Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

click	6.6	»	6.7	PyPI | Changelog | Repo
Fabric	1.13.1	»	1.14.0	PyPI | Homepage
Flask	0.11	»	0.12.2	PyPI | Changelog | Repo
Flask-SQLAlchemy	2.1	»	2.3.2	PyPI | Changelog | Repo | Docs
Flask-Testing	0.6.1	»	0.6.2	PyPI | Changelog | Repo | Docs
Flask-WTF	0.13.1	»	0.14.2	PyPI | Changelog | Repo | Docs
Jinja2	2.8	»	2.9.6	PyPI | Changelog | Homepage
Mako	1.0.4	»	1.0.7	PyPI | Changelog | Homepage
MarkupSafe	0.23	»	1.0	PyPI | Changelog | Repo
SQLAlchemy	1.1.4	»	1.1.14	PyPI | Changelog | Homepage
WTForms	2.0.2	»	2.1	PyPI | Changelog | Homepage | Docs
Werkzeug	0.9.6	»	0.12.2	PyPI | Changelog | Homepage
alembic	0.8.9	»	0.9.6	PyPI | Changelog | Repo | Docs
factory-boy	2.7.0	»	2.9.2	PyPI | Changelog | Repo
fake-factory	0.7.2	»	9999.9.9	PyPI | Repo
paramiko	1.15.2	»	2.3.1	PyPI | Changelog | Repo
python-dateutil	2.4.2	»	2.6.1	PyPI | Changelog | Docs
pytz	2016.10	»	2017.3	PyPI | Homepage | Docs
ipaddress	1.0.17	»	1.0.18	PyPI | Repo
coverage	3.7.1	»	4.4.1	PyPI | Changelog | Docs
nosexcover	1.0.10	»	1.0.11	PyPI | Changelog | Repo
python-coveralls	2.5.0	»	2.9.1	PyPI | Repo

Changelogs

click 6.6 -> 6.7

6.7

---

(bugfix release; released on January 6th 2017)

• Make click.progressbar work with codecs.open files. See 637.
• Fix bug in bash completion with nested subcommands. See 639.
• Fix test runner not saving caller env correctly. See 644.
• Fix handling of SIGPIPE. See 626
• Deal with broken Windows environments such as Google App Engine's. See 711.

Flask 0.11 -> 0.12.2

0.12.2

---

Released on May 16 2017

• Fix a bug in safe_join on Windows.

0.12.1

---

Bugfix release, released on March 31st 2017

• Prevent flask run from showing a NoAppException when an ImportError occurs
  within the imported application module.
• Fix encoding behavior of app.config.from_pyfile for Python 3. Fix
  2118.
• Use the SERVER_NAME config if it is present as default values for
  app.run. 2109, 2152
• Call ctx.auto_pop with the exception object instead of None, in the
  event that a BaseException such as KeyboardInterrupt is raised in a
  request handler.

0.12

---

Released on December 21st 2016, codename Punsch.

• the cli command now responds to --version.
• Mimetype guessing and ETag generation for file-like objects in send_file
  has been removed, as per issue 104. See pull request 1849.
• Mimetype guessing in send_file now fails loudly and doesn't fall back to
  application/octet-stream. See pull request 1988.
• Make flask.safe_join able to join multiple paths like os.path.join
  (pull request 1730).
• Revert a behavior change that made the dev server crash instead of returning
  a Internal Server Error (pull request 2006).
• Correctly invoke response handlers for both regular request dispatching as
  well as error handlers.
• Disable logger propagation by default for the app logger.
• Add support for range requests in send_file.
• app.test_client includes preset default environment, which can now be
  directly set, instead of per client.get.

0.11.2

---

Bugfix release, unreleased

• Fix crash when running under PyPy3, see pull request 1814.

0.11.1

---

Bugfix release, released on June 7th 2016.

• Fixed a bug that prevented FLASK_APP=foobar/__init__.py from working. See
  pull request 1872.

Flask-SQLAlchemy 2.1 -> 2.3.2

2.3.2

---

Released on October 11, 2017

• Don't mask the parent table for single-table inheritance models. (561_)

.. _561: pallets-eco/flask-sqlalchemy#561

2.3.1

---

Released on October 5, 2017

• If a model has a table name that matches an existing table in the metadata,
  use that table. Fixes a regression where reflected tables were not picked up
  by models. (551_)
• Raise the correct error when a model has a table name but no primary key.
  (556_)
• Fix repr on models that don't have an identity because they have not been
  flushed yet. (555_)
• Allow specifying a max_per_page limit for pagination, to avoid users
  specifying high values in the request args. (542_)
• For paginate with error_out=False, the minimum value for page is
  1 and per_page is 0. (558_)

.. _542: pallets-eco/flask-sqlalchemy#542
.. _551: pallets-eco/flask-sqlalchemy#551
.. _555: pallets-eco/flask-sqlalchemy#555
.. _556: pallets-eco/flask-sqlalchemy#556
.. _558: pallets-eco/flask-sqlalchemy#558

2.3.0

---

Released on September 28, 2017

• Multiple bugs with __tablename__ generation are fixed. Names will be
  generated for models that define a primary key, but not for single-table
  inheritance subclasses. Names will not override a declared_attr.
  PrimaryKeyConstraint is detected. (541_)
• Passing an existing declarative_base() as model_class to
  SQLAlchemy.__init__ will use this as the base class instead of creating
  one. This allows customizing the metaclass used to construct the base.
  (546_)
• The undocumented DeclarativeMeta internals that the extension uses for
  binds and table name generation have been refactored to work as mixins.
  Documentation is added about how to create a custom metaclass that does not
  do table name generation. (546_)
• Model and metaclass code has been moved to a new models module.
  _BoundDeclarativeMeta is renamed to DefaultMeta; the old name will be
  removed in 3.0. (546_)
• Models have a default repr that shows the model name and primary key.
  (530_)
• Fixed a bug where using init_app would cause connectors to always use the
  current_app rather than the app they were created for. This caused issues
  when multiple apps were registered with the extension. (547_)

.. _530: pallets-eco/flask-sqlalchemy#530
.. _541: pallets-eco/flask-sqlalchemy#541
.. _546: pallets-eco/flask-sqlalchemy#546
.. _547: pallets-eco/flask-sqlalchemy#547

2.2

---

Released on February 27, 2017, codename Dubnium

• Minimum SQLAlchemy version is 0.8 due to use of sqlalchemy.inspect.
• Added support for custom query_class and model_class as args
  to the SQLAlchemy constructor. (328_)
• Allow listening to SQLAlchemy events on db.session. (364_)
• Allow __bind_key__ on abstract models. (373_)
• Allow SQLALCHEMY_ECHO to be a string. (409_)
• Warn when SQLALCHEMY_DATABASE_URI is not set. (443_)
• Don't let pagination generate invalid page numbers. (460_)
• Drop support of Flask < 0.10. This means the db session is always tied to
  the app context and its teardown event. (461_)
• Tablename generation logic no longer accesses class properties unless they
  are declared_attr. (467_)

.. _328: pallets-eco/flask-sqlalchemy#328
.. _364: pallets-eco/flask-sqlalchemy#364
.. _373: pallets-eco/flask-sqlalchemy#373
.. _409: pallets-eco/flask-sqlalchemy#409
.. _443: pallets-eco/flask-sqlalchemy#443
.. _460: pallets-eco/flask-sqlalchemy#460
.. _461: pallets-eco/flask-sqlalchemy#461
.. _467: pallets-eco/flask-sqlalchemy#467

Flask-Testing 0.6.1 -> 0.6.2

0.6.2

• Add support for OS chosen port in LiveServerTestCase
• Better error messages when missing required modules
• assertRedirects now supports all valid redirect codes as specified
  in the HTTP protocol
• Fixed bug that caused TypeError instead of AssertionError when
  testing against used templates
• Fixed bug in assertRedirects where the location was not being
  checked properly

Flask-WTF 0.13.1 -> 0.14.2

0.14.2

---

Released 2017-01-10

• Fix bug where FlaskForm assumed meta argument was not None if it
  was passed. (278_)

.. _278: wtforms/flask-wtf#278

0.14.1

---

Released 2017-01-10

• Fix bug where the file validators would incorrectly identify an empty file as
  valid data. (276, 277)

• FileField is no longer deprecated. The data is checked during
  processing and only set if it's a valid file.
• has_file is deprecated; it's now equivalent to bool(field.data).
• FileRequired and FileAllowed work with both the Flask-WTF and
  WTForms FileField classes.
• The Optional validator now works with FileField.

.. _276: wtforms/flask-wtf#276
.. _277: wtforms/flask-wtf#277

0.14

---

Released 2017-01-06

• Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
  ourselves. (264_)

• All tokens are URL safe, removing the url_safe parameter from
  generate_csrf. (206_)
• All tokens store a timestamp, which is checked in validate_csrf. The
  time_limit parameter of generate_csrf is removed.

• Remove the app attribute from CsrfProtect, use current_app.
  (264_)
• CsrfProtect protects the DELETE method by default. (264_)
• The same CSRF token is generated for the lifetime of a request. It is exposed
  as g.csrf_token for use during testing. (227, 264)
• CsrfProtect.error_handler is deprecated. (264_)

• Handlers that return a response work in addition to those that raise an
  error. The behavior was not clear in previous docs.
• (200, 209, 243, 252)

• Use Form.Meta instead of deprecated SecureForm for CSRF (and
  everything else). (216, 271)

• csrf_enabled parameter is still recognized but deprecated. All other
  attributes and methods from SecureForm are removed. (271_)

• Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
  (271_)
• validate_csrf raises wtforms.ValidationError with specific messages
  instead of returning True or False. This breaks anything that was
  calling the method directly. (239, 271)

• CSRF errors are logged as well as raised. (239_)

• CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
  when using the old name. CsrfError is renamed to CSRFError without
  deprecation. (271_)
• FileField is deprecated because it no longer provides functionality over
  the provided validators. Use wtforms.FileField directly. (272_)

.. _200: wtforms/flask-wtf#200
.. _209: wtforms/flask-wtf#209
.. _216: wtforms/flask-wtf#216
.. _227: wtforms/flask-wtf#227
.. _239: wtforms/flask-wtf#239
.. _243: wtforms/flask-wtf#243
.. _252: wtforms/flask-wtf#252
.. _264: wtforms/flask-wtf#264
.. _271: wtforms/flask-wtf#271
.. _272: wtforms/flask-wtf#272

Jinja2 2.8 -> 2.9.6

2.9.6

---

(bugfix release, released on April 3rd 2017)

• Fixed custom context behavior in fast resolve mode (675)

2.9.5

---

(bugfix release, released on January 28th 2017)

• Restored the original repr of the internal _GroupTuple because this
  caused issues with ansible and it was an unintended change. (654)
• Added back support for custom contexts that override the old resolve
  method since it was hard for people to spot that this could cause a
  regression.
• Correctly use the buffer for the else block of for loops. This caused
  invalid syntax errors to be caused on 2.x and completely wrong behavior
  on Python 3 (669)
• Resolve an issue where the {% extends %} tag could not be used with
  async environments. (668)
• Reduce memory footprint slightly by reducing our unicode database dump
  we use for identifier matching on Python 3 (666)
• Fixed autoescaping not working for macros in async compilation mode. (671)

2.9.4

---

(bugfix release, released on January 10th 2017)

• Solved some warnings for string literals. (646)
• Increment the bytecode cache version which was not done due to an
  oversight before.
• Corrected bad code generation and scoping for filtered loops. (649)
• Resolved an issue where top-level output silencing after known extend
  blocks could generate invalid code when blocks where contained in if
  statements. (651)
• Made the truncate.leeway default configurable to improve compatibility
  with older templates.

2.9.3

---

(bugfix release, released on January 8th 2017)

• Restored the use of blocks in macros to the extend that was possible
  before. On Python 3 it would render a generator repr instead of
  the block contents. (645)
• Set a consistent behavior for assigning of variables in inner scopes
  when the variable is also read from an outer scope. This now sets the
  intended behavior in all situations however it does not restore the
  old behavior where limited assignments to outer scopes was possible.
  For more information and a discussion see 641
• Resolved an issue where block scoped would not take advantage of the
  new scoping rules. In some more exotic cases a variable overriden in a
  local scope would not make it into a block.
• Change the code generation of the with statement to be in line with the
  new scoping rules. This resolves some unlikely bugs in edge cases. This
  also introduces a new internal With node that can be used by extensions.

