From ea34d324062e8ec6c529c7adeffd3c005ca2785f Mon Sep 17 00:00:00 2001
From: Miguel Jacq <mig@mig5.net>
Date: Thu, 6 Mar 2025 16:05:48 +1100
Subject: [PATCH] Use importlib.metadata.version('flask') to detect Flask
 version

---
 cli/onionshare_cli/web/web.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cli/onionshare_cli/web/web.py b/cli/onionshare_cli/web/web.py
index 94c95964..acc996d5 100644
--- a/cli/onionshare_cli/web/web.py
+++ b/cli/onionshare_cli/web/web.py
@@ -17,6 +17,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
+import importlib
 import logging
 import mimetypes
 import os
@@ -34,7 +35,6 @@ from flask import (
     abort,
     make_response,
     send_file,
-    __version__ as flask_version,
 )
 from flask_compress import Compress
 from flask_socketio import SocketIO
@@ -138,6 +138,7 @@ class Web:
         # by default. To prevent content injection through template variables in
         # earlier versions of Flask, we force autoescaping in the Jinja2 template
         # engine if we detect a Flask version with insecure default behavior.
+        flask_version = importlib.metadata.version("flask")
         if Version(flask_version) < Version("0.11"):
             # Monkey-patch in the fix from https://github.com/pallets/flask/commit/99c99c4c16b1327288fd76c44bc8635a1de452bc
             Flask.select_jinja_autoescape = self._safe_select_jinja_autoescape