[PR #395] [CLOSED] Scheduled weekly dependency update for week 34 #397

New issue

Closed

opened 2026-02-26 01:34:15 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 01:34:15 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/jeffknupp/sandman2/pull/395
Author: @pyup-bot
Created: 8/26/2024
Status: ❌ Closed

Base: master ← Head: pyup-scheduled-update-2024-08-26

---

📝 Commits (10+)

• 594168f Update flask from 1.1.2 to 3.0.3
• ba2c187 Update flask-admin from 1.5.7 to 1.6.1
• 871e8c4 Update flask-sqlalchemy from 2.4.4 to 3.1.1
• 11d5a52 Update sqlalchemy from 1.3.20 to 2.0.32
• 911d827 Update wtforms from 2.3.3 to 3.1.2
• b300a70 Update coverage from 5.3 to 7.6.1
• 956ae1a Update pytest from 6.2.0 to 8.3.2
• 779a19d Update flask-cors from 3.0.9 to 4.0.1
• f849745 Update pytest-cov from 2.10.1 to 5.0.0
• 8129cde Update pytest-flask from 1.1.0 to 1.3.0

📊 Changes

1 file changed (+15 additions, -15 deletions)

View changed files

📝 requirements.txt (+15 -15)

📄 Description

Update Flask from 1.1.2 to 3.0.3.

Changelog

3.0.3

-------------

Released 2024-04-07

-   The default ``hashlib.sha1`` may not be available in FIPS builds. Don't
 access it at import time so the developer has time to change the default.
 :issue:`5448`
-   Don't initialize the ``cli`` attribute in the sansio scaffold, but rather in
 the ``Flask`` concrete class. :pr:`5270`

3.0.2

-------------

Released 2024-02-03

-   Correct type for ``jinja_loader`` property. :issue:`5388`
-   Fix error with ``--extra-files`` and ``--exclude-patterns`` CLI options.
 :issue:`5391`

3.0.1

-------------

Released 2024-01-18

-   Correct type for ``path`` argument to ``send_file``. :issue:`5230`
-   Fix a typo in an error message for the ``flask run --key`` option. :pr:`5344`
-   Session data is untagged without relying on the built-in ``json.loads``
 ``object_hook``. This allows other JSON providers that don't implement that.
 :issue:`5381`
-   Address more type findings when using mypy strict mode. :pr:`5383`

3.0.0

-------------

Released 2023-09-30

-   Remove previously deprecated code. :pr:`5223`
-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask")``, instead. :issue:`5230`
-   Restructure the code such that the Flask (app) and Blueprint
 classes have Sans-IO bases. :pr:`5127`
-   Allow self as an argument to url_for. :pr:`5264`
-   Require Werkzeug >= 3.0.0.

2.3.3

-------------

Released 2023-08-21

-   Python 3.12 compatibility.
-   Require Werkzeug >= 2.3.7.
-   Use ``flit_core`` instead of ``setuptools`` as build backend.
-   Refactor how an app's root and instance paths are determined. :issue:`5160`

2.3.2

-------------

Released 2023-05-01

-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.
-   Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

2.3.1

-------------

Released 2023-04-25

-   Restore deprecated ``from flask import Markup``. :issue:`5084`

2.3.0

-------------

Released 2023-04-25

-   Drop support for Python 3.7. :pr:`5072`
-   Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
 itsdangerous>=2.1.2, click>=8.1.3.
-   Remove previously deprecated code. :pr:`4995`

 -   The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and
     ``_request_ctx_stack`` objects are removed. ``top`` still exists to give
     extensions more time to update, but it will be removed.
 -   The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env``
     property are removed.
 -   The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``,
     ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app``
     are removed.
 -   The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and
     ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed.
 -   The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators
     are removed.
 -   ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the
     corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed.
 -   The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed.
 -   Calling setup methods on blueprints after registration is an error instead of a
     warning. :pr:`4997`

-   Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them
 directly from ``markupsafe`` instead. :pr:`4996`
-   The ``app.got_first_request`` property is deprecated. :pr:`4997`
-   The ``locked_cached_property`` decorator is deprecated. Use a lock inside the
 decorated function if locking is needed. :issue:`4993`
-   Signals are always available. ``blinker>=1.6.2`` is a required dependency. The
 ``signals_available`` attribute is deprecated. :issue:`5056`
-   Signals support ``async`` subscriber functions. :pr:`5049`
-   Remove uses of locks that could cause requests to block each other very briefly.
 :issue:`4993`
-   Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
 :pr:`4947`
-   Ensure subdomains are applied with nested blueprints. :issue:`4834`
-   ``config.from_file`` can use ``text=False`` to indicate that the parser wants a
 binary file instead. :issue:`4989`
-   If a blueprint is created with an empty name it raises a ``ValueError``.
 :issue:`5010`
-   ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not
 to set the domain, which modern browsers interpret as an exact match rather than
 a subdomain match. Warnings about ``localhost`` and IP addresses are also removed.
 :issue:`5051`
-   The ``routes`` command shows each rule's ``subdomain`` or ``host`` when domain
 matching is in use. :issue:`5004`
-   Use postponed evaluation of annotations. :pr:`5071`

2.2.5

-------------

Released 2023-05-02

-   Update for compatibility with Werkzeug 2.3.3.
-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.

2.2.4

-------------

Released 2023-04-25

-   Update for compatibility with Werkzeug 2.3.

2.2.3

-------------

Released 2023-02-15

-   Autoescape is enabled by default for ``.svg`` template files. :issue:`4831`
-   Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892`
-   Add ``--debug`` option to the ``flask run`` command. :issue:`4777`

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://data.safetycli.com/changelogs/flask/

Update Flask-Admin from 1.5.7 to 1.6.1.

Changelog

1.6.1

-----

* SQLAlchemy 2.x support
* General updates and bug fixes
* Dropped WTForms 1 support

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://data.safetycli.com/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.1.1.

Changelog

3.1.1

-------------

Released 2023-09-11

-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask-sqlalchemy")``, instead. :issue:`5230`

3.1.0

-------------

Released 2023-09-11

-   Drop support for Python 3.7.  :pr:`1251`
-   Add support for the SQLAlchemy 2.x API via ``model_class`` parameter. :issue:`1140`
-   Bump minimum version of SQLAlchemy to 2.0.16.
-   Remove previously deprecated code.
-   Pass extra keyword arguments from ``get_or_404`` to ``session.get``. :issue:`1149`
-   Fix bug with finding right bind key for clause statements. :issue:`1211`

3.0.5

-------------

Released 2023-06-21

-   ``Pagination.next()`` enforces ``max_per_page``. :issue:`1201`
-   Improve type hint for ``get_or_404`` return value to be non-optional. :pr:`1226`

3.0.4

-------------

Released 2023-06-19

-   Fix type hint for ``get_or_404`` return value. :pr:`1208`
-   Fix type hints for pyright (used by VS Code Pylance extension). :issue:`1205`

3.0.3

-------------

Released 2023-01-31

-   Show helpful errors when mistakenly using multiple ``SQLAlchemy`` instances for the
 same app, or without calling ``init_app``. :pr:`1151`
-   Fix issue with getting the engine associated with a model that uses polymorphic
 table inheritance. :issue:`1155`

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to
 return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://data.safetycli.com/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/Flask-SQLAlchemy/

Update SQLAlchemy from 1.3.20 to 2.0.32.

Changelog

2.0.32

:released: August 5, 2024

 .. change::
     :tags: bug, examples
     :tickets: 10267

     Fixed issue in history_meta example where the "version" column in the
     versioned table needs to default to the most recent version number in the
     history table on INSERT, to suit the use case of a table where rows are
     deleted, and can then be replaced by new rows that re-use the same primary
     key identity.  This fix adds an additonal SELECT query per INSERT in the
     main table, which may be inefficient; for cases where primary keys are not
     re-used, the default function may be omitted.  Patch courtesy  Philipp H.
     v. Loewenfeld.


 .. change::
     :tags: oracle, usecase
     :tickets: 10820

     Added API support for server-side cursors for the oracledb async dialect,
     allowing use of the :meth:`_asyncio.AsyncConnection.stream` and similar
     stream methods.

 .. change::
     :tags: bug, orm
     :tickets: 10834

     Fixed issue where using the :meth:`_orm.Query.enable_eagerloads` and
     :meth:`_orm.Query.yield_per` methods at the same time, in order to disable
     eager loading that's configured on the mapper directly, would be silently
     ignored, leading to errors or unexpected eager population of attributes.

 .. change::
     :tags: orm
     :tickets: 11163

     Added a warning noting when an
     :meth:`_engine.ConnectionEvents.engine_connect` event may be leaving
     a transaction open, which can alter the behavior of a
     :class:`_orm.Session` using such an engine as bind.
     On SQLAlchemy 2.1 :paramref:`_orm.Session.join_transaction_mode` will
     instead be ignored in all cases when the session bind is
     an :class:`_engine.Engine`.

 .. change::
     :tags: bug, general, regression
     :tickets: 11435

     Restored legacy class names removed from
     ``sqlalalchemy.orm.collections.*``, including
     :class:`_orm.MappedCollection`, :func:`_orm.mapped_collection`,
     :func:`_orm.column_mapped_collection`,
     :func:`_orm.attribute_mapped_collection`. Pull request courtesy Takashi
     Kajinami.

 .. change::
     :tags: bug, sql
     :tickets: 11471

     Follow up of :ticket:`11471` to fix caching issue where using the
     :meth:`.CompoundSelectState.add_cte` method of the
     :class:`.CompoundSelectState` construct would not set a correct cache key
     which distinguished between different CTE expressions. Also added tests
     that would detect issues similar to the one fixed in :ticket:`11544`.

 .. change::
     :tags: bug, mysql
     :tickets: 11479

     Fixed issue in MySQL dialect where ENUM values that contained percent signs
     were not properly escaped for the driver.


