Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Update #1

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Initial Update #1

wants to merge 8 commits into from

Conversation

pyup-bot
Copy link

@pyup-bot pyup-bot commented Jul 6, 2016

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Name used latest pypi
Flask 0.10.1 0.11.1 pypi
argparse 1.2.1 1.4.0 pypi
oauthlib 0.7.2 1.1.2 pypi
requests 2.7.0 2.10.0 pypi
requests-oauthlib 0.5.0 0.6.1 pypi
Flask-OAuthlib 0.9.1 0.9.3 pypi
Werkzeug 0.9.4 0.11.9 pypi
Jinja2 2.7.3 2.8 pypi

Changelogs

Flask 0.10.1 -> 0.11.1

0.11.1

Bugfix release, released on June 7th 2016.

  • Fixed a bug that prevented FLASK_APP=foobar/__init__.py from working. See
    pull request 1872.

0.11

Released on May 29th 2016, codename Absinthe.

  • Added support to serializing top-level arrays to :func:flask.jsonify. This
    introduces a security risk in ancient browsers. See
    :ref:json-security for details.
  • Added before_render_template signal.
  • Added **kwargs to :meth:flask.Test.test_client to support passing
    additional keyword arguments to the constructor of
    :attr:flask.Flask.test_client_class.
  • Added SESSION_REFRESH_EACH_REQUEST config key that controls the
    set-cookie behavior. If set to True a permanent session will be
    refreshed each request and get their lifetime extended, if set to
    False it will only be modified if the session actually modifies.
    Non permanent sessions are not affected by this and will always
    expire if the browser window closes.
  • Made Flask support custom JSON mimetypes for incoming data.
  • Added support for returning tuples in the form (response, headers)
    from a view function.
  • Added :meth:flask.Config.from_json.
  • Added :attr:flask.Flask.config_class.
  • Added :meth:flask.Config.get_namespace.
  • Templates are no longer automatically reloaded outside of debug mode. This
    can be configured with the new TEMPLATES_AUTO_RELOAD config key.
  • Added a workaround for a limitation in Python 3.3's namespace loader.
  • Added support for explicit root paths when using Python 3.3's namespace
    packages.
  • Added :command:flask and the flask.cli module to start the local
    debug server through the click CLI system. This is recommended over the old
    flask.run() method as it works faster and more reliable due to a
    different design and also replaces Flask-Script.
  • Error handlers that match specific classes are now checked first,
    thereby allowing catching exceptions that are subclasses of HTTP
    exceptions (in werkzeug.exceptions). This makes it possible
    for an extension author to create exceptions that will by default
    result in the HTTP error of their choosing, but may be caught with
    a custom error handler if desired.
  • Added :meth:flask.Config.from_mapping.
  • Flask will now log by default even if debug is disabled. The log format is
    now hardcoded but the default log handling can be disabled through the
    LOGGER_HANDLER_POLICY configuration key.
  • Removed deprecated module functionality.
  • Added the EXPLAIN_TEMPLATE_LOADING config flag which when enabled will
    instruct Flask to explain how it locates templates. This should help
    users debug when the wrong templates are loaded.
  • Enforce blueprint handling in the order they were registered for template
    loading.
  • Ported test suite to py.test.
  • Deprecated request.json in favour of request.get_json().
  • Add "pretty" and "compressed" separators definitions in jsonify() method.
    Reduces JSON response size when JSONIFY_PRETTYPRINT_REGULAR=False by removing
    unnecessary white space included by default after separators.
  • JSON responses are now terminated with a newline character, because it is a
    convention that UNIX text files end with a newline and some clients don't
    deal well when this newline is missing. See
    Add JSONIFY_END_WITH_NEWLINE config variable pallets/flask#1262 -- this came up originally as a
    part of https://github.com/kennethreitz/httpbin/issues/168
  • The automatically provided OPTIONS method is now correctly disabled if
    the user registered an overriding rule with the lowercase-version
    options (issue 1288).
  • flask.json.jsonify now supports the datetime.date type (pull request
    1326).
  • Don't leak exception info of already catched exceptions to context teardown
    handlers (pull request 1393).
  • Allow custom Jinja environment subclasses (pull request 1422).
  • flask.g now has pop() and setdefault methods.
  • Turn on autoescape for flask.templating.render_template_string by default
    (pull request 1515).
  • flask.ext is now deprecated (pull request 1484).
  • send_from_directory now raises BadRequest if the filename is invalid on
    the server OS (pull request 1763).
  • Added the JSONIFY_MIMETYPE configuration variable (pull request 1728).
  • Exceptions during teardown handling will no longer leave bad application
    contexts lingering around.

