Skip to content

chore(deps): bump the flask group across 1 directory with 2 updates#33

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/flask-8f5122a40a
Open

chore(deps): bump the flask group across 1 directory with 2 updates#33
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/flask-8f5122a40a

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026
edited
Loading

Updates the requirements on flask and flask-limiter to permit the latest version.
Updates flask to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726
Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

  • stream_with_context does not fail inside async views. :issue:5774
  • When using follow_redirects in the test client, the final state of session is correct. :issue:5786
  • Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

  • Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. :issue:5645
  • flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673
  • Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option responses. :pr:5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits
  • 22d9247 release version 3.1.3
  • 089cb86 Merge commit from fork
  • c17f379 request context tracks session access
  • 27be933 start version 3.1.3
  • 4e652d3 Abort if the instance folder cannot be created (#5903)
  • 3d03098 Abort if the instance folder cannot be created
  • 407eb76 document using gevent for async (#5900)
  • ac5664d document using gevent for async
  • 4f79d5b Increase required flit_core version to 3.11 (#5865)
  • fe3b215 Increase required flit_core version to 3.11
  • Additional commits viewable in compare view

Updates flask-limiter to 4.1.1

Release notes

Sourced from flask-limiter's releases.

4.1.1

Bug Fix

  • Ensure cli commands fail gracefully when cli dependencies are not installed.
Changelog

Sourced from flask-limiter's changelog.

v4.1.1

Release Date: 2025-12-06

  • Bug Fix

    • Ensure cli commands fail gracefully when cli dependencies are not installed.

v4.1.0

Release Date: 2025-12-02

  • Deployment

    • Extract cli specific requirements to an extra

  • Compatibility

    • Add python 3.14 support

v4.0.0

Release Date: 2025-09-30

  • Feature

    • Expose flask_limiter.Limit, flask_limiter.RouteLimit, flask_limiter.ApplicationLimit & flask_limiter.MetaLimit limit description classes that can be used to pass in default, application & meta limits to the Limiter extension. This allows for a more fine grained control for end users while also simplifying the internal implementation of different types of limits.

  • Compatibility

    • Prefix all internal sub modules with underscore. All imports should be from the root flask_limiter namespace only.

  • Development

    • Migrate all project metadata to pyproject
    • Remove versioneer
    • Use uv for development
    • Use hatch for build

... (truncated)

Commits
  • e9c1464 Update changelog for 4.1.1
  • 0083502 Update uv.lock
  • c45325c Add rich to dev dependencies
  • 4029925 Ensure cli extra is installed for docs generation
  • 114c01b Handle missing cli dependencies gracefully
  • 4aee644 Update changelog for 4.1.0
  • 4eb58a3 Extract cli dependencies as an extra
  • e1a162c Add python 3.14 support
  • 3d4f23a Update changelog for 4.0.0
  • ecf2fed Remove unused .gitmodules
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 13, 2026
@dependabot
chore(deps): bump the flask group with 2 updates
b089f56 
Updates the requirements on [flask](https://github.com/pallets/flask) and [flask-limiter](https://github.com/alisaifee/flask-limiter) to permit the latest version.

Updates `flask` to 3.1.3
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.1.0...3.1.3)

Updates `flask-limiter` to 4.1.1
- [Release notes](https://github.com/alisaifee/flask-limiter/releases)
- [Changelog](https://github.com/alisaifee/flask-limiter/blob/master/HISTORY.rst)
- [Commits](alisaifee/flask-limiter@3.8.0...4.1.1)

---
updated-dependencies:
- dependency-name: flask
  dependency-version: 3.1.3
  dependency-type: direct:production
  dependency-group: flask
- dependency-name: flask-limiter
  dependency-version: 4.1.1
  dependency-type: direct:production
  dependency-group: flask
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the flask group with 2 updates chore(deps): bump the flask group across 1 directory with 2 updates Apr 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/flask-8f5122a40a branch from 83c0645 to b089f56 Compare April 20, 2026 03:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants