[PR #335] [CLOSED] Scheduled weekly dependency update for week 35 #342

New issue

Closed

opened 2026-02-26 01:34:06 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 01:34:06 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/jeffknupp/sandman2/pull/335
Author: @pyup-bot
Created: 8/28/2023
Status: ❌ Closed

Base: master ← Head: pyup-scheduled-update-2023-08-28

---

📝 Commits (10+)

• 812b502 Update flask from 1.1.2 to 2.3.3
• 0a64839 Update flask-admin from 1.5.7 to 1.6.1
• d25d3cf Update flask-sqlalchemy from 2.4.4 to 3.0.5
• 9756b0a Update sqlalchemy from 1.3.20 to 2.0.20
• cc8dd8f Update wtforms from 2.3.3 to 3.0.1
• eda55e5 Update coverage from 5.3 to 7.3.0
• 265ee99 Update pytest from 6.2.0 to 7.4.0
• e5c41ec Update flask-cors from 3.0.9 to 4.0.0
• da08ea9 Update pytest-cov from 2.10.1 to 4.1.0
• 08e612c Update pytest-flask from 1.1.0 to 1.2.0

📊 Changes

1 file changed (+15 additions, -15 deletions)

View changed files

📝 requirements.txt (+15 -15)

📄 Description

Update Flask from 1.1.2 to 2.3.3.

Changelog

2.3.3

-------------

Unreleased

-   Python 3.12 compatibility.
-   Require Werkzeug >= 2.3.7.
-   Use ``flit_core`` instead of ``setuptools`` as build backend.
-   Refactor how an app's root and instance paths are determined. :issue:`5160`

2.3.2

-------------

Released 2023-05-01

-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.
-   Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

2.3.1

-------------

Released 2023-04-25

-   Restore deprecated ``from flask import Markup``. :issue:`5084`

2.3.0

-------------

Released 2023-04-25

-   Drop support for Python 3.7. :pr:`5072`
-   Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
 itsdangerous>=2.1.2, click>=8.1.3.
-   Remove previously deprecated code. :pr:`4995`

 -   The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and
     ``_request_ctx_stack`` objects are removed. ``top`` still exists to give
     extensions more time to update, but it will be removed.
 -   The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env``
     property are removed.
 -   The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``,
     ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app``
     are removed.
 -   The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and
     ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed.
 -   The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators
     are removed.
 -   ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the
     corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed.
 -   The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed.
 -   Calling setup methods on blueprints after registration is an error instead of a
     warning. :pr:`4997`

-   Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them
 directly from ``markupsafe`` instead. :pr:`4996`
-   The ``app.got_first_request`` property is deprecated. :pr:`4997`
-   The ``locked_cached_property`` decorator is deprecated. Use a lock inside the
 decorated function if locking is needed. :issue:`4993`
-   Signals are always available. ``blinker>=1.6.2`` is a required dependency. The
 ``signals_available`` attribute is deprecated. :issue:`5056`
-   Signals support ``async`` subscriber functions. :pr:`5049`
-   Remove uses of locks that could cause requests to block each other very briefly.
 :issue:`4993`
-   Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
 :pr:`4947`
-   Ensure subdomains are applied with nested blueprints. :issue:`4834`
-   ``config.from_file`` can use ``text=False`` to indicate that the parser wants a
 binary file instead. :issue:`4989`
-   If a blueprint is created with an empty name it raises a ``ValueError``.
 :issue:`5010`
-   ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not
 to set the domain, which modern browsers interpret as an exact match rather than
 a subdomain match. Warnings about ``localhost`` and IP addresses are also removed.
 :issue:`5051`
-   The ``routes`` command shows each rule's ``subdomain`` or ``host`` when domain
 matching is in use. :issue:`5004`
-   Use postponed evaluation of annotations. :pr:`5071`

2.2.5

-------------

Released 2023-05-02

-   Update for compatibility with Werkzeug 2.3.3.
-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.

2.2.4

-------------

Released 2023-04-25

-   Update for compatibility with Werkzeug 2.3.

2.2.3

-------------

Released 2023-02-15

-   Autoescape is enabled by default for ``.svg`` template files. :issue:`4831`
-   Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892`
-   Add ``--debug`` option to the ``flask run`` command. :issue:`4777`

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://pyup.io/changelogs/flask/

Update Flask-Admin from 1.5.7 to 1.6.1.

Changelog

1.6.1

-----

* SQLAlchemy 2.x support
* General updates and bug fixes
* Dropped WTForms 1 support

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://pyup.io/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.0.5.

Changelog

3.0.5

-------------

Released 2023-06-21

-   ``Pagination.next()`` enforces ``max_per_page``. :issue:`1201`
-   Improve type hint for ``get_or_404`` return value to be non-optional. :pr:`1226`

3.0.4

-------------

Released 2023-06-19

-   Fix type hint for ``get_or_404`` return value. :pr:`1208`
-   Fix type hints for pyright (used by VS Code Pylance extension). :issue:`1205`

3.0.3

-------------

Released 2023-01-31

-   Show helpful errors when mistakenly using multiple ``SQLAlchemy`` instances for the
 same app, or without calling ``init_app``. :pr:`1151`
-   Fix issue with getting the engine associated with a model that uses polymorphic
 table inheritance. :issue:`1155`

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to
 return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://pyup.io/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/Flask-SQLAlchemy/

Update SQLAlchemy from 1.3.20 to 2.0.20.

Changelog

2.0.20

:released: August 15, 2023

 .. change::
     :tags: bug, orm
     :tickets: 10169

     Fixed issue where the ORM's generation of a SELECT from a joined
     inheritance model with same-named columns in superclass and subclass would
     somehow not send the correct list of column names to the :class:`.CTE`
     construct, when the RECURSIVE column list were generated.


 .. change::
     :tags: bug, typing
     :tickets: 9185

     Typing improvements:

     * :class:`.CursorResult` is returned for some forms of
       :meth:`_orm.Session.execute` where DML without RETURNING is used
     * fixed type for :paramref:`_orm.Query.with_for_update.of` parameter within
       :meth:`_orm.Query.with_for_update`
     * improvements to ``_DMLColumnArgument`` type used by some DML methods to
       pass column expressions
     * Add overload to :func:`_sql.literal` so that it is inferred that the
       return type is ``BindParameter[NullType]`` where
       :paramref:`_sql.literal.type_` param is None
     * Add overloads to :meth:`_sql.ColumnElement.op` so that the inferred
       type when :paramref:`_sql.ColumnElement.op.return_type` is not provided
       is ``Callable[[Any], BinaryExpression[Any]]``
     * Add missing overload to :meth:`_sql.ColumnElement.__add__`

     Pull request courtesy Mehdi Gmira.


 .. change::
     :tags: usecase, orm
     :tickets: 10192

     Implemented the "RETURNING '*'" use case for ORM enabled DML statements.
     This will render in as many cases as possible and return the unfiltered
     result set, however is not supported for multi-parameter "ORM bulk INSERT"
     statements that have specific column rendering requirements.


 .. change::
     :tags: bug, typing
     :tickets: 10182

     Fixed issue in :class:`_orm.Session` and :class:`_asyncio.AsyncSession`
     methods such as :meth:`_orm.Session.connection` where the
     :paramref:`_orm.Session.connection.execution_options` parameter were
     hardcoded to an internal type that is not user-facing.

 .. change::
     :tags: orm, bug
     :tickets: 10231

     Fixed fairly major issue where execution options passed to
     :meth:`_orm.Session.execute`, as well as execution options local to the ORM
     executed statement itself, would not be propagated along to eager loaders
     such as that of :func:`_orm.selectinload`, :func:`_orm.immediateload`, and
     :meth:`_orm.subqueryload`, making it impossible to do things such as
     disabling the cache for a single statement or using
     ``schema_translate_map`` for a single statement, as well as the use of
     user-custom execution options.   A change has been made where **all**
     user-facing execution options present for :meth:`_orm.Session.execute` will
     be propagated along to additional loaders.

     As part of this change, the warning for "excessively deep" eager loaders
     leading to caching being disabled can be silenced on a per-statement
     basis by sending ``execution_options={"compiled_cache": None}`` to
     :meth:`_orm.Session.execute`, which will disable caching for the full
     series of statements within that scope.

 .. change::
     :tags: usecase, asyncio
     :tickets: 9698

     Added new methods :meth:`_asyncio.AsyncConnection.aclose` as a synonym for
     :meth:`_asyncio.AsyncConnection.close` and
     :meth:`_asyncio.AsyncSession.aclose` as a synonym for
     :meth:`_asyncio.AsyncSession.close` to the
     :class:`_asyncio.AsyncConnection` and :class:`_asyncio.AsyncSession`
     objects, to provide compatibility with Python standard library
     ``contextlib.aclosing`` construct. Pull request courtesy Grigoriev Semyon.

 .. change::
     :tags: bug, orm
     :tickets: 10124

     Fixed issue where internal cloning used by the ORM for expressions like
     :meth:`_orm.relationship.Comparator.any` to produce correlated EXISTS
     constructs would interfere with the "cartesian product warning" feature of
     the SQL compiler, leading the SQL compiler to warn when all elements of the
     statement were correctly joined.

