dependabot[bot] opened a new pull request, #48152: URL: https://github.com/apache/airflow/pull/48152
Updates the requirements on [flask](https://github.com/pallets/flask) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/flask/releases";>flask's releases</a>.</em></p> <blockquote> <h2>3.1.0</h2> <p>This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as <a href="https://pypi.org/project/pip-tools/";>pip-tools</a> to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.</p> <p>PyPI: <a href="https://pypi.org/project/Flask/3.1.0/";>https://pypi.org/project/Flask/3.1.0/</a> Changes: <a href="https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0";>https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0</a> Milestone: <a href="https://github.com/pallets/flask/milestone/33?closed=1";>https://github.com/pallets/flask/milestone/33?closed=1</a></p> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/pallets/flask/issues/5623";>#5623</a></li> <li>Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. <a href="https://redirect.github.com/pallets/flask/issues/5624";>#5624</a>, <a href="https://redirect.github.com/pallets/flask/issues/5633";>#5633</a></li> <li>Provide a configuration option to control automatic option responses. <a href="https://redirect.github.com/pallets/flask/issues/5496";>#5496</a></li> <li><code>Flask.open_resource</code>/<code>open_instance_resource</code> and <code>Blueprint.open_resource</code> take an <code>encoding</code> parameter to use when opening in text mode. It defaults to <code>utf-8</code>. <a href="https://redirect.github.com/pallets/flask/issues/5504";>#5504</a></li> <li><code>Request.max_content_length</code> can be customized per-request instead of only through the <code>MAX_CONTENT_LENGTH</code> config. Added <code>MAX_FORM_MEMORY_SIZE</code> and <code>MAX_FORM_PARTS</code> config. Added documentation about resource limits to the security page. <a href="https://redirect.github.com/pallets/flask/issues/5625";>#5625</a></li> <li>Add support for the <code>Partitioned</code> cookie attribute (CHIPS), with the <code>SESSION_COOKIE_PARTITIONED</code> config. <a href="https://redirect.github.com/pallets/flask/issues/5472";>#5472</a></li> <li><code>-e path</code> takes precedence over default <code>.env</code> and <code>.flaskenv</code> files. <code>load_dotenv</code> loads default files in addition to a path unless <code>load_defaults=False</code> is passed. <a href="https://redirect.github.com/pallets/flask/issues/5628";>#5628</a></li> <li>Support key rotation with the <code>SECRET_KEY_FALLBACKS</code> config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. <a href="https://redirect.github.com/pallets/flask/issues/5621";>#5621</a></li> <li>Fix how setting <code>host_matching=True</code> or <code>subdomain_matching=False</code> interacts with <code>SERVER_NAME</code>. Setting <code>SERVER_NAME</code> no longer restricts requests to only that domain. <a href="https://redirect.github.com/pallets/flask/issues/5553";>#5553</a></li> <li><code>Request.trusted_hosts</code> is checked during routing, and can be set through the <code>TRUSTED_HOSTS</code> config. <a href="https://redirect.github.com/pallets/flask/issues/5636";>#5636</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/flask/blob/main/CHANGES.rst";>flask's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.0</h2> <p>Released 2024-11-13</p> <ul> <li>Drop support for Python 3.8. :pr:<code>5623</code></li> <li>Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:<code>5624,5633</code></li> <li>Provide a configuration option to control automatic option responses. :pr:<code>5496</code></li> <li><code>Flask.open_resource</code>/<code>open_instance_resource</code> and <code>Blueprint.open_resource</code> take an <code>encoding</code> parameter to use when opening in text mode. It defaults to <code>utf-8</code>. :issue:<code>5504</code></li> <li><code>Request.max_content_length</code> can be customized per-request instead of only through the <code>MAX_CONTENT_LENGTH</code> config. Added <code>MAX_FORM_MEMORY_SIZE</code> and <code>MAX_FORM_PARTS</code> config. Added documentation about resource limits to the security page. :issue:<code>5625</code></li> <li>Add support for the <code>Partitioned</code> cookie attribute (CHIPS), with the <code>SESSION_COOKIE_PARTITIONED</code> config. :issue:<code>5472</code></li> <li><code>-e path</code> takes precedence over default <code>.env</code> and <code>.flaskenv</code> files. <code>load_dotenv</code> loads default files in addition to a path unless <code>load_defaults=False</code> is passed. :issue:<code>5628</code></li> <li>Support key rotation with the <code>SECRET_KEY_FALLBACKS</code> config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:<code>5621</code></li> <li>Fix how setting <code>host_matching=True</code> or <code>subdomain_matching=False</code> interacts with <code>SERVER_NAME</code>. Setting <code>SERVER_NAME</code> no longer restricts requests to only that domain. :issue:<code>5553</code></li> <li><code>Request.trusted_hosts</code> is checked during routing, and can be set through the <code>TRUSTED_HOSTS</code> config. :issue:<code>5636</code></li> </ul> <h2>Version 3.0.3</h2> <p>Released 2024-04-07</p> <ul> <li>The default <code>hashlib.sha1</code> may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:<code>5448</code></li> <li>Don't initialize the <code>cli</code> attribute in the sansio scaffold, but rather in the <code>Flask</code> concrete class. :pr:<code>5270</code></li> </ul> <h2>Version 3.0.2</h2> <p>Released 2024-02-03</p> <ul> <li>Correct type for <code>jinja_loader</code> property. :issue:<code>5388</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/flask/commit/ab8149664182b662453a563161aa89013c806dc9";><code>ab81496</code></a> release version 3.1.0</li> <li><a href="https://github.com/pallets/flask/commit/70602a196a6da90eb0d34cdfe5d4d16a99606279";><code>70602a1</code></a> remove test pypi</li> <li><a href="https://github.com/pallets/flask/commit/6748a09341deeac16acb33996df95a31fae0c545";><code>6748a09</code></a> update dev dependencies</li> <li><a href="https://github.com/pallets/flask/commit/22c48a738b5fb5b5cf09fb77270139f116069748";><code>22c48a7</code></a> Merge remote-tracking branch 'origin/stable'</li> <li><a href="https://github.com/pallets/flask/commit/2eab96a32a92ceb4b6947102626f896816a0291d";><code>2eab96a</code></a> use generic bases for session (<a href="https://redirect.github.com/pallets/flask/issues/5638";>#5638</a>)</li> <li><a href="https://github.com/pallets/flask/commit/f49dbfd3e451006a485e81ebce030495131c4454";><code>f49dbfd</code></a> use generic bases for session</li> <li><a href="https://github.com/pallets/flask/commit/7b21d43d4c763b874bc86d4c2d69a48ee492dc22";><code>7b21d43</code></a> configure and check <code>request.trusted_hosts</code> (<a href="https://redirect.github.com/pallets/flask/issues/5637";>#5637</a>)</li> <li><a href="https://github.com/pallets/flask/commit/4f7156f2c3271613b34d04040b502b9d7ae35eb9";><code>4f7156f</code></a> configure and check trusted_hosts</li> <li><a href="https://github.com/pallets/flask/commit/10bdf61a0f751f3cb000f8f8ac5ac5b4bb535677";><code>10bdf61</code></a> setting <code>SERVER_NAME</code> does not restrict routing for both <code>subdomain_matching</code>...</li> <li><a href="https://github.com/pallets/flask/commit/4995a775df21a206b529403bc30d71795a994fd4";><code>4995a77</code></a> fix subdomain_matching=False behavior</li> <li>Additional commits viewable in <a href="https://github.com/pallets/flask/compare/2.2.0...3.1.0";>compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
