chore(deps): bump the project-api-dependencies group across 1 directory with 65 updates

[dependabot]

Bumps the project-api-dependencies group with 65 updates in the /apps/project-api directory:

Package	From	To
flask	2.2.5	3.0.3
jinja2	3.1.2	3.1.4
werkzeug	2.2.3	3.0.3
marshmallow	3.19.0	3.21.3
flask-sqlalchemy	2.5.1	3.1.1
sqlalchemy	1.4.49	2.0.30
alembic	1.12.0	1.13.1
marshmallow-sqlalchemy	0.29.0	1.0.0
flask-smorest	0.41.0	0.44.0
flask-cors	4.0.0	4.0.1
sqlalchemy-utils	0.41.1	0.41.2
sqlalchemy-history	2.0.0	2.1.4
flask-babel	3.1.0	4.0.0
plotly	5.17.0	5.22.0
celery[redis]	5.2.7	5.4.0
python-dateutil	2.8.2	2.9.0.post0
networkx	2.6.3	3.3
dulwich	0.21.6	0.22.1
pyflakes	3.0.1	3.2.0
cryptography	41.0.3	42.0.8
dynaconf	3.1.11	3.2.5
dogpile-cache	1.2.2	1.3.3
cachetools	5.3.1	5.3.3
requests	2.31.0	2.32.3
kaleido	0.2.1	0.2.1.post1
jsonschema	4.17.3	4.22.0
zipp	3.15.0	3.19.2
webargs	8.1.0	8.4.0
typing-extensions	4.7.1	4.12.2
pyrsistent	0.19.3	0.20.0
pyparsing	3.1.1	3.1.2
protobuf	4.24.3	5.27.1
markupsafe	2.1.3	2.1.5
mako	1.2.4	1.3.5
kombu	5.2.4	5.3.7
itsdangerous	2.1.2	2.2.0
importlib-resources	5.12.0	6.4.0
importlib-metadata	4.13.0	7.1.0
apispec[marshmallow]	6.3.0	6.6.1
charset-normalizer	3.2.0	3.3.2
stevedore	3.5.2	5.2.0
docutils	0.20.1	0.21.2
scikit-learn	1.0.2	1.5.0
sklearn2pmml	0.94.1	0.108.0
amqp	5.1.1	5.2.0
attrs	23.1.0	23.2.0
babel	2.12.1	2.15.0
billiard	3.6.4.0	4.2.0
certifi	2023.7.22	2024.6.2
cffi	1.15.1	1.16.0
click-didyoumean	0.3.0	0.3.1
flatbuffers	23.5.26	24.3.25
greenlet	2.0.2	3.0.3
idna	3.4	3.7
packaging	23.1	24.1
pbr	5.11.1	6.0.0
prompt-toolkit	3.0.39	3.0.47
pycparser	2.21	2.22
pytz	2023.3.post1	2024.1
redis	4.6.0	5.0.6
sympy	1.10	1.12.1
tenacity	8.2.3	8.3.0
urllib3	2.0.6	2.2.1
vine	5.0.0	5.1.0
wcwidth	0.2.6	0.2.13

Updates flask from 2.2.5 to 3.0.3

Release notes

Sourced from flask's releases.

3.0.3

This is a fix release for the 3.0.x feature branch.

PyPI: https://pypi.org/project/Flask/3.0.3/ Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/flask/milestone/35?closed=1

• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. #5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in the Flask concrete class. #5270

3.0.2

This is a fix release for the 3.0.x feature release branch. It fixes bugs but does not otherwise change behavior and should not result in breaking changes.

• Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3.0.2
• Milestone: https://github.com/pallets/flask/milestone/34?closed=1
• PyPI: https://pypi.org/project/Flask/3.0.2/

3.0.1

This is a fix release for the 3.0.x feature release branch.

Fixes an issue where using other JSON providers, such as flask-orjson, previously caused loaded session data to have an incorrect format in some cases.

• Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-1
• Milestone: https://github.com/pallets/flask/milestone/32?closed=1
• PyPI: https://pypi.org/project/Flask/3.0.1/

3.0.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-0
• Milestone: https://github.com/pallets/flask/milestone/20?closed=1

2.3.3

This is a fix release for the 2.3.x feature branch.

• Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-3
• Milestone: https://github.com/pallets/flask/milestone/31?closed=1

2.3.2

This is a security fix release for the 2.3.x release branch.

• Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
• Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-2
• Milestone: https://github.com/pallets/flask/milestone/29?closed=1

2.3.1

This is a fix release for the 2.3.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-1
• Milestone: https://github.com/pallets/flask/milestone/28?closed=1

... (truncated)

Changelog

Sourced from flask's changelog.

Version 3.0.3

Released 2024-04-07

• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in the Flask concrete class. :pr:5270

Version 3.0.2

Released 2024-02-03

• Correct type for jinja_loader property. :issue:5388
• Fix error with --extra-files and --exclude-patterns CLI options. :issue:5391

Version 3.0.1

Released 2024-01-18

• Correct type for path argument to send_file. :issue:5230
• Fix a typo in an error message for the flask run --key option. :pr:5344
• Session data is untagged without relying on the built-in json.loads object_hook. This allows other JSON providers that don't implement that. :issue:5381
• Address more type findings when using mypy strict mode. :pr:5383

Version 3.0.0

Released 2023-09-30

• Remove previously deprecated code. :pr:5223
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("flask"), instead. :issue:5230
• Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:5127
• Allow self as an argument to url_for. :pr:5264
• Require Werkzeug >= 3.0.0.

Version 2.3.3

... (truncated)

Commits

• c12a5d8 release version 3.0.3
• 5e22cc9 Don't set the cli attribute in the sansio scaffold (#5270)
• 5fdce4c Don't set the cli attribute in the sansio scaffold
• adb7dd9 don't access app.logger when configuring app.logger
• b739390 support FIPS builds without SHA-1 (#5460)
• db46111 access sha1 lazily
• 7320e31 start version 3.0.3
• 87d5f5b update project files (#5457)
• d5e321b release version 3.0.2 (#5403)
• d203059 release version 3.0.2
• Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates werkzeug from 2.2.3 to 3.0.3

Release notes

Sourced from werkzeug's releases.

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
• Make reloader more robust when "" is in sys.path. #2823
• Better TLS cert format with adhoc dev certs. #2891
• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828
• Type annotation for Rule.endpoint and other uses of endpoint is Any. #2836

3.0.2

This is a fix release for the 3.0.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-2

3.0.1

This is a security release for the 3.0.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

3.0.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-0
• Milestone: https://github.com/pallets/werkzeug/milestone/21?closed=1

2.3.8

This is a security release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-8

2.3.7

This is a fix release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-7
• Milestone: https://github.com/pallets/werkzeug/milestone/33?closed=1

2.3.6

This is a fix release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-6
• Milestone: https://github.com/pallets/werkzeug/milestone/32?closed=1

2.3.5

This is a fix release for the 2.3.x feature branch.

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.0.3

Released 2024-05-05

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. :ghsa:2g68-c3qc-8985

• Make reloader more robust when "" is in sys.path. :pr:2823

• Better TLS cert format with adhoc dev certs. :pr:2891

• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. :issue:2828

• Type annotation for Rule.endpoint and other uses of endpoint is Any. :issue:2836

• Make reloader more robust when "" is in sys.path. :pr:2823

Version 3.0.2

Released 2024-04-01

• Ensure setting merge_slashes to False results in NotFound for repeated-slash requests against single slash routes. :issue:2834
• Fix handling of TypeError in TypeConversionDict.get() to match ValueError. :issue:2843
• Fix response_wrapper type check in test client. :issue:2831
• Make the return type of MultiPartParser.parse more precise. :issue:2840
• Raise an error if converter arguments cannot be parsed. :issue:2822

Version 3.0.1

Released 2023-10-24

• Fix slow multipart parsing for large parts potentially enabling DoS attacks.

Version 3.0.0

Released 2023-09-30

• Remove previously deprecated code. :pr:2768

... (truncated)

Commits

• f9995e9 release version 3.0.3
• 3386395 Merge pull request from GHSA-2g68-c3qc-8985
• 890b6b6 only require trusted host for evalex
• 71b69df restrict debugger trusted hosts
• d2d3869 endpoint type is Any (#2895)
• 7080b55 endpoint type is Any
• 7555eff remove iri_to_uri redirect workaround (#2894)
• 97fb2f7 remove _invalid_iri_to_uri workaround
• 249527f make cn field a valid single hostname, and use wildcard in SANs field. (#2892)
• 793be47 update adhoc tls dev cert format
• Additional commits viewable in compare view

Updates marshmallow from 3.19.0 to 3.21.3

Changelog

Sourced from marshmallow's changelog.

3.21.3 (2024-06-05)

---

Bug fixes:

• Fix memory leak that prevented schema instances from getting GC'd (:pr:2277). Thanks :user:mrcljx for the PR.

3.21.2 (2024-05-01)

---

Bug fixes:

• Allow timestamp 0 in fields.DateTime (:issue:2133). Thanks :user:flydzen for reporting.

3.21.1 (2024-03-04)

---

Bug fixes:

• Fix error message when field is declared as a class and not an instance (:issue:2245). Thanks :user:travnick for reporting.

3.21.0 (2024-02-26)

---

Bug fixes:

• Fix validation of URL fields to allow missing user field, per NWG RFC 3986 (:issue:2232). Thanks :user:ddennerline3 for reporting and :user:deckar01 for the PR.

Other changes:

• Backwards-incompatible: __version__, __parsed_version__, and __version_info__ attributes are deprecated (:issue:2227). Use feature detection or importlib.metadata.version("marshmallow") instead.

3.20.2 (2024-01-09)

---

Bug fixes:

• Fix Nested field type hint for lambda Schema types (:pr:2164). Thanks :user:somethingnew2-0 for the PR.

Other changes:

• Officially support Python 3.12 (:pr:2188).

... (truncated)

Commits

• b9646e3 Bump version and update changelog
• 99103a6 Remove leaky lru_cache (#2277)
• 47205b5 [pre-commit.ci] pre-commit autoupdate (#2276)
• aaecd5b [pre-commit.ci] pre-commit autoupdate
• c592536 [pre-commit.ci] pre-commit autoupdate (#2269)
• ee0c903 [pre-commit.ci] pre-commit autoupdate
• d4fd5a4 [pre-commit.ci] pre-commit autoupdate
• 511b8c5 Bump version and update changelog
• 03f56a4 Merge pull request #2264 from marshmallow-code/allow_timestamp_0
• 58fbbcd Encapsulate timestamp boolean check in utils
• Additional commits viewable in compare view

Updates flask-sqlalchemy from 2.5.1 to 3.1.1

Release notes

Sourced from flask-sqlalchemy's releases.

3.1.1

This is a quick extra change to 3.1.0 which was released earlier today. It deprecates the __version__ attribute, to be removed in 3.2. Pallets projects in general are doing this to encourage feature detection or using the standard importlib.metadata.version(name) instead.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.1.x/changes/#version-3-1-1
• Milestone: https://github.com/pallets-eco/flask-sqlalchemy/milestone/19?closed=1

3.1.0

This is a feature release, which includes new features and removes previously deprecated code. The 3.1.x branch is now the supported bug fix branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.1.x/changes/#version-3-1-0
• Milestone: https://github.com/pallets-eco/flask-sqlalchemy/milestone/15?closed=1

3.0.5

This is a fix release for the 3.0.x feature release. It fixes a pagination issue and improves typing.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.0.x/changes/#version-3-0-5
• Milestone: https://github.com/pallets-eco/flask-sqlalchemy/milestone/18

3.0.4

This is a fix release for the 3.0.x feature release. It updates some typing related issues.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.0.x/changes/#version-3-0-4

3.0.3

An SLSA provenance file for the build is available to download from the GitHub release page.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.0.x/changes/#version-3-0-3
• Milestone: https://github.com/pallets-eco/flask-sqlalchemy/milestone/17?closed=1

3.0.2

This is a fix release for the 3.0.x feature release. It updates compatibility with SQLAlchemy 2.0 beta 1.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.0.x/changes/#version-3-0-2
• Milestone: https://github.com/pallets-eco/flask-sqlalchemy/milestone/16?closed=1

3.0.1

This is a fix release for the 3.0.x feature release.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.0.x/changes/#version-3-0-1
• Milestone: https://github.com/pallets-eco/flask-sqlalchemy/milestone/14?closed=1

3.0.0

This is a feature release, which includes new features and removes previously deprecated code. The 3.0.x branch is now the supported bug fix branch, the 2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://flask-sqlalchemy.palletsprojects.com/en/3.0.x/changes/#version-3-0-0
• Milestone: https://github.com/pallets-eco/flask-sqlalchemy/milestone/2?closed=1

3.0.0a2

This is a prerelease to preview the changes in 3.0, the next feature release. Prereleases are an opportunity to test and update your projects early before the final release.

... (truncated)

Changelog

Sourced from flask-sqlalchemy's changelog.