 .. change::
     :tags: orm, bug
     :tickets: 10139

     Fixed issue where the ``lazy="immediateload"`` loader strategy would place
     an internal loading token into the ORM mapped attribute under circumstances
     where the load should not occur, such as in a recursive self-referential
     load.   As part of this change, the ``lazy="immediateload"`` strategy now
     honors the :paramref:`_orm.relationship.join_depth` parameter for
     self-referential eager loads in the same way as that of other eager
     loaders, where leaving it unset or set at zero will lead to a
     self-referential immediateload not occurring, setting it to a value of one
     or greater will immediateload up until that given depth.


 .. change::
     :tags: bug, orm
     :tickets: 10175

     Fixed issue where dictionary-based collections such as
     :func:`_orm.attribute_keyed_dict` did not fully pickle/unpickle correctly,
     leading to issues when attempting to mutate such a collection after
     unpickling.


 .. change::
     :tags: bug, orm
     :tickets: 10125

     Fixed issue where chaining :func:`_orm.load_only` or other wildcard use of
     :func:`_orm.defer` from another eager loader using a :func:`_orm.aliased`
     against a joined inheritance subclass would fail to take effect for columns
     local to the superclass.


 .. change::
     :tags: bug, orm
     :tickets: 10167

     Fixed issue where an ORM-enabled :func:`_sql.select` construct would not
     render any CTEs added only via the :meth:`_sql.Select.add_cte` method that
     were not otherwise referenced in the statement.

 .. change::
     :tags: bug, examples

     The dogpile_caching examples have been updated for 2.0 style queries.
     Within the "caching query" logic itself there is one conditional added to
     differentiate between ``Query`` and ``select()`` when performing an
     invalidation operation.

 .. change::
     :tags: typing, usecase
     :tickets: 10173

     Added new typing only utility functions :func:`.Nullable` and
     :func:`.NotNullable` to type a column or ORM class as, respectively,
     nullable or not nullable.
     These function are no-op at runtime, returning the input unchanged.

 .. change::
     :tags: bug, engine
     :tickets: 10147

     Fixed critical issue where setting
     :paramref:`_sa.create_engine.isolation_level` to ``AUTOCOMMIT`` (as opposed
     to using the :meth:`_engine.Engine.execution_options` method) would fail to
     restore "autocommit" to a pooled connection if an alternate isolation level
     were temporarily selected using
     :paramref:`_engine.Connection.execution_options.isolation_level`.

.. changelog::

2.0.19

:released: July 15, 2023

 .. change::
     :tags: bug, orm
     :tickets: 10089

     Fixed issue where setting a relationship collection directly, where an
     object in the new collection were already present, would not trigger a
     cascade event for that object, leading to it not being added to the
     :class:`_orm.Session` if it were not already present.  This is similar in
     nature to :ticket:`6471` and is a more apparent issue due to the removal of
     ``cascade_backrefs`` in the 2.0 series.  The
     :meth:`_orm.AttributeEvents.append_wo_mutation` event added as part of
     :ticket:`6471` is now also emitted for existing members of a collection
     that are present in a bulk set of that same collection.

 .. change::
     :tags: bug, engine
     :tickets: 10093

     Renamed :attr:`_result.Row.t` and :meth:`_result.Row.tuple` to
     :attr:`_result.Row._t` and :meth:`_result.Row._tuple`; this is to suit the
     policy that all methods and pre-defined attributes on :class:`.Row` should
     be in the style of Python standard library ``namedtuple`` where all fixed
     names have a leading underscore, to avoid name conflicts with existing
     column names.   The previous method/attribute is now deprecated and will
     emit a deprecation warning.

 .. change::
     :tags: bug, postgresql
     :tickets: 10069

     Fixed regression caused by improvements to PostgreSQL URL parsing in
     :ticket:`10004` where "host" query string arguments that had colons in
     them, to support various third party proxy servers and/or dialects, would
     not parse correctly as these were evaluted as ``host:port`` combinations.
     Parsing has been updated to consider a colon as indicating a ``host:port``
     value only if the hostname contains only alphanumeric characters with dots
     or dashes only (e.g. no slashes), followed by exactly one colon followed by
     an all-integer token of zero or more integers.  In all other cases, the
     full string is taken as a host.

 .. change::
     :tags: bug, engine
     :tickets: 10079

     Added detection for non-string, non-:class:`_engine.URL` objects to the
     :func:`_engine.make_url` function, allowing ``ArgumentError`` to be thrown
     immediately, rather than causing failures later on.  Special logic ensures
     that mock forms of :class:`_engine.URL` are allowed through.  Pull request
     courtesy Grigoriev Semyon.

 .. change::
     :tags: bug, orm
     :tickets: 10090

     Fixed issue where objects that were associated with an unloaded collection
     via backref, but were not merged into the :class:`_orm.Session` due to the
     removal of ``cascade_backrefs`` in the 2.0 series, would not emit a warning
     that these objects were not being included in a flush, even though they
     were pending members of the collection; in other such cases, a warning is
     emitted when a collection being flushed contains non-attached objects which
     will be essentially discarded.  The addition of the warning for
     backref-pending collection members establishes greater consistency with
     collections that may be present or non-present and possibly flushed or not
     flushed at different times based on different relationship loading
     strategies.

 .. change::
     :tags: bug, postgresql
     :tickets: 10096

     Fixed issue where comparisons to the :class:`_postgresql.CITEXT` datatype
     would cast the right side to ``VARCHAR``, leading to the right side not
     being interpreted as a ``CITEXT`` datatype, for the asyncpg, psycopg3 and
     pg80000 dialects.   This led to the :class:`_postgresql.CITEXT` type being
     essentially unusable for practical use; this is now fixed and the test
     suite has been corrected to properly assert that expressions are rendered
     correctly.

 .. change::
     :tags: bug, orm, regression
     :tickets: 10098

     Fixed additional regression caused by :ticket:`9805` where more aggressive
     propagation of the "ORM" flag on statements could lead to an internal
     attribute error when embedding an ORM :class:`.Query` construct that
     nonetheless contained no ORM entities within a Core SQL statement, in this
     case ORM-enabled UPDATE and DELETE statements.


.. changelog::

2.0.18

:released: July 5, 2023

 .. change::
     :tags: usecase, typing
     :tickets: 10054

     Improved typing when using standalone operator functions from
     ``sqlalchemy.sql.operators`` such as ``sqlalchemy.sql.operators.eq``.

 .. change::
     :tags: usecase, mariadb, reflection
     :tickets: 10028

     Allowed reflecting :class:`_types.UUID` columns from MariaDB. This allows
     Alembic to properly detect the type of such columns in existing MariaDB
     databases.

 .. change::
     :tags: bug, postgresql
     :tickets: 9945

     Added new parameter ``native_inet_types=False`` to all PostgreSQL
     dialects, which indicates converters used by the DBAPI to
     convert rows from PostgreSQL :class:`.INET` and :class:`.CIDR` columns
     into Python ``ipaddress`` datatypes should be disabled, returning strings
     instead.  This allows code written to work with strings for these datatypes
     to be migrated to asyncpg, psycopg, or pg8000 without code changes
     other than adding this parameter to the :func:`_sa.create_engine`
     or :func:`_asyncio.create_async_engine` function call.

     .. seealso::

         :ref:`postgresql_network_datatypes`

 .. change::
     :tags: usecase, extensions
     :tickets: 10013

     Added new option to :func:`.association_proxy`
     :paramref:`.association_proxy.create_on_none_assignment`; when an
     association proxy which refers to a scalar relationship is assigned the
     value ``None``, and the referenced object is not present, a new object is
     created via the creator.  This was apparently an undefined behavior in the
     1.2 series that was silently removed.

 .. change::
     :tags: bug, typing
     :tickets: 10061

     Fixed some of the typing within the :func:`_orm.aliased` construct to
     correctly accept a :class:`.Table` object that's been aliased with
     :meth:`.Table.alias`, as well as general support for :class:`.FromClause`
     objects to be passed as the "selectable" argument, since this is all
     supported.

 .. change::
     :tags: bug, engine
     :tickets: 10025

     Adjusted the :paramref:`_sa.create_engine.schema_translate_map` feature
     such that **all** schema names in the statement are now tokenized,
     regardless of whether or not a specific name is in the immediate schema
     translate map given, and to fallback to substituting the original name when
     the key is not in the actual schema translate map at execution time.  These
     two changes allow for repeated use of a compiled object with schema
     schema_translate_maps that include or dont include various keys on each
     run, allowing cached SQL constructs to continue to function at runtime when
     schema translate maps with different sets of keys are used each time. In
     addition, added detection of schema_translate_map dictionaries which gain
     or lose a ``None`` key across calls for the same statement, which affects
     compilation of the statement and is not compatible with caching; an
     exception is raised for these scenarios.

 .. change::
     :tags: bug, mssql, sql
     :tickets: 9932

     Fixed issue where performing :class:`.Cast` to a string type with an
     explicit collation would render the COLLATE clause inside the CAST
     function, which resulted in a syntax error.

 .. change::
     :tags: usecase, mssql
     :tickets: 7340

     Added support for creation and reflection of COLUMNSTORE
     indexes in MSSQL dialect. Can be specified on indexes
     specifying ``mssql_columnstore=True``.

 .. change::
     :tags: usecase, postgresql
     :tickets: 10004

     Added multi-host support for the asyncpg dialect.  General improvements and
     error checking added to the PostgreSQL URL routines for the "multihost" use
     case added as well.  Pull request courtesy Ilia Dmitriev.

