diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7921090
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+__pycache__/
+*.py[cod]
+*.pyo
+instance/
+*.db
+.env
diff --git a/flaskblog/__pycache__/__init__.cpython-311.pyc b/flaskblog/__pycache__/__init__.cpython-311.pyc
deleted file mode 100644
index f039f41..0000000
Binary files a/flaskblog/__pycache__/__init__.cpython-311.pyc and /dev/null differ
diff --git a/flaskblog/__pycache__/config.cpython-311.pyc b/flaskblog/__pycache__/config.cpython-311.pyc
deleted file mode 100644
index 7bfa44a..0000000
Binary files a/flaskblog/__pycache__/config.cpython-311.pyc and /dev/null differ
diff --git a/flaskblog/__pycache__/models.cpython-311.pyc b/flaskblog/__pycache__/models.cpython-311.pyc
deleted file mode 100644
index d9ae347..0000000
Binary files a/flaskblog/__pycache__/models.cpython-311.pyc and /dev/null differ
diff --git a/flaskblog/main/routes.py b/flaskblog/main/routes.py
index 6e6b730..a47e6bb 100644
--- a/flaskblog/main/routes.py
+++ b/flaskblog/main/routes.py
@@ -1,4 +1,6 @@
 from flask import render_template, request, Blueprint
+from sqlalchemy import select
+from flaskblog import db
 from flaskblog.models import Post
 
 main = Blueprint('main', __name__)
@@ -8,7 +10,7 @@
 @main.route("/home")
 def home():
     page = request.args.get('page', 1, type=int)
-    posts = Post.query.order_by(Post.date_posted.desc()).paginate(page=page, per_page=5)
+    posts = db.paginate(select(Post).order_by(Post.date_posted.desc()), page=page, per_page=5)
     return render_template('home.html', posts=posts)
 
 
diff --git a/flaskblog/models.py b/flaskblog/models.py
index a16d302..691cd9f 100644
--- a/flaskblog/models.py
+++ b/flaskblog/models.py
@@ -1,5 +1,5 @@
 from datetime import datetime
-from itsdangerous import TimedJSONWebSignatureSerializer
+from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer
 from flask import current_app
 from flaskblog import db, login_manager
 from flask_login import UserMixin
@@ -7,7 +7,7 @@
 
 @login_manager.user_loader
 def load_user(user_id):
-    return User.query.get(int(user_id))
+    return db.session.get(User, int(user_id))
 
 
 class User(db.Model, UserMixin):
@@ -19,17 +19,17 @@ class User(db.Model, UserMixin):
     posts = db.relationship('Post', backref='author', lazy=True)
 
     def get_reset_token(self, expires_sec=1800):
-        s = Serializer(current_app.config['SECRET_KEY'], expires_sec)
-        return s.dumps({'user_id': self.id}).decode('utf-8')
+        s = Serializer(current_app.config['SECRET_KEY'])
+        return s.dumps({'user_id': self.id})
 
     @staticmethod
     def verify_reset_token(token):
         s = Serializer(current_app.config['SECRET_KEY'])
         try:
-            user_id = s.loads(token)['user_id']
-        except:
+            user_id = s.loads(token, max_age=1800)['user_id']
+        except Exception:
             return None
-        return User.query.get(user_id)
+        return db.session.get(User, user_id)
 
     def __repr__(self):
         return f"User('{self.username}', '{self.email}', '{self.image_file}')"
diff --git a/flaskblog/posts/routes.py b/flaskblog/posts/routes.py
index ba5e407..ae371b3 100644
--- a/flaskblog/posts/routes.py
+++ b/flaskblog/posts/routes.py
@@ -24,14 +24,14 @@ def new_post():
 
 @posts.route("/post/<int:post_id>")
 def post(post_id):
-    post = Post.query.get_or_404(post_id)
+    post = db.get_or_404(Post, post_id)
     return render_template('post.html', title=post.title, post=post)
 
 
 @posts.route("/post/<int:post_id>/update", methods=['GET', 'POST'])
 @login_required
 def update_post(post_id):
-    post = Post.query.get_or_404(post_id)
+    post = db.get_or_404(Post, post_id)
     if post.author != current_user:
         abort(403)
     form = PostForm()
@@ -51,7 +51,7 @@ def update_post(post_id):
 @posts.route("/post/<int:post_id>/delete", methods=['POST'])
 @login_required
 def delete_post(post_id):
-    post = Post.query.get_or_404(post_id)
+    post = db.get_or_404(Post, post_id)
     if post.author != current_user:
         abort(403)
     db.session.delete(post)
diff --git a/flaskblog/users/__pycache__/__init__.cpython-311.pyc b/flaskblog/users/__pycache__/__init__.cpython-311.pyc
deleted file mode 100644
index 53ea301..0000000
Binary files a/flaskblog/users/__pycache__/__init__.cpython-311.pyc and /dev/null differ
diff --git a/flaskblog/users/__pycache__/routes.cpython-311.pyc b/flaskblog/users/__pycache__/routes.cpython-311.pyc
deleted file mode 100644
index c9a9837..0000000
Binary files a/flaskblog/users/__pycache__/routes.cpython-311.pyc and /dev/null differ
diff --git a/flaskblog/users/routes.py b/flaskblog/users/routes.py
index c7ed7ea..b88a3b0 100644
--- a/flaskblog/users/routes.py
+++ b/flaskblog/users/routes.py
@@ -1,5 +1,6 @@
 from flask import render_template, url_for, flash, redirect, request, Blueprint
 from flask_login import login_user, current_user, logout_user, login_required
+from sqlalchemy import select
 from flaskblog import db, bcrypt
 from flaskblog.models import User, Post
 from flaskblog.users.forms import (RegistrationForm, LoginForm, UpdateAccountForm,
@@ -70,10 +71,9 @@ def account():
 @users.route("/user/<string:username>")
 def user_posts(username):
     page = request.args.get('page', 1, type=int)
-    user = User.query.filter_by(username=username).first_or_404()
-    posts = Post.query.filter_by(author=user)\
-        .order_by(Post.date_posted.desc())\
-        .paginate(page=page, per_page=5)
+    user = db.first_or_404(select(User).filter_by(username=username))
+    posts = db.paginate(select(Post).filter_by(author=user)
+                        .order_by(Post.date_posted.desc()), page=page, per_page=5)
     return render_template('user_posts.html', posts=posts, user=user)
 
 
diff --git a/requirements.txt b/requirements.txt
index b4b9df5..bb3d7f3 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,20 +1,20 @@
-bcrypt==3.1.4
-blinker==1.4
-certifi==2016.2.28
-cffi==1.11.5
-click==6.7
-Flask==1.0
-Flask-Bcrypt==0.7.1
-Flask-Login==0.4.1
-Flask-Mail==0.9.1
-Flask-SQLAlchemy==2.3.2
-Flask-WTF==0.14.2
-itsdangerous==0.24
-Jinja2==2.10
-MarkupSafe==1.0
-Pillow==5.3.0
-pycparser==2.18
-six==1.11.0
-SQLAlchemy==1.2.7
-Werkzeug==0.14.1
-WTForms==2.1
+bcrypt==4.1.3
+blinker==1.7.0
+certifi==2024.2.2
+cffi==1.16.0
+click==8.1.7
+Flask==3.0.3
+Flask-Bcrypt==1.0.1
+Flask-Login==0.6.3
+Flask-Mail==0.10.0
+Flask-SQLAlchemy==3.1.1
+Flask-WTF==1.2.1
+itsdangerous==2.2.0
+Jinja2==3.1.3
+MarkupSafe==2.1.5
+Pillow==10.3.0
+pycparser==2.22
+six==1.16.0
+SQLAlchemy==2.0.29
+Werkzeug==3.0.3
+WTForms==3.1.2