 .. change::
     :tags: usecase, oracle
     :tickets: 11480

     Implemented two-phase transactions for the oracledb dialect. Historically,
     this feature never worked with the cx_Oracle dialect, however recent
     improvements to the oracledb successor now allow this to be possible.  The
     two phase transaction API is available at the Core level via the
     :meth:`_engine.Connection.begin_twophase` method.

 .. change::
     :tags: bug, postgresql
     :tickets: 11522

     It is now considered a pool-invalidating disconnect event when psycopg2
     throws an "SSL SYSCALL error: Success" error message, which can occur when
     the SSL connection to Postgres is terminated abnormally.

 .. change::
     :tags: bug, schema
     :tickets: 11530

     Fixed additional issues in the event system triggered by unpickling of a
     :class:`.Enum` datatype, continuing from :ticket:`11365` and
     :ticket:`11360`,  where dynamically generated elements of the event
     structure would not be present when unpickling in a new process.

 .. change::
     :tags: bug, engine
     :tickets: 11532

     Fixed issue in "insertmanyvalues" feature where a particular call to
     ``cursor.fetchall()`` were not wrapped in SQLAlchemy's exception wrapper,
     which apparently can raise a database exception during fetch when using
     pyodbc.

 .. change::
     :tags: usecase, orm
     :tickets: 11575

     The :paramref:`_orm.aliased.name` parameter to :func:`_orm.aliased` may now
     be combined with the :paramref:`_orm.aliased.flat` parameter, producing
     per-table names based on a name-prefixed naming convention.  Pull request
     courtesy Eric Atkin.

 .. change::
     :tags: bug, postgresql
     :tickets: 11576

     Fixed issue where the :func:`_sql.collate` construct, which explicitly sets
     a collation for a given expression, would maintain collation settings for
     the underlying type object from the expression, causing SQL expressions to
     have both collations stated at once when used in further expressions for
     specific dialects that render explicit type casts, such as that of asyncpg.
     The :func:`_sql.collate` construct now assigns its own type to explicitly
     include the new collation, assuming it's a string type.

 .. change::
     :tags: bug, sql
     :tickets: 11592

     Fixed bug where the :meth:`.Operators.nulls_first()` and
     :meth:`.Operators.nulls_last()` modifiers would not be treated the same way
     as :meth:`.Operators.desc()` and :meth:`.Operators.asc()` when determining
     if an ORDER BY should be against a label name already in the statement. All
     four modifiers are now treated the same within ORDER BY.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11625

     Fixed regression appearing in 2.0.21 caused by :ticket:`10279` where using
     a :func:`_sql.delete` or :func:`_sql.update` against an ORM class that is
     the base of an inheritance hierarchy, while also specifying that subclasses
     should be loaded polymorphically, would leak the polymorphic joins into the
     UPDATE or DELETE statement as well creating incorrect SQL.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11661

     Fixed regression from version 1.4 in
     :meth:`_orm.Session.bulk_insert_mappings` where using the
     :paramref:`_orm.Session.bulk_insert_mappings.return_defaults` parameter
     would not populate the passed in dictionaries with newly generated primary
     key values.


 .. change::
     :tags: bug, oracle, sqlite
     :tickets: 11663

     Implemented bitwise operators for Oracle which was previously
     non-functional due to a non-standard syntax used by this database.
     Oracle's support for bitwise "or" and "xor" starts with server version 21.
     Additionally repaired the implementation of "xor" for SQLite.

     As part of this change, the dialect compliance test suite has been enhanced
     to include support for server-side bitwise tests; third party dialect
     authors should refer to new "supports_bitwise" methods in the
     requirements.py file to enable these tests.




 .. change::
     :tags: bug, typing

     Fixed internal typing issues to establish compatibility with mypy 1.11.0.
     Note that this does not include issues which have arisen with the
     deprecated mypy plugin used by SQLAlchemy 1.4-style code; see the addiional
     change note for this plugin indicating revised compatibility.

.. changelog::

2.0.31

:released: June 18, 2024

 .. change::
     :tags: usecase, reflection, mysql
     :tickets: 11285

     Added missing foreign key reflection option ``SET DEFAULT``
     in the MySQL and MariaDB dialects.
     Pull request courtesy of Quentin Roche.

 .. change::
     :tags: usecase, orm
     :tickets: 11361

     Added missing parameter :paramref:`_orm.with_polymorphic.name` that
     allows specifying the name of returned :class:`_orm.AliasedClass`.

 .. change::
     :tags: bug, orm
     :tickets: 11365

     Fixed issue where a :class:`.MetaData` collection would not be
     serializable, if an :class:`.Enum` or :class:`.Boolean` datatype were
     present which had been adapted. This specific scenario in turn could occur
     when using the :class:`.Enum` or :class:`.Boolean` within ORM Annotated
     Declarative form where type objects frequently get copied.

 .. change::
     :tags: schema, usecase
     :tickets: 11374

     Added :paramref:`_schema.Column.insert_default` as an alias of
     :paramref:`_schema.Column.default` for compatibility with
     :func:`_orm.mapped_column`.

 .. change::
     :tags: bug, general
     :tickets: 11417

     Set up full Python 3.13 support to the extent currently possible, repairing
     issues within internal language helpers as well as the serializer extension
     module.

 .. change::
     :tags: bug, sql
     :tickets: 11422

     Fixed issue when serializing an :func:`_sql.over` clause with
     unbounded range or rows.

 .. change::
     :tags: bug, sql
     :tickets: 11423

     Added missing methods :meth:`_sql.FunctionFilter.within_group`
     and :meth:`_sql.WithinGroup.filter`

 .. change::
     :tags: bug, sql
     :tickets: 11426

     Fixed bug in :meth:`_sql.FunctionFilter.filter` that would mutate
     the existing function in-place. It now behaves like the rest of the
     SQLAlchemy API, returning a new instance instead of mutating the
     original one.

 .. change::
     :tags: bug, orm
     :tickets: 11446

     Fixed issue where the :func:`_orm.selectinload` and
     :func:`_orm.subqueryload` loader options would fail to take effect when
     made against an inherited subclass that itself included a subclass-specific
     :paramref:`_orm.Mapper.with_polymorphic` setting.

 .. change::
     :tags: bug, orm
     :tickets: 11449

     Fixed very old issue involving the :paramref:`_orm.joinedload.innerjoin`
     parameter where making use of this parameter mixed into a query that also
     included joined eager loads along a self-referential or other cyclical
     relationship, along with complicating factors like inner joins added for
     secondary tables and such, would have the chance of splicing a particular
     inner join to the wrong part of the query.  Additional state has been added
     to the internal method that does this splice to make a better decision as
     to where splicing should proceed.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11509

     Fixed bug in ORM Declarative where the ``__table__`` directive could not be
     declared as a class function with :func:`_orm.declared_attr` on a
     superclass, including an ``__abstract__`` class as well as coming from the
     declarative base itself.  This was a regression since 1.4 where this was
     working, and there were apparently no tests for this particular use case.

.. changelog::

2.0.30

:released: May 5, 2024

 .. change::
     :tags: bug, typing, regression
     :tickets: 11200

     Fixed typing regression caused by :ticket:`11055` in version 2.0.29 that
     added ``ParamSpec`` to the asyncio ``run_sync()`` methods, where using
     :meth:`_asyncio.AsyncConnection.run_sync` with
     :meth:`_schema.MetaData.reflect` would fail on mypy due to a mypy issue.
     Pull request courtesy of Francisco R. Del Roio.

 .. change::
     :tags: bug, engine
     :tickets: 11210

     Fixed issue in the
     :paramref:`_engine.Connection.execution_options.logging_token` option,
     where changing the value of ``logging_token`` on a connection that has
     already logged messages would not be updated to reflect the new logging
     token.  This in particular prevented the use of
     :meth:`_orm.Session.connection` to change the option on the connection,
     since the BEGIN logging message would already have been emitted.

 .. change::
     :tags: bug, orm
     :tickets: 11220

     Added new attribute :attr:`_orm.ORMExecuteState.is_from_statement` to
     detect statements created using :meth:`_sql.Select.from_statement`, and
     enhanced ``FromStatement`` to set :attr:`_orm.ORMExecuteState.is_select`,
     :attr:`_orm.ORMExecuteState.is_insert`,
     :attr:`_orm.ORMExecuteState.is_update`, and
     :attr:`_orm.ORMExecuteState.is_delete` according to the element that is
     sent to the :meth:`_sql.Select.from_statement` method itself.

 .. change::
     :tags: bug, test
     :tickets: 11268

     Ensure the ``PYTHONPATH`` variable is properly initialized when
     using ``subprocess.run`` in the tests.

 .. change::
     :tags: bug, orm
     :tickets: 11291

     Fixed issue in  :func:`_orm.selectin_polymorphic` loader option where
     attributes defined with :func:`_orm.composite` on a superclass would cause
     an internal exception on load.


 .. change::
     :tags: bug, orm, regression
     :tickets: 11292

     Fixed regression from 1.4 where using :func:`_orm.defaultload` in
     conjunction with a non-propagating loader like :func:`_orm.contains_eager`
     would nonetheless propagate the :func:`_orm.contains_eager` to a lazy load
     operation, causing incorrect queries as this option is only intended to
     come from an original load.



 .. change::
     :tags: bug, orm
     :tickets: 11305

     Fixed issue in ORM Annotated Declarative where typing issue where literals
     defined using :pep:`695` type aliases would not work with inference of
     :class:`.Enum` datatypes. Pull request courtesy of Alc-Alc.

 .. change::
     :tags: bug, engine
     :tickets: 11306

     Fixed issue in cursor handling which affected handling of duplicate
     :class:`_sql.Column` or similar objcts in the columns clause of
     :func:`_sql.select`, both in combination with arbitary :func:`_sql.text()`
     clauses in the SELECT list, as well as when attempting to retrieve
     :meth:`_engine.Result.mappings` for the object, which would lead to an
     internal error.



