Scheduled monthly dependency update for November

[pyup-bot]

Update Flask from 1.0.2 to 1.1.1.

Changelog

1.1.1

-------------

Released 2019-07-08

-   The ``flask.json_available`` flag was added back for compatibility
 with some extensions. It will raise a deprecation warning when used,
 and will be removed in version 2.0.0. :issue:`3288`

1.1.0

-------------

Released 2019-07-04

-   Bump minimum Werkzeug version to >= 0.15.
-   Drop support for Python 3.4.
-   Error handlers for ``InternalServerError`` or ``500`` will always be
 passed an instance of ``InternalServerError``. If they are invoked
 due to an unhandled exception, that original exception is now
 available as ``e.original_exception`` rather than being passed
 directly to the handler. The same is true if the handler is for the
 base ``HTTPException``. This makes error handler behavior more
 consistent. :pr:`3266`

 -   :meth:`Flask.finalize_request` is called for all unhandled
     exceptions even if there is no ``500`` error handler.

-   :attr:`Flask.logger` takes the same name as
 :attr:`Flask.name` (the value passed as
 ``Flask(import_name)``. This reverts 1.0's behavior of always
 logging to ``"flask.app"``, in order to support multiple apps in the
 same process. A warning will be shown if old configuration is
 detected that needs to be moved. :issue:`2866`
-   :meth:`flask.RequestContext.copy` includes the current session
 object in the request context copy. This prevents ``session``
 pointing to an out-of-date object. :issue:`2935`
-   Using built-in RequestContext, unprintable Unicode characters in
 Host header will result in a HTTP 400 response and not HTTP 500 as
 previously. :pr:`2994`
-   :func:`send_file` supports :class:`~os.PathLike` objects as
 described in PEP 0519, to support :mod:`pathlib` in Python 3.
 :pr:`3059`
-   :func:`send_file` supports :class:`~io.BytesIO` partial content.
 :issue:`2957`
-   :func:`open_resource` accepts the "rt" file mode. This still does
 the same thing as "r". :issue:`3163`
-   The :attr:`MethodView.methods` attribute set in a base class is used
 by subclasses. :issue:`3138`
-   :attr:`Flask.jinja_options` is a ``dict`` instead of an
 ``ImmutableDict`` to allow easier configuration. Changes must still
 be made before creating the environment. :pr:`3190`
-   Flask's ``JSONMixin`` for the request and response wrappers was
 moved into Werkzeug. Use Werkzeug's version with Flask-specific
 support. This bumps the Werkzeug dependency to >= 0.15.
 :issue:`3125`
-   The ``flask`` command entry point is simplified to take advantage
 of Werkzeug 0.15's better reloader support. This bumps the Werkzeug
 dependency to >= 0.15. :issue:`3022`
-   Support ``static_url_path`` that ends with a forward slash.
 :issue:`3134`
-   Support empty ``static_folder`` without requiring setting an empty
 ``static_url_path`` as well. :pr:`3124`
-   :meth:`jsonify` supports :class:`dataclasses.dataclass` objects.
 :pr:`3195`
-   Allow customizing the :attr:`Flask.url_map_class` used for routing.
 :pr:`3069`
-   The development server port can be set to 0, which tells the OS to
 pick an available port. :issue:`2926`
-   The return value from :meth:`cli.load_dotenv` is more consistent
 with the documentation. It will return ``False`` if python-dotenv is
 not installed, or if the given path isn't a file. :issue:`2937`
-   Signaling support has a stub for the ``connect_via`` method when
 the Blinker library is not installed. :pr:`3208`
-   Add an ``--extra-files`` option to the ``flask run`` CLI command to
 specify extra files that will trigger the reloader on change.
 :issue:`2897`
-   Allow returning a dictionary from a view function. Similar to how
 returning a string will produce a ``text/html`` response, returning
 a dict will call ``jsonify`` to produce a ``application/json``
 response. :pr:`3111`
-   Blueprints have a ``cli`` Click group like ``app.cli``. CLI commands
 registered with a blueprint will be available as a group under the
 ``flask`` command. :issue:`1357`.
-   When using the test client as a context manager (``with client:``),
 all preserved request contexts are popped when the block exits,
 ensuring nested contexts are cleaned up correctly. :pr:`3157`
-   Show a better error message when the view return type is not
 supported. :issue:`3214`
-   ``flask.testing.make_test_environ_builder()`` has been deprecated in
 favour of a new class ``flask.testing.EnvironBuilder``. :pr:`3232`
-   The ``flask run`` command no longer fails if Python is not built
 with SSL support. Using the ``--cert`` option will show an
 appropriate error message. :issue:`3211`
-   URL matching now occurs after the request context is pushed, rather
 than when it's created. This allows custom URL converters to access
 the app and request contexts, such as to query a database for an id.
 :issue:`3088`

