Scheduled weekly dependency update for week 18

[pyup-bot]

Update Flask from 1.1.2 to 3.0.3.

Changelog

3.0.3

-------------

Released 2024-04-07

-   The default ``hashlib.sha1`` may not be available in FIPS builds. Don't
 access it at import time so the developer has time to change the default.
 :issue:`5448`
-   Don't initialize the ``cli`` attribute in the sansio scaffold, but rather in
 the ``Flask`` concrete class. :pr:`5270`

3.0.2

-------------

Released 2024-02-03

-   Correct type for ``jinja_loader`` property. :issue:`5388`
-   Fix error with ``--extra-files`` and ``--exclude-patterns`` CLI options.
 :issue:`5391`

3.0.1

-------------

Released 2024-01-18

-   Correct type for ``path`` argument to ``send_file``. :issue:`5230`
-   Fix a typo in an error message for the ``flask run --key`` option. :pr:`5344`
-   Session data is untagged without relying on the built-in ``json.loads``
 ``object_hook``. This allows other JSON providers that don't implement that.
 :issue:`5381`
-   Address more type findings when using mypy strict mode. :pr:`5383`

3.0.0

-------------

Released 2023-09-30

-   Remove previously deprecated code. :pr:`5223`
-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask")``, instead. :issue:`5230`
-   Restructure the code such that the Flask (app) and Blueprint
 classes have Sans-IO bases. :pr:`5127`
-   Allow self as an argument to url_for. :pr:`5264`
-   Require Werkzeug >= 3.0.0.

2.3.3

-------------

Released 2023-08-21

-   Python 3.12 compatibility.
-   Require Werkzeug >= 2.3.7.
-   Use ``flit_core`` instead of ``setuptools`` as build backend.
-   Refactor how an app's root and instance paths are determined. :issue:`5160`

2.3.2

-------------

Released 2023-05-01

-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.
-   Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes.

2.3.1

-------------

Released 2023-04-25

-   Restore deprecated ``from flask import Markup``. :issue:`5084`

2.3.0

-------------

Released 2023-04-25

-   Drop support for Python 3.7. :pr:`5072`
-   Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2,
 itsdangerous>=2.1.2, click>=8.1.3.
-   Remove previously deprecated code. :pr:`4995`

 -   The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and
     ``_request_ctx_stack`` objects are removed. ``top`` still exists to give
     extensions more time to update, but it will be removed.
 -   The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env``
     property are removed.
 -   The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``,
     ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app``
     are removed.
 -   The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and
     ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed.
 -   The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators
     are removed.
 -   ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the
     corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed.
 -   The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed.
 -   Calling setup methods on blueprints after registration is an error instead of a
     warning. :pr:`4997`

-   Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them
 directly from ``markupsafe`` instead. :pr:`4996`
-   The ``app.got_first_request`` property is deprecated. :pr:`4997`
-   The ``locked_cached_property`` decorator is deprecated. Use a lock inside the
 decorated function if locking is needed. :issue:`4993`
-   Signals are always available. ``blinker>=1.6.2`` is a required dependency. The
 ``signals_available`` attribute is deprecated. :issue:`5056`
-   Signals support ``async`` subscriber functions. :pr:`5049`
-   Remove uses of locks that could cause requests to block each other very briefly.
 :issue:`4993`
-   Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
 :pr:`4947`
-   Ensure subdomains are applied with nested blueprints. :issue:`4834`
-   ``config.from_file`` can use ``text=False`` to indicate that the parser wants a
 binary file instead. :issue:`4989`
-   If a blueprint is created with an empty name it raises a ``ValueError``.
 :issue:`5010`
-   ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not
 to set the domain, which modern browsers interpret as an exact match rather than
 a subdomain match. Warnings about ``localhost`` and IP addresses are also removed.
 :issue:`5051`
-   The ``routes`` command shows each rule's ``subdomain`` or ``host`` when domain
 matching is in use. :issue:`5004`
-   Use postponed evaluation of annotations. :pr:`5071`

2.2.5

-------------

Released 2023-05-02

-   Update for compatibility with Werkzeug 2.3.3.
-   Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed.

2.2.4

-------------

Released 2023-04-25

-   Update for compatibility with Werkzeug 2.3.

2.2.3

-------------

Released 2023-02-15

-   Autoescape is enabled by default for ``.svg`` template files. :issue:`4831`
-   Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892`
-   Add ``--debug`` option to the ``flask run`` command. :issue:`4777`

2.2.2

-------------

Released 2022-08-08

-   Update Werkzeug dependency to >= 2.2.2. This includes fixes related
 to the new faster router, header parsing, and the development
 server. :pr:`4754`
-   Fix the default value for ``app.env`` to be ``"production"``. This
 attribute remains deprecated. :issue:`4740`

2.2.1

-------------

Released 2022-08-03

-   Setting or accessing ``json_encoder`` or ``json_decoder`` raises a
 deprecation warning. :issue:`4732`

2.2.0

-------------

Released 2022-08-01

-   Remove previously deprecated code. :pr:`4667`

 -   Old names for some ``send_file`` parameters have been removed.
     ``download_name`` replaces ``attachment_filename``, ``max_age``
     replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``.
     Additionally, ``path`` replaces ``filename`` in
     ``send_from_directory``.
 -   The ``RequestContext.g`` property returning ``AppContext.g`` is
     removed.

-   Update Werkzeug dependency to >= 2.2.
-   The app and request contexts are managed using Python context vars
 directly rather than Werkzeug's ``LocalStack``. This should result
 in better performance and memory use. :pr:`4682`

 -   Extension maintainers, be aware that ``_app_ctx_stack.top``
     and ``_request_ctx_stack.top`` are deprecated. Store data on
     ``g`` instead using a unique prefix, like
     ``g._extension_name_attr``.

-   The ``FLASK_ENV`` environment variable and ``app.env`` attribute are
 deprecated, removing the distinction between development and debug
 mode. Debug mode should be controlled directly using the ``--debug``
 option or ``app.run(debug=True)``. :issue:`4714`
-   Some attributes that proxied config keys on ``app`` are deprecated:
 ``session_cookie_name``, ``send_file_max_age_default``,
 ``use_x_sendfile``, ``propagate_exceptions``, and
 ``templates_auto_reload``. Use the relevant config keys instead.
 :issue:`4716`
-   Add new customization points to the ``Flask`` app object for many
 previously global behaviors.

 -   ``flask.url_for`` will call ``app.url_for``. :issue:`4568`
 -   ``flask.abort`` will call ``app.aborter``.
     ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used
     to customize this aborter. :issue:`4567`
 -   ``flask.redirect`` will call ``app.redirect``. :issue:`4569`
 -   ``flask.json`` is an instance of ``JSONProvider``. A different
     provider can be set to use a different JSON library.
     ``flask.jsonify`` will call ``app.json.response``, other
     functions in ``flask.json`` will call corresponding functions in
     ``app.json``. :pr:`4692`

-   JSON configuration is moved to attributes on the default
 ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``,
 ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are
 deprecated. :pr:`4692`
-   Setting custom ``json_encoder`` and ``json_decoder`` classes on the
 app or a blueprint, and the corresponding ``json.JSONEncoder`` and
 ``JSONDecoder`` classes, are deprecated. JSON behavior can now be
 overridden using the ``app.json`` provider interface. :pr:`4692`
-   ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated,
 the function is built-in to Jinja now. :pr:`4692`
-   Refactor ``register_error_handler`` to consolidate error checking.
 Rewrite some error messages to be more consistent. :issue:`4559`
-   Use Blueprint decorators and functions intended for setup after
 registering the blueprint will show a warning. In the next version,
 this will become an error just like the application setup methods.
 :issue:`4571`
-   ``before_first_request`` is deprecated. Run setup code when creating
 the application instead. :issue:`4605`
-   Added the ``View.init_every_request`` class attribute. If a view
 subclass sets this to ``False``, the view will not create a new
 instance on every request. :issue:`2520`.
-   A ``flask.cli.FlaskGroup`` Click group can be nested as a
 sub-command in a custom CLI. :issue:`3263`
-   Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead
 of requiring that they are set through environment variables.
 :issue:`2836`
-   Add ``--env-file`` option to the ``flask`` CLI. This allows
 specifying a dotenv file to load in addition to ``.env`` and
 ``.flaskenv``. :issue:`3108`
-   It is no longer required to decorate custom CLI commands on
 ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app
 context will already be active at that point. :issue:`2410`
-   ``SessionInterface.get_expiration_time`` uses a timezone-aware
 value. :pr:`4645`
-   View functions can return generators directly instead of wrapping
 them in a ``Response``. :pr:`4629`
-   Add ``stream_template`` and ``stream_template_string`` functions to
 render a template as a stream of pieces. :pr:`4629`
-   A new implementation of context preservation during debugging and
 testing. :pr:`4666`

 -   ``request``, ``g``, and other context-locals point to the
     correct data when running code in the interactive debugger
     console. :issue:`2836`
 -   Teardown functions are always run at the end of the request,
     even if the context is preserved. They are also run after the
     preserved context is popped.
 -   ``stream_with_context`` preserves context separately from a
     ``with client`` block. It will be cleaned up when
     ``response.get_data()`` or ``response.close()`` is called.

-   Allow returning a list from a view function, to convert it to a
 JSON response like a dict is. :issue:`4672`
-   When type checking, allow ``TypedDict`` to be returned from view
 functions. :pr:`4695`
-   Remove the ``--eager-loading/--lazy-loading`` options from the
 ``flask run`` command. The app is always eager loaded the first
 time, then lazily loaded in the reloader. The reloader always prints
 errors immediately but continues serving. Remove the internal
 ``DispatchingApp`` middleware used by the previous implementation.
 :issue:`4715`

2.1.3

-------------

Released 2022-07-13

-   Inline some optional imports that are only used for certain CLI
 commands. :pr:`4606`
-   Relax type annotation for ``after_request`` functions. :issue:`4600`
-   ``instance_path`` for namespace packages uses the path closest to
 the imported submodule. :issue:`4610`
-   Clearer error message when ``render_template`` and
 ``render_template_string`` are used outside an application context.
 :pr:`4693`

2.1.2

-------------

Released 2022-04-28

-   Fix type annotation for ``json.loads``, it accepts str or bytes.
 :issue:`4519`
-   The ``--cert`` and ``--key`` options on ``flask run`` can be given
 in either order. :issue:`4459`

2.1.1

-------------

Released on 2022-03-30

-   Set the minimum required version of importlib_metadata to 3.6.0,
 which is required on Python < 3.10. :issue:`4502`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`4335`
-   Update Click dependency to >= 8.0. :pr:`4008`
-   Remove previously deprecated code. :pr:`4337`

 -   The CLI does not pass ``script_info`` to app factory functions.
 -   ``config.from_json`` is replaced by
     ``config.from_file(name, load=json.load)``.
 -   ``json`` functions no longer take an ``encoding`` parameter.
 -   ``safe_join`` is removed, use ``werkzeug.utils.safe_join``
     instead.
 -   ``total_seconds`` is removed, use ``timedelta.total_seconds``
     instead.
 -   The same blueprint cannot be registered with the same name. Use
     ``name=`` when registering to specify a unique name.
 -   The test client's ``as_tuple`` parameter is removed. Use
     ``response.request.environ`` instead. :pr:`4417`

-   Some parameters in ``send_file`` and ``send_from_directory`` were
 renamed in 2.0. The deprecation period for the old names is extended
 to 2.2. Be sure to test with deprecation warnings visible.

 -   ``attachment_filename`` is renamed to ``download_name``.
 -   ``cache_timeout`` is renamed to ``max_age``.
 -   ``add_etags`` is renamed to ``etag``.
 -   ``filename`` is renamed to ``path``.

-   The ``RequestContext.g`` property is deprecated. Use ``g`` directly
 or ``AppContext.g`` instead. :issue:`3898`
-   ``copy_current_request_context`` can decorate async functions.
 :pr:`4303`
-   The CLI uses ``importlib.metadata`` instead of ``pkg_resources`` to
 load command entry points. :issue:`4419`
-   Overriding ``FlaskClient.open`` will not cause an error on redirect.
 :issue:`3396`
-   Add an ``--exclude-patterns`` option to the ``flask run`` CLI
 command to specify patterns that will be ignored by the reloader.
 :issue:`4188`
-   When using lazy loading (the default with the debugger), the Click
 context from the ``flask run`` command remains available in the
 loader thread. :issue:`4460`
-   Deleting the session cookie uses the ``httponly`` flag.
 :issue:`4485`
-   Relax typing for ``errorhandler`` to allow the user to use more
 precise types and decorate the same function multiple times.
 :issue:`4095, 4295, 4297`
-   Fix typing for ``__exit__`` methods for better compatibility with
 ``ExitStack``. :issue:`4474`
-   From Werkzeug, for redirect responses the ``Location`` header URL
 will remain relative, and exclude the scheme and domain, by default.
 :pr:`4496`
-   Add ``Config.from_prefixed_env()`` to load config values from
 environment variables that start with ``FLASK_`` or another prefix.
 This parses values as JSON by default, and allows setting keys in
 nested dicts. :pr:`4479`

2.0.3

-------------

Released 2022-02-14

-   The test client's ``as_tuple`` parameter is deprecated and will be
 removed in Werkzeug 2.1. It is now also deprecated in Flask, to be
 removed in Flask 2.1, while remaining compatible with both in
 2.0.x. Use ``response.request.environ`` instead. :pr:`4341`
-   Fix type annotation for ``errorhandler`` decorator. :issue:`4295`
-   Revert a change to the CLI that caused it to hide ``ImportError``
 tracebacks when importing the application. :issue:`4307`
-   ``app.json_encoder`` and ``json_decoder`` are only passed to
 ``dumps`` and ``loads`` if they have custom behavior. This improves
 performance, mainly on PyPy. :issue:`4349`
-   Clearer error message when ``after_this_request`` is used outside a
 request context. :issue:`4333`

2.0.2

-------------

Released 2021-10-04

-   Fix type annotation for ``teardown_*`` methods. :issue:`4093`
-   Fix type annotation for ``before_request`` and ``before_app_request``
 decorators. :issue:`4104`
-   Fixed the issue where typing requires template global
 decorators to accept functions with no arguments. :issue:`4098`
-   Support View and MethodView instances with async handlers. :issue:`4112`
-   Enhance typing of ``app.errorhandler`` decorator. :issue:`4095`
-   Fix registering a blueprint twice with differing names. :issue:`4124`
-   Fix the type of ``static_folder`` to accept ``pathlib.Path``.
 :issue:`4150`
-   ``jsonify`` handles ``decimal.Decimal`` by encoding to ``str``.
 :issue:`4157`
-   Correctly handle raising deferred errors in CLI lazy loading.
 :issue:`4096`
-   The CLI loader handles ``**kwargs`` in a ``create_app`` function.
 :issue:`4170`
-   Fix the order of ``before_request`` and other callbacks that trigger
 before the view returns. They are called from the app down to the
 closest nested blueprint. :issue:`4229`

2.0.1

-------------

Released 2021-05-21

-   Re-add the ``filename`` parameter in ``send_from_directory``. The
 ``filename`` parameter has been renamed to ``path``, the old name
 is deprecated. :pr:`4019`
-   Mark top-level names as exported so type checking understands
 imports in user projects. :issue:`4024`
-   Fix type annotation for ``g`` and inform mypy that it is a namespace
 object that has arbitrary attributes. :issue:`4020`
-   Fix some types that weren't available in Python 3.6.0. :issue:`4040`
-   Improve typing for ``send_file``, ``send_from_directory``, and
 ``get_send_file_max_age``. :issue:`4044`, :pr:`4026`
-   Show an error when a blueprint name contains a dot. The ``.`` has
 special meaning, it is used to separate (nested) blueprint names and
 the endpoint name. :issue:`4041`
-   Combine URL prefixes when nesting blueprints that were created with
 a ``url_prefix`` value. :issue:`4037`
-   Revert a change to the order that URL matching was done. The
 URL is again matched after the session is loaded, so the session is
 available in custom URL converters. :issue:`4053`
-   Re-add deprecated ``Config.from_json``, which was accidentally
 removed early. :issue:`4078`
-   Improve typing for some functions using ``Callable`` in their type
 signatures, focusing on decorator factories. :issue:`4060`
-   Nested blueprints are registered with their dotted name. This allows
 different blueprints with the same name to be nested at different
 locations. :issue:`4069`
-   ``register_blueprint`` takes a ``name`` option to change the
 (pre-dotted) name the blueprint is registered with. This allows the
 same blueprint to be registered multiple times with unique names for
 ``url_for``. Registering the same blueprint with the same name
 multiple times is deprecated. :issue:`1091`
-   Improve typing for ``stream_with_context``. :issue:`4052`

2.0.0

-------------

Released 2021-05-11

-   Drop support for Python 2 and 3.5.
-   Bump minimum versions of other Pallets projects: Werkzeug >= 2,
 Jinja2 >= 3, MarkupSafe >= 2, ItsDangerous >= 2, Click >= 8. Be sure
 to check the change logs for each project. For better compatibility
 with other applications (e.g. Celery) that still require Click 7,
 there is no hard dependency on Click 8 yet, but using Click 7 will
 trigger a DeprecationWarning and Flask 2.1 will depend on Click 8.
-   JSON support no longer uses simplejson. To use another JSON module,
 override ``app.json_encoder`` and ``json_decoder``. :issue:`3555`
-   The ``encoding`` option to JSON functions is deprecated. :pr:`3562`
-   Passing ``script_info`` to app factory functions is deprecated. This
 was not portable outside the ``flask`` command. Use
 ``click.get_current_context().obj`` if it's needed. :issue:`3552`
-   The CLI shows better error messages when the app failed to load
 when looking up commands. :issue:`2741`
-   Add ``SessionInterface.get_cookie_name`` to allow setting the
 session cookie name dynamically. :pr:`3369`
-   Add ``Config.from_file`` to load config using arbitrary file
 loaders, such as ``toml.load`` or ``json.load``.
 ``Config.from_json`` is deprecated in favor of this. :pr:`3398`
-   The ``flask run`` command will only defer errors on reload. Errors
 present during the initial call will cause the server to exit with
 the traceback immediately. :issue:`3431`
-   ``send_file`` raises a ``ValueError`` when passed an ``io`` object
 in text mode. Previously, it would respond with 200 OK and an empty
 file. :issue:`3358`
-   When using ad-hoc certificates, check for the cryptography library
 instead of PyOpenSSL. :pr:`3492`
-   When specifying a factory function with ``FLASK_APP``, keyword
 argument can be passed. :issue:`3553`
-   When loading a ``.env`` or ``.flaskenv`` file, the current working
 directory is no longer changed to the location of the file.
 :pr:`3560`
-   When returning a ``(response, headers)`` tuple from a view, the
 headers replace rather than extend existing headers on the response.
 For example, this allows setting the ``Content-Type`` for
 ``jsonify()``. Use ``response.headers.extend()`` if extending is
 desired. :issue:`3628`
-   The ``Scaffold`` class provides a common API for the ``Flask`` and
 ``Blueprint`` classes. ``Blueprint`` information is stored in
 attributes just like ``Flask``, rather than opaque lambda functions.
 This is intended to improve consistency and maintainability.
 :issue:`3215`
-   Include ``samesite`` and ``secure`` options when removing the
 session cookie. :pr:`3726`
-   Support passing a ``pathlib.Path`` to ``static_folder``. :pr:`3579`
-   ``send_file`` and ``send_from_directory`` are wrappers around the
 implementations in ``werkzeug.utils``. :pr:`3828`
-   Some ``send_file`` parameters have been renamed, the old names are
 deprecated. ``attachment_filename`` is renamed to ``download_name``.
 ``cache_timeout`` is renamed to ``max_age``. ``add_etags`` is
 renamed to ``etag``. :pr:`3828, 3883`
-   ``send_file`` passes ``download_name`` even if
 ``as_attachment=False`` by using ``Content-Disposition: inline``.
 :pr:`3828`
-   ``send_file`` sets ``conditional=True`` and ``max_age=None`` by
 default. ``Cache-Control`` is set to ``no-cache`` if ``max_age`` is
 not set, otherwise ``public``. This tells browsers to validate
 conditional requests instead of using a timed cache. :pr:`3828`
-   ``helpers.safe_join`` is deprecated. Use
 ``werkzeug.utils.safe_join`` instead. :pr:`3828`
-   The request context does route matching before opening the session.
 This could allow a session interface to change behavior based on
 ``request.endpoint``. :issue:`3776`
-   Use Jinja's implementation of the ``|tojson`` filter. :issue:`3881`
-   Add route decorators for common HTTP methods. For example,
 ``app.post("/login")`` is a shortcut for
 ``app.route("/login", methods=["POST"])``. :pr:`3907`
-   Support async views, error handlers, before and after request, and
 teardown functions. :pr:`3412`
-   Support nesting blueprints. :issue:`593, 1548`, :pr:`3923`
-   Set the default encoding to "UTF-8" when loading ``.env`` and
 ``.flaskenv`` files to allow to use non-ASCII characters. :issue:`3931`
-   ``flask shell`` sets up tab and history completion like the default
 ``python`` shell if ``readline`` is installed. :issue:`3941`
-   ``helpers.total_seconds()`` is deprecated. Use
 ``timedelta.total_seconds()`` instead. :pr:`3962`
-   Add type hinting. :pr:`3973`.

1.1.4

-------------

Released 2021-05-13

-   Update ``static_folder`` to use ``_compat.fspath`` instead of
 ``os.fspath`` to continue supporting Python < 3.6 :issue:`4050`

1.1.3

-------------

Released 2021-05-13

-   Set maximum versions of Werkzeug, Jinja, Click, and ItsDangerous.
 :issue:`4043`
-   Re-add support for passing a ``pathlib.Path`` for ``static_folder``.
 :pr:`3579`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://data.safetycli.com/changelogs/flask/

Update Flask-Admin from 1.5.7 to 1.6.1.

Changelog

1.6.1

-----

* SQLAlchemy 2.x support
* General updates and bug fixes
* Dropped WTForms 1 support

1.6.0

-----

* Dropped Python 2 support
* WTForms 3.0 support
* Various fixes

1.5.8

-----

* SQLAlchemy 1.4.5+ compatibility fixes
* Redis CLI fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://data.safetycli.com/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update Flask-SQLAlchemy from 2.4.4 to 3.1.1.

Changelog

3.1.1

-------------

Released 2023-09-11

-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask-sqlalchemy")``, instead. :issue:`5230`

3.1.0

-------------

Released 2023-09-11

-   Drop support for Python 3.7.  :pr:`1251`
-   Add support for the SQLAlchemy 2.x API via ``model_class`` parameter. :issue:`1140`
-   Bump minimum version of SQLAlchemy to 2.0.16.
-   Remove previously deprecated code.
-   Pass extra keyword arguments from ``get_or_404`` to ``session.get``. :issue:`1149`
-   Fix bug with finding right bind key for clause statements. :issue:`1211`

3.0.5

-------------

Released 2023-06-21

-   ``Pagination.next()`` enforces ``max_per_page``. :issue:`1201`
-   Improve type hint for ``get_or_404`` return value to be non-optional. :pr:`1226`

3.0.4

-------------

Released 2023-06-19

-   Fix type hint for ``get_or_404`` return value. :pr:`1208`
-   Fix type hints for pyright (used by VS Code Pylance extension). :issue:`1205`

3.0.3

-------------

Released 2023-01-31

-   Show helpful errors when mistakenly using multiple ``SQLAlchemy`` instances for the
 same app, or without calling ``init_app``. :pr:`1151`
-   Fix issue with getting the engine associated with a model that uses polymorphic
 table inheritance. :issue:`1155`

3.0.2

-------------

Released 2022-10-14

-   Update compatibility with SQLAlchemy 2. :issue:`1122`

3.0.1

-------------

Released 2022-10-11

-   Export typing information instead of using external typeshed definitions.
 :issue:`1112`
-   If default engine options are set, but ``SQLALCHEMY_DATABASE_URI`` is not set, an
 invalid default bind will not be configured. :issue:`1117`

3.0.0

-------------

Released 2022-10-04

-   Drop support for Python 2, 3.4, 3.5, and 3.6.
-   Bump minimum version of Flask to 2.2.
-   Bump minimum version of SQLAlchemy to 1.4.18.
-   Remove previously deprecated code.
-   The session is scoped to the current app context instead of the thread. This
 requires that an app context is active. This ensures that the session is cleaned up
 after every request.
-   An active Flask application context is always required to access ``session`` and
 ``engine``, regardless of if an application was passed to the constructor.
 :issue:`508, 944`
-   Different bind keys use different SQLAlchemy ``MetaData`` registries, allowing
 tables in different databases to have the same name. Bind keys are stored and looked
 up on the resulting metadata rather than the model or table.
-   ``SQLALCHEMY_DATABASE_URI`` does not default to ``sqlite:///:memory:``. An error is
 raised if neither it nor ``SQLALCHEMY_BINDS`` define any engines. :pr:`731`
-   Configuring SQLite with a relative path is relative to ``app.instance_path`` instead
 of ``app.root_path``. The instance folder is created if necessary. :issue:`462`
-   Added ``get_or_404``, ``first_or_404``, ``one_or_404``, and ``paginate`` methods to
 the extension object. These use SQLAlchemy's preferred ``session.execute(select())``
 pattern instead of the legacy query interface. :issue:`1088`
-   Setup methods that create the engines and session are renamed with a leading
 underscore. They are considered internal interfaces which may change at any time.
-   All parameters to ``SQLAlchemy`` except ``app`` are keyword-only.
-   Renamed the ``bind`` parameter to ``bind_key`` and removed the ``app`` parameter
 from various ``SQLAlchemy`` methods.
-   The extension object uses ``__getattr__`` to alias names from the SQLAlchemy
 package, rather than copying them as attributes.
-   The extension object is stored directly as ``app.extensions["sqlalchemy"]``.
 :issue:`698`
-   The session class can be customized by passing the ``class_`` key in the
 ``session_options`` parameter. :issue:`327`
-   ``SignallingSession`` is renamed to ``Session``.
-   ``Session.get_bind`` more closely matches the base implementation.
-   Model classes and the ``db`` instance are available without imports in
 ``flask shell``. :issue:`1089`
-   The ``CamelCase`` to ``snake_case`` table name converter handles more patterns
 correctly. If model that was already created in the database changed, either use
 Alembic to rename the table, or set ``__tablename__`` to keep the old name.
 :issue:`406`
-   ``Model`` ``repr`` distinguishes between transient and pending instances.
 :issue:`967`
-   A custom model class can implement ``__init_subclass__`` with class parameters.
 :issue:`1002`
-   ``db.Table`` is a subclass instead of a function.
-   The ``engine_options`` parameter is applied as defaults before per-engine
 configuration.
-   ``SQLALCHEMY_BINDS`` values can either be an engine URL, or a dict of engine options
 including URL, for each bind. ``SQLALCHEMY_DATABASE_URI`` and
 ``SQLALCHEMY_ENGINE_OPTIONS`` correspond to the ``None`` key and take precedence.
 :issue:`783`
-   Engines are created when calling ``init_app`` rather than the first time they are
 accessed. :issue:`698`
-   ``db.engines`` exposes the map of bind keys to engines for the current app.
-   ``get_engine``, ``get_tables_for_bind``, and ``get_binds`` are deprecated.
-   SQLite driver-level URIs that look like ``sqlite:///file:name.db?uri=true`` are
 supported. :issue:`998, 1045`
-   SQLite engines do not use ``NullPool`` if ``pool_size`` is 0.
-   MySQL engines use the "utf8mb4" charset by default. :issue:`875`
-   MySQL engines do not set ``pool_size`` to 10.
-   MySQL engines don't set a default for ``pool_recycle`` if not using a queue pool.
 :issue:`803`
-   ``Query`` is renamed from ``BaseQuery``.
-   Added ``Query.one_or_404``.
-   The query class is applied to ``backref`` in ``relationship``. :issue:`417`
-   Creating ``Pagination`` objects manually is no longer a public API. They should be
 created with ``db.paginate`` or ``query.paginate``. :issue:`1088`
-   ``Pagination.iter_pages`` and ``Query.paginate`` parameters are keyword-only.
-   ``Pagination`` is iterable, iterating over its items. :issue:`70`
-   Pagination count query is more efficient.
-   ``Pagination.iter_pages`` is more efficient. :issue:`622`
-   ``Pagination.iter_pages`` ``right_current`` parameter is inclusive.
-   Pagination ``per_page`` cannot be 0. :issue:`1091`
-   Pagination ``max_per_page`` defaults to 100. :issue:`1091`
-   Added ``Pagination.first`` and ``last`` properties, which give the number of the
 first and last item on the page. :issue:`567`
-   ``SQLALCHEMY_RECORD_QUERIES`` is disabled by default, and is not enabled
 automatically with ``app.debug`` or ``app.testing``. :issue:`1092`
-   ``get_debug_queries`` is renamed to ``get_recorded_queries`` to better match the
 config and functionality.
-   Recorded query info is a dataclass instead of a tuple. The ``context`` attribute is
 renamed to ``location``. Finding the location uses a more inclusive check.
-   ``SQLALCHEMY_TRACK_MODIFICATIONS`` is disabled by default. :pr:`727`
-   ``SQLALCHEMY_COMMIT_ON_TEARDOWN`` is deprecated. It can cause various design issues
 that are difficult to debug. Call ``db.session.commit()`` directly instead.
 :issue:`216`

2.5.1

-------------

Released 2021-03-18

-   Fix compatibility with Python 2.7.

2.5.0

-------------

Released 2021-03-18

-   Update to support SQLAlchemy 1.4.
-   SQLAlchemy ``URL`` objects are immutable. Some internal methods have changed to
 return a new URL instead of ``None``. :issue:`885`

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://data.safetycli.com/changelogs/flask-sqlalchemy/
• Docs: https://pythonhosted.org/Flask-SQLAlchemy/

Update SQLAlchemy from 1.3.20 to 2.0.30.

Changelog

2.0.30

:released: May 5, 2024

 .. change::
     :tags: bug, typing, regression
     :tickets: 11200

     Fixed typing regression caused by :ticket:`11055` in version 2.0.29 that
     added ``ParamSpec`` to the asyncio ``run_sync()`` methods, where using
     :meth:`_asyncio.AsyncConnection.run_sync` with
     :meth:`_schema.MetaData.reflect` would fail on mypy due to a mypy issue.
     Pull request courtesy of Francisco R. Del Roio.

 .. change::
     :tags: bug, engine
     :tickets: 11210

     Fixed issue in the
     :paramref:`_engine.Connection.execution_options.logging_token` option,
     where changing the value of ``logging_token`` on a connection that has
     already logged messages would not be updated to reflect the new logging
     token.  This in particular prevented the use of
     :meth:`_orm.Session.connection` to change the option on the connection,
     since the BEGIN logging message would already have been emitted.

 .. change::
     :tags: bug, orm
     :tickets: 11220

     Added new attribute :attr:`_orm.ORMExecuteState.is_from_statement` to
     detect statements created using :meth:`_sql.Select.from_statement`, and
     enhanced ``FromStatement`` to set :attr:`_orm.ORMExecuteState.is_select`,
     :attr:`_orm.ORMExecuteState.is_insert`,
     :attr:`_orm.ORMExecuteState.is_update`, and
     :attr:`_orm.ORMExecuteState.is_delete` according to the element that is
     sent to the :meth:`_sql.Select.from_statement` method itself.

 .. change::
     :tags: bug, test
     :tickets: 11268

     Ensure the ``PYTHONPATH`` variable is properly initialized when
     using ``subprocess.run`` in the tests.

 .. change::
     :tags: bug, orm
     :tickets: 11291

     Fixed issue in  :func:`_orm.selectin_polymorphic` loader option where
     attributes defined with :func:`_orm.composite` on a superclass would cause
     an internal exception on load.


 .. change::
     :tags: bug, orm, regression
     :tickets: 11292

     Fixed regression from 1.4 where using :func:`_orm.defaultload` in
     conjunction with a non-propagating loader like :func:`_orm.contains_eager`
     would nonetheless propagate the :func:`_orm.contains_eager` to a lazy load
     operation, causing incorrect queries as this option is only intended to
     come from an original load.



 .. change::
     :tags: bug, orm
     :tickets: 11305

     Fixed issue in ORM Annotated Declarative where typing issue where literals
     defined using :pep:`695` type aliases would not work with inference of
     :class:`.Enum` datatypes. Pull request courtesy of Alc-Alc.

 .. change::
     :tags: bug, engine
     :tickets: 11306

     Fixed issue in cursor handling which affected handling of duplicate
     :class:`_sql.Column` or similar objcts in the columns clause of
     :func:`_sql.select`, both in combination with arbitary :func:`_sql.text()`
     clauses in the SELECT list, as well as when attempting to retrieve
     :meth:`_engine.Result.mappings` for the object, which would lead to an
     internal error.



 .. change::
     :tags: bug, orm
     :tickets: 11327

     Fixed issue in :func:`_orm.selectin_polymorphic` loader option where the
     SELECT emitted would only accommodate for the child-most class among the
     result rows that were returned, leading intermediary-class attributes to be
     unloaded if there were no concrete instances of that intermediary-class
     present in the result.   This issue only presented itself for multi-level
     inheritance hierarchies.

 .. change::
     :tags: bug, orm
     :tickets: 11332

     Fixed issue in :meth:`_orm.Session.bulk_save_objects` where the form of the
     identity key produced when using ``return_defaults=True`` would be
     incorrect. This could lead to an errors during pickling as well as identity
     map mismatches.

 .. change::
     :tags: bug, installation
     :tickets: 11334

     Fixed an internal class that was testing for unexpected attributes to work
     correctly under upcoming Python 3.13.   Pull request courtesy Edgar
     Ramírez-Mondragón.

 .. change::
     :tags: bug, orm
     :tickets: 11347

     Fixed issue where attribute key names in :class:`_orm.Bundle` would not be
     correct when using ORM enabled :class:`_sql.select` vs.
     :class:`_orm.Query`, when the statement contained duplicate column names.

 .. change::
     :tags: bug, typing

     Fixed issue in typing for :class:`_orm.Bundle` where creating a nested
     :class:`_orm.Bundle` structure were not allowed.

.. changelog::

2.0.29

:released: March 23, 2024

 .. change::
     :tags: bug, orm
     :tickets: 10611

     Fixed Declarative issue where typing a relationship using
     :class:`_orm.Relationship` rather than :class:`_orm.Mapped` would
     inadvertently pull in the "dynamic" relationship loader strategy for that
     attribute.

 .. change::
     :tags: postgresql, usecase
     :tickets: 10693

     The PostgreSQL dialect now returns :class:`_postgresql.DOMAIN` instances
     when reflecting a column that has a domain as type. Previously, the domain
     data type was returned instead. As part of this change, the domain
     reflection was improved to also return the collation of the text types.
     Pull request courtesy of Thomas Stephenson.

 .. change::
     :tags: bug, typing
     :tickets: 11055

     Fixed typing issue allowing asyncio ``run_sync()`` methods to correctly
     type the parameters according to the callable that was passed, making use
     of :pep:`612` ``ParamSpec`` variables.  Pull request courtesy Francisco R.
     Del Roio.

 .. change::
     :tags: bug, orm
     :tickets: 11091

     Fixed issue in ORM annotated declarative where using
     :func:`_orm.mapped_column()` with an :paramref:`_orm.mapped_column.index`
     or :paramref:`_orm.mapped_column.unique` setting of False would be
     overridden by an incoming ``Annotated`` element that featured that
     parameter set to ``True``, even though the immediate
     :func:`_orm.mapped_column()` element is more specific and should take
     precedence.  The logic to reconcile the booleans has been enhanced to
     accommodate a local value of ``False`` as still taking precedence over an
     incoming ``True`` value from the annotated element.

 .. change::
     :tags: usecase, orm
     :tickets: 11130

     Added support for the :pep:`695` ``TypeAliasType`` construct as well as the
     python 3.12 native ``type`` keyword to work with ORM Annotated Declarative
     form when using these constructs to link to a :pep:`593` ``Annotated``
     container, allowing the resolution of the ``Annotated`` to proceed when
     these constructs are used in a :class:`_orm.Mapped` typing container.

 .. change::
     :tags: bug, engine
     :tickets: 11157

     Fixed issue in :ref:`engine_insertmanyvalues` feature where using a primary
     key column with an "inline execute" default generator such as an explicit
     :class:`.Sequence` with an explcit schema name, while at the same time
     using the
     :paramref:`_engine.Connection.execution_options.schema_translate_map`
     feature would fail to render the sequence or the parameters properly,
     leading to errors.

 .. change::
     :tags: bug, engine
     :tickets: 11160

     Made a change to the adjustment made in version 2.0.10 for :ticket:`9618`,
     which added the behavior of reconciling RETURNING rows from a bulk INSERT
     to the parameters that were passed to it.  This behavior included a
     comparison of already-DB-converted bound parameter values against returned
     row values that was not always "symmetrical" for SQL column types such as
     UUIDs, depending on specifics of how different DBAPIs receive such values
     versus how they return them, necessitating the need for additional
     "sentinel value resolver" methods on these column types.  Unfortunately
     this broke third party column types such as UUID/GUID types in libraries
     like SQLModel which did not implement this special method, raising an error
     "Can't match sentinel values in result set to parameter sets".  Rather than
     attempt to further explain and document this implementation detail of the
     "insertmanyvalues" feature including a public version of the new
     method, the approach is intead revised to no longer need this extra
     conversion step, and the logic that does the comparison now works on the
     pre-converted bound parameter value compared to the post-result-processed
     value, which should always be of a matching datatype.  In the unusual case
     that a custom SQL column type that also happens to be used in a "sentinel"
     column for bulk INSERT is not receiving and returning the same value type,
     the "Can't match" error will be raised, however the mitigation is
     straightforward in that the same Python datatype should be passed as that
     returned.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11173

     Fixed regression from version 2.0.28 caused by the fix for :ticket:`11085`
     where the newer method of adjusting post-cache bound parameter values would
     interefere with the implementation for the :func:`_orm.subqueryload` loader
     option, which has some more legacy patterns in use internally, when
     the additional loader criteria feature were used with this loader option.

 .. change::
     :tags: bug, sql, regression
     :tickets: 11176

     Fixed regression from the 1.4 series where the refactor of the
     :meth:`_types.TypeEngine.with_variant` method introduced at
     :ref:`change_6980` failed to accommodate for the ``.copy()`` method, which
     will lose the variant mappings that are set up. This becomes an issue for
     the very specific case of a "schema" type, which includes types such as
     :class:`.Enum` and :class:`_types.ARRAY`, when they are then used in the context
     of an ORM Declarative mapping with mixins where copying of types comes into
     play.  The variant mapping is now copied as well.

 .. change::
     :tags: bug, tests
     :tickets: 11187

     Backported to SQLAlchemy 2.0 an improvement to the test suite with regards
     to how asyncio related tests are run, now using the newer Python 3.11
     ``asyncio.Runner`` or a backported equivalent, rather than relying on the
     previous implementation based on ``asyncio.get_running_loop()``.  This
     should hopefully prevent issues with large suite runs on CPU loaded
     hardware where the event loop seems to become corrupted, leading to
     cascading failures.


.. changelog::

2.0.28

:released: March 4, 2024

 .. change::
     :tags: engine, usecase
     :tickets: 10974

     Added new core execution option
     :paramref:`_engine.Connection.execution_options.preserve_rowcount`. When
     set, the ``cursor.rowcount`` attribute from the DBAPI cursor will be
     unconditionally memoized at statement execution time, so that whatever
     value the DBAPI offers for any kind of statement will be available using
     the :attr:`_engine.CursorResult.rowcount` attribute from the
     :class:`_engine.CursorResult`.  This allows the rowcount to be accessed for
     statements such as INSERT and SELECT, to the degree supported by the DBAPI
     in use. The :ref:`engine_insertmanyvalues` also supports this option and
     will ensure :attr:`_engine.CursorResult.rowcount` is correctly set for a
     bulk INSERT of rows when set.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11010

     Fixed regression caused by :ticket:`9779` where using the "secondary" table
     in a relationship ``and_()`` expression would fail to be aliased to match
     how the "secondary" table normally renders within a
     :meth:`_sql.Select.join` expression, leading to an invalid query.

 .. change::
     :tags: bug, orm, performance, regression
     :tickets: 11085

     Adjusted the fix made in :ticket:`10570`, released in 2.0.23, where new
     logic was added to reconcile possibly changing bound parameter values
     across cache key generations used within the :func:`_orm.with_expression`
     construct.  The new logic changes the approach by which the new bound
     parameter values are associated with the statement, avoiding the need to
     deep-copy the statement which can result in a significant performance
     penalty for very deep / complex SQL constructs.  The new approach no longer
     requires this deep-copy step.

 .. change::
     :tags: bug, asyncio
     :tickets: 8771

     An error is raised if a :class:`.QueuePool` or other non-asyncio pool class
     is passed to :func:`_asyncio.create_async_engine`.  This engine only
     accepts asyncio-compatible pool classes including
     :class:`.AsyncAdaptedQueuePool`. Other pool classes such as
     :class:`.NullPool` are compatible with both synchronous and asynchronous
     engines as they do not perform any locking.

     .. seealso::

         :ref:`pool_api`


 .. change::
     :tags: change, tests

     pytest support in the tox.ini file has been updated to support pytest 8.1.

.. changelog::

2.0.27

:released: February 13, 2024

 .. change::
     :tags: bug, postgresql, regression
     :tickets: 11005

     Fixed regression caused by just-released fix for :ticket:`10863` where an
     invalid exception class were added to the "except" block, which does not
     get exercised unless such a catch actually happens.   A mock-style test has
     been added to ensure this catch is exercised in unit tests.


.. changelog::

2.0.26

:released: February 11, 2024

 .. change::
     :tags: usecase, postgresql, reflection
     :tickets: 10777

     Added support for reflection of PostgreSQL CHECK constraints marked with
     "NO INHERIT", setting the key ``no_inherit=True`` in the reflected data.
     Pull request courtesy Ellis Valentiner.

 .. change::
     :tags: bug, sql
     :tickets: 10843

     Fixed issues in :func:`_sql.case` where the logic for determining the
     type of the expression could result in :class:`.NullType` if the last
     element in the "whens" had no type, or in other cases where the type
     could resolve to ``None``.  The logic has been updated to scan all
     given expressions so that the first non-null type is used, as well as
     to always ensure a type is present.  Pull request courtesy David Evans.

 .. change::
     :tags: bug, mysql
     :tickets: 10850

     Fixed issue where NULL/NOT NULL would not be properly reflected from a
     MySQL column that also specified the VIRTUAL or STORED directives.  Pull
     request courtesy Georg Wicke-Arndt.

 .. change::
     :tags: bug, regression, postgresql
     :tickets: 10863

     Fixed regression in the asyncpg dialect caused by :ticket:`10717` in
     release 2.0.24 where the change that now attempts to gracefully close the
     asyncpg connection before terminating would not fall back to
     ``terminate()`` for other potential connection-related exceptions other
     than a timeout error, not taking into account cases where the graceful
     ``.close()`` attempt fails for other reasons such as connection errors.


 .. change::
     :tags: oracle, bug, performance
     :tickets: 10877

     Changed the default arraysize of the Oracle dialects so that the value set
     by the driver is used, that is 100 at the time of writing for both
     cx_oracle and oracledb. Previously the value was set to 50 by default. The
     setting of 50 could cause significant performance regressions compared to
     when using cx_oracle/oracledb alone to fetch many hundreds of rows over
     slower networks.

 .. change::
     :tags: bug, mysql
     :tickets: 10893

     Fixed issue in asyncio dialects asyncmy and aiomysql, where their
     ``.close()`` method is apparently not a graceful close.  replace with
     non-standard ``.ensure_closed()`` method that's awaitable and move
     ``.close()`` to the so-called "terminate" case.

 .. change::
     :tags: bug, orm
     :tickets: 10896

     Replaced the "loader depth is excessively deep" warning with a shorter
     message added to the caching badge within SQL logging, for those statements
     where the ORM disabled the cache due to a too-deep chain of loader options.
     The condition which this warning highlights is difficult to resolve and is
     generally just a limitation in the ORM's application of SQL caching. A
     future feature may include the ability to tune the threshold where caching
     is disabled, but for now the warning will no longer be a nuisance.

 .. change::
     :tags: bug, orm
     :tickets: 10899

     Fixed issue where it was not possible to use a type (such as an enum)
     within a :class:`_orm.Mapped` container type if that type were declared
     locally within the class body.  The scope of locals used for the eval now
     includes that of the class body itself.  In addition, the expression within
     :class:`_orm.Mapped` may also refer to the class name itself, if used as a
     string or with future annotations mode.

 .. change::
     :tags: usecase, postgresql
     :tickets: 10904

     Support the ``USING <method>`` option for PostgreSQL ``CREATE TABLE`` to
     specify the access method to use to store the contents for the new table.
     Pull request courtesy Edgar Ramírez-Mondragón.

     .. seealso::

         :ref:`postgresql_table_options`

 .. change::
     :tags: bug, examples
     :tickets: 10920

     Fixed regression in history_meta example where the use of
     :meth:`_schema.MetaData.to_metadata` to make a copy of the history table
     would also copy indexes (which is a good thing), but causing naming
     conflicts indexes regardless of naming scheme used for those indexes. A
     "_history" suffix is now added to these indexes in the same way as is
     achieved for the table name.


 .. change::
     :tags: bug, orm
     :tickets: 10967

     Fixed issue where using :meth:`_orm.Session.delete` along with the
     :paramref:`_orm.Mapper.version_id_col` feature would fail to use the
     correct version identifier in the case that an additional UPDATE were
     emitted against the target object as a result of the use of
     :paramref:`_orm.relationship.post_update` on the object.  The issue is
     similar to :ticket:`10800` just fixed in version 2.0.25 for the case of
     updates alone.

 .. change::
     :tags: bug, orm
     :tickets: 10990

     Fixed issue where an assertion within the implementation for
     :func:`_orm.with_expression` would raise if a SQL expression that was not
     cacheable were used; this was a 2.0 regression since 1.4.

 .. change::
     :tags: postgresql, usecase
     :tickets: 9736

     Correctly type PostgreSQL RANGE and MULTIRANGE types as ``Range[T]``
     and ``Sequence[Range[T]]``.
     Introduced utility sequence :class:`_postgresql.MultiRange` to allow better
     interoperability of MULTIRANGE types.

 .. change::
     :tags: postgresql, usecase

     Differentiate between INT4 and INT8 ranges and multi-ranges types when
     inferring the database type from a :class:`_postgresql.Range` or
     :class:`_postgresql.MultiRange` instance, preferring INT4 if the values
     fit into it.

 .. change::
     :tags: bug, typing

     Fixed the type signature for the :meth:`.PoolEvents.checkin` event to
     indicate that the given :class:`.DBAPIConnection` argument may be ``None``
     in the case where the connection has been invalidated.

 .. change::
     :tags: bug, examples

     Fixed the performance example scripts in examples/performance to mostly
     work with the Oracle database, by adding the :class:`.Identity` construct
     to all the tables and allowing primary generation to occur on this backend.
     A few of the "raw DBAPI" cases still are not compatible with Oracle.


 .. change::
     :tags: bug, mssql

     Fixed an issue regarding the use of the :class:`.Uuid` datatype with the
     :paramref:`.Uuid.as_uuid` parameter set to False, when using the pymssql
     dialect. ORM-optimized INSERT statements (e.g. the "insertmanyvalues"
     feature) would not correctly align primary key UUID values for bulk INSERT
     statements, resulting in errors.  Similar issues were fixed for the
     PostgreSQL drivers as well.


 .. change::
     :tags: bug, postgresql

     Fixed an issue regarding the use of the :class:`.Uuid` datatype with the
     :paramref:`.Uuid.as_uuid` parameter set to False, when using PostgreSQL
     dialects. ORM-optimized INSERT statements (e.g. the "insertmanyvalues"
     feature) would not correctly align primary key UUID values for bulk INSERT
     statements, resulting in errors.  Similar issues were fixed for the
     pymssql driver as well.

.. changelog::

2.0.25

:released: January 2, 2024

 .. change::
     :tags: oracle, asyncio
     :tickets: 10679

     Added support for :ref:`oracledb` in asyncio mode, using the newly released
     version of the ``oracledb`` DBAPI that includes asyncio support. For the
     2.0 series, this is a preview release, where the current implementation
     does not yet have include support for
     :meth:`_asyncio.AsyncConnection.stream`. Improved support is planned for
     the 2.1 release of SQLAlchemy.

 .. change::
     :tags: bug, orm
     :tickets: 10800

     Fixed issue where when making use of the
     :paramref:`_orm.relationship.post_update` feature at the same time as using
     a mapper version_id_col could lead to a situation where the second UPDATE
     statement emitted by the post-update feature would fail to make use of the
     correct version identifier, assuming an UPDATE was already emitted in that
     flush which had already bumped the version counter.

 .. change::
     :tags: bug, typing
     :tickets: 10801, 10818

     Fixed regressions caused by typing added to the ``sqlalchemy.sql.functions``
     module in version 2.0.24, as part of :ticket:`6810`:

     * Further enhancements to pep-484 typing to allow SQL functions from
       :attr:`_sql.func` derived elements to work more effectively with ORM-mapped
       attributes (:ticket:`10801`)

     * Fixed the argument types passed to functions so that literal expressions
       like strings and ints are again interpreted correctly (:ticket:`10818`)


 .. change::
     :tags: usecase, orm
     :tickets: 10807

     Added preliminary support for Python 3.12 pep-695 type alias structures,
     when resolving custom type maps for ORM Annotated Declarative mappings.


 .. change::
     :tags: bug, orm
     :tickets: 10815

     Fixed issue where ORM Annotated Declarative would mis-interpret the left
     hand side of a relationship without any collection specified as
     uselist=True if the left type were given as a class and not a string,
     without using future-style annotations.

 .. change::
     :tags: bug, sql
     :tickets: 10817

     Improved compilation of :func:`_sql.any_` / :func:`_sql.all_` in the
     context of a negation of boolean comparison, will now render ``NOT (expr)``
     rather than reversing the equality operator to not equals, allowing
     finer-grained control of negations for these non-typical operators.

.. changelog::

2.0.24

:released: December 28, 2023

 .. change::
     :tags: bug, orm
     :tickets: 10597

     Fixed issue where use of :func:`_orm.foreign` annotation on a
     non-initialized :func:`_orm.mapped_column` construct would produce an
     expression without a type, which was then not updated at initialization
     time of the actual column, leading to issues such as relationships not
     determining ``use_get`` appropriately.


 .. change::
     :tags: bug, schema
     :tickets: 10654

     Fixed issue where error reporting for unexpected schema item when creating
     objects like :class:`_schema.Table` would incorrectly handle an argument
     that was itself passed as a tuple, leading to a formatting error.  The
     error message has been modernized to use f-strings.

 .. change::
     :tags: bug, engine
     :tickets: 10662

     Fixed URL-encoding of the username and password components of
     :class:`.engine.URL` objects when converting them to string using the
     :meth:`_engine.URL.render_as_string` method, by using Python standard
     library ``urllib.parse.quote`` while allowing for plus signs and spaces to
     remain unchanged as supported by SQLAlchemy's non-standard URL parsing,
     rather than the legacy home-grown routine from many years ago. Pull request
     courtesy of Xavier NUNN.

 .. change::
     :tags: bug, orm
     :tickets: 10668

     Improved the error message produced when the unit of work process sets the
     value of a primary key column to NULL due to a related object with a
     dependency rule on that column being deleted, to include not just the
     destination object and column name but also the source column from which
     the NULL value is originating.  Pull request courtesy Jan Vollmer.

 .. change::
     :tags: bug, postgresql
     :tickets: 10717

     Adjusted the asyncpg dialect such that when the ``terminate()`` method is
     used to discard an invalidated connection, the dialect will first attempt
     to gracefully close the connection using ``.close()`` with a timeout, if
     the operation is proceeding within an async event loop context only. This
     allows the asyncpg driver to attend to finalizing a ``TimeoutError``
     including being able to close a long-running query server side, which
     otherwise can keep running after the program has exited.

 .. change::
     :tags: bug, orm
     :tickets: 10732

     Modified the ``__init_subclass__()`` method used by
     :class:`_orm.MappedAsDataclass`, :class:`_orm.DeclarativeBase` and
     :class:`_orm.DeclarativeBaseNoMeta` to accept arbitrary ``**kw`` and to
     propagate them to the ``super()`` call, allowing greater flexibility in
     arranging custom superclasses and mixins which make use of
     ``__init_subclass__()`` keyword arguments.  Pull request courtesy Michael
     Oliver.


 .. change::
     :tags: bug, tests
     :tickets: 10747

     Improvements to the test suite to further harden its ability to run
     when Python ``greenlet`` is not installed.   There is now a tox
     target that includes the token "nogreenlet" that will run the suite
     with greenlet not installed (note that it still temporarily installs
     greenlet as part of the tox config, however).

 .. change::
     :tags: bug, sql
     :tickets: 10753

     Fixed issue in stringify for SQL elements, where a specific dialect is not
     passed,  where a dialect-specific element such as the PostgreSQL "on
     conflict do update" construct is encountered and then fails to provide for
     a stringify dialect with the appropriate state to render the construct,
     leading to internal errors.

 .. change::
     :tags: bug, sql

     Fixed issue where stringifying or compiling a :class:`.CTE` that was
     against a DML construct such as an :func:`_sql.insert` construct would fail
     to stringify, due to a mis-detection that the statement overall is an
     INSERT, leading to internal errors.

 .. change::
     :tags: bug, orm
     :tickets: 10776

     Ensured the use case of :class:`.Bundle` objects used in the
     ``returning()`` portion of ORM-enabled INSERT, UPDATE and DELETE statements
     is tested and works fully.   This was never explicitly implemented or
     tested previously and did not work correctly in the 1.4 series; in the 2.0
     series, ORM UPDATE/DELETE with WHERE criteria was missing an implementation
     method preventing :class:`.Bundle` objects from working.

 .. change::
     :tags: bug, orm
     :tickets: 10784

     Fixed 2.0 regression in :class:`.MutableList` where a routine that detects
     sequences would not correctly filter out string or bytes instances, making
     it impossible to assign a string value to a specific index (while
     non-sequence values would work fine).

 .. change::
     :tags: change, asyncio

     The ``async_fallback`` dialect argument is now deprecated, and will be
     removed in SQLAlchemy 2.1.   This flag has not been used for SQLAlchemy's
     test suite for some time.   asyncio dialects can still run in a synchronous
     style by running code within a greenlet using :func:`_util.greenlet_spawn`.

 .. change::
    :tags: bug, typing
    :tickets: 6810

    Completed pep-484 typing for the ``sqlalchemy.sql.functions`` module.
    :func:`_sql.select` constructs made against ``func`` elements should now
    have filled-in return types.

.. changelog::

2.0.23

:released: November 2, 2023

 .. change::
     :tags: bug, oracle
     :tickets: 10509

     Fixed issue in :class:`.Interval` datatype where the Oracle implementation
     was not being used for DD

[pyup-bot]

Closing this in favor of #378