Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial Update #3

Closed
wants to merge 22 commits into from
Closed

Initial Update #3

wants to merge 22 commits into from

Conversation

pyup-bot
Copy link
Collaborator

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

argh 0.26.1 » 0.26.2 PyPI | Changelog | Repo | Docs
Babel 2.2.0 » 2.4.0 PyPI | Changelog | Homepage | Docs
cffi 1.5.0 » 1.10.0 PyPI | Docs
click 6.2 » 6.7 PyPI | Changelog | Repo
cryptography 1.2.1 » 1.8.1 PyPI | Changelog | Repo
enum34 1.1.2 » 1.1.6 PyPI | Repo
Flask 0.10.1 » 0.12.1 PyPI | Changelog | Repo
idna 2.0 » 2.5 PyPI | Changelog | Repo
ipaddress 1.0.16 » 1.0.18 PyPI | Repo
Jinja2 2.8 » 2.9.6 PyPI | Changelog | Homepage
MarkupSafe 0.23 » 1.0 PyPI | Changelog | Repo
mistune 0.7.1 » 0.7.4 PyPI | Changelog | Repo
ndg-httpsclient 0.4.0 » 0.4.2 PyPI | Repo | Docs
pyasn1 0.1.9 » 0.2.3 PyPI | Changelog | Repo
pycparser 2.14 » 2.17 PyPI | Changelog | Repo
pyOpenSSL 0.15.1 » 16.2.0 PyPI | Changelog | Docs
pytz 2015.7 » 2017.2 PyPI | Homepage | Docs
PyYAML 3.11 » 3.12 PyPI | Homepage
requests 2.9.1 » 2.13.0 PyPI | Changelog | Homepage
virtualenv 14.0.6 » 15.1.0 PyPI | Changelog | Homepage
Werkzeug 0.11.3 » 0.12.1 PyPI | Changelog | Homepage
wheel 0.24.0 » 0.29.0 PyPI | Changelog | Repo

Changelogs

argh 0.26.1 -> 0.26.2

0.26.2


  • Removed official support for Python 3.4, added for 3.5.
  • Various tox-related improvements for development.
  • Improved documentation.

Babel 2.2.0 -> 2.4.0

2.4.0


New Features

Some of these changes might break your current code and/or tests.

  • CLDR: CLDR 29 is now used instead of CLDR 28 (405) (akx)
  • Messages: Add option 'add_location' for location line formatting (438, 459) (rrader, alxpy)
  • Numbers: Allow full control of decimal behavior (410) (etanol)

Minor Improvements and bugfixes

  • Documentation: Improve Date Fields descriptions (450) (ldwoolley)
  • Documentation: Typo fixes and documentation improvements (406, 412, 403, 440, 449, 463) (zyegfryed, adamchainz, jwilk, akx, roramirez, abhishekcs10)
  • Messages: Default to UTF-8 source encoding instead of ISO-8859-1 (399) (asottile)
  • Messages: Ensure messages are extracted in the order they were passed in (424) (ngrilly)
  • Messages: Message extraction for JSX files is improved (392, 396, 425) (karloskar, georgschoelly)
  • Messages: PO file reading supports multi-line obsolete units (429) (mbirtwell)
  • Messages: Python message extractor respects unicode_literals in future (427) (sublee)
  • Messages: Roundtrip Language headers (420) (kruton)
  • Messages: units before obsolete units are no longer erroneously marked obsolete (452) (mbirtwell)
  • Numbers: parse_pattern now preserves the full original pattern (414) (jtwang)
  • Numbers: Fix float conversion in extract_operands (435) (akx)
  • Plurals: Fix plural forms for Czech and Slovak locales (373) (ykshatroff)
  • Plurals: More plural form fixes based on Mozilla and CLDR references (431) (mshenfield)

Internal improvements

  • Local times are constructed correctly in tests (411) (etanol)
  • Miscellaneous small improvements (437) (scop)
  • Regex flags are extracted from the regex strings (462) (singingwolfboy)
  • The PO file reader is now a class and has seen some refactoring (429, 452) (mbirtwell)

2.3.4


(Bugfix release, released on April 22th)

Bugfixes

2.3.3


(Bugfix release, released on April 12th)

Bugfixes

2.3.2


(Bugfix release, released on April 9th)

Bugfixes

2.3.1


(Bugfix release because of deployment problems, released on April 8th)

2.3


(Feature release, released on April 8th)

Internal improvements

Features

Bugfixes

click 6.2 -> 6.7

6.7


(bugfix release; released on January 6th 2017)

  • Make click.progressbar work with codecs.open files. See 637.
  • Fix bug in bash completion with nested subcommands. See 639.
  • Fix test runner not saving caller env correctly. See 644.
  • Fix handling of SIGPIPE. See 626
  • Deal with broken Windows environments such as Google App Engine's. See 711.

6.6


(bugfix release; released on April 4th 2016)

  • Fix bug in click.Path where it would crash when passed a -. See 551.

6.4


(bugfix release; released on March 24th 2016)

  • Fix bug in bash completion where click would discard one or more trailing
    arguments. See 471.

