Update webob to 1.7.4

[pyup-bot]

There's a new version of WebOb available.
You are currently using 1.4. I have updated it to 1.7.4

These links might come in handy: PyPI | Changelog | Homepage

Changelog

1.7rc1

---

Compatibility

• WebOb is no longer supported on Python 2.6 and PyPy3 (due to pip no longer
  supporting Python 3.2 even on PyPy)

Backwards Incompatibility

• Response.set_cookie no longer accepts a key argument. This was deprecated
  in WebOb 1.5 and as mentioned in the deprecation, is being removed in 1.7

• Response.__init__ will no longer set the default Content-Type, nor
  Content-Length on Responses that don't have a body. This allows WebOb to
  return proper responses for things like Response(status='204 No Content').

• Response.text will no longer raise if the Content-Type does not have a
  charset, it will fall back to using the new default_body_encoding`. To get the old behaviour back please sub-class Responseand set default_body_encodingtoNone``. See
  Feature: default body encoding Pylons/webob#287

• WebOb no longer supports Chunked Encoding, this means that if you are using
  WebOb and need Chunked Encoding you will be required to have a proxy that
  unchunks the request for you. Please read
  Backwards Compatibility issue: remove chunked encoding support from WebOb (unless explicitly flagged by WSGI server) Pylons/webob#279 for more background.

Feature

• Response has a new default_body_encoding which may be used to allow
  getting/setting Response.text when a Content-Type has no charset. See
  Feature: default body encoding Pylons/webob#287

• webob.Request with any HTTP method is now allowed to have a body. This
  allows DELETE to have a request body for passing extra information. See
  Fix: bodies on everything Pylons/webob#283 and
  request: read body from file if the method is DELETE Pylons/webob#274

• Add tell() to ResponseBodyFile so that it may be used for example for
  zipfile support. See Support Response.body_file.tell() method for ZipFile friendly Pylons/webob#117

• Allow the return from wsgify.middleware to be used as a decorator. See
  Use _MiddlewareFactory as decorator with arguments Pylons/webob#228

Bugfix

• Fixup cgi.FieldStorage on Python 3.x to work-around issue reported in
  Python bug report 27777 and 24764. This is currently applied for Python
  versions less than 3.7. See Bugfix: cgi FieldStorage Pylons/webob#294

• Response.set_cookie now accepts datetime objects for the expires
  kwarg and will correctly convert them to UTC with no tzinfo for use in
  calculating the max_age. See Request.set_cookie(expires) requires a UTC datetime but doesn't document this Pylons/webob#254
  and Bugfix: set_cookie datetime Pylons/webob#292

• Fixes request.PATH_SAFE to contain all of the path safe characters
  according to RFC3986. See Fixup: PATH_SAFE Pylons/webob#291

• WebOb's exceptions will lazily read underlying variables when inserted into
  templates to avoid expensive computations/crashes when inserting into the
  template. This had a bad performance regression on Py27 because of the way
  the lazified class was created and returned. See
  Move the _lazified class out of the lazify function Pylons/webob#284

• wsgify.__call__ raised a TypeError with an unhelpful message, it will
  now return the repr for the wrapped function:
  wsgify.__call__ raises TypeError with unhelpful message Pylons/webob#119

• Response.content_type removes the charset content-type parameter unless
  the new content-type is a text like type that has a charset parameter. See
  Fix: content_type/charset handling Pylons/webob#261 and
  Response wrongly keeps charset in Content-Type header Pylons/webob#130

• Response.json's json.dumps/json.loads are now always UTF-8. It no
  longer tries to use the charset.

• The Response.__init__ will by default no longer set the Content-Type to
  the default if a headerlist is provided. This fixes issues whereby
  Request.get_response() would return a Response that didn't match the
  actual response. See Fix: content_type/charset handling Pylons/webob#261 and
  Response object adding default_content_type is perhaps bad magic Pylons/webob#205

• Cleans up the remainder of the issues with the updated WebOb exceptions that
  were taught to return JSON in version 1.6. See
  Remove charset from WebOb JSON exceptions Pylons/webob#237 and
  Why did we remove charset from JSON responses? Pylons/webob#236

• Response.from_file now parses the status line correctly when the status
  line contains an HTTP with version, as well as a status text that contains
  multiple white spaces (e.g HTTP/1.1 404 Not Found). See
  webob.Response.from_file parsing failure Pylons/webob#250

• Response now has a new property named has_body that may be used to
  interrogate the Response to find out if Response.body is or isn't
  set.

This is used in the exception handling code so that if you use a WebOb HTTP
Exception and pass a generator to app_iter WebOb won't attempt to read
the whole thing and instead allows it to be returned to the WSGI server. See
Pylons/webob#259

1.6.0

---

Compatibility

• Python 3.2 is no longer supported by WebOb

Bugfix

• Request.decode attempted to read from the an already consumed stream, it has
  now been redirected to another stream to read from. See
  Fix Request.decode that tries to read from an already consumed stream Pylons/webob#183

• The application/json media type does not allow for a charset as discovery of
  the encoding is done at the JSON layer. Upon initialization of a Response
  WebOb will no longer add a charset if the content-type is set to JSON. See
  Don't add a charset if none is specified and the content-type is JSON. Pylons/webob#197 and
  JSON renderer uses invalid Content-Type Pylons/pyramid#1611

Features

• Lazily HTML escapes environment keys in HTTP Exceptions so that those keys in
  the environ that are not used in the output of the page don't raise an
  exception due to inability to be properly escaped. See
  Avoid escaping environ keys that are not used by WSGIHTTPException body_template Pylons/webob#139

• MIMEAccept now accepts comparisons against wildcards, this allows one to
  match on just the media type or sub-type, without having to explicitly match
  on both the media type and sub-type at the same time. See
  Allow wildcards to be used when comparing a MIMEAccept against an offer Pylons/webob#185

• Add the ability to return a JSON body from an exception. Using the Accept
  information in the request, the exceptions will now automatically return a
  JSON version of the exception instead of just HTML or text. See
  Add ability to return a JSON body from an exception Pylons/webob#230 and
  Allow for JSON Exception Bodies Pylons/webob#209

Security

• exc._HTTPMove and any subclasses will now raise a ValueError if the location
  field contains a line feed or carriage return. These values may lead to
  possible HTTP Response Splitting. The header_getter descriptor has also been
  modified to no longer accept headers with a line feed or carriage return.
  See: Add extra security checks for Headers Pylons/webob#229 and
  Possible HTTP Response Splitting Vulnerability Pylons/webob#217

1.5.1

---

Bug Fixes

• The exceptions HTTPNotAcceptable, HTTPUnsupportedMediaType and
  HTTPNotImplemented will now correctly use the sub-classed template rather
  than the default error template. See bugs in exc.py Pylons/webob#221

• Response's from_file now correctly deals with a status line that contains an
  HTTP version identifier. HTTP/1.1 200 OK is now correctly parsed, whereas
  before this would raise an error upon setting the Response.status in
  from_file. See Incorrect detection of status_code in Request Pylons/webob#121

1.5.0

---

Bug Fixes

• The cookie API functions will now make sure that max_age is an integer or
  an string that can convert to an integer. Previously passing in
  max_age='test' would have silently done the wrong thing.

Features

• Unbreak req.POST when the request method is PATCH. Instead of returning
  something cmpletely unrelated we return NoVar. See:
  Handle PATCH missing content type in req.POST. Pylons/webob#215

• HTTP Status Code 308 is now supported as a Permanent Redirect. See
  Handle 308 HTTP code for redirect Pylons/webob#207

Backwards Incompatibilities

• Response.set_cookie renamed the only required parameter from "key" to
  "name". The code will now still accept "key" as a keyword argument, and will
  issue a DeprecationWarning until WebOb 1.7.

• The status attribute of a Response object no longer takes a string
  like None None and allows that to be set as the status. It now has to at
  least match the pattern of <integer status code> <explenation of status code>. Invalid status strings will now raise a ValueError.

1.5.0a0

---

Backwards Incompatibilities

• Morsel will no longer accept a cookie value that does not meet RFC6265's
  cookie-octet specification. Upon calling Morsel.serialize a warning will
  be issued, in the future this will raise a ValueError, please update your
  cookie handling code. See Fix documentation/cookie handling in response.set_cookie() Pylons/webob#172

The cookie-octet specification in RFC6265 states the following characters are
valid in a cookie value:

=============== =======================================
Hex Range Actual Characters
=============== =======================================
[0x21 ] !
[0x25-0x2B] $%&'()*+
[0x2D-0x3A] -./0123456789:
[0x3C-0x5B] <=>?ABCDEFGHIJKLMNOPQRSTUVWXYZ[
[0x5D-0x7E] ]^_`abcdefghijklmnopqrstuvwxyz{|}~
=============== =======================================

RFC6265 suggests using base 64 to serialize data before storing data in a
cookie.

Cookies that meet the RFC6265 standard will no longer be quoted, as this is
unnecessary. This is a no-op as far as browsers and cookie storage is
concerned.

• Response.set_cookie now uses the internal make_cookie API, which will
  issue warnings if cookies are set with invalid bytes. See
  Fix documentation/cookie handling in response.set_cookie() Pylons/webob#172

Features

• Add support for some new caching headers, stale-while-revalidate and
  stale-if-error that can be used by reverse proxies to cache stale responses
  temporarily if the backend disappears. From RFC5861. See
  Support stale-while-revalidate and stale-if-error Pylons/webob#189

Bug Fixes

• Response.status now uses duck-typing for integers, and has also learned to
  raise a ValueError if the status isn't an integer followed by a space, and
  then the reason. See Use duck-typing to set a quasi-integer response status. Pylons/webob#191

• Fixed a bug in webob.multidict.GetDict which resulted in the
  QUERY_STRING not being updated when changes were made to query
  params using Request.GET.extend().

• Read the body of a request if we think it might have a body. This fixes PATCH
  to support bodies. See request: read body from file if the method is PATCH Pylons/webob#184

• Response.from_file returns HTTP headers as latin1 rather than UTF-8, this
  fixes the usage on Google AppEngine. See
  Headers are returned as unicode string from Response.from_file with Python 2.7.3 Pylons/webob#99 and
  Native str strings from Response.from_file Pylons/webob#150

• Fix a bug in parsing the auth parameters that contained bad white space. This
  makes the parsing fall in line with what's required in RFC7235. See
  BWS around auth-params equal sign is not parsed correctly Pylons/webob#158

• Use '\r\n' line endings in Response.__str__. See:
  Use '\r\n' line endings in Response.__str__. Pylons/webob#146

Documentation Changes

• response.set_cookie now has proper documentation for max_age and
  expires. The code has also been refactored to use cookies.make_cookie
  instead of duplicating the code. This fixes
  Set cookie incorrectly handles timedelta expires argument Pylons/webob#166 and
  Cookie value when using response.set_cookie() can be Unicode against spec Pylons/webob#171

• Documentation didn't match the actual code for the wsgify function signature.
  See bring docs up-to-date with actual wsgify signature Pylons/webob#167

• Remove the WebDAV only from certain HTTP Exceptions, these exceptions may
  also be used by REST services for example.

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