flask.safe_join Was Removed Without A Clear Deprecation Notice

[hagai-helman]

In version 2.1.1, flask.safe_join was removed. However, the documentation for version 2.0.x did not include any deprecation notice.

A deprecation warning was raised when calling safe_join in version 2.0.x, but many developers rely on the documentation for deprecation notices. Also, the warning referred explicitly only to flask.helpers.safe_join, and not to flask.safe_join, so it made sense to assume that the shorthand flask.safe_join will continue to exist (wrapping werkzeug.utils.safe_join instead of flask.helpers.safe_join).

I suppose many developers were surprised like me from the change, and hence many applications broke after a Flask upgrade (or will break soon, when they upgrade).

To mitigate this problem, I suggest flask.safe_join is reintroduced for version 2.1.x (and as soon as possible), while a clear deprecation notice is added to the documentation.

[davidism]

My bad for missing the API docs. However, it was mentioned in the changelog, and also raised a DeprecationWarning.

Use a tool like pip-tools to pin your dependencies and control when you get updates. Be sure to run your tests with deprecation warnings treated as errors so that you get notified of these types of changes early.