 .. change::
     :tags: bug, orm
     :tickets: 11327

     Fixed issue in :func:`_orm.selectin_polymorphic` loader option where the
     SELECT emitted would only accommodate for the child-most class among the
     result rows that were returned, leading intermediary-class attributes to be
     unloaded if there were no concrete instances of that intermediary-class
     present in the result.   This issue only presented itself for multi-level
     inheritance hierarchies.

 .. change::
     :tags: bug, orm
     :tickets: 11332

     Fixed issue in :meth:`_orm.Session.bulk_save_objects` where the form of the
     identity key produced when using ``return_defaults=True`` would be
     incorrect. This could lead to an errors during pickling as well as identity
     map mismatches.

 .. change::
     :tags: bug, installation
     :tickets: 11334

     Fixed an internal class that was testing for unexpected attributes to work
     correctly under upcoming Python 3.13.   Pull request courtesy Edgar
     Ramírez-Mondragón.

 .. change::
     :tags: bug, orm
     :tickets: 11347

     Fixed issue where attribute key names in :class:`_orm.Bundle` would not be
     correct when using ORM enabled :class:`_sql.select` vs.
     :class:`_orm.Query`, when the statement contained duplicate column names.

 .. change::
     :tags: bug, typing

     Fixed issue in typing for :class:`_orm.Bundle` where creating a nested
     :class:`_orm.Bundle` structure were not allowed.

.. changelog::

2.0.29

:released: March 23, 2024

 .. change::
     :tags: bug, orm
     :tickets: 10611

     Fixed Declarative issue where typing a relationship using
     :class:`_orm.Relationship` rather than :class:`_orm.Mapped` would
     inadvertently pull in the "dynamic" relationship loader strategy for that
     attribute.

 .. change::
     :tags: postgresql, usecase
     :tickets: 10693

     The PostgreSQL dialect now returns :class:`_postgresql.DOMAIN` instances
     when reflecting a column that has a domain as type. Previously, the domain
     data type was returned instead. As part of this change, the domain
     reflection was improved to also return the collation of the text types.
     Pull request courtesy of Thomas Stephenson.

 .. change::
     :tags: bug, typing
     :tickets: 11055

     Fixed typing issue allowing asyncio ``run_sync()`` methods to correctly
     type the parameters according to the callable that was passed, making use
     of :pep:`612` ``ParamSpec`` variables.  Pull request courtesy Francisco R.
     Del Roio.

 .. change::
     :tags: bug, orm
     :tickets: 11091

     Fixed issue in ORM annotated declarative where using
     :func:`_orm.mapped_column()` with an :paramref:`_orm.mapped_column.index`
     or :paramref:`_orm.mapped_column.unique` setting of False would be
     overridden by an incoming ``Annotated`` element that featured that
     parameter set to ``True``, even though the immediate
     :func:`_orm.mapped_column()` element is more specific and should take
     precedence.  The logic to reconcile the booleans has been enhanced to
     accommodate a local value of ``False`` as still taking precedence over an
     incoming ``True`` value from the annotated element.

 .. change::
     :tags: usecase, orm
     :tickets: 11130

     Added support for the :pep:`695` ``TypeAliasType`` construct as well as the
     python 3.12 native ``type`` keyword to work with ORM Annotated Declarative
     form when using these constructs to link to a :pep:`593` ``Annotated``
     container, allowing the resolution of the ``Annotated`` to proceed when
     these constructs are used in a :class:`_orm.Mapped` typing container.

 .. change::
     :tags: bug, engine
     :tickets: 11157

     Fixed issue in :ref:`engine_insertmanyvalues` feature where using a primary
     key column with an "inline execute" default generator such as an explicit
     :class:`.Sequence` with an explcit schema name, while at the same time
     using the
     :paramref:`_engine.Connection.execution_options.schema_translate_map`
     feature would fail to render the sequence or the parameters properly,
     leading to errors.

 .. change::
     :tags: bug, engine
     :tickets: 11160

     Made a change to the adjustment made in version 2.0.10 for :ticket:`9618`,
     which added the behavior of reconciling RETURNING rows from a bulk INSERT
     to the parameters that were passed to it.  This behavior included a
     comparison of already-DB-converted bound parameter values against returned
     row values that was not always "symmetrical" for SQL column types such as
     UUIDs, depending on specifics of how different DBAPIs receive such values
     versus how they return them, necessitating the need for additional
     "sentinel value resolver" methods on these column types.  Unfortunately
     this broke third party column types such as UUID/GUID types in libraries
     like SQLModel which did not implement this special method, raising an error
     "Can't match sentinel values in result set to parameter sets".  Rather than
     attempt to further explain and document this implementation detail of the
     "insertmanyvalues" feature including a public version of the new
     method, the approach is intead revised to no longer need this extra
     conversion step, and the logic that does the comparison now works on the
     pre-converted bound parameter value compared to the post-result-processed
     value, which should always be of a matching datatype.  In the unusual case
     that a custom SQL column type that also happens to be used in a "sentinel"
     column for bulk INSERT is not receiving and returning the same value type,
     the "Can't match" error will be raised, however the mitigation is
     straightforward in that the same Python datatype should be passed as that
     returned.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11173

     Fixed regression from version 2.0.28 caused by the fix for :ticket:`11085`
     where the newer method of adjusting post-cache bound parameter values would
     interefere with the implementation for the :func:`_orm.subqueryload` loader
     option, which has some more legacy patterns in use internally, when
     the additional loader criteria feature were used with this loader option.

 .. change::
     :tags: bug, sql, regression
     :tickets: 11176

     Fixed regression from the 1.4 series where the refactor of the
     :meth:`_types.TypeEngine.with_variant` method introduced at
     :ref:`change_6980` failed to accommodate for the ``.copy()`` method, which
     will lose the variant mappings that are set up. This becomes an issue for
     the very specific case of a "schema" type, which includes types such as
     :class:`.Enum` and :class:`_types.ARRAY`, when they are then used in the context
     of an ORM Declarative mapping with mixins where copying of types comes into
     play.  The variant mapping is now copied as well.

 .. change::
     :tags: bug, tests
     :tickets: 11187

     Backported to SQLAlchemy 2.0 an improvement to the test suite with regards
     to how asyncio related tests are run, now using the newer Python 3.11
     ``asyncio.Runner`` or a backported equivalent, rather than relying on the
     previous implementation based on ``asyncio.get_running_loop()``.  This
     should hopefully prevent issues with large suite runs on CPU loaded
     hardware where the event loop seems to become corrupted, leading to
     cascading failures.


.. changelog::

2.0.28

:released: March 4, 2024

 .. change::
     :tags: engine, usecase
     :tickets: 10974

     Added new core execution option
     :paramref:`_engine.Connection.execution_options.preserve_rowcount`. When
     set, the ``cursor.rowcount`` attribute from the DBAPI cursor will be
     unconditionally memoized at statement execution time, so that whatever
     value the DBAPI offers for any kind of statement will be available using
     the :attr:`_engine.CursorResult.rowcount` attribute from the
     :class:`_engine.CursorResult`.  This allows the rowcount to be accessed for
     statements such as INSERT and SELECT, to the degree supported by the DBAPI
     in use. The :ref:`engine_insertmanyvalues` also supports this option and
     will ensure :attr:`_engine.CursorResult.rowcount` is correctly set for a
     bulk INSERT of rows when set.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11010

     Fixed regression caused by :ticket:`9779` where using the "secondary" table
     in a relationship ``and_()`` expression would fail to be aliased to match
     how the "secondary" table normally renders within a
     :meth:`_sql.Select.join` expression, leading to an invalid query.

 .. change::
     :tags: bug, orm, performance, regression
     :tickets: 11085

     Adjusted the fix made in :ticket:`10570`, released in 2.0.23, where new
     logic was added to reconcile possibly changing bound parameter values
     across cache key generations used within the :func:`_orm.with_expression`
     construct.  The new logic changes the approach by which the new bound
     parameter values are associated with the statement, avoiding the need to
     deep-copy the statement which can result in a significant performance
     penalty for very deep / complex SQL constructs.  The new approach no longer
     requires this deep-copy step.

 .. change::
     :tags: bug, asyncio
     :tickets: 8771

     An error is raised if a :class:`.QueuePool` or other non-asyncio pool class
     is passed to :func:`_asyncio.create_async_engine`.  This engine only
     accepts asyncio-compatible pool classes including
     :class:`.AsyncAdaptedQueuePool`. Other pool classes such as
     :class:`.NullPool` are compatible with both synchronous and asynchronous
     engines as they do not perform any locking.

     .. seealso::

         :ref:`pool_api`


 .. change::
     :tags: change, tests

     pytest support in the tox.ini file has been updated to support pytest 8.1.

.. changelog::

2.0.27

:released: February 13, 2024

 .. change::
     :tags: bug, postgresql, regression
     :tickets: 11005

     Fixed regression caused by just-released fix for :ticket:`10863` where an
     invalid exception class were added to the "except" block, which does not
     get exercised unless such a catch actually happens.   A mock-style test has
     been added to ensure this catch is exercised in unit tests.


.. changelog::

2.0.26

:released: February 11, 2024

 .. change::
     :tags: usecase, postgresql, reflection
     :tickets: 10777

     Added support for reflection of PostgreSQL CHECK constraints marked with
     "NO INHERIT", setting the key ``no_inherit=True`` in the reflected data.
     Pull request courtesy Ellis Valentiner.

 .. change::
     :tags: bug, sql
     :tickets: 10843

     Fixed issues in :func:`_sql.case` where the logic for determining the
     type of the expression could result in :class:`.NullType` if the last
     element in the "whens" had no type, or in other cases where the type
     could resolve to ``None``.  The logic has been updated to scan all
     given expressions so that the first non-null type is used, as well as
     to always ensure a type is present.  Pull request courtesy David Evans.

 .. change::
     :tags: bug, mysql
     :tickets: 10850

     Fixed issue where NULL/NOT NULL would not be properly reflected from a
     MySQL column that also specified the VIRTUAL or STORED directives.  Pull
     request courtesy Georg Wicke-Arndt.

 .. change::
     :tags: bug, regression, postgresql
     :tickets: 10863

     Fixed regression in the asyncpg dialect caused by :ticket:`10717` in
     release 2.0.24 where the change that now attempts to gracefully close the
     asyncpg connection before terminating would not fall back to
     ``terminate()`` for other potential connection-related exceptions other
     than a timeout error, not taking into account cases where the graceful
     ``.close()`` attempt fails for other reasons such as connection errors.


 .. change::
     :tags: oracle, bug, performance
     :tickets: 10877

     Changed the default arraysize of the Oracle dialects so that the value set
     by the driver is used, that is 100 at the time of writing for both
     cx_oracle and oracledb. Previously the value was set to 50 by default. The
     setting of 50 could cause significant performance regressions compared to
     when using cx_oracle/oracledb alone to fetch many hundreds of rows over
     slower networks.

 .. change::
     :tags: bug, mysql
     :tickets: 10893

     Fixed issue in asyncio dialects asyncmy and aiomysql, where their
     ``.close()`` method is apparently not a graceful close.  replace with
     non-standard ``.ensure_closed()`` method that's awaitable and move
     ``.close()`` to the so-called "terminate" case.

 .. change::
     :tags: bug, orm
     :tickets: 10896

     Replaced the "loader depth is excessively deep" warning with a shorter
     message added to the caching badge within SQL logging, for those statements
     where the ORM disabled the cache due to a too-deep chain of loader options.
     The condition which this warning highlights is difficult to resolve and is
     generally just a limitation in the ORM's application of SQL caching. A
     future feature may include the ability to tune the threshold where caching
     is disabled, but for now the warning will no longer be a nuisance.

 .. change::
     :tags: bug, orm
     :tickets: 10899

     Fixed issue where it was not possible to use a type (such as an enum)
     within a :class:`_orm.Mapped` container type if that type were declared
     locally within the class body.  The scope of locals used for the eval now
     includes that of the class body itself.  In addition, the expression within
     :class:`_orm.Mapped` may also refer to the class name itself, if used as a
     string or with future annotations mode.

 .. change::
     :tags: usecase, postgresql
     :tickets: 10904

     Support the ``USING <method>`` option for PostgreSQL ``CREATE TABLE`` to
     specify the access method to use to store the contents for the new table.
     Pull request courtesy Edgar Ramírez-Mondragón.

     .. seealso::

         :ref:`postgresql_table_options`

 .. change::
     :tags: bug, examples
     :tickets: 10920

     Fixed regression in history_meta example where the use of
     :meth:`_schema.MetaData.to_metadata` to make a copy of the history table
     would also copy indexes (which is a good thing), but causing naming
     conflicts indexes regardless of naming scheme used for those indexes. A
     "_history" suffix is now added to these indexes in the same way as is
     achieved for the table name.


 .. change::
     :tags: bug, orm
     :tickets: 10967

     Fixed issue where using :meth:`_orm.Session.delete` along with the
     :paramref:`_orm.Mapper.version_id_col` feature would fail to use the
     correct version identifier in the case that an additional UPDATE were
     emitted against the target object as a result of the use of
     :paramref:`_orm.relationship.post