1.0.4

-------------

Released 2019-07-04

-   The key information for ``BadRequestKeyError`` is no longer cleared
 outside debug mode, so error handlers can still access it. This
 requires upgrading to Werkzeug 0.15.5. :issue:`3249`
-   ``send_file`` url quotes the ":" and "/" characters for more
 compatible UTF-8 filename support in some browsers. :issue:`3074`
-   Fixes for PEP451 import loaders and pytest 5.x. :issue:`3275`
-   Show message about dotenv on stderr instead of stdout. :issue:`3285`

1.0.3

-------------

Released 2019-05-17

-   :func:`send_file` encodes filenames as ASCII instead of Latin-1
 (ISO-8859-1). This fixes compatibility with Gunicorn, which is
 stricter about header encodings than PEP 3333. :issue:`2766`
-   Allow custom CLIs using ``FlaskGroup`` to set the debug flag without
 it always being overwritten based on environment variables.
 :pr:`2765`
-   ``flask --version`` outputs Werkzeug's version and simplifies the
 Python version. :pr:`2825`
-   :func:`send_file` handles an ``attachment_filename`` that is a
 native Python 2 string (bytes) with UTF-8 coded bytes. :issue:`2933`
-   A catch-all error handler registered for ``HTTPException`` will not
 handle ``RoutingException``, which is used internally during
 routing. This fixes the unexpected behavior that had been introduced
 in 1.0. :pr:`2986`
-   Passing the ``json`` argument to ``app.test_client`` does not
 push/pop an extra app context. :issue:`2900`

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://pyup.io/changelogs/flask/
• Homepage: https://palletsprojects.com/p/flask/

Update Flask-SQLAlchemy from 2.3.2 to 2.4.1.

Changelog

2.4.1

-------------

Released 2019-09-24

-   Fix ``AttributeError`` when using multiple binds with polymorphic
 models. :pr:`651`

2.4.0

-------------

Released 2019-04-24

-   Make engine configuration more flexible. (:pr:`684`)
-   Address SQLAlchemy 1.3 deprecations. (:pr:`684`)
-   ``get_or_404()`` and ``first_or_404()`` now accept a ``description``
 parameter to control the 404 message. (:issue:`636`)
-   Use ``time.perf_counter`` for Python 3 on Windows. (:issue:`638`)
-   Drop support for Python 2.6 and 3.3. (:pr:`687`)
-   Add an example of Flask's tutorial project, Flaskr, adapted for
 Flask-SQLAlchemy. (:pr:`720`)

Links

• PyPI: https://pypi.org/project/flask-sqlalchemy
• Changelog: https://pyup.io/changelogs/flask-sqlalchemy/
• Repo: https://github.com/pallets/flask-sqlalchemy
• Docs: https://pythonhosted.org/Flask-SQLAlchemy/

Update Jinja2 from 2.10.1 to 2.10.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/jinja2
• Homepage: https://palletsprojects.com/p/jinja/

Update SQLAlchemy from 1.3.1 to 1.3.10.

Changelog

1.3.10

:include_notes_from: unreleased_13

.. changelog::

1.3.9

:released: October 4, 2019

 .. change::
     :tags: usecase, engine
     :tickets: 4857

     Added new :func:`.create_engine` parameter
     :paramref:`.create_engine.max_identifier_length`. This overrides the
     dialect-coded "max identifier length" in order to accommodate for databases
     that have recently changed this length and the SQLAlchemy dialect has
     not yet been adjusted to detect for that version.  This parameter interacts
     with the existing :paramref:`.create_engine.label_length` parameter in that
     it establishes the maximum (and default) value for anonymously generated
     labels.   Additionally, post-connection detection of max identifier lengths
     has been added to the dialect system.  This feature is first being used
     by the Oracle dialect.

     .. seealso::

         :ref:`oracle_max_identifier_lengths` - in the Oracle dialect documentation

 .. change::
     :tags: usecase, oracle
     :tickets: 4857

     The Oracle dialect now emits a warning if Oracle version 12.2 or greater is
     used, and the :paramref:`.create_engine.max_identifier_length` parameter is
     not set.   The version in this specific case defaults to that of the
     "compatibility" version set in the Oracle server configuration, not the
     actual server version.   In version 1.4, the default max_identifier_length
     for 12.2 or greater will move to 128 characters.  In order to maintain
     forwards compatibility, applications should set
     :paramref:`.create_engine.max_identifier_length` to 30 in order to maintain
     the same length behavior, or to 128 in order to test the upcoming behavior.
     This length determines among other things how generated constraint names
     are truncated for statements like ``CREATE CONSTRAINT`` and ``DROP
     CONSTRAINT``, which means a the new length may produce a name-mismatch
     against a name that was generated with the old length, impacting database
     migrations.