     .. seealso::

         :ref:`asyncpg_multihost`

.. changelog::

2.0.17

:released: June 23, 2023

 .. change::
     :tags: usecase, postgresql
     :tickets: 9965

     The pg8000 dialect now supports RANGE and MULTIRANGE datatypes, using the
     existing RANGE API described at :ref:`postgresql_ranges`.  Range and
     multirange types are supported in the pg8000 driver from version 1.29.8.
     Pull request courtesy Tony Locke.

 .. change::
     :tags: bug, orm, regression
     :tickets: 9870

     Fixed regression in the 2.0 series where a query that used
     :func:`.undefer_group` with :func:`_orm.selectinload` or
     :func:`_orm.subqueryload` would raise an ``AttributeError``. Pull request
     courtesy of Matthew Martin.

 .. change::
     :tags: bug, orm
     :tickets: 9957

     Fixed issue in ORM Annotated Declarative which prevented a
     :class:`_orm.declared_attr` from being used on a mixin which did not return
     a :class:`.Mapped` datatype, and instead returned a supplemental ORM
     datatype such as :class:`.AssociationProxy`.  The Declarative runtime would
     erroneously try to interpret this annotation as needing to be
     :class:`.Mapped` and raise an error.


 .. change::
     :tags: bug, orm, typing
     :tickets: 9957

     Fixed typing issue where using the :class:`.AssociationProxy` return type
     from a :class:`_orm.declared_attr` function was disallowed.

 .. change::
     :tags: bug, orm, regression
     :tickets: 9936

     Fixed regression introduced in 2.0.16 by :ticket:`9879` where passing a
     callable to the :paramref:`_orm.mapped_column.default` parameter of
     :class:`_orm.mapped_column` while also setting ``init=False`` would
     interpret this value as a Dataclass default value which would be assigned
     directly to new instances of the object directly, bypassing the default
     generator taking place as the :paramref:`_schema.Column.default`
     value generator on the underlying :class:`_schema.Column`.  This condition
     is now detected so that the previous behavior is maintained, however a
     deprecation warning for this ambiguous use is emitted; to populate the
     default generator for a :class:`_schema.Column`, the
     :paramref:`_orm.mapped_column.insert_default` parameter should be used,
     which disambiguates from the :paramref:`_orm.mapped_column.default`
     parameter whose name is fixed as per pep-681.


 .. change::
     :tags: bug, orm
     :tickets: 9973

     Additional hardening and documentation for the ORM :class:`_orm.Session`
     "state change" system, which detects concurrent use of
     :class:`_orm.Session` and :class:`_asyncio.AsyncSession` objects; an
     additional check is added within the process to acquire connections from
     the underlying engine, which is a critical section with regards to internal
     connection management.

 .. change::
     :tags: bug, orm
     :tickets: 10006

     Fixed issue in ORM loader strategy logic which further allows for long
     chains of :func:`_orm.contains_eager` loader options across complex
     inheriting polymorphic / aliased / of_type() relationship chains to take
     proper effect in queries.

 .. change::
     :tags: bug, orm, declarative
     :tickets: 3532

     A warning is emitted when an ORM :func:`_orm.relationship` and other
     :class:`.MapperProperty` objects are assigned to two different class
     attributes at once; only one of the attributes will be mapped.  A warning
     for this condition was already in place for :class:`_schema.Column` and
     :class:`_orm.mapped_column` objects.


 .. change::
     :tags: bug, orm
     :tickets: 9963

     Fixed issue in support for the :class:`.Enum` datatype in the
     :paramref:`_orm.registry.type_annotation_map` first added as part of
     :ticket:`8859` where using a custom :class:`.Enum` with fixed configuration
     in the map would fail to transfer the :paramref:`.Enum.name` parameter,
     which among other issues would prevent PostgreSQL enums from working if the
     enum values were passed as individual values.  Logic has been updated so
     that "name" is transferred over, but also that the default :class:`.Enum`
     which is against the plain Python `enum.Enum` class or other "empty" enum
     won't set a hardcoded name of ``"enum"`` either.

 .. change::
     :tags: bug, typing
     :tickets: 9985

     Fixed typing issue which prevented :class:`_orm.WriteOnlyMapped` and
     :class:`_orm.DynamicMapped` attributes from being used fully within ORM
     queries.

.. changelog::

2.0.16

:released: June 10, 2023

 .. change::
     :tags: usecase, postgresql, reflection
     :tickets: 9838

     Cast ``NAME`` columns to ``TEXT`` when using ``ARRAY_AGG`` in PostgreSQL
     reflection. This seems to improve compatibility with some PostgreSQL
     derivatives that may not support aggregations on the ``NAME`` type.

 .. change::
     :tags: bug, orm
     :tickets: 9862

     Fixed issue where :class:`.DeclarativeBaseNoMeta` declarative base class
     would not function with non-mapped mixins or abstract classes, raising an
     ``AttributeError`` instead.

 .. change::
     :tags: usecase, orm
     :tickets: 9828

     Improved :meth:`.DeferredReflection.prepare` to accept arbitrary ``**kw``
     arguments that are passed to :meth:`_schema.MetaData.reflect`, allowing use
     cases such as reflection of views as well as dialect-specific arguments to
     be passed. Additionally, modernized the
     :paramref:`.DeferredReflection.prepare.bind` argument so that either an
     :class:`.Engine` or :class:`.Connection` are accepted as the "bind"
     argument.

 .. change::
     :tags: usecase, asyncio
     :tickets: 8215

     Added new :paramref:`_asyncio.create_async_engine.async_creator` parameter
     to :func:`.create_async_engine`, which accomplishes the same purpose as the
     :paramref:`.create_engine.creator` parameter of :func:`.create_engine`.
     This is a no-argument callable that provides a new asyncio connection,
     using the asyncio database driver directly. The
     :func:`.create_async_engine` function will wrap the driver-level connection
     in the appropriate structures. Pull request curtesy of Jack Wotherspoon.

 .. change::
     :tags: bug, orm, regression
     :tickets: 9820

     Fixed regression in the 2.0 series where the default value of
     :paramref:`_orm.validates.include_backrefs` got changed to ``False`` for
     the :func:`_orm.validates` function. This default is now restored to
     ``True``.

 .. change::
     :tags: bug, orm
     :tickets: 9917

     Fixed bug in new feature which allows a WHERE clause to be used in
     conjunction with :ref:`orm_queryguide_bulk_update`, added in version 2.0.11
     as part of :ticket:`9583`, where sending dictionaries that did not include
     the primary key values for each row would run through the bulk process and
     include "pk=NULL" for the rows, silently failing.   An exception is now
     raised if primary key values for bulk UPDATE are not supplied.

 .. change::
     :tags: bug, postgresql
     :tickets: 9836

     Use proper precedence on PostgreSQL specific operators, such as ``>``.
     Previously the precedence was wrong, leading to wrong parenthesis when
     rendering against and ``ANY`` or ``ALL`` construct.

 .. change::
     :tags: bug, orm, dataclasses
     :tickets: 9879

     Fixed an issue where generating dataclasses fields that specified a
     ``default`` value and set ``init=False`` would not work.
     The dataclasses behavior in this case is to set the default
     value on the class, that's not compatible with the descriptors used
     by SQLAlchemy. To support this case the default is transformed to
     a ``default_factory`` when generating the dataclass.

 .. change::
     :tags: bug, orm
     :tickets: 9841

     A deprecation warning is emitted whenever a property is added to a
     :class:`_orm.Mapper` where an ORM mapped property were already configured,
     or an attribute is already present on the class. Previously, there was a
     non-deprecation warning for this case that did not emit consistently. The
     logic for this warning has been improved so that it detects end-user
     replacement of attribute while not having false positives for internal
     Declarative and other cases where replacement of descriptors with new ones
     is expected.

 .. change::
     :tags: bug, postgresql
     :tickets: 9907

     Fixed issue where the :paramref:`.ColumnOperators.like.escape` and similar
     parameters did not allow an empty string as an argument that would be
     passed through as the "escape" character; this is a supported syntax by
     PostgreSQL.  Pull requset courtesy Martin Caslavsky.

 .. change::
     :tags: bug, orm
     :tickets: 9869

     Improved the argument chacking on the
     :paramref:`_orm.registry.map_imperatively.local_table` parameter of the
     :meth:`_orm.registry.map_imperatively` method, ensuring only a
     :class:`.Table` or other :class:`.FromClause` is passed, and not an
     existing mapped class, which would lead to undefined behavior as the object
     were further interpreted for a new mapping.

 .. change::
     :tags: usecase, postgresql
     :tickets: 9041

     Unified the custom PostgreSQL operator definitions, since they are
     shared among multiple different data types.

 .. change::
     :tags: platform, usecase

     Compatibility improvements allowing the complete test suite to pass
     on Python 3.12.0b1.

 .. change::
     :tags: bug, orm
     :tickets: 9913

     The :attr:`_orm.InstanceState.unloaded_expirable` attribute is a synonym
     for :attr:`_orm.InstanceState.unloaded`, and is now deprecated; this
     attribute was always implementation-specific and should not have been
     public.

 .. change::
     :tags: usecase, postgresql
     :tickets: 8240

     Added support for PostgreSQL 10 ``NULLS NOT DISTINCT`` feature of
     unique indexes and unique constraint using the dialect option
     ``postgresql_nulls_not_distinct``.
     Updated the reflection logic to also correctly take this option
     into account.
     Pull request courtesy of Pavel Siarchenia.

