Merge branch '2.2.x'

.pre-commit-config.yaml

@@ -3,35 +3,34 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.37.3
+    rev: v3.2.2
     hooks:
       - id: pyupgrade
-        args: ["--py36-plus"]
+        args: ["--py37-plus"]
   - repo: https://github.com/asottile/reorder_python_imports
-    rev: v3.8.2
+    rev: v3.9.0
     hooks:
       - id: reorder-python-imports
         name: Reorder Python imports (src, tests)
         files: "^(?!examples/)"
         args: ["--application-directories", "src"]
-        additional_dependencies: ["setuptools>60.9"]
   - repo: https://github.com/psf/black
-    rev: 22.8.0
+    rev: 22.10.0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
-    rev: 5.0.4
+    rev: 6.0.0
     hooks:
       - id: flake8
         additional_dependencies:
           - flake8-bugbear
           - flake8-implicit-str-concat
   - repo: https://github.com/peterdemin/pip-compile-multi
-    rev: v2.4.6
+    rev: v2.6.1
     hooks:
       - id: pip-compile-multi-verify
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: fix-byte-order-marker
       - id: trailing-whitespace

docs/api.rst

@@ -3,7 +3,7 @@ API
 
 .. module:: flask
 
-This part of the documentation covers all the interfaces of Flask.  For
+This part of the documentation covers all the interfaces of Flask. For
 parts where Flask depends on external libraries, we document the most
 important right here and provide links to the canonical documentation.
 
@@ -34,12 +34,12 @@ Incoming Request Data
 .. attribute:: request
 
    To access incoming request data, you can use the global `request`
-   object.  Flask parses incoming request data for you and gives you
+   object. Flask parses incoming request data for you and gives you
-   access to it through that global object.  Internally Flask makes
+   access to it through that global object. Internally Flask makes
    sure that you always get the correct data for the active thread if you
    are in a multithreaded environment.
 
-   This is a proxy.  See :ref:`notes-on-proxies` for more information.
+   This is a proxy. See :ref:`notes-on-proxies` for more information.
 
    The request object is an instance of a :class:`~flask.Request`.
 
@@ -69,7 +69,7 @@ To access the current session you can use the :class:`session` object:
    The session object works pretty much like an ordinary dict, with the
    difference that it keeps track of modifications.
 
-   This is a proxy.  See :ref:`notes-on-proxies` for more information.
+   This is a proxy. See :ref:`notes-on-proxies` for more information.
 
    The following attributes are interesting:
 
@@ -79,10 +79,10 @@ To access the current session you can use the :class:`session` object:
 
    .. attribute:: modified
 
-      ``True`` if the session object detected a modification.  Be advised
+      ``True`` if the session object detected a modification. Be advised
       that modifications on mutable structures are not picked up
       automatically, in that situation you have to explicitly set the
-      attribute to ``True`` yourself.  Here an example::
+      attribute to ``True`` yourself. Here an example::
 
           # this change is not picked up because a mutable object (here
           # a list) is changed.
@@ -93,8 +93,8 @@ To access the current session you can use the :class:`session` object:
    .. attribute:: permanent
 
       If set to ``True`` the session lives for
-      :attr:`~flask.Flask.permanent_session_lifetime` seconds.  The
+      :attr:`~flask.Flask.permanent_session_lifetime` seconds. The
-      default is 31 days.  If set to ``False`` (which is the default) the
+      default is 31 days. If set to ``False`` (which is the default) the
       session will be deleted when the user closes the browser.
 
 
@@ -155,9 +155,9 @@ Application Globals
 
 To share data that is valid for one request only from one function to
 another, a global variable is not good enough because it would break in
-threaded environments.  Flask provides you with a special object that
+threaded environments. Flask provides you with a special object that
 ensures it is only valid for the active request and that will return
-different values for each request.  In a nutshell: it does the right
+different values for each request. In a nutshell: it does the right
 thing, like it does for :class:`request` and :class:`session`.
 
 .. data:: g
@@ -347,14 +347,14 @@ Signals
 
 .. data:: signals.signals_available
 
-   ``True`` if the signaling system is available.  This is the case
+   ``True`` if the signaling system is available. This is the case
    when `blinker`_ is installed.
 
 The following signals exist in Flask:
 
 .. data:: template_rendered
 
-   This signal is sent when a template was successfully rendered.  The
+   This signal is sent when a template was successfully rendered. The
    signal is invoked with the instance of the template as `template`
    and the context as dictionary (named `context`).
 
@@ -388,7 +388,7 @@ The following signals exist in Flask:
 .. data:: request_started
 
    This signal is sent when the request context is set up, before
-   any request processing happens.  Because the request context is already
+   any request processing happens. Because the request context is already
    bound, the subscriber can access the request with the standard global
    proxies such as :class:`~flask.request`.
 
@@ -408,7 +408,7 @@ The following signals exist in Flask:
    Example subscriber::
 
         def log_response(sender, response, **extra):
-            sender.logger.debug('Request context is about to close down.  '
+            sender.logger.debug('Request context is about to close down. '
                                 'Response: %s', response)
 
         from flask import request_finished
@@ -445,8 +445,8 @@ The following signals exist in Flask:
 
 .. data:: request_tearing_down
 
-   This signal is sent when the request is tearing down.  This is always
+   This signal is sent when the request is tearing down. This is always
-   called, even if an exception is caused.  Currently functions listening
+   called, even if an exception is caused. Currently functions listening
    to this signal are called after the regular teardown handlers, but this
    is not something you can rely on.
 
@@ -464,8 +464,8 @@ The following signals exist in Flask:
 
 .. data:: appcontext_tearing_down
 
-   This signal is sent when the app context is tearing down.  This is always
+   This signal is sent when the app context is tearing down. This is always
-   called, even if an exception is caused.  Currently functions listening
+   called, even if an exception is caused. Currently functions listening
    to this signal are called after the regular teardown handlers, but this
    is not something you can rely on.
 
@@ -482,9 +482,9 @@ The following signals exist in Flask:
 
 .. data:: appcontext_pushed
 
-   This signal is sent when an application context is pushed.  The sender
+   This signal is sent when an application context is pushed. The sender
-   is the application.  This is usually useful for unittests in order to
+   is the application. This is usually useful for unittests in order to
-   temporarily hook in information.  For instance it can be used to
+   temporarily hook in information. For instance it can be used to
    set a resource early onto the `g` object.
 
    Example usage::
@@ -511,8 +511,8 @@ The following signals exist in Flask:
 
 .. data:: appcontext_popped
 
-   This signal is sent when an application context is popped.  The sender
+   This signal is sent when an application context is popped. The sender
-   is the application.  This usually falls in line with the
+   is the application. This usually falls in line with the
    :data:`appcontext_tearing_down` signal.
 
    .. versionadded:: 0.10
@@ -520,7 +520,7 @@ The following signals exist in Flask:
 
 .. data:: message_flashed
 
-   This signal is sent when the application is flashing a message.  The
+   This signal is sent when the application is flashing a message. The
    messages is sent as `message` keyword argument and the category as
    `category`.
 
@@ -538,7 +538,7 @@ The following signals exist in Flask:
 .. class:: signals.Namespace
 
    An alias for :class:`blinker.base.Namespace` if blinker is available,
-   otherwise a dummy class that creates fake signals.  This class is
+   otherwise a dummy class that creates fake signals. This class is
    available for Flask extensions that want to provide the same fallback
    system as Flask itself.
 
@@ -579,7 +579,7 @@ Generally there are three ways to define rules for the routing system:
     which is exposed as :attr:`flask.Flask.url_map`.
 
 Variable parts in the route can be specified with angular brackets
-(``/user/<username>``).  By default a variable part in the URL accepts any
+(``/user/<username>``). By default a variable part in the URL accepts any
 string without a slash however a different converter can be specified as
 well by using ``<converter:name>``.
 
@@ -613,7 +613,7 @@ Here are some examples::
         pass
 
 An important detail to keep in mind is how Flask deals with trailing
-slashes.  The idea is to keep each URL unique so the following rules
+slashes. The idea is to keep each URL unique so the following rules
 apply:
 
 1. If a rule ends with a slash and is requested without a slash by the
@@ -622,11 +622,11 @@ apply:
 2. If a rule does not end with a trailing slash and the user requests the
    page with a trailing slash, a 404 not found is raised.
 
-This is consistent with how web servers deal with static files.  This
+This is consistent with how web servers deal with static files. This
 also makes it possible to use relative link targets safely.
 
-You can also define multiple rules for the same function.  They have to be
+You can also define multiple rules for the same function. They have to be
-unique however.  Defaults can also be specified.  Here for example is a
+unique however. Defaults can also be specified. Here for example is a
 definition for a URL that accepts an optional page::
 
     @app.route('/users/', defaults={'page': 1})
@@ -649,33 +649,33 @@ can't preserve form data. ::
       pass
 
 Here are the parameters that :meth:`~flask.Flask.route` and
-:meth:`~flask.Flask.add_url_rule` accept.  The only difference is that
+:meth:`~flask.Flask.add_url_rule` accept. The only difference is that
 with the route parameter the view function is defined with the decorator
 instead of the `view_func` parameter.
 
 =============== ==========================================================
 `rule`          the URL rule as string
-`endpoint`      the endpoint for the registered URL rule.  Flask itself
+`endpoint`      the endpoint for the registered URL rule. Flask itself
                 assumes that the name of the view function is the name
                 of the endpoint if not explicitly stated.
 `view_func`     the function to call when serving a request to the
-                provided endpoint.  If this is not provided one can
+                provided endpoint. If this is not provided one can
                 specify the function later by storing it in the
                 :attr:`~flask.Flask.view_functions` dictionary with the
                 endpoint as key.
-`defaults`      A dictionary with defaults for this rule.  See the
+`defaults`      A dictionary with defaults for this rule. See the
                 example above for how defaults work.
 `subdomain`     specifies the rule for the subdomain in case subdomain
-                matching is in use.  If not specified the default
+                matching is in use. If not specified the default
                 subdomain is assumed.
 `**options`     the options to be forwarded to the underlying
-                :class:`~werkzeug.routing.Rule` object.  A change to
+                :class:`~werkzeug.routing.Rule` object. A change to
-                Werkzeug is handling of method options.  methods is a list
+                Werkzeug is handling of method options. methods is a list
                 of methods this rule should be limited to (``GET``, ``POST``
-                etc.).  By default a rule just listens for ``GET`` (and
+                etc.). By default a rule just listens for ``GET`` (and
-                implicitly ``HEAD``).  Starting with Flask 0.6, ``OPTIONS`` is
+                implicitly ``HEAD``). Starting with Flask 0.6, ``OPTIONS`` is
                 implicitly added and handled by the standard request
-                handling.  They have to be specified as keyword arguments.
+                handling. They have to be specified as keyword arguments.
 =============== ==========================================================
 
 
@@ -687,19 +687,19 @@ customize behavior the view function would normally not have control over.
 The following attributes can be provided optionally to either override
 some defaults to :meth:`~flask.Flask.add_url_rule` or general behavior:
 
--   `__name__`: The name of a function is by default used as endpoint.  If
+-   `__name__`: The name of a function is by default used as endpoint. If
-    endpoint is provided explicitly this value is used.  Additionally this
+    endpoint is provided explicitly this value is used. Additionally this
     will be prefixed with the name of the blueprint by default which
     cannot be customized from the function itself.
 
 -   `methods`: If methods are not provided when the URL rule is added,
     Flask will look on the view function object itself if a `methods`
-    attribute exists.  If it does, it will pull the information for the
+    attribute exists. If it does, it will pull the information for the
     methods from there.
 
 -   `provide_automatic_options`: if this attribute is set Flask will
     either force enable or disable the automatic implementation of the
-    HTTP ``OPTIONS`` response.  This can be useful when working with
+    HTTP ``OPTIONS`` response. This can be useful when working with
     decorators that want to customize the ``OPTIONS`` response on a per-view
     basis.
 

requirements/dev.txt

@@ -8,7 +8,7 @@
 -r docs.txt
 -r tests.txt
 -r typing.txt
-build==0.8.0
+build==0.9.0
     # via pip-tools
 cfgv==3.3.1
     # via pre-commit
@@ -22,20 +22,22 @@ filelock==3.8.0
     # via
     #   tox
     #   virtualenv
-identify==2.5.5
+identify==2.5.9
     # via pre-commit
 nodeenv==1.7.0
     # via pre-commit
 pep517==0.13.0
     # via build
-pip-compile-multi==2.4.6
+pip-compile-multi==2.6.1
     # via -r requirements/dev.in
-pip-tools==6.8.0
+pip-tools==6.10.0
     # via pip-compile-multi
-platformdirs==2.5.2
+platformdirs==2.5.4
     # via virtualenv
 pre-commit==2.20.0
     # via -r requirements/dev.in
+py==1.11.0
+    # via tox
 pyyaml==6.0
     # via pre-commit
 six==1.16.0
@@ -44,13 +46,13 @@ toml==0.10.2
     # via pre-commit
 toposort==1.7
     # via pip-compile-multi
-tox==3.26.0
+tox==3.27.1
     # via -r requirements/dev.in
-virtualenv==20.16.5
+virtualenv==20.16.7
     # via
     #   pre-commit
     #   tox
-wheel==0.37.1
+wheel==0.38.4
     # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:

requirements/docs.txt

@@ -7,9 +7,9 @@
 #
 alabaster==0.7.12
     # via sphinx
-babel==2.10.3
+babel==2.11.0
     # via sphinx
-certifi==2022.6.15.1
+certifi==2022.9.24
     # via requests
 charset-normalizer==2.1.1
     # via requests
@@ -17,7 +17,7 @@ docutils==0.17.1
     # via
     #   sphinx
     #   sphinx-tabs
-idna==3.3
+idna==3.4
     # via requests
 imagesize==1.4.1
     # via sphinx
@@ -37,7 +37,7 @@ pygments==2.13.0
     #   sphinx-tabs
 pyparsing==3.0.9
     # via packaging
-pytz==2022.2.1
+pytz==2022.6
     # via babel
 requests==2.28.1
     # via sphinx
@@ -68,5 +68,5 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
-urllib3==1.26.12
+urllib3==1.26.13
     # via requests

requirements/tests.txt

@@ -11,21 +11,15 @@ attrs==22.1.0
     # via pytest
 blinker==1.5
     # via -r requirements/tests.in
-greenlet==1.1.3 ; python_version < "3.11"
-    # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest
 packaging==21.3
     # via pytest
 pluggy==1.0.0
     # via pytest
-py==1.11.0
-    # via pytest
 pyparsing==3.0.9
     # via packaging
-pytest==7.1.3
+pytest==7.2.0
     # via -r requirements/tests.in
 python-dotenv==0.21.0
     # via -r requirements/tests.in
-tomli==2.0.1
-    # via pytest

requirements/typing.txt

@@ -7,21 +7,19 @@
 #
 cffi==1.15.1
     # via cryptography
-cryptography==38.0.1
+cryptography==38.0.3
     # via -r requirements/typing.in
-mypy==0.971
+mypy==0.991
     # via -r requirements/typing.in
 mypy-extensions==0.4.3
     # via mypy
 pycparser==2.21
     # via cffi
-tomli==2.0.1
-    # via mypy
 types-contextvars==2.4.7
     # via -r requirements/typing.in
 types-dataclasses==0.6.6
     # via -r requirements/typing.in
-types-setuptools==65.3.0
+types-setuptools==65.6.0.1
     # via -r requirements/typing.in
-typing-extensions==4.3.0
+typing-extensions==4.4.0
     # via mypy

src/flask/app.py

@@ -384,7 +384,7 @@ class Flask(Scaffold):
     _json_decoder: t.Union[t.Type[json.JSONDecoder], None] = None
 
     @property  # type: ignore[override]
-    def json_encoder(self) -> t.Type[json.JSONEncoder]:  # type: ignore[override]
+    def json_encoder(self) -> t.Type[json.JSONEncoder]:
         """The JSON encoder class to use. Defaults to
         :class:`~flask.json.JSONEncoder`.
 
@@ -423,7 +423,7 @@ class Flask(Scaffold):
         self._json_encoder = value
 
     @property  # type: ignore[override]
-    def json_decoder(self) -> t.Type[json.JSONDecoder]:  # type: ignore[override]
+    def json_decoder(self) -> t.Type[json.JSONDecoder]:
         """The JSON decoder class to use. Defaults to
         :class:`~flask.json.JSONDecoder`.
 

src/flask/blueprints.py

@@ -176,8 +176,8 @@ class Blueprint(Scaffold):
     _json_encoder: t.Union[t.Type[json.JSONEncoder], None] = None
     _json_decoder: t.Union[t.Type[json.JSONDecoder], None] = None
 
-    @property  # type: ignore[override]
+    @property
-    def json_encoder(  # type: ignore[override]
+    def json_encoder(
         self,
     ) -> t.Union[t.Type[json.JSONEncoder], None]:
         """Blueprint-local JSON encoder class to use. Set to ``None`` to use the app's.
@@ -210,8 +210,8 @@ class Blueprint(Scaffold):
         )
         self._json_encoder = value
 
-    @property  # type: ignore[override]
+    @property
-    def json_decoder(  # type: ignore[override]
+    def json_decoder(
         self,
     ) -> t.Union[t.Type[json.JSONDecoder], None]:
         """Blueprint-local JSON decoder class to use. Set to ``None`` to use the app's.

src/flask/ctx.py

@@ -307,7 +307,7 @@ class RequestContext:
         self.app = app
         if request is None:
             request = app.request_class(environ)
-            request.json_module = app.json  # type: ignore[misc]
+            request.json_module = app.json
         self.request: Request = request
         self.url_adapter = None
         try:

src/flask/helpers.py

@@ -149,7 +149,7 @@ def stream_with_context(
                 yield from gen
             finally:
                 if hasattr(gen, "close"):
-                    gen.close()  # type: ignore
+                    gen.close()
 
     # The trick is to start the generator.  Then the code execution runs until
     # the first dummy None is yielded at which point the context was already
@@ -287,7 +287,7 @@ def redirect(
     return _wz_redirect(location, code=code, Response=Response)
 
 
-def abort(  # type: ignore[misc]
+def abort(
     code: t.Union[int, "BaseResponse"], *args: t.Any, **kwargs: t.Any
 ) -> "te.NoReturn":
     """Raise an :exc:`~werkzeug.exceptions.HTTPException` for the given
@@ -617,7 +617,7 @@ def get_root_path(import_name: str) -> str:
         return os.getcwd()
 
     if hasattr(loader, "get_filename"):
-        filepath = loader.get_filename(import_name)  # type: ignore
+        filepath = loader.get_filename(import_name)
     else:
         # Fall back to imports.
         __import__(import_name)

src/flask/testing.py

@@ -225,7 +225,7 @@ class FlaskClient(Client):
             buffered=buffered,
             follow_redirects=follow_redirects,
         )
-        response.json_module = self.application.json  # type: ignore[misc]
+        response.json_module = self.application.json  # type: ignore[assignment]
 
         # Re-push contexts that were preserved during the request.
         while self._new_contexts:

src/flask/wrappers.py

@@ -25,7 +25,7 @@ class Request(RequestBase):
     specific ones.
     """
 
-    json_module = json
+    json_module: t.Any = json
 
     #: The internal URL rule that matched the request.  This can be
     #: useful to inspect which methods are allowed for the URL from

tests/typing/typing_app_decorators.py

@@ -10,12 +10,12 @@ app = Flask(__name__)
 
 @app.after_request
 def after_sync(response: Response) -> Response:
-    ...
+    return Response()
 
 
 @app.after_request
 async def after_async(response: Response) -> Response:
-    ...
+    return Response()
 
 
 @app.before_request