Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implemented DynamoDBSessionInterface and tests. #214

Merged
merged 13 commits into from
Mar 24, 2024

Conversation

necat1
Copy link

@necat1 necat1 commented Feb 27, 2024

No description provided.

@Lxstr
Copy link
Contributor

Lxstr commented Feb 28, 2024

Thanks for the continued efforts. I think it would be best to not have URL parameter SESSION_DYNAMODB_URL if possible because none of the other backends use it, and it can be used directly in the boto client. Having the table one is good though.

@Lxstr
Copy link
Contributor

Lxstr commented Feb 28, 2024

Also something like this before self.store = client.Table(table_name)?

I'm not sure best way to code this

        # Check if the table exists
        existing_tables = self.client.meta.client.list_tables()["TableNames"]
        if table_name not in existing_tables:
            # Create the table if it does not exist
            self.client.create_table............

@Lxstr
Copy link
Contributor

Lxstr commented Feb 28, 2024

Also regarding this part, why are you passing on attribute error? I would think we want to know if any issues with initialization?

        try:
            client.meta.client.update_time_to_live(
                TableName=self.table_name,
                TimeToLiveSpecification={
                    "Enabled": True,
                    "AttributeName": "expiration",
                },
            )
        except AttributeError:
            pass


def _retrieve_session_data(self, store_id: str) -> Optional[dict]:
# Get the saved session (document) from the database
document = self.store.get_item(Key={"id": store_id})["Item"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to use .get("Value") so no exception is raised

RuntimeWarning,
stacklevel=1,
)
client = boto3.resource("dynamodb", endpoint_url="http://localhost:8000")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also do we need

                region_name="us-west-2",
                aws_access_key_id="dummy",
                aws_secret_access_key="dummy",

@necat1
Copy link
Author

necat1 commented Feb 28, 2024

Also regarding this part, why are you passing on attribute error? I would think we want to know if any issues with initialization?

        try:
            client.meta.client.update_time_to_live(
                TableName=self.table_name,
                TimeToLiveSpecification={
                    "Enabled": True,
                    "AttributeName": "expiration",
                },
            )
        except AttributeError:
            pass

When TTL index is already added to table dynamodb client raises an error next time its called, and i don't know a way to explixitly check if index is added, although i can do some research.

@necat1
Copy link
Author

necat1 commented Feb 28, 2024

Also something like this before self.store = client.Table(table_name)?

I'm not sure best way to code this

        # Check if the table exists
        existing_tables = self.client.meta.client.list_tables()["TableNames"]
        if table_name not in existing_tables:
            # Create the table if it does not exist
            self.client.create_table............

I will look into this, i think boto3 supports this.

@necat1
Copy link
Author

necat1 commented Feb 28, 2024

Thanks for the continued efforts. I think it would be best to not have URL parameter SESSION_DYNAMODB_URL if possible because none of the other backends use it, and it can be used directly in the boto client. Having the table one is good though.

Thanks for comprehensive review. boto3 doesn't have default connections. The alternative here is to have hardcoded URL when user doesn't provide client.

@necat1
Copy link
Author

necat1 commented Feb 28, 2024

Thanks for the continued efforts. I think it would be best to not have URL parameter SESSION_DYNAMODB_URL if possible because none of the other backends use it, and it can be used directly in the boto client. Having the table one is good though.

Thanks for comprehensive review. boto3 doesn't have default connections. The alternative here is to have hardcoded URL when user doesn't provide client.

Or maybe just use default value from defaults without parametrizing SessionInterface?

client.meta.client.update_time_to_live(
TableName=self.table_name,
TimeToLiveSpecification={
"Enabled": True,
"AttributeName": "expiration",
},
)
except AttributeError:
except (AttributeError, client.meta.client.exceptions.ResourceInUseException):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@Lxstr
Copy link
Contributor

Lxstr commented Feb 29, 2024

Thanks for the continued efforts. I think it would be best to not have URL parameter SESSION_DYNAMODB_URL if possible because none of the other backends use it, and it can be used directly in the boto client. Having the table one is good though.

Thanks for comprehensive review. boto3 doesn't have default connections. The alternative here is to have hardcoded URL when user doesn't provide client.

