mapped_as_dataclass` decorator are now
     wrapped within an :class:`.InvalidRequestError` wrapper along with
     informative context about the error message, referring to the Python
     dataclasses documentation as the authoritative source of background
     information on the cause of the exception.

     .. seealso::

         :ref:`error_dcte`


 .. change::
     :tags: bug, orm
     :tickets: 9549

     Towards maintaining consistency with unit-of-work changes made for
     :ticket:`5984` and :ticket:`8862`, both of which disable "lazy='raise'"
     handling within :class:`_orm.Session` processes that aren't triggered by
     attribute access, the :meth:`_orm.Session.delete` method will now also
     disable "lazy='raise'" handling when it traverses relationship paths in
     order to process the "delete" and "delete-orphan" cascade rules.
     Previously, there was no easy way to generically call
     :meth:`_orm.Session.delete` on an object that had "lazy='raise'" set up
     such that only the necessary relationships would be loaded. As
     "lazy='raise'" is primarily intended to catch SQL loading that emits on
     attribute ac

---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

## 📋 Pull Request Information **Original PR:** https://github.com/jeffknupp/sandman2/pull/325 **Author:** [@pyup-bot](https://github.com/pyup-bot) **Created:** 6/12/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `pyup-scheduled-update-2023-06-12` --- ### 📝 Commits (10+) - [`ee4b1f0`](https://github.com/jeffknupp/sandman2/commit/ee4b1f01890ee2299e28775df547135b58c553ae) Update flask from 1.1.2 to 2.3.2 - [`0a73f41`](https://github.com/jeffknupp/sandman2/commit/0a73f414ca241507bd7d06fc83a75a55a7038c08) Update flask-admin from 1.5.7 to 1.6.1 - [`1e5d46a`](https://github.com/jeffknupp/sandman2/commit/1e5d46a15032dd9263d219e92cd4c40bc8c4eaa0) Update flask-sqlalchemy from 2.4.4 to 3.0.3 - [`d690a0d`](https://github.com/jeffknupp/sandman2/commit/d690a0db24316296e5ed2f802ea126b3ed412b5c) Update sqlalchemy from 1.3.20 to 2.0.16 - [`37d0925`](https://github.com/jeffknupp/sandman2/commit/37d0925c9afcf877953c319a6a8ab98ffa329991) Update wtforms from 2.3.3 to 3.0.1 - [`e2e2660`](https://github.com/jeffknupp/sandman2/commit/e2e2660553d0cc87083adf4d49ef03a2ba49e3e7) Update coverage from 5.3 to 7.2.7 - [`5fc1998`](https://github.com/jeffknupp/sandman2/commit/5fc1998de7d88d376343bc159ecd857b1a3c4ea6) Update pytest from 6.2.0 to 7.3.2 - [`888e2de`](https://github.com/jeffknupp/sandman2/commit/888e2de1a1e4790e9f1de9cc3467a719b6127469) Update flask-cors from 3.0.9 to 3.0.10 - [`f0b780c`](https://github.com/jeffknupp/sandman2/commit/f0b780c2f66a2e21efa6ec7ac01a271f2d982c4f) Update pytest-cov from 2.10.1 to 4.1.0 - [`c1c0000`](https://github.com/jeffknupp/sandman2/commit/c1c0000a244583b169c8d8d4857d388c25e9ec0e) Update pytest-flask from 1.1.0 to 1.2.0 ### 📊 Changes **1 file changed** (+15 additions, -15 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+15 -15) </details> ### 📄 Description ### Update [Flask](https://pypi.org/project/Flask) from **1.1.2** to **2.3.2**. <details> <summary>Changelog</summary> ### 2.3.2 ``` ------------- Released 2023-05-01 - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. - Update Werkzeug requirement to &gt;=2.3.3 to apply recent bug fixes. ``` ### 2.3.1 ``` ------------- Released 2023-04-25 - Restore deprecated ``from flask import Markup``. :issue:`5084` ``` ### 2.3.0 ``` ------------- Released 2023-04-25 - Drop support for Python 3.7. :pr:`5072` - Update minimum requirements to the latest versions: Werkzeug&gt;=2.3.0, Jinja2&gt;3.1.2, itsdangerous&gt;=2.1.2, click&gt;=8.1.3. - Remove previously deprecated code. :pr:`4995` - The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and ``_request_ctx_stack`` objects are removed. ``top`` still exists to give extensions more time to update, but it will be removed. - The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env`` property are removed. - The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app`` are removed. - The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed. - The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators are removed. - ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed. - The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed. - Calling setup methods on blueprints after registration is an error instead of a warning. :pr:`4997` - Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them directly from ``markupsafe`` instead. :pr:`4996` - The ``app.got_first_request`` property is deprecated. :pr:`4997` - The ``locked_cached_property`` decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:`4993` - Signals are always available. ``blinker&gt;=1.6.2`` is a required dependency. The ``signals_available`` attribute is deprecated. :issue:`5056` - Signals support ``async`` subscriber functions. :pr:`5049` - Remove uses of locks that could cause requests to block each other very briefly. :issue:`4993` - Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``. :pr:`4947` - Ensure subdomains are applied with nested blueprints. :issue:`4834` - ``config.from_file`` can use ``text=False`` to indicate that the parser wants a binary file instead. :issue:`4989` - If a blueprint is created with an empty name it raises a ``ValueError``. :issue:`5010` - ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about ``localhost`` and IP addresses are also removed. :issue:`5051` - The ``routes`` command shows each rule&#x27;s ``subdomain`` or ``host`` when domain matching is in use. :issue:`5004` - Use postponed evaluation of annotations. :pr:`5071` ``` ### 2.2.5 ``` ------------- Released 2023-05-02 - Update for compatibility with Werkzeug 2.3.3. - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. ``` ### 2.2.4 ``` ------------- Released 2023-04-25 - Update for compatibility with Werkzeug 2.3. ``` ### 2.2.3 ``` ------------- Released 2023-02-15 - Autoescape is enabled by default for ``.svg`` template files. :issue:`4831` - Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892` - Add ``--debug`` option to the ``flask run`` command. :issue:`4777` ``` ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to &gt;= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``&quot;production&quot;``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to &gt;= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug&#x27;s ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python &lt; 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to &gt;= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client&#x27;s ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``setuptools`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client&#x27;s ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.request.environ`` instead. :pr:`4341` - Fix type annotation for ``errorhandler`` decorator. :issue:`4295` - Revert a change to the CLI that caused it to hide ``ImportError`` tracebacks when importing the application. :issue:`4307` - ``app.json_encoder`` and ``json_decoder`` are only passed to ``dumps`` and ``loads`` if they have custom behavior. This improves performance, mainly on PyPy. :issue:`4349` - Clearer error message when ``after_this_request`` is used outside a request context. :issue:`4333` ``` ### 2.0.2 ``` ------------- Released 2021-10-04 - Fix type annotation for ``teardown_*`` methods. :issue:`4093` - Fix type annotation for ``before_request`` and ``before_app_request`` decorators. :issue:`4104` - Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:`4098` - Support View and MethodView instances with async handlers. :issue:`4112` - Enhance typing of ``app.errorhandler`` decorator. :issue:`4095` - Fix registering a blueprint twice with differing names. :issue:`4124` - Fix the type of ``static_folder`` to accept ``pathlib.Path``. :issue:`4150` - ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``. :issue:`4157` - Correctly handle raising deferred errors in CLI lazy loading. :issue:`4096` - The CLI loader handles ``**kwargs`` in a ``create_app`` function. :issue:`4170` - Fix the order of ``before_request`` and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:`4229` ``` ### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren&#x27;t available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Revert a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug &gt;= 2, Jinja2 &gt;= 3, MarkupSafe &gt;= 2, ItsDangerous &gt;= 2, Click &gt;= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it&#x27;s needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add ``SessionInterface.get_cookie_name`` to allow setting the session cookie name dynamically. :pr:`3369` - Add ``Config.from_file`` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. ``Config.from_json`` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - ``send_file`` raises a ``ValueError`` when passed an ``io`` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja&#x27;s implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post(&quot;/login&quot;)`` is a shortcut for ``app.route(&quot;/login&quot;, methods=[&quot;POST&quot;])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to &quot;UTF-8&quot; when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python &lt; 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask - Changelog: https://pyup.io/changelogs/flask/ </details> ### Update [Flask-Admin](https://pypi.org/project/Flask-Admin) from **1.5.7** to **1.6.1**. <details> <summary>Changelog</summary> ### 1.6.1 ``` ----- * SQLAlchemy 2.x support * General updates and bug fixes * Dropped WTForms 1 support ``` ### 1.6.0 ``` ----- * Dropped Python 2 support * WTForms 3.0 support * Various fixes ``` ### 1.5.8 ``` ----- * SQLAlchemy 1.4.5+ compatibility fixes * Redis CLI fixes ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-admin - Changelog: https://pyup.io/changelogs/flask-admin/ - Repo: https://github.com/flask-admin/flask-admin/ - Docs: https://pythonhosted.org/Flask-Admin/ </details> ### Update [Flask-SQLAlchemy](https://pypi.org/project/Flask-SQLAlchemy) from **2.4.4** to **3.0.3**. <details> <summary>Changelog</summary> ### 3.0.2 ``` ------------- Released 2022-10-14 - Update compatibility with SQLAlchemy 2. :issue:`1122` ``` ### 3.0.1 ``` ------------- Released 2022-10-11 - Export typing information instead of using external typeshed definitions. :issue:`1112` - If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an invalid default bind will not be configured. :issue:`1117` ``` ### 3.0.0 ``` ------------- Released 2022-10-04 - Drop support for Python 2, 3.4, 3.5, and 3.6. - Bump minimum version of Flask to 2.2. - Bump minimum version of SQLAlchemy to 1.4.18. - Remove previously deprecated code. - The session is scoped to the current app context instead of the thread. This requires that an app context is active. This ensures that the session is cleaned up after every request. - An active Flask application context is always required to access ``session`` and ``engine``, regardless of if an application was passed to the constructor. :issue:`508, 944` - Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing tables in different databases to have the same name. Bind keys are stored and looked up on the resulting metadata rather than the model or table. - ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731` - Configuring SQLite with a relative path is relative to ``app.instance_path`` instead of ``app.root_path``. The instance folder is created if necessary. :issue:`462` - Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to the extension object. These use SQLAlchemy&#x27;s preferred ``session.execute(select())`` pattern instead of the legacy query interface. :issue:`1088` - Setup methods that create the engines and session are renamed with a leading underscore. They are considered internal interfaces which may change at any time. - All parameters to ``SQLAlchemy`` except ``app`` are keyword-only. - Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter from various ``SQLAlchemy`` methods. - The extension object uses ``__getattr__`` to alias names from the SQLAlchemy package, rather than copying them as attributes. - The extension object is stored directly as ``app.extensions[&quot;sqlalchemy&quot;]``. :issue:`698` - The session class can be customized by passing the ``class_`` key in the ``session_options`` parameter. :issue:`327` - ``SignallingSession`` is renamed to ``Session``. - ``Session.get_bind`` more closely matches the base implementation. - Model classes and the ``db`` instance are available without imports in ``flask shell``. :issue:`1089` - The ``CamelCase`` to ``snake_case`` table name converter handles more patterns correctly. If model that was already created in the database changed, either use Alembic to rename the table, or set ``__tablename__`` to keep the old name. :issue:`406` - ``Model`` ``repr`` distinguishes between transient and pending