0.10.2

(bugfix release, release date to be announced)

  • Fixed broken test_appcontext_signals() test case.
  • Raise an :exc:AttributeError in :func:flask.helpers.find_package with a
    useful message explaining why it is raised when a PEP 302 import hook is used
    without an is_package() method.
  • Fixed an issue causing exceptions raised before entering a request or app
    context to be passed to teardown handlers.
  • Fixed an issue with query parameters getting removed from requests in
    the test client when absolute URLs were requested.
  • Made before_first_request into a decorator as intended.
  • Fixed an etags bug when sending a file streams with a name.
  • Fixed send_from_directory not expanding to the application root path
    correctly.
  • Changed logic of before first request handlers to flip the flag after
    invoking. This will allow some uses that are potentially dangerous but
    should probably be permitted.
  • Fixed Python 3 bug when a handler from app.url_build_error_handlers
    reraises the BuildError.

argparse 1.2.1 -> 1.4.0

1.4.0

  • make argparse behave for default args aka
    issue 12776, 11839: call argparse type function only once.
  • move to github:ThomasWaldmann/argparse
  • add TW as maintainer / give TW's email
  • add some usecase to README, clarify issue tracking
  • add a note to tox.ini about testing on dead snakes

1.3.0

  • added aliases support (thanks to Roland Kammerer!) + tests for it
  • use tox for testing python >= 2.6
  • tests successfully on 3.4 also (without random hash seed)
  • added argparse.external_lib = True so one can test one is really using /
    testing the external library (and not the builtin one in stdlib of recent
    Pythons)

1.2.2

  • added universal wheel support, built, signed and uploaded with:
    python setup.py sdist bdist_wheel upload --identity="Thomas Waldmann" --sign
  • host the files on pypi

oauthlib 0.7.2 -> 1.1.2

1.1.2

  • (Fix) Query strings should be able to include colons.
  • (Fix) Cast body to a string to ensure that we can perform a regex substitution on it.

1.1.1

  • (Enhancement) Better sanitisation of Request objects repr.

1.1.0

  • (Fix) '(', ')', '/' and '?' are now safe characters in url encoded strings.
  • (Enhancement) Added support for specifying if refresh tokens should be created on authorization code grants.
  • (Fix) OAuth2Token now handles None scopes correctly.
  • (Fix) Request token is now available for OAuth 1.
  • (Enhancement) OAuth2Token is declared with slots for smaller memory footprint.
  • (Enhancement) RefreshTokenGrant now allows to set issue_new_refresh_tokens.
  • Documentation improvements and fixes.

1.0.3

  • (Fix) Changed the documented return type of the invalidate_request_token() method from the RSA key to None since nobody is using the return type.
  • (Enhancement) Added a validator log that will store what the endpoint has computed for debugging and logging purposes (OAuth 1 only for now).

1.0.2

  • (Fix) Allow client secret to be null for public applications that do not mandate it's specification in the query parameters.
  • (Fix) Encode request body before hashing in order to prevent encoding errors in Python 3.

1.0.1

  • (Fix) Added token_type_hint to the list of default Request parameters.

