chore(deps): update dependency flask to v3

[rhtap-qe-app]

This PR contains the following updates:

Package	Change	Age	Confidence
Flask (changelog)	==2.1.0 -> ==3.1.2

---

Release Notes

pallets/flask (Flask)

v3.1.2

Compare Source

Released 2025-08-19

• stream_with_context does not fail inside async views. :issue:5774
• When using follow_redirects in the test client, the final state
  of session is correct. :issue:5786
• Relax type hint for passing bytes IO to send_file. :issue:5776

v3.1.1

Compare Source

Released 2025-05-13

• Fix signing key selection order when key rotation is enabled via
  SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
• Fix type hint for cli_runner.invoke. :issue:5645
• flask --help loads the app and plugins first to make sure all commands
  are shown. :issue:5673
• Mark sans-io base class as being able to handle views that return
  AsyncIterable. This is not accurate for Flask, but makes typing easier
  for Quart. :pr:5659

v3.1.0

Compare Source

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases.
  Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option
  responses. :pr:5496
• Flask.open_resource/open_instance_resource and
  Blueprint.open_resource take an encoding parameter to use when
  opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only
  through the MAX_CONTENT_LENGTH config. Added
  MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
  about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the
  SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files.
  load_dotenv loads default files in addition to a path unless
  load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
  secret keys that can still be used for unsigning. Extensions will need to
  add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False
  interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
  requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through
  the TRUSTED_HOSTS config. :issue:5636

v3.0.3

Compare Source

Released 2024-04-07

• The default hashlib.sha1 may not be available in FIPS builds. Don't
  access it at import time so the developer has time to change the default.
  :issue:5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in
  the Flask concrete class. :pr:5270

v3.0.2

Compare Source

Released 2024-02-03

• Correct type for jinja_loader property. :issue:5388
• Fix error with --extra-files and --exclude-patterns CLI options.
  :issue:5391

v3.0.1

Compare Source

Released 2024-01-18

• Correct type for path argument to send_file. :issue:5336
• Fix a typo in an error message for the flask run --key option. :pr:5344
• Session data is untagged without relying on the built-in json.loads
object_hook. This allows other JSON providers that don't implement that.
  :issue:5381
• Address more type findings when using mypy strict mode. :pr:5383

v3.0.0

Compare Source

Released 2023-09-30

• Remove previously deprecated code. :pr:5223
• Deprecate the __version__ attribute. Use feature detection, or
  importlib.metadata.version("flask"), instead. :issue:5230
• Restructure the code such that the Flask (app) and Blueprint
  classes have Sans-IO bases. :pr:5127
• Allow self as an argument to url_for. :pr:5264
• Require Werkzeug >= 3.0.0.

v2.3.3

Compare Source

Released 2023-08-21

• Python 3.12 compatibility.
• Require Werkzeug >= 2.3.7.
• Use flit_core instead of setuptools as build backend.
• Refactor how an app's root and instance paths are determined. :issue:5160

v2.3.2

Compare Source

Released 2023-05-01

• Set Vary: Cookie header when the session is accessed, modified, or refreshed.
• Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.
  :ghsa:m2qf-hxjv-5gpq

v2.3.1

Compare Source

Released 2023-04-25

• Restore deprecated from flask import Markup. :issue:5084

v2.3.0

Compare Source

Released 2023-04-25

• Drop support for Python 3.7. :pr:5072

• Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
  itsdangerous>=2.1.2, click>=8.1.3.