I mean instead you should pass the instance like SESSION_DYNAMODB = boto3.resource(
"dynamodb",
endpoint_url="http://localhost:8000", etc)

@Lxstr
Copy link
Contributor

Lxstr commented Feb 29, 2024

Also the CI tests are working, maybe add

name: Run unittests
on: [push, pull_request]
jobs:
    unittests:
        runs-on: ubuntu-latest
        services:
            mongodb:
                image: mongo
                ports:
                    - 27017:27017
            dynamodb:
                image: amazon/dynamodb-local
                ports:
                    - 8000:8000
        steps:
...

@Lxstr
Copy link
Contributor

Lxstr commented Feb 29, 2024

Thanks for the continued efforts. I think it would be best to not have URL parameter SESSION_DYNAMODB_URL if possible because none of the other backends use it, and it can be used directly in the boto client. Having the table one is good though.

Thanks for comprehensive review. boto3 doesn't have default connections. The alternative here is to have hardcoded URL when user doesn't provide client.

I mean instead you should pass the instance like SESSION_DYNAMODB = boto3.resource( "dynamodb", endpoint_url="http://localhost:8000", etc)

Yeah long story short, I think it's fine to just have the port 800 hardcoded into the default client and remove url: str = Defaults.SESSION_DYNAMODB_URL. This will make it the same as all of the other backends.

@Lxstr
Copy link
Contributor

Lxstr commented Feb 29, 2024

Also lets compare to cachelib backend, which will be very similar: https://github.com/pallets-eco/cachelib/blob/main/src/cachelib/dynamodb.py

@necat1
Copy link
Author

necat1 commented Feb 29, 2024

Great suggestions! I will have time to work on this on weekend.

@Lxstr Lxstr deleted the branch pallets-eco:development March 18, 2024 15:19
@Lxstr Lxstr closed this Mar 18, 2024
@Lxstr Lxstr reopened this Mar 19, 2024
@Lxstr
Copy link
Contributor

Lxstr commented Mar 19, 2024

@necat1 I noticed the use BillingMode="PAY_PER_REQUEST", instead of throughput in cachelib, should we do that?

They also use table.wait_until_exists() and table.load(). Not sure if we need those.

https://github.com/pallets-eco/cachelib/blob/main/src/cachelib/dynamodb.py

@Lxstr
Copy link
Contributor

Lxstr commented Mar 19, 2024

I'm thinking we don't need either

BillingMode="PAY_PER_REQUEST"

or

        read_capacity: int = Defaults.SESSION_DYNAMODB_READ,
        write_capacity: int = Defaults.SESSION_DYNAMODB_WRITE,

The user could switch using AWS Management Console, AWS CLI, or programatically

dynamodb.update_table(
        TableName=table_name,
        BillingMode='PAY_PER_REQUEST'
    )

This would simplify things a fair bit for us

@Lxstr Lxstr merged commit f8f5ad1 into pallets-eco:development Mar 24, 2024
7 checks passed
"AttributeName": "expiration",
},
)
except (AttributeError, client.meta.client.exceptions.ResourceInUseException):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there may be a problem here:

Scenario:

  • Running inside a real environment, trying to use existing table.
  • The instance or whatever is running this code doesn't have dynamodb:CreateTable or dynamodb:UpdateTimeToLive or dynamodb:Describe/GetTable permissions
  • I'd expect an access denied error in this case, because it doesn't even get to the point of checking if the table exists etc.
  • This except probably doesn't handle that.

This means we'd have to give whichever resource is running this permission to use the CreateTable etc. APIs even though we want to use an existing table. Not ideal from a security perspective.

(Purely theoretical at this point, but I'm fairly certain this is what would happen)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair point, seems more reasonable to check if the table exists before the try, is that what you would suggest? Could you add a PR to development?

Copy link
Contributor

@MauriceBrg MauriceBrg Apr 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From a security perspective I'd prefer that the implementation can work with minimal permissions, in this case:

  • dynamodb:DeleteItem
  • dynamodb:GetItem
  • dynamodb:UpdateItem

This would be sufficient for read and write access to a properly configured table.

All this table and TTL management is something that we usually like to handle through Infrastructure as Code. Many companies also require additional configuration regarding backups, etc.

Having the option of doing that through flask-session is nice for convenience, but IMO a bit too much magic that happens by default.

I'd prefer an create_table flag or something like that, which is should be disabled by default.
If we find a good approach that balances different requirements I may be able to add a PR.