6.3


(bugfix release; released on February 22 2016)

  • Fix argument checks for interpreter invoke with -m and -c
    on Windows.
  • Fixed a bug that cased locale detection to error out on Python 3.

cryptography 1.2.1 -> 1.8.1

1.8

  • Added support for Python 3.6.
  • Windows and macOS wheels now link against OpenSSL 1.1.0.
  • macOS wheels are no longer universal. This change significantly shrinks the
    size of the wheels. Users on macOS 32-bit Python (if there are any) should
    migrate to 64-bit or build their own packages.
  • Changed ASN.1 dependency from pyasn1 to asn1crypto resulting in a
    general performance increase when encoding/decoding ASN.1 structures. Also,
    the pyasn1_modules test dependency is no longer required.
  • Added support for
    :meth:~cryptography.hazmat.primitives.ciphers.CipherContext.update_into on
    :class:~cryptography.hazmat.primitives.ciphers.CipherContext.
  • Added
    :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes
    to
    :class:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.
  • Added
    :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.public_bytes
    to
    :class:~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.
  • :func:~cryptography.hazmat.primitives.serialization.load_pem_private_key
    and
    :func:~cryptography.hazmat.primitives.serialization.load_der_private_key
    now require that password must be bytes if provided. Previously this
    was documented but not enforced.
  • Added support for subgroup order in :doc:/hazmat/primitives/asymmetric/dh.

1.7.2

  • Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.

1.7.1

  • Fixed a regression in int_from_bytes where it failed to accept
    bytearray.

1.7

  • Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL
    will need to upgrade.
  • Added support for Diffie-Hellman key exchange using
    :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.exchange
  • The OS random engine for OpenSSL has been rewritten to improve compatibility
    with embedded Python and other edge cases. More information about this change
    can be found in the
    pull request <https://github.com/pyca/cryptography/pull/3229>_.

1.6

  • Deprecated support for OpenSSL 1.0.0. Support will be removed in
    cryptography 1.7.
  • Replaced the Python-based OpenSSL locking callbacks with a C version to fix
    a potential deadlock that could occur if a garbage collection cycle occurred
    while inside the lock.
  • Added support for :class:~cryptography.hazmat.primitives.hashes.BLAKE2b and
    :class:~cryptography.hazmat.primitives.hashes.BLAKE2s when using OpenSSL
    1.1.0.
  • Added
    :attr:~cryptography.x509.Certificate.signature_algorithm_oid support to
    :class:~cryptography.x509.Certificate.
  • Added
    :attr:~cryptography.x509.CertificateSigningRequest.signature_algorithm_oid
    support to :class:~cryptography.x509.CertificateSigningRequest.
  • Added
    :attr:~cryptography.x509.CertificateRevocationList.signature_algorithm_oid
    support to :class:~cryptography.x509.CertificateRevocationList.
  • Added support for :class:~cryptography.hazmat.primitives.kdf.scrypt.Scrypt
    when using OpenSSL 1.1.0.
  • Added a workaround to improve compatibility with Python application bundling
    tools like PyInstaller and cx_freeze.
  • Added support for generating a
    :meth:~cryptography.x509.random_serial_number.
  • Added support for encoding IPv4Network and IPv6Network in X.509
    certificates for use with :class:~cryptography.x509.NameConstraints.
  • Added :meth:~cryptography.x509.Name.public_bytes to
    :class:~cryptography.x509.Name.
  • Added :class:~cryptography.x509.RelativeDistinguishedName
  • :class:~cryptography.x509.DistributionPoint now accepts
    :class:~cryptography.x509.RelativeDistinguishedName for
    :attr:~cryptography.x509.DistributionPoint.relative_name.
    Deprecated use of :class:~cryptography.x509.Name as
    :attr:~cryptography.x509.DistributionPoint.relative_name.
  • :class:~cryptography.x509.Name now accepts an iterable of
    :class:~cryptography.x509.RelativeDistinguishedName. RDNs can
    be accessed via the :attr:~cryptography.x509.Name.rdns
    attribute. When constructed with an iterable of
    :class:~cryptography.x509.NameAttribute, each attribute becomes
    a single-valued RDN.
  • Added
    :func:~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key.
  • Added support for signing and verifying RSA, DSA, and ECDSA signatures with
    :class:~cryptography.hazmat.primitives.asymmetric.utils.Prehashed
    digests.

1.5.3

  • SECURITY ISSUE: Fixed a bug where HKDF would return an empty
    byte-string if used with a length less than algorithm.digest_size.
    Credit to Markus Döring for reporting the issue. CVE-2016-9243

1.5.2

  • Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j.

1.5.1

  • Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2i.
  • Resolved a UserWarning when used with cffi 1.8.3.
  • Fixed a memory leak in name creation with X.509.
  • Added a workaround for old versions of setuptools.
  • Fixed an issue preventing cryptography from compiling against
    OpenSSL 1.0.2i.

1.5

  • Added
    :func:~cryptography.hazmat.primitives.asymmetric.padding.calculate_max_pss_salt_length.
  • Added "one shot"
    :meth:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.sign
    and
    :meth:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey.verify
    methods to DSA keys.
  • Added "one shot"
    :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign
    and
    :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify
    methods to ECDSA keys.
  • Switched back to the older callback model on Python 3.5 in order to mitigate
    the locking callback problem with OpenSSL <1.1.0.
  • :class:~cryptography.x509.CertificateBuilder,
    :class:~cryptography.x509.CertificateRevocationListBuilder, and
    :class:~cryptography.x509.RevokedCertificateBuilder now accept timezone
    aware datetime objects as method arguments
  • cryptography now supports OpenSSL 1.1.0 as a compilation target.

1.4

  • Support for OpenSSL 0.9.8 has been removed. Users on older versions of
    OpenSSL will need to upgrade.
  • Added :class:~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC.
  • Added support for OpenSSH public key serialization.
  • Added support for SHA-2 in RSA
    :class:~cryptography.hazmat.primitives.asymmetric.padding.OAEP when using
    OpenSSL 1.0.2 or greater.
  • Added "one shot"
    :meth:~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.sign
    and
    :meth:~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.verify
    methods to RSA keys.
  • Deprecated the serial attribute on
    :class:~cryptography.x509.Certificate, in favor of
    :attr:~cryptography.x509.Certificate.serial_number.

1.3.4

  • Added another OpenSSL function to the bindings to support an upcoming
    pyOpenSSL release.

1.3.3

  • Added two new OpenSSL functions to the bindings to support an upcoming
    pyOpenSSL release.

1.3.2

  • Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2h.
  • Fixed an issue preventing cryptography from compiling against
    LibreSSL 2.3.x.

1.3.1

  • Fixed a bug that caused an AttributeError when using mock to patch
    some cryptography modules.

1.3

  • Added support for padding ANSI X.923 with
    :class:~cryptography.hazmat.primitives.padding.ANSIX923.
  • Deprecated support for OpenSSL 0.9.8. Support will be removed in
    cryptography 1.4.
  • Added support for the :class:~cryptography.x509.PolicyConstraints
    X.509 extension including both parsing and generation using
    :class:~cryptography.x509.CertificateBuilder and
    :class:~cryptography.x509.CertificateSigningRequestBuilder.
  • Added :attr:~cryptography.x509.CertificateSigningRequest.is_signature_valid
    to :class:~cryptography.x509.CertificateSigningRequest.
  • Fixed an intermittent AssertionError when performing an RSA decryption on
    an invalid ciphertext, ValueError is now correctly raised in all cases.
  • Added
    :meth:~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier.

1.2.3

  • Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2g.

1.2.2

  • Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2f.

Flask 0.10.1 -> 0.12.1

0.12.1


Bugfix release, released on March 31st 2017

  • Prevent flask run from showing a NoAppException when an ImportError occurs
    within the imported application module.
  • Fix encoding behavior of app.config.from_pyfile for Python 3. Fix
    2118.
  • Use the SERVER_NAME config if it is present as default values for
    app.run. 2109, 2152
  • Call ctx.auto_pop with the exception object instead of None, in the
    event that a BaseException such as KeyboardInterrupt is raised in a
    request handler.

0.12


Released on December 21st 2016, codename Punsch.

  • the cli command now responds to --version.
  • Mimetype guessing and ETag generation for file-like objects in send_file
    has been removed, as per issue 104. See pull request 1849.
  • Mimetype guessing in send_file now fails loudly and doesn't fall back to
    application/octet-stream. See pull request 1988.
  • Make flask.safe_join able to join multiple paths like os.path.join
    (pull request 1730).
  • Revert a behavior change that made the dev server crash instead of returning
    a Internal Server Error (pull request 2006).
  • Correctly invoke response handlers for both regular request dispatching as
    well as error handlers.
  • Disable logger propagation by default for the app logger.
  • Add support for range requests in send_file.
  • app.test_client includes preset default environment, which can now be
    directly set, instead of per client.get.

0.11.2


Bugfix release, unreleased

  • Fix crash when running under PyPy3, see pull request 1814.

0.11.1


Bugfix release, released on June 7th 2016.

  • Fixed a bug that prevented FLASK_APP=foobar/__init__.py from working. See
    pull request 1872.

0.11


Released on May 29th 2016, codename Absinthe.

  • Added support to serializing top-level arrays to :func:flask.jsonify. This
    introduces a security risk in ancient browsers. See
    :ref:json-security for details.
  • Added before_render_template signal.
  • Added **kwargs to :meth:flask.Test.test_client to support passing
    additional keyword arguments to the constructor of
    :attr:flask.Flask.test_client_class.
  • Added SESSION_REFRESH_EACH_REQUEST config key that controls the
    set-cookie behavior. If set to True a permanent session will be
    refreshed each request and get their lifetime extended, if set to
    False it will only be modified if the session actually modifies.
    Non permanent sessions are not affected by this and will always
    expire if the browser window closes.
  • Made Flask support custom JSON mimetypes for incoming data.
  • Added support for returning tuples in the form (response, headers)
    from a view function.
  • Added :meth:flask.Config.from_json.
  • Added :attr:flask.Flask.config_class.
  • Added :meth:flask.Config.get_namespace.
  • Templates are no longer automatically reloaded outside of debug mode. This
    can be configured with the new TEMPLATES_AUTO_RELOAD config key.
  • Added a workaround for a limitation in Python 3.3's namespace loader.
  • Added support for explicit root paths when using Python 3.3's namespace
    packages.
  • Added :command:flask and the flask.cli module to start the local
    debug server through the click CLI system. This is recommended over the old
    flask.run() method as it works faster and more reliable due to a
    different design and also replaces Flask-Script.
  • Error handlers that match specific classes are now checked first,
    thereby allowing catching exceptions that are subclasses of HTTP
    exceptions (in werkzeug.exceptions). This makes it possible
    for an extension author to create exceptions that will by default
    result in the HTTP error of their choosing, but may be caught with
    a custom error handler if desired.
  • Added :meth:flask.Config.from_mapping.
  • Flask will now log by default even if debug is disabled. The log format is
    now hardcoded but the default log handling can be disabled through the
    LOGGER_HANDLER_POLICY configuration key.
  • Removed deprecated module functionality.
  • Added the EXPLAIN_TEMPLATE_LOADING config flag which when enabled will
    instruct Flask to explain how it locates templates. This should help
    users debug when the wrong templates are loaded.
  • Enforce blueprint handling in the order they were registered for template
    loading.
  • Ported test suite to py.test.
  • Deprecated request.json in favour of request.get_json().
  • Add "pretty" and "compressed" separators definitions in jsonify() method.
    Reduces JSON response size when JSONIFY_PRETTYPRINT_REGULAR=False by removing
    unnecessary white space included by default after separators.
  • JSON responses are now terminated with a newline character, because it is a
    convention that UNIX text files end with a newline and some clients don't
    deal well when this newline is missing. See
    Add JSONIFY_END_WITH_NEWLINE config variable pallets/flask#1262 -- this came up originally as a
    part of https://github.com/kennethreitz/httpbin/issues/168
  • The automatically provided OPTIONS method is now correctly disabled if
    the user registered an overriding rule with the lowercase-version
    options (issue 1288).
  • flask.json.jsonify now supports the datetime.date type (pull request
    1326).
  • Don't leak exception info of already catched exceptions to context teardown
    handlers (pull request 1393).
  • Allow custom Jinja environment subclasses (pull request 1422).
  • flask.g now has pop() and setdefault methods.
  • Turn on autoescape for flask.templating.render_template_string by default
    (pull request 1515).
  • flask.ext is now deprecated (pull request 1484).
  • send_from_directory now raises BadRequest if the filename is invalid on
    the server OS (pull request 1763).
  • Added the JSONIFY_MIMETYPE configuration variable (pull request 1728).
  • Exceptions during teardown handling will no longer leave bad application
    contexts lingering around.

0.10.2


(bugfix release, release date to be announced)

  • Fixed broken test_appcontext_signals() test case.
  • Raise an :exc:AttributeError in :func:flask.helpers.find_package with a
    useful message explaining why it is raised when a PEP 302 import hook is used
    without an is_package() method.
  • Fixed an issue causing exceptions raised before entering a request or app
    context to be passed to teardown handlers.
  • Fixed an issue with query parameters getting removed from requests in
    the test client when absolute URLs were requested.
  • Made before_first_request into a decorator as intended.
  • Fixed an etags bug when sending a file streams with a name.
  • Fixed send_from_directory not expanding to the application root path
    correctly.
  • Changed logic of before first request handlers to flip the flag after
    invoking. This will allow some uses that are potentially dangerous but
    should probably be permitted.
  • Fixed Python 3 bug when a handler from app.url_build_error_handlers
    reraises the BuildError.

idna 2.0 -> 2.5

2.5

++++++++++++++++

  • Fix bug with Katakana middle dot context-rule (Thanks, Greg
    Shikhman.)

2.4

++++++++++++++++

  • Restore IDNAError to be a subclass of UnicodeError, as some users of
    this library are only looking for the latter to catch invalid strings.

2.3

++++++++++++++++

  • Fix bugs relating to deriving IDNAError from UnicodeError.
  • More memory footprint improvements (Thanks, Alex Gaynor)

2.2

++++++++++++++++

  • Made some changes to the UTS 46 data that should allow Jython to get around
    64kb Java class limits. (Thanks, John A. Booth and Marcin Płonka.)
  • In Python 2.6, skip two tests that rely on data not present in that
    Python version's unicodedata module.
  • Use relative imports to help downstream users.

2.1

++++++++++++++++

  • Memory consumption optimizations. The library should consume significantly
    less memory through smarter data structures being used to represent
    relevant Unicode properties. Many thanks to Shivaram Lingamneni for this
    patch.
  • Patches to make library work better with Python 2.6. The core library
    currently works however the unit testing does not. (Thanks, Robert
    Buchholz)
  • Better affix all Unicode codepoint properties to a specific version.

Jinja2 2.8 -> 2.9.6

2.9.6


(bugfix release, released on April 3rd 2017)

  • Fixed custom context behavior in fast resolve mode (675)

2.9.5


(bugfix release, released on January 28th 2017)

  • Restored the original repr of the internal _GroupTuple because this
    caused issues with ansible and it was an unintended change. (654)
  • Added back support for custom contexts that override the old resolve
    method since it was hard for people to spot that this could cause a
    regression.
  • Correctly use the buffer for the else block of for loops. This caused
    invalid syntax errors to be caused on 2.x and completely wrong behavior
    on Python 3 (669)
  • Resolve an issue where the {% extends %} tag could not be used with
    async environments. (668)
  • Reduce memory footprint slightly by reducing our unicode database dump
    we use for identifier matching on Python 3 (666)
  • Fixed autoescaping not working for macros in async compilation mode. (671)

2.9.4


(bugfix release, released on January 10th 2017)

  • Solved some warnings for string literals. (646)
  • Increment the bytecode cache version which was not done due to an
    oversight before.
  • Corrected bad code generation and scoping for filtered loops. (649)
  • Resolved an issue where top-level output silencing after known extend
    blocks could generate invalid code when blocks where contained in if
    statements. (651)
  • Made the truncate.leeway default configurable to improve compatibility
    with older templates.

2.9.3


(bugfix release, released on January 8th 2017)

  • Restored the use of blocks in macros to the extend that was possible
    before. On Python 3 it would render a generator repr instead of
    the block contents. (645)
  • Set a consistent behavior for assigning of variables in inner scopes
    when the variable is also read from an outer scope. This now sets the
    intended behavior in all situations however it does not restore the
    old behavior where limited assignments to outer scopes was possible.
    For more information and a discussion see 641
  • Resolved an issue where block scoped would not take advantage of the
    new scoping rules. In some more exotic cases a variable overriden in a
    local scope would not make it into a block.
  • Change the code generation of the with statement to be in line with the
    new scoping rules. This resolves some unlikely bugs in edge cases. This
    also introduces a new internal With node that can be used by extensions.

2.9.2


(bugfix release, released on January 8th 2017)

  • Fixed a regression that caused for loops to not be able to use the same
    variable for the target as well as source iterator. (640)
  • Add support for a previously unknown behavior of macros. It used to be
    possible in some circumstances to explicitly provide a caller argument
    to macros. While badly buggy and unintended it turns out that this is a
    common case that gets copy pasted around. To not completely break backwards
    compatibility with the most common cases it's now possible to provide an
    explicit keyword argument for caller if it's given an explicit default.
    (642)

2.9.1


(bugfix release, released on January 7th 2017)

  • Resolved a regression with call block scoping for macros. Nested caller
    blocks that used the same identifiers as outer macros could refer to the
    wrong variable incorrectly.

2.9


(codename Derivation, released on January 7th 2017)

  • Change cache key definition in environment. This fixes a performance
    regression introduced in 2.8.
  • Added support for generator_stop on supported Python versions
    (Python 3.5 and later)
  • Corrected a long standing issue with operator precedence of math operations
    not being what was expected.
  • Added support for Python 3.6 async iterators through a new async mode.
  • Added policies for filter defaults and similar things.
  • urlize now sets "rel noopener" by default.
  • Support attribute fallback for old-style classes in 2.x.
  • Support toplevel set statements in extend situations.
  • Restored behavior of Cycler for Python 3 users.
  • Subtraction now follows the same behavior as other operators on undefined
    values.
  • map and friends will now give better error messages if you forgot to
    quote the parameter.
  • Depend on MarkupSafe 0.23 or higher.
  • Improved the truncate filter to support better truncation in case
    the string is barely truncated at all.
  • Change the logic for macro autoescaping to be based on the runtime
    autoescaping information at call time instead of macro define time.
  • Ported a modified version of the tojson filter from Flask to Jinja2
    and hooked it up with the new policy framework.
  • Block sets are now marked safe by default.
  • On Python 2 the asciification of ASCII strings can now be disabled with
    the compiler.ascii_str policy.
  • Tests now no longer accept an arbitrary expression as first argument but
    a restricted one. This means that you can now properly use multiple
    tests in one expression without extra parentheses. In particular you can
    now write foo is divisibleby 2 or foo is divisibleby 3
    as you would expect.
  • Greatly changed the scoping system to be more consistent with what template
    designers and developers expect. There is now no more magic difference
    between the different include and import constructs. Context is now always
    propagated the same way. The only remaining differences is the defaults
    for with context and without context.
  • The with and autoescape tags are now built-in.
  • Added the new select_autoescape function which helps configuring better
    autoescaping easier.

2.8.2


(bugfix release, unreleased)

  • Fixed a runtime error in the sandbox when attributes of async generators
    were accessed.

2.8.1


(bugfix release, released on December 29th 2016)

  • Fixed the for_qs flag for urlencode.
  • Fixed regression when applying int to non-string values.
  • SECURITY: if the sandbox mode is used format expressions are now sandboxed
    with the same rules as in Jinja. This solves various information leakage
    problems that can occur with format strings.

MarkupSafe 0.23 -> 1.0

1.0


  • Fixed custom types not invoking __unicode__ when used
    with format().
  • Added __version__ module attribute
  • Improve unescape code to leave lone ampersands alone.

mistune 0.7.1 -> 0.7.4

0.7.4

Released on Mar. 14, 2017

  • Fix escape_link method by Marcos Ojeda
  • Handle block HTML with no content by David Baumgold
  • Use expandtabs for tab
  • Fix escape option for text renderer
  • Fix HTML attribute regex pattern

0.7.3

Released on Jun. 28, 2016

  • Fix strikethrough regex
  • Fix HTML attribute regex
  • Fix close tag regex

0.7.2

Released on Feb. 26, 2016

  • Fix hard_wrap options on renderer.
  • Fix emphasis regex pattern
  • Fix base64 image link 80_.
  • Fix link security per 87_.

.. _80: lepture/mistune#80
.. _87: lepture/mistune#87

pyOpenSSL 0.15.1 -> 16.2.0

16.2.0


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

none

Deprecations:
^^^^^^^^^^^^^

none

Changes:
^^^^^^^^

  • Fixed compatibility errors with OpenSSL 1.1.0.
  • Fixed an issue that caused failures with subinterpreters and embedded Pythons.
    552 &lt;https://github.com/pyca/pyopenssl/pull/552&gt;_

16.1.0


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

none

Deprecations:
^^^^^^^^^^^^^

  • Dropped support for OpenSSL 0.9.8.

Changes:
^^^^^^^^

  • Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT.
    496 &lt;https://github.com/pyca/pyopenssl/pull/496&gt;_
  • Enable use of CRL (and more) in verify context.
    483 &lt;https://github.com/pyca/pyopenssl/pull/483&gt;_
  • OpenSSL.crypto.PKey can now be constructed from cryptography objects and also exported as such.
    439 &lt;https://github.com/pyca/pyopenssl/pull/439&gt;_
  • Support newer versions of cryptography which use opaque structs for OpenSSL 1.1.0 compatibility.

16.0.0


This is the first release under full stewardship of PyCA.
We have made many changes to make local development more pleasing.
The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2.
It has been moved to pytest &lt;https://pytest.org/&gt;, all CI test runs are part of tox &lt;https://testrun.org/tox/&gt; and the source code has been made fully flake8 &lt;https://flake8.readthedocs.io/&gt;_ compliant.

We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations.

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Python 3.2 support has been dropped.
    It never had significant real world usage and has been dropped by our main dependency cryptography.
    Affected users should upgrade to Python 3.3 or later.

Deprecations:
^^^^^^^^^^^^^

  • The support for EGD has been removed.
    The only affected function OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
    Please see pyca/cryptography1636 &lt;https://github.com/pyca/cryptography/pull/1636&gt;_ for more background information on this decision.
    In accordance with our backward compatibility policy OpenSSL.rand.egd() will be removed no sooner than a year from the release of 16.0.0.

Please note that you should use urandom &lt;https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/&gt;_ for all your secure random number needs.

  • Python 2.6 support has been deprecated.
    Our main dependency cryptography deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it.
    pyOpenSSL will drop Python 2.6 support once cryptography does.

Changes:
^^^^^^^^

  • Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate, OpenSSL.SSL.Connection.renegotiate_pending, and OpenSSL.SSL.Context.load_client_ca.
    They were lacking an implementation since 0.14.
    422 &lt;https://github.com/pyca/pyopenssl/pull/422&gt;_
  • Fixed segmentation fault when using keys larger than 4096-bit to sign data.
    428 &lt;https://github.com/pyca/pyopenssl/pull/428&gt;_
  • Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called before setting any app data.
    304 &lt;https://github.com/pyca/pyopenssl/pull/304&gt;_
  • Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects that represent public keys, and OpenSSL.crypto.load_publickey() to load such objects from serialized representations.
    382 &lt;https://github.com/pyca/pyopenssl/pull/382&gt;_
  • Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to a string buffer.
    368 &lt;https://github.com/pyca/pyopenssl/pull/368&gt;_
  • Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding state_string_long.
    358 &lt;https://github.com/pyca/pyopenssl/pull/358&gt;_
  • Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv() and OpenSSL.SSL.Connection.recv_into().
    294 &lt;https://github.com/pyca/pyopenssl/pull/294&gt;_
  • Added OpenSSL.SSL.Connection.get_protocol_version() and OpenSSL.SSL.Connection.get_protocol_version_name().
    244 &lt;https://github.com/pyca/pyopenssl/pull/244&gt;_
  • Switched to utf8string mask by default.
    OpenSSL formerly defaulted to a T61String if there were UTF-8 characters present.
    This was changed to default to UTF8String in the config around 2005, but the actual code didn't change it until late last year.
    This will default us to the setting that actually works.
    To revert this you can call OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b&quot;default&quot;).
    234 &lt;https://github.com/pyca/pyopenssl/pull/234&gt;_

Older Changelog Entries

The changes from before release 16.0.0 are preserved in the repository &lt;https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt&gt;_.

requests 2.9.1 -> 2.13.0

2.13.0

+++++++++++++++++++

Features

  • Only load the idna library when we've determined we need it. This will
    save some memory for users.

Miscellaneous

  • Updated bundled urllib3 to 1.20.
  • Updated bundled idna to 2.2.

2.12.5

+++++++++++++++++++

Bugfixes

  • Fixed an issue with JSON encoding detection, specifically detecting
    big-endian UTF-32 with BOM.

2.12.4

+++++++++++++++++++

Bugfixes

  • Fixed regression from 2.12.2 where non-string types were rejected in the
    basic auth parameters. While support for this behaviour has been readded,
    the behaviour is deprecated and will be removed in the future.

2.12.3

+++++++++++++++++++

Bugfixes

  • Fixed regression from v2.12.1 for URLs with schemes that begin with "http".
    These URLs have historically been processed as though they were HTTP-schemed
    URLs, and so have had parameters added. This was removed in v2.12.2 in an
    overzealous attempt to resolve problems with IDNA-encoding those URLs. This
    change was reverted: the other fixes for IDNA-encoding have been judged to
    be sufficient to return to the behaviour Requests had before v2.12.0.

2.12.2

+++++++++++++++++++

Bugfixes

  • Fixed several issues with IDNA-encoding URLs that are technically invalid but
    which are widely accepted. Requests will now attempt to IDNA-encode a URL if
    it can but, if it fails, and the host contains only ASCII characters, it will
    be passed through optimistically. This will allow users to opt-in to using
    IDNA2003 themselves if they want to, and will also allow technically invalid
    but still common hostnames.
  • Fixed an issue where URLs with leading whitespace would raise
    InvalidSchema errors.
  • Fixed an issue where some URLs without the HTTP or HTTPS schemes would still
    have HTTP URL preparation applied to them.
  • Fixed an issue where Unicode strings could not be used in basic auth.
  • Fixed an issue encountered by some Requests plugins where constructing a
    Response object would cause Response.content to raise an
    AttributeError.

2.12.1

+++++++++++++++++++

Bugfixes

  • Updated setuptools 'security' extra for the new PyOpenSSL backend in urllib3.

Miscellaneous

  • Updated bundled urllib3 to 1.19.1.

2.12.0

+++++++++++++++++++

Improvements

  • Updated support for internationalized domain names from IDNA2003 to IDNA2008.
    This updated support is required for several forms of IDNs and is mandatory
    for .de domains.
  • Much improved heuristics for guessing content lengths: Requests will no
    longer read an entire StringIO into memory.
  • Much improved logic for recalculating Content-Length headers for
    PreparedRequest objects.
  • Improved tolerance for file-like objects that have no tell method but
    do have a seek method.
  • Anything that is a subclass of Mapping is now treated like a dictionary
    by the data= keyword argument.
  • Requests now tolerates empty passwords in proxy credentials, rather than
    stripping the credentials.
  • If a request is made with a file-like object as the body and that request is
    redirected with a 307 or 308 status code, Requests will now attempt to
    rewind the body object so it can be replayed.

Bugfixes

  • When calling response.close, the call to close will be propagated
    through to non-urllib3 backends.
  • Fixed issue where the ALL_PROXY environment variable would be preferred
    over scheme-specific variables like HTTP_PROXY.
  • Fixed issue where non-UTF8 reason phrases got severely mangled by falling
    back to decoding using ISO 8859-1 instead.
  • Fixed a bug where Requests would not correctly correlate cookies set when
    using custom Host headers if those Host headers did not use the native
    string type for the platform.

Miscellaneous

  • Updated bundled urllib3 to 1.19.
  • Updated bundled certifi certs to 2016.09.26.

2.11.1

+++++++++++++++++++

Bugfixes

  • Fixed a bug when using iter_content with decode_unicode=True for
    streamed bodies would raise AttributeError. This bug was introduced in
    2.11.
  • Strip Content-Type and Transfer-Encoding headers from the header block when
    following a redirect that transforms the verb from POST/PUT to GET.

2.11.0

+++++++++++++++++++

Improvements

  • Added support for the ALL_PROXY environment variable.
  • Reject header values that contain leading whitespace or newline characters to
    reduce risk of header smuggling.

Bugfixes

  • Fixed occasional TypeError when attempting to decode a JSON response that
    occurred in an error case. Now correctly returns a ValueError.
  • Requests would incorrectly ignore a non-CIDR IP address in the NO_PROXY
    environment variables: Requests now treats it as a specific IP.
  • Fixed a bug when sending JSON data that could cause us to encounter obscure
    OpenSSL errors in certain network conditions (yes, really).
  • Added type checks to ensure that iter_content only accepts integers and
    None for chunk sizes.
  • Fixed issue where responses whose body had not been fully consumed would have
    the underlying connection closed but not returned to the connection pool,
    which could cause Requests to hang in situations where the HTTPAdapter
    had been configured to use a blocking connection pool.

Miscellaneous

  • Updated bundled urllib3 to 1.16.
  • Some previous releases accidentally accepted non-strings as acceptable header values. This release does not.

2.10.0

+++++++++++++++++++

New Features

  • SOCKS Proxy Support! (requires PySocks; $ pip install requests[socks])

Miscellaneous

  • Updated bundled urllib3 to 1.15.1.

2.9.2

++++++++++++++++++

Improvements

  • Change built-in CaseInsensitiveDict (used for headers) to use OrderedDict
    as its underlying datastore.

Bugfixes

  • Don't use redirect_cache if allow_redirects=False
  • When passed objects that throw exceptions from tell(), send them via
    chunked transfer encoding instead of failing.
  • Raise a ProxyError for proxy related connection issues.

virtualenv 14.0.6 -> 15.1.0

15.1.0


  • Support Python 3.6.
  • Upgrade setuptools to 28.0.0.
  • Upgrade pip to 9.0.1.
  • Don't install pre-release versions of pip, setuptools, or wheel from PyPI.

15.0.3


  • Test for given python path actually being an executable file, :issue:939
  • Only search for copy actual existing Tcl/Tk directories (:pull:937)
  • Generically search for correct Tcl/Tk version (:pull:926, :pull:933)
  • Upgrade setuptools to 22.0.5

15.0.2


  • Copy Tcl/Tk libs on Windows to allow them to run,
    fixes :issue:93 (:pull:888)
  • Upgrade setuptools to 21.2.1.
  • Upgrade pip to 8.1.2.

15.0.1


  • Print error message when DEST_DIR exists and is a file
  • Upgrade setuptools to 20.3
  • Upgrade pip to 8.1.1.

15.0.0


  • Remove the virtualenv-N.N script from the package; this can no longer be
    correctly created from a wheel installation.
    Resolves :issue:851, :issue:692
  • Remove accidental runtime dependency on pip by extracting certificate in the
    subprocess.
  • Upgrade setuptools 20.2.2.
  • Upgrade pip to 8.1.0.

Werkzeug 0.11.3 -> 0.12.1

0.12.1


Released on March 15th 2017

  • Fix crash of reloader (used on debug mode) on Windows.
    (OSError: [WinError 10038]). See pull request 1081
  • Partially revert change to class hierarchy of Headers. See 1084.

0.12


Released on March 10th 2017

  • Spit out big deprecation warnings for werkzeug.script
  • Use inspect.getfullargspec internally when available as
    inspect.getargspec is gone in 3.6
  • Added support for status code 451 and 423
  • Improved the build error suggestions. In particular only if
    someone stringifies the error will the suggestions be calculated.
  • Added support for uWSGI's caching backend.
  • Fix a bug where iterating over a FileStorage would result in an infinite
    loop.
  • Datastructures now inherit from the relevant baseclasses from the
    collections module in the stdlib. See 794.
  • Add support for recognizing NetBSD, OpenBSD, FreeBSD, DragonFlyBSD platforms
    in the user agent string.
  • Recognize SeaMonkey browser name and version correctly
  • Recognize Baiduspider, and bingbot user agents
  • If LocalProxy's wrapped object is a function, refer to it with wrapped
    attribute.
  • The defaults of generate_password_hash have been changed to more secure
    ones, see pull request 753.
  • Add support for encoding in options header parsing, see pull request
    933.
  • test.Client now properly handles Location headers with relative URLs, see
    pull request 879.
  • When HTTPException is raised, it now prints the description, for easier
    debugging.
  • Werkzeug's dict-like datastructures now have view-methods under Python 2,
    see pull request 968.
  • Fix a bug in MultiPartParser when no stream_factory was provided
    during initialization, see pull request 973.
  • Disable autocorrect and spellchecker in the debugger middleware's Python
    prompt, see pull request 994.
  • Don't redirect to slash route when method doesn't match, see pull request
    907.
  • Fix a bug when using SharedDataMiddleware with frozen packages, see pull
    request 959.
  • Range header parsing function fixed for invalid values 974.
  • Add support for byte Range Requests, see pull request 978.
  • Use modern cryptographic defaults in the dev servers 1004.
  • the post() method of the test client now accept file object through the data
    parameter.
  • Color run_simple's terminal output based on HTTP codes 1013.
  • Fix self-XSS in debugger console, see 1031.
  • Fix IPython 5.x shell support, see 1033.

0.11.16


  • werkzeug.serving: set CONTENT_TYPE / CONTENT_LENGTH if only they're provided by the client
  • werkzeug.serving: Fix crash of reloader when using python -m werkzeug.serving.

0.11.15


Released on December 30th 2016.

  • Bugfix for the bugfix in the previous release.

0.11.14


Released on December 30th 2016.

  • Check if platform can fork before importing ForkingMixIn, raise exception
    when creating ForkingWSGIServer on such a platform, see PR 999.

0.11.13


Released on December 26th 2016.

  • Correct fix for the reloader issuer on certain Windows installations.

0.11.12


Released on December 26th 2016.

  • Fix more bugs in multidicts regarding empty lists. See 1000.
  • Add some docstrings to some EnvironBuilder properties that were previously
    unintentionally missing.
  • Added a workaround for the reloader on windows.

0.11.11


Released on August 31st 2016.

  • Fix JSONRequestMixin for Python3. See 731
  • Fix broken string handling in test client when passing integers. See 852
  • Fix a bug in parse_options_header where an invalid content type
    starting with comma or semi-colon would result in an invalid return value,
    see issue 995.
  • Fix a bug in multidicts when passing empty lists as values, see issue
    979.
  • Fix a security issue that allows XSS on the Werkzeug debugger. See 1001.

0.11.10


Released on May 24th 2016.

  • Fixed a bug that occurs when running on Python 2.6 and using a broken locale.
    See pull request 912.
  • Fixed a crash when running the debugger on Google App Engine. See issue 925.
  • Fixed an issue with multipart parsing that could cause memory exhaustion.

0.11.9


Released on April 24th 2016.

  • Corrected an issue that caused the debugger not to use the
    machine GUID on POSIX systems.
  • Corrected a Unicode error on Python 3 for the debugger's
    PIN usage.
  • Corrected the timestamp verification in the pin debug code.
    Without this fix the pin was remembered for too long.

0.11.8


Released on April 15th 2016.

  • fixed a problem with the machine GUID detection code on OS X
    on Python 3.

0.11.7


Released on April 14th 2016.

  • fixed a regression on Python 3 for the debugger.

0.11.6


Released on April 14th 2016.

  • werkzeug.serving: Still show the client address on bad requests.
  • improved the PIN based protection for the debugger to make it harder to
    brute force via trying cookies. Please keep in mind that the debugger
    is not intended for running on production environments
  • increased the pin timeout to a week to make it less annoying for people
    which should decrease the chance that users disable the pin check
    entirely.
  • werkzeug.serving: Fix broken HTTP_HOST when path starts with double slash.

0.11.5


Released on March 22nd 2016.

  • werkzeug.serving: Fix crash when attempting SSL connection to HTTP server.

0.11.4


Released on February 14th 2016.

  • Fixed werkzeug.serving not working from -m flag.
  • Fixed incorrect weak etag handling.

wheel 0.24.0 -> 0.29.0

0.29.0

======

  • Fix compression type of files in archive (Issue 155, Pull Request 62,
    thanks Xavier Fernandez)

0.28.0

======

  • Fix file modes in archive (Issue 154)

0.27.0

======

  • Support forcing a platform tag using --plat-name on pure-Python wheels, as
    well as nonstandard platform tags on non-pure wheels (Pull Request 60, Issue
    144, thanks Andrés Díaz)
  • Add SOABI tags to platform-specific wheels built for Python 2.X (Pull Request
    55, Issue 63, Issue 101)
  • Support reproducible wheel files, wheels that can be rebuilt and will hash to
    the same values as previous builds (Pull Request 52, Issue 143, thanks
    Barry Warsaw)
  • Support for changes in keyring >= 8.0 (Pull Request 61, thanks Jason R.
    Coombs)
  • Use the file context manager when checking if dependency_links.txt is empty,
    fixes problems building wheels under PyPy on Windows (Issue 150, thanks
    Cosimo Lupo)
  • Don't attempt to (recursively) create a build directory ending with ..
    (invalid on all platforms, but code was only executed on Windows) (Issue 91)
  • Added the PyPA Code of Conduct (Pull Request 56)

0.26.0

======

  • Fix multiple entrypoint comparison failure on Python 3 (Issue 148)

0.25.0

======

  • Add Python 3.5 to tox configuration
  • Deterministic (sorted) metadata
  • Fix tagging for Python 3.5 compatibility
  • Support py2-none-'arch' and py3-none-'arch' tags
  • Treat data-only wheels as pure
  • Write to temporary file and rename when using wheel install --force

Once you have closed this pull request, I'll create seperate pull requests for every update as soon as I find them.

That's it for now!

Happy merging! 🤖

@do3cc do3cc closed this Nov 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants