Skip to content

Comments

Revert "Bump flask from 2.3.3 to 3.1.3"#745

Merged
freakboy3742 merged 1 commit intolektorfrom
revert-744-dependabot/pip/flask-3.1.3
Feb 21, 2026
Merged

Revert "Bump flask from 2.3.3 to 3.1.3"#745
freakboy3742 merged 1 commit intolektorfrom
revert-744-dependabot/pip/flask-3.1.3

Conversation

@freakboy3742
Copy link
Member

@freakboy3742 freakboy3742 commented Feb 21, 2026

Reverts #744

Although there's a Dependabot security issue tied to this, we're not exposed; and we can't update Flask without also updating Werkzeug (amongst other packages). The publication CI pass tied to this PR failed because of that dependency.

/cc @kattni for visibility

@freakboy3742 freakboy3742 merged commit 0270d28 into lektor Feb 21, 2026
@freakboy3742 freakboy3742 deleted the revert-744-dependabot/pip/flask-3.1.3 branch February 21, 2026 09:24
@freakboy3742
Copy link
Member Author

freakboy3742 commented Feb 21, 2026

... and that didn't work either, because Lektor hasn't been updated in so long that it's being bitten by the pkg_resources deprecation bug that setuptools revealed last week.

Lektor has published an 3.3.13 release that I'm guessing is to address this, which I'm guessing will be picked up by dependabot this week. Until that fix lands, we can't deploy updates to the site.

I think all this highlights that getting off Lektor is well overdue. I sure am glad someone did that for us :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@freakboy3742