[PR #349] [CLOSED] Scheduled weekly dependency update for week 49 #355

New issue

Closed

opened 2026-02-26 01:34:09 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 01:34:09 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/jeffknupp/sandman2/pull/349
Author: @pyup-bot
Created: 12/4/2023
Status: ❌ Closed

Base: master ← Head: pyup-scheduled-update-2023-12-04

---

📝 Commits (10+)

• 78ac063 Update flask from 1.1.2 to 3.0.0
• 89fe43e Update flask-admin from 1.5.7 to 1.6.1
• c5c6251 Update flask-sqlalchemy from 2.4.4 to 3.1.1
• 0d8d1b4 Update sqlalchemy from 1.3.20 to 2.0.23
• 9be4e79 Update wtforms from 2.3.3 to 3.1.1
• 3e6e8df Update coverage from 5.3 to 7.3.2
• 687c8af Update pytest from 6.2.0 to 7.4.3
• 42fda21 Update flask-cors from 3.0.9 to 4.0.0
• 9ac352c Update pytest-cov from 2.10.1 to 4.1.0
• ad06e5e Update pytest-flask from 1.1.0 to 1.3.0

📊 Changes

1 file changed (+15 additions, -15 deletions)

View changed files

📝 requirements.txt (+15 -15)

📄 Description

Update Flask from 1.1.2 to 3.0.0.

Changelog

3.0.0

-------------

Released 2023-09-30

-   Remove previously deprecated code. :pr:`5223`
-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask")``, instead. :issue:`5230`
-   Restructure the code such that the Flask (app) and Blueprint
 classes have Sans-IO bases. :pr:`5127`
-   Allow self as an argument to url_for. :pr:`5264`
-   Require Werkzeug >= 3.0.0.

2.3.3

-------------

Released 2023-08-21

-   Python 3.12 compatibility.
-   Require Werkzeug >= 2.3.7.
-   Use ``flit_core`` instead of ``setuptools`` as build backend.
-   Refactor how an app's root and instance paths are determined. :issue:`5160`

2.3.2

-------------

Released 2023-05-01

-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.
-   Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

2.3.1

-------------

Released 2023-04-25

-   Restore deprecated ``from flask import Markup``. :issue:`5084`

2.3.0

-------------

Released 2023-04-25

-   Drop support for Python 3.7. :pr:`5072`
-   Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
 itsdangerous>=2.1.2, click>=8.1.3.
-   Remove previously deprecated code. :pr:`4995`

 -   The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and
     ``_request_ctx_stack`` objects are removed. ``top`` still exists to give
     extensions more time to update, but it will be removed.
 -   The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env``
     property are removed.
 -   The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``,
     ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app``
     are removed.
 -   The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and
     ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed.
 -   The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators
     are removed.
 -   ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the
     corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed.
 -   The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed.
 -   Calling setup methods on blueprints after registration is an error instead of a
     warning. :pr:`4997`

-   Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them
 directly from ``markupsafe`` instead. :pr:`4996`
-   The ``app.got_first_request`` property is deprecated. :pr:`4997`
-   The ``locked_cached_property`` decorator is deprecated. Use a lock inside the
 decorated function if locking is needed. :issue:`4993`
-   Signals are always available. ``blinker>=1.6.2`` is a required dependency. The
 ``signals_available`` attribute is deprecated. :issue:`5056`
-   Signals support ``async`` subscriber functions. :pr:`5049`
-   Remove uses of locks that could cause requests to block each other very briefly.
 :issue:`4993`
-   Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
 :pr:`4947`
-   Ensure subdomains are applied with nested blueprints. :issue:`4834`
-   ``config.from_file`` can use ``text=False`` to indicate that the parser wants a
 binary file instead. :issue:`4989`
-   If a blueprint is created with an empty name it raises a ``ValueError``.
 :issue:`5010`
-   ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not
 to set the domain, which modern browsers interpret as an exact match rather than
 a subdomain match. Warnings about ``localhost`` and IP addresses are also removed.
 :issue:`5051`
-   The ``routes`` command shows each rule's ``subdomain`` or ``host`` when domain
 matching is in use. :issue:`5004`
-   Use postponed evaluation of annotations. :pr:`5071`

2.2.5

-------------

Released 2023-05-02

-   Update for compatibility with Werkzeug 2.3.3.
-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.

2.2.4

-------------

Released 2023-04-25

-   Update for compatibility with Werkzeug 2.3.

2.2.3

-------------

Released 2023-02-15

-   Autoescape is enabled by default for ``.svg`` template files. :issue:`4831`
-   Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892`
-   Add ``--debug`` option to the ``flask run`` command. :issue:`4777`

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://data.safetycli.com/changelogs/flask/

Update Flask-Admin from 1.5.7 to 1.6.1.

Changelog

1.6.1

-----

* SQLAlchemy 2.x support
* General updates and bug fixes
* Dropped WTForms 1 support

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://data.safetycli.com/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.1.1.

Changelog

3.1.1

-------------

Released 2023-09-11

-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask-sqlalchemy")``, instead. :issue:`5230`

3.1.0

-------------

Released 2023-09-11

-   Drop support for Python 3.7.  :pr:`1251`
-   Add support for the SQLAlchemy 2.x API via ``model_class`` parameter. :issue:`1140`
-   Bump minimum version of SQLAlchemy to 2.0.16.
-   Remove previously deprecated code.
-   Pass extra keyword arguments from ``get_or_404`` to ``session.get``. :issue:`1149`
-   Fix bug with finding right bind key for clause statements. :issue:`1211`

3.0.5

-------------

Released 2023-06-21

-   ``Pagination.next()`` enforces ``max_per_page``. :issue:`1201`
-   Improve type hint for ``get_or_404`` return value to be non-optional. :pr:`1226`

3.0.4

-------------

Released 2023-06-19

-   Fix type hint for ``get_or_404`` return value. :pr:`1208`
-   Fix type hints for pyright (used by VS Code Pylance extension). :issue:`1205`

3.0.3

-------------

Released 2023-01-31

-   Show helpful errors when mistakenly using multiple ``SQLAlchemy`` instances for the
 same app, or without calling ``init_app``. :pr:`1151`
-   Fix issue with getting the engine associated with a model that uses polymorphic
 table inheritance. :issue:`1155`

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to
 return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://data.safetycli.com/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/Flask-SQLAlchemy/

Update SQLAlchemy from 1.3.20 to 2.0.23.

Changelog

2.0.23

:released: November 2, 2023

 .. change::
     :tags: bug, oracle
     :tickets: 10509

     Fixed issue in :class:`.Interval` datatype where the Oracle implementation
     was not being used for DDL generation, leading to the ``day_precision`` and
     ``second_precision`` parameters to be ignored, despite being supported by
     this dialect.  Pull request courtesy Indivar.

 .. change::
     :tags: bug, orm
     :tickets: 10516

     Fixed issue where the ``__allow_unmapped__`` directive failed to allow for
     legacy :class:`.Column` / :func:`.deferred` mappings that nonetheless had
     annotations such as ``Any`` or a specific type without ``Mapped[]`` as
     their type, without errors related to locating the attribute name.

 .. change::
     :tags: bug, mariadb
     :tickets: 10056

     Adjusted the MySQL / MariaDB dialects to default a generated column to NULL
     when using MariaDB, if :paramref:`_schema.Column.nullable` was not
     specified with an explicit ``True`` or ``False`` value, as MariaDB does not
     support the "NOT NULL" phrase with a generated column.  Pull request
     courtesy Indivar.


 .. change::
     :tags: bug, mariadb, regression
     :tickets: 10505

     Established a workaround for what seems to be an intrinsic issue across
     MySQL/MariaDB drivers where a RETURNING result for DELETE DML which returns
     no rows using SQLAlchemy's "empty IN" criteria fails to provide a
     cursor.description, which then yields result that returns no rows,
     leading to regressions for the ORM that in the 2.0 series uses RETURNING
     for bulk DELETE statements for the "synchronize session" feature. To
     resolve, when the specific case of "no description when RETURNING was
     given" is detected, an "empty result" with a correct cursor description is
     generated and used in place of the non-working cursor.

 .. change::
     :tags: bug, orm
     :tickets: 10570

     Fixed caching bug where using the :func:`_orm.with_expression` construct in
     conjunction with loader options :func:`_orm.selectinload`,
     :func:`_orm.lazyload` would fail to substitute bound parameter values
     correctly on subsequent caching runs.

 .. change::
     :tags: usecase, mssql
     :tickets: 6521

     Added support for the ``aioodbc`` driver implemented for SQL Server,
     which builds on top of the pyodbc and general aio* dialect architecture.

     .. seealso::

         :ref:`mssql_aioodbc` - in the SQL Server dialect documentation.



 .. change::
     :tags: bug, sql
     :tickets: 10535

     Added compiler-level None/NULL handling for the "literal processors" of all
     datatypes that include literal processing, that is, where a value is
     rendered inline within a SQL statement rather than as a bound parameter,
     for all those types that do not feature explicit "null value" handling.
     Previously this behavior was undefined and inconsistent.

 .. change::
     :tags: usecase, orm
     :tickets: 10575

     Implemented the :paramref:`_orm.Session.bulk_insert_mappings.render_nulls`
     parameter for new style bulk ORM inserts, allowing ``render_nulls=True`` as
     an execution option.   This allows for bulk ORM inserts with a mixture of
     ``None`` values in the parameter dictionaries to use a single batch of rows
     for a given set of dicationary keys, rather than breaking up into batches
     that omit the NULL columns from each INSERT.