---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

## 📋 Pull Request Information **Original PR:** https://github.com/jeffknupp/sandman2/pull/395 **Author:** [@pyup-bot](https://github.com/pyup-bot) **Created:** 8/26/2024 **Status:** ❌ Closed **Base:** `master` ← **Head:** `pyup-scheduled-update-2024-08-26` --- ### 📝 Commits (10+) - [`594168f`](https://github.com/jeffknupp/sandman2/commit/594168fe658972ddbb0e72a6b213342d40c1ab00) Update flask from 1.1.2 to 3.0.3 - [`ba2c187`](https://github.com/jeffknupp/sandman2/commit/ba2c18749d760b07592f86e4e85b7435efca21c5) Update flask-admin from 1.5.7 to 1.6.1 - [`871e8c4`](https://github.com/jeffknupp/sandman2/commit/871e8c44ea86029ee286d853ab7c16cd3c68d6fc) Update flask-sqlalchemy from 2.4.4 to 3.1.1 - [`11d5a52`](https://github.com/jeffknupp/sandman2/commit/11d5a52d67d0469c8c25c454e42aa82f7e219849) Update sqlalchemy from 1.3.20 to 2.0.32 - [`911d827`](https://github.com/jeffknupp/sandman2/commit/911d82718c779f634aaaf86f54956b2a16f19931) Update wtforms from 2.3.3 to 3.1.2 - [`b300a70`](https://github.com/jeffknupp/sandman2/commit/b300a70ea0f474ee32358e63750a41ef447ac8d0) Update coverage from 5.3 to 7.6.1 - [`956ae1a`](https://github.com/jeffknupp/sandman2/commit/956ae1a1ac78c6620d217a1b1961fa3dec14c599) Update pytest from 6.2.0 to 8.3.2 - [`779a19d`](https://github.com/jeffknupp/sandman2/commit/779a19df1ca6442e7703699661bff88ba5d38837) Update flask-cors from 3.0.9 to 4.0.1 - [`f849745`](https://github.com/jeffknupp/sandman2/commit/f8497458bcbfc3bf66de17dfd46d08599dac9c90) Update pytest-cov from 2.10.1 to 5.0.0 - [`8129cde`](https://github.com/jeffknupp/sandman2/commit/8129cde1adac172d089f4e3909bf92dfa843ea09) Update pytest-flask from 1.1.0 to 1.3.0 ### 📊 Changes **1 file changed** (+15 additions, -15 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+15 -15) </details> ### 📄 Description ### Update [Flask](https://pypi.org/project/Flask) from **1.1.2** to **3.0.3**. <details> <summary>Changelog</summary> ### 3.0.3 ``` ------------- Released 2024-04-07 - The default ``hashlib.sha1`` may not be available in FIPS builds. Don&#x27;t access it at import time so the developer has time to change the default. :issue:`5448` - Don&#x27;t initialize the ``cli`` attribute in the sansio scaffold, but rather in the ``Flask`` concrete class. :pr:`5270` ``` ### 3.0.2 ``` ------------- Released 2024-02-03 - Correct type for ``jinja_loader`` property. :issue:`5388` - Fix error with ``--extra-files`` and ``--exclude-patterns`` CLI options. :issue:`5391` ``` ### 3.0.1 ``` ------------- Released 2024-01-18 - Correct type for ``path`` argument to ``send_file``. :issue:`5230` - Fix a typo in an error message for the ``flask run --key`` option. :pr:`5344` - Session data is untagged without relying on the built-in ``json.loads`` ``object_hook``. This allows other JSON providers that don&#x27;t implement that. :issue:`5381` - Address more type findings when using mypy strict mode. :pr:`5383` ``` ### 3.0.0 ``` ------------- Released 2023-09-30 - Remove previously deprecated code. :pr:`5223` - Deprecate the ``__version__`` attribute. Use feature detection, or ``importlib.metadata.version(&quot;flask&quot;)``, instead. :issue:`5230` - Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:`5127` - Allow self as an argument to url_for. :pr:`5264` - Require Werkzeug &gt;= 3.0.0. ``` ### 2.3.3 ``` ------------- Released 2023-08-21 - Python 3.12 compatibility. - Require Werkzeug &gt;= 2.3.7. - Use ``flit_core`` instead of ``setuptools`` as build backend. - Refactor how an app&#x27;s root and instance paths are determined. :issue:`5160` ``` ### 2.3.2 ``` ------------- Released 2023-05-01 - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. - Update Werkzeug requirement to &gt;=2.3.3 to apply recent bug fixes. ``` ### 2.3.1 ``` ------------- Released 2023-04-25 - Restore deprecated ``from flask import Markup``. :issue:`5084` ``` ### 2.3.0 ``` ------------- Released 2023-04-25 - Drop support for Python 3.7. :pr:`5072` - Update minimum requirements to the latest versions: Werkzeug&gt;=2.3.0, Jinja2&gt;3.1.2, itsdangerous&gt;=2.1.2, click&gt;=8.1.3. - Remove previously deprecated code. :pr:`4995` - The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and ``_request_ctx_stack`` objects are removed. ``top`` still exists to give extensions more time to update, but it will be removed. - The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env`` property are removed. - The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app`` are removed. - The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed. - The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators are removed. - ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed. - The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed. - Calling setup methods on blueprints after registration is an error instead of a warning. :pr:`4997` - Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them directly from ``markupsafe`` instead. :pr:`4996` - The ``app.got_first_request`` property is deprecated. :pr:`4997` - The ``locked_cached_property`` decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:`4993` - Signals are always available. ``blinker&gt;=1.6.2`` is a required dependency. The ``signals_available`` attribute is deprecated. :issue:`5056` - Signals support ``async`` subscriber functions. :pr:`5049` - Remove uses of locks that could cause requests to block each other very briefly. :issue:`4993` - Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``. :pr:`4947` - Ensure subdomains are applied with nested blueprints. :issue:`4834` - ``config.from_file`` can use ``text=False`` to indicate that the parser wants a binary file instead. :issue:`4989` - If a blueprint is created with an empty name it raises a ``ValueError``. :issue:`5010` - ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about ``localhost`` and IP addresses are also removed. :issue:`5051` - The ``routes`` command shows each rule&#x27;s ``subdomain`` or ``host`` when domain matching is in use. :issue:`5004` - Use postponed evaluation of annotations. :pr:`5071` ``` ### 2.2.5 ``` ------------- Released 2023-05-02 - Update for compatibility with Werkzeug 2.3.3. - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. ``` ### 2.2.4 ``` ------------- Released 2023-04-25 - Update for compatibility with Werkzeug 2.3. ``` ### 2.2.3 ``` ------------- Released 2023-02-15 - Autoescape is enabled by default for ``.svg`` template files. :issue:`4831` - Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892` - Add ``--debug`` option to the ``flask run`` command. :issue:`4777` ``` ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to &gt;= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``&quot;production&quot;``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to &gt;= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug&#x27;s ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python &lt; 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to &gt;= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client&#x27;s ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client&#x27;s ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.request.environ`` instead. :pr:`4341` - Fix type annotation for ``errorhandler`` decorator. :issue:`4295` - Revert a change to the CLI that caused it to hide ``ImportError`` tracebacks when importing the application. :issue:`4307` - ``app.json_encoder`` and ``json_decoder`` are only passed to ``dumps`` and ``loads`` if they have custom behavior. This improves performance, mainly on PyPy. :issue:`4349` - Clearer error message when ``after_this_request`` is used outside a request context. :issue:`4333` ``` ### 2.0.2 ``` ------------- Released 2021-10-04 - Fix type annotation for ``teardown_*`` methods. :issue:`4093` - Fix type annotation for ``before_request`` and ``before_app_request`` decorators. :issue:`4104` - Fixed the issue where typing requires template global decorators to accept functions with no arguments. :issue:`4098` - Support View and MethodView instances with async handlers. :issue:`4112` - Enhance typing of ``app.errorhandler`` decorator. :issue:`4095` - Fix registering a blueprint twice with differing names. :issue:`4124` - Fix the type of ``static_folder`` to accept ``pathlib.Path``. :issue:`4150` - ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``. :issue:`4157` - Correctly handle raising deferred errors in CLI lazy loading. :issue:`4096` - The CLI loader handles ``**kwargs`` in a ``create_app`` function. :issue:`4170` - Fix the order of ``before_request`` and other callbacks that trigger before the view returns. They are called from the app down to the closest nested blueprint. :issue:`4229` ``` ### 2.0.1 ``` ------------- Released 2021-05-21 - Re-add the ``filename`` parameter in ``send_from_directory``. The ``filename`` parameter has been renamed to ``path``, the old name is deprecated. :pr:`4019` - Mark top-level names as exported so type checking understands imports in user projects. :issue:`4024` - Fix type annotation for ``g`` and inform mypy that it is a namespace object that has arbitrary attributes. :issue:`4020` - Fix some types that weren&#x27;t available in Python 3.6.0. :issue:`4040` - Improve typing for ``send_file``, ``send_from_directory``, and ``get_send_file_max_age``. :issue:`4044`, :pr:`4026` - Show an error when a blueprint name contains a dot. The ``.`` has special meaning, it is used to separate (nested) blueprint names and the endpoint name. :issue:`4041` - Combine URL prefixes when nesting blueprints that were created with a ``url_prefix`` value. :issue:`4037` - Revert a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. :issue:`4053` - Re-add deprecated ``Config.from_json``, which was accidentally removed early. :issue:`4078` - Improve typing for some functions using ``Callable`` in their type signatures, focusing on decorator factories. :issue:`4060` - Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. :issue:`4069` - ``register_blueprint`` takes a ``name`` option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for ``url_for``. Registering the same blueprint with the same name multiple times is deprecated. :issue:`1091` - Improve typing for ``stream_with_context``. :issue:`4052` ``` ### 2.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Bump minimum versions of other Pallets projects: Werkzeug &gt;= 2, Jinja2 &gt;= 3, MarkupSafe &gt;= 2, ItsDangerous &gt;= 2, Click &gt;= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8. - JSON support no longer uses simplejson. To use another JSON module, override ``app.json_encoder`` and ``json_decoder``. :issue:`3555` - The ``encoding`` option to JSON functions is deprecated. :pr:`3562` - Passing ``script_info`` to app factory functions is deprecated. This was not portable outside the ``flask`` command. Use ``click.get_current_context().obj`` if it&#x27;s needed. :issue:`3552` - The CLI shows better error messages when the app failed to load when looking up commands. :issue:`2741` - Add ``SessionInterface.get_cookie_name`` to allow setting the session cookie name dynamically. :pr:`3369` - Add ``Config.from_file`` to load config using arbitrary file loaders, such as ``toml.load`` or ``json.load``. ``Config.from_json`` is deprecated in favor of this. :pr:`3398` - The ``flask run`` command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. :issue:`3431` - ``send_file`` raises a ``ValueError`` when passed an ``io`` object in text mode. Previously, it would respond with 200 OK and an empty file. :issue:`3358` - When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. :pr:`3492` - When specifying a factory function with ``FLASK_APP``, keyword argument can be passed. :issue:`3553` - When loading a ``.env`` or ``.flaskenv`` file, the current working directory is no longer changed to the location of the file. :pr:`3560` - When returning a ``(response, headers)`` tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the ``Content-Type`` for ``jsonify()``. Use ``response.headers.extend()`` if extending is desired. :issue:`3628` - The ``Scaffold`` class provides a common API for the ``Flask`` and ``Blueprint`` classes. ``Blueprint`` information is stored in attributes just like ``Flask``, rather than opaque lambda functions. This is intended to improve consistency and maintainability. :issue:`3215` - Include ``samesite`` and ``secure`` options when removing the session cookie. :pr:`3726` - Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579` - ``send_file`` and ``send_from_directory`` are wrappers around the implementations in ``werkzeug.utils``. :pr:`3828` - Some ``send_file`` parameters have been renamed, the old names are deprecated. ``attachment_filename`` is renamed to ``download_name``. ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is renamed to ``etag``. :pr:`3828, 3883` - ``send_file`` passes ``download_name`` even if ``as_attachment=False`` by using ``Content-Disposition: inline``. :pr:`3828` - ``send_file`` sets ``conditional=True`` and ``max_age=None`` by default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is not set, otherwise ``public``. This tells browsers to validate conditional requests instead of using a timed cache. :pr:`3828` - ``helpers.safe_join`` is deprecated. Use ``werkzeug.utils.safe_join`` instead. :pr:`3828` - The request context does route matching before opening the session. This could allow a session interface to change behavior based on ``request.endpoint``. :issue:`3776` - Use Jinja&#x27;s implementation of the ``|tojson`` filter. :issue:`3881` - Add route decorators for common HTTP methods. For example, ``app.post(&quot;/login&quot;)`` is a shortcut for ``app.route(&quot;/login&quot;, methods=[&quot;POST&quot;])``. :pr:`3907` - Support async views, error handlers, before and after request, and teardown functions. :pr:`3412` - Support nesting blueprints. :issue:`593, 1548`, :pr:`3923` - Set the default encoding to &quot;UTF-8&quot; when loading ``.env`` and ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931` - ``flask shell`` sets up tab and history completion like the default ``python`` shell if ``readline`` is installed. :issue:`3941` - ``helpers.total_seconds()`` is deprecated. Use ``timedelta.total_seconds()`` instead. :pr:`3962` - Add type hinting. :pr:`3973`. ``` ### 1.1.4 ``` ------------- Released 2021-05-13 - Update ``static_folder`` to use ``_compat.fspath`` instead of ``os.fspath`` to continue supporting Python &lt; 3.6 :issue:`4050` ``` ### 1.1.3 ``` ------------- Released 2021-05-13 - Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous. :issue:`4043` - Re-add support for passing a ``pathlib.Path`` for ``static_folder``. :pr:`3579` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask - Changelog: https://data.safetycli.com/changelogs/flask/ </details> ### Update [Flask-Admin](https://pypi.org/project/Flask-Admin) from **1.5.7** to **1.6.1**. <details> <summary>Changelog</summary> ### 1.6.1 ``` ----- * SQLAlchemy 2.x support * General updates and bug fixes * Dropped WTForms 1 support ``` ### 1.6.0 ``` ----- * Dropped Python 2 support * WTForms 3.0 support * Various fixes ``` ### 1.5.8 ``` ----- * SQLAlchemy 1.4.5+ compatibility fixes * Redis CLI fixes ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-admin - Changelog: https://data.safetycli.com/changelogs/flask-admin/ - Repo: https://github.com/flask-admin/flask-admin/ </details> ### Update [Flask-SQLAlchemy](https://pypi.org/project/Flask-SQLAlchemy) from **2.4.4** to **3.1.1**. <details> <summary>Changelog</summary> ### 3.1.1 ``` ------------- Released 2023-09-11 - Deprecate the ``__version__`` attribute. Use feature detection, or ``importlib.metadata.version(&quot;flask-sqlalchemy&quot;)``, instead. :issue:`5230` ``` ### 3.1.0 ``` ------------- Released 2023-09-11 - Drop support for Python 3.7. :pr:`1251` - Add support for the SQLAlchemy 2.x API via ``model_class`` parameter. :issue:`1140` - Bump minimum version of SQLAlchemy to 2.0.16. - Remove previously deprecated code. - Pass extra keyword arguments from ``get_or_404`` to ``session.get``. :issue:`1149` - Fix bug with finding right bind key for clause statements. :issue:`1211` ``` ### 3.0.5 ``` ------------- Released 2023-06-21 - ``Pagination.next()`` enforces ``max_per_page``. :issue:`1201` - Improve type hint for ``get_or_404`` return value to be non-optional. :pr:`1226` ``` ### 