Bump flask from 1.1.1 to 2.0.1

[dependabot-preview[bot]]

Bumps flask from 1.1.1 to 2.0.1.

Release notes

Sourced from flask's releases.

2.0.1

• Changes: https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-1

2.0.0

New major versions of all the core Pallets libraries, including Flask 2.0, have been released! :tada:

• Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
• Read the full list of changes: https://flask.palletsprojects.com/changes/#version-2-0-0
• Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
• Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

2.0.0rc2

• Changes: https://flask.palletsprojects.com/en/master/changes#version-2-0-0

2.0.0rc1

• Changes: https://flask.palletsprojects.com/en/master/changes/#version-2-0-0

1.1.2

1.1.x is the last version to support Python 2.7 and Python 3.5. It also contains deprecation warnings for code that will be removed in 2.0. Please pay attention to deprecation warnings in your project!

This release contains a couple bug fixes.

• Changelog: https://flask.palletsprojects.com/en/1.1.x/changelog/#version-1-1-2

Changelog

Sourced from flask's changelog.

Version 2.0.1

Released 2021-05-21

• Re-add the filename parameter in send_from_directory. The filename parameter has been renamed to path, the old name is deprecated. 4019
• Mark top-level names as exported so type checking understands imports in user projects. 4024
• Fix type annotation for g and inform mypy that it is a namespace object that has arbitrary attributes. 4020
• Fix some types that weren't available in Python 3.6.0. 4040
• Improve typing for send_file, send_from_directory, and get_send_file_max_age. 4044, 4026
• Show an error when a blueprint name contains a dot. The . has special meaning, it is used to separate (nested) blueprint names and the endpoint name. 4041
• Combine URL prefixes when nesting blueprints that were created with a url_prefix value. 4037
• Roll back a change to the order that URL matching was done. The URL is again matched after the session is loaded, so the session is available in custom URL converters. 4053
• Re-add deprecated Config.from_json, which was accidentally removed early. 4078
• Improve typing for some functions using Callable in their type signatures, focusing on decorator factories. 4060
• Nested blueprints are registered with their dotted name. This allows different blueprints with the same name to be nested at different locations. 4069
• register_blueprint takes a name option to change the (pre-dotted) name the blueprint is registered with. This allows the same blueprint to be registered multiple times with unique names for url_for. Registering the same blueprint with the same name multiple times is deprecated. 1091
• Improve typing for stream_with_context. 4052

Version 2.0.0

Released 2021-05-11

• Drop support for Python 2 and 3.5.
• Bump minimum versions of other Pallets projects: Werkzeug >= 2, Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure to check the change logs for each project. For better compatibility with other applications (e.g. Celery) that still require Click 7, there is no hard dependency on Click 8 yet, but using Click 7 will trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
• JSON support no longer uses simplejson. To use another JSON module, override app.json_encoder and json_decoder. 3555
• The encoding option to JSON functions is deprecated. 3562
• Passing script_info to app factory functions is deprecated. This was not portable outside the flask command. Use click.get_current_context().obj if it's needed. 3552
• The CLI shows better error messages when the app failed to load when looking up commands. 2741
• Add sessions.SessionInterface.get_cookie_name to allow setting the session cookie name dynamically. 3369
• Add Config.from_file to load config using arbitrary file loaders, such as toml.load or json.load. Config.from_json is deprecated in favor of this. 3398
• The flask run command will only defer errors on reload. Errors present during the initial call will cause the server to exit with the traceback immediately. 3431
• send_file raises a ValueError when passed an io object in text mode. Previously, it would respond with 200 OK and an empty file. 3358
• When using ad-hoc certificates, check for the cryptography library instead of PyOpenSSL. 3492
• When specifying a factory function with FLASK_APP, keyword argument can be passed. 3553
• When loading a .env or .flaskenv file, the current working directory is no longer changed to the location of the file. 3560
• When returning a (response, headers) tuple from a view, the headers replace rather than extend existing headers on the response. For example, this allows setting the Content-Type for jsonify(). Use response.headers.extend() if extending is desired. 3628
• The Scaffold class provides a common API for the Flask and Blueprint classes. Blueprint information is stored in attributes just like Flask, rather than opaque lambda functions. This is intended to improve consistency and maintainability. 3215
• Include samesite and secure options when removing the session cookie. 3726
• Support passing a pathlib.Path to static_folder. 3579
• send_file and send_from_directory are wrappers around the implementations in werkzeug.utils. 3828
• Some send_file parameters have been renamed, the old names are deprecated. attachment_filename is renamed to download_name. cache_timeout is renamed to max_age. add_etags is renamed to etag. 3828, 3883
• send_file passes download_name even if as_attachment=False by using Content-Disposition: inline. 3828
• send_file sets conditional=True and max_age=None by default. Cache-Control is set to no-cache if max_age is not set, otherwise public. This tells browsers to validate conditional requests instead of using a timed cache. 3828
• helpers.safe_join is deprecated. Use werkzeug.utils.safe_join instead. 3828
• The request context does route matching before opening the session. This could allow a session interface to change behavior based on request.endpoint. 3776
• Use Jinja's implementation of the |tojson filter. 3881
• Add route decorators for common HTTP methods. For example, @app.post("/login") is a shortcut for @app.route("/login", methods=["POST"]). 3907
• Support async views, error handlers, before and after request, and teardown functions. 3412

... (truncated)

Commits

• bc90801 Merge pull request #4091 from pallets/release-2.0.1
• fe2d744 release version 2.0.1
• 9f606a8 Merge pull request #4090 from pallets/stream-type
• 7ab934f improve typing for stream_with_context
• 6b1c4e9 Merge pull request #4087 from greyli/gitignore
• 255461d Merge pull request #4074 from pgjones/bp
• 3257b75 Fix blueprint renaming
• 714b0a4 Fix blueprint self registration
• 9409be6 warn when registering same blueprint with same name
• 63b3067 changelog for blueprint registered name
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)