chore(deps): update dependency flask to v2

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
flask (changelog)	==1.1.2 -> ==2.1.2

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox. ⚠ Warning: custom changes will be lost.

---

This PR has been generated by Mend Renovate. View repository job log here.

[Shabirmean]

@NimJay This too is a major version bump. So probably there are breaking changes. Should we add it to an ignore list?

[mathieu-benoit]

Hi @Shabirmean and @NimJay, what about give it a try with the CI? Assuming that if the app deployed in staging by CI is working successfully, that should be it, right?

I see that the CI is raising an issue:

ERROR: Cannot install -r requirements.txt (line 19) and itsdangerous==1.1.0 because these package versions have conflicting dependencies.
The conflict is caused by:
    The user requested itsdangerous==1.1.0
    flask 2.1.2 depends on itsdangerous>=2.0

Resolving this flask dependency will also resolve the itsdangerous dependency :)

[Shabirmean]

Hi Shabir Mohamed Abdul Samadh and Nim Jayawardena, what about give it a try with the CI? Assuming that if the app deployed in staging by CI is working successfully, that should be it, right?

I see that the CI is raising an issue:

ERROR: Cannot install -r requirements.txt (line 19) and itsdangerous==1.1.0 because these package versions have conflicting dependencies.
The conflict is caused by:
    The user requested itsdangerous==1.1.0
    flask 2.1.2 depends on itsdangerous>=2.0

Resolving this flask dependency will also resolve the itsdangerous dependency :)

Hello @mathieu-benoit

That's correct Mathieu, if the CI passes then we can let it go. But like we notice it doesn't seem to like the change and we might have to take it up separately and fix the dependencies and validate before allowing renovate to do it. So it depends on how easy/important it is for the sample app to have this version updated.

[NimJay]

Shabir, good point about effort required (i.e., is updating flask to v2 worth the effort).
I think the whole point of adopting Renovate Bot is to minimize manual work related to dependencies — so let's close this PR for now.

I've also ticked "chore(deps): update dependency locust to v2" in #728. That is, I've asked Renovate Bot to update locust from v1 to v2.
Since flask is a transitive dependency of locust, I think we should start by trying to update locust first. 🤞 Hoping it's a breeze.

[forking-renovate]

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 2.x releases. However, if you upgrade to 2.x manually then Renovate will reenable minor and patch updates automatically.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.