instances. :issue:`967` - A custom model class can implement ``__init_subclass__`` with class parameters. :issue:`1002` - ``db.Table`` is a subclass instead of a function. - The ``engine_options`` parameter is applied as defaults before per-engine configuration. - ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence. :issue:`783` - Engines are created when calling ``init_app`` rather than the first time they are accessed. :issue:`698` - ``db.engines`` exposes the map of bind keys to engines for the current app. - ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated. - SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are supported. :issue:`998, 1045` - SQLite engines do not use ``NullPool`` if ``pool_size`` is 0. - MySQL engines use the &quot;utf8mb4&quot; charset by default. :issue:`875` - MySQL engines do not set ``pool_size`` to 10. - MySQL engines don&#x27;t set a default for ``pool_recycle`` if not using a queue pool. :issue:`803` - ``Query`` is renamed from ``BaseQuery``. - Added ``Query.one_or_404``. - The query class is applied to ``backref`` in ``relationship``. :issue:`417` - Creating ``Pagination`` objects manually is no longer a public API. They should be created with ``db.paginate`` or ``query.paginate``. :issue:`1088` - ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only. - ``Pagination`` is iterable, iterating over its items. :issue:`70` - Pagination count query is more efficient. - ``Pagination.iter_pages`` is more efficient. :issue:`622` - ``Pagination.iter_pages`` ``right_current`` parameter is inclusive. - Pagination ``per_page`` cannot be 0. :issue:`1091` - Pagination ``max_per_page`` defaults to 100. :issue:`1091` - Added ``Pagination.first`` and ``last`` properties, which give the number of the first and last item on the page. :issue:`567` - ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled automatically with ``app.debug`` or ``app.testing``. :issue:`1092` - ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the config and functionality. - Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is renamed to ``location``. Finding the location uses a more inclusive check. - ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727` - ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues that are difficult to debug. Call ``db.session.commit()`` directly instead. :issue:`216` ``` ### 2.5.1 ``` ------------- Released 2021-03-18 - Fix compatibility with Python 2.7. ``` ### 2.5.0 ``` ------------- Released 2021-03-18 - Update to support SQLAlchemy 1.4. - SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to return a new URL instead of ``None``. :issue:`885` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-sqlalchemy - Changelog: https://pyup.io/changelogs/flask-sqlalchemy/ - Docs: https://pythonhosted.org/Flask-SQLAlchemy/ </details> ### Update [SQLAlchemy](https://pypi.org/project/SQLAlchemy) from **1.3.20** to **2.0.16**. <details> <summary>Changelog</summary> ### 2.0.16 ``` :include_notes_from: unreleased_20 .. changelog:: ``` ### 2.0.15 ``` :released: May 19, 2023 .. change:: :tags: bug, orm :tickets: 9805 As more projects are using new-style &quot;2.0&quot; ORM querying, it&#x27;s becoming apparent that the conditional nature of &quot;autoflush&quot;, being based on whether or not the given statement refers to ORM entities, is becoming more of a key behavior. Up until now, the &quot;ORM&quot; flag for a statement has been loosely based around whether or not the statement returns rows that correspond to ORM entities or columns; the original purpose of the &quot;ORM&quot; flag was to enable ORM-entity fetching rules which apply post-processing to Core result sets as well as ORM loader strategies to the statement. For statements that don&#x27;t build on rows that contain ORM entities, the &quot;ORM&quot; flag was considered to be mostly unnecessary. It still may be the case that &quot;autoflush&quot; would be better taking effect for *all* usage of :meth:`_orm.Session.execute` and related methods, even for purely Core SQL constructs. However, this still could impact legacy cases where this is not expected and may be more of a 2.1 thing. For now however, the rules for the &quot;ORM-flag&quot; have been opened up so that a statement that includes ORM entities or attributes anywhere within, including in the WHERE / ORDER BY / GROUP BY clause alone, within scalar subqueries, etc. will enable this flag. This will cause &quot;autoflush&quot; to occur for such statements and also be visible via the :attr:`_orm.ORMExecuteState.is_orm_statement` event-level attribute. .. change:: :tags: bug, postgresql, regression :tickets: 9808 Repaired the base :class:`.Uuid` datatype for the PostgreSQL dialect to make full use of the PG-specific ``UUID`` dialect-specific datatype when &quot;native_uuid&quot; is selected, so that PG driver behaviors are included. This issue became apparent due to the insertmanyvalues improvement made as part of :ticket:`9618`, where in a similar manner as that of :ticket:`9739`, the asyncpg driver is very sensitive to datatype casts being present or not, and the PostgreSQL driver-specific native ``UUID`` datatype must be invoked when this generic type is used so that these casts take place. .. changelog:: ``` ### 2.0.14 ``` :released: May 18, 2023 .. change:: :tags: bug, sql :tickets: 9772 Fixed issue in :func:`_sql.values` construct where an internal compilation error would occur if the construct were used inside of a scalar subquery. .. change:: :tags: usecase, sql :tickets: 9752 Generalized the MSSQL :func:`_sql.try_cast` function into the ``sqlalchemy.`` import namespace so that it may be implemented by third party dialects as well. Within SQLAlchemy, the :func:`_sql.try_cast` function remains a SQL Server-only construct that will raise :class:`.CompileError` if used with backends that don&#x27;t support it. :func:`_sql.try_cast` implements a CAST where un-castable conversions are returned as NULL, instead of raising an error. Theoretically, the construct could be implemented by third party dialects for Google BigQuery, DuckDB, and Snowflake, and possibly others. Pull request courtesy Nick Crews. .. change:: :tags: bug, tests, pypy :tickets: 9789 Fixed test that relied on the ``sys.getsizeof()`` function to not run on pypy, where this function appears to have different behavior than it does on cpython. .. change:: :tags: bug, orm :tickets: 9777 Modified the ``JoinedLoader`` implementation to use a simpler approach in one particular area where it previously used a cached structure that would be shared among threads. The rationale is to avoid a potential race condition which is suspected of being the cause of a particular crash that&#x27;s been reported multiple times. The cached structure in question is still ultimately &quot;cached&quot; via the compiled SQL cache, so a performance degradation is not anticipated. .. change:: :tags: bug, orm, regression :tickets: 9767 Fixed regression where use of :func:`_dml.update` or :func:`_dml.delete` within a :class:`_sql.CTE` construct, then used in a :func:`_sql.select`, would raise a :class:`.CompileError` as a result of ORM related rules for performing ORM-level update/delete statements. .. change:: :tags: bug, orm :tickets: 9766 Fixed issue in new ORM Annotated Declarative where using a :class:`_schema.ForeignKey` (or other column-level constraint) inside of :func:`_orm.mapped_column` which is then copied out to models via pep-593 ``Annotated`` would apply duplicates of each constraint to the :class:`_schema.Column` as produced in the target :class:`_schema.Table`, leading to incorrect CREATE TABLE DDL as well as migration directives under Alembic. .. change:: :tags: bug, orm :tickets: 9779 Fixed issue where using additional relationship criteria with the :func:`_orm.joinedload` loader option, where the additional criteria itself contained correlated subqueries that referred to the joined entities and therefore also required &quot;adaption&quot; to aliased entities, would be excluded from this adaption, producing the wrong ON clause for the joinedload. .. change:: :tags: bug, postgresql :tickets: 9773 Fixed apparently very old issue where the :paramref:`_postgresql.ENUM.create_type` parameter, when set to its non-default of ``False``, would not be propagated when the :class:`_schema.Column` which it&#x27;s a part of were copied, as is common when using ORM Declarative mixins. .. changelog:: ``` ### 2.0.13 ``` :released: May 10, 2023 .. change:: :tags: usecase, asyncio :tickets: 9731 Added a new helper mixin :class:`_asyncio.AsyncAttrs` that seeks to improve the use of lazy-loader and other expired or deferred ORM attributes with asyncio, providing a simple attribute accessor that provides an ``await`` interface to any ORM attribute, whether or not it needs to emit SQL. .. seealso:: :class:`_asyncio.AsyncAttrs` .. change:: :tags: bug, orm :tickets: 9717 Fixed issue where ORM Annotated Declarative would not resolve forward references correctly in all cases; in particular, when using ``from __future__ import annotations`` in combination with Pydantic dataclasses. .. change:: :tags: typing, sql :tickets: 9656 Added type :data:`_sql.ColumnExpressionArgument` as a public-facing type that indicates column-oriented arguments which are passed to SQLAlchemy constructs, such as :meth:`_sql.Select.where`, :func:`_sql.and_` and others. This may be used to add typing to end-user functions which call these methods. .. change:: :tags: bug, orm :tickets: 9746 Fixed issue in new :ref:`orm_queryguide_upsert_returning` feature where the ``populate_existing`` execution option was not being propagated to the loading option, preventing existing attributes from being refreshed in-place. .. change:: :tags: bug, sql Fixed the base class for dialect-specific float/double types; Oracle :class:`_oracle.BINARY_DOUBLE` now subclasses :class:`_sqltypes.Double`, and internal types for :class:`_sqltypes.Float` for asyncpg and pg8000 now correctly subclass :class:`_sqltypes.Float`. .. change:: :tags: bug, ext :tickets: 9676 Fixed issue in :class:`_mutable.Mutable` where event registration for ORM mapped attributes would be called repeatedly for mapped inheritance subclasses, leading to duplicate events being invoked in inheritance hierarchies. .. change:: :tags: bug, orm :tickets: 9715 Fixed loader strategy pathing issues where eager loaders such as :func:`_orm.joinedload` / :func:`_orm.selectinload` would fail to traverse fully for many-levels deep following a load that had a :func:`_orm.with_polymorphic` or similar construct as an interim member. .. change:: :tags: usecase, sql :tickets: 9721 Implemented the &quot;cartesian product warning&quot; for UPDATE and DELETE statements, those which include multiple tables that are not correlated together in some way. .. change:: :tags: bug, sql Fixed issue where :func:`_dml.update` construct that included multiple tables and no VALUES clause would raise with an internal error. Current behavior for :class:`_dml.Update` with no values is to generate a SQL UPDATE statement with an empty &quot;set&quot; clause, so this has been made consistent for this specific sub-case. .. change:: :tags: oracle, reflection :tickets: 9597 Added reflection support in the Oracle dialect to expression based indexes and the ordering direction of index expressions. .. change:: :tags: performance, schema :tickets: 9597 Improved how table columns are added, avoiding unnecessary allocations, significantly speeding up the creation of many table, like when reflecting entire schemas. .. change:: :tags: bug, typing :tickets: 9762 Fixed typing for the :paramref:`_orm.Session.get.with_for_update` parameter of :meth:`_orm.Session.get` and :meth:`_orm.Session.refresh` (as well as corresponding methods on :class:`_asyncio.AsyncSession`) to accept boolean ``True`` and all other argument forms accepted by the parameter at runtime. .. change:: :tags: bug, postgresql, regression :tickets: 9739 Fixed another regression due to the &quot;insertmanyvalues&quot; change in 2.0.10 as part of :ticket:`9618`, in a similar way as regression :ticket:`9701`, where :class:`.LargeBinary` datatypes also need additional casts on when using the asyncpg driver specifically in order to work with the new bulk INSERT format. .. change:: :tags: bug, orm :tickets: 9630 Fixed issue in :func:`_orm.mapped_column` construct where the correct warning for &quot;column X named directly multiple times&quot; would not be emitted when ORM mapped attributes referred to the same :class:`_schema.Column`, if the :func:`_orm.mapped_column` construct were involved, raising an internal assertion instead. .. change:: :tags: bug, asyncio Fixed issue in semi-private ``await_only()`` and ``await_fallback()`` concurrency functions where the given awaitable would remain un-awaited if the function threw a ``GreenletError``, which could cause &quot;was not awaited&quot; warnings later on if the program continued. In this case, the given awaitable is now cancelled before the exception is thrown. .. changelog:: ``` ### 2.0.12 ``` :released: April 30, 2023 .. change:: :tags: bug, mysql, mariadb :tickets: 9722 Fixed issues regarding reflection of comments for :class:`_schema.Table` and :class:`_schema.Column` objects, where the comments contained control characters such as newlines. Additional testing support for these characters as well as extended Unicode characters in table and column comments (the latter of which aren&#x27;t supported by MySQL/MariaDB) added to testing overall. .. changelog:: ``` ### 2.0.11 ``` :released: April 26, 2023 .. change:: :tags: bug, engine, regression :tickets: 9682 Fixed regression which prevented the :attr:`_engine.URL.normalized_query` attribute of :class:`_engine.URL` from functioning. .. change:: :tags: bug, postgresql, regression :tickets: 9701 Fixed critical regression caused by :ticket:`9618`, which modified the architecture of the :term:`insertmanyvalues` feature for 2.0.10, which caused floating point values to lose all decimal places when being inserted using the insertmanyvalues feature with either the psycopg2 or psycopg drivers. .. change:: :tags: bug, mssql Implemented the :class:`_sqltypes.Double` type for SQL Server, where it will render ``DOUBLE PRECISION`` at DDL time. This is implemented using a new MSSQL datatype :class:`_mssql.DOUBLE_PRECISION` which also may be used directly. .. change:: :tags: bug, oracle Fixed issue in Oracle dialects where ``Decimal`` returning types such as :class:`_sqltypes.Numeric` would return floating point values, rather than ``Decimal`` objects, when these columns were used in the :meth:`_dml.Insert.returning` clause to return INSERTed values. .. change:: :tags: bug, orm :tickets: 9583, 9595 Fixed 2.0 regression where use of :func:`_sql.bindparam()` inside of :meth:`_dml.Insert.values` would fail to be interpreted correctly when executing the :class:`_dml.Insert` statement using the ORM :class:`_orm.Session`, due to the new :ref:`ORM-enabled insert feature &lt;orm_queryguide_bulk_insert&gt;` not implementing this use case. .. change:: :tags: usecase, orm :tickets: 9583, 9595 The :ref:`ORM bulk INSERT and UPDATE &lt;orm_expression_update_delete&gt;` features now add these capabilities: * The requirement that extra parameters aren&#x27;t passed when using ORM INSERT using the &quot;orm&quot; dml_strategy setting is lifted. * The requirement that additional WHERE criteria is not passed when using ORM UPDATE using the &quot;bulk&quot; dml_strategy setting is lifted. Note that in this case, the check for expected row count is turned off. .. change:: :tags: usecase, sql :tickets: 8285 Added support for slice access with :class:`.ColumnCollection`, e.g. ``table.c[0:5]``, ``subquery.c[:-1]`` etc. Slice access returns a sub :class:`.ColumnCollection` in the same way as passing a tuple of keys. This is a natural continuation of the key-tuple access added for :ticket:`8285`, where it appears to be an oversight that the slice access use case was omitted. .. change:: :tags: bug, typing :tickets: 9644 Improved typing of :class:`_engine.RowMapping` to indicate that it support also :class:`_schema.Column` as index objects, not only string names. Pull request courtesy Andy Freeland. .. change:: :tags: engine, performance :tickets: 9678, 9680 A series of performance enhancements to :class:`_engine.Row`: * ``__getattr__`` performance of the row&#x27;s &quot;named tuple&quot; interface has been improved; within this change, the :class:`_engine.Row` implementation has been streamlined, removing constructs and logic that were specific to the 1.4 and prior series of SQLAlchemy. As part of this change, the serialization format of :class:`_engine.Row` has been modified slightly, however rows which were pickled with previous SQLAlchemy 2.0 releases will be recognized within the new format. Pull request courtesy J. Nick Koston. * Improved row processing performance for &quot;binary&quot; datatypes by making the &quot;bytes&quot; handler conditional on a per driver basis. As a result, the &quot;bytes&quot; result handler has been removed for nearly all drivers other than psycopg2, all of which in modern forms support returning Python &quot;bytes&quot; directly. Pull request courtesy J. Nick Koston. * Additional refactorings inside of :class:`_engine.Row` to improve performance by Federico Caselli. .. changelog:: ``` ### 2.0.10 ``` :released: April 21, 2023 .. change:: :tags: bug, typing :tickets: 9650 Added typing information for recently added operators :meth:`.ColumnOperators.icontains`, :meth:`.ColumnOperators.istartswith`, :meth:`.ColumnOperators.iendswith`, and bitwise operators :meth:`.ColumnOperators.bitwise_and`, :meth:`.ColumnOperators.bitwise_or`, :meth:`.ColumnOperators.bitwise_xor`, :meth:`.ColumnOperators.bitwise_not`, :meth:`.ColumnOperators.bitwise_lshift` :meth:`.ColumnOperators.bitwise_rshift`. Pull request courtesy Martijn Pieters. .. change:: :tags: bug, oracle Fixed issue where the :class:`_sqltypes.Uuid` datatype could not be used in an INSERT..RETURNING clause with the Oracle dialect. .. change:: :tags: usecase, engine :tickets: 9613 Added :func:`_sa.create_pool_from_url` and :func:`_asyncio.create_async_pool_from_url` to create a :class:`_pool.Pool` instance from an input url passed as string or :class:`_sa.URL`. .. change:: :tags: bug, engine :tickets: 9618, 9603 Repaired a major shortcoming which was identified in the :ref:`engine_insertmanyvalues` performance optimization feature first introduced in the 2.0 series. This was a continuation of the change in 2.0.9 which disabled the SQL Server version of the feature due to a reliance in the ORM on apparent row ordering that is not guaranteed to take place. The fix applies new logic to all &quot;insertmanyvalues&quot; operations, which takes effect when a new parameter :paramref:`_dml.Insert.returning.sort_by_parameter_order` on the :meth:`_dml.Insert.returning` or :meth:`_dml.UpdateBase.return_defaults` methods, that through a combination of alternate SQL forms, direct correspondence of client side parameters, and in some cases downgrading to running row-at-a-time, will apply sorting to each batch of returned rows using correspondence to primary key or other unique values in each row which can be correlated to the input data. Performance impact is expected to be minimal as nearly all common primary key scenarios are suitable for parameter-ordered batching to be