3.0.4 ``` ------------- Released 2023-06-19 - Fix type hint for ``get_or_404`` return value. :pr:`1208` - Fix type hints for pyright (used by VS Code Pylance extension). :issue:`1205` ``` ### 3.0.3 ``` ------------- Released 2023-01-31 - Show helpful errors when mistakenly using multiple ``SQLAlchemy`` instances for the same app, or without calling ``init_app``. :pr:`1151` - Fix issue with getting the engine associated with a model that uses polymorphic table inheritance. :issue:`1155` ``` ### 3.0.2 ``` ------------- Released 2022-10-14 - Update compatibility with SQLAlchemy 2. :issue:`1122` ``` ### 3.0.1 ``` ------------- Released 2022-10-11 - Export typing information instead of using external typeshed definitions. :issue:`1112` - If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an invalid default bind will not be configured. :issue:`1117` ``` ### 3.0.0 ``` ------------- Released 2022-10-04 - Drop support for Python 2, 3.4, 3.5, and 3.6. - Bump minimum version of Flask to 2.2. - Bump minimum version of SQLAlchemy to 1.4.18. - Remove previously deprecated code. - The session is scoped to the current app context instead of the thread. This requires that an app context is active. This ensures that the session is cleaned up after every request. - An active Flask application context is always required to access ``session`` and ``engine``, regardless of if an application was passed to the constructor. :issue:`508, 944` - Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing tables in different databases to have the same name. Bind keys are stored and looked up on the resulting metadata rather than the model or table. - ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731` - Configuring SQLite with a relative path is relative to ``app.instance_path`` instead of ``app.root_path``. The instance folder is created if necessary. :issue:`462` - Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to the extension object. These use SQLAlchemy&#x27;s preferred ``session.execute(select())`` pattern instead of the legacy query interface. :issue:`1088` - Setup methods that create the engines and session are renamed with a leading underscore. They are considered internal interfaces which may change at any time. - All parameters to ``SQLAlchemy`` except ``app`` are keyword-only. - Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter from various ``SQLAlchemy`` methods. - The extension object uses ``__getattr__`` to alias names from the SQLAlchemy package, rather than copying them as attributes. - The extension object is stored directly as ``app.extensions[&quot;sqlalchemy&quot;]``. :issue:`698` - The session class can be customized by passing the ``class_`` key in the ``session_options`` parameter. :issue:`327` - ``SignallingSession`` is renamed to ``Session``. - ``Session.get_bind`` more closely matches the base implementation. - Model classes and the ``db`` instance are available without imports in ``flask shell``. :issue:`1089` - The ``CamelCase`` to ``snake_case`` table name converter handles more patterns correctly. If model that was already created in the database changed, either use Alembic to rename the table, or set ``__tablename__`` to keep the old name. :issue:`406` - ``Model`` ``repr`` distinguishes between transient and pending instances. :issue:`967` - A custom model class can implement ``__init_subclass__`` with class parameters. :issue:`1002` - ``db.Table`` is a subclass instead of a function. - The ``engine_options`` parameter is applied as defaults before per-engine configuration. - ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence. :issue:`783` - Engines are created when calling ``init_app`` rather than the first time they are accessed. :issue:`698` - ``db.engines`` exposes the map of bind keys to engines for the current app. - ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated. - SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are supported. :issue:`998, 1045` - SQLite engines do not use ``NullPool`` if ``pool_size`` is 0. - MySQL engines use the &quot;utf8mb4&quot; charset by default. :issue:`875` - MySQL engines do not set ``pool_size`` to 10. - MySQL engines don&#x27;t set a default for ``pool_recycle`` if not using a queue pool. :issue:`803` - ``Query`` is renamed from ``BaseQuery``. - Added ``Query.one_or_404``. - The query class is applied to ``backref`` in ``relationship``. :issue:`417` - Creating ``Pagination`` objects manually is no longer a public API. They should be created with ``db.paginate`` or ``query.paginate``. :issue:`1088` - ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only. - ``Pagination`` is iterable, iterating over its items. :issue:`70` - Pagination count query is more efficient. - ``Pagination.iter_pages`` is more efficient. :issue:`622` - ``Pagination.iter_pages`` ``right_current`` parameter is inclusive. - Pagination ``per_page`` cannot be 0. :issue:`1091` - Pagination ``max_per_page`` defaults to 100. :issue:`1091` - Added ``Pagination.first`` and ``last`` properties, which give the number of the first and last item on the page. :issue:`567` - ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled automatically with ``app.debug`` or ``app.testing``. :issue:`1092` - ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the config and functionality. - Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is renamed to ``location``. Finding the location uses a more inclusive check. - ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727` - ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues that are difficult to debug. Call ``db.session.commit()`` directly instead. :issue:`216` ``` ### 2.5.1 ``` ------------- Released 2021-03-18 - Fix compatibility with Python 2.7. ``` ### 2.5.0 ``` ------------- Released 2021-03-18 - Update to support SQLAlchemy 1.4. - SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to return a new URL instead of ``None``. :issue:`885` ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/flask-sqlalchemy - Changelog: https://data.safetycli.com/changelogs/flask-sqlalchemy/ - Docs: https://pythonhosted.org/Flask-SQLAlchemy/ </details> ### Update [SQLAlchemy](https://pypi.org/project/SQLAlchemy) from **1.3.20** to **2.0.32**. <details> <summary>Changelog</summary> ### 2.0.32 ``` :released: August 5, 2024 .. change:: :tags: bug, examples :tickets: 10267 Fixed issue in history_meta example where the &quot;version&quot; column in the versioned table needs to default to the most recent version number in the history table on INSERT, to suit the use case of a table where rows are deleted, and can then be replaced by new rows that re-use the same primary key identity. This fix adds an additonal SELECT query per INSERT in the main table, which may be inefficient; for cases where primary keys are not re-used, the default function may be omitted. Patch courtesy Philipp H. v. Loewenfeld. .. change:: :tags: oracle, usecase :tickets: 10820 Added API support for server-side cursors for the oracledb async dialect, allowing use of the :meth:`_asyncio.AsyncConnection.stream` and similar stream methods. .. change:: :tags: bug, orm :tickets: 10834 Fixed issue where using the :meth:`_orm.Query.enable_eagerloads` and :meth:`_orm.Query.yield_per` methods at the same time, in order to disable eager loading that&#x27;s configured on the mapper directly, would be silently ignored, leading to errors or unexpected eager population of attributes. .. change:: :tags: orm :tickets: 11163 Added a warning noting when an :meth:`_engine.ConnectionEvents.engine_connect` event may be leaving a transaction open, which can alter the behavior of a :class:`_orm.Session` using such an engine as bind. On SQLAlchemy 2.1 :paramref:`_orm.Session.join_transaction_mode` will instead be ignored in all cases when the session bind is an :class:`_engine.Engine`. .. change:: :tags: bug, general, regression :tickets: 11435 Restored legacy class names removed from ``sqlalalchemy.orm.collections.*``, including :class:`_orm.MappedCollection`, :func:`_orm.mapped_collection`, :func:`_orm.column_mapped_collection`, :func:`_orm.attribute_mapped_collection`. Pull request courtesy Takashi Kajinami. .. change:: :tags: bug, sql :tickets: 11471 Follow up of :ticket:`11471` to fix caching issue where using the :meth:`.CompoundSelectState.add_cte` method of the :class:`.CompoundSelectState` construct would not set a correct cache key which distinguished between different CTE expressions. Also added tests that would detect issues similar to the one fixed in :ticket:`11544`. .. change:: :tags: bug, mysql :tickets: 11479 Fixed issue in MySQL dialect where ENUM values that contained percent signs were not properly escaped for the driver. .. change:: :tags: usecase, oracle :tickets: 11480 Implemented two-phase transactions for the oracledb dialect. Historically, this feature never worked with the cx_Oracle dialect, however recent improvements to the oracledb successor now allow this to be possible. The two phase transaction API is available at the Core level via the :meth:`_engine.Connection.begin_twophase` method. .. change:: :tags: bug, postgresql :tickets: 11522 It is now considered a pool-invalidating disconnect event when psycopg2 throws an &quot;SSL SYSCALL error: Success&quot; error message, which can occur when the SSL connection to Postgres is terminated abnormally. .. change:: :tags: bug, schema :tickets: 11530 Fixed additional issues in the event system triggered by unpickling of a :class:`.Enum` datatype, continuing from :ticket:`11365` and :ticket:`11360`, where dynamically generated elements of the event structure would not be present when unpickling in a new process. .. change:: :tags: bug, engine :tickets: 11532 Fixed issue in &quot;insertmanyvalues&quot; feature where a particular call to ``cursor.fetchall()`` were not wrapped in SQLAlchemy&#x27;s exception wrapper, which apparently can raise a database exception during fetch when using pyodbc. .. change:: :tags: usecase, orm :tickets: 11575 The :paramref:`_orm.aliased.name` parameter to :func:`_orm.aliased` may now be combined with the :paramref:`_orm.aliased.flat` parameter, producing per-table names based on a name-prefixed naming convention. Pull request courtesy Eric Atkin. .. change:: :tags: bug, postgresql :tickets: 11576 Fixed issue where the :func:`_sql.collate` construct, which explicitly sets a collation for a given expression, would maintain collation settings for the underlying type object from the expression, causing SQL expressions to have both collations stated at once when used in further expressions for specific dialects that render explicit type casts, such as that of asyncpg. The :func:`_sql.collate` construct now assigns its own type to explicitly include the new collation, assuming it&#x27;s a string type. .. change:: :tags: bug, sql :tickets: 11592 Fixed bug where the :meth:`.Operators.nulls_first()` and :meth:`.Operators.nulls_last()` modifiers would not be treated the same way as :meth:`.Operators.desc()` and :meth:`.Operators.asc()` when determining if an ORDER BY should be against a label name already in the statement. All four modifiers are now treated the same within ORDER BY. .. change:: :tags: bug, orm, regression :tickets: 11625 Fixed regression appearing in 2.0.21 caused by :ticket:`10279` where using a :func:`_sql.delete` or :func:`_sql.update` against an ORM class that is the base of an inheritance hierarchy, while also specifying that subclasses should be loaded polymorphically, would leak the polymorphic joins into the UPDATE or DELETE statement as well creating incorrect SQL. .. change:: :tags: bug, orm, regression :tickets: 11661 Fixed regression from version 1.4 in :meth:`_orm.Session.bulk_insert_mappings` where using the :paramref:`_orm.Session.bulk_insert_mappings.return_defaults` parameter would not populate the passed in dictionaries with newly generated primary key values. .. change:: :tags: bug, oracle, sqlite :tickets: 11663 Implemented bitwise operators for Oracle which was previously non-functional due to a non-standard syntax used by this database. Oracle&#x27;s support for bitwise &quot;or&quot; and &quot;xor&quot; starts with server version 21. Additionally repaired the implementation of &quot;xor&quot; for SQLite. As part of this change, the dialect compliance test suite has been enhanced to include support for server-side bitwise tests; third party dialect authors should refer to new &quot;supports_bitwise&quot; methods in the requirements.py file to enable these tests. .. change:: :tags: bug, typing Fixed internal typing issues to establish compatibility with mypy 1.11.0. Note that this does not include issues which have arisen with the deprecated mypy plugin used by SQLAlchemy 1.4-style code; see the addiional change note for this plugin indicating revised compatibility. .. changelog:: ``` ### 2.0.31 ``` :released: June 18, 2024 .. change:: :tags: usecase, reflection, mysql :tickets: 11285 Added missing foreign key reflection option ``SET DEFAULT`` in the MySQL and MariaDB dialects. Pull request courtesy of Quentin Roche. .. change:: :tags: usecase, orm :tickets: 11361 Added missing parameter :paramref:`_orm.with_polymorphic.name` that allows specifying the name of returned :class:`_orm.AliasedClass`. .. change:: :tags: bug, orm :tickets: 11365 Fixed issue where a :class:`.MetaData` collection would not be serializable, if an :class:`.Enum` or :class:`.Boolean` datatype were present which had been adapted. This specific scenario in turn could occur when using the :class:`.Enum` or :class:`.Boolean` within ORM Annotated Declarative form where type objects frequently get copied. .. change:: :tags: schema, usecase :tickets: 11374 Added :paramref:`_schema.Column.insert_default` as an alias of :paramref:`_schema.Column.default` for compatibility with :func:`_orm.mapped_column`. .. change:: :tags: bug, general :tickets: 11417 Set up full Python 3.13 support to the extent currently possible, repairing issues within internal language helpers as well as the serializer extension module. .. change:: :tags: bug, sql :tickets: 11422 Fixed issue when serializing an :func:`_sql.over` clause with unbounded range or rows. .. change:: :tags: bug, sql :tickets: 11423 Added missing methods :meth:`_sql.FunctionFilter.within_group` and :meth:`_sql.WithinGroup.filter` .. change:: :tags: bug, sql :tickets: 11426 Fixed bug in :meth:`_sql.FunctionFilter.filter` that would mutate the existing function in-place. It now behaves like the rest of the SQLAlchemy API, returning a new instance instead of mutating the original one. .. change:: :tags: bug, orm :tickets: 11446 Fixed issue where the :func:`_orm.selectinload` and :func:`_orm.subqueryload` loader options would fail to take effect when made against an inherited subclass that itself included a subclass-specific :paramref:`_orm.Mapper.with_polymorphic` setting. .. change:: :tags: bug, orm :tickets: 11449 Fixed very old issue involving the :paramref:`_orm.joinedload.innerjoin` parameter where making use of this parameter mixed into a query that also included joined eager loads along a self-referential or other cyclical relationship, along with complicating factors like inner joins added for secondary tables and such, would have the chance of splicing a particular inner join to the wrong part of the query. Additional state has been added to the internal method that does this splice to make a better decision as to where splicing should proceed. .. change:: :tags: bug, orm, regression :tickets: 11509 Fixed bug in ORM Declarative where the ``__table__`` directive could not be declared as a class function with :func:`_orm.declared_attr` on a superclass, including an ``__abstract__`` class as well as coming from the declarative base itself. This was a regression since 1.4 where this was working, and there were apparently no tests for this particular use case. .. changelog:: ``` ### 2.0.30 ``` :released: May 5, 2024 .. change:: :tags: bug, typing, regression :tickets: 11200 Fixed typing regression caused by :ticket:`11055` in version 2.0.29 that added ``ParamSpec`` to the asyncio ``run_sync()`` methods, where using :meth:`_asyncio.AsyncConnection.run_sync` with :meth:`_schema.MetaData.reflect` would fail on mypy due to a mypy issue. Pull request courtesy of Francisco R. Del Roio. .. change:: :tags: bug, engine :tickets: 11210 Fixed issue in the :paramref:`_engine.Connection.execution_options.logging_token` option, where changing the value of ``logging_token`` on a connection that has already logged messages would not be updated to reflect the new logging token. This in particular prevented the use of :meth:`_orm.Session.connection` to change the option on the connection, since the BEGIN logging message would already have been emitted. .. change:: :tags: bug, orm :tickets: 11220 Added new attribute :attr:`_orm.ORMExecuteState.is_from_statement` to detect statements created using :meth:`_sql.Select.from_statement`, and enhanced ``FromStatement`` to set :attr:`_orm.ORMExecuteState.is_select`, :attr:`_orm.ORMExecuteState.is_insert`, :attr:`_orm.ORMExecuteState.is_update`, and :attr:`_orm.ORMExecuteState.is_delete` according to the element that is sent to the :meth:`_sql.Select.from_statement` method itself. .. change:: :tags: bug, test :tickets: 11268 Ensure the ``PYTHONPATH`` variable is properly initialized when using ``subprocess.run`` in the tests. .. change:: :tags: bug, orm :tickets: 11291 Fixed issue in :func:`_orm.selectin_polymorphic` loader option where attributes defined with :func:`_orm.composite` on a superclass would cause an internal exception on load. .. change:: :tags: bug, orm, regression :tickets: 11292 Fixed regression from 1.4 where using :func:`_orm.defaultload` in conjunction with a non-propagating loader like :func:`_orm.contains_eager` would nonetheless propagate the :func:`_orm.contains_eager` to a lazy load operation, causing incorrect queries as this option is only intended to come from an original load. .. change:: :tags: bug, orm :tickets: 11305 Fixed issue in ORM Annotated Declarative where typing issue where literals defined using :pep:`695` type aliases would not work with inference of :class:`.Enum` datatypes. Pull request courtesy of Alc-Alc. .. change:: :tags: bug, engine :tickets: 11306 Fixed issue in cursor handling which affected handling of duplicate :class:`_sql.Column` or similar objcts in the columns clause of :func:`_sql.select`, both in combination with arbitary :func:`_sql.text()` clauses in the SELECT list, as well as when attempting to retrieve :meth:`_engine.Result.mappings` for the object, which would lead to an internal error. .. change:: :tags: bug, orm :tickets: 11327 Fixed issue in :func:`_orm.selectin_polymorphic` loader option where the SELECT emitted would only accommodate for the child-most class among the result rows that were returned, leading intermediary-class attributes to be unloaded if there were no concrete instances of that intermediary-class present in the result. This issue only presented itself for multi-level inheritance hierarchies. .. change:: :tags: bug, orm :tickets: 11332 Fixed issue in :meth:`_orm.Session.bulk_save_objects` where the form of the identity key produced when using ``return_defaults=True`` would be incorrect. This could lead to an errors during pickling as well as identity map mismatches. .. change:: :tags: bug, installation :tickets: 11334 Fixed an internal class that was testing for unexpected attributes to work correctly under upcoming Python 3.13. Pull request courtesy Edgar Ramírez-Mondragón. .. change:: :tags: bug, orm :tickets: 11347 Fixed issue where attribute key names in :class:`_orm.Bundle` would not be correct when using ORM enabled :class:`_sql.select` vs. :class:`_orm.Query`, when the statement contained duplicate column names. .. change:: :tags: bug, typing Fixed issue in typing for :class:`_orm.Bundle` where creating a nested :class:`_orm.Bundle` structure were not allowed. .. changelog:: ``` ### 2.0.29 ``` :released: March 23, 2024 .. change:: :tags: bug, orm :tickets: 10611 Fixed Declarative issue where typing a relationship using :class:`_orm.Relationship` rather than :class:`_orm.Mapped` would inadvertently pull in the &quot;dynamic&quot; relationship loader strategy for that attribute. .. change:: :tags: postgresql, usecase :tickets: 10693 The PostgreSQL dialect now returns :class:`_postgresql.DOMAIN` instances when reflecting a column that has a domain as type. Previously, the domain data type was returned instead. As part of this change, the domain reflection was improved to also return the collation of the text types. Pull request courtesy of Thomas Stephenson. .. change:: :tags: bug, typing :tickets: 11055 Fixed typing issue allowing asyncio ``run_sync()`` methods to correctly type the parameters according to the callable that was passed, making use of :pep:`612` ``ParamSpec`` variables. Pull request courtesy Francisco R. Del Roio. .. change:: :tags: bug, orm :tickets: 11091 Fixed issue in ORM annotated declarative where using :func:`_orm.mapped_column()` with an :paramref:`_orm.mapped_column.index` or :paramref:`_orm.mapped_column.unique` setting of False would be overridden by an incoming ``Annotated`` element that featured that parameter set to ``True``, even though the immediate :func:`_orm.mapped_column()` element is more specific and should take precedence. The logic to reconcile the booleans has been enhanced to accommodate a local value of ``False`` as still taking precedence over an incoming ``True`` value from the annotated element. .. change:: :tags: usecase, orm :tickets: 11130 Added support for the :pep:`695` ``TypeAliasType`` construct as well as the python 3.12 native ``type`` keyword to work with ORM Annotated Declarative form when using these constructs to link to a :pep:`593` ``Annotated`` container, allowing the resolution of the ``Annotated`` to proceed when these constructs are used in a :class:`_orm.Mapped` typing container. .. change:: :tags: bug, engine :tickets: 11157 Fixed issue in :ref:`engine_insertmanyvalues` feature where using a primary key column with an &quot;inline execute&quot; default generator such as an explicit :class:`.Sequence` with an explcit schema name, while at the same time using the :paramref:`_engine.Connection.execution_options.schema_translate_map` feature would fail to render the sequence or the parameters properly, leading to errors. .. change:: :tags: bug, engine :tickets: 11160 Made a change to the adjustment made in version 2.0.10 for :ticket:`9618`, which added the behavior of reconciling RETURNING rows from a bulk INSERT to the parameters that were passed to it. This behavior included a comparison of already-DB-converted bound parameter values against returned row values that was not always &quot;symmetrical&quot; for SQL column types such as UUIDs, depending on specifics of how different DBAPIs receive such values versus how they return them, necessitating the need for additional &quot;sentinel value resolver&quot; methods on these column types. Unfortunately this broke third party column types such as UUID/GUID types in libraries like SQLModel which did not implement this special method, raising an error &quot;Can&#x27;t match sentinel values in result set to parameter sets&quot;. Rather than attempt to further explain and document this implementation detail of the &quot;insertmanyvalues&quot; feature including a public version of the new method, the approach is intead revised to no longer need this extra conversion step, and the logic that does the comparison now works on the pre-converted bound parameter value compared to the post-result-processed value, which should always be of a matching datatype. In the unusual case that a custom SQL column type that also happens to be used in a &quot;sentinel&quot; column for bulk INSERT is not receiving and returning the same value type, the &quot;Can&#x27;t match&quot; error will be raised, however the mitigation is straightforward in that the same Python datatype should be passed as that returned. .. change:: :tags: bug, orm, regression :tickets: 11173 Fixed regression from version 2.0.28 caused by the fix for :ticket:`11085` where the newer method of adjusting post-cache bound parameter values would interefere with the implementation for the :func:`_orm.subqueryload` loader option, which has some more legacy patterns in use internally, when the additional loader criteria feature were used with this loader option. .. change:: :tags: bug, sql, regression :tickets: 11176 Fixed regression from the 1.4 series where the refactor of the :meth:`_types.TypeEngine.with_variant` method introduced at :ref:`change_6980` failed to accommodate for the ``.copy()`` method, which will lose the variant mappings that are set up. This becomes an issue for the very specific case of a &quot;schema&quot; type, which includes types such as :class:`.Enum` and :class:`_types.ARRAY`, when they are then used in the context of an ORM Declarative mapping with mixins where copying of types comes into play. The variant mapping is now copied as well. .. change:: :tags: bug, tests :tickets: 11187 Backported to SQLAlchemy 2.0 an improvement to the test suite with regards to how asyncio related tests are run, now using the newer Python 3.11 ``asyncio.Runner`` or a backported equivalent, rather than relying on the previous implementation based on ``asyncio.get_running_loop()``. This should hopefully prevent issues with large suite runs on CPU loaded hardware where the event loop seems to become corrupted, leading to cascading failures. .. changelog:: ``` ### 2.0.28 ``` :released: March 4, 2024 .. change:: :tags: engine, usecase :tickets: 10974 Added new core execution option :paramref:`_engine.Connection.execution_options.preserve_rowcount`. When set, the ``cursor.rowcount`` attribute from the DBAPI cursor will be unconditionally memoized at statement execution time, so that whatever value the DBAPI offers for any kind of statement will be available using the :attr:`_engine.CursorResult.rowcount` attribute from the :class:`_engine.CursorResult`. This allows the rowcount to be accessed for statements such as INSERT and SELECT, to the degree supported by the DBAPI in use. The :ref:`engine_insertmanyvalues` also supports this option and will ensure :attr:`_engine.CursorResult.rowcount` is correctly set for a bulk INSERT of rows when set. .. change:: :tags: bug, orm, regression :tickets: 11010 Fixed regression caused by :ticket:`9779` where using the &quot;secondary&quot; table in a relationship ``and_()`` expression would fail to be aliased to match how the &quot;secondary&quot; table normally renders within a :meth:`_sql.Select.join` expression, leading to an invalid query. .. change:: :tags: bug, orm, performance, regression :tickets: 11085 Adjusted the fix made in :ticket:`10570`, released in 2.0.23, where new logic was added to reconcile possibly changing bound parameter values across cache key generations used within the :func:`_orm.with_expression` construct. The new logic changes the approach by which the new bound parameter values are associated with the statement, avoiding the need to deep-copy the statement which can result in a significant performance penalty for very deep / complex SQL constructs. The new approach no longer requires this deep-copy step. .. change:: :tags: bug, asyncio :tickets: 8771 An error is raised if a :class:`.QueuePool` or other non-asyncio pool class is passed to :func:`_asyncio.create_async_engine`. This engine only accepts asyncio-compatible pool classes including :class:`.AsyncAdaptedQueuePool`. Other pool classes such as :class:`.NullPool` are compatible with both synchronous and asynchronous engines as they do not perform any locking. .. seealso:: :ref:`pool_api` .. change:: :tags: change, tests pytest support in the tox.ini file has been updated to support pytest 8.1. .. changelog:: ``` ### 2.0.27 ``` :released: February 13, 2024 .. change:: :tags: bug, postgresql, regression :tickets: 11005 Fixed regression caused by just-released fix for :ticket:`10863` where an invalid exception class were added to the &quot;except&quot; block, which does not get exercised unless such a catch actually happens. A mock-style test has been added to ensure this catch is exercised in unit tests. .. changelog:: ``` ### 2.0.26 ``` :released: February 11, 2024 .. change:: :tags: usecase, postgresql, reflection :tickets: 10777 Added support for reflection of PostgreSQL CHECK constraints marked with &quot;NO INHERIT&quot;, setting the key ``no_inherit=True`` in the reflected data. Pull request courtesy Ellis Valentiner. .. change:: :tags: bug, sql :tickets: 10843 Fixed issues in :func:`_sql.case` where the logic for determining the type of the expression could result in :class:`.NullType` if the last element in the &quot;whens&quot; had no type, or in other cases where the type could resolve to ``None``. The logic has been updated to scan all given expressions so that the first non-null type is used, as well as to always ensure a type is present. Pull request courtesy David Evans. .. change:: :tags: bug, mysql :tickets: 10850 Fixed issue where NULL/NOT NULL would not be properly reflected from a MySQL column that also specified the VIRTUAL or STORED directives. Pull request courtesy Georg Wicke-Arndt. .. change:: :tags: bug, regression, postgresql :tickets: 10863 Fixed regression in the asyncpg dialect caused by :ticket:`10717` in release 2.0.24 where the change that now attempts to gracefully close the asyncpg connection before terminating would not fall back to ``terminate()`` for other potential connection-related exceptions other than a timeout error, not taking into account cases where the graceful ``.close()`` attempt fails for other reasons such as connection errors. .. change:: :tags: oracle, bug, performance :tickets: 10877 Changed the default arraysize of the Oracle dialects so that the value set by the driver is used, that is 100 at the time of writing for both cx_oracle and oracledb. Previously the value was set to 50 by default. The setting of 50 could cause significant performance regressions compared to when using cx_oracle/oracledb alone to fetch many hundreds of rows over slower networks. .. change:: :tags: bug, mysql :tickets: 10893 Fixed issue in asyncio dialects asyncmy and aiomysql, where their ``.close()`` method is apparently not a graceful close. replace with non-standard ``.ensure_closed()`` method that&#x27;s awaitable and move ``.close()`` to the so-called &quot;terminate&quot; case. .. change:: :tags: bug, orm :tickets: 10896 Replaced the &quot;loader depth is excessively deep&quot; warning with a shorter message added to the caching badge within SQL logging, for those statements where the ORM disabled the cache due to a too-deep chain of loader options. The condition which this warning highlights is difficult to resolve and is generally just a limitation in the ORM&#x27;s application of SQL caching. A future feature may include the ability to tune the threshold where caching is disabled, but for now the warning will no longer be a nuisance. .. change:: :tags: bug, orm :tickets: 10899 Fixed issue where it was not possible to use a type (such as an enum) within a :class:`_orm.Mapped` container type if that type were declared locally within the class body. The scope of locals used for the eval now includes that of the class body itself. In addition, the expression within :class:`_orm.Mapped` may also refer to the class name itself, if used as a string or with future annotations mode. .. change:: :tags: usecase, postgresql :tickets: 10904 Support the ``USING &lt;method&gt;`` option for PostgreSQL ``CREATE TABLE`` to specify the access method to use to store the contents for the new table. Pull request courtesy Edgar Ramírez-Mondragón. .. seealso:: :ref:`postgresql_table_options` .. change:: :tags: bug, examples :tickets: 10920 Fixed regression in history_meta example where the use of :meth:`_schema.MetaData.to_metadata` to make a copy of the history table would also copy indexes (which is a good thing), but causing naming conflicts indexes regardless of naming scheme used for those indexes. A &quot;_history&quot; suffix is now added to these indexes in the same way as is achieved for the table name. .. change:: :tags: bug, orm :tickets: 10967 Fixed issue where using :meth:`_orm.Session.delete` along with the :paramref:`_orm.Mapper.version_id_col` feature would fail to use the correct version identifier in the case that an additional UPDATE were emitted against the target object as a result of the use of :paramref:`_orm.relationship.post --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 01:34:15 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 01:34:16 +03:00

[PR #397] [CLOSED] Scheduled weekly dependency update for week 36 #398

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pyup-scheduled-update-2026-04-20

pyup-scheduled-update-2024-09-16

pyup-scheduled-update-2023-07-24

pyup-scheduled-update-2023-06-19

pyup-scheduled-update-2023-05-22

pyup-scheduled-update-2023-05-15

pyup-scheduled-update-2023-05-08

dependabot/pip/flask-2.3.2

pyup-scheduled-update-2023-05-01

pyup-scheduled-update-2023-04-03

dependabot/pip/werkzeug-2.2.3

pyup-scheduled-update-2022-11-14

pyup-scheduled-update-2022-10-03

pyup-scheduled-update-2022-08-01

pyup-scheduled-update-2022-06-13

pyup-scheduled-update-2022-05-30

pyup-scheduled-update-2022-03-07

pyup-scheduled-update-2022-01-10

pyup-scheduled-update-2021-11-01

pyup-scheduled-update-2020-10-05

pyup-scheduled-update-2019-09-30

pyup-scheduled-update-2019-07-29

pyup-scheduled-update-2019-07-22

pyup-scheduled-update-2019-05-27

pyup-scheduled-update-2019-03-11

marshmallow

pyup-scheduled-update-2019-02-25

pyup-scheduled-update-2019-02-18

pyup-scheduled-update-2019-01-28

pyup-scheduled-update-2019-01-14

docker

name-map-stupid

swagger

fix-pagination

doc-expansion

specify-schema

No results found.

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactoring

  

research

  

wontfix

No labels

bug

duplicate

enhancement

help wanted

invalid

pull-request

question

refactoring

research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sandman2-jeffknupp#397

No description provided.