1.0.0

  • (Breaking Change) Replace pycrypto with cryptography from https://cryptography.io
  • (Breaking Change) Update jwt to 1.0.0 (which is backwards incompatible) no oauthlib api changes
    were made.
  • (Breaking Change) Raise attribute error for non-existing attributes in the Request object.
  • (Fix) Strip whitespace off of scope string.
  • (Change) Don't require to return the state in the access token response.
  • (Change) Hide password in logs.
  • (Fix) Fix incorrect invocation of prepare_refresh_body in the OAuth2 client.
  • (Fix) Handle empty/non-parsable query strings.
  • (Fix) Check if an RSA key is actually needed before requiring it.
  • (Change) Allow tuples for list_to_scope as well as sets and lists.
  • (Change) Add code to determine if client authentication is required for OAuth2.
  • (Fix) Fix error message on invalid Content-Type header for OAtuh1 signing.
  • (Fix) Allow ! character in query strings.
  • (Fix) OAuth1 now includes the body hash for requests that specify any content-type that isn't x-www-form-urlencoded.
  • (Fix) Fixed error description in oauth1 endpoint.
  • (Fix) Revocation endpoint for oauth2 will now return an empty string in the response body instead of 'None'.
  • Increased test coverage.
  • Performance improvements.
  • Documentation improvements and fixes.

requests 2.7.0 -> 2.10.0

2.10.0

+++++++++++++++++++

New Features

  • SOCKS Proxy Support! (requires PySocks; $ pip install requests[socks])

Miscellaneous

  • Updated bundled urllib3 to 1.15.1.

2.9.2

++++++++++++++++++

Improvements

  • Change built-in CaseInsensitiveDict (used for headers) to use OrderedDict
    as its underlying datastore.

Bugfixes

  • Don't use redirect_cache if allow_redirects=False
  • When passed objects that throw exceptions from tell(), send them via
    chunked transfer encoding instead of failing.
  • Raise a ProxyError for proxy related connection issues.

2.9.1

++++++++++++++++++

Bugfixes

  • Resolve regression introduced in 2.9.0 that made it impossible to send binary
    strings as bodies in Python 3.
  • Fixed errors when calculating cookie expiration dates in certain locales.

Miscellaneous

  • Updated bundled urllib3 to 1.13.1.

2.9.0

++++++++++++++++++

Minor Improvements (Backwards compatible)

  • The verify keyword argument now supports being passed a path to a
    directory of CA certificates, not just a single-file bundle.
  • Warnings are now emitted when sending files opened in text mode.
  • Added the 511 Network Authentication Required status code to the status code
    registry.

Bugfixes

  • For file-like objects that are not seeked to the very beginning, we now
    send the content length for the number of bytes we will actually read, rather
    than the total size of the file, allowing partial file uploads.
  • When uploading file-like objects, if they are empty or have no obvious
    content length we set Transfer-Encoding: chunked rather than
    Content-Length: 0.
  • We correctly receive the response in buffered mode when uploading chunked
    bodies.
  • We now handle being passed a query string as a bytestring on Python 3, by
    decoding it as UTF-8.
  • Sessions are now closed in all cases (exceptional and not) when using the
    functional API rather than leaking and waiting for the garbage collector to
    clean them up.
  • Correctly handle digest auth headers with a malformed qop directive that
    contains no token, by treating it the same as if no qop directive was
    provided at all.
  • Minor performance improvements when removing specific cookies by name.

Miscellaneous

  • Updated urllib3 to 1.13.

2.8.1

++++++++++++++++++

Bugfixes

  • Update certificate bundle to match certifi 2015.9.6.2's weak certificate
    bundle.
  • Fix a bug in 2.8.0 where requests would raise ConnectTimeout instead of
    ConnectionError
  • When using the PreparedRequest flow, requests will now correctly respect the
    json parameter. Broken in 2.8.0.
  • When using the PreparedRequest flow, requests will now correctly handle a
    Unicode-string method name on Python 2. Broken in 2.8.0.