.. changelog::

2.0.15

:released: May 19, 2023

 .. change::
     :tags: bug, orm
     :tickets: 9805

     As more projects are using new-style "2.0" ORM querying, it's becoming
     apparent that the conditional nature of "autoflush", being based on whether
     or not the given statement refers to ORM entities, is becoming more of a
     key behavior. Up until now, the "ORM" flag for a statement has been loosely
     based around whether or not the statement returns rows that correspond to
     ORM entities or columns; the original purpose of the "ORM" flag was to
     enable ORM-entity fetching rules which apply post-processing to Core result
     sets as well as ORM loader strategies to the statement.  For statements
     that don't build on rows that contain ORM entities, the "ORM" flag was
     considered to be mostly unnecessary.

     It still may be the case that "autoflush" would be better taking effect for
     *all* usage of :meth:`_orm.Session.execute` and related methods, even for
     purely Core SQL constructs. However, this still could impact legacy cases
     where this is not expected and may be more of a 2.1 thing. For now however,
     the rules for the "ORM-flag" have been opened up so that a statement that
     includes ORM entities or attributes anywhere within, including in the WHERE
     / ORDER BY / GROUP BY clause alone, within scalar subqueries, etc. will
     enable this flag.  This will cause "autoflush" to occur for such statements
     and also be visible via the :attr:`_orm.ORMExecuteState.is_orm_statement`
     event-level attribute.



 .. change::
     :tags: bug, postgresql, regression
     :tickets: 9808

     Repaired the base :class:`.Uuid` datatype for the PostgreSQL dialect to
     make full use of the PG-specific ``UUID`` dialect-specific datatype when
     "native_uuid" is selected, so that PG driver behaviors are included. This
     issue became apparent due to the insertmanyvalues improvement made as part
     of :ticket:`9618`, where in a similar manner as that of :ticket:`9739`, the
     asyncpg driver is very sensitive to datatype casts being present or not,
     and the PostgreSQL driver-specific native ``UUID`` datatype must be invoked
     when this generic type is used so that these casts take place.


.. changelog::

2.0.14

:released: May 18, 2023

 .. change::
     :tags: bug, sql
     :tickets: 9772

     Fixed issue in :func:`_sql.values` construct where an internal compilation
     error would occur if the construct were used inside of a scalar subquery.

 .. change::
     :tags: usecase, sql
     :tickets: 9752


     Generalized the MSSQL :func:`_sql.try_cast` function into the
     ``sqlalchemy.`` import namespace so that it may be implemented by third
     party dialects as well. Within SQLAlchemy, the :func:`_sql.try_cast`
     function remains a SQL Server-only construct that will raise
     :class:`.CompileError` if used with backends that don't support it.

     :func:`_sql.try_cast` implements a CAST where un-castable conversions are
     returned as NULL, instead of raising an error. Theoretically, the construct
     could be implemented by third party dialects for Google BigQuery, DuckDB,
     and Snowflake, and possibly others.

     Pull request courtesy Nick Crews.

 .. change::
     :tags: bug, tests, pypy
     :tickets: 9789

     Fixed test that relied on the ``sys.getsizeof()`` function to not run on
     pypy, where this function appears to have different behavior than it does
     on cpython.

 .. change::
     :tags: bug, orm
     :tickets: 9777

     Modified the ``JoinedLoader`` implementation to use a simpler approach in
     one particular area where it previously used a cached structure that would
     be shared among threads. The rationale is to avoid a potential race
     condition which is suspected of being the cause of a particular crash
     that's been reported multiple times. The cached structure in question is
     still ultimately "cached" via the compiled SQL cache, so a performance
     degradation is not anticipated.

 .. change::
     :tags: bug, orm, regression
     :tickets: 9767

     Fixed regression where use of :func:`_dml.update` or :func:`_dml.delete`
     within a :class:`_sql.CTE` construct, then used in a :func:`_sql.select`,
     would raise a :class:`.CompileError` as a result of ORM related rules for
     performing ORM-level update/delete statements.

 .. change::
     :tags: bug, orm
     :tickets: 9766

     Fixed issue in new ORM Annotated Declarative where using a
     :class:`_schema.ForeignKey` (or other column-level constraint) inside of
     :func:`_orm.mapped_column` which is then copied out to models via pep-593
     ``Annotated`` would apply duplicates of each constraint to the
     :class:`_schema.Column` as produced in the target :class:`_schema.Table`,
     leading to incorrect CREATE TABLE DDL as well as migration directives under
     Alembic.

 .. change::
     :tags: bug, orm
     :tickets: 9779

     Fixed issue where using additional relationship criteria with the
     :func:`_orm.joinedload` loader option, where the additional criteria itself
     contained correlated subqueries that referred to the joined entities and
     therefore also required "adaption" to aliased entities, would be excluded
     from this adaption, producing the wrong ON clause for the joinedload.

 .. change::
     :tags: bug, postgresql
     :tickets: 9773

     Fixed apparently very old issue where the
     :paramref:`_postgresql.ENUM.create_type` parameter, when set to its
     non-default of ``False``, would not be propagated when the
     :class:`_schema.Column` which it's a part of were copied, as is common when
     using ORM Declarative mixins.

.. changelog::