• Remove previously deprecated code. :pr:4995

  • The push and pop methods of the deprecated _app_ctx_stack and
    _request_ctx_stack objects are removed. top still exists to give
    extensions more time to update, but it will be removed.
  • The FLASK_ENV environment variable, ENV config key, and app.env
    property are removed.
  • The session_cookie_name, send_file_max_age_default, use_x_sendfile,
    propagate_exceptions, and templates_auto_reload properties on app
    are removed.
  • The JSON_AS_ASCII, JSON_SORT_KEYS, JSONIFY_MIMETYPE, and
    JSONIFY_PRETTYPRINT_REGULAR config keys are removed.
  • The app.before_first_request and bp.before_app_first_request decorators
    are removed.
  • json_encoder and json_decoder attributes on app and blueprint, and the
    corresponding json.JSONEncoder and JSONDecoder classes, are removed.
  • The json.htmlsafe_dumps and htmlsafe_dump functions are removed.
  • Calling setup methods on blueprints after registration is an error instead of a
    warning. :pr:4997

• Importing escape and Markup from flask is deprecated. Import them
  directly from markupsafe instead. :pr:4996

• The app.got_first_request property is deprecated. :pr:4997

• The locked_cached_property decorator is deprecated. Use a lock inside the
  decorated function if locking is needed. :issue:4993

• Signals are always available. blinker>=1.6.2 is a required dependency. The
  signals_available attribute is deprecated. :issue:5056

• Signals support async subscriber functions. :pr:5049

• Remove uses of locks that could cause requests to block each other very briefly.
  :issue:4993

• Use modern packaging metadata with pyproject.toml instead of setup.cfg.
  :pr:4947

• Ensure subdomains are applied with nested blueprints. :issue:4834

• config.from_file can use text=False to indicate that the parser wants a
  binary file instead. :issue:4989

• If a blueprint is created with an empty name it raises a ValueError.
  :issue:5010

• SESSION_COOKIE_DOMAIN does not fall back to SERVER_NAME. The default is not
  to set the domain, which modern browsers interpret as an exact match rather than
  a subdomain match. Warnings about localhost and IP addresses are also removed.
  :issue:5051

• The routes command shows each rule's subdomain or host when domain
  matching is in use. :issue:5004

• Use postponed evaluation of annotations. :pr:5071

v2.2.5

Compare Source

Released 2023-05-02

• Update for compatibility with Werkzeug 2.3.3.
• Set Vary: Cookie header when the session is accessed, modified, or refreshed.

v2.2.4

Compare Source

Released 2023-04-25

• Update for compatibility with Werkzeug 2.3.

v2.2.3

Compare Source

Released 2023-02-15

• Autoescape is enabled by default for .svg template files. :issue:4831
• Fix the type of template_folder to accept pathlib.Path. :issue:4892
• Add --debug option to the flask run command. :issue:4777

v2.2.2

Compare Source

Released 2022-08-08

• Update Werkzeug dependency to >= 2.2.2. This includes fixes related
  to the new faster router, header parsing, and the development
  server. :pr:4754
• Fix the default value for app.env to be "production". This
  attribute remains deprecated. :issue:4740

v2.2.1

Compare Source

Released 2022-08-03

• Setting or accessing json_encoder or json_decoder raises a
  deprecation warning. :issue:4732

v2.2.0

Compare Source

Released 2022-08-01

• Remove previously deprecated code. :pr:4667

  • Old names for some send_file parameters have been removed.
    download_name replaces attachment_filename, max_age
    replaces cache_timeout, and etag replaces add_etags.
    Additionally, path replaces filename in
    send_from_directory.
  • The RequestContext.g property returning AppContext.g is
    removed.

• Update Werkzeug dependency to >= 2.2.

• The app and request contexts are managed using Python context vars
  directly rather than Werkzeug's LocalStack. This should result
  in better performance and memory use. :pr:4682

  • Extension maintainers, be aware that _app_ctx_stack.top
    and _request_ctx_stack.top are deprecated. Store data on
    g instead using a unique prefix, like
    g._extension_name_attr.

• The FLASK_ENV environment variable and app.env attribute are
  deprecated, removing the distinction between development and debug
  mode. Debug mode should be controlled directly using the --debug
  option or app.run(debug=True). :issue:4714

• Some attributes that proxied config keys on app are deprecated:
  session_cookie_name, send_file_max_age_default,
  use_x_sendfile, propagate_exceptions, and
  templates_auto_reload. Use the relevant config keys instead.
  :issue:4716

• Add new customization points to the Flask app object for many
  previously global behaviors.