2.8.0

++++++++++++++++++

Minor Improvements (Backwards Compatible)

  • Requests now supports per-host proxies. This allows the proxies
    dictionary to have entries of the form
    {'<scheme>://<hostname>': '<proxy>'}. Host-specific proxies will be used
    in preference to the previously-supported scheme-specific ones, but the
    previous syntax will continue to work.
  • Response.raise_for_status now prints the URL that failed as part of the
    exception message.
  • requests.utils.get_netrc_auth now takes an raise_errors kwarg,
    defaulting to False. When True, errors parsing .netrc files cause
    exceptions to be thrown.
  • Change to bundled projects import logic to make it easier to unbundle
    requests downstream.
  • Changed the default User-Agent string to avoid leaking data on Linux: now
    contains only the requests version.

Bugfixes

  • The json parameter to post() and friends will now only be used if
    neither data nor files are present, consistent with the
    documentation.
  • We now ignore empty fields in the NO_PROXY environment variable.
  • Fixed problem where httplib.BadStatusLine would get raised if combining
    stream=True with contextlib.closing.
  • Prevented bugs where we would attempt to return the same connection back to
    the connection pool twice when sending a Chunked body.
  • Miscellaneous minor internal changes.
  • Digest Auth support is now thread safe.

Updates

  • Updated urllib3 to 1.12.

requests-oauthlib 0.5.0 -> 0.6.1

0.6.1

+++++++++++++++++++++++++

  • Fixed a bug when sending authorization in headers with no username and
    password present.
  • Make sure we clear the session token before obtaining a new one.
  • Some improvements to the Slack compliance fix.
  • Avoid timing problems around token refresh.
  • Allow passing arbitrary arguments to requests when calling
    fetch_request_token and fetch_access_token.

0.6.0

+++++++++++++++++++++++++

  • Add compliance fix for Slack.
  • Add compliance fix for Mailchimp.
  • TokenRequestDenied exceptions now carry the entire response, not just the
    status code.
  • Pass through keyword arguments when refreshing tokens automatically.
  • Send authorization in headers, not just body, to maximize compatibility.
  • More getters/setters available for OAuth2 session client values.
  • Allow sending custom headers when refreshing tokens, and set some defaults.

Flask-OAuthlib 0.9.1 -> 0.9.3

0.9.3

Released on Jun 2, 2016

  • Revert the wrong implement of non credential oauth2 require auth
  • Catch all exceptions in OAuth2 providers
  • Bugfix for examples, docs and other things

0.9.2

Released on Nov 3, 2015

  • Bugfix in client parse_response when body is none.
  • Update contrib client by tonyseek
  • Typo fix for OAuth1 provider
  • Fix OAuth2 provider on non credential clients by Fleurer

Jinja2 2.7.3 -> 2.8

2.8

(codename Replacement, released on July 26th 2015)

  • Added target parameter to urlize function.
  • Added support for followsymlinks to the file system loader.
  • The truncate filter now counts the length.
  • Added equalto filter that helps with select filters.
  • Changed cache keys to use absolute file names if available
    instead of load names.
  • Fixed loop length calculation for some iterators.
  • Changed how Jinja2 enforces strings to be native strings in
    Python 2 to work when people break their default encoding.
  • Added :func:make_logging_undefined which returns an undefined
    object that logs failures into a logger.
  • If unmarshalling of cached data fails the template will be
    reloaded now.
  • Implemented a block set tag.
  • Default cache size was incrased to 400 from a low 50.
  • Fixed is number test to accept long integers in all Python versions.
  • Changed is number to accept Decimal as a number.
  • Added a check for default arguments followed by non-default arguments. This
    change makes {% macro m(x, y=1, z) %}...{% endmacro %} a syntax error. The
    previous behavior for this code was broken anyway (resulting in the default
    value being applied to y).
  • Add ability to use custom subclasses of jinja2.compiler.CodeGenerator and
    jinja2.runtime.Context by adding two new attributes to the environment
    (code_generator_class and context_class) (pull request 404).
  • added support for context/environment/evalctx decorator functions on
    the finalize callback of the environment.
  • escape query strings for urlencode properly. Previously slashes were not
    escaped in that place.
  • Add 'base' parameter to 'int' filter.

Once you have closed this pull request, I'll create seperate pull requests for every update as soon as I find them.

That's it for now!

Happy merging! 🤖

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pyup-bot