Bump the flask group with 5 updates

[dependabot]

Bumps the flask group with 5 updates:

Package	From	To
blinker	1.8.2	1.9.0
flask	3.0.3	3.1.0
flask-session	0.6.0	0.8.0
flask-wtf	1.2.1	1.2.2
werkzeug	3.0.6	3.1.3

Updates blinker from 1.8.2 to 1.9.0

Release notes

Sourced from blinker's releases.

1.9.0

This is the Blinker 1.9.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/blinker/1.9.0/ Changes: https://blinker.readthedocs.io/en/stable/#version-1-9-0 Milestone: https://github.com/pallets-eco/blinker/milestone/1?closed=1

• Drop support for Python 3.8. #175
• Remove previously deprecated __version__, receiver_connected, Signal.temporarily_connected_to and WeakNamespace. #172
• Skip weakref signal cleanup if the interpreter is shutting down. #173

Changelog

Sourced from blinker's changelog.

Version 1.9.0

Released 2024-11-08

• Drop support for Python 3.8. :pr:175
• Remove previously deprecated __version__, receiver_connected, Signal.temporarily_connected_to and WeakNamespace. :pr:172
• Skip weakref signal cleanup if the interpreter is shutting down. :issue:173

Commits

• 669f3a0 release version 1.9.0
• cfe116f try disabling attestions on test pypi
• 16e4bd7 Merge pull request #174 from projectgus/bugfix/weakref_disconnect_shutdown
• 42561fd Fix "Exception ignored" in weakref callback during interpreter shutdown.
• dcce3e9 Merge pull request #175 from pallets-eco/drop-python3.8
• efa95ea drop support for python 3.8
• 8230518 update dev dependencies
• 94f1202 update dev dependencies
• 8c983ec remove previously deprecated code (#172)
• f5915f3 set up pre-commit lite workflow
• Additional commits viewable in compare view

Updates flask from 3.0.3 to 3.1.0

Release notes

Sourced from flask's releases.

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

• Drop support for Python 3.8. #5623
• Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
• Provide a configuration option to control automatic option responses. #5496
• Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
• Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
• Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
• -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
• Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
• Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.0

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option responses. :pr:5496
• Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. :issue:5636

Commits

• ab81496 release version 3.1.0
• 70602a1 remove test pypi
• 6748a09 update dev dependencies
• 22c48a7 Merge remote-tracking branch 'origin/stable'
• 2eab96a use generic bases for session (#5638)
• f49dbfd use generic bases for session
• 7b21d43 configure and check request.trusted_hosts (#5637)
• 4f7156f configure and check trusted_hosts
• 10bdf61 setting SERVER_NAME does not restrict routing for both subdomain_matching...
• 4995a77 fix subdomain_matching=False behavior
• Additional commits viewable in compare view

Updates flask-session from 0.6.0 to 0.8.0

Release notes

Sourced from flask-session's releases.

0.8.0

Add DynamodDB backend and other minor fixes.

Full release notes: https://flask-session.readthedocs.io/en/latest/changes.html#id1

0.7.0

Changelog: https://flask-session.readthedocs.io/en/latest/changes.html#id1

Changelog

Sourced from flask-session's changelog.

0.8.0 - 2024-03-26

Added

-   Add DynamoDB session interface (`[#214](https://github.com/pallets-eco/flask-session/issues/214) <https://github.com/pallets-eco/flask-session/pull/214>`_).
-   Add ability to install client libraries for backends using optional dependencies (extras) (`[#228](https://github.com/pallets-eco/flask-session/issues/228) <https://github.com/pallets-eco/flask-session/pull/228>`_).
Fixed
-   Include prematurely removed ``cachelib`` dependency. Will be removed in 1.0.0 to be an optional dependency (`[#223](https://github.com/pallets-eco/flask-session/issues/223) &lt;https://github.com/pallets-eco/flask-session/issues/223&gt;`_).
0.7.0 - 2024-03-18
Changed

</code></pre>

<ul>

<li>Access session interfaces via subfolder, for example <code>flask_session.redis.RedisSessionInterface</code> (<code>2bc7df &lt;https://github.com/pallets-eco/flask-session/commit/2bc7df1be7b8929e55cb25f13845caf0503630d8&amp;gt;&lt;/code&gt;_).&lt;/li>

<li>Deprecate <code>pickle</code> in favor of <code>msgspec</code>, which is configured with <code>SESSION_SERIALIZATION_FORMAT</code> to choose between <code>'json'</code> and <code>'msgpack'</code>. All sessions will convert to msgspec upon first interaction with 0.7.0. Pickle is still available to read existing sessions, but will be removed in 1.0.0. (<code>c7f8ce &lt;https://github.com/pallets-eco/flask-session/commit/c7f8ced0e1532dea87850d34b3328a3fcb769988&amp;gt;&lt;/code&gt;&lt;em>, <code>c7f8ce &lt;https://github.com/pallets-eco/flask-session/commit/c7f8ced0e1532dea87850d34b3328a3fcb769988&amp;gt;&lt;/code&gt;&lt;/em&gt;)&lt;/li>

<li>Deprecate <code>SESSION_USE_SIGNER</code> (<code>a5dba7 &lt;https://github.com/pallets-eco/flask-session/commit/a5dba7022f806c8fb4412d0428b69dd4a077e4a7&amp;gt;&lt;/code&gt;_).&lt;/li>

<li>Deprecate :class:<code>flask_session.filesystem.FileSystemSessionInterface</code> in favor of the broader :class:<code>flask_session.cachelib.CacheLibSessionInterface</code> (<code>2bc7df &lt;https://github.com/pallets-eco/flask-session/commit/2bc7df1be7b8929e55cb25f13845caf0503630d8&amp;gt;&lt;/code&gt;_).&lt;/li>

</ul>

<p>Added</p>

<pre><code>-   Add time-to-live expiration for MongoDB (9acee3 &amp;lt;https://github.com/pallets-eco/flask-session/commit/9acee3c5fb7072476f3feea923529d19d5e855c3&amp;gt;_).

Add retry for SQL based storage ([#211](https://github.com/pallets-eco/flask-session/issues/211) &amp;lt;https://github.com/pallets-eco/flask-session/pull/211&amp;gt;_).
Add flask session_cleanup command and alternatively, SESSION_CLEANUP_N_REQUESTS for SQLAlchemy or future non-TTL backends ([#211](https://github.com/pallets-eco/flask-session/issues/211) &amp;lt;https://github.com/pallets-eco/flask-session/pull/211&amp;gt;_).
Add type hints (7d7d58 &amp;lt;https://github.com/pallets-eco/flask-session/commit/7d7d58ce371553da39095a421445cf639a62bd5f&amp;gt;_).
Add logo and additional documentation.
Add vary cookie header when session modified or accessed as per flask's built-in session (7ab698 &amp;lt;https://github.com/pallets-eco/flask-session/commit/7ab6980c8ba15912df13dd1e78242803e8104dd6&amp;gt;_).
Add regenerate method to session interface to mitigate fixation ([#27](https://github.com/pallets-eco/flask-session/issues/27) &amp;lt;https://github.com/pallets-eco/flask-session/pull/27&amp;gt;, [#39](https://github.com/pallets-eco/flask-session/issues/39) &amp;lt;https://github.com/pallets-eco/flask-session/issues/39&amp;gt;)(80df63 &amp;lt;https://github.com/pallets-eco/flask-session/commit/80df635ffd466fa7798f6031be5469b4d5dae069&amp;gt;_).

Removed

</code></pre>

<ul>

<li>Remove null session in favour of relevant exception messages (<code>#107 &lt;https://github.com/pallets-eco/flask-session/issues/107&amp;gt;&lt;/code&gt;&lt;em>, <code>#182 &lt;https://github.com/pallets-eco/flask-session/issues/182&amp;gt;&lt;/code&gt;&lt;/em&gt;)(&lt;code&gt;d7ed1c &lt;https://github.com/pallets-eco/flask-session/commit/d7ed1c6e7eb3904888b72f0d6c006db1b9b60795&amp;gt;&lt;/code&gt;_).&lt;/li>

<li>Drop support for Python 3.7 which is end-of-life and precludes use of msgspec (<code>bd7e5b &lt;https://github.com/pallets-eco/flask-session/commit/bd7e5b0bbfc10cdfa9c83b859593c69cc4381571&amp;gt;&lt;/code&gt;_).&lt;/li>

</ul>

<p>Fixed</p>

<pre><code>-   Prevent session identifier reuse on storage miss ([#76](https://github.com/pallets-eco/flask-session/issues/76) &amp;lt;https://github.com/pallets-eco/flask-session/pull/76&amp;gt;_).

Abstraction to improve consistency between backends.
Enforce PERMANENT_SESSION_LIFETIME as expiration consistently for all backends ([#81](https://github.com/pallets-eco/flask-session/issues/81) &amp;lt;https://github.com/pallets-eco/flask-session/issues/81&amp;gt;)(86895b &amp;lt;https://github.com/pallets-eco/flask-session/commit/86895b523203ca67c9f87416bdbf028852dcb357&amp;gt;).
Specifically include backend session interfaces in public API and document usage ([#210](https://github.com/pallets-eco/flask-session/issues/210) &amp;lt;https://github.com/pallets-eco/flask-session/issues/210&amp;gt;_).
Fix non-permanent sessions not updating expiry ([#221](https://github.com/pallets-eco/flask-session/issues/221) &amp;lt;https://github.com/pallets-eco/flask-session/issues/221&amp;gt;_).

</code></pre>

</blockquote>

</details>

<details>

<summary>Commits</summary>

<ul>

<li>See full diff in <a href="https://github.com/pallets-eco/flask-session/commits/0.8.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates flask-wtf from 1.2.1 to 1.2.2

Release notes
Sourced from flask-wtf's releases.

v1.2.2

Move the project to the pallets-eco organization. #602
Stop support for Python 3.8. Start support for Python 3.13. #603




Changelog
Sourced from flask-wtf's changelog.

Version 1.2.2
Released 2024-10-20

Move the project to the pallets-eco organization. :pr:602
Stop support for Python 3.8. Start support for Python 3.13. :pr:603




Commits

2e14295 chore: pre-commit autoupdate
552b7a7 chore: bump to 1.2.2
32f1276 chore: install 'build' dependency for the release GHA workflow
f712367 chore: dependencies update
b929162 chore: use Flask inspired GHA workflow
07049e3 Merge pull request #604 from azmeuk/flask-pre-commit
49a1380 chore: pre-commit configuration insipred from Flask
f2bbd1b Merge pull request #603 from azmeuk/py313
d3cd8bf chore: stop support for python 3.8; start support for python 3.13
0b2e5e4 Merge pull request #602 from azmeuk/pallets-eco
Additional commits viewable in compare view




Updates werkzeug from 3.0.6 to 3.1.3

Release notes
Sourced from werkzeug's releases.

3.1.3
This is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.
PyPI: https://pypi.org/project/Werkzeug/3.1.3/
Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3
Milestone: https://github.com/pallets/werkzeug/milestone/41?closed=1

Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. #2994
When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. #2993

3.1.2
This is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.
PyPI: https://pypi.org/project/Werkzeug/3.1.2/
Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2
Milestone: https://github.com/pallets/werkzeug/milestone/40?closed=1

Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. #2988
Headers does not inherit from MutableMapping, as it is does not exactly match that interface. #2989

3.1.1
This is the Werkzeug 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.
PyPI: https://pypi.org/project/Werkzeug/3.1.1/
Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-1
Milestone: https://github.com/pallets/werkzeug/milestone/38?closed=1

Fix an issue that caused str(Request.headers) to always appear empty. #2985

3.1.0
This is the Werkzeug 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.
PyPI: https://pypi.org/project/Werkzeug/3.1.0/
Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0
Milestone: https://github.com/pallets/werkzeug/milestone/34?closed=1

Drop support for Python 3.8. #2966
Remove previously deprecated code. #2967
Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. #2964
OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. #2968
Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.

Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. #2980
max_age is None if present without a value, rather than -1. #2980
no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. #2980
max_stale is True if present without a value, rather than "*". #2980
no_transform is a boolean. Previously it was mistakenly always None. #2881
min_fresh is None if present without a value, rather than "*". #2881
private is True if present without a value, rather than "*". #2980
Added the must_understand property. #2881
Added the stale_while_revalidate, and stale_if_error properties. #2948





... (truncated)


Changelog
Sourced from werkzeug's changelog.

Version 3.1.3
Released 2024-11-08

Initial data passed to MultiDict and similar interfaces only accepts
list, tuple, or set when passing multiple values. It had been
changed to accept any Collection, but this matched types that should be
treated as single values, such as bytes. :issue:2994
When the Host header is not set and Request.host falls back to the
WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped
in [] to match the Host header. :issue:2993

Version 3.1.2
Released 2024-11-04

Improve type annotation for TypeConversionDict.get to allow the type
parameter to be a callable. :issue:2988
Headers does not inherit from MutableMapping, as it is does not
exactly match that interface. :issue:2989

Version 3.1.1
Released 2024-11-01

Fix an issue that caused str(Request.headers) to always appear empty.
:issue:2985

Version 3.1.0
Released 2024-10-31


Drop support for Python 3.8. :pr:2966


Remove previously deprecated code. :pr:2967


Request.max_form_memory_size defaults to 500kB instead of unlimited.
Non-file form fields over this size will cause a RequestEntityTooLarge
error. :issue:2964


OrderedMultiDict and ImmutableOrderedMultiDict are deprecated.
Use MultiDict and ImmutableMultiDict instead. :issue:2968


Behavior of properties on request.cache_control and
response.cache_control has been significantly adjusted.

Dict values are always str | None. Setting properties will convert





... (truncated)


Commits

6389612 release version 3.1.3
ba15683 wrap IPv6 SERVER_NAME in [] (#2997)
d99f72d wrap IPv6 SERVER_NAME in []
ea93b54 restrict containers accepted by multi (#2995)
598bb1d restrict containers accepted by multi
1a1728e start version 3.1.3
4fd7073 release version 3.1.2 (#2992)
4764684 release version 3.1.2
1803db6 Headers is not MutableMapping (#2991)
ac87bf8 Headers is not MutableMapping
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @tim-s-ccs.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[tim-s-ccs]

@dependabot merge