2.9.2

---

(bugfix release, released on January 8th 2017)

• Fixed a regression that caused for loops to not be able to use the same
  variable for the target as well as source iterator. (640)
• Add support for a previously unknown behavior of macros. It used to be
  possible in some circumstances to explicitly provide a caller argument
  to macros. While badly buggy and unintended it turns out that this is a
  common case that gets copy pasted around. To not completely break backwards
  compatibility with the most common cases it's now possible to provide an
  explicit keyword argument for caller if it's given an explicit default.
  (642)

2.9.1

---

(bugfix release, released on January 7th 2017)

• Resolved a regression with call block scoping for macros. Nested caller
  blocks that used the same identifiers as outer macros could refer to the
  wrong variable incorrectly.

2.9

---

(codename Derivation, released on January 7th 2017)

• Change cache key definition in environment. This fixes a performance
  regression introduced in 2.8.
• Added support for generator_stop on supported Python versions
  (Python 3.5 and later)
• Corrected a long standing issue with operator precedence of math operations
  not being what was expected.
• Added support for Python 3.6 async iterators through a new async mode.
• Added policies for filter defaults and similar things.
• urlize now sets "rel noopener" by default.
• Support attribute fallback for old-style classes in 2.x.
• Support toplevel set statements in extend situations.
• Restored behavior of Cycler for Python 3 users.
• Subtraction now follows the same behavior as other operators on undefined
  values.
• map and friends will now give better error messages if you forgot to
  quote the parameter.
• Depend on MarkupSafe 0.23 or higher.
• Improved the truncate filter to support better truncation in case
  the string is barely truncated at all.
• Change the logic for macro autoescaping to be based on the runtime
  autoescaping information at call time instead of macro define time.
• Ported a modified version of the tojson filter from Flask to Jinja2
  and hooked it up with the new policy framework.
• Block sets are now marked safe by default.
• On Python 2 the asciification of ASCII strings can now be disabled with
  the compiler.ascii_str policy.
• Tests now no longer accept an arbitrary expression as first argument but
  a restricted one. This means that you can now properly use multiple
  tests in one expression without extra parentheses. In particular you can
  now write foo is divisibleby 2 or foo is divisibleby 3
  as you would expect.
• Greatly changed the scoping system to be more consistent with what template
  designers and developers expect. There is now no more magic difference
  between the different include and import constructs. Context is now always
  propagated the same way. The only remaining differences is the defaults
  for with context and without context.
• The with and autoescape tags are now built-in.
• Added the new select_autoescape function which helps configuring better
  autoescaping easier.

2.8.2

---

(bugfix release, unreleased)

• Fixed a runtime error in the sandbox when attributes of async generators
  were accessed.

2.8.1

---

(bugfix release, released on December 29th 2016)

• Fixed the for_qs flag for urlencode.
• Fixed regression when applying int to non-string values.
• SECURITY: if the sandbox mode is used format expressions are now sandboxed
  with the same rules as in Jinja. This solves various information leakage
  problems that can occur with format strings.

Mako 1.0.4 -> 1.0.7

1.0.7

:released: Thu Jul 13 2017

.. change::
:tags: bug

Changed the "print" in the mako-render command to
sys.stdout.write(), avoiding the extra newline at the end
of the template output.  Pull request courtesy
Yves Chevallier.

.. changelog::

1.0.6

:released: Wed Nov 9 2016

.. change::
:tags: feature

 Added new parameter :paramref:`.Template.include_error_handler` .
 This works like :paramref:`.Template.error_handler` but indicates the
 handler should take place when this template is included within another
 template via the ``<%include>`` tag.  Pull request courtesy
 Huayi Zhang.

.. changelog::

1.0.5

:released: Wed Nov 2 2016

.. change::
:tags: bug

 Updated the Sphinx documentation builder to work with recent
 versions of Sphinx.

.. changelog::

MarkupSafe 0.23 -> 1.0

1.0

---

• Fixed custom types not invoking __unicode__ when used
  with format().
• Added __version__ module attribute
• Improve unescape code to leave lone ampersands alone.

SQLAlchemy 1.1.4 -> 1.1.14

1.1.14

:released: September 5, 2017

.. change::
:tags: bug, orm
🎟️ 4069
:versions: 1.2.0b3

   Fixed bug in :meth:`.Session.merge` following along similar lines as that
   of :ticket:`4030`, where an internal check for a target object in
   the identity map could lead to an error if it were to be garbage collected
   immediately before the merge routine actually retrieves the object.

.. change::
:tags: bug, orm
🎟️ 4048
:versions: 1.2.0b3

   Fixed bug where an :func:`.undefer_group` option would not be recognized
   if it extended from a relationship that was loading using joined eager
   loading.  Additionally, as the bug led to excess work being performed,
   Python function call counts are also improved by 20% within the initial
   calculation of result set columns, complementing the joined eager load
   improvements of :ticket:`3915`.

.. change::
:tags: bug, orm
🎟️ 4068

   Fixed race condition in ORM identity map which would cause objects
   to be inappropriately removed during a load operation, causing
   duplicate object identities to occur, particularly under joined eager
   loading which involves deduplication of objects.  The issue is specific
   to garbage collection of weak references and is observed only under the
   Pypy interpreter.

.. change::
:tags: bug, orm
🎟️ 4056
:versions: 1.2.0b3

   Fixed bug in :meth:`.Session.merge` where objects in a collection that had
   the primary key attribute set to ``None`` for a key that is  typically
   autoincrementing would be considered to be a database-persisted key for
   part of the internal deduplication process, causing only one object to
   actually be inserted in the database.

.. change::
:tags: bug, sql
🎟️ 4053

   Altered the range specification for window functions to allow
   for two of the same PRECEDING or FOLLOWING keywords in a range
   by allowing for the left side of the range to be positive
   and for the right to be negative, e.g. (1, 3) is
   "1 FOLLOWING AND 3 FOLLOWING".

.. change::
:tags: bug, orm
🎟️ 4067
:versions: 1.2.0b3

   An :class:`.InvalidRequestError` is raised when a :func:`.synonym`
   is used against an attribute that is not against a :class:`.MapperProperty`,
   such as an association proxy.  Previously, a recursion overflow would
   occur trying to locate non-existent attributes.

.. changelog::

1.1.13

:released: August 3, 2017

.. changelog::

1.1.12

:released: July 24, 2017

.. change:: cache_order_sequence
:tags: feature, oracle, posgresql
:versions: 1.2.0b1

   Added new keywords :paramref:`.Sequence.cache` and
   :paramref:`.Sequence.order` to :class:`.Sequence`, to allow rendering
   of the CACHE parameter understood by Oracle and PostgreSQL, and the
   ORDER parameter understood by Oracle.  Pull request
   courtesy David Moore.

.. change:: 4033
:tags: bug, orm
🎟️ 4033
:versions: 1.2.0b2

   Fixed regression from 1.1.11 where adding additional non-entity
   columns to a query that includes an entity with subqueryload
   relationships would fail, due to an inspection added in 1.1.11 as a
   result of :ticket:`4011`.

.. change:: 4031
:tags: bug, orm
:versions: 1.2.0b2
🎟️ 4031

   Fixed bug involving JSON NULL evaluation logic added in 1.1 as part
   of :ticket:`3514` where the logic would not accommodate ORM
   mapped attributes named differently from the :class:`.Column`
   that was mapped.

.. change:: 4030
:tags: bug, orm
:versions: 1.2.0b2
🎟️ 4030

   Added ``KeyError`` checks to all methods within
   :class:`.WeakInstanceDict` where a check for ``key in dict`` is
   followed by indexed access to that key, to guard against a race against
   garbage collection that under load can remove the key from the dict
   after the code assumes its present, leading to very infrequent
   ``KeyError`` raises.

.. changelog::

1.1.11

:released: Monday, June 19, 2017

.. change:: 4012
:tags: bug, sql
🎟️ 4012
:versions: 1.2.0b1

   Fixed AttributeError which would occur in :class:`.WithinGroup`
   construct during an iteration of the structure.

.. change:: 4011
:tags: bug, orm
🎟️ 4011
:versions: 1.2.0b1

   Fixed issue with subquery eagerloading which continues on from
   the series of issues fixed in :ticket:`2699`, :ticket:`3106`,
   :ticket:`3893` involving that the "subquery" contains the correct
   FROM clause when beginning from a joined inheritance subclass
   and then subquery eager loading onto a relationship from
   the base class, while the query also includes criteria against
   the subclass. The fix in the previous tickets did not accommodate
   for additional subqueryload operations loading more deeply from
   the first level, so the fix has been further generalized.

.. change:: 4005
:tags: bug, postgresql
🎟️ 4005
:versions: 1.2.0b1

   Continuing with the fix that correctly handles Postgresql
   version string "10devel" released in 1.1.8, an additional regexp
   bump to handle version strings of the form "10beta1".   While
   Postgresql now offers better ways to get this information, we
   are sticking w/ the regexp at least through 1.1.x for the least
   amount of risk to compatibility w/ older or alternate Postgresql
   databases.

.. change:: 4006
:tags: bug, postgresql
🎟️ 4006
:versions: 1.2.0b1

   Fixed bug where using :class:`.ARRAY` with a string type that
   features a collation would fail to produce the correct syntax
   within CREATE TABLE.

.. change:: 4007
:tags: bug, mysql
🎟️ 4007
:versions: 1.2.0b1

   MySQL 5.7 has introduced permission limiting for the "SHOW VARIABLES"
   command; the MySQL dialect will now handle when SHOW returns no
   row, in particular for the initial fetch of SQL_MODE, and will
   emit a warning that user permissions should be modified to allow the
   row to be present.

.. change:: 3994
:tags: bug, mssql
🎟️ 3994
:versions: 1.2.0b1

   Fixed bug where SQL Server transaction isolation must be fetched
   from a different view when using Azure data warehouse, the query
   is now attempted against both views and then a NotImplemented
   is raised unconditionally if failure continues to provide the
   best resiliency against future arbitrary API changes in new
   SQL Server versions.

.. change:: 3997
:tags: bug, oracle
🎟️ 3997
:versions: 1.2.0b1

   Support for two-phase transactions has been removed entirely for
   cx_Oracle when version 6.0b1 or later of the DBAPI is in use.  The two-
   phase feature historically has never been usable under cx_Oracle 5.x in
   any case, and cx_Oracle 6.x has removed the connection-level "twophase"
   flag upon which this feature relied.

.. change:: 3973
:tags: bug, mssql
🎟️ 3973
:versions: 1.2.0b1

   Added a placeholder type :class:`.mssql.XML` to the SQL Server
   dialect, so that a reflected table which includes this type can
   be re-rendered as a CREATE TABLE.  The type has no special round-trip
   behavior nor does it currently support additional qualifying
   arguments.

.. changelog::

1.1.10

:released: Friday, May 19, 2017

.. change:: 3986
:tags: bug, orm
:versions: 1.2.0b1
🎟️ 3986

   Fixed bug where a cascade such as "delete-orphan" (but others as well)
   would fail to locate an object linked to a relationship that itself
   is local to a subclass in an inheritance relationship, thus causing
   the operation to not take place.

.. change:: 3975
:tags: bug, oracle
:versions: 1.2.0b1
🎟️ 3975

   Fixed bug in cx_Oracle dialect where version string parsing would
   fail for cx_Oracle version 6.0b1 due to the "b" character.  Version
   string parsing is now via a regexp rather than a simple split.

.. change:: 3949
:tags: bug, schema
:versions: 1.2.0b1
🎟️ 3949

   An :class:`.ArgumentError` is now raised if a
   :class:`.ForeignKeyConstraint` object is created with a mismatched
   number of "local" and "remote" columns, which otherwise causes the
   internal state of the constraint to be incorrect.   Note that this
   also impacts the condition where a dialect's reflection process
   produces a mismatched set of columns for a foreign key constraint.

.. change:: 3980
:tags: bug, ext
:versions: 1.2.0b1
🎟️ 3980

   Protected against testing "None" as a class in the case where
   declarative classes are being garbage collected and new
   automap prepare() operations are taking place concurrently, very
   infrequently hitting a weakref that has not been fully acted upon
   after gc.

.. change::
:tags: bug, postgresql
:versions: 1.2.0b1

   Added "autocommit" support for GRANT, REVOKE keywords.  Pull request
   courtesy Jacob Hayes.

.. change:: 3966
:tags: bug, mysql
:versions: 1.2.0b1
🎟️ 3966

   Removed an ancient and unnecessary intercept of the UTC_TIMESTAMP
   MySQL function, which was getting in the way of using it with a
   parameter.

.. change:: 3961
:tags: bug, mysql
:versions: 1.2.0b1
🎟️ 3961

   Fixed bug in MySQL dialect regarding rendering of table options in
   conjunction with PARTITION options when rendering CREATE TABLE.
   The PARTITION related options need to follow the table options,
   whereas previously this ordering was not enforced.

.. changelog::

1.1.9

:released: April 4, 2017

.. change:: 3956
:tags: bug, ext
🎟️ 3956

   Fixed regression released in 1.1.8 due to :ticket:`3950` where the
   deeper search for information about column types in the case of a
   "schema type" or a :class:`.TypeDecorator` would produce an attribute
   error if the mapping also contained a :obj:`.column_property`.

.. change:: 3952
:tags: bug, sql
:versions: 1.2.0b1
🎟️ 3952

   Fixed regression released in 1.1.5 due to :ticket:`3859` where
   adjustments to the "right-hand-side" evaluation of an expression
   based on :class:`.Variant` to honor the underlying type's
   "right-hand-side" rules caused the :class:`.Variant` type
   to be inappropriately lost, in those cases when we *do* want the
   left-hand side type to be transferred directly to the right hand side
   so that bind-level rules can be applied to the expression's argument.

.. change:: 3955
:tags: bug, sql, postgresql
:versions: 1.2.0b1
🎟️ 3955

   Changed the mechanics of :class:`.ResultProxy` to unconditionally
   delay the "autoclose" step until the :class:`.Connection` is done
   with the object; in the case where Postgresql ON CONFLICT with
   RETURNING returns no rows, autoclose was occurring in this previously
   non-existent use case, causing the usual autocommit behavior that
   occurs unconditionally upon INSERT/UPDATE/DELETE to fail.

.. changelog::

1.1.8

:released: March 31, 2017

.. change:: 3950
:tags: bug, ext
:versions: 1.2.0b1
🎟️ 3950

   Fixed bug in :mod:`sqlalchemy.ext.mutable` where the
   :meth:`.Mutable.as_mutable` method would not track a type that had
   been copied using :meth:`.TypeEngine.copy`.  This became more of
   a regression in 1.1 compared to 1.0 because the :class:`.TypeDecorator`
   class is now a subclass of :class:`.SchemaEventTarget`, which among
   other things indicates to the parent :class:`.Column` that the type
   should be copied when the :class:`.Column` is.  These copies are
   common when using declarative with mixins or abstract classes.

.. change::
:tags: bug, ext
:versions: 1.2.0b1

   Added support for bound parameters, e.g. those normally set up
   via :meth:`.Query.params`, to the :meth:`.baked.Result.count`
   method.  Previously, support for parameters were omitted. Pull request
   courtesy Pat Deegan.

.. change::
:tags: bug, postgresql
:versions: 1.2.0b1

   Added support for parsing the Postgresql version string for
   a development version like "PostgreSQL 10devel".  Pull request
   courtesy Sean McCully.

.. changelog::

1.1.7

:released: March 27, 2017

.. change::
:tags: feature, orm
🎟️ 3933
:versions: 1.2.0b1

   An :func:`.aliased()` construct can now be passed to the
   :meth:`.Query.select_entity_from` method.   Entities will be pulled
   from the selectable represented by the :func:`.aliased` construct.
   This allows special options for :func:`.aliased` such as
   :paramref:`.aliased.adapt_on_names` to be used in conjunction with
   :meth:`.Query.select_entity_from`.

.. change::
:tags: bug, engine
🎟️ 3946
:versions: 1.2.0b1

   Added an exception handler that will warn for the "cause" exception on
   Py2K when the "autorollback" feature of :class:`.Connection` itself
   raises an exception. In Py3K, the two exceptions are naturally reported
   by the interpreter as one occurring during the handling of the other.
   This is continuing with the series of changes for rollback failure
   handling that were last visited as part of :ticket:`2696` in 1.0.12.

.. change::
:tags: bug, orm
🎟️ 3947
:versions: 1.2.0b1

   Fixed a race condition which could occur under threaded environments
   as a result of the caching added via :ticket:`3915`.   An internal
   collection of ``Column`` objects could be regenerated on an alias
   object inappropriately, confusing a joined eager loader when it
   attempts to render SQL and collect results and resulting in an
   attribute error.   The collection is now generated up front before
   the alias object is cached and shared among threads.

.. change::
:tags: bug, sql, postgresql
🎟️ 2892

   Added support for the :class:`.Variant` and the :class:`.SchemaType`
   objects to be compatible with each other.  That is, a variant
   can be created against a type like :class:`.Enum`, and the instructions
   to create constraints and/or database-specific type objects will
   propagate correctly as per the variant's dialect mapping.

.. change::
:tags: bug, sql
🎟️ 3931

   Fixed bug in compiler where the string identifier of a savepoint would
   be cached in the identifier quoting dictionary; as these identifiers
   are arbitrary, a small memory leak could occur if a single
   :class:`.Connection` had an unbounded number of savepoints used,
   as well as if the savepoint clause constructs were used directly
   with an unbounded umber of savepoint names.   The memory leak does
   **not** impact the vast majority of cases as normally the
   :class:`.Connection`, which renders savepoint names with a simple
   counter starting at "1", is used on a per-transaction or
   per-fixed-number-of-transactions basis before being discarded.

.. change::
:tags: bug, sql
🎟️ 3924

   Fixed bug in new "schema translate" feature where the translated schema
   name would be invoked in terms of an alias name when rendered along
   with a column expression; occurred only when the source translate
   name was "None".   The "schema translate" feature now only takes
   effect for :class:`.SchemaItem` and :class:`.SchemaType` subclasses,
   that is, objects that correspond to a DDL-creatable structure in
   a database.

.. changelog::

1.1.6

:released: February 28, 2017

.. change::
:tags: bug, mysql

   Added new MySQL 8.0 reserved words to the MySQL dialect for proper
   quoting.  Pull request courtesy Hanno Schlichting.

.. change:: 3915
:tags: bug, orm
🎟️ 3915

   Addressed some long unattended performance concerns within the joined
   eager loader query construction system that have accumulated since
   earlier versions as a result of increased abstraction. The use of ad-
   hoc :class:`.AliasedClass` objects per query, which produces lots of
   column lookup overhead each time, has been replaced with a cached
   approach that makes use of a small pool of :class:`.AliasedClass`
   objects that are reused between invocations of joined eager loading.
   Some mechanics involving eager join path construction have also been
   optimized.   Callcounts for an end-to-end query construction + single
   row fetch test with a worst-case joined loader scenario have been
   reduced by about 60% vs. 1.1.5 and 42% vs. that of 0.8.6.

.. change:: 3804
:tags: bug, postgresql
🎟️ 3804

   Added regular expressions for the "IMPORT FOREIGN SCHEMA",
   "REFRESH MATERIALIZED VIEW" Postgresql statements so that they
   autocommit when invoked via a connection or engine without
   an explicit transaction.  Pull requests courtesy Frazer McLean
   and Paweł Stiasny.

.. change:: 3909
:tags: bug, orm
🎟️ 3909

   Fixed a major inefficiency in the "eager_defaults" feature whereby
   an unnecessary SELECT would be emitted for column values where the
   ORM had explicitly inserted NULL, corresponding to attributes that
   were unset on the object but did not have any server default
   specified, as well as expired attributes on update that nevertheless
   had no server onupdate set up.   As these columns are not part of the
   RETURNING that eager_defaults tries to use, they should not be
   post-SELECTed either.

.. change:: 3908
:tags: bug, orm
🎟️ 3908

   Fixed two closely related bugs involving the mapper eager_defaults
   flag in conjunction with single-table inheritance; one where the
   eager defaults logic would inadvertently try to access a column
   that's part of the mapper's "exclude_properties" list (used by
   Declarative with single table inheritance) during the eager defaults
   fetch, and the other where the full load of the row in order to
   fetch the defaults would fail to use the correct inheriting mapper.

.. change:: 3905
:tags: bug, sql
🎟️ 3905

   Fixed bug whereby the :meth:`.DDLEvents.column_reflect` event would not
   allow a non-textual expression to be passed as the value of the
   "default" for the new column, such as a :class:`.FetchedValue`
   object to indicate a generic triggered default or a
   :func:`.sql.expression.text` construct.  Clarified the documentation
   in this regard as well.

.. change:: 3901
:tags: bug, ext
🎟️ 3901

   Fixed bug in new :mod:`sqlalchemy.ext.indexable` extension
   where setting of a property that itself refers to another property
   would fail.

.. change:: 3900
:tags: bug, postgresql
🎟️ 3900

   Fixed bug in Postgresql :class:`.ExcludeConstraint` where the
   "whereclause" and "using" parameters would not be copied during an
   operation like :meth:`.Table.tometadata`.

.. change:: 3898
:tags: bug, mssql
🎟️ 3898

   Added a version check to the "get_isolation_level" feature, which is
   invoked upon first connect, so that it skips for SQL Server version
   2000, as the necessary system view is not available prior to SQL Server
   2005.

.. change:: 3897
:tags: feature, ext
🎟️ 3896

   Added :meth:`.baked.Result.scalar` and :meth:`.baked.Result.count`
   to the "baked" query system.

.. change:: 3895
:tags: bug, orm, declarative
🎟️ 3895

   Fixed bug where the "automatic exclude" feature of declarative that
   ensures a column local to a single table inheritance subclass does
   not appear as an attribute on other derivations of the base would
   not take effect for multiple levels of subclassing from the base.

.. change:: 3893
:tags: bug, orm
🎟️ 3893

   Fixed bug first introduced in 0.9.7 as a result of :ticket:`3106`
   which would cause an incorrect query in some forms of multi-level
   subqueryload against aliased entities, with an unnecessary extra
   FROM entity in the innermost subquery.

.. changelog::

1.1.5

:released: January 17, 2017

.. change:: mysql_index_prefix
:tags: feature, mysql

   Added a new parameter ``mysql_prefix`` supported by the :class:`.Index`
   construct, allows specification of MySQL-specific prefixes such as
   "FULLTEXT". Pull request courtesy Joseph Schorr.

.. change:: 3854
:tags: bug, orm
🎟️ 3854

   Fixed bug in subquery loading where an object encountered as an
   "existing" row, e.g. already loaded from a different path in the
   same query, would not invoke subquery loaders for unloaded attributes
   that specified this loading.  This issue is in the same area
   as that of :ticket:`3431`, :ticket:`3811` which involved
   similar issues with joined loading.

.. change:: 3888
:tags: bug, postgresql
🎟️ 3888

   Fixed bug in new "ON CONFLICT DO UPDATE" feature where the "set"
   values for the UPDATE clause would not be subject to type-level
   processing, as normally takes effect to handle both user-defined
   type level conversions as well as dialect-required conversions, such
   as those required for JSON datatypes.   Additionally, clarified that
   the keys in the set_ dictionary should match the "key" of the column,
   if distinct from the column name.  A warning is emitted
   for remaining column names that don't match column keys; for
   compatibility reasons, these are emitted as they were previously.

.. change:: 3872
:tags: bug, examples
🎟️ 3872

   Fixed two issues with the versioned_history example, one is that
   the history table now gets autoincrement=False to avoid 1.1's new
   errors regarding composite primary keys with autoincrement; the other
   is that the sqlite_autoincrement flag is now used to ensure on SQLite,
   unique identifiers are used for the lifespan of a table even if
   some rows are deleted.  Pull request courtesy Carlos García Montoro.

.. change:: 3882
:tags: bug, sql
:tikets: 3882

   Fixed bug originally introduced in 0.9 via :ticket:`1068` where
   order_by(<some Label()>) would order by the label name based on name
   alone, that is, even if the labeled expression were not at all the same
   expression otherwise present, implicitly or explicitly, in the
   selectable.  The logic that orders by label now ensures that the
   labeled expression is related to the one that resolves to that name
   before ordering by the label name; additionally, the name has to
   resolve to an actual label explicit in the expression elsewhere, not
   just a column name.  This logic is carefully kept separate from the
   order by(textual name) feature that has a slightly different purpose.

.. change:: try_finally_for_noautoflush
:tags: bug, orm

   The :attr:`.Session.no_autoflush` context manager now ensures that
   the autoflush flag is reset within a "finally" block, so that if
   an exception is raised within the block, the state still resets
   appropriately.  Pull request courtesy Emin Arakelian.

.. change:: 3878
:tags: bug, sql
🎟️ 3878

   Fixed 1.1 regression where "import *" would not work for
   sqlalchemy.sql.expression, due to mis-spelled "any_" and "all_"
   functions.

.. change:: 3880
:tags: bg, sql
🎟️ 3880

   Fixed bug where literal_binds compiler flag was not honored by the
   :class:`.Insert` construct for the "multiple values" feature; the
   subsequent values are now rendered as literals.

.. change:: 3877
:tags: bug, oracle, postgresql
🎟️ 3877

   Fixed bug where an INSERT from SELECT where the source table contains
   an autoincrementing Sequence would fail to compile correctly.

.. change:: 3876
:tags: bug, mssql
🎟️ 3876

   Fixed bug where SQL Server dialects would attempt to select the
   last row identity for an INSERT from SELECT, failing in the case when
   the SELECT has no rows.  For such a statement,
   the inline flag is set to True indicating no last primary key
   should be fetched.

.. change:: 3875
:tags: bug, oracle
🎟️ 3875

   Fixed bug where the "COMPRESSION" keyword was used in the ALL_TABLES
   query on Oracle 9.2; even though Oracle docs state table compression
   was introduced in 9i, the actual column is not present until
   10.1.

.. change:: 3874
:tags: bug, orm
🎟️ 3874

   Fixed bug where the single-table inheritance query criteria would not
   be inserted into the query in the case that the :class:`.Bundle`
   construct were used as the selection criteria.

.. change:: repr_for_url_reflect
:tags: bug, sql

   The engine URL embedded in the exception for "could not reflect"
   in :meth:`.MetaData.reflect` now conceals the password; also
   the ``__repr__`` for :class:`.TLEngine` now acts like that of
   :class:`.Engine`, concealing the URL password.  Pull request courtesy
   Valery Yundin.

.. change:: 3867
:tags: bug, mysql
🎟️ 3867

   The MySQL dialect now will not warn when a reflected column has a
   "COMMENT" keyword on it, but note however the comment is not yet
   reflected; this is on the roadmap for a future release.  Pull request
   courtesy Lele Long.

.. change:: pg_timestamp_zero_prec
:tags: bug, postgresql

   The :class:`.postgresql.TIME` and :class:`.postgresql.TIMESTAMP`
   datatypes now support a setting of zero for "precision"; previously
   a zero would be ignored.  Pull request courtesy Ionuț Ciocîrlan.

.. change:: 3861
:tags: bug, engine
🎟️ 3861

   The "extend_existing" option of :class:`.Table` reflection would
   cause indexes and constraints to be doubled up in the case that the parameter
   were used with :meth:`.MetaData.reflect` (as the automap extension does)
   due to tables being reflected both within the foreign key path as well
   as directly.  A new de-duplicating set is passed through within the
   :meth:`.MetaData.reflect` sequence to prevent double reflection in this
   way.

.. change:: 3859
:tags: bug, sql
🎟️ 3859

   Fixed issue in :class:`.Variant` where the "right hand coercion" logic,
   inherited from :class:`.TypeDecorator`, would
   coerce the right-hand side into the :class:`.Variant` itself, rather than
   what the default type for the :class:`.Variant` would do.   In the
   case of :class:`.Variant`, we want the type to act mostly like the base
   type so the default logic of :class:`.TypeDecorator` is now overridden
   to fall back to the underlying wrapped type's logic.   Is mostly relevant
   for JSON at the moment.

.. change:: 3856
:tags: bug, orm
🎟️ 3856

   Fixed bug related to :ticket:`3177`, where a UNION or other set operation
   emitted by a :class:`.Query` would apply "single-inheritance" criteria
   to the outside of the union (also referencing the wrong selectable),
   even though this criteria is now expected to
   be already present on the inside subqueries.  The single-inheritance
   criteria is now omitted once union() or another set operation is
   called against :class:`.Query` in the same way as :meth:`.Query.from_self`.

.. change:: 3548
:tags: bug, firebird
🎟️ 3548

   Ported the fix for Oracle quoted-lowercase names to Firebird, so that
   a table name that is quoted as lower case can be reflected properly
   including when the table name comes from the get_table_names()
   inspection function.

.. changelog::

WTForms 2.0.2 -> 2.1

2.1

---

Released December 15, 2015

• Added render_kw to allow default rendering time options.
• Updated / added a number of localizations
• Updated docs
• Allow widgets to set flags

Werkzeug 0.9.6 -> 0.12.2

0.12.2

---

Released on May 16 2017

• Fix regression: Pull request 892 prevented Werkzeug from correctly
  logging the IP of a remote client behind a reverse proxy, even when using
  ProxyFix.
• Fix a bug in safe_join on Windows.

0.12.1

---

Released on March 15th 2017

• Fix crash of reloader (used on debug mode) on Windows.
  (OSError: [WinError 10038]). See pull request 1081
• Partially revert change to class hierarchy of Headers. See 1084.

