Flask

-------------

Released 2022-03-28

- Drop support for Python 3.6. :pr:`4335`
- Update Click dependency to >= 8.0. :pr:`4008`
- Remove previously deprecated code. :pr:`4337`

- The CLI does not pass ``script_info`` to app factory functions.
- ``config.from_json`` is replaced by
``config.from_file(name, load=json.load)``.
- ``json`` functions no longer take an ``encoding`` parameter.
- ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
instead.
- ``total_seconds`` is removed, use ``timedelta.total_seconds``
instead.
- The same blueprint cannot be registered with the same name. Use
``name=`` when registering to specify a unique name.
- The test client's ``as_tuple`` parameter is removed. Use
``response.request.environ`` instead. :pr:`4417`

- Some parameters in ``send_file`` and ``send_from_directory`` were
renamed in 2.0. The deprecation period for the old names is extended
to 2.2. Be sure to test with deprecation warnings visible.

- ``attachment_filename`` is renamed to ``download_name``.
- ``cache_timeout`` is renamed to ``max_age``.
- ``add_etags`` is renamed to ``etag``.
- ``filename`` is renamed to ``path``.

- The ``RequestContext.g`` property is deprecated. Use ``g`` directly
or ``AppContext.g`` instead. :issue:`3898`
- ``copy_current_request_context`` can decorate async functions.
:pr:`4303`
- The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to
load command entry points. :issue:`4419`
- Overriding ``FlaskClient.open`` will not cause an error on redirect.
:issue:`3396`
- Add an ``--exclude-patterns`` option to the ``flask run`` CLI
command to specify patterns that will be ignored by the reloader.
:issue:`4188`
- When using lazy loading (the default with the debugger), the Click
context from the ``flask run`` command remains available in the
loader thread. :issue:`4460`
- Deleting the session cookie uses the ``httponly`` flag.
:issue:`4485`
- Relax typing for ``errorhandler`` to allow the user to use more
precise types and decorate the same function multiple times.
:issue:`4095, 4295, 4297`
- Fix typing for ``__exit__`` methods for better compatibility with
``ExitStack``. :issue:`4474`
- From Werkzeug, for redirect responses the ``Location`` header URL
will remain relative, and exclude the scheme and domain, by default.
:pr:`4496`
- Add ``Config.from_prefixed_env()`` to load config values from
environment variables that start with ``FLASK_`` or another prefix.
This parses values as JSON by default, and allows setting keys in
nested dicts. :pr:`4479`

-------------

Released 2022-02-14

- The test client's ``as_tuple`` parameter is deprecated and will be
removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
removed in Flask 2.1, while remaining compatible with both in
2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
- Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
- Revert a change to the CLI that caused it to hide ``ImportError``
tracebacks when importing the application. :issue:`4307`
- ``app.json_encoder`` and ``json_decoder`` are only passed to
``dumps`` and ``loads`` if they have custom behavior. This improves
performance, mainly on PyPy. :issue:`4349`
- Clearer error message when ``after_this_request`` is used outside a
request context. :issue:`4333`

-------------

Released 2021-10-04

- Fix type annotation for ``teardown_*`` methods. :issue:`4093`
- Fix type annotation for ``before_request`` and ``before_app_request``
decorators. :issue:`4104`
- Fixed the issue where typing requires template global
decorators to accept functions with no arguments. :issue:`4098`
- Support View and MethodView instances with async handlers. :issue:`4112`
- Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
- Fix registering a blueprint twice with differing names. :issue:`4124`
- Fix the type of ``static_folder`` to accept ``pathlib.Path``.
:issue:`4150`
- ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
:issue:`4157`
- Correctly handle raising deferred errors in CLI lazy loading.
:issue:`4096`
- The CLI loader handles ``**kwargs`` in a ``create_app`` function.
:issue:`4170`
- Fix the order of ``before_request`` and other callbacks that trigger
before the view returns. They are called from the app down to the
closest nested blueprint. :issue:`4229`

-------------

Released 2021-05-21

- Re-add the ``filename`` parameter in ``send_from_directory``. The
``filename`` parameter has been renamed to ``path``, the old name
is deprecated. :pr:`4019`
- Mark top-level names as exported so type checking understands
imports in user projects. :issue:`4024`
- Fix type annotation for ``g`` and inform mypy that it is a namespace
object that has arbitrary attributes. :issue:`4020`
- Fix some types that weren't available in Python 3.6.0. :issue:`4040`
- Improve typing for ``send_file``, ``send_from_directory``, and
``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
- Show an error when a blueprint name contains a dot. The ``.`` has
special meaning, it is used to separate (nested) blueprint names and
the endpoint name. :issue:`4041`
- Combine URL prefixes when nesting blueprints that were created with
a ``url_prefix`` value. :issue:`4037`
- Revert a change to the order that URL matching was done. The
URL is again matched after the session is loaded, so the session is
available in custom URL converters. :issue:`4053`
- Re-add deprecated ``Config.from_json``, which was accidentally
removed early. :issue:`4078`
- Improve typing for some functions using ``Callable`` in their type
signatures, focusing on decorator factories. :issue:`4060`
- Nested blueprints are registered with their dotted name. This allows
different blueprints with the same name to be nested at different
locations. :issue:`4069`
- ``register_blueprint`` takes a ``name`` option to change the
(pre-dotted) name the blueprint is registered with. This allows the
same blueprint to be registered multiple times with unique names for
``url_for``. Registering the same blueprint with the same name
multiple times is deprecated. :issue:`1091`
- Improve typing for ``stream_with_context``. :issue:`4052`

-------------

Released 2021-05-11

- Drop support for Python 2 and 3.5.
- Bump minimum versions of other Pallets projects: Werkzeug >= 2,
Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
to check the change logs for each project. For better compatibility
with other applications (e.g. Celery) that still require Click 7,
there is no hard dependency on Click 8 yet, but using Click 7 will
trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
- JSON support no longer uses simplejson. To use another JSON module,
override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
- The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
- Passing ``script_info`` to app factory functions is deprecated. This
was not portable outside the ``flask`` command. Use
``click.get_current_context().obj`` if it's needed. :issue:`3552`
- The CLI shows better error messages when the app failed to load
when looking up commands. :issue:`2741`
- Add ``SessionInterface.get_cookie_name`` to allow setting the
session cookie name dynamically. :pr:`3369`
- Add ``Config.from_file`` to load config using arbitrary file
loaders, such as ``toml.load`` or ``json.load``.
``Config.from_json`` is deprecated in favor of this. :pr:`3398`
- The ``flask run`` command will only defer errors on reload. Errors
present during the initial call will cause the server to exit with
the traceback immediately. :issue:`3431`
- ``send_file`` raises a ``ValueError`` when passed an ``io`` object
in text mode. Previously, it would respond with 200 OK and an empty
file. :issue:`3358`
- When using ad-hoc certificates, check for the cryptography library
instead of PyOpenSSL. :pr:`3492`
- When specifying a factory function with ``FLASK_APP``, keyword
argument can be passed. :issue:`3553`
- When loading a ``.env`` or ``.flaskenv`` file, the current working
directory is no longer changed to the location of the file.
:pr:`3560`
- When returning a ``(response, headers)`` tuple from a view, the
headers replace rather than extend existing headers on the response.
For example, this allows setting the ``Content-Type`` for
``jsonify()``. Use ``response.headers.extend()`` if extending is
desired. :issue:`3628`
- The ``Scaffold`` class provides a common API for the ``Flask`` and
``Blueprint`` classes. ``Blueprint`` information is stored in
attributes just like ``Flask``, rather than opaque lambda functions.
This is intended to improve consistency and maintainability.
:issue:`3215`
- Include ``samesite`` and ``secure`` options when removing the
session cookie. :pr:`3726`
- Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
- ``send_file`` and ``send_from_directory`` are wrappers around the
implementations in ``werkzeug.utils``. :pr:`3828`
- Some ``send_file`` parameters have been renamed, the old names are
deprecated. ``attachment_filename`` is renamed to ``download_name``.
``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
renamed to ``etag``. :pr:`3828, 3883`
- ``send_file`` passes ``download_name`` even if
``as_attachment=False`` by using ``Content-Disposition: inline``.
:pr:`3828`
- ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
not set, otherwise ``public``. This tells browsers to validate
conditional requests instead of using a timed cache. :pr:`3828`
- ``helpers.safe_join`` is deprecated. Use
``werkzeug.utils.safe_join`` instead. :pr:`3828`
- The request context does route matching before opening the session.
This could allow a session interface to change behavior based on
``request.endpoint``. :issue:`3776`
- Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
- Add route decorators for common HTTP methods. For example,
``app.post("/login")`` is a shortcut for
``app.route("/login", methods=["POST"])``. :pr:`3907`
- Support async views, error handlers, before and after request, and
teardown functions. :pr:`3412`
- Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
- Set the default encoding to "UTF-8" when loading ``.env`` and
``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
- ``flask shell`` sets up tab and history completion like the default
``python`` shell if ``readline`` is installed. :issue:`3941`
- ``helpers.total_seconds()`` is deprecated. Use
``timedelta.total_seconds()`` instead. :pr:`3962`
- Add type hinting. :pr:`3973`.

-------------

Released 2021-05-13

- Update ``static_folder`` to use ``_compat.fspath`` instead of
``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`