2.0.13

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/jeffknupp/sandman2/pull/335 **Author:** [@pyup-bot](https://github.com/pyup-bot) **Created:** 8/28/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `pyup-scheduled-update-2023-08-28` --- ### 📝 Commits (10+) - [`812b502`](https://github.com/jeffknupp/sandman2/commit/812b502143229f851091c3de4d12a8010ff46224) Update flask from 1.1.2 to 2.3.3 - [`0a64839`](https://github.com/jeffknupp/sandman2/commit/0a648398871388a719bee59259bb0c73d982bdc2) Update flask-admin from 1.5.7 to 1.6.1 - [`d25d3cf`](https://github.com/jeffknupp/sandman2/commit/d25d3cf41024f522b637cc6228cb5c21bbe7a6b9) Update flask-sqlalchemy from 2.4.4 to 3.0.5 - [`9756b0a`](https://github.com/jeffknupp/sandman2/commit/9756b0a01ba9a866e1c5b609645a273a21e844bc) Update sqlalchemy from 1.3.20 to 2.0.20 - [`cc8dd8f`](https://github.com/jeffknupp/sandman2/commit/cc8dd8f32e4d6bd910ebbafb617637d7a9e51928) Update wtforms from 2.3.3 to 3.0.1 - [`eda55e5`](https://github.com/jeffknupp/sandman2/commit/eda55e5c901976a35a4c7670d142dc197a5aad0e) Update coverage from 5.3 to 7.3.0 - [`265ee99`](https://github.com/jeffknupp/sandman2/commit/265ee990f447be58450ec2c7e786532aa0d5a42b) Update pytest from 6.2.0 to 7.4.0 - [`e5c41ec`](https://github.com/jeffknupp/sandman2/commit/e5c41ec48bdb84ed418a3999b011593834fa4e99) Update flask-cors from 3.0.9 to 4.0.0 - [`da08ea9`](https://github.com/jeffknupp/sandman2/commit/da08ea9b277b390868cd6c1628021ba0a20ffc9f) Update pytest-cov from 2.10.1 to 4.1.0 - [`08e612c`](https://github.com/jeffknupp/sandman2/commit/08e612c9ae0426934a92ef7237855e6e7e860420) Update pytest-flask from 1.1.0 to 1.2.0 ### 📊 Changes **1 file changed** (+15 additions, -15 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+15 -15) </details> ### 📄 Description ### Update [Flask](https://pypi.org/project/Flask) from **1.1.2** to **2.3.3**. <details> <summary>Changelog</summary> ### 2.3.3 ``` ------------- Unreleased - Python 3.12 compatibility. - Require Werkzeug &gt;= 2.3.7. - Use ``flit_core`` instead of ``setuptools`` as build backend. - Refactor how an app&#x27;s root and instance paths are determined. :issue:`5160` ``` ### 2.3.2 ``` ------------- Released 2023-05-01 - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. - Update Werkzeug requirement to &gt;=2.3.3 to apply recent bug fixes. ``` ### 2.3.1 ``` ------------- Released 2023-04-25 - Restore deprecated ``from flask import Markup``. :issue:`5084` ``` ### 2.3.0 ``` ------------- Released 2023-04-25 - Drop support for Python 3.7. :pr:`5072` - Update minimum requirements to the latest versions: Werkzeug&gt;=2.3.0, Jinja2&gt;3.1.2, itsdangerous&gt;=2.1.2, click&gt;=8.1.3. - Remove previously deprecated code. :pr:`4995` - The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and ``_request_ctx_stack`` objects are removed. ``top`` still exists to give extensions more time to update, but it will be removed. - The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env`` property are removed. - The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app`` are removed. - The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed. - The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators are removed. - ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed. - The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed. - Calling setup methods on blueprints after registration is an error instead of a warning. :pr:`4997` - Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them directly from ``markupsafe`` instead. :pr:`4996` - The ``app.got_first_request`` property is deprecated. :pr:`4997` - The ``locked_cached_property`` decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:`4993` - Signals are always available. ``blinker&gt;=1.6.2`` is a required dependency. The ``signals_available`` attribute is deprecated. :issue:`5056` - Signals support ``async`` subscriber functions. :pr:`5049` - Remove uses of locks that could cause requests to block each other very briefly. :issue:`4993` - Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``. :pr:`4947` - Ensure subdomains are applied with nested blueprints. :issue:`4834` - ``config.from_file`` can use ``text=False`` to indicate that the parser wants a binary file instead. :issue:`4989` - If a blueprint is created with an empty name it raises a ``ValueError``. :issue:`5010` - ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about ``localhost`` and IP addresses are also removed. :issue:`5051` - The ``routes`` command shows each rule&#x27;s ``subdomain`` or ``host`` when domain matching is in use. :issue:`5004` - Use postponed evaluation of annotations. :pr:`5071` ``` ### 2.2.5 ``` ------------- Released 2023-05-02 - Update for compatibility with Werkzeug 2.3.3. - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. ``` ### 2.2.4 ``` ------------- Released 2023-04-25 - Update for compatibility with Werkzeug 2.3. ``` ### 2.2.3 ``` ------------- Released 2023-02-15 - Autoescape is enabled by default for ``.svg`` template files. :issue:`4831` - Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892` - Add ``--debug`` option to the ``flask run`` command. :issue:`4777` ``` ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to &gt;= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``&quot;production&quot;``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to &gt;= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug&#x27;s ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python &lt; 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to &gt;= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client&#x27;s ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client&#x27;s ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.request.environ`` instead. :pr:`4341` - Fix type annotation for ``errorhandler`` decorator. :issue:`4295` - Revert a change to the CLI that caused it to hide ``ImportError`` tracebacks when importing the application. :issue:`4307` - ``app.json_encoder`` and ``json_decoder`` are only passed to ``dumps`` and ``loads`` if they have custom behavior. This improves performance, mainly on PyPy. :issue:`4349` - Clearer error message when ``after_this_request`` is used outside a request context. :issue:`4333` ``` ### 2.0.2 ``` ------------- Released 2021-10-04 - Fix type annotation for ``teardown_*`` methods. :issue:`4093` - Fix type annotation for ``before_request`` and ``before_app_request`` decorators. :issue:`4104` - Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:`4098` - Support View and MethodView instances with async handlers. :issue:`4112` - Enhance typing of ``app.errorhandler`` decorator. :issue:`4095` - Fix registering a blueprint twice with differing names. :issue:`4124` - Fix the type of ``static_folder`` to accept ``pathlib.Path``. :issue:`4150` - ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``. :issue:`4157` - Correctly handle raising deferred errors in CLI lazy loading. :issue:`4096` - The CLI loader handles ``**kwargs`` in a ``create_app`` function. :issue:`4170` - Fix the order of ``before_request`` and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:`4229` ``` ### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren&#x27;t available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Revert a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug &gt;= 2, Jinja2 &gt;= 3, MarkupSafe &gt;= 2, ItsDangerous &gt;= 2, Click &gt;= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it&#x27;s needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add ``SessionInterface.get_cookie_name`` to allow setting the session cookie name dynamically. :pr:`3369` - Add ``Config.from_file`` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. ``Config.from_json`` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - ``send_file`` raises a ``ValueError`` when passed an ``io`` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja&#x27;s implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post(&quot;/login&quot;)`` is a shortcut for ``app.route(&quot;/login&quot;, methods=[&quot;POST&quot;])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to &quot;UTF-8&quot; when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python &lt; 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask - Changelog: https://pyup.io/changelogs/flask/ </details> ### Update [Flask-Admin](https://pypi.org/project/Flask-Admin) from **1.5.7** to **1.6.1**. <details> <summary>Changelog</summary> ### 1.6.1 ``` ----- * SQLAlchemy 2.x support * General updates and bug fixes * Dropped WTForms 1 support ``` ### 1.6.0 ``` ----- * Dropped Python 2 support * WTForms 3.0 support * Various fixes ``` ### 1.5.8 ``` ----- * SQLAlchemy 1.4.5+ compatibility fixes * Redis CLI fixes ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-admin - Changelog: https://pyup.io/changelogs/flask-admin/ - Repo: https://github.com/flask-admin/flask-admin/ - Docs: https://pythonhosted.org/Flask-Admin/ </details> ### Update [Flask-SQLAlchemy](https://pypi.org/project/Flask-SQLAlchemy) from **2.4.4** to **3.0.5**. <details> <summary>Changelog</summary> ### 3.0.5 ``` ------------- Released 2023-06-21 - ``Pagination.next()`` enforces ``max_per_page``. :issue:`1201` - Improve type hint for ``get_or_404`` return value to be non-optional. :pr:`1226` ``` ### 3.0.4 ``` ------------- Released 2023-06-19 - Fix type hint for ``get_or_404`` return value. :pr:`1208` - Fix type hints for pyright (used by VS Code Pylance extension). :issue:`1205` ``` ### 3.0.3 ``` ------------- Released 2023-01-31 - Show helpful errors when mistakenly using multiple ``SQLAlchemy`` instances for the same app, or without calling ``init_app``. :pr:`1151` - Fix issue with getting the engine associated with a model that uses polymorphic table inheritance. :issue:`1155` ``` ### 3.0.2 ``` ------------- Released 2022-10-14 - Update compatibility with SQLAlchemy 2. :issue:`1122` ``` ### 3.0.1 ``` ------------- Released 2022-10-11 - Export typing information instead of using external typeshed definitions. :issue:`1112` - If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an invalid default bind will not be configured. :issue:`1117` ``` ### 3.0.0 ``` ------------- Released 2022-10-04 - Drop support for Python 2, 3.4, 3.5, and 3.6. - Bump minimum version of Flask to 2.2. - Bump minimum version of SQLAlchemy to 1.4.18. - Remove previously deprecated code. - The session is scoped to the current app context instead of the thread. This requires that an app context is active. This ensures that the session is cleaned up after every request. - An active Flask application context is always required to access ``session`` and ``engine``, regardless of if an application was passed to the constructor. :issue:`508, 944` - Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing tables in different databases to have the same name. Bind keys are stored and looked up on the resulting metadata rather than the model or table. - ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731` - Configuring SQLite with a relative path is relative to ``app.instance_path`` instead of ``app.root_path``. The instance folder is created if necessary. :issue:`462` - Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to the extension object. These use SQLAlchemy&#x27;s preferred ``session.execute(select())`` pattern instead of the legacy query interface. :issue:`1088` - Setup methods that create the engines and session are renamed with a leading underscore. They are considered internal interfaces which may change at any time. - All parameters to ``SQLAlchemy`` except ``app`` are keyword-only. - Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter from various ``SQLAlchemy`` methods. - The extension object uses ``__getattr__`` to alias names from the SQLAlchemy package, rather than copying them as attributes. - The extension object is stored directly as ``app.extensions[&quot;sqlalchemy&quot;]``. :issue:`698` - The session class can be customized by passing the ``class_`` key in the ``session_options`` parameter. :issue:`327` - ``SignallingSession`` is renamed to ``Session``. - ``Session.get_bind`` more closely matches the base implementation. - Model classes and the ``db`` instance are available without imports in ``flask shell``. :issue:`1089` - The ``CamelCase`` to ``snake_case`` table name converter handles more patterns correctly. If model that was already created in the database changed, either use Alembic to rename the table, or set ``__tablename__`` to keep the old name. :issue:`406` - ``Model`` ``repr`` distinguishes between transient and pending instances. :issue:`967` - A custom model class can implement ``__init_subclass__`` with class parameters. :issue:`1002` - ``db.Table`` is a subclass instead of a function. - The ``engine_options`` parameter is applied as defaults before per-engine configuration. - ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence. :issue:`783` - Engines are created when calling ``init_app`` rather than the first time they are accessed. :issue:`698` - ``db.engines`` exposes the map of bind keys to engines for the current app. - ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated. - SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are supported. :issue:`998, 1045` - SQLite engines do not use ``NullPool`` if ``pool_size`` is 0. - MySQL engines use the &quot;utf8mb4&quot; charset by default. :issue:`875` - MySQL engines do not set ``pool_size`` to 10. - MySQL engines don&#x27;t set a default for ``pool_recycle`` if not using a queue pool. :issue:`803` - ``Query`` is renamed from ``BaseQuery``. - Added ``Query.one_or_404``. - The query class is applied to ``backref`` in ``relationship``. :issue:`417` - Creating ``Pagination`` objects manually is no longer a public API. They should be created with ``db.paginate`` or ``query.paginate``. :issue:`1088` - ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only. - ``Pagination`` is iterable, iterating over its items. :issue:`70` - Pagination count query is more efficient. - ``Pagination.iter_pages`` is more efficient. :issue:`622` - ``Pagination.iter_pages`` ``right_current`` parameter is inclusive. - Pagination ``per_page`` cannot be 0. :issue:`1091` - Pagination ``max_per_page`` defaults to 100. :issue:`1091` - Added ``Pagination.first`` and ``last`` properties, which give the number of the first and last item on the page. :issue:`567` - ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled automatically with ``app.debug`` or ``app.testing``. :issue:`1092` - ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the config and functionality. - Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is renamed to ``location``. Finding the location uses a more inclusive check. - ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727` - ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues that are difficult to debug. Call ``db.session.commit()`` directly instead. :issue:`216` ``` ### 2.5.1 ``` ------------- Released 2021-03-18 - Fix compatibility with Python 2.7. ``` ### 2.5.0 ``` ------------- Released 2021-03-18 - Update to support SQLAlchemy 1.4. - SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to return a new URL instead of ``None``. :issue:`885` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-sqlalchemy - Changelog: https://pyup.io/changelogs/flask-sqlalchemy/ - Docs: https://pythonhosted.org/Flask-SQLAlchemy/ </details> ### Update [SQLAlchemy](https://pypi.org/project/SQLAlchemy) from **1.3.20** to **2.0.20**. <details> <summary>Changelog</summary> ### 2.0.20 ``` :released: August 15, 2023 .. change:: :tags: bug, orm :tickets: 10169 Fixed issue where the ORM&#x27;s generation of a SELECT from a joined inheritance model with same-named columns in superclass and subclass would somehow not send the correct list of column names to the :class:`.CTE` construct, when the RECURSIVE column list were generated. .. change:: :tags: bug, typing :tickets: 9185 Typing improvements: * :class:`.CursorResult` is returned for some forms of :meth:`_orm.Session.execute` where DML without RETURNING is used * fixed type for :paramref:`_orm.Query.with_for_update.of` parameter within :meth:`_orm.Query.with_for_update` * improvements to ``_DMLColumnArgument`` type used by some DML methods to pass column expressions * Add overload to :func:`_sql.literal` so that it is inferred that the return type is ``BindParameter[NullType]`` where :paramref:`_sql.literal.type_` param is None * Add overloads to :meth:`_sql.ColumnElement.op` so that the inferred type when :paramref:`_sql.ColumnElement.op.return_type` is not provided is ``Callable[[Any], BinaryExpression[Any]]`` * Add missing overload to :meth:`_sql.ColumnElement.