0.12

---

Released on March 10th 2017

• Spit out big deprecation warnings for werkzeug.script
• Use inspect.getfullargspec internally when available as
  inspect.getargspec is gone in 3.6
• Added support for status code 451 and 423
• Improved the build error suggestions. In particular only if
  someone stringifies the error will the suggestions be calculated.
• Added support for uWSGI's caching backend.
• Fix a bug where iterating over a FileStorage would result in an infinite
  loop.
• Datastructures now inherit from the relevant baseclasses from the
  collections module in the stdlib. See 794.
• Add support for recognizing NetBSD, OpenBSD, FreeBSD, DragonFlyBSD platforms
  in the user agent string.
• Recognize SeaMonkey browser name and version correctly
• Recognize Baiduspider, and bingbot user agents
• If LocalProxy's wrapped object is a function, refer to it with wrapped
  attribute.
• The defaults of generate_password_hash have been changed to more secure
  ones, see pull request 753.
• Add support for encoding in options header parsing, see pull request
  933.
• test.Client now properly handles Location headers with relative URLs, see
  pull request 879.
• When HTTPException is raised, it now prints the description, for easier
  debugging.
• Werkzeug's dict-like datastructures now have view-methods under Python 2,
  see pull request 968.
• Fix a bug in MultiPartParser when no stream_factory was provided
  during initialization, see pull request 973.
• Disable autocorrect and spellchecker in the debugger middleware's Python
  prompt, see pull request 994.
• Don't redirect to slash route when method doesn't match, see pull request
  907.
• Fix a bug when using SharedDataMiddleware with frozen packages, see pull
  request 959.
• Range header parsing function fixed for invalid values 974.
• Add support for byte Range Requests, see pull request 978.
• Use modern cryptographic defaults in the dev servers 1004.
• the post() method of the test client now accept file object through the data
  parameter.
• Color run_simple's terminal output based on HTTP codes 1013.
• Fix self-XSS in debugger console, see 1031.
• Fix IPython 5.x shell support, see 1033.

0.11.16

---

• werkzeug.serving: set CONTENT_TYPE / CONTENT_LENGTH if only they're provided by the client
• werkzeug.serving: Fix crash of reloader when using python -m werkzeug.serving.

0.11.15

---

Released on December 30th 2016.

• Bugfix for the bugfix in the previous release.

0.11.14

---

Released on December 30th 2016.

• Check if platform can fork before importing ForkingMixIn, raise exception
  when creating ForkingWSGIServer on such a platform, see PR 999.

0.11.13

---

Released on December 26th 2016.

• Correct fix for the reloader issuer on certain Windows installations.

0.11.12

---

Released on December 26th 2016.

• Fix more bugs in multidicts regarding empty lists. See 1000.
• Add some docstrings to some EnvironBuilder properties that were previously
  unintentionally missing.
• Added a workaround for the reloader on windows.

0.11.11

---

Released on August 31st 2016.

• Fix JSONRequestMixin for Python3. See 731
• Fix broken string handling in test client when passing integers. See 852
• Fix a bug in parse_options_header where an invalid content type
  starting with comma or semi-colon would result in an invalid return value,
  see issue 995.
• Fix a bug in multidicts when passing empty lists as values, see issue
  979.
• Fix a security issue that allows XSS on the Werkzeug debugger. See 1001.

0.11.10

---

Released on May 24th 2016.

• Fixed a bug that occurs when running on Python 2.6 and using a broken locale.
  See pull request 912.
• Fixed a crash when running the debugger on Google App Engine. See issue 925.
• Fixed an issue with multipart parsing that could cause memory exhaustion.

0.11.9

---

Released on April 24th 2016.

• Corrected an issue that caused the debugger not to use the
  machine GUID on POSIX systems.
• Corrected a Unicode error on Python 3 for the debugger's
  PIN usage.
• Corrected the timestamp verification in the pin debug code.
  Without this fix the pin was remembered for too long.

0.11.8

---

Released on April 15th 2016.

• fixed a problem with the machine GUID detection code on OS X
  on Python 3.

0.11.7

---

Released on April 14th 2016.

• fixed a regression on Python 3 for the debugger.

0.11.6

---

Released on April 14th 2016.

• werkzeug.serving: Still show the client address on bad requests.
• improved the PIN based protection for the debugger to make it harder to
  brute force via trying cookies. Please keep in mind that the debugger
  is not intended for running on production environments
• increased the pin timeout to a week to make it less annoying for people
  which should decrease the chance that users disable the pin check
  entirely.
• werkzeug.serving: Fix broken HTTP_HOST when path starts with double slash.

0.11.5

---

Released on March 22nd 2016.

• werkzeug.serving: Fix crash when attempting SSL connection to HTTP server.

0.11.4

---

Released on February 14th 2016.

• Fixed werkzeug.serving not working from -m flag.
• Fixed incorrect weak etag handling.

0.11.3

---

Released on December 20th 2015.

• Fixed an issue with copy operations not working against
  proxies.
• Changed the logging operations of the development server to
  correctly log where the server is running in all situations
  again.
• Fixed another regression with SSL wrapping similar to the
  fix in 0.11.2 but for a different code path.

0.11.2

---

Released on November 12th 2015.

• Fix inheritable sockets on Windows on Python 3.
• Fixed an issue with the forking server not starting any longer.
• Fixed SSL wrapping on platforms that supported opening sockets
  by file descriptor.
• No longer log from the watchdog reloader.
• Unicode errors in hosts are now better caught or converted into
  bad request errors.

0.11.1

---

Released on November 10th 2015.

• Fixed a regression on Python 3 in the debugger.

0.11

---

Released on November 8th 2015, codename Gleisbaumaschine.

• Added reloader_paths option to run_simple and other functions in
  werkzeug.serving. This allows the user to completely override the Python
  module watching of Werkzeug with custom paths.
• Many custom cached properties of Werkzeug's classes are now subclasses of
  Python's property type (issue 616).
• bind_to_environ now doesn't differentiate between implicit and explicit
  default port numbers in HTTP_HOST (pull request 204).
• BuildErrors are now more informative. They come with a complete sentence
  as error message, and also provide suggestions (pull request 691).
• Fix a bug in the user agent parser where Safari's build number instead of
  version would be extracted (pull request 703).
• Fixed issue where RedisCache set_many was broken for twemproxy, which doesn't
  support the default MULTI command (pull request 702).
• mimetype parameters on request and response classes are now always
  converted to lowercase.
• Changed cache so that cache never expires if timeout is 0. This also fixes
  an issue with redis setex (issue 550)
• Werkzeug now assumes UTF-8 as filesystem encoding on Unix if Python
  detected it as ASCII.
• New optional has method on caches.
• Fixed various bugs in `parse_opt

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@0462928). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master      #74   +/-   ##
=========================================
  Coverage          ?   93.97%           
=========================================
  Files             ?       19           
  Lines             ?     2041           
  Branches          ?        0           
=========================================
  Hits              ?     1918           
  Misses            ?      123           
  Partials          ?        0

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0462928...d37ad88. Read the comment docs.