     .. seealso::

         :ref:`orm_queryguide_insert_null_params`

 .. change::
     :tags: bug, postgresql
     :tickets: 10479

     Fixed 2.0 regression caused by :ticket:`7744` where chains of expressions
     involving PostgreSQL JSON operators combined with other operators such as
     string concatenation would lose correct parenthesization, due to an
     implementation detail specific to the PostgreSQL dialect.

 .. change::
     :tags: bug, postgresql
     :tickets: 10532

     Fixed SQL handling for "insertmanyvalues" when using the
     :class:`.postgresql.BIT` datatype with the asyncpg backend.  The
     :class:`.postgresql.BIT` on asyncpg apparently requires the use of an
     asyncpg-specific ``BitString`` type which is currently exposed when using
     this DBAPI, making it incompatible with other PostgreSQL DBAPIs that all
     work with plain bitstrings here.  A future fix in version 2.1 will
     normalize this datatype across all PG backends.   Pull request courtesy
     Sören Oldag.


 .. change::
     :tags: usecase, sql
     :tickets: 9737

     Implemented "literal value processing" for the :class:`.Interval` datatype
     for both the PostgreSQL and Oracle dialects, allowing literal rendering of
     interval values.  Pull request courtesy Indivar Mishra.

 .. change::
     :tags: bug, oracle
     :tickets: 10470

     Fixed issue where the cx_Oracle dialect claimed to support a lower
     cx_Oracle version (7.x) than was actually supported in practice within the
     2.0 series of SQLAlchemy. The dialect imports symbols that are only in
     cx_Oracle 8 or higher, so runtime dialect checks as well as setup.cfg
     requirements have been updated to reflect this compatibility.

 .. change::
     :tags: sql

     Removed unused placeholder method :meth:`.TypeEngine.compare_against_backend`
     This method was used by very old versions of Alembic.
     See https://github.com/sqlalchemy/alembic/issues/1293 for details.

 .. change::
     :tags: bug, orm
     :tickets: 10472

     Fixed bug in ORM annotated declarative where using a ``ClassVar`` that
     nonetheless referred in some way to an ORM mapped class name would fail to
     be interpreted as a ``ClassVar`` that's not mapped.

 .. change::
     :tags: bug, asyncio
     :tickets: 10421

     Fixed bug with method :meth:`_asyncio.AsyncSession.close_all`
     that was not working correctly.
     Also added function :func:`_asyncio.close_all_sessions` that's
     the equivalent of :func:`_orm.close_all_sessions`.
     Pull request courtesy of Bryan不可思议.

.. changelog::

2.0.22

:released: October 12, 2023

 .. change::
     :tags: bug, orm
     :tickets: 10369, 10046

     Fixed a wide range of :func:`_orm.mapped_column` parameters that were not
     being transferred when using the :func:`_orm.mapped_column` object inside
     of a pep-593 ``Annotated`` object, including
     :paramref:`_orm.mapped_column.sort_order`,
     :paramref:`_orm.mapped_column.deferred`,
     :paramref:`_orm.mapped_column.autoincrement`,
     :paramref:`_orm.mapped_column.system`, :paramref:`_orm.mapped_column.info`
     etc.

     Additionally, it remains not supported to have dataclass arguments, such as
     :paramref:`_orm.mapped_column.kw_only`,
     :paramref:`_orm.mapped_column.default_factory` etc. indicated within the
     :func:`_orm.mapped_column` received by ``Annotated``, as this is not
     supported with pep-681 Dataclass Transforms.  A warning is now emitted when
     these parameters are used within ``Annotated`` in this way (and they
     continue to be ignored).

 .. change::
     :tags: bug, orm
     :tickets: 10459

     Fixed issue where calling :meth:`_engine.Result.unique` with a new-style
     :func:`.select` query in the ORM, where one or more columns yields values
     that are of "unknown hashability", typically when using JSON functions like
     ``func.json_build_object()`` without providing a type, would fail
     internally when the returned values were not actually hashable. The
     behavior is repaired to test the objects as they are received for
     hashability in this case, raising an informative error message if not. Note
     that for values of "known unhashability", such as when the
     :class:`_types.JSON` or :class:`_types.ARRAY` types are used directly, an
     informative error message was already raised.

     The "hashabiltiy testing" fix here is applied to legacy :class:`.Query` as
     well, however in the legacy case, :meth:`_engine.Result.unique` is used for
     nearly all queries, so no new warning is emitted here; the legacy behavior
     of falling back to using ``id()`` in this case is maintained, with the
     improvement that an unknown type that turns out to be hashable will now be
     uniqufied, whereas previously it would not.

 .. change::
     :tags: bug, orm
     :tickets: 10453

     Fixed regression in recently revised "insertmanyvalues" feature (likely
     issue :ticket:`9618`) where the ORM would inadvertently attempt to
     interpret a non-RETURNING result as one with RETURNING, in the case where
     the ``implicit_returning=False`` parameter were applied to the mapped
     :class:`.Table`, indicating that "insertmanyvalues" cannot be used if the
     primary key values are not provided.

 .. change::
     :tags: bug, engine

     Fixed issue within some dialects where the dialect could incorrectly return
     an empty result set for an INSERT statement that does not actually return
     rows at all, due to artfacts from pre- or post-fetching the primary key of
     the row or rows still being present.  Affected dialects included asyncpg,
     all mssql dialects.

 .. change::
     :tags: bug, typing
     :tickets: 10451

     Fixed typing issue where the argument list passed to :class:`.Values` was
     too-restrictively tied to ``List`` rather than ``Sequence``.  Pull request
     courtesy Iuri de Silvio.

 .. change::
     :tags: bug, orm
     :tickets: 10365

     Fixed bug where ORM :func:`_orm.with_loader_criteria` would not apply
     itself to a :meth:`_sql.Select.join` where the ON clause were given as a
     plain SQL comparison, rather than as a relationship target or similar.

 .. change::
     :tags: bug, sql
     :tickets: 10408

     Fixed issue where referring to a FROM entry in the SET clause of an UPDATE
     statement would not include it in the FROM clause of the UPDATE statement,
     if that entry were nowhere else in the statement; this occurs currently for
     CTEs that were added using :meth:`.Update.add_cte` to provide the desired
     CTE at the top of the statement.

 .. change::
     :tags: bug, mariadb
     :tickets: 10396

     Modified the mariadb-connector driver to pre-load the ``cursor.rowcount``
     value for all queries, to suit tools such as Pandas that hardcode to
     calling :attr:`.Result.rowcount` in this way. SQLAlchemy normally pre-loads
     ``cursor.rowcount`` only for UPDATE/DELETE statements and otherwise passes
     through to the DBAPI where it can return -1 if no value is available.
     However, mariadb-connector does not support invoking ``cursor.rowcount``
     after the cursor itself is closed, raising an error instead.  Generic test
     support has been added to ensure all backends support the allowing
     :attr:`.Result.rowcount` to succceed (that is, returning an integer
     value with -1 for "not available") after the result is closed.



 .. change::
     :tags: bug, mariadb

     Additional fixes for the mariadb-connector dialect to support UUID data
     values in the result in INSERT..RETURNING statements.

 .. change::
     :tags: bug, mssql
     :tickets: 10458

     Fixed bug where the rule that prevents ORDER BY from emitting within
     subqueries on SQL Server was not being disabled in the case where the
     :meth:`.select.fetch` method were used to limit rows in conjunction with
     WITH TIES or PERCENT, preventing valid subqueries with TOP / ORDER BY from
     being used.



 .. change::
     :tags: bug, sql
     :tickets: 10443

     Fixed 2.0 regression where the :class:`.DDL` construct would no longer
     ``__repr__()`` due to the removed ``on`` attribute not being accommodated.
     Pull request courtesy Iuri de Silvio.

 .. change::
     :tags: orm, usecase
     :tickets: 10202

     Added method :meth:`_orm.Session.get_one` that behaves like
     :meth:`_orm.Session.get` but raises an exception instead of returning
     ``None`` if no instance was found with the provided primary key.
     Pull request courtesy of Carlos Sousa.


 .. change::
     :tags: asyncio, bug

     Fixed the :paramref:`_asyncio.AsyncSession.get.execution_options` parameter
     which was not being propagated to the underlying :class:`_orm.Session` and
     was instead being ignored.

 .. change::
     :tags: bug, orm
     :tickets: 10412

     Fixed issue where :class:`.Mapped` symbols like :class:`.WriteOnlyMapped`
     and :class:`.DynamicMapped` could not be correctly resolved when referenced
     as an element of a sub-module in the given annotation, assuming
     string-based or "future annotations" style annotations.

 .. change::
     :tags: bug, engine
     :tickets: 10414

     Fixed issue where under some garbage collection / exception scenarios the
     connection pool's cleanup routine would raise an error due to an unexpected
     set of state, which can be reproduced under specific conditions.

 .. change::
     :tags: bug, typing

     Updates to the codebase to support Mypy 1.6.0.

 .. change::
     :tags: usecase, orm
     :tickets: 7787

     Added an option to permanently close sessions.
     Set to ``False`` the new parameter :paramref:`_orm.Session.close_resets_only`
     will prevent a :class:`_orm.Session` from performing any other
     operation after :meth:`_orm.Session.close` has been called.

     Added new method :meth:`_orm.Session.reset` that will reset a :class:`_orm.Session`
     to its initial state. This is an alias of :meth:`_orm.Session.close`,
     unless :paramref:`_orm.Session.close_resets_only` is set to ``False``.

 .. change::
     :tags: orm, bug
     :tickets: 10385

     Fixed issue with ``__allow_unmapped__`` declarative option
     where types that were declared using collection types such as
     ``list[SomeClass]`` vs. the typing construct ``List[SomeClass]``
     would fail to be recognized correctly.  Pull request courtesy
     Pascal Corpet.

.. changelog::

2.0.21

:released: September 18, 2023

 .. change::
     :tags: bug, sql
     :tickets: 9610

     Adjusted the operator precedence for the string concatenation operator to
     be equal to that of string matching operators, such as
     :meth:`.ColumnElement.like`, :meth:`.ColumnElement.regexp_match`,
     :meth:`.ColumnElement.match`, etc., as well as plain ``==`` which has the
     same precedence as string comparison operators, so that parenthesis will be
     applied to a string concatenation expression that follows a string match
     operator. This provides for backends such as PostgreSQL where the "regexp
     match" operator is apparently of higher precedence than the string
     concatenation operator.

 .. change::
     :tags: bug, sql
     :tickets: 10342

     Qualified the use of ``hashlib.md5()`` within the DDL compiler, which is
     used to generate deterministic four-character suffixes for long index and
     constraint names in DDL statements, to include the Python 3.9+
     ``usedforsecurity=False`` parameter so that Python interpreters built for
     restricted environments such as FIPS do not consider this call to be
     related to security concerns.

 .. change::
     :tags: bug, postgresql
     :tickets: 10226

     Fixed regression which appeared in 2.0 due to :ticket:`8491` where the
     revised "ping" used for PostgreSQL dialects when the
     :paramref:`_sa.create_engine.pool_pre_ping` parameter is in use would
     interfere with the use of asyncpg with PGBouncer "transaction" mode, as the
     multiple PostgreSQL commands emitted by asnycpg could be broken out among
     multiple connections leading to errors, due to the lack of any transaction
     around this newly revised "ping".   The ping is now invoked within a
     transaction, in the same way that is implicit with all other backends that
     are based on the pep-249 DBAPI; this guarantees that the series of PG
     commands sent by asyncpg for this command are invoked on the same backend
     connection without it jumping to a different connection mid-command.  The
     transaction is not used if the asyncpg dialect is used in "AUTOCOMMIT"
     mode, which remains incompatible with pgbouncer transaction mode.


 .. change::
     :tags: bug, orm
     :tickets: 10279

     Adjusted the ORM's interpretation of the "target" entity used within
     :class:`.Update` and :class:`.Delete` to not interfere with the target
     "from" object passed to the statement, such as when passing an ORM-mapped
     :class:`_orm.aliased` construct that should be maintained within a phrase
     like "UPDATE FROM".  Cases like ORM session synchonize using "SELECT"
     statements such as with MySQL/ MariaDB will still have issues with
     UPDATE/DELETE of this form so it's best to disable synchonize_session when
     using DML statements of this type.

 .. change::
     :tags: bug, orm
     :tickets: 10348

     Added new capability to the :func:`_orm.selectin_polymorphic` loader option
     which allows other loader options to be bundled as siblings, referring to
     one of its subclasses, within the sub-options of parent loader option.
     Previously, this pattern was only supported if the
     :func:`_orm.selectin_polymorphic` were at the top level of the options for
     the query.   See new documentation section for example.

     As part of this change, improved the behavior of the
     :meth:`_orm.Load.selectin_polymorphic` method / loader strategy so that the
     subclass load does not load most already-loaded columns from the parent
     table, when the option is used against a class that is already being
     relationship-loaded.  Previously, the logic to load only the subclass
     columns worked only for a top level class load.

     .. seealso::

         :ref:`polymorphic_selectin_as_loader_option_target_plus_opts`

 .. change::
     :tags: bug, typing
     :tickets: 10264, 9284

     Fixed regression introduced in 2.0.20 via :ticket:`9600` fix which
     attempted to add more formal typing to
     :paramref:`_schema.MetaData.naming_convention`. This change prevented basic
     naming convention dictionaries from passing typing and has been adjusted so
     that a plain dictionary of strings for keys as well as dictionaries that
     use constraint types as keys or a mix of both, are again accepted.

     As part of this change, lesser used forms of the naming convention
     dictionary are also typed, including that it currently allows for
     ``Constraint`` type objects as keys as well.

 .. change::
     :tags: usecase, typing
     :tickets: 10288

     Made the contained type for :class:`.Mapped` covariant; this is to allow
     greater flexibility for end-user typing scenarios, such as the use of
     protocols to represent particular mapped class structures that are passed
     to other functions. As part of this change, the contained type was also
     made covariant for dependent and related types such as
     :class:`_orm.base.SQLORMOperations`, :class:`_orm.WriteOnlyMapped`, and
     :class:`_sql.SQLColumnExpression`. Pull request courtesy Roméo Després.


 .. change::
     :tags: bug, engine
     :tickets: 10275

     Fixed a series of reflection issues affecting the PostgreSQL,
     MySQL/MariaDB, and SQLite dialects when reflecting foreign key constraints
     where the target column contained parenthesis in one or both of the table
     name or column name.


 .. change::
     :tags: bug, sql
     :tickets: 10280

     The :class:`.Values` construct will now automatically create a proxy (i.e.
     a copy) of a :class:`_sql.column` if the column were already associated
     with an existing FROM clause.  This allows that an expression like
     ``values_obj.c.colname`` will produce the correct FROM clause even in the
     case that ``colname`` was passed as a :class:`_sql.column` that was already
     used with a previous :class:`.Values` or other table construct.
     Originally this was considered to be a candidate for an error condition,
     however it's likely this pattern is already in widespread use so it's
     now added to support.

 .. change::
     :tags: bug, setup
     :tickets: 10321

     Fixed very old issue where the full extent of SQLAlchemy modules, including
     ``sqlalchemy.testing.fixtures``, could not be imported outside of a pytest
     run. This suits inspection utilities such as ``pkgutil`` that attempt to
     import all installed modules in all packages.

 .. change::
     :tags: usecase, sql
     :tickets: 10269

     Adjusted the :class:`_types.Enum` datatype to accept an argument of
     ``None`` for the :paramref:`_types.Enum.length` parameter, resulting in a
     VARCHAR or other textual type with no length in the resulting DDL. This
     allows for new elements of any length to be added to the type after it
     exists in the schema.  Pull request courtesy Eugene Toder.


 .. change::
     :tags: bug, typing
     :tickets: 9878

     Fixed the type annotation for ``__class_getitem__()`` as applied to the
     ``Visitable`` class at the base of expression constructs to accept ``Any``
     for a key, rather than ``str``, which helps with some IDEs such as PyCharm
     when attempting to write typing annotations for SQL constructs which
     include generic selectors.  Pull request courtesy Jordan Macdonald.


 .. change::
     :tags: bug, typing
     :tickets: 10353

     Repaired the core "SQL element" class ``SQLCoreOperations`` to support the
     ``__hash__()`` method from a typing perspective, as objects like
     :class:`.Column` and ORM :class:`.InstrumentedAttribute` are hashable and
     are used as dictionary keys in the public API for the :class:`_dml.Update`
     and :class:`_dml.Insert` constructs.  Previously, type checkers were not
     aware the root SQL element was hashable.

 .. change::
     :tags: bug, typing
     :tickets: 10337

     Fixed typing issue with :meth:`_sql.Existing.select_from` that
     prevented its use with ORM classes.

 .. change::
     :tags: usecase, sql
     :tickets: 9873

     Added new generic SQL function :class:`_functions.aggregate_strings`, which
     accepts a SQL expression and a decimeter, concatenating strings on multiple
     rows into a single aggregate value. The function is compiled on a
     per-backend basis, into functions such as ``group_concat(),``
     ``string_agg()``, or ``LISTAGG()``.
     Pull request courtesy Joshua Morris.

 .. change::
     :tags: typing, bug
     :tickets: 10131

     Update type annotations for ORM loading options, restricting them to accept
     only `"*"` instead of any string for string arguments.  Pull request
     courtesy Janek Nouvertné.

.. changelog::

2.0.20

:released: August 15, 2023

 .. change::
     :tags: bug, orm
     :tickets: 10169

     Fixed issue where the ORM's generation of a SELECT from a joined
     inheritance model with same-named columns in superclass and subclass would
     somehow not send the correct list of column names to the :class:`.CTE`
     construct, when the RECURSIVE column list were generated.


 .. change::
     :tags: bug, typing
     :tickets: 9185

     Typing improvements:

     * :class:`.CursorResult` is returned for some forms of
       :meth:`_orm.Session.execute` where DML without RETURNING is used
     * fixed type for :paramref:`_orm.Query.with_for_update.of` parameter within
       :meth:`_orm.Query.with_for_update`
     * improvements to ``_DMLColumnArgument`` type used by some DML methods to
       pass column expressions
     * Add overload to :func:`_sql.literal` so that it is inferred that the
       return type is ``BindParameter[NullType]`` where
       :paramref:`_sql.literal.type_` param is None
     * Add overloads to :meth:`_sql.ColumnElement.op` so that the inferred
       type when :paramref:`_sql.ColumnElement.op.return_type` is not provided
       is ``Callable[[Any], BinaryExpression[Any]]``
     * Add missing overload to :meth:`_sql.ColumnElement.__add__`

     Pull request courtesy Mehdi Gmira.


 .. change::
     :tags: usecase, orm
     :tickets: 10192

     Implemented the "RETURNING '*'" use case for ORM enabled DML statements.
     This will render in as many cases as possible and return the unfiltered
     result set, however is not supported for multi-parameter "ORM bulk INSERT"
     statements that have specific column rendering requirements.


 .. change::
     :tags: bug, typing
     :tickets: 10182

     Fixed issue in :class:`_orm.Session` and :class:`_asyncio.AsyncSession`
     methods such as :meth:`_orm.Session.connection` where the
     :paramref:`_orm.Session.connection.execution_options` parameter were
     hardcoded to an internal type that is not user-facing.

 .. change::
     :tags: orm, bug
     :tickets: 10231

     Fixed fairly major issue where execution options passed to
     :meth:`_orm.Session.execute`, as well as execution options local to the ORM
     executed statement itself, would not be propagated along to eager loaders
     such as that of :func:`_orm.selectinload`, :func:`_orm.immediateload`, and
     :meth:`_orm.subqueryload`, making it impossible to do things such as
     disabling the cache for a single statement or using
     ``schema_translate_map`` for a single statement, as well as the use of
     user-custom execution options.   A change has been made where **all**
     user-facing execution options present for :meth:`_orm.Session.execute` will
     be propagated along to additional loaders.

     As part of this change, the warning for "excessively deep" eager loaders
     leading to caching being disabled can be silenced on a per-statement
     basis by sending ``execution_options={"compiled_cache": None}`` to
     :meth:`_orm.Session.execute`, which will disable caching for the full
     series of statements within that scope.

 .. change::
     :tags: usecase, asyncio
     :tickets: 9698

     Added new methods :meth:`_asyncio.AsyncConnection.aclose` as a synonym for
     :meth:`_asyncio.AsyncConnection.close` and
     :meth:`_asyncio.AsyncSession.aclose` as a synonym for
     :meth:`_asyncio.AsyncSession.close` to the
     :class:`_asyncio.AsyncConnection` and :class:`_asyncio.AsyncSession`
     objects, to provide compatibility with Python standard library
     ``contextlib.aclosing`` construct. Pull request courtesy Grigoriev Semyon.

 .. change::
     :tags: bug, orm
     :tickets: 10124

     Fixed issue where internal cloning used by the ORM for expressions like
     :meth:`_orm.relationship.Comparator.any` to produce correlated EXISTS
     constructs would interfere with the "cartesian product warning" feature of
     the SQL compiler, leading the SQL compiler to warn when all elements of the
     statement were correctly joined.

 .. change::
     :tags: orm, bug
     :tickets: 10139

     Fixed issue where the ``lazy="immediateload"`` loader strategy would place
     an internal loading token into the ORM mapped attribute under circumstances
     where the load should not occur, such as in a recursive self-referential
     load.   As part of this change, the ``lazy="immediateload"`` strategy now
     honors the :paramref:`_orm.relationship.join_depth` parameter for
     self-referential eager loads in the same way as that of other eager
     loaders, where leaving it unset or set at zero will lead to a
     self-referential immediateload not occurring, setting it to a value of one
     or greater will immediateload up until that given depth.


 .. change::
     :tags: bug, orm
     :tickets: 10175

     Fixed issue where dictionary-based collections such as
     :func:`_orm.attribute_keyed_dict` did not fully pickle/unpickle correctly,
     leading to issues when attempting to mutate such a collection after
     unpickling.


 .. change::
     :tags: bug, orm
     :tickets: 10125

     Fixed issue where chaining :func:`_orm.load_only` or other wildcard use of
     :func:`_orm.defer` from another eager loader using a :func:`_orm.aliased`
     against a joined inheritance subclass would fail to take effect for columns
     local to the superclass.


 .. change::
     :tags: bug, orm
     :tickets: 10167

     Fixed issue where an ORM-enabled :func:`_sql.select` construct would not
     render any CTEs added only via the :meth:`_sql.Select.add_cte` method that
     were not otherwise referenced in the statement.

 .. change::
     :tags: bug, examples

     The dogpile_caching examples have been updated for 2.0 style queries.
     Within the "caching query" logic itself there is one conditional added to
     differentiate between ``Query`` and ``select()`` when performing an
     invalidation operation.

 .. change::
     :tags: typing, usecase
     :tickets: 10173

     Added new typing only utility functions :func:`.Nullable` and
     :func:`.NotNullable` to type a column or ORM class as, respectively,
     nullable or not nullable.
     These function are no-op at runtime, returning the input unchanged.

 .. change::
     :tags: bug, engine
     :tickets: 10147

     Fixed critical issue where setting
     :paramref:`_sa.create_engine.isolation_level` to ``AUTOCOMMIT`` (as opposed
     to using the :meth:`_engine.Engine.execution_options` method) would fail to
     restore "autocommit" to a pooled connection if an alternate isolation level
     were temporarily selected using
     :paramref:`_engine.Connection.execution_options.isolation_level`.

.. changelog::

2.0.19

:released: July 15, 2023

 .. change::
     :tags: bug, orm
     :tickets: 10089

     Fixed issue where setting a relationship collection directly, where an
     object in the new collection were already present, would not trigger a
     cascade event for that object, leading to it not being added to the
     :class:`_orm.Session` if it were not

---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

## 📋 Pull Request Information **Original PR:** https://github.com/jeffknupp/sandman2/pull/349 **Author:** [@pyup-bot](https://github.com/pyup-bot) **Created:** 12/4/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `pyup-scheduled-update-2023-12-04` --- ### 📝 Commits (10+) - [`78ac063`](https://github.com/jeffknupp/sandman2/commit/78ac06334d19262b7829fefbe976833fe960a053) Update flask from 1.1.2 to 3.0.0 - [`89fe43e`](https://github.com/jeffknupp/sandman2/commit/89fe43e72d6a1678df01fb709ac42bea2cb14798) Update flask-admin from 1.5.7 to 1.6.1 - [`c5c6251`](https://github.com/jeffknupp/sandman2/commit/c5c62516ccb825045c0f5bc519874520028223a6) Update flask-sqlalchemy from 2.4.4 to 3.1.1 - [`0d8d1b4`](https://github.com/jeffknupp/sandman2/commit/0d8d1b47fe7db904f39641054c2772de69499cea) Update sqlalchemy from 1.3.20 to 2.0.23 - [`9be4e79`](https://github.com/jeffknupp/sandman2/commit/9be4e79ad147d77726473fbf97558d439ea8c7b7) Update wtforms from 2.3.3 to 3.1.1 - [`3e6e8df`](https://github.com/jeffknupp/sandman2/commit/3e6e8df2438a7b5bb04116c3d5d96a366f6f51a9) Update coverage from 5.3 to 7.3.2 - [`687c8af`](https://github.com/jeffknupp/sandman2/commit/687c8afe12e04ce7eca774ac2ffad18847cc8cb0) Update pytest from 6.2.0 to 7.4.3 - [`42fda21`](https://github.com/jeffknupp/sandman2/commit/42fda2158a5d372886a7e08db6b4c883fd529e1d) Update flask-cors from 3.0.9 to 4.0.0 - [`9ac352c`](https://github.com/jeffknupp/sandman2/commit/9ac352c4dd8c9f5a13a87b07d8b310a03f388c3e) Update pytest-cov from 2.10.1 to 4.1.0 - [`ad06e5e`](https://github.com/jeffknupp/sandman2/commit/ad06e5ec7b93dbf6f6c616c1cb9421df73295524) Update pytest-flask from 1.1.0 to 1.3.0 ### 📊 Changes **1 file changed** (+15 additions, -15 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+15 -15) </details> ### 📄 Description ### Update [Flask](https://pypi.org/project/Flask) from **1.1.2** to **3.0.0**. <details> <summary>Changelog</summary> ### 3.0.0 ``` ------------- Released 2023-09-30 - Remove previously deprecated code. :pr:`5223` - Deprecate the ``__version__`` attribute. Use feature detection, or ``importlib.metadata.version(&quot;flask&quot;)``, instead. :issue:`5230` - Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:`5127` - Allow self as an argument to url_for. :pr:`5264` - Require Werkzeug &gt;= 3.0.0. ``` ### 2.3.3 ``` ------------- Released 2023-08-21 - Python 3.12 compatibility. - Require Werkzeug &gt;= 2.3.7. - Use ``flit_core`` instead of ``setuptools`` as build backend. - Refactor how an app&#x27;s root and instance paths are determined. :issue:`5160` ``` ### 2.3.2 ``` ------------- Released 2023-05-01 - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. - Update Werkzeug requirement to &gt;=2.3.3 to apply recent bug fixes. ``` ### 2.3.1 ``` ------------- Released 2023-04-25 - Restore deprecated ``from flask import Markup``. :issue:`5084` ``` ### 2.3.0 ``` ------------- Released 2023-04-25 - Drop support for Python 3.7. :pr:`5072` - Update minimum requirements to the latest versions: Werkzeug&gt;=2.3.0, Jinja2&gt;3.1.2, itsdangerous&gt;=2.1.2, click&gt;=8.1.3. - Remove previously deprecated code. :pr:`4995` - The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and ``_request_ctx_stack`` objects are removed. ``top`` still exists to give extensions more time to update, but it will be removed. - The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env`` property are removed. - The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app`` are removed. - The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed. - The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators are removed. - ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed. - The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed. - Calling setup methods on blueprints after registration is an error instead of a warning. :pr:`4997` - Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them directly from ``markupsafe`` instead. :pr:`4996` - The ``app.got_first_request`` property is deprecated. :pr:`4997` - The ``locked_cached_property`` decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:`4993` - Signals are always available. ``blinker&gt;=1.6.2`` is a required dependency. The ``signals_available`` attribute is deprecated. :issue:`5056` - Signals support ``async`` subscriber functions. :pr:`5049` - Remove uses of locks that could cause requests to block each other very briefly. :issue:`4993` - Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``. :pr:`4947` - Ensure subdomains are applied with nested blueprints. :issue:`4834` - ``config.from_file`` can use ``text=False`` to indicate that the parser wants a binary file instead. :issue:`4989` - If a blueprint is created with an empty name it raises a ``ValueError``. :issue:`5010` - ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about ``localhost`` and IP addresses are also removed. :issue:`5051` - The ``routes`` command shows each rule&#x27;s ``subdomain`` or ``host`` when domain matching is in use. :issue:`5004` - Use postponed evaluation of annotations. :pr:`5071` ``` ### 2.2.5 ``` ------------- Released 2023-05-02 - Update for compatibility with Werkzeug 2.3.3. - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. ``` ### 2.2.4 ``` ------------- Released 2023-04-25 - Update for compatibility with Werkzeug 2.3. ``` ### 2.2.3 ``` ------------- Released 2023-02-15 - Autoescape is enabled by default for ``.svg`` template files. :issue:`4831` - Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892` - Add ``--debug`` option to the ``flask run`` command. :issue:`4777` ``` ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to &gt;= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``&quot;production&quot;``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to &gt;= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug&#x27;s ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python &lt; 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to &gt;= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client&#x27;s ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client&#x27;s ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.request.environ`` instead. :pr:`4341` - Fix type annotation for ``errorhandler`` decorator. :issue:`4295` - Revert a change to the CLI that caused it to hide ``ImportError`` tracebacks when importing the application. :issue:`4307` - ``app.json_encoder`` and ``json_decoder`` are only passed to ``dumps`` and ``loads`` if they have custom behavior. This improves performance, mainly on PyPy. :issue:`4349` - Clearer error message when ``after_this_request`` is used outside a request context. :issue:`4333` ``` ### 2.0.2 ``` ------------- Released 2021-10-04 - Fix type annotation for ``teardown_*`` methods. :issue:`4093` - Fix type annotation for ``before_request`` and ``before_app_request`` decorators. :issue:`4104` - Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:`4098` - Support View and MethodView instances with async handlers. :issue:`4112` - Enhance typing of ``app.errorhandler`` decorator. :issue:`4095` - Fix registering a blueprint twice with differing names. :issue:`4124` - Fix the type of ``static_folder`` to accept ``pathlib.Path``. :issue:`4150` - ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``. :issue:`4157` - Correctly handle raising deferred errors in CLI lazy loading. :issue:`4096` - The CLI loader handles ``**kwargs`` in a ``create_app`` function. :issue:`4170` - Fix the order of ``before_request`` and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:`4229` ``` ### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren&#x27;t available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Revert a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug &gt;= 2, Jinja2 &gt;= 3, MarkupSafe &gt;= 2, ItsDangerous &gt;= 2, Click &gt;= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it&#x27;s needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add ``SessionInterface.get_cookie_name`` to allow setting the session cookie name dynamically. :pr:`3369` - Add ``Config.from_file`` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. ``Config.from_json`` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - ``send_file`` raises a ``ValueError`` when passed an ``io`` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja&#x27;s implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post(&quot;/login&quot;)`` is a shortcut for ``app.route(&quot;/login&quot;, methods=[&quot;POST&quot;])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to &quot;UTF-8&quot; when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python &lt; 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask - Changelog: https://data.safetycli.com/changelogs/flask/ </details> ### Update [Flask-Admin](https://pypi.org/project/Flask-Admin) from **1.5.7** to **1.6.1**. <details> <summary>Changelog</summary> ### 1.6.1 ``` ----- * SQLAlchemy 2.x support * General updates and bug fixes * Dropped WTForms 1 support ``` ### 1.6.0 ``` ----- * Dropped Python 2 support * WTForms 3.0 support * Various fixes ``` ### 1.5.8 ``` ----- * SQLAlchemy 1.4.5+ compatibility fixes * Redis CLI fixes ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-admin - Changelog: https://data.safetycli.com/changelogs/flask-admin/ - Repo: https://github.com/flask-admin/flask-admin/ - Docs: https://pythonhosted.org/Flask-Admin/ </details> ### Update [Flask-SQLAlchemy](https://pypi.org/project/Flask-SQLAlchemy) from **2.4.4** to **3.1.1**. <details> <summary>Changelog</summary> ### 3.1.1 ``` ------------- Released 2023-09-11 - Deprecate the ``__version__`` attribute. Use feature detection, or ``importlib.metadata.version(&quot;flask-sqlalchemy&quot;)``, instead. :issue:`5230` ``` ### 3.1.0 ``` ------------- Released 2023-09-11 - Drop support for Python 3.7. :pr:`1251` - Add support for the SQLAlchemy 2.x API via ``model_class`` parameter. :issue:`1140` - Bump minimum version of SQLAlchemy to 2.0.16. - Remove previously deprecated code. - Pass extra keyword arguments from ``get_or_404`` to ``session.get``. :issue:`1149` - Fix bug with finding right bind key for clause statements. :issue:`1211` ``` ### 3.0.5 ``` ------------- Released 2023-06-21 - ``Pagination.next()`` enforces ``max_per_page``. :issue:`1201` - Improve type hint for ``get_or_404`` return value to be non-optional. :pr:`1226` ``` ### 3.0.4 ``` ------------- Released 2023-06-19 - Fix type hint for ``get_or_404`` return value. :pr:`1208` - Fix type hints for pyright (used by VS Code Pylance extension). :issue:`1205` ``` ### 3.0.3 ``` ------------- Released 2023-01-31 - Show helpful errors when mistakenly using multiple ``SQLAlchemy`` instances for the same app, or without calling ``init_app``. :pr:`1151` - Fix issue with getting the engine associated with a model that uses polymorphic table inheritance. :issue:`1155` ``` ### 3.0.2 ``` ------------- Released 2022-10-14 - Update compatibility with SQLAlchemy 2. :issue:`1122` ``` ### 3.0.1 ``` ------------- Released 2022-10-11 - Export typing information instead of using external typeshed definitions. :issue:`1112` - If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an invalid default bind will not be configured. :issue:`1117` ``` ### 3.0.0 ``` ------------- Released 2022-10-04 - Drop support for Python 2, 3.4, 3.5, and 3.6. - Bump minimum version of Flask to 2.2. - Bump minimum version of SQLAlchemy to 1.4.18. - Remove previously deprecated code. - The session is scoped to the current app context instead of the thread. This requires that an app context is active. This ensures that the session is cleaned up after every request. - An active Flask application context is always required to access ``session`` and ``engine``, regardless of if an application was passed to the constructor. :issue:`508, 944` - Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing tables in different databases to have the same name. Bind keys are stored and looked up on the resulting metadata rather than the model or table. - ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731` - Configuring SQLite with a relative path is relative to ``app.instance_path`` instead of ``app.root_path``. The instance folder is created if necessary. :issue:`462` - Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to the extension object. These use SQLAlchemy&#x27;s preferred ``session.execute(select())`` pattern instead of the legacy query interface. :issue:`1088` - Setup methods that create the engines and session are renamed with a leading underscore. They are considered internal interfaces which may change at any time. - All parameters to ``SQLAlchemy`` except ``app`` are keyword-only. - Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter from various ``SQLAlchemy`` methods. - The extension object uses ``__getattr__`` to alias names from the SQLAlchemy package, rather than copying them as attributes. - The extension object is stored directly as ``app.extensions[&quot;sqlalchemy&quot;]``. :issue:`698` - The session class can be customized by passing the ``class_`` key in the ``session_options`` parameter. :issue:`327` - ``SignallingSession`` is renamed to ``Session``. - ``Session.get_bind`` more closely matches the base implementation. - Model classes and the ``db`` instance are available without imports in ``flask shell``. :issue:`1089` - The ``CamelCase`` to ``snake_case`` table name converter handles more patterns correctly. If model that was already created in the database changed, either use Alembic to rename the table, or set ``__tablename__`` to keep the old name. :issue:`406` - ``Model`` ``repr`` distinguishes between transient and pending instances. :issue:`967` - A custom model class can implement ``__init_subclass__`` with class parameters. :issue:`1002` - ``db.Table`` is a subclass instead of a function. - The ``engine_options`` parameter is applied as defaults before per-engine configuration. - ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence. :issue:`783` - Engines are created when calling ``init_app`` rather than the first time they are accessed. :issue:`698` - ``db.engines`` exposes the map of bind keys to engines for the current app. - ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated. - SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are supported. :issue:`998, 1045` - SQLite engines do not use ``NullPool`` if ``pool_size`` is 0. - MySQL engines use the &quot;utf8mb4&quot; charset by default. :issue:`875` - MySQL engines do not set ``pool_size`` to 10. - MySQL engines don&#x27;t set a default for ``pool_recycle`` if not using a queue pool. :issue:`803` - ``Query`` is renamed from ``BaseQuery``. - Added ``Query.one_or_404``. - The query class is applied to ``backref`` in ``relationship``. :issue:`417` - Creating ``Pagination`` objects manually is no longer a public API. They should be created with ``db.paginate`` or ``query.paginate``. :issue:`1088` - ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only. - ``Pagination`` is iterable, iterating over its items. :issue:`70` - Pagination count query is more efficient. - ``Pagination.iter_pages`` is more efficient. :issue:`622` - ``Pagination.iter_pages`` ``right_current`` parameter is inclusive. - Pagination ``per_page`` cannot be 0. :issue:`1091` - Pagination ``max_per_page`` defaults to 100. :issue:`1091` - Added ``Pagination.first`` and ``last`` properties, which give the number of the first and last item on the page. :issue:`567` - ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled automatically with ``app.debug`` or ``app.testing``. :issue:`1092` - ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the config and functionality. - Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is renamed to ``location``. Finding the location uses a more inclusive check. - ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727` - ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues that are difficult to debug. Call ``db.session.commit()`` directly instead. :issue:`216` ``` ### 2.5.1 ``` ------------- Released 2021-03-18 - Fix compatibility with Python 2.7. ``` ### 2.5.0 ``` ------------- Released 2021-03-18 - Update to support SQLAlchemy 1.4. - SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to return a new URL instead of ``None``. :issue:`885` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-sqlalchemy - Changelog: https://data.safetycli.com/changelogs/flask-sqlalchemy/ - Docs: https://pythonhosted.org/Flask-SQLAlchemy/ </details> ### Update [SQLAlchemy](https://pypi.org/project/SQLAlchemy) from **1.3.20** to **2.0.23**. <details> <summary>Changelog</summary> ### 2.0.23 ``` :released: November 2, 2023 .. change:: :tags: bug, oracle :tickets: 10509 Fixed issue in :class:`.Interval` datatype where the Oracle implementation was not being used for DDL generation, leading to the ``day_precision`` and ``second_precision`` parameters to be ignored, despite being supported by this dialect. Pull request courtesy Indivar. .. change:: :tags: bug, orm :tickets: 10516 Fixed issue where the ``__allow_unmapped__`` directive failed to allow for legacy :class:`.Column` / :func:`.deferred` mappings that nonetheless had annotations such as ``Any`` or a specific type without ``Mapped[]`` as their type, without errors related to locating the attribute name. .. change:: :tags: bug, mariadb :tickets: 10056 Adjusted the MySQL / MariaDB dialects to default a generated column to NULL when using MariaDB, if :paramref:`_schema.Column.nullable` was not specified with an explicit ``True`` or ``False`` value, as MariaDB does not support the &quot;NOT NULL&quot; phrase with a generated column. Pull request courtesy Indivar. .. change:: :tags: bug, mariadb, regression :tickets: 10505 Established a workaround for what seems to be an intrinsic issue across MySQL/MariaDB drivers where a RETURNING result for DELETE DML which returns no rows using SQLAlchemy&#x27;s &quot;empty IN&quot; criteria fails to provide a cursor.description, which then yields result that returns no rows, leading to regressions for the ORM that in the 2.0 series uses RETURNING for bulk DELETE statements for the &quot;synchronize session&quot; feature. To resolve, when the specific case of &quot;no description when RETURNING was given&quot; is detected, an &quot;empty result&quot; with a correct cursor description is generated and used in place of the non-working cursor. .. change:: :tags: bug, orm :tickets: 10570 Fixed caching bug where using the :func:`_orm.with_expression` construct in conjunction with loader options :func:`_orm.selectinload`, :func:`_orm.lazyload` would fail to substitute bound parameter values correctly on subsequent caching runs. .. change:: :tags: usecase, mssql :tickets: 6521 Added support for the ``aioodbc`` driver implemented for SQL Server, which builds on top of the pyodbc and general aio* dialect architecture. .. seealso:: :ref:`mssql_aioodbc` - in the SQL Server dialect documentation. .. change:: :tags: bug, sql :tickets: 10535 Added compiler-level None/NULL handling for the &quot;literal processors&quot; of all datatypes that include literal processing, that is, where a value is rendered inline within a SQL statement rather than as a bound parameter, for all those types that do not feature explicit &quot;null value&quot; handling. Previously this behavior was undefined and inconsistent. .. change:: :tags: usecase, orm :tickets: 10575 Implemented the :paramref:`_orm.Session.bulk_insert_mappings.render_nulls` parameter for new style bulk ORM inserts, allowing ``render_nulls=True`` as an execution option. This allows for bulk ORM inserts with a mixture of ``None`` values in the parameter dictionaries to use a single batch of rows for a given set of dicationary keys, rather than breaking up into batches that omit the NULL columns from each INSERT. .. seealso:: :ref:`orm_queryguide_insert_null_params` .. change:: :tags: bug, postgresql :tickets: 10479 Fixed 2.0 regression caused by :ticket:`7744` where chains of expressions involving PostgreSQL JSON operators combined with other operators such as string concatenation would lose correct parenthesization, due to an implementation detail specific to the PostgreSQL dialect. .. change:: :tags: bug, postgresql :tickets: 10532 Fixed SQL handling for &quot;insertmanyvalues&quot; when using the :class:`.postgresql.BIT` datatype with the asyncpg backend. The :class:`.postgresql.BIT` on asyncpg apparently requires the use of an asyncpg-specific ``BitString`` type which is currently exposed when using this DBAPI, making it incompatible with other PostgreSQL DBAPIs that all work with plain bitstrings here. A future fix in version 2.1 will normalize this datatype across all PG backends. Pull request courtesy Sören Oldag. .. change:: :tags: usecase, sql :tickets: 9737 Implemented &quot;literal value processing&quot; for the :class:`.Interval` datatype for both the PostgreSQL and Oracle dialects, allowing literal rendering of interval values. Pull request courtesy Indivar Mishra. .. change:: :tags: bug, oracle :tickets: 10470 Fixed issue where the cx_Oracle dialect claimed to support a lower cx_Oracle version (7.x) than was actually supported in practice within the 2.0 series of SQLAlchemy. The dialect imports symbols that are only in cx_Oracle 8 or higher, so runtime dialect checks as well as setup.cfg requirements have been updated to reflect this compatibility. .. change:: :tags: sql Removed unused placeholder method :meth:`.TypeEngine.compare_against_backend` This method was used by very old versions of Alembic. See https://github.com/sqlalchemy/alembic/issues/1293 for details. .. change:: :tags: bug, orm :tickets: 10472 Fixed bug in ORM annotated declarative where using a ``ClassVar`` that nonetheless referred in some way to an ORM mapped class name would fail to be interpreted as a ``ClassVar`` that&#x27;s not mapped. .. change:: :tags: bug, asyncio :tickets: 10421 Fixed bug with method :meth:`_asyncio.AsyncSession.close_all` that was not working correctly. Also added function :func:`_asyncio.close_all_sessions` that&#x27;s the equivalent of :func:`_orm.close_all_sessions`. Pull request courtesy of Bryan不可思议. .. changelog:: ``` ### 2.0.22 ``` :released: October 12, 2023 .. change:: :tags: bug, orm :tickets: 10369, 10046 Fixed a wide range of :func:`_orm.mapped_column` parameters that were not being transferred when using the :func:`_orm.mapped_column` object inside of a pep-593 ``Annotated`` object, including :paramref:`_orm.mapped_column.sort_order`, :paramref:`_orm.mapped_column.deferred`, :paramref:`_orm.mapped_column.autoincrement`, :paramref:`_orm.mapped_column.system`, :paramref:`_orm.mapped_column.info` etc. Additionally, it remains not supported to have dataclass arguments, such as :paramref:`_orm.mapped_column.kw_only`, :paramref:`_orm.mapped_column.default_factory` etc. indicated within the :func:`_orm.mapped_column` received by ``Annotated``, as this is not supported with pep-681 Dataclass Transforms. A warning is now emitted when these parameters are used within ``Annotated`` in this way (and they continue to be ignored). .. change:: :tags: bug, orm :tickets: 10459 Fixed issue where calling :meth:`_engine.Result.unique` with a new-style :func:`.select` query in the ORM, where one or more columns yields values that are of &quot;unknown hashability&quot;, typically when using JSON functions like ``func.json_build_object()`` without providing a type, would fail internally when the returned values were not actually hashable. The behavior is repaired to test the objects as they are received for hashability in this case, raising an informative error message if not. Note that for values of &quot;known unhashability&quot;, such as when the :class:`_types.JSON` or :class:`_types.ARRAY` types are used directly, an informative error message was already raised. The &quot;hashabiltiy testing&quot; fix here is applied to legacy :class:`.Query` as well, however in the legacy case, :meth:`_engine.Result.unique` is used for nearly all queries, so no new warning is emitted here; the legacy behavior of falling back to using ``id()`` in this case is maintained, with the improvement that an unknown type that turns out to be hashable will now be uniqufied, whereas previously it would not. .. change:: :tags: bug, orm :tickets: 10453 Fixed regression in recently revised &quot;insertmanyvalues&quot; feature (likely issue :ticket:`9618`) where the ORM would inadvertently attempt to interpret a non-RETURNING result as one with RETURNING, in the case where the ``implicit_returning=False`` parameter were applied to the mapped :class:`.Table`, indicating that &quot;insertmanyvalues&quot; cannot be used if the primary key values are not provided. .. change:: :tags: bug, engine Fixed issue within some dialects where the dialect could incorrectly return an empty result set for an INSERT statement that does not actually return rows at all, due to artfacts from pre- or post-fetching the primary key of the row or rows still being present. Affected dialects included asyncpg, all mssql dialects. .. change:: :tags: bug, typing :tickets: 10451 Fixed typing issue where the argument list passed to :class:`.Values` was too-restrictively tied to ``List`` rather than ``Sequence``. Pull request courtesy Iuri de Silvio. .. change:: :tags: bug, orm :tickets: 10365 Fixed bug where ORM :func:`_orm.with_loader_criteria` would not apply itself to a :meth:`_sql.Select.join` where the ON clause were given as a plain SQL comparison, rather than as a relationship target or similar. .. change:: :tags: bug, sql :tickets: 10408 Fixed issue where referring to a FROM entry in the SET clause of an UPDATE statement would not include it in the FROM clause of the UPDATE statement, if that entry were nowhere else in the statement; this occurs currently for CTEs that were added using :meth:`.Update.add_cte` to provide the desired CTE at the top of the statement. .. change:: :tags: bug, mariadb :tickets: 10396 Modified the mariadb-connector driver to pre-load the ``cursor.rowcount`` value for all queries, to suit tools such as Pandas that hardcode to calling :attr:`.Result.rowcount` in this way. SQLAlchemy normally pre-loads ``cursor.rowcount`` only for UPDATE/DELETE statements and otherwise passes through to the DBAPI where it can return -1 if no value is available. However, mariadb-connector does not support invoking ``cursor.rowcount`` after the cursor itself is closed, raising an error instead. Generic test support has been added to ensure all backends support the allowing :attr:`.Result.rowcount` to succceed (that is, returning an integer value with -1 for &quot;not available&quot;) after the result is closed. .. change:: :tags: bug, mariadb Additional fixes for the mariadb-connector dialect to support UUID data values in the result in INSERT..RETURNING statements. .. change:: :tags: bug, mssql :tickets: 10458 Fixed bug where the rule that prevents ORDER BY from emitting within subqueries on SQL Server was not being disabled in the case where the :meth:`.select.fetch` method were used to limit rows in conjunction with WITH TIES or PERCENT, preventing valid subqueries with TOP / ORDER BY from being used. .. change:: :tags: bug, sql :tickets: 10443 Fixed 2.0 regression where the :class:`.DDL` construct would no longer ``__repr__()`` due to the removed ``on`` attribute not being accommodated. Pull request courtesy Iuri de Silvio. .. change:: :tags: orm, usecase :tickets: 10202 Added method :meth:`_orm.Session.get_one` that behaves like :meth:`_orm.Session.get` but raises an exception instead of returning ``None`` if no instance was found with the provided primary key. Pull request courtesy of Carlos Sousa. .. change:: :tags: asyncio, bug Fixed the :paramref:`_asyncio.AsyncSession.get.execution_options` parameter which was not being propagated to the underlying :class:`_orm.Session` and was instead being ignored. .. change:: :tags: bug, orm :tickets: 10412 Fixed issue where :class:`.Mapped` symbols like :class:`.WriteOnlyMapped` and :class:`.DynamicMapped` could not be correctly resolved when referenced as an element of a sub-module in the given annotation, assuming string-based or &quot;future annotations&quot; style annotations. .. change:: :tags: bug, engine :tickets: 10414 Fixed issue where under some garbage collection / exception scenarios the connection pool&#x27;s cleanup routine would raise an error due to an unexpected set of state, which can be reproduced under specific conditions. .. change:: :tags: bug, typing Updates to the codebase to support Mypy 1.6.0. .. change:: :tags: usecase, orm :tickets: 7787 Added an option to permanently close sessions. Set to ``False`` the new parameter :paramref:`_orm.Session.close_resets_only` will prevent a :class:`_orm.Session` from performing any other operation after :meth:`_orm.Session.close` has been called. Added new method :meth:`_orm.Session.reset` that will reset a :class:`_orm.Session` to its initial state. This is an alias of :meth:`_orm.Session.close`, unless :paramref:`_orm.Session.close_resets_only` is set to ``False``. .. change:: :tags: orm, bug :tickets: 10385 Fixed issue with ``__allow_unmapped__`` declarative option where types that were declared using collection types such as ``list[SomeClass]`` vs. the typing construct ``List[SomeClass]`` would fail to be recognized correctly. Pull request courtesy Pascal Corpet. .. changelog:: ``` ### 2.0.21 ``` :released: September 18, 2023 .. change:: :tags: bug, sql :tickets: 9610 Adjusted the operator precedence for the string concatenation operator to be equal to that of string matching operators, such as :meth:`.ColumnElement.like`, :meth:`.ColumnElement.regexp_match`, :meth:`.ColumnElement.match`, etc., as well as plain ``==`` which has the same precedence as string comparison operators, so that parenthesis will be applied to a string concatenation expression that follows a string match operator. This provides for backends such as PostgreSQL where the &quot;regexp match&quot; operator is apparently of higher precedence than the string concatenation operator. .. change:: :tags: bug, sql :tickets: 10342 Qualified the use of ``hashlib.md5()`` within the DDL compiler, which is used to generate deterministic four-character suffixes for long index and constraint names in DDL statements, to include the Python 3.9+ ``usedforsecurity=False`` parameter so that Python interpreters built for restricted environments such as FIPS do not consider this call to be related to security concerns. .. change:: :tags: bug, postgresql :tickets: 10226 Fixed regression which appeared in 2.0 due to :ticket:`8491` where the revised &quot;ping&quot; used for PostgreSQL dialects when the :paramref:`_sa.create_engine.pool_pre_ping` parameter is in use would interfere with the use of asyncpg with PGBouncer &quot;transaction&quot; mode, as the multiple PostgreSQL commands emitted by asnycpg could be broken out among multiple connections leading to errors, due to the lack of any transaction around this newly revised &quot;ping&quot;. The ping is now invoked within a transaction, in the same way that is implicit with all other backends that are based on the pep-249 DBAPI; this guarantees that the series of PG commands sent by asyncpg for this command are invoked on the same backend connection without it jumping to a different connection mid-command. The transaction is not used if the asyncpg dialect is used in &quot;AUTOCOMMIT&quot; mode, which remains incompatible with pgbouncer transaction mode. .. change:: :tags: bug, orm :tickets: 10279 Adjusted the ORM&#x27;s interpretation of the &quot;target&quot; entity used within :class:`.Update` and :class:`.Delete` to not interfere with the target &quot;from&quot; object passed to the statement, such as when passing an ORM-mapped :class:`_orm.aliased` construct that should be maintained within a phrase like &quot;UPDATE FROM&quot;. Cases like ORM session synchonize using &quot;SELECT&quot; statements such as with MySQL/ MariaDB will still have issues with UPDATE/DELETE of this form so it&#x27;s best to disable synchonize_session when using DML statements of this type. .. change:: :tags: bug, orm :tickets: 10348 Added new capability to the :func:`_orm.selectin_polymorphic` loader option which allows other loader options to be bundled as siblings, referring to one of its subclasses, within the sub-options of parent loader option. Previously, this pattern was only supported if the :func:`_orm.selectin_polymorphic` were at the top level of the options for the query. See new documentation section for example. As part of this change, improved the behavior of the :meth:`_orm.Load.selectin_polymorphic` method / loader strategy so that the subclass load does not load most already-loaded columns from the parent table, when the option is used against a class that is already being relationship-loaded. Previously, the logic to load only the subclass columns worked only for a top level class load. .. seealso:: :ref:`polymorphic_selectin_as_loader_option_target_plus_opts` .. change:: :tags: bug, typing :tickets: 10264, 9284 Fixed regression introduced in 2.0.20 via :ticket:`9600` fix which attempted to add more formal typing to :paramref:`_schema.MetaData.naming_convention`. This change prevented basic naming convention dictionaries from passing typing and has been adjusted so that a plain dictionary of strings for keys as well as dictionaries that use constraint types as keys or a mix of both, are again accepted. As part of this change, lesser used forms of the naming convention dictionary are also typed, including that it currently allows for ``Constraint`` type objects as keys as well. .. change:: :tags: usecase, typing :tickets: 10288 Made the contained type for :class:`.Mapped` covariant; this is to allow greater flexibility for end-user typing scenarios, such as the use of protocols to represent particular mapped class structures that are passed to other functions. As part of this change, the contained type was also made covariant for dependent and related types such as :class:`_orm.base.SQLORMOperations`, :class:`_orm.WriteOnlyMapped`, and :class:`_sql.SQLColumnExpression`. Pull request courtesy Roméo Després. .. change:: :tags: bug, engine :tickets: 10275 Fixed a series of reflection issues affecting the PostgreSQL, MySQL/MariaDB, and SQLite dialects when reflecting foreign key constraints where the target column contained parenthesis in one or both of the table name or column name. .. change:: :tags: bug, sql :tickets: 10280 The :class:`.Values` construct will now automatically create a proxy (i.e. a copy) of a :class:`_sql.column` if the column were already associated with an existing FROM clause. This allows that an expression like ``values_obj.c.colname`` will produce the correct FROM clause even in the case that ``colname`` was passed as a :class:`_sql.column` that was already used with a previous :class:`.Values` or other table construct. Originally this was considered to be a candidate for an error condition, however it&#x27;s likely this pattern is already in widespread use so it&#x27;s now added to support. .. change:: :tags: bug, setup :tickets: 10321 Fixed very old issue where the full extent of SQLAlchemy modules, including ``sqlalchemy.testing.fixtures``, could not be imported outside of a pytest run. This suits inspection utilities such as ``pkgutil`` that attempt to import all installed modules in all packages. .. change:: :tags: usecase, sql :tickets: 10269 Adjusted the :class:`_types.Enum` datatype to accept an argument of ``None`` for the :paramref:`_types.Enum.length` parameter, resulting in a VARCHAR or other textual type with no length in the resulting DDL. This allows for new elements of any length to be added to the type after it exists in the schema. Pull request courtesy Eugene Toder. .. change:: :tags: bug, typing :tickets: 9878 Fixed the type annotation for ``__class_getitem__()`` as applied to the ``Visitable`` class at the base of expression constructs to accept ``Any`` for a key, rather than ``str``, which helps with some IDEs such as PyCharm when attempting to write typing annotations for SQL constructs which include generic selectors. Pull request courtesy Jordan Macdonald. .. change:: :tags: bug, typing :tickets: 10353 Repaired the core &quot;SQL element&quot; class ``SQLCoreOperations`` to support the ``__hash__()`` method from a typing perspective, as objects like :class:`.Column` and ORM :class:`.InstrumentedAttribute` are hashable and are used as dictionary keys in the public API for the :class:`_dml.Update` and :class:`_dml.Insert` constructs. Previously, type checkers were not aware the root SQL element was hashable. .. change:: :tags: bug, typing :tickets: 10337 Fixed typing issue with :meth:`_sql.Existing.select_from` that prevented its use with ORM classes. .. change:: :tags: usecase, sql :tickets: 9873 Added new generic SQL function :class:`_functions.aggregate_strings`, which accepts a SQL expression and a decimeter, concatenating strings on multiple rows into a single aggregate value. The function is compiled on a per-backend basis, into functions such as ``group_concat(),`` ``string_agg()``, or ``LISTAGG()``. Pull request courtesy Joshua Morris. .. change:: :tags: typing, bug :tickets: 10131 Update type annotations for ORM loading options, restricting them to accept only `&quot;*&quot;` instead of any string for string arguments. Pull request courtesy Janek Nouvertné. .. changelog:: ``` ### 2.0.20 ``` :released: August 15, 2023 .. change:: :tags: bug, orm :tickets: 10169 Fixed issue where the ORM&#x27;s generation of a SELECT from a joined inheritance model with same-named columns in superclass and subclass would somehow not send the correct list of column names to the :class:`.CTE` construct, when the RECURSIVE column list were generated. .. change:: :tags: bug, typing :tickets: 9185 Typing improvements: * :class:`.CursorResult` is returned for some forms of :meth:`_orm.Session.execute` where DML without RETURNING is used * fixed type for :paramref:`_orm.Query.with_for_update.of` parameter within :meth:`_orm.Query.with_for_update` * improvements to ``_DMLColumnArgument`` type used by some DML methods to pass column expressions * Add overload to :func:`_sql.literal` so that it is inferred that the return type is ``BindParameter[NullType]`` where :paramref:`_sql.literal.type_` param is None * Add overloads to :meth:`_sql.ColumnElement.op` so that the inferred type when :paramref:`_sql.ColumnElement.op.return_type` is not provided is ``Callable[[Any], BinaryExpression[Any]]`` * Add missing overload to :meth:`_sql.ColumnElement.__add__` Pull request courtesy Mehdi Gmira. .. change:: :tags: usecase, orm :tickets: 10192 Implemented the &quot;RETURNING &#x27;*&#x27;&quot; use case for ORM enabled DML statements. This will render in as many cases as possible and return the unfiltered result set, however is not supported for multi-parameter &quot;ORM bulk INSERT&quot; statements that have specific column rendering requirements. .. change:: :tags: bug, typing :tickets: 10182 Fixed issue in :class:`_orm.Session` and :class:`_asyncio.AsyncSession` methods such as :meth:`_orm.Session.connection` where the :paramref:`_orm.Session.connection.execution_options` parameter were hardcoded to an internal type that is not user-facing. .. change:: :tags: orm, bug :tickets: 10231 Fixed fairly major issue where execution options passed to :meth:`_orm.Session.execute`, as well as execution options local to the ORM executed statement itself, would not be propagated along to eager loaders such as that of :func:`_orm.selectinload`, :func:`_orm.immediateload`, and :meth:`_orm.subqueryload`, making it impossible to do things such as disabling the cache for a single statement or using ``schema_translate_map`` for a single statement, as well as the use of user-custom execution options. A change has been made where **all** user-facing execution options present for :meth:`_orm.Session.execute` will be propagated along to additional loaders. As part of this change, the warning for &quot;excessively deep&quot; eager loaders leading to caching being disabled can be silenced on a per-statement basis by sending ``execution_options={&quot;compiled_cache&quot;: None}`` to :meth:`_orm.Session.execute`, which will disable caching for the full series of statements within that scope. .. change:: :tags: usecase, asyncio :tickets: 9698 Added new methods :meth:`_asyncio.AsyncConnection.aclose` as a synonym for :meth:`_asyncio.AsyncConnection.close` and :meth:`_asyncio.AsyncSession.aclose` as a synonym for :meth:`_asyncio.AsyncSession.close` to the :class:`_asyncio.AsyncConnection` and :class:`_asyncio.AsyncSession` objects, to provide compatibility with Python standard library ``contextlib.aclosing`` construct. Pull request courtesy Grigoriev Semyon. .. change:: :tags: bug, orm :tickets: 10124 Fixed issue where internal cloning used by the ORM for expressions like :meth:`_orm.relationship.Comparator.any` to produce correlated EXISTS constructs would interfere with the &quot;cartesian product warning&quot; feature of the SQL compiler, leading the SQL compiler to warn when all elements of the statement were correctly joined. .. change:: :tags: orm, bug :tickets: 10139 Fixed issue where the ``lazy=&quot;immediateload&quot;`` loader strategy would place an internal loading token into the ORM mapped attribute under circumstances where the load should not occur, such as in a recursive self-referential load. As part of this change, the ``lazy=&quot;immediateload&quot;`` strategy now honors the :paramref:`_orm.relationship.join_depth` parameter for self-referential eager loads in the same way as that of other eager loaders, where leaving it unset or set at zero will lead to a self-referential immediateload not occurring, setting it to a value of one or greater will immediateload up until that given depth. .. change:: :tags: bug, orm :tickets: 10175 Fixed issue where dictionary-based collections such as :func:`_orm.attribute_keyed_dict` did not fully pickle/unpickle correctly, leading to issues when attempting to mutate such a collection after unpickling. .. change:: :tags: bug, orm :tickets: 10125 Fixed issue where chaining :func:`_orm.load_only` or other wildcard use of :func:`_orm.defer` from another eager loader using a :func:`_orm.aliased` against a joined inheritance subclass would fail to take effect for columns local to the superclass. .. change:: :tags: bug, orm :tickets: 10167 Fixed issue where an ORM-enabled :func:`_sql.select` construct would not render any CTEs added only via the :meth:`_sql.Select.add_cte` method that were not otherwise referenced in the statement. .. change:: :tags: bug, examples The dogpile_caching examples have been updated for 2.0 style queries. Within the &quot;caching query&quot; logic itself there is one conditional added to differentiate between ``Query`` and ``select()`` when performing an invalidation operation. .. change:: :tags: typing, usecase :tickets: 10173 Added new typing only utility functions :func:`.Nullable` and :func:`.NotNullable` to type a column or ORM class as, respectively, nullable or not nullable. These function are no-op at runtime, returning the input unchanged. .. change:: :tags: bug, engine :tickets: 10147 Fixed critical issue where setting :paramref:`_sa.create_engine.isolation_level` to ``AUTOCOMMIT`` (as opposed to using the :meth:`_engine.Engine.execution_options` method) would fail to restore &quot;autocommit&quot; to a pooled connection if an alternate isolation level were temporarily selected using :paramref:`_engine.Connection.execution_options.isolation_level`. .. changelog:: ``` ### 2.0.19 ``` :released: July 15, 2023 .. change:: :tags: bug, orm :tickets: 10089 Fixed issue where setting a relationship collection directly, where an object in the new collection were already present, would not trigger a cascade event for that object, leading to it not being added to the :class:`_orm.Session` if it were not --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 01:34:09 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 01:34:09 +03:00

[PR #355] [CLOSED] Scheduled weekly dependency update for week 02 #362

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pyup-scheduled-update-2026-04-20

pyup-scheduled-update-2024-09-16

pyup-scheduled-update-2023-07-24

pyup-scheduled-update-2023-06-19

pyup-scheduled-update-2023-05-22

pyup-scheduled-update-2023-05-15

pyup-scheduled-update-2023-05-08

dependabot/pip/flask-2.3.2

pyup-scheduled-update-2023-05-01

pyup-scheduled-update-2023-04-03

dependabot/pip/werkzeug-2.2.3

pyup-scheduled-update-2022-11-14

pyup-scheduled-update-2022-10-03

pyup-scheduled-update-2022-08-01

pyup-scheduled-update-2022-06-13

pyup-scheduled-update-2022-05-30

pyup-scheduled-update-2022-03-07

pyup-scheduled-update-2022-01-10

pyup-scheduled-update-2021-11-01

pyup-scheduled-update-2020-10-05

pyup-scheduled-update-2019-09-30

pyup-scheduled-update-2019-07-29

pyup-scheduled-update-2019-07-22

pyup-scheduled-update-2019-05-27

pyup-scheduled-update-2019-03-11

marshmallow

pyup-scheduled-update-2019-02-25

pyup-scheduled-update-2019-02-18

pyup-scheduled-update-2019-01-28

pyup-scheduled-update-2019-01-14

docker

name-map-stupid

swagger

fix-pagination

doc-expansion

specify-schema

No results found.

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactoring

  

research

  

wontfix

No labels

bug

duplicate

enhancement

help wanted

invalid

pull-request

question

refactoring

research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sandman2-jeffknupp#355

No description provided.