SLFO-pool/python-Flask
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
python-Flask/python-Flask.changes

1047 lines
55 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Mon Sep 25 02:32:34 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 2.3.3:
* Python 3.12 compatibility.
* Require Werkzeug >= 2.3.7.
* Use ``flit_core`` instead of ``setuptools`` as build backend.
* Refactor how an app's root and instance paths are determined.
- Fiddle with captialisation again, I look forward to this flipping back
to Flask at some point.
-------------------------------------------------------------------
Wed Aug 2 06:48:22 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 2.3.2:
* Set ``Vary: Cookie`` header when the session is accessed, modified, or
refreshed.
* Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.
* Restore deprecated ``from flask import Markup``.
* Drop support for Python 3.7.
* Update minimum requirements to the latest versions.
* Remove previously deprecated code.
* Importing ``escape`` and ``Markup`` from ``flask`` is deprecated.
* The ``app.got_first_request`` property is deprecated.
* The ``locked_cached_property`` decorator is deprecated.
* Signals are always available. ``blinker>=1.6.2`` is a required dependency.
* Signals support ``async`` subscriber functions.
* Remove uses of locks that could cause requests to block each other very
briefly.
* Use modern packaging metadata with ``pyproject.toml``.
* Ensure subdomains are applied with nested blueprints.
* If a blueprint is created with an empty name it raises a ``ValueError``.
* ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``.
* The ``routes`` command shows each rule's ``subdomain`` or ``host``
when domain matching is in use.
* Use postponed evaluation of annotations.
- Switch to pyproject macros.
- Delete unneeded .gitignore files, update rpmlintrc
-------------------------------------------------------------------
Wed May 10 09:15:55 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.2.5 (bsc#1211246, CVE-2023-30861):
* Set ``Vary: Cookie`` header when the session is accessed,
modified, or refreshed.
* Update for compatibility with Werkzeug 2.3.
* Autoescape is enabled by default for ``.svg`` template
files. :issue:`4831`
* Fix the type of ``template_folder`` to accept
``pathlib.Path``. :issue:`4892`
* Add ``--debug`` option to the ``flask run`` command.
:issue:`4777`
- drops CVE-2023-30861-always-vary-cookie.patch in older dists
-------------------------------------------------------------------
Fri Apr 21 12:20:33 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add sle15_python_module_pythons (jsc#PED-68)
-------------------------------------------------------------------
Mon Nov 7 11:58:54 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to 2.2.2
+ Version 2.2.2
* Update Werkzeug dependency to >= 2.2.2. This includes fixes related to
the new faster router, header parsing, and the development server. #4754
* Fix the default value for app.env to be "production".
This attribute remains deprecated. #4740
+ Version 2.2.1
* Setting or accessing json_encoder or json_decoder raises a deprecation warning. #4732
+ Version 2.2.0
* Remove previously deprecated code. #4667
* Update Werkzeug dependency to >= 2.2.
* The app and request contexts are managed using Python context vars directly rather than Werkzeugs LocalStack.
This should result in better performance and memory use. #4682
* The FLASK_ENV environment variable and app.env attribute are deprecated,
removing the distinction between development and debug mode.
Debug mode should be controlled directly using the --debug option or app.run(debug=True). #4714
* Some attributes that proxied config keys on app are deprecated: session_cookie_name,
send_file_max_age_default, use_x_sendfile, propagate_exceptions, and templates_auto_reload.
Use the relevant config keys instead. #4716
* Add new customization points to the Flask app object for many previously global behaviors.
* JSON configuration is moved to attributes on the default app.json provider.
JSON_AS_ASCII, JSON_SORT_KEYS, JSONIFY_MIMETYPE, and JSONIFY_PRETTYPRINT_REGULAR are deprecated. #4692
* Setting custom json_encoder and json_decoder classes on the app or a blueprint,
and the corresponding json.JSONEncoder and JSONDecoder classes, are deprecated.
JSON behavior can now be overridden using the app.json provider interface. #4692
* json.htmlsafe_dumps and json.htmlsafe_dump are deprecated, the function is built-in to Jinja now. #4692
* Refactor register_error_handler to consolidate error checking. Rewrite some error messages to be more consistent. #4559
* Use Blueprint decorators and functions intended for setup after registering
the blueprint will show a warning. In the next version, this will become an error
just like the application setup methods. #4571
* before_first_request is deprecated. Run setup code when creating the application instead. #4605
* Added the View.init_every_request class attribute. If a view subclass sets this to False,
the view will not create a new instance on every request. #2520.
* A flask.cli.FlaskGroup Click group can be nested as a sub-command in a custom CLI. #3263
* Add --app and --debug options to the flask CLI, instead of requiring that they are
set through environment variables. #2836
* Add --env-file option to the flask CLI. This allows specifying a dotenv file to load
in addition to .env and .flaskenv. #3108
* It is no longer required to decorate custom CLI commands on app.cli or blueprint.cli
with @with_appcontext, an app context will already be active at that point. #2410
* SessionInterface.get_expiration_time uses a timezone-aware value. #4645
* View functions can return generators directly instead of wrapping them in a Response. #4629
* Add stream_template and stream_template_string functions to render a template as a stream of pieces. #4629
* A new implementation of context preservation during debugging and testing. #4666
* Allow returning a list from a view function, to convert it to a JSON response like a dict is. #4672
* When type checking, allow TypedDict to be returned from view functions. #4695
* Remove the --eager-loading/--lazy-loading options from the flask run command. #4715
-------------------------------------------------------------------
Wed Jul 13 21:18:49 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to 2.1.3
* Inline some optional imports that are only used for certain
CLI commands. #4606
* Relax type annotation for after_request functions. #4600
* instance_path for namespace packages uses the path closest to
the imported submodule. #4610
* Clearer error message when render_template and render_template_string
are used outside an application context. #4693
- Add python-Flask-rpmlintrc
-------------------------------------------------------------------
Thu Apr 28 18:49:06 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to 2.1.2
* Fix type annotation for json.loads, it accepts str or bytes. #4519
* The --cert and --key options on flask run can be given in either order. #4459
-------------------------------------------------------------------
Tue Apr 12 20:25:45 UTC 2022 - Ben Greiner <code@bnavigator.de>
- Update the build and runtime requirements.