  • flask.url_for will call app.url_for. :issue:4568
  • flask.abort will call app.aborter.
    Flask.aborter_class and Flask.make_aborter can be used
    to customize this aborter. :issue:4567
  • flask.redirect will call app.redirect. :issue:4569
  • flask.json is an instance of JSONProvider. A different
    provider can be set to use a different JSON library.
    flask.jsonify will call app.json.response, other
    functions in flask.json will call corresponding functions in
    app.json. :pr:4692

• JSON configuration is moved to attributes on the default
  app.json provider. JSON_AS_ASCII, JSON_SORT_KEYS,
  JSONIFY_MIMETYPE, and JSONIFY_PRETTYPRINT_REGULAR are
  deprecated. :pr:4692

• Setting custom json_encoder and json_decoder classes on the
  app or a blueprint, and the corresponding json.JSONEncoder and
  JSONDecoder classes, are deprecated. JSON behavior can now be
  overridden using the app.json provider interface. :pr:4692

• json.htmlsafe_dumps and json.htmlsafe_dump are deprecated,
  the function is built-in to Jinja now. :pr:4692

• Refactor register_error_handler to consolidate error checking.
  Rewrite some error messages to be more consistent. :issue:4559

• Use Blueprint decorators and functions intended for setup after
  registering the blueprint will show a warning. In the next version,
  this will become an error just like the application setup methods.
  :issue:4571

• before_first_request is deprecated. Run setup code when creating
  the application instead. :issue:4605

• Added the View.init_every_request class attribute. If a view
  subclass sets this to False, the view will not create a new
  instance on every request. :issue:2520.

• A flask.cli.FlaskGroup Click group can be nested as a
  sub-command in a custom CLI. :issue:3263

• Add --app and --debug options to the flask CLI, instead
  of requiring that they are set through environment variables.
  :issue:2836

• Add --env-file option to the flask CLI. This allows
  specifying a dotenv file to load in addition to .env and
  .flaskenv. :issue:3108

• It is no longer required to decorate custom CLI commands on
  app.cli or blueprint.cli with @with_appcontext, an app
  context will already be active at that point. :issue:2410

• SessionInterface.get_expiration_time uses a timezone-aware
  value. :pr:4645

• View functions can return generators directly instead of wrapping
  them in a Response. :pr:4629

• Add stream_template and stream_template_string functions to
  render a template as a stream of pieces. :pr:4629

• A new implementation of context preservation during debugging and
  testing. :pr:4666

  • request, g, and other context-locals point to the
    correct data when running code in the interactive debugger
    console. :issue:2836
  • Teardown functions are always run at the end of the request,
    even if the context is preserved. They are also run after the
    preserved context is popped.
  • stream_with_context preserves context separately from a
    with client block. It will be cleaned up when
    response.get_data() or response.close() is called.

• Allow returning a list from a view function, to convert it to a
  JSON response like a dict is. :issue:4672

• When type checking, allow TypedDict to be returned from view
  functions. :pr:4695

• Remove the --eager-loading/--lazy-loading options from the
  flask run command. The app is always eager loaded the first
  time, then lazily loaded in the reloader. The reloader always prints
  errors immediately but continues serving. Remove the internal
  DispatchingApp middleware used by the previous implementation.
  :issue:4715

v2.1.3

Compare Source

Released 2022-07-13

• Inline some optional imports that are only used for certain CLI
  commands. :pr:4606
• Relax type annotation for after_request functions. :issue:4600
• instance_path for namespace packages uses the path closest to
  the imported submodule. :issue:4610
• Clearer error message when render_template and
  render_template_string are used outside an application context.
  :pr:4693

v2.1.2

Compare Source

Released 2022-04-28

• Fix type annotation for json.loads, it accepts str or bytes.
  :issue:4519
• The --cert and --key options on flask run can be given
  in either order. :issue:4459

v2.1.1

Compare Source

Released on 2022-03-30

• Set the minimum required version of importlib_metadata to 3.6.0,
  which is required on Python < 3.10. :issue:4502

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).