Scheduled weekly dependency update for week 05

[pyup-bot]

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

Django	1.11.7	»	1.11.10	PyPI | Changelog | Homepage
boto3	1.5.16	»	1.5.22	PyPI | Changelog | Repo
botocore	1.8.30	»	1.8.36	PyPI | Changelog | Repo
raven	6.4.0	»	6.5.0	PyPI | Changelog | Repo
msgpack-python	0.5.1	»	0.5.2	PyPI | Homepage
certifi	2017.11.5	»	2018.1.18	PyPI | Homepage
Sphinx	1.6.6	»	1.6.7	PyPI | Changelog | Homepage
olefile	0.44	»	0.45.1	PyPI | Changelog | Repo | Homepage
pytest	3.3.2	»	3.4.0	PyPI | Changelog | Repo | Homepage
coverage	4.4.2	»	4.5	PyPI | Changelog | Repo
pytest-factoryboy	1.3.1	»	2.0.1	PyPI | Changelog | Repo
factory_boy	2.8.1	»	2.10.0	PyPI | Changelog | Repo

Changelogs

Django 1.11.7 -> 1.11.10

1.11.10

============================

February 1, 2018

Django 1.11.10 fixes a security issue and several bugs in 1.11.9.

CVE-2018-6188: Information leakage in AuthenticationForm

A regression in Django 1.11.8 made
:class:~django.contrib.auth.forms.AuthenticationForm run its
confirm_login_allowed() method even if an incorrect password is entered.
This can leak information about a user, depending on what messages
confirm_login_allowed() raises. If confirm_login_allowed() isn't
overridden, an attacker enter an arbitrary username and see if that user has
been set to is_active=False. If confirm_login_allowed() is overridden,
more sensitive details could be leaked.

This issue is fixed with the caveat that AuthenticationForm can no longer
raise the "This account is inactive." error if the authentication backend
rejects inactive users (the default authentication backend, ModelBackend,
has done that since Django 1.10). This issue will be revisited for Django 2.1
as a fix to address the caveat will likely be too invasive for inclusion in
older versions.

Bugfixes

• Fixed incorrect foreign key nullification if a model has two foreign keys to
  the same model and a target model is deleted (:ticket:29016).

• Fixed a regression where contrib.auth.authenticate() crashes if an
  authentication backend doesn't accept request and a later one does
  (:ticket:29071).

• Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields
  (:ticket:29094).

===========================

1.11.9

===========================

January 1, 2018

Django 1.11.9 fixes several bugs in 1.11.8.

Bugfixes

• Fixed a regression in Django 1.11 that added newlines between MultiWidget's
  subwidgets (:ticket:28890).

• Fixed incorrect class-based model index name generation for models with
  quoted db_table (:ticket:28876).

• Fixed incorrect foreign key constraint name for models with quoted
  db_table (:ticket:28876).

• Fixed a regression in caching of a GenericForeignKey when the referenced
  model instance uses more than one level of multi-table inheritance
  (:ticket:28856).

===========================

1.11.8

===========================

December 2, 2017

Django 1.11.8 fixes several bugs in 1.11.7.

Bugfixes

• Reallowed, following a regression in Django 1.10, AuthenticationForm to
  raise the inactive user error when using ModelBackend (:ticket:28645).

• Added support for QuerySet.values() and values_list() for
  union(), difference(), and intersection() queries
  (:ticket:28781).

• Fixed incorrect index name truncation when using a namespaced db_table
  (:ticket:28792).

• Made QuerySet.iterator() use server-side cursors on PostgreSQL after
  values() and values_list() (:ticket:28817).

• Fixed crash on SQLite and MySQL when ordering by a filtered subquery that
  uses nulls_first or nulls_last (:ticket:28848).

• Made query lookups for CICharField, CIEmailField, and CITextField
  use a citext cast (:ticket:28702).

• Fixed a regression in caching of a GenericForeignKey when the referenced
  model instance uses multi-table inheritance (:ticket:28856).

• Fixed "Cannot change column 'x': used in a foreign key constraint" crash on
  MySQL with a sequence of AlterField and/or RenameField operations in
  a migration (:ticket:28305).

===========================

boto3 1.5.16 -> 1.5.22

1.5.22

======

• api-change:mturk: [botocore] Update mturk client to latest version
• api-change:medialive: [botocore] Update medialive client to latest version
• api-change:devicefarm: [botocore] Update devicefarm client to latest version

1.5.21

======

• api-change:lambda: [botocore] Update lambda client to latest version
• api-change:codebuild: [botocore] Update codebuild client to latest version
• api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
• bugfix:Presign: [botocore] Fix issue where some events were not fired during the presigning of a request thus not including a variety of customizations (1340 <https://github.com/boto/botocore/issues/1340>__)
• enhancement:Credentials: [botocore] Improved error message when the source profile for an assume role is misconfigured. Fixes aws/aws-cli2763 <https://github.com/aws/aws-cli/issues/2763>__
• api-change:guardduty: [botocore] Update guardduty client to latest version
• enhancment:Paginator: [botocore] Added paginators for a number of services where the result key is unambiguous.

1.5.20

======

• api-change:budgets: [botocore] Update budgets client to latest version

1.5.19

======

• api-change:glue: [botocore] Update glue client to latest version
• api-change:transcribe: [botocore] Update transcribe client to latest version

1.5.18

======

• api-change:sagemaker: [botocore] Update sagemaker client to latest version

1.5.17

======

• api-change:ec2: [botocore] Update ec2 client to latest version
• api-change:autoscaling-plans: [botocore] Update autoscaling-plans client to latest version

botocore 1.8.30 -> 1.8.36

1.8.36

======

• api-change:mturk: Update mturk client to latest version
• api-change:medialive: Update medialive client to latest version
• api-change:devicefarm: Update devicefarm client to latest version

1.8.35

======

• api-change:lambda: Update lambda client to latest version
• api-change:codebuild: Update codebuild client to latest version
• api-change:alexaforbusiness: Update alexaforbusiness client to latest version
• bugfix:Presign: Fix issue where some events were not fired during the presigning of a request thus not including a variety of customizations (1340 <https://github.com/boto/botocore/issues/1340>__)
• enhancement:Credentials: Improved error message when the source profile for an assume role is misconfigured. Fixes aws/aws-cli2763 <https://github.com/aws/aws-cli/issues/2763>__
• api-change:guardduty: Update guardduty client to latest version
• enhancment:Paginator: Added paginators for a number of services where the result key is unambiguous.

1.8.34

======

• api-change:budgets: Update budgets client to latest version

1.8.33

======

• api-change:glue: Update glue client to latest version
• api-change:transcribe: Update transcribe client to latest version

1.8.32

======

• api-change:sagemaker: Update sagemaker client to latest version

1.8.31

======

• api-change:ec2: Update ec2 client to latest version
• api-change:autoscaling-plans: Update autoscaling-plans client to latest version

raven 6.4.0 -> 6.5.0

6.5.0

---

• [Core] Fixed missing deprecation on processors.SanitizePasswordsProcessor
• [Core] Improve exception handling in Serializer.transform
• [Core] Fixed celery.register_logger_signal ignoring subclasses
• [Core] Fixed sanitizer skipping byte instances
• [Lambda] Fixed AttributeError when requestContext not present

Sphinx 1.6.6 -> 1.6.7

1.6.7

==============================

Dependencies

Incompatible changes

Deprecated

Features added

Bugs fixed

• 1922: html search: Upper characters problem in French
• 4412: Updated jQuery version from 3.1.0 to 3.2.1
• 4438: math: math with labels with whitespace cause html error
• 2437: make full reference for classes, aliased with "alias of"
• 4434: pure numbers as link targets produce warning
• 4477: Build fails after building specific files
• 4449: apidoc: include "empty" packages that contain modules
• 3917: citation labels are tranformed to ellipsis
• 4501: graphviz: epub3 validation error caused if graph is not clickable
• 4514: graphviz: workaround for wrong map ID which graphviz generates
• 4525: autosectionlabel does not support parallel build
• 3953: Do not raise warning when there is a working intersphinx inventory
• 4487: math: ValueError is raised on parallel build. Thanks to jschueller.
• 2372: autosummary: invalid signatures are shown for type annotated functions
• 3942: html: table is not aligned to center even if :align: center

Testing

pytest 3.3.2 -> 3.4.0

3.4.0

=========================

Deprecations and Removals

• All pytest classes now subclass object for better Python 2/3 compatibility.
  This should not affect user code except in very rare edge cases. (2147 <https://github.com/pytest-dev/pytest/issues/2147>_)

Features

• Introduce empty_parameter_set_mark ini option to select which mark to
  apply when pytest.mark.parametrize is given an empty set of parameters.
  Valid options are skip (default) and xfail. Note that it is planned
  to change the default to xfail in future releases as this is considered
  less error prone. (2527 <https://github.com/pytest-dev/pytest/issues/2527>_)

