Update pyramid to 1.9.1

[pyup-bot]

There's a new version of pyramid available.
You are currently using 1.8.3. I have updated it to 1.9.1

These links might come in handy: PyPI | Changelog | Homepage

Changelog

1.9

================

• No major changes from 1.9b1.

• Updated documentation links for docs.pylonsproject.org to use HTTPS.

1.9b1

==================

• Add an informative error message when unknown predicates are supplied. The
  new message suggests alternatives based on the list of known predicates.
  See Fix #1603, add closest predicate name in error message Pylons/pyramid#3054

• Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and
  resulting source files in tutorials.
  See use integrity attribute for javascripts from CDN Pylons/pyramid#2548

• Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to
  use shortcut.
  See add pyramid_retry to cookiecutters Pylons/pyramid#3042

• Ensure the correct threadlocals are pushed during view execution when
  invoked from request.invoke_exception_view.
  See When invoking an exception view, push the new threadlocals Pylons/pyramid#3060

• Fix a bug in which pyramid.security.ALL_PERMISSIONS failed to return
  a valid iterator in its __iter__ implementation.
  See Ensure that instances of 'AllPermissionsList' are iterable. Pylons/pyramid#3074

• Normalize the permission results to a proper class hierarchy.
  pyramid.security.ACLAllowed is now a subclass of
  pyramid.security.Allowed and pyramid.security.ACLDenied is now a
  subclass of pyramid.security.Denied.
  See fix p.security.ACLPermitsResult to subclass p.security.PermitsResult Pylons/pyramid#3084

• Add a quote_via argument to pyramid.encode.urlencode to follow
  the stdlib's version and enable custom quoting functions.
  See quote_via urlencode argument Pylons/pyramid#3088

• Support _query=None and _anchor=None in request.route_url as well
  as query=None and anchor=None in request.resource_url.
  Previously this would cause an ? and a ``, respectively, in the url
  with nothing after it. Now the unnecessary parts are dropped from the
  generated URL. See refactor parse_url_overrides Pylons/pyramid#3034

• Revamp the IRouter API used by IExecutionPolicy to force
  pushing/popping the request threadlocals. The
  IRouter.make_request(environ) API has been replaced by
  IRouter.request_context(environ) which should be used as a context
  manager. See add a router.request_context context manager Pylons/pyramid#3086

1.9a2

==================

Backward Incompatibilities

• request.exception and request.exc_info will only be set if the
  response was generated by the EXCVIEW tween. This is to avoid any confusion
  where a response was generated elsewhere in the pipeline and not in
  direct relation to the original exception. If anyone upstream wants to
  catch and render responses for exceptions they should set
  request.exception and request.exc_info themselves to indicate
  the exception that was squashed when generating the response.

Similar behavior occurs with request.invoke_exception_view in which
the exception properties are set to reflect the exception if a response
is successfully generated by the method.

This is a very minor incompatibility. Most tweens right now would give
priority to the raised exception and ignore request.exception. This
change just improves and clarifies that bookkeeping by trying to be
more clear about the relationship between the response and its squashed
exception. See Pylons/pyramid#3029 and
Pylons/pyramid#3031

1.9a1

==================

Major Features

• The file format used by all p* command line scripts such as pserve
  and pshell, as well as the pyramid.paster.bootstrap function
  is now replaceable thanks to a new dependency on
  plaster <https://docs.pylonsproject.org/projects/plaster/en/latest/>_.

For now, Pyramid is still shipping with integrated support for the
PasteDeploy INI format by depending on the
plaster_pastedeploy <https://github.com/Pylons/plaster_pastedeploy>_
binding library. This may change in the future.

See Pylons/pyramid#2985

• Added an execution policy hook to the request pipeline. An execution
  policy has the ability to control creation and execution of the request
  objects before they enter the rest of the pipeline. This means for a single
  request environ the policy may create more than one request object.

The first library to use this feature is
pyramid_retry <https://docs.pylonsproject.org/projects/pyramid-retry/en/latest/>_.

See Pylons/pyramid#2964

• CSRF support has been refactored out of sessions and into its own
  independent API in the pyramid.csrf module. It supports a pluggable
  pyramid.interfaces.ICSRFStoragePolicy which can be used to define your
  own mechanism for generating and validating CSRF tokens. By default,
  Pyramid continues to use the pyramid.csrf.LegacySessionCSRFStoragePolicy
  that uses the request.session.get_csrf_token and
  request.session.new_csrf_token APIs under the hood to preserve
  compatibility. Two new policies are shipped as well,
  pyramid.csrf.SessionCSRFStoragePolicy and
  pyramid.csrf.CookieCSRFStoragePolicy which will store the CSRF tokens
  in the session and in a standalone cookie, respectively. The storage policy
  can be changed by using the new
  pyramid.config.Configurator.set_csrf_storage_policy config directive.

CSRF tokens should be used via the new pyramid.csrf.get_csrf_token,
pyramid.csrf.new_csrf_token and pyramid.csrf.check_csrf_token APIs
in order to continue working if the storage policy is changed. Also, the
pyramid.csrf.get_csrf_token function is injected into templates to be
used conveniently in UI code.

See Pylons/pyramid#2854 and
Pylons/pyramid#3019

Minor Features

• Support an open_url config setting in the pserve section of the
  config file. This url is used to open a web browser when pserve --browser
  is invoked. When this setting is unavailable the pserve script will
  attempt to guess the port the server is using from the
  server:<server_name> section of the config file but there is no
  requirement that the server is being run in this format so it may fail.
  See pserve open_url config setting Pylons/pyramid#2984

• The pyramid.config.Configurator can now be used as a context manager
  which will automatically push/pop threadlocals (similar to
  config.begin() and config.end()). It will also automatically perform
  a config.commit() and thus it is only recommended to be used at the
  top-level of your app. See turn the Configurator into a context manager Pylons/pyramid#2874

• The threadlocals are now available inside any function invoked via
  config.include. This means the only config-time code that cannot rely
  on threadlocals is code executed from non-actions inside the main. This
  can be alleviated by invoking config.begin() and config.end()
  appropriately or using the new context manager feature of the configurator.
  See push threadlocals while executing config.include functions Pylons/pyramid#2989

Bug Fixes

• HTTPException's accepts a detail kwarg that may be used to pass additional
  details to the exception. You may now pass objects so long as they have a
  valid str method. See Bugfix: p.h.HTTPException.__str __  Pylons/pyramid#2951

• Fix a reference cycle causing memory leaks in which the registry
  would keep a Configurator instance alive even after the configurator
  was discarded. Another fix was also added for the global_registries
  object in which the registry was stored in a closure preventing it from
  being deallocated. See Fixed several reference cycles to prevent memory leaks. Pylons/pyramid#2967

• Fix a bug directly invoking pyramid.scripts.pserve.main with the
  --reload option in which sys.argv is always used in the subprocess
  instead of the supplied argv.
  See Pserve --reload does not keep worker arguments. Fixes #2961 Pylons/pyramid#2962

Deprecations

• Pyramid currently depends on plaster_pastedeploy to simplify the
  transition to plaster by maintaining integrated support for INI files.
  This dependency on plaster_pastedeploy should be considered subject to
  Pyramid's deprecation policy and may be removed in the future.
  Applications should depend on the appropriate plaster binding to satisfy
  their needs.

• Retrieving CSRF token from the session has been deprecated in favor of
  equivalent methods in the pyramid.csrf module. The CSRF methods
  (ISession.get_csrf_token and ISession.new_csrf_token) are no longer
  required on the ISession interface except when using the default
  pyramid.csrf.LegacySessionCSRFStoragePolicy.

Also, pyramid.session.check_csrf_token is now located at
pyramid.csrf.check_csrf_token.

See Pylons/pyramid#2854 and
Pylons/pyramid#3019

Documentation Changes

• Added the execution policy to the routing diagram in the Request Processing
  chapter. See add execution policy to pyramid request processing diagrams Pylons/pyramid#2993

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖

[coveralls]

Coverage remained the same at 34.634% when pulling 9d19db7 on pyup-update-pyramid-1.8.3-to-1.9.1 into 48b4892 on master.