achieved for all backends other than SQLite, while &quot;row-at-a-time&quot; mode operates with a bare minimum of Python overhead compared to the very heavyweight approaches used in the 1.x series. For SQLite, there is no difference in performance when &quot;row-at-a-time&quot; mode is used. It&#x27;s anticipated that with an efficient &quot;row-at-a-time&quot; INSERT with RETURNING batching capability, the &quot;insertmanyvalues&quot; feature can be later be more easily generalized to third party backends that include RETURNING support but not necessarily easy ways to guarantee a correspondence with parameter order. .. seealso:: :ref:`engine_insertmanyvalues_returning_order` .. change:: :tags: bug, mssql :tickets: 9618, 9603 Restored the :term:`insertmanyvalues` feature for Microsoft SQL Server. This feature was disabled in version 2.0.9 due to an apparent reliance on the ordering of RETURNING that is not guaranteed. The architecture of the &quot;insertmanyvalues&quot; feature has been reworked to accommodate for specific organizations of INSERT statements and result row handling that can guarantee the correspondence of returned rows to input records. .. seealso:: :ref:`engine_insertmanyvalues_returning_order` .. change:: :tags: usecase, postgresql :tickets: 9608 Added ``prepared_statement_name_func`` connection argument option in the asyncpg dialect. This option allows passing a callable used to customize the name of the prepared statement that will be created by the driver when executing queries. Pull request courtesy Pavel Sirotkin. .. seealso:: :ref:`asyncpg_prepared_statement_name` .. change:: :tags: typing, bug Updates to the codebase to pass typing with Mypy 1.2.0. .. change:: :tags: bug, typing :tickets: 9669 Fixed typing issue where :meth:`_orm.PropComparator.and_` expressions would not be correctly typed inside of loader options such as :func:`_orm.selectinload`. .. change:: :tags: bug, orm :tickets: 9625 Fixed issue where the :meth:`_orm.declared_attr.directive` modifier was not correctly honored for subclasses when applied to the ``__mapper_args__`` special method name, as opposed to direct use of :class:`_orm.declared_attr`. The two constructs should have identical runtime behaviors. .. change:: :tags: bug, postgresql :tickets: 9611 Restored the :paramref:`_postgresql.ENUM.name` parameter as optional in the signature for :class:`_postgresql.ENUM`, as this is chosen automatically from a given pep-435 ``Enum`` type. .. change:: :tags: bug, postgresql :tickets: 9621 Fixed issue where the comparison for :class:`_postgresql.ENUM` against a plain string would cast that right-hand side type as VARCHAR, which due to more explicit casting added to dialects such as asyncpg would produce a PostgreSQL type mismatch error. .. change:: :tags: bug, orm :tickets: 9635 Made an improvement to the :func:`_orm.with_loader_criteria` loader option to allow it to be indicated in the :meth:`.Executable.options` method of a top-level statement that is not itself an ORM statement. Examples include :func:`_sql.select` that&#x27;s embedded in compound statements such as :func:`_sql.union`, within an :meth:`_dml.Insert.from_select` construct, as well as within CTE expressions that are not ORM related at the top level. .. change:: :tags: bug, orm :tickets: 9685 Fixed bug in ORM bulk insert feature where additional unnecessary columns would be rendered in the INSERT statement if RETURNING of individual columns were requested. .. change:: :tags: bug, postgresql :tickets: 9615 Fixed issue that prevented reflection of expression based indexes with long expressions in PostgreSQL. The expression where erroneously truncated to the identifier length (that&#x27;s 63 bytes by default). .. change:: :tags: usecase, postgresql :tickets: 9509 Add missing :meth:`_postgresql.Range.intersection` method. Pull request courtesy Yurii Karabas. .. change:: :tags: bug, orm :tickets: 9628 Fixed bug in ORM Declarative Dataclasses where the :func:`_orm.query_expression` and :func:`_orm.column_property` constructs, which are documented as read-only constructs in the context of a Declarative mapping, could not be used with a :class:`_orm.MappedAsDataclass` class without adding ``init=False``, which in the case of :func:`_orm.query_expression` was not possible as no ``init`` parameter was included. These constructs have been modified from a dataclass perspective to be assumed to be &quot;read only&quot;, setting ``init=False`` by default and no longer including them in the pep-681 constructor. The dataclass parameters for :func:`_orm.column_property` ``init``, ``default``, ``default_factory``, ``kw_only`` are now deprecated; these fields don&#x27;t apply to :func:`_orm.column_property` as used in a Declarative dataclasses configuration where the construct would be read-only. Also added read-specific parameter :paramref:`_orm.query_expression.compare` to :func:`_orm.query_expression`; :paramref:`_orm.query_expression.repr` was already present. .. change:: :tags: bug, orm Added missing :paramref:`_orm.mapped_column.active_history` parameter to :func:`_orm.mapped_column` construct. .. changelog:: ``` ### 2.0.9 ``` :released: April 5, 2023 .. change:: :tags: bug, mssql :tickets: 9603 The SQLAlchemy &quot;insertmanyvalues&quot; feature which allows fast INSERT of many rows while also supporting RETURNING is temporarily disabled for SQL Server. As the unit of work currently relies upon this feature such that it matches existing ORM objects to returned primary key identities, this particular use pattern does not work with SQL Server in all cases as the order of rows returned by &quot;OUTPUT inserted&quot; may not always match the order in which the tuples were sent, leading to the ORM making the wrong decisions about these objects in subsequent operations. The feature will be re-enabled in an upcoming release and will again take effect for multi-row INSERT statements, however the unit-of-work&#x27;s use of the feature will be disabled, possibly for all dialects, unless ORM-mapped tables also include a &quot;sentinel&quot; column so that the returned rows can be referenced back to the original data passed in. .. change:: :tags: bug, mariadb :tickets: 9588 Added ``row_number`` as reserved word in MariaDb. .. change:: :tags: bug, mssql :tickets: 9586 Changed the bulk INSERT strategy used for SQL Server &quot;executemany&quot; with pyodbc when ``fast_executemany`` is set to ``True`` by using ``fast_executemany`` / ``cursor.executemany()`` for