open-telemetry · ocelotl · Jan 31, 2024 · Jan 1, 2024 · Jan 1, 2024 · Jan 1, 2024
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+- Upgrade markupsafe, Flask and related dependencies to dev and test
+  environments ([#3609](https://github.com/open-telemetry/opentelemetry-python/pull/3609))
 - Handle HTTP 2XX responses as successful in OTLP exporters
   ([#3623](https://github.com/open-telemetry/opentelemetry-python/pull/3623))
 - Improve Resource Detector timeout messaging

@@ -10,10 +10,7 @@ sphinx-autodoc-typehints==1.25.2
 pytest==7.1.3
 pytest-cov==4.1.0
 readme-renderer==42.0
-# temporary fix. we should update the jinja, flask deps
-# See https://github.com/pallets/markupsafe/issues/282
-# breaking change introduced in markupsafe causes jinja, flask to break
-markupsafe==2.0.1
+markupsafe==2.1.3
 bleach==4.1.0 # This dependency was updated to a breaking version.
 codespell==2.1.0
 requests==2.31.0

@@ -16,14 +16,11 @@ sphinx-jekyll-builder==0.3.0
 grpcio~=1.27
 Deprecated~=1.2
 django~=4.2
-flask~=1.0
+flask~=2.3
 opentracing~=2.2.0
 thrift~=0.10
 wrapt>=1.0.0,<2.0.0
-# temporary fix. we should update the jinja, flask deps
-# See https://github.com/pallets/markupsafe/issues/282
-# breaking change introduced in markupsafe causes jinja, flask to break
-markupsafe==2.0.1
+markupsafe~=2.0
 
 # Jaeger generated protobufs do not currently support protobuf 4.x. This can be removed once
 # they're regenerated.

@@ -1,20 +1,20 @@
-click==7.1.2
-Flask==2.3.2
+click==8.1.7
+Flask==2.3.3
 googleapis-common-protos==1.52.0
 grpcio==1.56.0
 gunicorn==20.0.4
-itsdangerous==1.1.0
-Jinja2==2.11.3
-MarkupSafe==1.1.1
+itsdangerous==2.1.2
+Jinja2==3.1.2
+MarkupSafe==2.1.3
 opentelemetry-api==1.20.0
 opentelemetry-exporter-otlp==1.20.0
 opentelemetry-instrumentation==0.41b0
 opentelemetry-instrumentation-flask==0.41b0
 opentelemetry-instrumentation-wsgi==0.41b0
 opentelemetry-sdk==1.20.0
-protobuf==3.18.3
+protobuf==3.19.4
 six==1.15.0
 thrift==0.13.0
 uWSGI==2.0.22
-Werkzeug==2.2.3
-wrapt==1.12.1
+Werkzeug==3.0.1
+wrapt==1.16.0
@@ -1,20 +1,20 @@
-click==7.1.2
-Flask==2.3.2
+click==8.1.7
+Flask==2.3.3
 googleapis-common-protos==1.52.0
 grpcio==1.56.0
 gunicorn==20.0.4
-itsdangerous==1.1.0
-Jinja2==2.11.3
-MarkupSafe==1.1.1
+itsdangerous==2.1.2
+Jinja2==3.1.2
+MarkupSafe==2.1.3
 opentelemetry-api==1.20.0
 opentelemetry-exporter-otlp==1.20.0
 opentelemetry-instrumentation==0.41b0
 opentelemetry-instrumentation-flask==0.41b0
 opentelemetry-instrumentation-wsgi==0.41b0
 opentelemetry-sdk==1.20.0
-protobuf==3.18.3
+protobuf==3.19.4
 six==1.15.0
 thrift==0.13.0
 uWSGI==2.0.22
-Werkzeug==2.2.3
-wrapt==1.12.1
+Werkzeug==3.0.1
+wrapt==1.16.0
@@ -5,7 +5,7 @@ charset-normalizer==2.0.12
 click==8.1.7
 Deprecated==1.2.14
 flaky==3.7.0
-Flask==2.0.1
+Flask==2.3.3
 idna==3.4
 importlib-metadata==6.8.0
 iniconfig==2.0.0
@@ -22,6 +22,6 @@ requests==2.26.0
 tomli==2.0.1
 typing_extensions==4.8.0
 urllib3==1.26.18
-Werkzeug==2.3.7
+Werkzeug==3.0.1
 wrapt==1.15.0
 zipp==3.17.0
@@ -251,12 +251,9 @@ deps =
   # needed for tracecontext
   aiohttp~=3.6
   # needed for example trace integration
-  flask~=1.1
+  flask~=2.3
   requests~=2.7
-  # temporary fix. we should update the jinja, flask deps
-  # See https://github.com/pallets/markupsafe/issues/282
-  # breaking change introduced in markupsafe causes jinja, flask to break
-  markupsafe==2.0.1
+  markupsafe~=2.1
 
 commands_pre =
   pip install -e {toxinidir}/opentelemetry-api \