Flask failing to startup due to Jinja2 breaking change
jamesL92 opened this issue ยท 17 comments
This issue tracker is a tool to address bugs in Flask itself. Please use
Pallets Discord or Stack Overflow for questions about your own code.
Since Jinja2 version 3.1.0 was released yesterday, Flask is failing to startup.
Describe how to replicate the bug.
Run a basic flask app, it fails to start up with the following traceback:
Traceback (most recent call last):
File "application.py", line 1, in <module>
from flask import Flask, Response, jsonify, request
File "/usr/local/lib/python3.8/site-packages/flask/__init__.py", line 14, in <module>
from jinja2 import escape
ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.8/site-packages/jinja2/__init__.py)
Describe the expected behavior that should have happened but didn't.
Application starts up successfully.
Pinning Jinja to 3.0.3 bypasses this issue for us for now, but there's a breaking change there somewhere that will need to be fixed in Flask itself.
Environment:
- Python version: 3.8.8
- Flask version: 1.1.2
Noticed that flask 2.0.x doesn't have this issue, but may want to backfix if Flask 1.1.x is still being supported with patch fixes
You are using an unsupported version of Flask, please update to the latest version if possible. Additionally, please use a tool like pip-tools to pin your dependencies and control when you get updates. Be sure to run your tests with deprecation warnings treated as errors so that you get notified of these types of changes early.
You are using an unsupported version of Flask, please update to the latest version if possible. Additionally, please use a tool like pip-tools to pin your dependencies and control when you get updates. Be sure to run your tests with deprecation warnings treated as errors so that you get notified of these types of changes early.
@davidism how do you use pip-tools to pin the version?
When installing your dependencies you just specify them without versions (in requirements.in) and then use pip-compile to build a requirements.txt with pinned version numbers.
Then those version numbers will stay until you do an explicit pip-compile -U to update the pinned versions (all at once) - and that that point you'd obviously test your application to make sure nothing is broken.
(When doing all this after the fact (ie now) you'll of course have a harder time because now you aren't at a point in time where you can't just use "latest version of everything" and not encounter problems.)
How can we keep using Flask==1.1.1? We have an entire app built on it that will take a significant time to refac for Flask 2.x.
As someone maintaining a large Flask-based project, I don't think it will take you a "significant time" to make it compatible with Flask 2.0, unless you are still on Python 2.7 of course..
Anyway, just pin Flask's transitive dependencies to older versions that still work...
As someone maintaining a large Flask-based project, I don't think it will take you a "significant time" to make it compatible with Flask 2.0, unless you are still on Python 2.7 of course..
Anyway, just pin Flask's transitive dependencies to older versions that still work...
How can I pin it to Jinja2==3.0.3? This is something that happens under the hood when Flask installs via requirements.txt into a docker container.
To be specific, the error is coming from flask.cli:
File "manage.py", line 5, in <module>
from flask.cli import FlaskGroup
File "/usr/local/lib/python3.8/site-packages/flask/__init__.py", line 14, in <module>
from jinja2 import escape
ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.8/site-packages/jinja2/__init__.py)
You need to add it as an explicit dependency
You need to add it as an explicit dependency
I have done that, and it does not work, see reqs.txt here:
Jinja2==3.0.3
itsdangerous==2.0.1
Flask==1.1.1
it works for me
You need to add it as an explicit dependency
I have done that, and it does not work, see reqs.txt here:
Jinja2==3.0.3 itsdangerous==2.0.1 Flask==1.1.1
Pip uninstall packages, then re-install worked for me
after pinning Jinja2 to 3.0.3, there encounter another error..
from werkzeug.wrappers import BaseResponse
ImportError: cannot import name 'BaseResponse' from 'werkzeug.wrappers'
and my requirements.txt is
Jinja2==3.0.3 Flask==1.1.2
after pinning Jinja2 to 3.0.3, there encounter another error..
from werkzeug.wrappers import BaseResponse ImportError: cannot import name 'BaseResponse' from 'werkzeug.wrappers'and my requirements.txt isJinja2==3.0.3 Flask==1.1.2
Jinja2==3.0.3
werkzeug==2.0.2
Adding these 2 will resolve the issue
It worked for me
after pinning Jinja2 to 3.0.3, there encounter another error..
from werkzeug.wrappers import BaseResponse ImportError: cannot import name 'BaseResponse' from 'werkzeug.wrappers'and my requirements.txt is
Jinja2==3.0.3 Flask==1.1.2
I ran into the exact same error today, does anyone know what is causing this issue?
after pinning Jinja2 to 3.0.3, there encounter another error..
from werkzeug.wrappers import BaseResponse ImportError: cannot import name 'BaseResponse' from 'werkzeug.wrappers'and my requirements.txt isJinja2==3.0.3 Flask==1.1.2Jinja2==3.0.3 werkzeug==2.0.2 Adding these 2 will resolve the issue It worked for me
using the above mentioned library versions did resolve this issue, but I am just curious as to what caused this error in the first palce
using the above mentioned library versions did resolve this issue, but I am just curious as to what caused this error in the first palce
You are using an outdated version of Flask, and newer versions of Werkzeug have changed in a way that breaks compatibility with that version.
In the future, please ask for help in the Discussions or the Pallets Discord
i am still having this issue with the latest version of Flask
You really aren't, as that has changed in the latest version.
Please ask for further help in the Discord or discussions on this repo.
Can you please stop introducing breaking changes in minor versions ?
And yeah, I know about the pamphlet about "SemVer will not save you", which by the way states the problem is people incorrectly using SemVer. Only the article talks about people doing it accidentally while you're doing it on purpose.