     .. seealso::

         :ref:`oracle_max_identifier_lengths` - in the Oracle dialect documentation

 .. change::
     :tags: usecase, sqlite
     :tickets: 4863

     Added support for sqlite "URI" connections, which allow for sqlite-specific
     flags to be passed in the query string such as "read only" for Python
     sqlite3 drivers that support this.

     .. seealso::

         :ref:`pysqlite_uri_connections`

 .. change::
     :tags: bug, tests
     :tickets: 4285

     Fixed unit test regression released in 1.3.8 that would cause failure for
     Oracle, SQL Server and other non-native ENUM platforms due to new
     enumeration tests added as part of :ticket:`4285` enum sortability in the
     unit of work; the enumerations created constraints that were duplicated on
     name.

 .. change::
     :tags: bug, oracle
     :tickets: 4886

     Restored adding cx_Oracle.DATETIME to the setinputsizes() call when a
     SQLAlchemy :class:`.Date`, :class:`.DateTime` or :class:`.Time` datatype is
     used, as some complex queries require this to be present.  This was removed
     in the 1.2 series for arbitrary reasons.

 .. change::
     :tags: bug, mssql
     :tickets: 4883

     Added identifier quoting to the schema name applied to the "use" statement
     which is invoked when a SQL Server multipart schema name is used within  a
     :class:`.Table` that is being reflected, as well as for :class:`.Inspector`
     methods such as :meth:`.Inspector.get_table_names`; this accommodates for
     special characters or spaces in the database name.  Additionally, the "use"
     statement is not emitted if the current database matches the target owner
     database name being passed.

 .. change::
     :tags: bug, orm
     :tickets: 4872

     Fixed regression in selectinload loader strategy caused by :ticket:`4775`
     (released in version 1.3.6) where a many-to-one attribute of None would no
     longer be populated by the loader.  While this was usually not noticeable
     due to the lazyloader populating None upon get, it would lead to a detached
     instance error if the object were detached.

 .. change::
     :tags: bug, orm
     :tickets: 4873

     Passing a plain string expression to :meth:`.Session.query` is deprecated,
     as all string coercions were removed in :ticket:`4481` and this one should
     have been included.   The :func:`.literal_column` function may be used to
     produce a textual column expression.

 .. change::
     :tags: usecase, sql
     :tickets: 4847

     Added an explicit error message for the case when objects passed to
     :class:`.Table` are not :class:`.SchemaItem` objects, rather than resolving
     to an attribute error.


 .. change::
     :tags: bug, orm
     :tickets: 4890

     A warning is emitted for a condition in which the :class:`.Session` may
     implicitly swap an object out of the identity map for another one with the
     same primary key, detaching the old one, which can be an observed result of
     load operations which occur within the :meth:`.SessionEvents.after_flush`
     hook.  The warning is intended to notify the user that some special
     condition has caused this to happen and that the previous object may not be
     in the expected state.

 .. change::
     :tags: bug, sql
     :tickets: 4837

     Characters that interfere with "pyformat" or "named" formats in bound
     parameters, namely ``%, (, )`` and the space character, as well as a few
     other typically undesirable characters, are stripped early for a
     :func:`.bindparam` that is using an anonymized name, which is typically
     generated automatically from a named column which itself includes these
     characters in its name and does not use a ``.key``, so that they do not
     interfere either with the SQLAlchemy compiler's use of string formatting or
     with the driver-level parsing of the parameter, both of which could be
     demonstrated before the fix.  The change only applies to anonymized
     parameter names that are generated and consumed internally, not end-user
     defined names, so the change should have no impact on any existing code.
     Applies in particular to the psycopg2 driver which does not otherwise quote
     special parameter names, but also strips leading underscores to suit Oracle
     (but not yet leading numbers, as some anon parameters are currently
     entirely numeric/underscore based); Oracle in any case continues to quote
     parameter names that include special characters.

.. changelog::

1.3.8

:released: August 27, 2019

 .. change::
     :tags: bug, orm
     :tickets: 4823

     Fixed bug where :class:`.Load` objects were not pickleable due to
     mapper/relationship state in the internal context dictionary.  These
     objects are now converted to picklable using similar techniques as that of
     other elements within the loader option system that have long been
     serializable.

 .. change::
     :tags: bug, postgresql
     :tickets: 4623

     Revised the approach for the just added support for the psycopg2
     "execute_values()" feature added in 1.3.7 for :ticket:`4623`.  The approach
     relied upon a regular expression that would fail to match for a more
     complex INSERT statement such as one which had subqueries involved.   The
     new approach matches exactly the string that was rendered as the VALUES
     clause.

 .. change::
     :tags: usecase, orm
     :tickets: 4285

     Added support for the use of an :class:`.Enum` datatype using Python
     pep-435 enumeration objects as values for use as a primary key column
     mapped by the ORM.  As these values are not inherently sortable, as
     required by the ORM for primary keys, a new
     :attr:`.TypeEngine.sort_key_function` attribute is added to the typing
     system which allows any SQL type to  implement a sorting for Python objects
     of its type which is consulted by the unit of work.   The :class:`.Enum`
     type then defines this using the  database value of a given enumeration.
     The sorting scheme can be  also be redefined by passing a callable to the
     :paramref:`.Enum.sort_key_function` parameter.  Pull request courtesy
     Nicolas Caniart.

 .. change::
     :tags: bug, engine
     :tickets: 4807

     Fixed an issue whereby if the dialect "initialize" process which occurs on
     first connect would encounter an unexpected exception, the initialize
     process would fail to complete and then no longer attempt on subsequent
     connection attempts, leaving the dialect in an un-initialized, or partially
     initialized state, within the scope of parameters that need to be
     established based on inspection of a live connection.   The "invoke once"
     logic in the event system has been reworked to accommodate for this
     occurrence using new, private API features that establish an "exec once"
     hook that will continue to allow the initializer to fire off on subsequent
     connections, until it completes without raising an exception. This does not
     impact the behavior of the existing ``once=True`` flag within the event
     system.

 .. change::
     :tags: bug, sqlite, reflection
     :tickets: 4810

     Fixed bug where a FOREIGN KEY that was set up to refer to the parent table
     by table name only without the column names would not correctly be
     reflected as far as setting up the "referred columns", since SQLite's
     PRAGMA does not report on these columns if they weren't given explicitly.
     For some reason this was harcoded to assume the name of the local column,
     which might work for some cases but is not correct. The new approach
     reflects the primary key of the referred table and uses the constraint
     columns list as the referred columns list, if the remote column(s) aren't
     present in the reflected pragma directly.


 .. change::
     :tags: bug, postgresql
     :tickets: 4822

     Fixed bug where Postgresql operators such as
     :meth:`.postgresql.ARRAY.Comparator.contains` and
     :meth:`.postgresql.ARRAY.Comparator.contained_by` would fail to function
     correctly for non-integer values when used against a
     :class:`.postgresql.array` object, due to an erroneous assert statement.

 .. change::
     :tags: feature, engine
     :tickets: 4815

     Added new parameter :paramref:`.create_engine.hide_parameters` which when
     set to True will cause SQL parameters to no longer be logged, nor rendered
     in the string representation of a :class:`.StatementError` object.


 .. change::
     :tags: usecase, postgresql
     :tickets: 4824

     Added support for reflection of CHECK constraints that include the special
     PostgreSQL qualifier "NOT VALID", which can be present for CHECK
     constraints that were added to an exsiting table with the directive that
     they not be applied to existing data in the table. The PostgreSQL
     dictionary for CHECK constraints as returned by
     :meth:`.Inspector.get_check_constraints` may include an additional entry
     ``dialect_options`` which within will contain an entry ``"not_valid":
     True`` if this symbol is detected.   Pull request courtesy Bill Finn.

.. changelog::

1.3.7

:released: August 14, 2019

 .. change::
     :tags: bug, sql
     :tickets: 4778

     Fixed issue where :class:`.Index` object which contained a mixture of
     functional expressions which were not resolvable to a particular column,
     in combination with string-based column names, would fail to initialize
     its internal state correctly leading to failures during DDL compilation.

 .. change::
     :tags: bug, sqlite
     :tickets: 4798

     The dialects that support json are supposed to take arguments
     ``json_serializer`` and ``json_deserializer`` at the create_engine() level,
     however the SQLite dialect calls them ``_json_serilizer`` and
     ``_json_deserilalizer``.  The names have been corrected, the old names are
     accepted with a change warning, and these parameters are now documented as
     :paramref:`.create_engine.json_serializer` and
     :paramref:`.create_engine.json_deserializer`.