• Incompatible change: after community feedback the logging <https://docs.pytest.org/en/latest/logging.html>_ functionality has
  undergone some changes. Please consult the logging documentation <https://docs.pytest.org/en/latest/logging.htmlincompatible-changes-in-pytest-3-4>_
  for details. (3013 <https://github.com/pytest-dev/pytest/issues/3013>_)

• Console output falls back to "classic" mode when capturing is disabled (-s),
  otherwise the output gets garbled to the point of being useless. (3038 <https://github.com/pytest-dev/pytest/issues/3038>_)

• New pytest_runtest_logfinish <https://docs.pytest.org/en/latest/writing_plugins.html_pytest.hookspec.pytest_runtest_logfinish>_
  hook which is called when a test item has finished executing, analogous to
  pytest_runtest_logstart <https://docs.pytest.org/en/latest/writing_plugins.html_pytest.hookspec.pytest_runtest_start>.
  (3101 <https://github.com/pytest-dev/pytest/issues/3101>)

• Improve performance when collecting tests using many fixtures. (3107 <https://github.com/pytest-dev/pytest/issues/3107>_)

• New caplog.get_records(when) method which provides access to the captured
  records for the "setup", "call" and "teardown"
  testing stages. (3117 <https://github.com/pytest-dev/pytest/issues/3117>_)

• New fixture record_xml_attribute that allows modifying and inserting
  attributes on the <testcase> xml node in JUnit reports. (3130 <https://github.com/pytest-dev/pytest/issues/3130>_)

• The default cache directory has been renamed from .cache to
  .pytest_cache after community feedback that the name .cache did not
  make it clear that it was used by pytest. (3138 <https://github.com/pytest-dev/pytest/issues/3138>_)

• Colorize the levelname column in the live-log output. (3142 <https://github.com/pytest-dev/pytest/issues/3142>_)

Bug Fixes

• Fix hanging pexpect test on MacOS by using flush() instead of wait().
  (2022 <https://github.com/pytest-dev/pytest/issues/2022>_)

• Fix restoring Python state after in-process pytest runs with the
  pytester plugin; this may break tests using multiple inprocess
  pytest runs if later ones depend on earlier ones leaking global interpreter
  changes. (3016 <https://github.com/pytest-dev/pytest/issues/3016>_)

• Fix skipping plugin reporting hook when test aborted before plugin setup
  hook. (3074 <https://github.com/pytest-dev/pytest/issues/3074>_)

• Fix progress percentage reported when tests fail during teardown. (3088 <https://github.com/pytest-dev/pytest/issues/3088>_)

• Incompatible change: -o/--override option no longer eats all the
  remaining options, which can lead to surprising behavior: for example,
  pytest -o foo=1 /path/to/test.py would fail because /path/to/test.py
  would be considered as part of the -o command-line argument. One
  consequence of this is that now multiple configuration overrides need
  multiple -o flags: pytest -o foo=1 -o bar=2. (3103 <https://github.com/pytest-dev/pytest/issues/3103>_)

Improved Documentation

• Document hooks (defined with historic=True) which cannot be used with
  hookwrapper=True. (2423 <https://github.com/pytest-dev/pytest/issues/2423>_)

• Clarify that warning capturing doesn't change the warning filter by default.
  (2457 <https://github.com/pytest-dev/pytest/issues/2457>_)

• Clarify a possible confusion when using pytest_fixture_setup with fixture
  functions that return None. (2698 <https://github.com/pytest-dev/pytest/issues/2698>_)

• Fix the wording of a sentence on doctest flags used in pytest. (3076 <https://github.com/pytest-dev/pytest/issues/3076>_)

• Prefer https://*.readthedocs.io over http://*.rtfd.org for links in
  the documentation. (3092 <https://github.com/pytest-dev/pytest/issues/3092>_)

• Improve readability (wording, grammar) of Getting Started guide (3131 <https://github.com/pytest-dev/pytest/issues/3131>_)

• Added note that calling pytest.main multiple times from the same process is
  not recommended because of import caching. (3143 <https://github.com/pytest-dev/pytest/issues/3143>_)

Trivial/Internal Changes

• Show a simple and easy error when keyword expressions trigger a syntax error
  (for example, "-k foo and import" will show an error that you can not use
  the import keyword in expressions). (2953 <https://github.com/pytest-dev/pytest/issues/2953>_)

• Change parametrized automatic test id generation to use the __name__
  attribute of functions instead of the fallback argument name plus counter.
  (2976 <https://github.com/pytest-dev/pytest/issues/2976>_)

• Replace py.std with stdlib imports. (3067 <https://github.com/pytest-dev/pytest/issues/3067>_)

• Corrected 'you' to 'your' in logging docs. (3129 <https://github.com/pytest-dev/pytest/issues/3129>_)

coverage 4.4.2 -> 4.5

4.5

---

• A new kind of plugin is supported: configurators are invoked at start-up to
  allow more complex configuration than the .coveragerc file can easily do.
  See :ref:api_plugin for details. This solves the complex configuration
  problem described in issue 563_.

• The fail_under option can now be a float. Note that you must specify the
  [report] precision configuration option for the fractional part to be
  used. Thanks to Lars Hupfeldt Nielsen for help with the implementation.
  Fixes issue 631_.

• The include and omit options can be specified for both the [run]
  and [report] phases of execution. 4.4.2 introduced some incorrect
  interactions between those phases, where the options for one were confused
  for the other. This is now corrected, fixing issue 621_ and issue 622_.
  Thanks to Daniel Hahler for seeing more clearly than I could.

• The coverage combine command used to always overwrite the data file, even
  when no data had been read from apparently combinable files. Now, an error
  is raised if we thought there were files to combine, but in fact none of them
  could be used. Fixes issue 629_.

• The coverage combine command could get confused about path separators
  when combining data collected on Windows with data collected on Linux, as
  described in issue 618_. This is now fixed: the result path always uses
  the path separator specified in the [paths] result.

• On Windows, the HTML report could fail when source trees are deeply nested,
  due to attempting to create HTML filenames longer than the 250-character
  maximum. Now filenames will never get much larger than 200 characters,
  fixing issue 627_. Thanks to Alex Sandro for helping with the fix.

.. _issue 563: https://bitbucket.org/ned/coveragepy/issues/563/platform-specific-configuration
.. _issue 618: https://bitbucket.org/ned/coveragepy/issues/618/problem-when-combining-windows-generated
.. _issue 621: https://bitbucket.org/ned/coveragepy/issues/621/include-ignored-warning-when-using
.. _issue 622: https://bitbucket.org/ned/coveragepy/issues/622/report-omit-overwrites-run-omit
.. _issue 627: https://bitbucket.org/ned/coveragepy/issues/627/failure-generating-html-reports-when-the
.. _issue 629: https://bitbucket.org/ned/coveragepy/issues/629/multiple-use-of-combine-leads-to-empty
.. _issue 631: https://bitbucket.org/ned/coveragepy/issues/631/precise-coverage-percentage-value

.. _changes_442:

pytest-factoryboy 1.3.1 -> 2.0.1

2.0.1

---

Breaking change due to the heavy refactor of both pytest and factory_boy.

• Failing test for using a attributes field on the factory (blueyed)
• Minimal pytest version is 3.3.2 (olegpidsadnyi)
• Minimal factory_boy version is 2.10.0 (olegpidsadnyi)

1.3.2

---

• use {posargs} in pytest command (blueyed)
• pin factory_boy<2.9 (blueyed)

factory_boy 2.8.1 -> 2.10.0

2.10.0

---

Bugfix:

• :issue:443: Don't crash when calling :meth:factory.Iterator.reset() on a brand new iterator.

New:

• :issue:397: Allow a :class:factory.Maybe to contain a :class:~factory.PostGenerationDeclaration.
  This also applies to :class:factory.Trait, since they use a :class:factory.Maybe declaration internally.

2.9.2

---

Bugfix:

• Fix declaration corruption bug when a factory defined foo__bar__baz=1 and a caller
  provided a foo__bar=x parameter at call time: this got merged into the factory's base
  declarations.

2.9.1

---

Bugfix:

• Fix packaging issues (see Tag formatter documentation zestsoftware/zest.releaser#212)
• Don't crash when debugging PostGenerationDeclaration

2.9.0

---

This version brings massive changes to the core engine, thus reducing the number of
corner cases and weird behaviourrs.

New:

• :issue:275: factory.fuzzy and factory.faker now use the same random seed.
• Add :class:factory.Maybe, which chooses among two possible declarations based
  on another field's value (powers the :class:~factory.Trait feature).
• :class:~factory.PostGenerationMethodCall only allows to pass one positional argument; use keyword arguments for
  extra parameters.

Deprecation:

• factory.fuzzy.get_random_state is deprecated, factory.random.get_random_state should be used instead.
• factory.fuzzy.set_random_state is deprecated, factory.random.set_random_state should be used instead.
• factory.fuzzy.reseed_random is deprecated, factory.random.reseed_random should be used instead.

That's it for now!

Happy merging! 🤖

[pyup-bot]

Closing this in favor of #986