bulk INSERT that does not include RETURNING, restoring the same behavior as was used in SQLAlchemy 1.4 when this parameter is set. New performance details from end users have shown that ``fast_executemany`` is still much faster for very large datasets as it uses ODBC commands that can receive all rows in a single round trip, allowing for much larger datasizes than the batches that can be sent by &quot;insertmanyvalues&quot; as was implemented for SQL Server. While this change was made such that &quot;insertmanyvalues&quot; continued to be used for INSERT that includes RETURNING, as well as if ``fast_executemany`` were not set, due to :ticket:`9603`, the &quot;insertmanyvalues&quot; strategy has been disabled for SQL Server across the board in any case. .. changelog:: ``` ### 2.0.8 ``` :released: March 31, 2023 .. change:: :tags: bug, orm :tickets: 9553 Fixed issue in ORM Annotated Declarative where using a recursive type (e.g. using a nested Dict type) would result in a recursion overflow in the ORM&#x27;s annotation resolution logic, even if this datatype were not necessary to map the column. .. change:: :tags: bug, examples Fixed issue in &quot;versioned history&quot; example where using a declarative base that is derived from :class:`_orm.DeclarativeBase` would fail to be mapped. Additionally, repaired the given test suite so that the documented instructions for running the example using Python unittest now work again. .. change:: :tags: bug, orm :tickets: 9550 Fixed issue where the :func:`_orm.mapped_column` construct would raise an internal error if used on a Declarative mixin and included the :paramref:`_orm.mapped_column.deferred` parameter. .. change:: :tags: bug, mysql :tickets: 9544 Fixed issue where string datatypes such as :class:`_sqltypes.CHAR`, :class:`_sqltypes.VARCHAR`, :class:`_sqltypes.TEXT`, as well as binary :class:`_sqltypes.BLOB`, could not be produced with an explicit length of zero, which has special meaning for MySQL. Pull request courtesy J. Nick Koston. .. change:: :tags: bug, orm :tickets: 9537 Expanded the warning emitted when a plain :func:`_sql.column` object is present in a Declarative mapping to include any arbitrary SQL expression that is not declared within an appropriate property type such as :func:`_orm.column_property`, :func:`_orm.deferred`, etc. These attributes are otherwise not mapped at all and remain unchanged within the class dictionary. As it seems likely that such an expression is usually not what&#x27;s intended, this case now warns for all such otherwise ignored expressions, rather than just the :func:`_sql.column` case. .. change:: :tags: bug, orm :tickets: 9519 Fixed regression where accessing the expression value of a hybrid property on a class that was either unmapped or not-yet-mapped (such as calling upon it within a :func:`_orm.declared_attr` method) would raise an internal error, as an internal fetch for the parent class&#x27; mapper would fail and an instruction for this failure to be ignored were inadvertently removed in 2.0. .. change:: :tags: bug, orm :tickets: 9350 Fields that are declared on Declarative Mixins and then combined with classes that make use of :class:`_orm.MappedAsDataclass`, where those mixin fields are not themselves part of a dataclass, now emit a deprecation warning as these fields will be ignored in a future release, as Python dataclasses behavior is to ignore these fields. Type checkers will not see these fields under pep-681. .. seealso:: :ref:`error_dcmx` - background on rationale :ref:`orm_declarative_dc_mixins` .. change:: :tags: bug, postgresql :tickets: 9511 Fixed critical regression in PostgreSQL dialects such as asyncpg which rely upon explicit casts in SQL in order for datatypes to be passed to the driver correctly, where a :class:`.String` datatype would be cast along with the exact column length being compared, leading to implicit truncation when comparing a ``VARCHAR`` of a smaller length to a string of greater length regardless of operator in use (e.g. LIKE, MATCH, etc.). The PostgreSQL dialect now omits the length from ``VARCHAR`` when rendering these casts. .. change:: :tags: bug, util :tickets: 9487 Implemented missing methods ``copy`` and ``pop`` in OrderedSet class. .. change:: :tags: bug, typing :tickets: 9536 Fixed typing for :func:`_orm.deferred` and :func:`_orm.query_expression` to work correctly with 2.0 style mappings. .. change:: :tags: bug, orm :tickets: 9526 Fixed issue where the :meth:`_sql.BindParameter.render_literal_execute` method would fail when called on a parameter that also had ORM annotations associated with it. In practice, this would be observed as a failure of SQL compilation when using some combinations of a dialect that uses &quot;FETCH FIRST&quot; such as Oracle along with a :class:`_sql.Select` construct that uses :meth:`_sql.Select.limit`, within some ORM contexts, including if the statement were embedded within a relationship primaryjoin expression. .. change:: :tags: usecase, orm :tickets: 9563 Exceptions such as ``TypeError`` and ``ValueError`` raised by Python dataclasses when making use of the :class:`_orm.MappedAsDataclass` mixin class or :meth:`_orm.registry.mapped_as_dataclass` decorator are now wrapped within an :class:`.InvalidRequestError` wrapper along with informative context about the error message, referring to the Python dataclasses documentation as the authoritative source of background information on the cause of the exception. .. seealso:: :ref:`error_dcte` .. change:: :tags: bug, orm :tickets: 9549 Towards maintaining consistency with unit-of-work changes made for :ticket:`5984` and :ticket:`8862`, both of which disable &quot;lazy=&#x27;raise&#x27;&quot; handling within :class:`_orm.Session` processes that aren&#x27;t triggered by attribute access, the :meth:`_orm.Session.delete` method will now also disable &quot;lazy=&#x27;raise&#x27;&quot; handling when it traverses relationship paths in order to process the &quot;delete&quot; and &quot;delete-orphan&quot; cascade rules. Previously, there was no easy way to generically call :meth:`_orm.Session.delete` on an object that had &quot;lazy=&#x27;raise&#x27;&quot; set up such that only the necessary relationships would be loaded. As &quot;lazy=&#x27;raise&#x27;&quot; is primarily intended to catch SQL loading that emits on attribute ac --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 01:34:04 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 01:34:05 +03:00