-------------------------------------------------------------------
Thu Mar 31 08:28:04 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to 2.1.1
* Set the minimum required version of importlib_metadata to 3.6.0,
which is required on Python < 3.10. #4502
-------------------------------------------------------------------
Tue Mar 29 19:38:52 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Fix deduplication.
-------------------------------------------------------------------
Mon Mar 28 19:45:05 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to 2.1.0
* Drop support for Python 3.6. #4335
* Update Click dependency to >= 8.0. #4008
* Remove previously deprecated code. #4337
- The CLI does not pass script_info to app factory functions.
- config.from_json is replaced by config.from_file(name, load=json.load).
- json functions no longer take an encoding parameter.
- safe_join is removed, use werkzeug.utils.safe_join instead.
- total_seconds is removed, use timedelta.total_seconds instead.
- The same blueprint cannot be registered with the same name.
Use name= when registering to specify a unique name.
- The test clients as_tuple parameter is removed. Use response.request.environ instead. #4417
* Some parameters in send_file and send_from_directory were renamed in 2.0.
The deprecation period for the old names is extended to 2.2.
Be sure to test with deprecation warnings visible.
- attachment_filename is renamed to download_name.
- cache_timeout is renamed to max_age.
- add_etags is renamed to etag.
- filename is renamed to path.
* The RequestContext.g property is deprecated. Use g directly or AppContext.g instead. #3898
* copy_current_request_context can decorate async functions. #4303
* The CLI uses importlib.metadata instead of setuptools to load command entry points. #4419
* Overriding FlaskClient.open will not cause an error on redirect. #3396
* Add an --exclude-patterns option to the flask run CLI command to
specify patterns that will be ignored by the reloader. #4188
* When using lazy loading (the default with the debugger), the Click context from
the flask run command remains available in the loader thread. #4460
* Deleting the session cookie uses the httponly flag. #4485
* Relax typing for errorhandler to allow the user to use more precise
types and decorate the same function multiple times. #4095, #4295, #4297
* Fix typing for __exit__ methods for better compatibility with ExitStack. #4474
* From Werkzeug, for redirect responses the Location header URL will
remain relative, and exclude the scheme and domain, by default. #4496
* Add Config.from_prefixed_env() to load config values from environment
variables that start with FLASK_ or another prefix. This parses values as
JSON by default, and allows setting keys in nested dicts. #4479
-------------------------------------------------------------------
Mon Feb 14 20:47:03 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to 2.0.3
* The test client's ``as_tuple`` parameter is deprecated and will be
removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
removed in Flask 2.1, while remaining compatible with both in
2.0.x. Use ``response.request.environ`` instead. PR#4341
* Fix type annotation for ``errorhandler`` decorator. #4295
* Revert a change to the CLI that caused it to hide ``ImportError``
tracebacks when importing the application. #4307
* ``app.json_encoder`` and ``json_decoder`` are only passed to
``dumps`` and ``loads`` if they have custom behavior. This improves
performance, mainly on PyPy. #4349
* Clearer error message when ``after_this_request`` is used outside a
request context. #4333
-------------------------------------------------------------------
Tue Oct 5 14:19:00 UTC 2021 - Stefan Schubert <schubi@suse.de>
- Added BuildRequires: alts
-------------------------------------------------------------------
Tue Oct 5 09:49:23 UTC 2021 - Michael Ströder <michael@stroeder.com>
- Update to 2.0.2
* Fix type annotation for teardown_* methods. #4093
* Fix type annotation for before_request and before_app_request decorators. #4104
* Fixed the issue where typing requires template global decorators to
accept functions with no arguments. #4098
* Support View and MethodView instances with async handlers. #4112
* Enhance typing of app.errorhandler decorator. #4095
* Fix registering a blueprint twice with differing names. #4124
* Fix the type of static_folder to accept pathlib.Path. #4150
* jsonify handles decimal.Decimal by encoding to str. #4157
* Correctly handle raising deferred errors in CLI lazy loading. #4096
* The CLI loader handles **kwargs in a create_app function. #4170
* Fix the order of before_request and other callbacks that trigger before the view returns.
They are called from the app down to the closest nested blueprint. #4229
-------------------------------------------------------------------
Sun Aug 22 19:07:48 UTC 2021 - Stefan Schubert <schubi@suse.de>
- Use libalternatives instead of update-alternatives.
-------------------------------------------------------------------
Sat Jun 19 07:28:01 UTC 2021 - Michael Ströder <michael@stroeder.com>
- skip building for Python 2.x
- updated upstream project URL
- Update to 2.0.1
* Version 2.0.1
- Re-add the filename parameter in send_from_directory. The filename
parameter has been renamed to path, the old name is deprecated. #4019
- Mark top-level names as exported so type checking understands imports
in user projects. #4024
- Fix type annotation for g and inform mypy that it is a namespace
object that has arbitrary attributes. #4020
- Fix some types that werent available in Python 3.6.0. #4040
- Improve typing for send_file, send_from_directory, and
get_send_file_max_age. #4044, #4026
- Show an error when a blueprint name contains a dot. The . has special
meaning, it is used to separate (nested) blueprint names and the
endpoint name. #4041
- Combine URL prefixes when nesting blueprints that were created with a
url_prefix value. #4037
- Roll back a change to the order that URL matching was done. The URL
is again matched after the session is loaded, so the session is
available in custom URL converters. #4053
- Re-add deprecated Config.from_json, which was accidentally removed early. #4078
- Improve typing for some functions using Callable in their type
signatures, focusing on decorator factories. #4060
- Nested blueprints are registered with their dotted name. This allows
different blueprints with the same name to be nested at different
locations. #4069
- register_blueprint takes a name option to change the (pre-dotted)
name the blueprint is registered with. This allows the same blueprint
to be registered multiple times with unique names for url_for.