Version 3.1.1

Released 2023-09-11

• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("flask-sqlalchemy"), instead. :pr:1256

Version 3.1.0

Released 2023-09-11

• Drop support for Python 3.7. :pr:1251
• Add support for the SQLAlchemy 2.x API via model_class parameter. :issue:1140
• Bump minimum version of SQLAlchemy to 2.0.16.
• Remove previously deprecated code.
• Pass extra keyword arguments from get_or_404 to session.get. :issue:1149
• Fix bug with finding right bind key for clause statements. :issue:1211

Version 3.0.5

Released 2023-06-21

• Pagination.next() enforces max_per_page. :issue:1201
• Improve type hint for get_or_404 return value to be non-optional. :pr:1226

Version 3.0.4

Released 2023-06-19

• Fix type hint for get_or_404 return value. :pr:1208
• Fix type hints for pyright (used by VS Code Pylance extension). :issue:1205

Version 3.0.3

Released 2023-01-31

• Show helpful errors when mistakenly using multiple SQLAlchemy instances for the same app, or without calling init_app. :pr:1151
• Fix issue with getting the engine associated with a model that uses polymorphic table inheritance. :issue:1155

... (truncated)

Commits

• b982178 release version 3.1.1
• 3f174e6 deprecate version attribute (#1256)
• 644334d deprecate version attribute
• e04fc9e enable Dependabot for Python
• 23c9199 enable Dependabot for Python, grouped updates (#1255)
• 3d932d7 enable Dependabot for Python, grouped updates
• a6085be Merge tag '3.0.x' into 3.1.x
• b24655d Merge tag '2.x' into 3.0.x
• 9d52165 pin docs build
• c8b77a8 release version 3.1.0 (#1254)
• Additional commits viewable in compare view

Updates sqlalchemy from 1.4.49 to 2.0.30

Release notes

Sourced from sqlalchemy's releases.

2.0.30

Released: May 5, 2024

orm

• [orm] [bug] Added new attribute _orm.ORMExecuteState.is_from_statement to detect statements created using _sql.Select.from_statement(), and enhanced FromStatement to set _orm.ORMExecuteState.is_select, _orm.ORMExecuteState.is_insert, _orm.ORMExecuteState.is_update, and _orm.ORMExecuteState.is_delete according to the element that is sent to the _sql.Select.from_statement() method itself.

  References: #11220

• [orm] [bug] Fixed issue in _orm.selectin_polymorphic() loader option where attributes defined with _orm.composite() on a superclass would cause an internal exception on load.

  References: #11291

• [orm] [bug] [regression] Fixed regression from 1.4 where using _orm.defaultload() in conjunction with a non-propagating loader like _orm.contains_eager() would nonetheless propagate the _orm.contains_eager() to a lazy load operation, causing incorrect queries as this option is only intended to come from an original load.

  References: #11292

• [orm] [bug] Fixed issue in ORM Annotated Declarative where typing issue where literals defined using PEP 695 type aliases would not work with inference of Enum datatypes. Pull request courtesy of Alc-Alc.

  References: #11305

• [orm] [bug] Fixed issue in _orm.selectin_polymorphic() loader option where the SELECT emitted would only accommodate for the child-most class among the result rows that were returned, leading intermediary-class attributes to be unloaded if there were no concrete instances of that intermediary-class present in the result. This issue only presented itself for multi-level inheritance hierarchies.

  References: #11327

• [orm] [bug] Fixed issue in _orm.Session.bulk_save_objects() where the form of the identity key produced when using return_defaults=True would be incorrect. This could lead to an errors during pickling as well as identity map mismatches.

... (truncated)

Commits

• See full diff in compare view

Updates alembic from 1.12.0 to 1.13.1

Release notes

Sourced from alembic's releases.

1.13.1

Released: December 20, 2023

bug

• [bug] [autogenerate] Fixed Rewriter so that more than two instances could be chained together correctly, also allowing multiple process_revision_directives callables to be chained. Pull request courtesy zrotceh.

  References: #1337

• [bug] [environment] Fixed issue where the method EnvironmentContext.get_x_argument() using the EnvironmentContext.get_x_argument.as_dictionary parameter would fail if an argument key were passed on the command line as a name alone, that is, without an equal sign = or a value. Behavior is repaired where this condition is detected and will return a blank string for the given key, consistent with the behavior where the = sign is present and no value. Pull request courtesy Iuri de Silvio.

  References: #1369

• [bug] [autogenerate] Fixed issue where the "unique" flag of an Index would not be maintained when generating downgrade migrations. Pull request courtesy Iuri de Silvio.