__add__` Pull request courtesy Mehdi Gmira. .. change:: :tags: usecase, orm :tickets: 10192 Implemented the &quot;RETURNING &#x27;*&#x27;&quot; use case for ORM enabled DML statements. This will render in as many cases as possible and return the unfiltered result set, however is not supported for multi-parameter &quot;ORM bulk INSERT&quot; statements that have specific column rendering requirements. .. change:: :tags: bug, typing :tickets: 10182 Fixed issue in :class:`_orm.Session` and :class:`_asyncio.AsyncSession` methods such as :meth:`_orm.Session.connection` where the :paramref:`_orm.Session.connection.execution_options` parameter were hardcoded to an internal type that is not user-facing. .. change:: :tags: orm, bug :tickets: 10231 Fixed fairly major issue where execution options passed to :meth:`_orm.Session.execute`, as well as execution options local to the ORM executed statement itself, would not be propagated along to eager loaders such as that of :func:`_orm.selectinload`, :func:`_orm.immediateload`, and :meth:`_orm.subqueryload`, making it impossible to do things such as disabling the cache for a single statement or using ``schema_translate_map`` for a single statement, as well as the use of user-custom execution options. A change has been made where **all** user-facing execution options present for :meth:`_orm.Session.execute` will be propagated along to additional loaders. As part of this change, the warning for &quot;excessively deep&quot; eager loaders leading to caching being disabled can be silenced on a per-statement basis by sending ``execution_options={&quot;compiled_cache&quot;: None}`` to :meth:`_orm.Session.execute`, which will disable caching for the full series of statements within that scope. .. change:: :tags: usecase, asyncio :tickets: 9698 Added new methods :meth:`_asyncio.AsyncConnection.aclose` as a synonym for :meth:`_asyncio.AsyncConnection.close` and :meth:`_asyncio.AsyncSession.aclose` as a synonym for :meth:`_asyncio.AsyncSession.close` to the :class:`_asyncio.AsyncConnection` and :class:`_asyncio.AsyncSession` objects, to provide compatibility with Python standard library ``contextlib.aclosing`` construct. Pull request courtesy Grigoriev Semyon. .. change:: :tags: bug, orm :tickets: 10124 Fixed issue where internal cloning used by the ORM for expressions like :meth:`_orm.relationship.Comparator.any` to produce correlated EXISTS constructs would interfere with the &quot;cartesian product warning&quot; feature of the SQL compiler, leading the SQL compiler to warn when all elements of the statement were correctly joined. .. change:: :tags: orm, bug :tickets: 10139 Fixed issue where the ``lazy=&quot;immediateload&quot;`` loader strategy would place an internal loading token into the ORM mapped attribute under circumstances where the load should not occur, such as in a recursive self-referential load. As part of this change, the ``lazy=&quot;immediateload&quot;`` strategy now honors the :paramref:`_orm.relationship.join_depth` parameter for self-referential eager loads in the same way as that of other eager loaders, where leaving it unset or set at zero will lead to a self-referential immediateload not occurring, setting it to a value of one or greater will immediateload up until that given depth. .. change:: :tags: bug, orm :tickets: 10175 Fixed issue where dictionary-based collections such as :func:`_orm.attribute_keyed_dict` did not fully pickle/unpickle correctly, leading to issues when attempting to mutate such a collection after unpickling. .. change:: :tags: bug, orm :tickets: 10125 Fixed issue where chaining :func:`_orm.load_only` or other wildcard use of :func:`_orm.defer` from another eager loader using a :func:`_orm.aliased` against a joined inheritance subclass would fail to take effect for columns local to the superclass. .. change:: :tags: bug, orm :tickets: 10167 Fixed issue where an ORM-enabled :func:`_sql.select` construct would not render any CTEs added only via the :meth:`_sql.Select.add_cte` method that were not otherwise referenced in the statement. .. change:: :tags: bug, examples The dogpile_caching examples have been updated for 2.0 style queries. Within the &quot;caching query&quot; logic itself there is one conditional added to differentiate between ``Query`` and ``select()`` when performing an invalidation operation. .. change:: :tags: typing, usecase :tickets: 10173 Added new typing only utility functions :func:`.Nullable` and :func:`.NotNullable` to type a column or ORM class as, respectively, nullable or not nullable. These function are no-op at runtime, returning the input unchanged. .. change:: :tags: bug, engine :tickets: 10147 Fixed critical issue where setting :paramref:`_sa.create_engine.isolation_level` to ``AUTOCOMMIT`` (as opposed to using the :meth:`_engine.Engine.execution_options` method) would fail to restore &quot;autocommit&quot; to a pooled connection if an alternate isolation level were temporarily selected using :paramref:`_engine.Connection.execution_options.isolation_level`. .. changelog:: ``` ### 2.0.19 ``` :released: July 15, 2023 .. change:: :tags: bug, orm :tickets: 10089 Fixed issue where setting a relationship collection directly, where an object in the new collection were already present, would not trigger a cascade event for that object, leading to it not being added to the :class:`_orm.Session` if it were not already present. This is similar in nature to :ticket:`6471` and is a more apparent issue due to the removal of ``cascade_backrefs`` in the 2.0 series. The :meth:`_orm.AttributeEvents.append_wo_mutation` event added as part of :ticket:`6471` is now also emitted for existing members of a collection that are present in a bulk set of that same collection. .. change:: :tags: bug, engine :tickets: 10093 Renamed :attr:`_result.Row.t` and :meth:`_result.Row.tuple` to :attr:`_result.Row._t` and :meth:`_result.Row._tuple`; this is to suit the policy that all methods and pre-defined attributes on :class:`.Row` should be in the style of Python standard library ``namedtuple`` where all fixed names have a leading underscore, to avoid name conflicts with existing column names. The previous method/attribute is now deprecated and will emit a deprecation warning. .. change:: :tags: bug, postgresql :tickets: 10069 Fixed regression caused by improvements to PostgreSQL URL parsing in :ticket:`10004` where &quot;host&quot; query string arguments that had colons in them, to support various third party proxy servers and/or dialects, would not parse correctly as these were evaluted as ``host:port`` combinations. Parsing has been updated to consider a colon as indicating a ``host:port`` value only if the hostname contains only alphanumeric characters with dots or dashes only (e.g. no slashes), followed by exactly one colon followed by an all-integer token of zero or more integers. In all other cases, the full string is taken as a host. .. change:: :tags: bug, engine :tickets: 10079 Added detection for non-string, non-:class:`_engine.URL` objects to the :func:`_engine.make_url` function, allowing ``ArgumentError`` to be thrown immediately, rather than causing failures later on. Special logic ensures that mock forms of :class:`_engine.URL` are allowed through. Pull request courtesy Grigoriev Semyon. .. change:: :tags: bug, orm :tickets: 10090 Fixed issue where objects that were associated with an unloaded collection via backref, but were not merged into the :class:`_orm.Session` due to the removal of ``cascade_backrefs`` in the 2.0 series, would not emit a warning that these objects were not being included in a flush, even though they were pending members of the collection; in other such cases, a warning is emitted when a collection being flushed contains non-attached objects which will be essentially discarded. The addition of the warning for backref-pending collection members establishes greater consistency with collections that may be present or non-present and possibly flushed or not flushed at different times based on different relationship loading strategies. .. change:: :tags: bug, postgresql :tickets: 10096 Fixed issue where comparisons to the :class:`_postgresql.CITEXT` datatype would cast the right side to ``VARCHAR``, leading to the right side not being interpreted as a ``CITEXT`` datatype, for the asyncpg, psycopg3 and pg80000 dialects. This led to the :class:`_postgresql.CITEXT` type being essentially unusable for practical use; this is now fixed and the test suite has been corrected to properly assert that expressions are rendered correctly. .. change:: :tags: bug, orm, regression :tickets: 10098 Fixed additional regression caused by :ticket:`9805` where more aggressive propagation of the &quot;ORM&quot; flag on statements could lead to an internal attribute error when embedding an ORM :class:`.Query` construct that nonetheless contained no ORM entities within a Core SQL statement, in this case ORM-enabled UPDATE and DELETE statements. .. changelog:: ``` ### 2.0.18 ``` :released: July 5, 2023 .. change:: :tags: usecase, typing :tickets: 10054 Improved typing when using standalone operator functions from ``sqlalchemy.sql.operators`` such as ``sqlalchemy.sql.operators.eq``. .. change:: :tags: usecase, mariadb, reflection :tickets: 10028 Allowed reflecting :class:`_types.UUID` columns from MariaDB. This allows Alembic to properly detect the type of such columns in existing MariaDB databases. .. change:: :tags: bug, postgresql :tickets: 9945 Added new parameter ``native_inet_types=False`` to all PostgreSQL dialects, which indicates converters used by the DBAPI to convert rows from PostgreSQL :class:`.INET` and :class:`.CIDR` columns into Python ``ipaddress`` datatypes should be disabled, returning strings instead. This allows code written to work with strings for these datatypes to be migrated to asyncpg, psycopg, or pg8000 without code changes other than adding this parameter to the :func:`_sa.create_engine` or :func:`_asyncio.create_async_engine` function call. .. seealso:: :ref:`postgresql_network_datatypes` .. change:: :tags: usecase, extensions :tickets: 10013 Added new option to :func:`.association_proxy` :paramref:`.association_proxy.create_on_none_assignment`; when an association proxy which refers to a scalar relationship is assigned the value ``None``, and the referenced object is not present, a new object is created via the creator. This was apparently an undefined behavior in the 1.2 series that was silently removed. .. change:: :tags: bug, typing :tickets: 10061 Fixed some of the typing within the :func:`_orm.aliased` construct to correctly accept a :class:`.Table` object that&#x27;s been aliased with :meth:`.Table.alias`, as well as general support for :class:`.FromClause` objects to be passed as the &quot;selectable&quot; argument, since this is all supported. .. change:: :tags: bug, engine :tickets: 10025 Adjusted the :paramref:`_sa.create_engine.schema_translate_map` feature such that **all** schema names in the statement are now tokenized, regardless of whether or not a specific name is in the immediate schema translate map given, and to fallback to substituting the original name when the key is not in the actual schema translate map at execution time. These two changes allow for repeated use of a compiled object with schema schema_translate_maps that include or dont include various keys on each run, allowing cached SQL constructs to continue to function at runtime when schema translate maps with different sets of keys are used each time. In addition, added detection of schema_translate_map dictionaries which gain or lose a ``None`` key across calls for the same statement, which affects compilation of the statement and is not compatible with caching; an exception is raised for these scenarios. .. change:: :tags: bug, mssql, sql :tickets: 9932 Fixed issue where performing :class:`.Cast` to a string type with an explicit collation would render the COLLATE clause inside the CAST function, which resulted in a syntax error. .. change:: :tags: usecase, mssql :tickets: 7340 Added support for creation and reflection of COLUMNSTORE indexes in MSSQL dialect. Can be specified on indexes specifying ``mssql_columnstore=True``. .. change:: :tags: usecase, postgresql :tickets: 10004 Added multi-host support for the asyncpg dialect. General improvements and error checking added to the PostgreSQL URL routines for the &quot;multihost&quot; use case added as well. Pull request courtesy Ilia Dmitriev. .. seealso:: :ref:`asyncpg_multihost` .. changelog:: ``` ### 2.0.17 ``` :released: June 23, 2023 .. change:: :tags: usecase, postgresql :tickets: 9965 The pg8000 dialect now supports RANGE and MULTIRANGE datatypes, using the existing RANGE API described at :ref:`postgresql_ranges`. Range and multirange types are supported in the pg8000 driver from version 1.29.8. Pull request courtesy Tony Locke. .. change:: :tags: bug, orm, regression :tickets: 9870 Fixed regression in the 2.0 series where a query that used :func:`.undefer_group` with :func:`_orm.selectinload` or :func:`_orm.subqueryload` would raise an ``AttributeError``. Pull request courtesy of Matthew Martin. .. change:: :tags: bug, orm :tickets: 9957 Fixed issue in ORM Annotated Declarative which prevented a :class:`_orm.declared_attr` from being used on a mixin which did not return a :class:`.Mapped` datatype, and instead returned a supplemental ORM datatype such as :class:`.AssociationProxy`. The Declarative runtime would erroneously try to interpret this annotation as needing to be :class:`.Mapped` and raise an error. .. change:: :tags: bug, orm, typing :tickets: 9957 Fixed typing issue where using the :class:`.AssociationProxy` return type from a :class:`_orm.declared_attr` function was disallowed. .. change:: :tags: bug, orm, regression :tickets: 9936 Fixed regression introduced in 2.0.16 by :ticket:`9879` where passing a callable to the :paramref:`_orm.mapped_column.default` parameter of :class:`_orm.mapped_column` while also setting ``init=False`` would interpret this value as a Dataclass default value which would be assigned directly to new instances of the object directly, bypassing the default generator taking place as the :paramref:`_schema.Column.default` value generator on the underlying :class:`_schema.Column`. This condition is now detected so that the previous behavior is maintained, however a deprecation warning for this ambiguous use is emitted; to populate the default generator for a :class:`_schema.Column`, the :paramref:`_orm.mapped_column.insert_default` parameter should be used, which disambiguates from the :paramref:`_orm.mapped_column.default` parameter whose name is fixed as per pep-681. .. change:: :tags: bug, orm :tickets: 9973 Additional hardening and documentation for the ORM :class:`_orm.Session` &quot;state change&quot; system, which detects concurrent use of :class:`_orm.Session` and :class:`_asyncio.AsyncSession` objects; an additional check is added within the process to acquire connections from the underlying engine, which is a critical section with regards to internal connection management. .. change:: :tags: bug, orm :tickets: 10006 Fixed issue in ORM loader strategy logic which further allows for long chains of :func:`_orm.contains_eager` loader options across complex inheriting polymorphic / aliased / of_type() relationship chains to take proper effect in queries. .. change:: :tags: bug, orm, declarative :tickets: 3532 A warning is emitted when an ORM :func:`_orm.relationship` and other :class:`.MapperProperty` objects are assigned to two different class attributes at once; only one of the attributes will be mapped. A warning for this condition was already in place for :class:`_schema.Column` and :class:`_orm.mapped_column` objects. .. change:: :tags: bug, orm :tickets: 9963 Fixed issue in support for the :class:`.Enum` datatype in the :paramref:`_orm.registry.type_annotation_map` first added as part of :ticket:`8859` where using a custom :class:`.Enum` with fixed configuration in the map would fail to transfer the :paramref:`.Enum.name` parameter, which among other issues would prevent PostgreSQL enums from working if the enum values were passed as individual values. Logic has been updated so that &quot;name&quot; is transferred over, but also that the default :class:`.Enum` which is against the plain Python `enum.Enum` class or other &quot;empty&quot; enum won&#x27;t set a hardcoded name of ``&quot;enum&quot;`` either. .. change:: :tags: bug, typing :tickets: 9985 Fixed typing issue which prevented :class:`_orm.WriteOnlyMapped` and :class:`_orm.DynamicMapped` attributes from being used fully within ORM queries. .. changelog:: ``` ### 2.0.16 ``` :released: June 10, 2023 .. change:: :tags: usecase, postgresql, reflection :tickets: 9838 Cast ``NAME`` columns to ``TEXT`` when using ``ARRAY_AGG`` in PostgreSQL reflection. This seems to improve compatibility with some PostgreSQL derivatives that may not support aggregations on the ``NAME`` type. .. change:: :tags: bug, orm :tickets: 9862 Fixed issue where :class:`.DeclarativeBaseNoMeta` declarative base class would not function with non-mapped mixins or abstract classes, raising an ``AttributeError`` instead. .. change:: :tags: usecase, orm :tickets: 9828 Improved :meth:`.DeferredReflection.prepare` to accept arbitrary ``**kw`` arguments that are passed to :meth:`_schema.MetaData.reflect`, allowing use cases such as reflection of views as well as dialect-specific arguments to be passed. Additionally, modernized the :paramref:`.DeferredReflection.prepare.bind` argument so that either an :class:`.Engine` or :class:`.Connection` are accepted as the &quot;bind&quot; argument. .. change:: :tags: usecase, asyncio :tickets: 8215 Added new :paramref:`_asyncio.create_async_engine.async_creator` parameter to :func:`.create_async_engine`, which accomplishes the same purpose as the :paramref:`.create_engine.creator` parameter of :func:`.create_engine`. This is a no-argument callable that provides a new asyncio connection, using the asyncio database driver directly. The :func:`.create_async_engine` function will wrap the driver-level connection in the appropriate structures. Pull request curtesy of Jack Wotherspoon. .. change:: :tags: bug, orm, regression :tickets: 9820 Fixed regression in the 2.0 series where the default value of :paramref:`_orm.validates.include_backrefs` got changed to ``False`` for the :func:`_orm.validates` function. This default is now restored to ``True``. .. change:: :tags: bug, orm :tickets: 9917 Fixed bug in new feature which allows a WHERE clause to be used in conjunction with :ref:`orm_queryguide_bulk_update`, added in version 2.0.11 as part of :ticket:`9583`, where sending dictionaries that did not include the primary key values for each row would run through the bulk process and include &quot;pk=NULL&quot; for the rows, silently failing. An exception is now raised if primary key values for bulk UPDATE are not supplied. .. change:: :tags: bug, postgresql :tickets: 9836 Use proper precedence on PostgreSQL specific operators, such as ``&gt;``. Previously the precedence was wrong, leading to wrong parenthesis when rendering against and ``ANY`` or ``ALL`` construct. .. change:: :tags: bug, orm, dataclasses :tickets: 9879 Fixed an issue where generating dataclasses fields that specified a ``default`` value and set ``init=False`` would not work. The dataclasses behavior in this case is to set the default value on the class, that&#x27;s not compatible with the descriptors used by SQLAlchemy. To support this case the default is transformed to a ``default_factory`` when generating the dataclass. .. change:: :tags: bug, orm :tickets: 9841 A deprecation warning is emitted whenever a property is added to a :class:`_orm.Mapper` where an ORM mapped property were already configured, or an attribute is already present on the class. Previously, there was a non-deprecation warning for this case that did not emit consistently. The logic for this warning has been improved so that it detects end-user replacement of attribute while not having false positives for internal Declarative and other cases where replacement of descriptors with new ones is expected. .. change:: :tags: bug, postgresql :tickets: 9907 Fixed issue where the :paramref:`.ColumnOperators.like.escape` and similar parameters did not allow an empty string as an argument that would be passed through as the &quot;escape&quot; character; this is a supported syntax by PostgreSQL. Pull requset courtesy Martin Caslavsky. .. change:: :tags: bug, orm :tickets: 9869 Improved the argument chacking on the :paramref:`_orm.registry.map_imperatively.local_table` parameter of the :meth:`_orm.registry.map_imperatively` method, ensuring only a :class:`.Table` or other :class:`.FromClause` is passed, and not an existing mapped class, which would lead to undefined behavior as the object were further interpreted for a new mapping. .. change:: :tags: usecase, postgresql :tickets: 9041 Unified the custom PostgreSQL operator definitions, since they are shared among multiple different data types. .. change:: :tags: platform, usecase Compatibility improvements allowing the complete test suite to pass on Python 3.12.0b1. .. change:: :tags: bug, orm :tickets: 9913 The :attr:`_orm.InstanceState.unloaded_expirable` attribute is a synonym for :attr:`_orm.InstanceState.unloaded`, and is now deprecated; this attribute was always implementation-specific and should not have been public. .. change:: :tags: usecase, postgresql :tickets: 8240 Added support for PostgreSQL 10 ``NULLS NOT DISTINCT`` feature of unique indexes and unique constraint using the dialect option ``postgresql_nulls_not_distinct``. Updated the reflection logic to also correctly take this option into account. Pull request courtesy of Pavel Siarchenia. .. changelog:: ``` ### 2.0.15 ``` :released: May 19, 2023 .. change:: :tags: bug, orm :tickets: 9805 As more projects are using new-style &quot;2.0&quot; ORM querying, it&#x27;s becoming apparent that the conditional nature of &quot;autoflush&quot;, being based on whether or not the given statement refers to ORM entities, is becoming more of a key behavior. Up until now, the &quot;ORM&quot; flag for a statement has been loosely based around whether or not the statement returns rows that correspond to ORM entities or columns; the original purpose of the &quot;ORM&quot; flag was to enable ORM-entity fetching rules which apply post-processing to Core result sets as well as ORM loader strategies to the statement. For statements that don&#x27;t build on rows that contain ORM entities, the &quot;ORM&quot; flag was considered to be mostly unnecessary. It still may be the case that &quot;autoflush&quot; would be better taking effect for *all* usage of :meth:`_orm.Session.execute` and related methods, even for purely Core SQL constructs. However, this still could impact legacy cases where this is not expected and may be more of a 2.1 thing. For now however, the rules for the &quot;ORM-flag&quot; have been opened up so that a statement that includes ORM entities or attributes anywhere within, including in the WHERE / ORDER BY / GROUP BY clause alone, within scalar subqueries, etc. will enable this flag. This will cause &quot;autoflush&quot; to occur for such statements and also be visible via the :attr:`_orm.ORMExecuteState.is_orm_statement` event-level attribute. .. change:: :tags: bug, postgresql, regression :tickets: 9808 Repaired the base :class:`.Uuid` datatype for the PostgreSQL dialect to make full use of the PG-specific ``UUID`` dialect-specific datatype when &quot;native_uuid&quot; is selected, so that PG driver behaviors are included. This issue became apparent due to the insertmanyvalues improvement made as part of :ticket:`9618`, where in a similar manner as that of :ticket:`9739`, the asyncpg driver is very sensitive to datatype casts being present or not, and the PostgreSQL driver-specific native ``UUID`` datatype must be invoked when this generic type is used so that these casts take place. .. changelog:: ``` ### 2.0.14 ``` :released: May 18, 2023 .. change:: :tags: bug, sql :tickets: 9772 Fixed issue in :func:`_sql.values` construct where an internal compilation error would occur if the construct were used inside of a scalar subquery. .. change:: :tags: usecase, sql :tickets: 9752 Generalized the MSSQL :func:`_sql.try_cast` function into the ``sqlalchemy.`` import namespace so that it may be implemented by third party dialects as well. Within SQLAlchemy, the :func:`_sql.try_cast` function remains a SQL Server-only construct that will raise :class:`.CompileError` if used with backends that don&#x27;t support it. :func:`_sql.try_cast` implements a CAST where un-castable conversions are returned as NULL, instead of raising an error. Theoretically, the construct could be implemented by third party dialects for Google BigQuery, DuckDB, and Snowflake, and possibly others. Pull request courtesy Nick Crews. .. change:: :tags: bug, tests, pypy :tickets: 9789 Fixed test that relied on the ``sys.getsizeof()`` function to not run on pypy, where this function appears to have different behavior than it does on cpython. .. change:: :tags: bug, orm :tickets: 9777 Modified the ``JoinedLoader`` implementation to use a simpler approach in one particular area where it previously used a cached structure that would be shared among threads. The rationale is to avoid a potential race condition which is suspected of being the cause of a particular crash that&#x27;s been reported multiple times. The cached structure in question is still ultimately &quot;cached&quot; via the compiled SQL cache, so a performance degradation is not anticipated. .. change:: :tags: bug, orm, regression :tickets: 9767 Fixed regression where use of :func:`_dml.update` or :func:`_dml.delete` within a :class:`_sql.CTE` construct, then used in a :func:`_sql.select`, would raise a :class:`.CompileError` as a result of ORM related rules for performing ORM-level update/delete statements. .. change:: :tags: bug, orm :tickets: 9766 Fixed issue in new ORM Annotated Declarative where using a :class:`_schema.ForeignKey` (or other column-level constraint) inside of :func:`_orm.mapped_column` which is then copied out to models via pep-593 ``Annotated`` would apply duplicates of each constraint to the :class:`_schema.Column` as produced in the target :class:`_schema.Table`, leading to incorrect CREATE TABLE DDL as well as migration directives under Alembic. .. change:: :tags: bug, orm :tickets: 9779 Fixed issue where using additional relationship criteria with the :func:`_orm.joinedload` loader option, where the additional criteria itself contained correlated subqueries that referred to the joined entities and therefore also required &quot;adaption&quot; to aliased entities, would be excluded from this adaption, producing the wrong ON clause for the joinedload. .. change:: :tags: bug, postgresql :tickets: 9773 Fixed apparently very old issue where the :paramref:`_postgresql.ENUM.create_type` parameter, when set to its non-default of ``False``, would not be propagated when the :class:`_schema.Column` which it&#x27;s a part of were copied, as is common when using ORM Declarative mixins. .. changelog:: ``` ### 2.0.13 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 01:34:06 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 01:34:07 +03:00

[PR #342] [CLOSED] Scheduled weekly dependency update for week 42 #349

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pyup-scheduled-update-2026-04-20

pyup-scheduled-update-2024-09-16

pyup-scheduled-update-2023-07-24

pyup-scheduled-update-2023-06-19

pyup-scheduled-update-2023-05-22

pyup-scheduled-update-2023-05-15

pyup-scheduled-update-2023-05-08

dependabot/pip/flask-2.3.2

pyup-scheduled-update-2023-05-01

pyup-scheduled-update-2023-04-03

dependabot/pip/werkzeug-2.2.3

pyup-scheduled-update-2022-11-14

pyup-scheduled-update-2022-10-03

pyup-scheduled-update-2022-08-01

pyup-scheduled-update-2022-06-13

pyup-scheduled-update-2022-05-30

pyup-scheduled-update-2022-03-07

pyup-scheduled-update-2022-01-10

pyup-scheduled-update-2021-11-01

pyup-scheduled-update-2020-10-05

pyup-scheduled-update-2019-09-30

pyup-scheduled-update-2019-07-29

pyup-scheduled-update-2019-07-22

pyup-scheduled-update-2019-05-27

pyup-scheduled-update-2019-03-11

marshmallow

pyup-scheduled-update-2019-02-25

pyup-scheduled-update-2019-02-18

pyup-scheduled-update-2019-01-28

pyup-scheduled-update-2019-01-14

docker

name-map-stupid

swagger

fix-pagination

doc-expansion

specify-schema

No results found.

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactoring

  

research

  

wontfix

No labels

bug

duplicate

enhancement

help wanted

invalid

pull-request

question

refactoring

research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sandman2-jeffknupp#342

No description provided.