[PR #333] [CLOSED] Scheduled weekly dependency update for week 33 #340

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pyup-scheduled-update-2026-04-20

pyup-scheduled-update-2024-09-16

pyup-scheduled-update-2023-07-24

pyup-scheduled-update-2023-06-19

pyup-scheduled-update-2023-05-22

pyup-scheduled-update-2023-05-15

pyup-scheduled-update-2023-05-08

dependabot/pip/flask-2.3.2

pyup-scheduled-update-2023-05-01

pyup-scheduled-update-2023-04-03

dependabot/pip/werkzeug-2.2.3

pyup-scheduled-update-2022-11-14

pyup-scheduled-update-2022-10-03

pyup-scheduled-update-2022-08-01

pyup-scheduled-update-2022-06-13

pyup-scheduled-update-2022-05-30

pyup-scheduled-update-2022-03-07

pyup-scheduled-update-2022-01-10

pyup-scheduled-update-2021-11-01

pyup-scheduled-update-2020-10-05

pyup-scheduled-update-2019-09-30

pyup-scheduled-update-2019-07-29

pyup-scheduled-update-2019-07-22

pyup-scheduled-update-2019-05-27

pyup-scheduled-update-2019-03-11

marshmallow

pyup-scheduled-update-2019-02-25

pyup-scheduled-update-2019-02-18

pyup-scheduled-update-2019-01-28

pyup-scheduled-update-2019-01-14

docker

name-map-stupid

swagger

fix-pagination

doc-expansion

specify-schema

No results found.

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactoring

  

research

  

wontfix

No labels

bug

duplicate

enhancement

help wanted

invalid

pull-request

question

refactoring

research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sandman2-jeffknupp#333

No description provided.