Registering the same blueprint with the same name multiple times is
deprecated. #1091
- Improve typing for stream_with_context. #4052
* Version 2.0.0
- Drop support for Python 2 and 3.5.
- Bump minimum versions of other Pallets projects.
- JSON support no longer uses simplejson. To use another JSON module,
override app.json_encoder and json_decoder. #3555
- The encoding option to JSON functions is deprecated. #3562
- Passing script_info to app factory functions is deprecated. This was
not portable outside the flask command. Use
click.get_current_context().obj if its needed. #3552
- The CLI shows better error messages when the app failed to load when
looking up commands. #2741
- Add sessions.SessionInterface.get_cookie_name() to allow setting the
session cookie name dynamically. #3369
- Add Config.from_file() to load config using arbitrary file loaders,
such as toml.load or json.load. Config.from_json() is deprecated in
favor of this. #3398
- The flask run command will only defer errors on reload. Errors
present during the initial call will cause the server to exit with the
traceback immediately. #3431
- send_file() raises a ValueError when passed an io object in text
mode. Previously, it would respond with 200 OK and an empty file. #3358
- When using ad-hoc certificates, check for the cryptography library
instead of PyOpenSSL. #3492
- When specifying a factory function with FLASK_APP, keyword argument
can be passed. #3553
- When loading a .env or .flaskenv file, the current working directory
is no longer changed to the location of the file. #3560
- When returning a (response, headers) tuple from a view, the headers
replace rather than extend existing headers on the response. For
example, this allows setting the Content-Type for jsonify(). Use
response.headers.extend() if extending is desired. #3628
- The Scaffold class provides a common API for the Flask and Blueprint
classes. Blueprint information is stored in attributes just like Flask,
rather than opaque lambda functions. This is intended to improve
consistency and maintainability. #3215
- Include samesite and secure options when removing the session cookie. #3726
- Support passing a pathlib.Path to static_folder. #3579
- send_file and send_from_directory are wrappers around the
implementations in werkzeug.utils. #3828
- Some send_file parameters have been renamed, the old names are
deprecated. attachment_filename is renamed to download_name.
cache_timeout is renamed to max_age. add_etags is renamed to etag.
#3828, #3883
- send_file passes download_name even if as_attachment=False by using
Content-Disposition: inline. #3828
- send_file sets conditional=True and max_age=None by default.
Cache-Control is set to no-cache if max_age is not set, otherwise
public. This tells browsers to validate conditional requests instead of
using a timed cache. #3828
- helpers.safe_join is deprecated. Use werkzeug.utils.safe_join instead. #3828
- The request context does route matching before opening the session.
This could allow a session interface to change behavior based on
request.endpoint. #3776
- Use Jinjas implementation of the |tojson filter. #3881
- Add route decorators for common HTTP methods.
For example, @app.post("/login") is a shortcut for @app.route("/login",
methods=["POST"]). #3907
- Support async views, error handlers, before and after request, and teardown functions. #3412
- Support nesting blueprints. #593, #1548, #3923
- Set the default encoding to “UTF-8” when loading .env and .flaskenv
files to allow to use non-ASCII characters. #3931
- flask shell sets up tab and history completion like the default
python shell if readline is installed. #3941
- helpers.total_seconds() is deprecated. Use timedelta.total_seconds() instead. #3962
- Add type hinting. #3973.
-------------------------------------------------------------------
Tue May 26 06:34:15 UTC 2020 - Petr Gajdos <pgajdos@suse.com>
- %python3_only -> %python_alternative
-------------------------------------------------------------------
Fri Apr 3 17:31:16 UTC 2020 - Petr Cervinka <petr@cervinka.net>
- Update to 1.1.2:
* Work around an issue when running the flask command with an external
debugger on Windows. :issue:`3297`
* The static route will not catch all URLs if the Flask static_folder
argument ends with a slash. :issue:`3452`
- Remove python38-exception-test.patch
-------------------------------------------------------------------
Mon Dec 2 13:51:57 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Fix build on SLE-12
+ Add python to BuildRequires for suse_version < 1500
-------------------------------------------------------------------
Fri Nov 8 05:29:38 UTC 2019 - Steve Kowalik <steven.kowalik@suse.com>
- Add python38-exception-test.patch to fix test failures under Python 3.8
-------------------------------------------------------------------
Fri Jul 19 12:22:54 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.1.1:
* The flask.json_available flag was added back for compatibility with some
extensions. It will raise a deprecation warning when used, and will be
removed in version 2.0.0. #3288
-------------------------------------------------------------------
Sat Jul 6 20:31:51 UTC 2019 - Arun Persaud <arun@gmx.de>
- specfile:
* updated version of Werkzeug requirement to 0.15
* AUTHORS file not in tar-ball
* license file got renamed to LICENSE.rst
* be more specific in %files section
- update to version 1.1.0:
* Bump minimum Werkzeug version to >= 0.15.
* Drop support for Python 3.4.
* Error handlers for "InternalServerError" or "500" will always be
passed an instance of "InternalServerError". If they are invoked
due to an unhandled exception, that original exception is now
available as "e.original_exception" rather than being passed
directly to the handler. The same is true if the handler is for
the base "HTTPException". This makes error handler behavior more
consistent. :pr:`3266`
+ :meth:`Flask.finalize_request` is called for all unhandled
exceptions even if there is no "500" error handler.
* :attr:`Flask.logger` takes the same name as :attr:`Flask.name`
(the value passed as "Flask(import_name)". This reverts 1.0's
behavior of always logging to ""flask.app"", in order to support
multiple apps in the same process. A warning will be shown if
old configuration is detected that needs to be
moved. :issue:`2866`
* :meth:`flask.RequestContext.copy` includes the current session
object in the request context copy. This prevents "session"
pointing to an out-of-date object. :issue:`2935`
* Using built-in RequestContext, unprintable Unicode characters in
Host header will result in a HTTP 400 response and not HTTP 500
as previously. :pr:`2994`
* :func:`send_file` supports :class:`~os.PathLike` objects as
described in PEP 0519, to support :mod:`pathlib` in Python 3.
:pr:`3059`
* :func:`send_file` supports :class:`~io.BytesIO` partial content.
:issue:`2957`
* :func:`open_resource` accepts the "rt" file mode. This still does
the same thing as "r". :issue:`3163`
* The :attr:`MethodView.methods` attribute set in a base class is
used by subclasses. :issue:`3138`
* :attr:`Flask.jinja_options` is a "dict" instead of an
"ImmutableDict" to allow easier configuration. Changes must
still be made before creating the environment. :pr:`3190`
* Flask's "JSONMixin" for the request and response wrappers was
moved into Werkzeug. Use Werkzeug's version with Flask-specific
support. This bumps the Werkzeug dependency to >= 0.15.
:issue:`3125`
* The "flask" command entry point is simplified to take advantage of
Werkzeug 0.15's better reloader support. This bumps the Werkzeug
dependency to >= 0.15. :issue:`3022`
* Support "static_url_path" that ends with a forward slash.
:issue:`3134`
* Support empty "static_folder" without requiring setting an empty
"static_url_path" as well. :pr:`3124`
* :meth:`jsonify` supports :class:`dataclasses.dataclass` objects.
:pr:`3195`
* Allow customizing the :attr:`Flask.url_map_class` used for
routing. :pr:`3069`
* The development server port can be set to 0, which tells the OS to
pick an available port. :issue:`2926`
* The return value from :meth:`cli.load_dotenv` is more consistent
with the documentation. It will return "False" if python-dotenv
is not installed, or if the given path isn't a
file. :issue:`2937`
* Signaling support has a stub for the "connect_via" method when the
Blinker library is not installed. :pr:`3208`
* Add an "--extra-files" option to the "flask run" CLI command to
specify extra files that will trigger the reloader on change.
:issue:`2897`
* Allow returning a dictionary from a view function. Similar to how
returning a string will produce a "text/html" response,
returning a dict will call "jsonify" to produce a
"application/json" response. :pr:`3111`
* Blueprints have a "cli" Click group like "app.cli". CLI commands
registered with a blueprint will be available as a group under
the "flask" command. :issue:`1357`.
* When using the test client as a context manager ("with client:"),
all preserved request contexts are popped when the block exits,
ensuring nested contexts are cleaned up correctly. :pr:`3157`
* Show a better error message when the view return type is not
supported. :issue:`3214`
* "flask.testing.make_test_environ_builder()" has been deprecated in
favour of a new class "flask.testing.EnvironBuilder". :pr:`3232`
* The "flask run" command no longer fails if Python is not built
with SSL support. Using the "--cert" option will show an
appropriate error message. :issue:`3211`
* URL matching now occurs after the request context is pushed,
rather than when it's created. This allows custom URL converters
to access the app and request contexts, such as to query a
database for an id. :issue:`3088`
- changes from version 1.0.4:
* The key information for "BadRequestKeyError" is no longer cleared
outside debug mode, so error handlers can still access it. This
requires upgrading to Werkzeug 0.15.5. :issue:`3249`
* "send_file" url quotes the ":" and "/" characters for more
compatible UTF-8 filename support in some
browsers. :issue:`3074`
* Fixes for PEP451 import loaders and pytest 5.x. :issue:`3275`
* Show message about dotenv on stderr instead of
stdout. :issue:`3285`
-------------------------------------------------------------------
Tue May 28 07:30:54 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.0.3:
* :func:`send_file` encodes filenames as ASCII instead of Latin-1
(ISO-8859-1). This fixes compatibility with Gunicorn, which is
stricter about header encodings than PEP 3333. (`#2766`_)
* Allow custom CLIs using ``FlaskGroup`` to set the debug flag without
it always being overwritten based on environment variables.
(`#2765`_)
* ``flask --version`` outputs Werkzeug's version and simplifies the
Python version. (`#2825`_)
* :func:`send_file` handles an ``attachment_filename`` that is a
native Python 2 string (bytes) with UTF-8 coded bytes. (`#2933`_)
* A catch-all error handler registered for ``HTTPException`` will not
handle ``RoutingExcpetion``, which is used internally during
routing. This fixes the unexpected behavior that had been introduced
in 1.0. (`#2986`_)
* Passing the ``json`` argument to ``app.test_client`` does not
push/pop an extra app context. (`#2900`_)
-------------------------------------------------------------------
Sun May 6 05:35:06 UTC 2018 - arun@gmx.de
- update to version 1.0.2:
* Fix more backwards compatibility issues with merging slashes
between a blueprint prefix and route. (`#2748`_)
* Fix error with "flask routes" command when there are no routes.
(`#2751`_)
- changes from version 1.0.1:
* Fix registering partials (with no "__name__") as view functions.
(`#2730`_)
* Don't treat lists returned from view functions the same as tuples.
Only tuples are interpreted as response data. (`#2736`_)
* Extra slashes between a blueprint's "url_prefix" and a route URL
are merged. This fixes some backwards compatibility issues with
the change in 1.0. (`#2731`_, `#2742`_)
* Only trap "BadRequestKeyError" errors in debug mode, not all
"BadRequest" errors. This allows "abort(400)" to continue
working as expected. (`#2735`_)
* The "FLASK_SKIP_DOTENV" environment variable can be set to "1" to
skip automatically loading dotenv files. (`#2722`_)
-------------------------------------------------------------------
Sat Apr 28 19:29:34 UTC 2018 - arun@gmx.de
- specfile:
* update copyright year
* updated version of dependencies
* removed patch: flask-python36.patch included upstream
* CHANGES->CHANGES.rst
* README->README.rst
- update to version 1.0:
* **Python 2.6 and 3.3 are no longer supported.**
(`pallets/meta#24`_)
* Bump minimum dependency versions to the latest stable versions:
Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >=
5.1. (`#2586`_)
* Skip :meth:`app.run <Flask.run>` when a Flask application is run
from the command line. This avoids some behavior that was
confusing to debug.
* Change the default for :data:`JSONIFY_PRETTYPRINT_REGULAR` to
"False". :func:`~json.jsonify` returns a compact format by
default, and an indented format in debug mode. (`#2193`_)
* :meth:`Flask.__init__ <Flask>` accepts the "host_matching"
argument and sets it on :attr:`~Flask.url_map`. (`#1559`_)
* :meth:`Flask.__init__ <Flask>` accepts the "static_host" argument
and passes it as the "host" argument when defining the static
route. (`#1559`_)
* :func:`send_file` supports Unicode in "attachment_filename".
(`#2223`_)
* Pass "_scheme" argument from :func:`url_for` to
:meth:`~Flask.handle_url_build_error`. (`#2017`_)
* :meth:`~Flask.add_url_rule` accepts the
"provide_automatic_options" argument to disable adding the
"OPTIONS" method. (`#1489`_)
* :class:`~views.MethodView` subclasses inherit method handlers from
base classes. (`#1936`_)
* Errors caused while opening the session at the beginning of the
request are handled by the app's error handlers. (`#2254`_)
* Blueprints gained :attr:`~Blueprint.json_encoder` and
:attr:`~Blueprint.json_decoder` attributes to override the app's
encoder and decoder. (`#1898`_)
* :meth:`Flask.make_response` raises "TypeError" instead of
"ValueError" for bad response types. The error messages have
been improved to describe why the type is invalid. (`#2256`_)
* Add "routes" CLI command to output routes registered on the
application. (`#2259`_)
* Show warning when session cookie domain is a bare hostname or an
IP address, as these may not behave properly in some browsers,
such as Chrome. (`#2282`_)
* Allow IP address as exact session cookie domain. (`#2282`_)
* "SESSION_COOKIE_DOMAIN" is set if it is detected through
"SERVER_NAME". (`#2282`_)
* Auto-detect zero-argument app factory called "create_app" or
"make_app" from "FLASK_APP". (`#2297`_)
* Factory functions are not required to take a "script_info"
parameter to work with the "flask" command. If they take a
single parameter or a parameter named "script_info", the
:class:`~cli.ScriptInfo` object will be passed. (`#2319`_)
* "FLASK_APP" can be set to an app factory, with arguments if
needed, for example "FLASK_APP=myproject.app:create_app('dev')".
(`#2326`_)
* "FLASK_APP" can point to local packages that are not installed in
editable mode, although "pip install -e" is still preferred.
(`#2414`_)
* The :class:`~views.View` class attribute
:attr:`~views.View.provide_automatic_options` is set in
:meth:`~views.View.as_view`, to be detected by
:meth:`~Flask.add_url_rule`. (`#2316`_)
* Error handling will try handlers registered for "blueprint, code",
"app, code", "blueprint, exception", "app, exception".
(`#2314`_)
* "Cookie" is added to the response's "Vary" header if the session
is accessed at all during the request (and not
deleted). (`#2288`_)
* :meth:`~Flask.test_request_context` accepts "subdomain" and
"url_scheme" arguments for use when building the base URL.
(`#1621`_)
* Set :data:`APPLICATION_ROOT` to "'/'" by default. This was already
the implicit default when it was set to "None".
* :data:`TRAP_BAD_REQUEST_ERRORS` is enabled by default in debug
mode. "BadRequestKeyError" has a message with the bad key in
debug mode instead of the generic bad request
message. (`#2348`_)
* Allow registering new tags with
:class:`~json.tag.TaggedJSONSerializer` to support storing other
types in the session cookie. (`#2352`_)
* Only open the session if the request has not been pushed onto the
context stack yet. This allows :func:`~stream_with_context`
generators to access the same session that the containing view
uses. (`#2354`_)
* Add "json" keyword argument for the test client request methods.
This will dump the given object as JSON and set the appropriate
content type. (`#2358`_)
* Extract JSON handling to a mixin applied to both the
:class:`Request` and :class:`Response` classes. This adds the
:meth:`~Response.is_json` and :meth:`~Response.get_json` methods
to the response to make testing JSON response much
easier. (`#2358`_)
* Removed error handler caching because it caused unexpected results
for some exception inheritance hierarchies. Register handlers
explicitly for each exception if you want to avoid traversing
the MRO. (`#2362`_)
* Fix incorrect JSON encoding of aware, non-UTC
datetimes. (`#2374`_)
* Template auto reloading will honor debug mode even even if
:attr:`~Flask.jinja_env` was already accessed. (`#2373`_)
* The following old deprecated code was removed. (`#2385`_)
+ "flask.ext" - import extensions directly by their name instead
of through the "flask.ext" namespace. For example, "import
flask.ext.sqlalchemy" becomes "import flask_sqlalchemy".
+ "Flask.init_jinja_globals" - extend
:meth:`Flask.create_jinja_environment` instead.
+ "Flask.error_handlers" - tracked by
:attr:`Flask.error_handler_spec`, use
:meth:`Flask.errorhandler` to register handlers.
+ "Flask.request_globals_class" - use
:attr:`Flask.app_ctx_globals_class` instead.
+ "Flask.static_path" - use :attr:`Flask.static_url_path` instead.
+ "Request.module" - use :attr:`Request.blueprint` instead.
* The :attr:`Request.json` property is no longer deprecated.
(`#1421`_)
* Support passing a :class:`~werkzeug.test.EnvironBuilder` or "dict"
to :meth:`test_client.open <werkzeug.test.Client.open>`.
(`#2412`_)
* The "flask" command and :meth:`Flask.run` will load environment
variables from ".env" and ".flaskenv" files if python-dotenv is
installed. (`#2416`_)
* When passing a full URL to the test client, the scheme in the URL
is used instead of :data:`PREFERRED_URL_SCHEME`. (`#2430`_)
* :attr:`Flask.logger` has been simplified. "LOGGER_NAME" and
"LOGGER_HANDLER_POLICY" config was removed. The logger is always
named "flask.app". The level is only set on first access, it
doesn't check :attr:`Flask.debug` each time. Only one format is
used, not different ones depending on :attr:`Flask.debug`. No
handlers are removed, and a handler is only added if no handlers
are already configured. (`#2436`_)
* Blueprint view function names may not contain dots. (`#2450`_)
* Fix a "ValueError" caused by invalid "Range" requests in some
cases. (`#2526`_)
* The development server uses threads by default. (`#2529`_)
* Loading config files with "silent=True" will ignore
:data:`~errno.ENOTDIR` errors. (`#2581`_)
* Pass "--cert" and "--key" options to "flask run" to run the
development server over HTTPS. (`#2606`_)
* Added :data:`SESSION_COOKIE_SAMESITE` to control the "SameSite"
attribute on the session cookie. (`#2607`_)
* Added :meth:`~flask.Flask.test_cli_runner` to create a Click
runner that can invoke Flask CLI commands for
testing. (`#2636`_)
* Subdomain matching is disabled by default and setting
:data:`SERVER_NAME` does not implicily enable it. It can be
enabled by passing "subdomain_matching=True" to the "Flask"
constructor. (`#2635`_)
* A single trailing slash is stripped from the blueprint
"url_prefix" when it is registered with the app. (`#2629`_)
* :meth:`Request.get_json` doesn't cache the result if parsing fails
when "silent" is true. (`#2651`_)
* :func:`Request.get_json` no longer accepts arbitrary encodings.
Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but
Flask will autodetect UTF-8, -16, or -32. (`#2691`_)
* Added :data:`MAX_COOKIE_SIZE` and :attr:`Response.max_cookie_size`
to control when Werkzeug warns about large cookies that browsers
may ignore. (`#2693`_)
* Updated documentation theme to make docs look better in small
windows. (`#2709`_)
* Rewrote the tutorial docs and example project to take a more
structured approach to help new users avoid common pitfalls.
(`#2676`_)
- changes from version 0.12.3:
* :func:`Request.get_json` no longer accepts arbitrary encodings.
Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but
Flask will autodetect UTF-8, -16, or -32. (`#2692`_)
* Fix a Python warning about imports when using "python -m flask".
(`#2666`_)
* Fix a "ValueError" caused by invalid "Range" requests in some
cases.
-------------------------------------------------------------------
Tue Aug 8 17:00:05 UTC 2017 - tbechtold@suse.com
- update to 0.12.2:
- Fix a bug in `safe_join` on Windows.
-------------------------------------------------------------------
Tue Apr 4 14:51:27 UTC 2017 - jmatejek@suse.com
- update for singlespec
- flask-python36.patch: fix test failures in Python 3.6
- update to 0.12.1
* Prevent `flask run` from showing a NoAppException when an ImportError occurs
within the imported application module.
* Fix encoding behavior of ``app.config.from_pyfile`` for Python 3. Fix
``#2118``.
* Call `ctx.auto_pop` with the exception object instead of `None`, in the
event that a `BaseException` such as `KeyboardInterrupt` is raised in a
request handler.
-------------------------------------------------------------------
Thu Mar 16 12:26:19 UTC 2017 - michael@stroeder.com
- update to version 0.12:
* the cli command now responds to `--version`.
* Mimetype guessing and ETag generation for file-like objects in
"send_file" has been removed, as per issue "#104". See pull
request "#1849".
* Mimetype guessing in "send_file" now fails loudly and doesn't fall
back to "application/octet-stream". See pull request "#1988".
* Make "flask.safe_join" able to join multiple paths like
"os.path.join" (pull request "#1730").
* Revert a behavior change that made the dev server crash instead of
returning a Internal Server Error (pull request "#2006").
* Correctly invoke response handlers for both regular request
dispatching as well as error handlers.
* Disable logger propagation by default for the app logger.
* Add support for range requests in "send_file".
* "app.test_client" includes preset default environment, which can
now be directly set, instead of per "client.get".
-------------------------------------------------------------------
Thu Nov 17 13:00:22 UTC 2016 - rjschwei@suse.com
- Include in SLE 12 (FATE#320818, bsc#979331)
-------------------------------------------------------------------
Fri Sep 23 14:19:03 UTC 2016 - toddrme2178@gmail.com
- Change preun back to postun for now.
-------------------------------------------------------------------
Fri Sep 16 14:25:04 UTC 2016 - toddrme2178@gmail.com
- Fix download url.
-------------------------------------------------------------------
Thu Sep 15 18:08:53 UTC 2016 - toddrme2178@gmail.com
- Update to Version 0.11.1
- Fixed a bug that prevented ``FLASK_APP=foobar/__init__.py`` from working. See
pull request ``#1872``.
- Update to Version 0.11
- Added support to serializing top-level arrays to :func:`flask.jsonify`. This
introduces a security risk in ancient browsers. See
:ref:`json-security` for details.
- Added before_render_template signal.
- Added `**kwargs` to :meth:`flask.Test.test_client` to support passing
additional keyword arguments to the constructor of
:attr:`flask.Flask.test_client_class`.
- Added ``SESSION_REFRESH_EACH_REQUEST`` config key that controls the
set-cookie behavior. If set to ``True`` a permanent session will be
refreshed each request and get their lifetime extended, if set to
``False`` it will only be modified if the session actually modifies.
Non permanent sessions are not affected by this and will always
expire if the browser window closes.
- Made Flask support custom JSON mimetypes for incoming data.
- Added support for returning tuples in the form ``(response, headers)``
from a view function.
- Added :meth:`flask.Config.from_json`.
- Added :attr:`flask.Flask.config_class`.
- Added :meth:`flask.config.Config.get_namespace`.
- Templates are no longer automatically reloaded outside of debug mode. This
can be configured with the new ``TEMPLATES_AUTO_RELOAD`` config key.
- Added a workaround for a limitation in Python 3.3's namespace loader.
- Added support for explicit root paths when using Python 3.3's namespace
packages.
- Added :command:`flask` and the ``flask.cli`` module to start the local
debug server through the click CLI system. This is recommended over the old
``flask.run()`` method as it works faster and more reliable due to a
different design and also replaces ``Flask-Script``.
- Error handlers that match specific classes are now checked first,
thereby allowing catching exceptions that are subclasses of HTTP
exceptions (in ``werkzeug.exceptions``). This makes it possible
for an extension author to create exceptions that will by default
result in the HTTP error of their choosing, but may be caught with
a custom error handler if desired.
- Added :meth:`flask.Config.from_mapping`.
- Flask will now log by default even if debug is disabled. The log format is
now hardcoded but the default log handling can be disabled through the
``LOGGER_HANDLER_POLICY`` configuration key.
- Removed deprecated module functionality.
- Added the ``EXPLAIN_TEMPLATE_LOADING`` config flag which when enabled will
instruct Flask to explain how it locates templates. This should help
users debug when the wrong templates are loaded.
- Enforce blueprint handling in the order they were registered for template
loading.
- Ported test suite to py.test.
- Deprecated ``request.json`` in favour of ``request.get_json()``.
- Add "pretty" and "compressed" separators definitions in jsonify() method.
Reduces JSON response size when JSONIFY_PRETTYPRINT_REGULAR=False by removing
unnecessary white space included by default after separators.
- JSON responses are now terminated with a newline character, because it is a
convention that UNIX text files end with a newline and some clients don't
deal well when this newline is missing. See
https://github.com/pallets/flask/pull/1262 -- this came up originally as a
part of https://github.com/kennethreitz/httpbin/issues/168
- The automatically provided ``OPTIONS`` method is now correctly disabled if
the user registered an overriding rule with the lowercase-version
``options`` (issue ``#1288``).
- ``flask.json.jsonify`` now supports the ``datetime.date`` type (pull request
``#1326``).
- Don't leak exception info of already catched exceptions to context teardown
handlers (pull request ``#1393``).
- Allow custom Jinja environment subclasses (pull request ``#1422``).
- ``flask.g`` now has ``pop()`` and ``setdefault`` methods.
- Turn on autoescape for ``flask.templating.render_template_string`` by default
(pull request ``#1515``).
- ``flask.ext`` is now deprecated (pull request ``#1484``).
- ``send_from_directory`` now raises BadRequest if the filename is invalid on
the server OS (pull request ``#1763``).
- Added the ``JSONIFY_MIMETYPE`` configuration variable (pull request ``#1728``).
- Exceptions during teardown handling will no longer leave bad application
contexts lingering around.
- Update to Version 0.10.2
- Fixed broken `test_appcontext_signals()` test case.
- Raise an :exc:`AttributeError` in :func:`flask.helpers.find_package` with a
useful message explaining why it is raised when a PEP 302 import hook is used
without an `is_package()` method.
- Fixed an issue causing exceptions raised before entering a request or app
context to be passed to teardown handlers.
- Fixed an issue with query parameters getting removed from requests in
the test client when absolute URLs were requested.
- Made `@before_first_request` into a decorator as intended.
- Fixed an etags bug when sending a file streams with a name.
- Fixed `send_from_directory` not expanding to the application root path
correctly.
- Changed logic of before first request handlers to flip the flag after
invoking. This will allow some uses that are potentially dangerous but
should probably be permitted.
- Fixed Python 3 bug when a handler from `app.url_build_error_handlers`
reraises the `BuildError`.
- Implement update-alternatives
-------------------------------------------------------------------
Thu Oct 24 11:05:46 UTC 2013 - speilicke@suse.com
- Require python-setuptools instead of distribute (upstreams merged)
-------------------------------------------------------------------
Mon Sep 9 07:47:12 UTC 2013 - dmueller@suse.com
- add dependency on itsdangerous
-------------------------------------------------------------------
Tue Jun 25 11:33:18 UTC 2013 - dmueller@suse.com
- update to 0.10.1
- Fixed an issue where ``|tojson`` was not quoting single quotes which
made the filter not work properly in HTML attributes. Now it's
possible to use that filter in single quoted attributes. This should
make using that filter with angular.js easier.
- Added support for byte strings back to the session system. This broke
compatibility with the common case of people putting binary data for
token verification into the session.
- Fixed an issue were registering the same method twice for the same endpoint
would trigger an exception incorrectly.
:ref:`upgrading-to-010` for more information.
- Added ``template_test`` methods in addition to the already existing
``template_filter`` method family.
- Added ``template_global`` methods in addition to the already existing
``template_filter`` method family.
- Set the content-length header for x-sendfile.
- ``tojson`` filter now does not escape script blocks in HTML5 parsers.
- ``tojson`` used in templates is now safe by default due. This was
allowed due to the different escaping behavior.
- Flask will now raise an error if you attempt to register a new function
on an already used endpoint.
- Added wrapper module around simplejson and added default serialization
of datetime objects. This allows much easier customization of how
JSON is handled by Flask or any Flask extension.
- Removed deprecated internal ``flask.session`` module alias. Use
``flask.sessions`` instead to get the session module. This is not to
be confused with ``flask.session`` the session proxy.
- Templates can now be rendered without request context. The behavior is
slightly different as the ``request``, ``session`` and ``g`` objects
will not be available and blueprint's context processors are not
called.
- The config object is now available to the template as a real global and
not through a context processor which makes it available even in imported
templates by default.
- Added an option to generate non-ascii encoded JSON which should result
in less bytes being transmitted over the network. It's disabled by
default to not cause confusion with existing libraries that might expect
``flask.json.dumps`` to return bytestrings by default.
- ``flask.g`` is now stored on the app context instead of the request
context.
- ``flask.g`` now gained a ``get()`` method for not erroring out on non
existing items.
- ``flask.g`` now can be used with the ``in`` operator to see what's defined
and it now is iterable and will yield all attributes stored.
- ``flask.Flask.request_globals_class`` got renamed to
``flask.Flask.app_ctx_globals_class`` which is a better name to what it
does since 0.10.
- `request`, `session` and `g` are now also added as proxies to the template
context which makes them available in imported templates. One has to be
very careful with those though because usage outside of macros might
cause caching.
- Flask will no longer invoke the wrong error handlers if a proxy
exception is passed through.
- Added a workaround for chrome's cookies in localhost not working
as intended with domain names.
- Changed logic for picking defaults for cookie values from sessions
to work better with Google Chrome.
- Added `message_flashed` signal that simplifies flashing testing.
- Added support for copying of request contexts for better working with
greenlets.
- Removed custom JSON HTTP exception subclasses. If you were relying on them
you can reintroduce them again yourself trivially. Using them however is
strongly discouraged as the interface was flawed.
- Python requirements changed: requiring Python 2.6 or 2.7 now to prepare
for Python 3.3 port.
- Changed how the teardown system is informed about exceptions. This is now
more reliable in case something handles an exception halfway through
the error handling process.
- Request context preservation in debug mode now keeps the exception
information around which means that teardown handlers are able to
distinguish error from success cases.
- Added the ``JSONIFY_PRETTYPRINT_REGULAR`` configuration variable.
- Flask now orders JSON keys by default to not trash HTTP caches due to
different hash seeds between different workers.
- Added `appcontext_pushed` and `appcontext_popped` signals.
- The builtin run method now takes the ``SERVER_NAME`` into account when
picking the default port to run on.
- Added `flask.request.get_json()` as a replacement for the old
`flask.request.json` property.
-------------------------------------------------------------------
Fri Nov 16 09:20:35 UTC 2012 - saschpe@suse.de
- Disable testsuite on SLE_11_SP2
-------------------------------------------------------------------
Thu Nov 15 15:38:05 UTC 2012 - saschpe@suse.de
- Update to version 0.9:
+ The :func:flask.Request.on_json_loading_failed now returns a JSON formatted
response by default.
+ The :func:flask.url_for function now can generate anchors to the
generated links.
+ The :func:flask.url_for function now can also explicitly generate
URL rules specific to a given HTTP method.
+ Logger now only returns the debug log setting if it was not set
explicitly.
+ Unregister a circular dependency between the WSGI environment and
the request object when shutting down the request. This means that
environ werkzeug.request will be None after the response was
returned to the WSGI server but has the advantage that the garbage
collector is not needed on CPython to tear down the request unless
the user created circular dependencies themselves.
+ Session is now stored after callbacks so that if the session payload
is stored in the session you can still modify it in an after
request callback.
+ The :class:flask.Flask class will avoid importing the provided import name
if it can (the required first parameter), to benefit tools which build Flask
instances programmatically. The Flask class will fall back to using import
on systems with custom module hooks, e.g. Google App Engine, or when the
import name is inside a zip archive (usually a .egg) prior to Python 2.7.
+ Blueprints now have a decorator to add custom template filters application
wide, :meth:flask.Blueprint.app_template_filter.
+ The Flask and Blueprint classes now have a non-decorator method for adding
custom template filters application wide,
:meth:flask.Flask.add_template_filter and
:meth:flask.Blueprint.add_app_template_filter.
+ The :func:flask.get_flashed_messages function now allows rendering flashed
message categories in separate blocks, through a category_filter
argument.
+ The :meth:flask.Flask.run method now accepts None for host and port
arguments, using default values when None. This allows for calling run
using configuration values, e.g. app.run(app.config.get('MYHOST'),
app.config.get('MYPORT')), with proper behavior whether or not a config
file is provided.
+ Please look into CHANGES for more...
-------------------------------------------------------------------
Thu Nov 10 10:51:15 UTC 2011 - saschpe@suse.de
- Update to version 0.8:
* Refactored session support into a session interface so that
the implementation of the sessions can be changed without
having to override the Flask class.
* Empty session cookies are now deleted properly automatically.
* View functions can now opt out of getting the automatic
OPTIONS implementation.
* HTTP exceptions and Bad Request errors can now be trapped so that they
show up normally in the traceback.
* Flask in debug mode is now detecting some common problems and tries to
warn you about them.
* Flask in debug mode will now complain with an assertion error if a view
was attached after the first request was handled. This gives earlier
feedback when users forget to import view code ahead of time.
* Added the ability to register callbacks that are only triggered once at
the beginning of the first request. (:meth:Flask.before_first_request)
* Malformed JSON data will now trigger a bad request HTTP exception instead
of a value error which usually would result in a 500 internal server
error if not handled. This is a backwards incompatible change.
* Applications now not only have a root path where the resources and modules
are located but also an instane path which is the designated place to
drop files that are modified at runtime (uploads etc.). Also this is
conceptionally only instance depending and outside version control so it's
the perfect place to put configuration files etc. For more information
see :ref:instance-folders.
* Added the APPLICATION_ROOT configuration variable.
* Implemented :meth:~flask.testing.TestClient.session_transaction to
easily modify sessions from the test environment.
* Refactored test client internally. The APPLICATION_ROOT configuration
variable as well as SERVER_NAME are now properly used by the test client
as defaults.
* Added :attr:flask.views.View.decorators to support simpler decorating of
pluggable (class based) views.
* Fixed an issue where the test client if used with the with statement did not
trigger the execution of the teardown handlers.
* Added finer control over the session cookie parameters.
* HEAD requests to a method view now automatically dispatch to the get
method if no handler was implemented.
* Implemented the virtual :mod:flask.ext package to import extensions from.
* The context preservation on exceptions is now an integral component of
Flask itself and no longer of the test client. This cleaned up some
internal logic and lowers the odds of runaway request contexts in unittests.
-------------------------------------------------------------------
Thu Sep 22 09:14:52 UTC 2011 - saschpe@suse.de
- Set license to BSD-3-Clause (SPDX style)
- Require python-distribute instead of python-setuptools
- Remove %clean section
-------------------------------------------------------------------
Wed Jul 20 18:03:33 UTC 2011 - saschpe@gmx.de
- Initial package, replaces python-flask
Reference in New Issue View Git Blame Copy Permalink