Merge branch '3.0.x'

.github/dependabot.yml

@@ -1,18 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: monthly
-    groups:
-      github-actions:
-        patterns:
-          - '*'
-  - package-ecosystem: pip
-    directory: /requirements/
-    schedule:
-      interval: monthly
-    groups:
-      python-requirements:
-        patterns:
-          - '*'

.github/workflows/publish.yaml

@@ -23,7 +23,7 @@ jobs:
       - name: generate hash
         id: hash
         run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
-      - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           path: ./dist
   provenance:

.pre-commit-config.yaml

@@ -2,7 +2,7 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.5.6
+    rev: v0.6.2
     hooks:
       - id: ruff
       - id: ruff-format

docs/config.rst

@@ -142,6 +142,12 @@ The following configuration values are used internally by Flask:
 
     Default: ``None``
 
+    .. warning::
+        If this is changed after the browser created a cookie is created with
+        one setting, it may result in another being created. Browsers may send
+        send both in an undefined order. In that case, you may want to change
+        :data:`SESSION_COOKIE_NAME` as well or otherwise invalidate old sessions.
+
     .. versionchanged:: 2.3
         Not set by default, does not fall back to ``SERVER_NAME``.
 

docs/deploying/waitress.rst

@@ -68,7 +68,7 @@ reverse proxy such as :doc:`nginx` or :doc:`apache-httpd` should be used
 in front of Waitress.
 
 You can bind to all external IPs on a non-privileged port by not
-specifying the ``--host`` option. Don't do this when using a revers
+specifying the ``--host`` option. Don't do this when using a reverse
 proxy setup, otherwise it will be possible to bypass the proxy.
 
 ``0.0.0.0`` is not a valid address to navigate to, you'd use a specific

docs/quickstart.rst

@@ -375,7 +375,7 @@ Here's a simple example of how to render a template::
     @app.route('/hello/')
     @app.route('/hello/<name>')
     def hello(name=None):
-        return render_template('hello.html', name=name)
+        return render_template('hello.html', person=name)
 
 Flask will look for templates in the :file:`templates` folder.  So if your
 application is a module, this folder is next to that module, if it's a
@@ -404,8 +404,8 @@ Here is an example template:
 
     <!doctype html>
     <title>Hello from Flask</title>
-    {% if name %}
+    {% if person %}
-      <h1>Hello {{ name }}!</h1>
+      <h1>Hello {{ person }}!</h1>
     {% else %}
       <h1>Hello, World!</h1>
     {% endif %}
@@ -419,7 +419,7 @@ know how that works, see :doc:`patterns/templateinheritance`. Basically
 template inheritance makes it possible to keep certain elements on each
 page (like header, navigation and footer).
 
-Automatic escaping is enabled, so if ``name`` contains HTML it will be escaped
+Automatic escaping is enabled, so if ``person`` contains HTML it will be escaped
 automatically.  If you can trust a variable and you know that it will be
 safe HTML (for example because it came from a module that converts wiki
 markup to HTML) you can mark it as safe by using the

pyproject.toml

@@ -113,8 +113,12 @@ select = [
     "UP",  # pyupgrade
     "W",  # pycodestyle warning
 ]
-ignore-init-module-imports = true
 
 [tool.ruff.lint.isort]
 force-single-line = true
 order-by-type = false
+
+[tool.gha-update]
+tag-only = [
+    "slsa-framework/slsa-github-generator",
+]

requirements/build.txt

@@ -6,7 +6,7 @@
 #
 build==1.2.1
     # via -r build.in
-packaging==24.0
+packaging==24.1
     # via build
-pyproject-hooks==1.0.0
+pyproject-hooks==1.1.0
     # via build

requirements/dev.txt

@@ -4,7 +4,7 @@
 #
 #    pip-compile dev.in
 #
-alabaster==0.7.16
+alabaster==1.0.0
     # via
     #   -r docs.txt
     #   sphinx
@@ -12,17 +12,17 @@ asgiref==3.8.1
     # via
     #   -r tests.txt
     #   -r typing.txt
-babel==2.14.0
+babel==2.16.0
     # via
     #   -r docs.txt
     #   sphinx
-cachetools==5.3.3
+cachetools==5.5.0
     # via tox
-certifi==2024.2.2
+certifi==2024.7.4
     # via
     #   -r docs.txt
     #   requests
-cffi==1.16.0
+cffi==1.17.0
     # via
     #   -r typing.txt
     #   cryptography
@@ -36,22 +36,22 @@ charset-normalizer==3.3.2
     #   requests
 colorama==0.4.6
     # via tox
-cryptography==42.0.8
+cryptography==43.0.0
     # via -r typing.txt
 distlib==0.3.8
     # via virtualenv
-docutils==0.20.1
+docutils==0.21.2
     # via
     #   -r docs.txt
     #   sphinx
     #   sphinx-tabs
-filelock==3.13.3
+filelock==3.15.4
     # via
     #   tox
     #   virtualenv
-identify==2.5.35
+identify==2.6.0
     # via pre-commit
-idna==3.6
+idna==3.8
     # via
     #   -r docs.txt
     #   requests
@@ -64,7 +64,7 @@ iniconfig==2.0.0
     #   -r tests.txt
     #   -r typing.txt
     #   pytest
-jinja2==3.1.3
+jinja2==3.1.4
     # via
     #   -r docs.txt
     #   sphinx
@@ -72,18 +72,18 @@ markupsafe==2.1.5
     # via
     #   -r docs.txt
     #   jinja2
-mypy==1.10.1
+mypy==1.11.1
     # via -r typing.txt
 mypy-extensions==1.0.0
     # via
     #   -r typing.txt
     #   mypy
-nodeenv==1.8.0
+nodeenv==1.9.1
     # via
     #   -r typing.txt
     #   pre-commit
     #   pyright
-packaging==24.0
+packaging==24.1
     # via
     #   -r docs.txt
     #   -r tests.txt
@@ -95,7 +95,7 @@ packaging==24.0
     #   tox
 pallets-sphinx-themes==2.1.3
     # via -r docs.txt
-platformdirs==4.2.0
+platformdirs==4.2.2
     # via
     #   tox
     #   virtualenv
@@ -105,22 +105,22 @@ pluggy==1.5.0
     #   -r typing.txt
     #   pytest
     #   tox
-pre-commit==3.7.1
+pre-commit==3.8.0
     # via -r dev.in
 pycparser==2.22
     # via
     #   -r typing.txt
     #   cffi
-pygments==2.17.2
+pygments==2.18.0
     # via
     #   -r docs.txt
     #   sphinx
     #   sphinx-tabs
-pyproject-api==1.6.1
+pyproject-api==1.7.1
     # via tox
-pyright==1.1.369
+pyright==1.1.377
     # via -r typing.txt
-pytest==8.2.2
+pytest==8.3.2
     # via
     #   -r tests.txt
     #   -r typing.txt
@@ -128,9 +128,9 @@ python-dotenv==1.0.1
     # via
     #   -r tests.txt
     #   -r typing.txt
-pyyaml==6.0.1
+pyyaml==6.0.2
     # via pre-commit
-requests==2.31.0
+requests==2.32.3
     # via
     #   -r docs.txt
     #   sphinx
@@ -138,7 +138,7 @@ snowballstemmer==2.2.0
     # via
     #   -r docs.txt
     #   sphinx
-sphinx==7.3.7
+sphinx==8.0.2
     # via
     #   -r docs.txt
     #   pallets-sphinx-themes
@@ -146,15 +146,15 @@ sphinx==7.3.7
     #   sphinxcontrib-log-cabinet
 sphinx-tabs==3.4.5
     # via -r docs.txt
-sphinxcontrib-applehelp==1.0.8
+sphinxcontrib-applehelp==2.0.0
     # via
     #   -r docs.txt
     #   sphinx
-sphinxcontrib-devhelp==1.0.6
+sphinxcontrib-devhelp==2.0.0
     # via
     #   -r docs.txt
     #   sphinx
-sphinxcontrib-htmlhelp==2.0.5
+sphinxcontrib-htmlhelp==2.1.0
     # via
     #   -r docs.txt
     #   sphinx
@@ -164,32 +164,29 @@ sphinxcontrib-jsmath==1.0.1
     #   sphinx
 sphinxcontrib-log-cabinet==1.0.1
     # via -r docs.txt
-sphinxcontrib-qthelp==1.0.7
+sphinxcontrib-qthelp==2.0.0
     # via
     #   -r docs.txt
     #   sphinx
-sphinxcontrib-serializinghtml==1.1.10
+sphinxcontrib-serializinghtml==2.0.0
     # via
     #   -r docs.txt
     #   sphinx
-tox==4.15.1
+tox==4.18.0
     # via -r dev.in
 types-contextvars==2.4.7.3
     # via -r typing.txt
 types-dataclasses==0.6.6
     # via -r typing.txt
-typing-extensions==4.11.0
+typing-extensions==4.12.2
     # via
     #   -r typing.txt
     #   mypy
-urllib3==2.2.1
+urllib3==2.2.2
     # via
     #   -r docs.txt
     #   requests
-virtualenv==20.25.1
+virtualenv==20.26.3
     # via
     #   pre-commit
     #   tox
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools

requirements/docs.txt

@@ -4,41 +4,41 @@
 #
 #    pip-compile docs.in
 #
-alabaster==0.7.16
+alabaster==1.0.0
     # via sphinx
-babel==2.14.0
+babel==2.16.0
     # via sphinx
-certifi==2024.2.2
+certifi==2024.7.4
     # via requests
 charset-normalizer==3.3.2
     # via requests
-docutils==0.20.1
+docutils==0.21.2
     # via
     #   sphinx
     #   sphinx-tabs
-idna==3.6
+idna==3.8
     # via requests
 imagesize==1.4.1
     # via sphinx
-jinja2==3.1.3
+jinja2==3.1.4
     # via sphinx
 markupsafe==2.1.5
     # via jinja2
-packaging==24.0
+packaging==24.1
     # via
     #   pallets-sphinx-themes
     #   sphinx
 pallets-sphinx-themes==2.1.3
     # via -r docs.in
-pygments==2.17.2
+pygments==2.18.0
     # via
     #   sphinx
     #   sphinx-tabs
-requests==2.31.0
+requests==2.32.3
     # via sphinx
 snowballstemmer==2.2.0
     # via sphinx
-sphinx==7.3.7
+sphinx==8.0.2
     # via
     #   -r docs.in
     #   pallets-sphinx-themes
@@ -46,19 +46,19 @@ sphinx==7.3.7
     #   sphinxcontrib-log-cabinet
 sphinx-tabs==3.4.5
     # via -r docs.in
-sphinxcontrib-applehelp==1.0.8
+sphinxcontrib-applehelp==2.0.0
     # via sphinx
-sphinxcontrib-devhelp==1.0.6
+sphinxcontrib-devhelp==2.0.0
     # via sphinx
-sphinxcontrib-htmlhelp==2.0.5
+sphinxcontrib-htmlhelp==2.1.0
     # via sphinx
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
 sphinxcontrib-log-cabinet==1.0.1
     # via -r docs.in
-sphinxcontrib-qthelp==1.0.7
+sphinxcontrib-qthelp==2.0.0
     # via sphinx
-sphinxcontrib-serializinghtml==1.1.10
+sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
-urllib3==2.2.1
+urllib3==2.2.2
     # via requests

requirements/tests.txt

@@ -8,11 +8,11 @@ asgiref==3.8.1
     # via -r tests.in
 iniconfig==2.0.0
     # via pytest
-packaging==24.0
+packaging==24.1
     # via pytest
 pluggy==1.5.0
     # via pytest
-pytest==8.2.2
+pytest==8.3.2
     # via -r tests.in
 python-dotenv==1.0.1
     # via -r tests.in

requirements/typing.txt

@@ -6,27 +6,27 @@
 #
 asgiref==3.8.1
     # via -r typing.in
-cffi==1.16.0
+cffi==1.17.0
     # via cryptography
-cryptography==42.0.8
+cryptography==43.0.0
     # via -r typing.in
 iniconfig==2.0.0
     # via pytest
-mypy==1.10.1
+mypy==1.11.1
     # via -r typing.in
 mypy-extensions==1.0.0
     # via mypy
-nodeenv==1.8.0
+nodeenv==1.9.1
     # via pyright
-packaging==24.0
+packaging==24.1
     # via pytest
 pluggy==1.5.0
     # via pytest
 pycparser==2.22
     # via cffi
-pyright==1.1.369
+pyright==1.1.377
     # via -r typing.in
-pytest==8.2.2
+pytest==8.3.2
     # via -r typing.in
 python-dotenv==1.0.1
     # via -r typing.in
@@ -34,8 +34,5 @@ types-contextvars==2.4.7.3
     # via -r typing.in
 types-dataclasses==0.6.6
     # via -r typing.in
-typing-extensions==4.11.0
+typing-extensions==4.12.2
     # via mypy
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools

src/flask/helpers.py

@@ -47,9 +47,21 @@ def get_load_dotenv(default: bool = True) -> bool:
     return val.lower() in ("0", "false", "no")
 
 
+@t.overload
+def stream_with_context(
+    generator_or_function: t.Iterator[t.AnyStr],
+) -> t.Iterator[t.AnyStr]: ...
+
+
+@t.overload
+def stream_with_context(
+    generator_or_function: t.Callable[..., t.Iterator[t.AnyStr]],
+) -> t.Callable[[t.Iterator[t.AnyStr]], t.Iterator[t.AnyStr]]: ...
+
+
 def stream_with_context(
     generator_or_function: t.Iterator[t.AnyStr] | t.Callable[..., t.Iterator[t.AnyStr]],
-) -> t.Iterator[t.AnyStr]:
+) -> t.Iterator[t.AnyStr] | t.Callable[[t.Iterator[t.AnyStr]], t.Iterator[t.AnyStr]]:
     """Request contexts disappear when the response is started on the server.
     This is done for efficiency reasons and to make it less likely to encounter
     memory leaks with badly written WSGI middlewares.  The downside is that if

src/flask/json/provider.py

@@ -113,7 +113,7 @@ def _default(o: t.Any) -> t.Any:
         return str(o)
 
     if dataclasses and dataclasses.is_dataclass(o):
-        return dataclasses.asdict(o)
+        return dataclasses.asdict(o)  # type: ignore[call-overload]
 
     if hasattr(o, "__html__"):
         return str(o.__html__())

src/flask/sansio/app.py

@@ -291,7 +291,7 @@ class App(Scaffold):
         instance_path: str | None = None,
         instance_relative_config: bool = False,
         root_path: str | None = None,
-    ):
+    ) -> None:
         super().__init__(
             import_name=import_name,
             static_folder=static_folder,

tox.ini

@@ -34,16 +34,26 @@ commands = mypy
 deps = -r requirements/docs.txt
 commands = sphinx-build -E -W -b dirhtml docs docs/_build/dirhtml
 
+[testenv:update-actions]
+labels = update
+deps = gha-update
+commands = gha-update
+
+[testenv:update-pre_commit]
+labels = update
+deps = pre-commit
+skip_install = true
+commands = pre-commit autoupdate -j4
+
 [testenv:update-requirements]
-deps =
+base_python = 3.12
-    pip-tools
+labels = update
-    pre-commit
+deps = pip-tools
 skip_install = true
 change_dir = requirements
 commands =
-    pre-commit autoupdate -j4
+    pip-compile build.in -q {posargs:-U}
-    pip-compile -U build.in
+    pip-compile docs.in -q {posargs:-U}
-    pip-compile -U docs.in
+    pip-compile tests.in -q {posargs:-U}
-    pip-compile -U tests.in
+    pip-compile typing.in -q {posargs:-U}
-    pip-compile -U typing.in
+    pip-compile dev.in -q {posargs:-U}
-    pip-compile -U dev.in