Just released Werkzeug 3.0.3 with a security fix for a high vulnerability. If an attacker can get you to interact with their domain, and can guess a route in your app that raises an exception, and you're running the debbuger, they can use the fact that public DNS can point to 127.0.0.1 to execute code through the debugger running on localhost. https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985#Python#Flask#Werkzeug
I'll be presenting a new talk, "Magical (or not) GraphQL", at North Bay Python 2024! Introducing a new open source library I wrote for work, how I wrote it, cool things to do with GraphQL, and what I've discovered I want instead of GraphQL. Hopefully the barn cats will be interested too 😻 #Python#nbpy#GraphQL#Flask
Last call for signing up to give lightning talks at FlaskCon @ PyCon US 2024.
If you use Flask, Click, Jinja or other parts of Pallets project, this is your opportunity to share your experience with the community.
Yesterday, we looked at how to write a JavaScript app that uses Ollama. Recently, we started to look at Python on this site and I figured that we better follow it up with how to write a Python app that uses Ollama. Just like with JavaScript, Ollama offers a Python library, so we are going to be using that for our examples. Also just like we did with the JavaScript demo, I am going to be using the generate endpoint instead of the chat endpoint. That keeps things simpler but I am going to explore the chat endpoint also at some point.
Install the Ollama Library
The first step is to run pip3 install ollama from the terminal. First, you need to create a virtual environment to isolate your project’s libraries from the global Python libraries.
At this point, we can start writing code. When we used the web service earlier this week, we used the generate endpoint and provided model, prompt, and stream as parameters. We set the stream parameter to false so that it would return a single response object instead of a stream of objects. When using the python library, the stream parameter isn’t necessary because it returns a single response object by default. We still provide it with a model and a prompt, though.
If you run it from the terminal, the response will look familiar.
If you pip install flask to install flask, you can host a simple HTTP page at port 8080 and with the magic of json.loads() and a for loop, you can build your unordered list.
Every time you load the page, it makes a server-side API call to Ollama, gets a list of large cities in Wisconsin, and displays them on the website. The list is never the same (because of hallucinations) but that is another issue.
Have any questions, comments, etc? Please feel free to drop a comment, below.
MarkupSafe speedup saga continues: my coworker contributed a PR to implement them in Rust now. It uses some pretty clever speedups based on other serialization libraries they surveyed. If anyone is comfortable with Rust, we would appreciate reviews and feedback: https://github.com/pallets/markupsafe/pull/438#Python#RustLang#PyO3#Flask#MarkupSafe
New to PyCon US is FlaskCon, one of the Hatchery programs we accepted this year. This is your opportunity to meet the maintainers of Flask and learn how you can become a contributor.
If you use Flask, this is also a great time to share your experiences with the rest of the community.
SIgn up to give a lightning talk now:
I'm looking forward to FlaskCon inside PyCon this year, but it needs talk proposals from the community to be successful. If you work with Flask or our other libraries, or alongside other web technologies, you have something to share and we want to hear it! Please submit a 5-15 minute talk proposal: https://flaskcon.com/2024/#PyCon#PyConUS#Flask
Update on my "remove MarkupSafe's C speedups" post: @tonybaloney swooped in and found a simple change that make the speedups ~40% faster in the cases where they had become slower. Turns out, if plain strings are the most probable thing you'll be escaping, you should check for that first, not last. So the speedups remain in place. https://github.com/pallets/markupsafe/pull/434#Python#MarkupSafe#Flask
Python has seen significant performance improvements in the last few releases. MarkupSafe has a C extension to speed up operations, but it's now slower in many cases than the plain Python implementation. Having a C extension increases the difficulty of maintenance, builds, releases, and installs. I'm wondering if it's time to drop the speedups. https://github.com/pallets/markupsafe/issues/433#Python#MarkupSafe#Flask
Submit your talk proposal for FlaskCon, inside PyCon US May 17! Are you a developer, contributor, maintainer, designer, admin, or anyone else else who uses Flask, Click, Jinja, their extensions, WSGI, ASGI, HTMX, Tailwind, asyncio, etc? We want to hear you! A talk can be 5-15 minutes, in person. CFP closes April 30, notified May 3. Submit your proposal today: https://flaskcon.com/2024/ Please boost and tell your friends! #PyCon#PyConUS#Python#Flask
Just released ItsDangerous 2.2.0. This modernizes the project config a bit more (the last release was in 2022). It adds some better type annotations for the return value of Serializer.dumps. And it fixes the same potential FIPS issue as that Flask release last week. https://github.com/pallets/itsdangerous/releases/tag/2.2.0#Python#ItsDangerous#Flask
I'm starting to think of sdists as an intermediate build between repo and wheel, rather than a partial representation of the repo. Sdists should only contain the code and metadata needed to create the wheel, not docs, dev requirements, examples, tests, and other tool config. All that extra stuff can be run by checking out the tag and using our standard contributor instructions. Removing that from sdists would probably save PyPI a good amount of bandwidth. #Python#Flask
Apparently, in python web ecosystem, /foo/bar and /foo%2Fbar are interpreted the same (but not /foo?bar and /foo%3Fbar at least) 🤦 #Python#FastAPI#flask#django
Our next event is a sprint at SparkUp Sat 13.4. 12-16 and the theme is web development with Python using Django, Flask or FastAPI.
Our sprints are hands-on programming events where we gather together to learn about a given theme. Collaborating with others, asking questions and helping each other find the answers is at the heart of these events.
My hosting provider is discontinuing Passenger on my current plan. Does anyone know of what options are good currently, especially for people like me who don't really know what they're doing and just want Python/Flask apps to go brrrr?
Just released Flask-Alembic 3.0! This extension combines Flask and Flask-SQLAlchemy with the Alembic migration library, providing CLI and programatic access to Alembic's functionality. It went 7.5 years without needing a release. This fixes compatibility with Flask-SQLAlchemy 3.1, and generally modernizes the project, tooling, and minimum requirements. https://github.com/davidism/flask-alembic/releases/tag/3.0.0#Python#Flask#SQLAlchemy