Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Bump flask from 0.12.2 to 1.0 in /bar-charts-bokeh-bottle-python-3#2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
dependabot wants to merge1 commit intomaster
base:master
Choose a base branch
Loading
fromdependabot/pip/bar-charts-bokeh-bottle-python-3/flask-1.0

Conversation

dependabot[bot]
Copy link

@dependabotdependabotbot commented on behalf ofgithubMar 28, 2020
edited
Loading

Bumpsflask from 0.12.2 to 1.0.

Release notes

Sourced fromflask's releases.

1.0

The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/

There are over a year's worth of changes in this release. Many features have been improved or changed.Read the changelog to understand how your project's code will be affected.

JSON Security Fix

Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.

Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.

Install or Upgrade

Install fromPyPI with pip:

pip install -U Flask

0.12.4

This is a repackage of0.12.3 to fix an issue with how the package was built.

Upgrade

Upgrade fromPyPI with pip. Use a version identifier if you want to stay at 0.12:

pip install -U 'Flask~=0.12.4'

0.12.3

This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the1.0 announcement and update to it instead if possible.

JSON Security Fix

Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.

Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.

Upgrade

Upgrade fromPyPI with pip. Use a version identifier if you want to stay at 0.12:

pip install -U 'Flask~=0.12.3'
... (truncated)
Changelog

Sourced fromflask's changelog.

Version 1.0

Released 2018-04-26

  • Python 2.6 and 3.3 are no longer supported.
  • Bump minimum dependency versions to the latest stable versions:Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1.:issue:2586
  • Skip :meth:app.run <Flask.run> when a Flask application is runfrom the command line. This avoids some behavior that was confusingto debug.
  • Change the default for :data:JSONIFY_PRETTYPRINT_REGULAR toFalse. :func:~json.jsonify returns a compact format bydefault, and an indented format in debug mode. :pr:2193
  • :meth:Flask.__init__ <Flask> accepts thehost_matchingargument and sets it on :attr:~Flask.url_map. :issue:1559
  • :meth:Flask.__init__ <Flask> accepts thestatic_host argumentand passes it as thehost argument when defining the staticroute. :issue:1559
  • :func:send_file supports Unicode inattachment_filename.:pr:2223
  • Pass_scheme argument from :func:url_for to:meth:~Flask.handle_url_build_error. :pr:2017
  • :meth:~Flask.add_url_rule accepts theprovide_automatic_options argument to disable adding theOPTIONS method. :pr:1489
  • :class:~views.MethodView subclasses inherit method handlers frombase classes. :pr:1936
  • Errors caused while opening the session at the beginning of therequest are handled by the app's error handlers. :pr:2254
  • Blueprints gained :attr:~Blueprint.json_encoder and:attr:~Blueprint.json_decoder attributes to override the app'sencoder and decoder. :pr:1898
  • :meth:Flask.make_response raisesTypeError instead ofValueError for bad response types. The error messages have beenimproved to describe why the type is invalid. :pr:2256
  • Addroutes CLI command to output routes registered on theapplication. :pr:2259
  • Show warning when session cookie domain is a bare hostname or an IPaddress, as these may not behave properly in some browsers, such asChrome. :pr:2282
  • Allow IP address as exact session cookie domain. :pr:2282
  • SESSION_COOKIE_DOMAIN is set if it is detected throughSERVER_NAME. :pr:2282
  • Auto-detect zero-argument app factory calledcreate_app ormake_app fromFLASK_APP. :pr:2297
  • Factory functions are not required to take ascript_infoparameter to work with theflask command. If they take a singleparameter or a parameter namedscript_info, the
... (truncated)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from theSecurity Alerts page.

@dependabotdependabotbot added the dependenciesPull requests that update a dependency file labelMar 28, 2020
@dependabotdependabotbotforce-pushed thedependabot/pip/bar-charts-bokeh-bottle-python-3/flask-1.0 branch fromccdcc55 toef5297aCompareJune 29, 2020 20:17
@dependabotdependabotbotforce-pushed thedependabot/pip/bar-charts-bokeh-bottle-python-3/flask-1.0 branch fromef5297a toc9df980CompareOctober 8, 2020 18:16
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependenciesPull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

0 participants
[8]ページ先頭
©2009-2025 Movatter.jp