Got distracted and forgot the middle part :D

I'd prefer to handle the non-existence of a table when we try to write to it/read from it. The ask for forgiveness instead of approval approach - that requires fewer API calls and AWS permissions.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see what you mean. I think the first step would be to factor out the creation into a single method on each interface. Similar to what is done here https://github.com/kroketio/quart-session/blob/master/quart_session/sessions.py.This could then be easily subclassed to skip the method (maybe like 3 lines of code).

The second step would be adding the config setting for all interfaces, which I am less sure of (adding more settings) unless there is a bit of demand or discussing with the team.

I think if the first was done neatly it would be merged quickly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm currently looking into this, but I'm not super familiar with the codebase yet.

My approach would be to:

  1. Refactor DynamoDBSessionInterface to have the create table logic as a separate function
  2. Create a subclass ExistingDynamoDBTableSessionInterface that skips the create logic
  3. Add a SESSION_TYPE existing_dynamodb_table to flask_session/__init__.py that uses 2)
  4. Tests, obviously

This would result in there being two DynamoDB varieties for the SESSION_TYPE.
That would make this implementation different from the others.

I'm considering another optional flag to the constructor of DynamoDBSessionInterface, something like table_already_exists (Default: False), which would skip the create function.
This would probably require another DynamoDB parameter, e.g. SESSION_DYNAMODB_TABLE_ALREADY_EXISTS.

Not sure what is a better approach, any thoughts @Lxstr ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can simplify a bit

Step 1 is good.

This is already done for postgresql (impending PR) but would also need to be done for SQLAlchemy and the base class

Steps 2 and 3 can be instead adding the flag SESSION_TABLE_EXISTS

Base class should look something like:

class ServerSideSessionInterface(FlaskSessionInterface, ABC):
    ...

    def __init__(... session_table_exists: Optional[bool] = Defaults.SESSION_TABLE_EXISTS,):
        ...
        if not session_table_exists:
            self._create_schema_and_table()

    def _create_schema_and_table():
        pass

Tests would be great

Does that make sense?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good to me, I've added a variation of that as a PR: #237

DanielTsiang pushed a commit to DanielTsiang/traffic-sign-classifier that referenced this pull request May 1, 2024
…in /services/flask (#75)

Updates the requirements on
[flask-session](https://github.com/pallets-eco/flask-session) to permit
the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets-eco/flask-session/releases">flask-session's
releases</a>.</em></p>
<blockquote>
<h2>0.8.0</h2>
<p>Add DynamodDB backend and other minor fixes.</p>
<p>Full release notes: <a
href="https://flask-session.readthedocs.io/en/latest/changes.html#id1">https://flask-session.readthedocs.io/en/latest/changes.html#id1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets-eco/flask-session/blob/development/CHANGES.rst">flask-session's
changelog</a>.</em></p>
<blockquote>
<h2>0.8.0 - 2024-03-26</h2>
<p>Added</p>
<pre><code>- Add DynamoDB session interface
(`[#214](pallets-eco/flask-session#214)
&lt;https://github.com/pallets-eco/flask-session/pull/214&gt;`_).
- Add ability to install client libraries for backends using optional
dependencies (extras)
(`[#228](pallets-eco/flask-session#228)
&lt;https://github.com/pallets-eco/flask-session/pull/228&gt;`_).
<p>Fixed</p>
<pre><code>- Include prematurely removed ``cachelib`` dependency. Will
be removed in 1.0.0 to be an optional dependency
(`[#223](pallets-eco/flask-session#223)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/223&amp;gt;`_).


0.7.0 - 2024-03-18
------------------

Changed
&lt;/code&gt;&lt;/pre&gt;
&lt;ul&gt;
&lt;li&gt;Access session interfaces via subfolder, for example
&lt;code&gt;flask_session.redis.RedisSessionInterface&lt;/code&gt;
(&lt;code&gt;2bc7df
&amp;lt;pallets-eco/flask-session@2bc7df1be7b8929e55cb25f13845caf0503630d8&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;li&gt;Deprecate &lt;code&gt;pickle&lt;/code&gt; in favor of
&lt;code&gt;msgspec&lt;/code&gt;, which is configured with
&lt;code&gt;SESSION_SERIALIZATION_FORMAT&lt;/code&gt; to choose between
&lt;code&gt;'json'&lt;/code&gt; and &lt;code&gt;'msgpack'&lt;/code&gt;.
All sessions will convert to msgspec upon first interaction with 0.7.0.
Pickle is still available to read existing sessions, but will be removed
in 1.0.0. (&lt;code&gt;c7f8ce
&amp;lt;pallets-eco/flask-session@c7f8ced0e1532dea87850d34b3328a3fcb769988&amp;gt;&lt;/code&gt;&lt;em&gt;,
&lt;code&gt;c7f8ce
&amp;lt;pallets-eco/flask-session@c7f8ced0e1532dea87850d34b3328a3fcb769988&amp;gt;&lt;/code&gt;&lt;/em&gt;)&lt;/li&gt;
&lt;li&gt;Deprecate &lt;code&gt;SESSION_USE_SIGNER&lt;/code&gt;
(&lt;code&gt;a5dba7
&amp;lt;pallets-eco/flask-session@a5dba7022f806c8fb4412d0428b69dd4a077e4a7&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;li&gt;Deprecate
:class:&lt;code&gt;flask_session.filesystem.FileSystemSessionInterface&lt;/code&gt;
in favor of the broader
:class:&lt;code&gt;flask_session.cachelib.CacheLibSessionInterface&lt;/code&gt;
(&lt;code&gt;2bc7df
&amp;lt;pallets-eco/flask-session@2bc7df1be7b8929e55cb25f13845caf0503630d8&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Added&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;- Add time-to-live expiration for MongoDB
(`9acee3
&amp;lt;https://github.com/pallets-eco/flask-session/commit/9acee3c5fb7072476f3feea923529d19d5e855c3&amp;gt;`_).
- Add retry for SQL based storage
(`[#211](pallets-eco/flask-session#211)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/211&amp;gt;`_).
- Add ``flask session_cleanup`` command and alternatively,
``SESSION_CLEANUP_N_REQUESTS`` for SQLAlchemy or future non-TTL backends
(`[#211](pallets-eco/flask-session#211)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/211&amp;gt;`_).
- Add type hints (`7d7d58
&amp;lt;https://github.com/pallets-eco/flask-session/commit/7d7d58ce371553da39095a421445cf639a62bd5f&amp;gt;`_).
-   Add logo and additional documentation.
- Add vary cookie header when session modified or accessed as per
flask's built-in session (`7ab698
&amp;lt;https://github.com/pallets-eco/flask-session/commit/7ab6980c8ba15912df13dd1e78242803e8104dd6&amp;gt;`_).
- Add regenerate method to session interface to mitigate fixation
(`[#27](pallets-eco/flask-session#27)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/27&amp;gt;`_,
`[#39](pallets-eco/flask-session#39)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/39&amp;gt;`_)(`80df63
&amp;lt;https://github.com/pallets-eco/flask-session/commit/80df635ffd466fa7798f6031be5469b4d5dae069&amp;gt;`_).

Removed
&lt;/code&gt;&lt;/pre&gt;
&lt;ul&gt;
&lt;li&gt;Remove null session in favour of relevant exception messages
(&lt;code&gt;[#107](pallets-eco/flask-session#107)
&amp;lt;pallets-eco/flask-session#107;,
&lt;code&gt;[#182](pallets-eco/flask-session#182)
&amp;lt;pallets-eco/flask-session#182
&amp;lt;pallets-eco/flask-session@d7ed1c6e7eb3904888b72f0d6c006db1b9b60795&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;li&gt;Drop support for Python 3.7 which is end-of-life and precludes
use of msgspec (&lt;code&gt;bd7e5b
&amp;lt;pallets-eco/flask-session@bd7e5b0bbfc10cdfa9c83b859593c69cc4381571&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Fixed&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;- Prevent session identifier reuse on storage
miss (`[#76](pallets-eco/flask-session#76)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/76&amp;gt;`_).
-   Abstraction to improve consistency between backends.
- Enforce ``PERMANENT_SESSION_LIFETIME`` as expiration consistently for
all backends
(`[#81](pallets-eco/flask-session#81)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/81&amp;gt;`_)(`86895b
&amp;lt;https://github.com/pallets-eco/flask-session/commit/86895b523203ca67c9f87416bdbf028852dcb357&amp;gt;`_).
- Specifically include backend session interfaces in public API and
document usage
(`[#210](pallets-eco/flask-session#210)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/210&amp;gt;`_).
- Fix non-permanent sessions not updating expiry
(`[#221](pallets-eco/flask-session#221)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/221&amp;gt;`_).


0.6.0 - 2024-01-16
------------------

&amp;lt;/tr&amp;gt;&amp;lt;/table&amp;gt; 
&lt;/code&gt;&lt;/pre&gt;
&lt;/blockquote&gt;
&lt;p&gt;... (truncated)&lt;/p&gt;
&lt;/details&gt;
&lt;details&gt;
&lt;summary&gt;Commits&lt;/summary&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@65c05eae0e6d679047394b39a8d6e2bce8195ac3&quot;&gt;&lt;code&gt;65c05ea&lt;/code&gt;&lt;/a&gt;
Prep release&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@475cc038376d4d5c2949edf7751a61ed64b7f33c&quot;&gt;&lt;code&gt;475cc03&lt;/code&gt;&lt;/a&gt;
Merge branch 'erik' into development&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@1af5cb223bcb4bb556cf8b49e803700ac332ab89&quot;&gt;&lt;code&gt;1af5cb2&lt;/code&gt;&lt;/a&gt;
Remind the correct PR branch&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@b7a219bcac97e74276d8e419e6174aea2c4ffdad&quot;&gt;&lt;code&gt;b7a219b&lt;/code&gt;&lt;/a&gt;
Reduce documentation and remove filesystem extra&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@6c9a698b61ead380988ba4b69b0f161de47e1886&quot;&gt;&lt;code&gt;6c9a698&lt;/code&gt;&lt;/a&gt;
Fix docs announcement overflow&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@f8f5ad15f787c5b30b663f84883ad2c8108b8314&quot;&gt;&lt;code&gt;f8f5ad1&lt;/code&gt;&lt;/a&gt;
implemented DynamoDBSessionInterface and tests. (&lt;a
href=&quot;https://redirect.github.com/pallets-eco/flask-session/issues/214&quot;&gt;#214&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@5a3413b9b1d67a4116404f23022b58326a60fbdf&quot;&gt;&lt;code&gt;5a3413b&lt;/code&gt;&lt;/a&gt;
Add changelog and contributor&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@17369528b45d9b5a59003ec006ede35ced40f694&quot;&gt;&lt;code&gt;1736952&lt;/code&gt;&lt;/a&gt;
Fix docs requirements&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@a92914ed1196acc2eab4d562996ac944413fb19c&quot;&gt;&lt;code&gt;a92914e&lt;/code&gt;&lt;/a&gt;
Add docs&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@ab9a756a18de87033cf6d3b2d86c6dc46e006800&quot;&gt;&lt;code&gt;ab9a756&lt;/code&gt;&lt;/a&gt;
Tidy up dynamo db, add docker and requirements&lt;/li&gt;
&lt;li&gt;Additional commits viewable in &lt;a
href=&quot;pallets-eco/flask-session@0.6.1rc1...0.8.0&quot;&gt;compare
view&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/details&gt;

&lt;br /&gt;
</code></pre>


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
DanielTsiang pushed a commit to DanielTsiang/traffic-sign-classifier that referenced this pull request May 1, 2024
…in /services/flask (#75)

Updates the requirements on
[flask-session](https://github.com/pallets-eco/flask-session) to permit
the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets-eco/flask-session/releases">flask-session's
releases</a>.</em></p>
<blockquote>
<h2>0.8.0</h2>
<p>Add DynamodDB backend and other minor fixes.</p>
<p>Full release notes: <a
href="https://flask-session.readthedocs.io/en/latest/changes.html#id1">https://flask-session.readthedocs.io/en/latest/changes.html#id1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets-eco/flask-session/blob/development/CHANGES.rst">flask-session's
changelog</a>.</em></p>
<blockquote>
<h2>0.8.0 - 2024-03-26</h2>
<p>Added</p>
<pre><code>- Add DynamoDB session interface
(`[#214](pallets-eco/flask-session#214)
&lt;https://github.com/pallets-eco/flask-session/pull/214&gt;`_).
- Add ability to install client libraries for backends using optional
dependencies (extras)
(`[#228](pallets-eco/flask-session#228)
&lt;https://github.com/pallets-eco/flask-session/pull/228&gt;`_).
<p>Fixed</p>
<pre><code>- Include prematurely removed ``cachelib`` dependency. Will
be removed in 1.0.0 to be an optional dependency
(`[#223](pallets-eco/flask-session#223)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/223&amp;gt;`_).


0.7.0 - 2024-03-18
------------------

Changed
&lt;/code&gt;&lt;/pre&gt;
&lt;ul&gt;
&lt;li&gt;Access session interfaces via subfolder, for example
&lt;code&gt;flask_session.redis.RedisSessionInterface&lt;/code&gt;
(&lt;code&gt;2bc7df
&amp;lt;pallets-eco/flask-session@2bc7df1be7b8929e55cb25f13845caf0503630d8&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;li&gt;Deprecate &lt;code&gt;pickle&lt;/code&gt; in favor of
&lt;code&gt;msgspec&lt;/code&gt;, which is configured with
&lt;code&gt;SESSION_SERIALIZATION_FORMAT&lt;/code&gt; to choose between
&lt;code&gt;'json'&lt;/code&gt; and &lt;code&gt;'msgpack'&lt;/code&gt;.
All sessions will convert to msgspec upon first interaction with 0.7.0.
Pickle is still available to read existing sessions, but will be removed
in 1.0.0. (&lt;code&gt;c7f8ce
&amp;lt;pallets-eco/flask-session@c7f8ced0e1532dea87850d34b3328a3fcb769988&amp;gt;&lt;/code&gt;&lt;em&gt;,
&lt;code&gt;c7f8ce
&amp;lt;pallets-eco/flask-session@c7f8ced0e1532dea87850d34b3328a3fcb769988&amp;gt;&lt;/code&gt;&lt;/em&gt;)&lt;/li&gt;
&lt;li&gt;Deprecate &lt;code&gt;SESSION_USE_SIGNER&lt;/code&gt;
(&lt;code&gt;a5dba7
&amp;lt;pallets-eco/flask-session@a5dba7022f806c8fb4412d0428b69dd4a077e4a7&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;li&gt;Deprecate
:class:&lt;code&gt;flask_session.filesystem.FileSystemSessionInterface&lt;/code&gt;
in favor of the broader
:class:&lt;code&gt;flask_session.cachelib.CacheLibSessionInterface&lt;/code&gt;
(&lt;code&gt;2bc7df
&amp;lt;pallets-eco/flask-session@2bc7df1be7b8929e55cb25f13845caf0503630d8&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Added&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;- Add time-to-live expiration for MongoDB
(`9acee3
&amp;lt;https://github.com/pallets-eco/flask-session/commit/9acee3c5fb7072476f3feea923529d19d5e855c3&amp;gt;`_).
- Add retry for SQL based storage
(`[#211](pallets-eco/flask-session#211)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/211&amp;gt;`_).
- Add ``flask session_cleanup`` command and alternatively,
``SESSION_CLEANUP_N_REQUESTS`` for SQLAlchemy or future non-TTL backends
(`[#211](pallets-eco/flask-session#211)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/211&amp;gt;`_).
- Add type hints (`7d7d58
&amp;lt;https://github.com/pallets-eco/flask-session/commit/7d7d58ce371553da39095a421445cf639a62bd5f&amp;gt;`_).
-   Add logo and additional documentation.
- Add vary cookie header when session modified or accessed as per
flask's built-in session (`7ab698
&amp;lt;https://github.com/pallets-eco/flask-session/commit/7ab6980c8ba15912df13dd1e78242803e8104dd6&amp;gt;`_).
- Add regenerate method to session interface to mitigate fixation
(`[#27](pallets-eco/flask-session#27)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/27&amp;gt;`_,
`[#39](pallets-eco/flask-session#39)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/39&amp;gt;`_)(`80df63
&amp;lt;https://github.com/pallets-eco/flask-session/commit/80df635ffd466fa7798f6031be5469b4d5dae069&amp;gt;`_).

Removed
&lt;/code&gt;&lt;/pre&gt;
&lt;ul&gt;
&lt;li&gt;Remove null session in favour of relevant exception messages
(&lt;code&gt;[#107](pallets-eco/flask-session#107)
&amp;lt;pallets-eco/flask-session#107;,
&lt;code&gt;[#182](pallets-eco/flask-session#182)
&amp;lt;pallets-eco/flask-session#182
&amp;lt;pallets-eco/flask-session@d7ed1c6e7eb3904888b72f0d6c006db1b9b60795&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;li&gt;Drop support for Python 3.7 which is end-of-life and precludes
use of msgspec (&lt;code&gt;bd7e5b
&amp;lt;pallets-eco/flask-session@bd7e5b0bbfc10cdfa9c83b859593c69cc4381571&amp;gt;&lt;/code&gt;_).&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Fixed&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;- Prevent session identifier reuse on storage
miss (`[#76](pallets-eco/flask-session#76)
&amp;lt;https://github.com/pallets-eco/flask-session/pull/76&amp;gt;`_).
-   Abstraction to improve consistency between backends.
- Enforce ``PERMANENT_SESSION_LIFETIME`` as expiration consistently for
all backends
(`[#81](pallets-eco/flask-session#81)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/81&amp;gt;`_)(`86895b
&amp;lt;https://github.com/pallets-eco/flask-session/commit/86895b523203ca67c9f87416bdbf028852dcb357&amp;gt;`_).
- Specifically include backend session interfaces in public API and
document usage
(`[#210](pallets-eco/flask-session#210)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/210&amp;gt;`_).
- Fix non-permanent sessions not updating expiry
(`[#221](pallets-eco/flask-session#221)
&amp;lt;https://github.com/pallets-eco/flask-session/issues/221&amp;gt;`_).


0.6.0 - 2024-01-16
------------------

&amp;lt;/tr&amp;gt;&amp;lt;/table&amp;gt; 
&lt;/code&gt;&lt;/pre&gt;
&lt;/blockquote&gt;
&lt;p&gt;... (truncated)&lt;/p&gt;
&lt;/details&gt;
&lt;details&gt;
&lt;summary&gt;Commits&lt;/summary&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@65c05eae0e6d679047394b39a8d6e2bce8195ac3&quot;&gt;&lt;code&gt;65c05ea&lt;/code&gt;&lt;/a&gt;
Prep release&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@475cc038376d4d5c2949edf7751a61ed64b7f33c&quot;&gt;&lt;code&gt;475cc03&lt;/code&gt;&lt;/a&gt;
Merge branch 'erik' into development&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@1af5cb223bcb4bb556cf8b49e803700ac332ab89&quot;&gt;&lt;code&gt;1af5cb2&lt;/code&gt;&lt;/a&gt;
Remind the correct PR branch&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@b7a219bcac97e74276d8e419e6174aea2c4ffdad&quot;&gt;&lt;code&gt;b7a219b&lt;/code&gt;&lt;/a&gt;
Reduce documentation and remove filesystem extra&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@6c9a698b61ead380988ba4b69b0f161de47e1886&quot;&gt;&lt;code&gt;6c9a698&lt;/code&gt;&lt;/a&gt;
Fix docs announcement overflow&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@f8f5ad15f787c5b30b663f84883ad2c8108b8314&quot;&gt;&lt;code&gt;f8f5ad1&lt;/code&gt;&lt;/a&gt;
implemented DynamoDBSessionInterface and tests. (&lt;a
href=&quot;https://redirect.github.com/pallets-eco/flask-session/issues/214&quot;&gt;#214&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@5a3413b9b1d67a4116404f23022b58326a60fbdf&quot;&gt;&lt;code&gt;5a3413b&lt;/code&gt;&lt;/a&gt;
Add changelog and contributor&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@17369528b45d9b5a59003ec006ede35ced40f694&quot;&gt;&lt;code&gt;1736952&lt;/code&gt;&lt;/a&gt;
Fix docs requirements&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@a92914ed1196acc2eab4d562996ac944413fb19c&quot;&gt;&lt;code&gt;a92914e&lt;/code&gt;&lt;/a&gt;
Add docs&lt;/li&gt;
&lt;li&gt;&lt;a
href=&quot;pallets-eco/flask-session@ab9a756a18de87033cf6d3b2d86c6dc46e006800&quot;&gt;&lt;code&gt;ab9a756&lt;/code&gt;&lt;/a&gt;
Tidy up dynamo db, add docker and requirements&lt;/li&gt;
&lt;li&gt;Additional commits viewable in &lt;a
href=&quot;pallets-eco/flask-session@0.6.1rc1...0.8.0&quot;&gt;compare
view&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/details&gt;

&lt;br /&gt;
</code></pre>


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants