chore(multiple samples) Updating dependencies for Wergzeug and Flask#14195
chore(multiple samples) Updating dependencies for Wergzeug and Flask#14195XrossFox wants to merge 3 commits into
Conversation
security alerts,
product-auto-label
Bot
added
samples
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates Flask to version 3.1.3 and Werkzeug to version 3.1.8 across numerous sample applications, generally restricting support to Python 3.9 and above. The review feedback identifies several critical issues: first, upgrading Werkzeug to 3.x while leaving Flask pinned at 2.x in several constraints and test files will cause runtime ImportErrors due to removed APIs. Second, the upgrade will break the websockets sample because Flask-Sockets is incompatible with Flask 2.0+. Finally, the changes introduce inconsistencies in migration samples by dropping support for older Python versions for Flask/Werkzeug while retaining legacy pins for other dependencies, potentially breaking the samples for users in those environments.
1 participant
Description
This PR attempts to update all instances of Werkzeug and Flask, since they are commonly used together. With the extra addition of a few airflow samples that use both frameworks in their constraint.txt. The goal is to fix all dependabot security alerts. Failing pipelines that are not because this dependency update shall be addressed in a different, individual PR per failure.
Note: noxfile_configuration files for some of these samples where modified in #14147, so it's a good idea to merge that PR first.
fixes b/514791011
failures will be documented in b/514353082
Checklist
nox -s py-3.9(see Test Environment Setup)nox -s lint(see Test Environment Setup)