  References: #1370

• [bug] [versioning] Fixed bug in versioning model where a downgrade across a revision with two down revisions with one down revision depending on the other, would produce an erroneous state in the alembic_version table, making upgrades impossible without manually repairing the table. Thanks much to Saif Hakim for the great work on this.

  References: #1373

• [bug] [typing] Updated pep-484 typing to pass mypy "strict" mode, however including per-module qualifications for specific typing elements not yet complete. This allows us to catch specific typing issues that have been ongoing such as import symbols not properly exported.

  References: #1377

1.13.0

Released: December 1, 2023

changed

... (truncated)

Commits

• See full diff in compare view

Updates marshmallow-sqlalchemy from 0.29.0 to 1.0.0

Changelog

Sourced from marshmallow-sqlalchemy's changelog.

1.0.0 (2024-01-30) +++++++++++++++++++

• Remove __version__ attribute. Use feature detection or importlib.metadata.version("marshmallow-sqlalchemy") instead (:pr:568).
• Support marshmallow>=3.10.0 (:pr:566).
• Passing info={"marshmallow": ...} to SQLAlchemy columns is removed, as it is redundant with the auto_field functionality (:pr:567).
• Remove packaging as a dependency (:pr:566).
• Support Python 3.12.

0.30.0 (2024-01-07) +++++++++++++++++++

Features:

• Use Session.get() load instances to improve deserialization performance (:pr:548). Thanks :user:zippolyte for the PR.

Other changes:

• Drop support for Python 3.7, which is EOL (:pr:540).

Commits

• dc88552 Bump version and update changelog
• 1319364 Bump actions/download-artifact from 3 to 4 (#564)
• 54c6ea4 Bump sphinx-issues from 3.0.1 to 4.0.0 (#558)
• 4bccf8e Bump actions/upload-artifact from 3 to 4 (#563)
• e9963c4 Bump actions/setup-python from 4 to 5 (#562)
• 6a39fac Remove version (#568)
• f19b8e2 Remove support for info={'marshmallow': ...} (#567)
• 651aa77 Support marshmallow>=3.10.0 (#566)
• 26f4bed Dev chores (#561)
• 29ad48f Workaround pytest-lazy-fixture incompatibility (#560)
• Additional commits viewable in compare view

Updates flask-smorest from 0.41.0 to 0.44.0

Changelog

Sourced from flask-smorest's changelog.

0.44.0 (2024-02-26)

---

Features:

• Always use flask.json to serialize data (API output, ETag, API docs). Ensures a user-defined custom JSON serializer is used everywhere. (:pr:561)

0.43.0 (2024-02-12)

---

Bug fixes:

• Fix type-hint in paginate method (:pr:593). Thanks :user:jtait for the PR.

Other changes:

• Official Python 3.12 support (:pr:591). Thanks :user:goddessana for the PR.
• Require Flask>=3.0.2 and Werkzeug>=3.0.01 (:pr:604).

0.42.3 (2023-12-05)

---

Bug fixes:

• Fix OpenAPI docs to include response headers when pagination is used (:issue:578). Thanks :user:drcpu-github for the report and the PR.

0.42.2 (2023-11-09)

---

Features:

• Support Flask 3.x and werkzeug 3.x (:pr:576).

0.42.1 (2023-08-17)

---

Bug fixes:

• Fix order of path parameters extracted from Flask route (:issue:541). Thanks :user:ddorian for the report and the PR.

Other changes:

• Fix setup.py to require Flask>=2.0.1, needed since 0.42.0.

0.42.0 (2023-05-15)

... (truncated)

Commits

• 15afc94 Bump version: 0.43.0 → 0.44.0
• f2c9d8a Update CHANGELOG
• 1bb18c3 Merge pull request #561 from marshmallow-code/flask_json
• b00c8d2 [pre-commit.ci] auto fixes from pre-commit.com hooks
• ccd7d0a Always use flask.json to serialize
• 5021607 Bump pytest from 8.0.1 to 8.0.2
• cfb44bb Bump coverage from 7.4.1 to 7.4.3
• 1756e38 [pre-commit.ci] pre-commit autoupdate
• b782210 Bump pre-commit from 3.6.1 to 3.6.2
• 671d569 Bump pytest from 8.0.0 to 8.0.1
• Additional commits viewable in compare view

Updates flask-cors from 4.0.0 to 4.0.1

Release notes

Sourced from flask-cors's releases.

4.0.1

What's Changed

• Fix Read the Docs builds by @​kurtmckee in corydolphin/flask-cors#345
• Update extension.py to clean request.path before logging it by @​aneshujevic in corydolphin/flask-cors#351
• Update CI to include Python 3.12 and flask 3.0.3 by @​corydolphin in corydolphin/flask-cors#354
• Release 4.0.1 by @​corydolphin in corydolphin/flask-cors#353

New Contributors

• @​kurtmckee made their first contribution in corydolphin/flask-cors#345
• @​aneshujevic made their first contribution in corydolphin/flask-cors#351

Full Changelog: corydolphin/flask-cors@4.0.0...4.0.1

Changelog

Sourced from flask-cors's changelog.

4.0.1

Security

• Address CVE-2024-1681 which is a log injection vulnerability when the log level is set to debug by @​aneshujevic in corydolphin/flask-cors#351

Commits

• 1df178c Release 0.4.1 (#353)
• 5090b4a Update CI to include Python 3.12 and flask 3.0.3 (#354)
• 6172c20 Update extension.py to clean request.path before logging it (#351)
• cadade9 Fix Read the Docs builds (#345)
• See full diff in compare view

Updates sqlalchemy-utils from 0.41.1 to 0.41.2

Changelog

Sourced from sqlalchemy-utils's changelog.

0.41.2 (2024-03-22) ^^^^^^^^^^^^^^^^^^^

• Fix breaking change introduced on SQLAlchemy 2.0.22 changes to attributes.AttributeImpl constructor (#733)

Commits

• See full diff in compare view

Updates sqlalchemy-history from 2.0.0 to 2.1.4

Release notes

Sourced from sqlalchemy-history's releases.

v2.1.4

What's Changed

Fixes the transaction.issued_at being constant bug introduced in v2.1.3

• fix(#131): make default a callable that returns datetime by @​indiVar0508 in corridor/sqlalchemy-history#132

Full Changelog: corridor/sqlalchemy-history@v2.1.3...v2.1.4

V2.1.3

What's Changed

• fix(#121): handle join_txn_mode for version_session by @​ashish16052 in corridor/sqlalchemy-history#122
• fix(#125): handle utcnow for transaction module by @​indiVar0508 in corridor/sqlalchemy-history#126

CI FIxes

• fix(#123): add sqla matrix in poetry environment by @​indiVar0508 in corridor/sqlalchemy-history#124
• chore: minor changes to pyproject and version bump by @​indiVar0508 in corridor/sqlalchemy-history#129

New Contributors

• @​ashish16052 made their first contribution in corridor/sqlalchemy-history#122

Full Changelog: corridor/sqlalchemy-history@v2.1.2...v2.1.3

V2.1.2

What's Changed

Bug fixes

• fix(#114): properly handle association proxy by @​indiVar0508 in corridor/sqlalchemy-history#115

Internal

• chore: minor fixes in CI and project dependency by @​indiVar0508 in corridor/sqlalchemy-history#117
• chore: bump ci to to test with 3.12 by @​indiVar0508 in corridor/sqlalchemy-history#119
• chore: bump sqla-h version to v2.1.2 by @​indiVar0508 in corridor/sqlalchemy-history#120

Full Changelog: corridor/sqlalchemy-history@v2.1.1...v2.1.2

v2.1.1

What's Changed

• chore: fix documentations by @​indiVar0508 in corridor/sqlalchemy-history#111 & corridor/sqlalchemy-history#109
• fix(#106): handle generic repr if base classes are specified by @​indiVar0508 in corridor/sqlalchemy-history#108

Full Changelog: corridor/sqlalchemy-history@v2.1.0...v2.1.1

v2.1.0

What's Changed

Enhancements and Bug fixes

• Handle proxy Attribute for Versioned Class by @​indiVar0508 in corridor/sqlalchemy-history#67
• fix(#81): drop support for python3.6 by @​indiVar0508 in corridor/sqlalchemy-history#84

... (truncated)

Changelog

Sourced from sqlalchemy-history's changelog.

Changelog

Here you can see the full list of changes between each release.

Unreleased ^^^^^^^^^^

• Remove support for SQLA<2

2.1.0 (2023-11-07) ^^^^^^^^^^^^^^^^^^^

• Support sqlalchemy 2.x
• Fix issue with some columns in alembic generated migrations not setting nullable=False correctly.
• Fix issue where version table was using default and server_default when ...

  Description has been truncated