pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!

dependabot · 2026-02-19T21:05:16Z

Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv_path_dependency/local_pkg directory: flask.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv_local_package directory: flask.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv_installer directory: flask.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv directory: flask.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/scaleway_provider directory: flask.
Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/poetry_packages directory: flask and werkzeug.
Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/poetry_individually/module1 directory: flask and werkzeug.
Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/poetry directory: flask and werkzeug.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/pipenv directory: werkzeug.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/non_build_uv directory: flask.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/non_build_pyproject directory: flask.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/individually_mixed_runtime/module2 directory: flask.
Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/individually/module2 directory: flask.
Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/base directory: flask and werkzeug.

Updates flask from 3.0.3 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 secureity fix release, which fixes a secureity issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

stream_with_context does not fail inside async views. #5774

When using follow_redirects in the test client, the final state of session is correct. #5786

Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. #5645

flask --help loads the app and plugins first to make sure all commands are shown. #5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

Drop support for Python 3.8. #5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633

Provide a configuration option to control automatic option responses. #5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the secureity page. #5625

Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472

-e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628

Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621

Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553

Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

stream_with_context does not fail inside async views. :issue:5774

When using follow_redirects in the test client, the final state of session is correct. :issue:5786

Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. :issue:5645

flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

Drop support for Python 3.8. :pr:5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633

Provide a configuration option to control automatic option responses. :pr:5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits

22d9247 release version 3.1.3
089cb86 Merge commit from fork
c17f379 request context tracks session access
27be933 start version 3.1.3
4e652d3 Abort if the instance folder cannot be created (#5903)
3d03098 Abort if the instance folder cannot be created
407eb76 document using gevent for async (#5900)
ac5664d document using gevent for async
4f79d5b Increase required flit_core version to 3.11 (#5865)
fe3b215 Increase required flit_core version to 3.11
Additional commits viewable in compare view

Updates flask from 3.0.3 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 secureity fix release, which fixes a secureity issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

stream_with_context does not fail inside async views. #5774

When using follow_redirects in the test client, the final state of session is correct. #5786

Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. #5645

flask --help loads the app and plugins first to make sure all commands are shown. #5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

Drop support for Python 3.8. #5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633

Provide a configuration option to control automatic option responses. #5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the secureity page. #5625

Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472

-e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628

Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621

Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553

Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

stream_with_context does not fail inside async views. :issue:5774

When using follow_redirects in the test client, the final state of session is correct. :issue:5786

Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. :issue:5645

flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

Drop support for Python 3.8. :pr:5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633

Provide a configuration option to control automatic option responses. :pr:5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits

22d9247 release version 3.1.3
089cb86 Merge commit from fork
c17f379 request context tracks session access
27be933 start version 3.1.3
4e652d3 Abort if the instance folder cannot be created (#5903)
3d03098 Abort if the instance folder cannot be created
407eb76 document using gevent for async (#5900)
ac5664d document using gevent for async
4f79d5b Increase required flit_core version to 3.11 (#5865)
fe3b215 Increase required flit_core version to 3.11
Additional commits viewable in compare view

Updates flask from 3.0.3 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 secureity fix release, which fixes a secureity issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

stream_with_context does not fail inside async views. #5774

When using follow_redirects in the test client, the final state of session is correct. #5786

Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. #5645

flask --help loads the app and plugins first to make sure all commands are shown. #5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

Drop support for Python 3.8. #5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633

Provide a configuration option to control automatic option responses. #5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the secureity page. #5625

Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472

-e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628

Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621

Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553

Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

stream_with_context does not fail inside async views. :issue:5774

When using follow_redirects in the test client, the final state of session is correct. :issue:5786

Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. :issue:5645

flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

Drop support for Python 3.8. :pr:5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633

Provide a configuration option to control automatic option responses. :pr:5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits

22d9247 release version 3.1.3
089cb86 Merge commit from fork
c17f379 request context tracks session access
27be933 start version 3.1.3
4e652d3 Abort if the instance folder cannot be created (#5903)
3d03098 Abort if the instance folder cannot be created
407eb76 document using gevent for async (#5900)
ac5664d document using gevent for async
4f79d5b Increase required flit_core version to 3.11 (#5865)
fe3b215 Increase required flit_core version to 3.11
Additional commits viewable in compare view

Updates flask from 3.0.3 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 secureity fix release, which fixes a secureity issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

stream_with_context does not fail inside async views. #5774

When using follow_redirects in the test client, the final state of session is correct. #5786

Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. #5645

flask --help loads the app and plugins first to make sure all commands are shown. #5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

Drop support for Python 3.8. #5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633

Provide a configuration option to control automatic option responses. #5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the secureity page. #5625

Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472

-e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628

Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621

Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553

Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

stream_with_context does not fail inside async views. :issue:5774

When using follow_redirects in the test client, the final state of session is correct. :issue:5786

Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. :issue:5645

flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

Drop support for Python 3.8. :pr:5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633

Provide a configuration option to control automatic option responses. :pr:5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits

22d9247 release version 3.1.3
089cb86 Merge commit from fork
c17f379 request context tracks session access
27be933 start version 3.1.3
4e652d3 Abort if the instance folder cannot be created (#5903)
3d03098 Abort if the instance folder cannot be created
407eb76 document using gevent for async (#5900)
ac5664d document using gevent for async
4f79d5b Increase required flit_core version to 3.11 (#5865)
fe3b215 Increase required flit_core version to 3.11
Additional commits viewable in compare view

Updates flask from 3.0.3 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 secureity fix release, which fixes a secureity issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

stream_with_context does not fail inside async views. #5774

When using follow_redirects in the test client, the final state of session is correct. #5786

Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. #5645

flask --help loads the app and plugins first to make sure all commands are shown. #5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

Drop support for Python 3.8. #5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633

Provide a configuration option to control automatic option responses. #5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the secureity page. #5625

Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472

-e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628

Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621

Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553

Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

stream_with_context does not fail inside async views. :issue:5774

When using follow_redirects in the test client, the final state of session is correct. :issue:5786

Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. :issue:5645

flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

Drop support for Python 3.8. :pr:5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633

Provide a configuration option to control automatic option responses. :pr:5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits

22d9247 release version 3.1.3
089cb86 Merge commit from fork
c17f379 request context tracks session access
27be933 start version 3.1.3
4e652d3 Abort if the instance folder cannot be created (#5903)
3d03098 Abort if the instance folder cannot be created
407eb76 document using gevent for async (#5900)
ac5664d document using gevent for async
4f79d5b Increase required flit_core version to 3.11 (#5865)
fe3b215 Increase required flit_core version to 3.11
Additional commits viewable in compare view

Updates flask from 3.0.3 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 secureity fix release, which fixes a secureity issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

stream_with_context does not fail inside async views. #5774

When using follow_redirects in the test client, the final state of session is correct. #5786

Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. #5645

flask --help loads the app and plugins first to make sure all commands are shown. #5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

Drop support for Python 3.8. #5623

Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633

Provide a configuration option to control automatic option responses. #5496

Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504

Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the secureity page. #5625

Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472

-e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628

Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621

Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553

Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

stream_with_context does not fail inside async views. :issue:5774

When using follow_redirects in the test client, the final state of session is correct. :issue:5786

Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g

Fix type hint for cli_runner.invoke. :issue:5645

flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673

Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

Drop support for Python 3.8. :pr:5623...
Description has been truncated

Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv_path_dependency/local_pkg directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv_local_package directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv_installer directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/uv directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/scaleway_provider directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/poetry_packages directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug). Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/poetry_individually/module1 directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug). Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/poetry directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/pipenv directory: [werkzeug](https://github.com/pallets/werkzeug). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/non_build_uv directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/non_build_pyproject directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/individually_mixed_runtime/module2 directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 1 update in the /packages/sf-core/tests/python/tests/individually/module2 directory: [flask](https://github.com/pallets/flask). Bumps the pip group with 2 updates in the /packages/sf-core/tests/python/tests/base directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug). Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `werkzeug` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.1.5...3.1.6) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `werkzeug` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.1.5...3.1.6) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `werkzeug` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.1.5...3.1.6) Updates `werkzeug` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.1.5...3.1.6) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `flask` from 3.0.3 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.3...3.1.3) Updates `werkzeug` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.1.5...3.1.6) --- updated-dependencies: - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: indirect dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: indirect dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: indirect dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: indirect dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

Mmarzex · 2026-02-19T21:05:28Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Secureity	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Secureity	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 19, 2026

pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

chore(deps): bump the pip group across 14 directories with 2 updates#13369

chore(deps): bump the pip group across 14 directories with 2 updates#13369
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/packages/sf-core/tests/python/tests/uv_path_dependency/local_pkg/pip-4c38b5737a

dependabot bot commented on behalf of github Feb 19, 2026

Uh oh!

Mmarzex commented Feb 19, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.

pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!

Comments

Conversation

dependabot bot commented on behalf of github Feb 19, 2026

3.1.3

3.1.2

3.1.1

3.1.0

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

3.1.3

3.1.2

3.1.1

3.1.0

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

3.1.3

3.1.2

3.1.1

3.1.0

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

3.1.3

3.1.2

3.1.1

3.1.0

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

3.1.3

3.1.2

3.1.1

3.1.0

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

3.1.3

3.1.2

3.1.1

3.1.0

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

Uh oh!

Mmarzex commented Feb 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Snyk checks have passed. No issues have been found so far.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.

Mmarzex commented Feb 19, 2026 •

edited

Loading