 .. change::
     :tags: bug, mysql
     :tickets: 4804

     The MySQL dialects will emit "SET NAMES" at the start of a connection when
     charset is given to the MySQL driver, to appease an apparent behavior
     observed in MySQL 8.0 that raises a collation error when a UNION includes
     string columns unioned against columns of the form CAST(NULL AS CHAR(..)),
     which is what SQLAlchemy's polymorphic_union function does.   The issue
     seems to have affected PyMySQL for at least a year, however has recently
     appeared as of mysqlclient 1.4.4 based on changes in how this DBAPI creates
     a connection.  As the presence of this directive impacts three separate
     MySQL charset settings which each have intricate effects based on their
     presense,  SQLAlchemy will now emit the directive on new connections to
     ensure correct behavior.

 .. change::
     :tags: usecase, postgresql
     :tickets: 4623

     Added new dialect flag for the psycopg2 dialect, ``executemany_mode`` which
     supersedes the previous experimental ``use_batch_mode`` flag.
     ``executemany_mode`` supports both the "execute batch" and "execute values"
     functions provided by psycopg2, the latter which is used for compiled
     :func:`.insert` constructs.   Pull request courtesy Yuval Dinari.

     .. seealso::

         :ref:`psycopg2_executemany_mode`




 .. change::
     :tags: bug, sql
     :tickets: 4787

     Fixed bug where :meth:`.TypeEngine.column_expression` method would not be
     applied to subsequent SELECT statements inside of a UNION or other
     :class:`.CompoundSelect`, even though the SELECT statements are rendered at
     the topmost level of the statement.   New logic now differentiates between
     rendering the column expression, which is needed for all SELECTs in the
     list, vs. gathering the returned data type for the result row, which is
     needed only for the first SELECT.

 .. change::
     :tags: bug, sqlite
     :tickets: 4793

     Fixed bug where usage of "PRAGMA table_info" in SQLite dialect meant that
     reflection features to detect for table existence, list of table columns,
     and list of foreign keys, would default to any table in any attached
     database, when no schema name was given and the table did not exist in the
     base schema.  The fix explicitly runs PRAGMA for the 'main' schema and then
     the 'temp' schema if the 'main' returned no rows, to maintain the behavior
     of tables + temp tables in the "no schema" namespace, attached tables only
     in the "schema" namespace.


 .. change::
     :tags: bug, sql
     :tickets: 4780

     Fixed issue where internal cloning of SELECT constructs could lead to a key
     error if the copy of the SELECT changed its state such that its list of
     columns changed.  This was observed to be occurring in some ORM scenarios
     which may be unique to 1.3 and above, so is partially a regression fix.



 .. change::
     :tags: bug, orm
     :tickets: 4777

     Fixed regression caused by new selectinload for many-to-one logic where
     a primaryjoin condition not based on real foreign keys would cause
     KeyError if a related object did not exist for a given key value on the
     parent object.

 .. change::
     :tags: usecase, mysql
     :tickets: 4783

     Added reserved words ARRAY and MEMBER to the MySQL reserved words list, as
     MySQL 8.0 has now made these reserved.


 .. change::
     :tags: bug, events
     :tickets: 4794

     Fixed issue in event system where using the ``once=True`` flag with
     dynamically generated listener functions would cause event registration of
     future events to fail if those listener functions were garbage collected
     after they were used, due to an assumption that a listened function is
     strongly referenced.  The "once" wrapped is now modified to strongly
     reference the inner function persistently, and documentation is updated
     that using "once" does not imply automatic de-registration of listener
     functions.

 .. change::
     :tags: bug, mysql
     :tickets: 4751

     Added another fix for an upstream MySQL 8 issue where a case sensitive
     table name is reported incorrectly in foreign key constraint reflection,
     this is an extension of the fix first added for :ticket:`4344` which
     affects a case sensitive column name.  The new issue occurs through MySQL
     8.0.17, so the general logic of the 88718 fix remains in place.

     .. seealso::

         https://bugs.mysql.com/bug.php?id=96365 - upstream bug


 .. change::
     :tags: usecase, mssql
     :tickets: 4782

     Added new :func:`.mssql.try_cast` construct for SQL Server which emits
     "TRY_CAST" syntax.  Pull request courtesy Leonel Atencio.

 .. change::
     :tags: bug, orm
     :tickets: 4803

     Fixed bug where using :meth:`.Query.first` or a slice expression in
     conjunction with a query that has an expression based "offset" applied
     would raise TypeError, due to an "or" conditional against "offset" that did
     not expect it to be a SQL expression as opposed to an integer or None.


.. changelog::

1.3.6

:released: July 21, 2019

 .. change::
     :tags: bug, engine
     :tickets: 4754

     Fixed bug where using reflection function such as :meth:`.MetaData.reflect`
     with an :class:`.Engine` object that had execution options applied to it
     would fail, as the resulting :class:`.OptionEngine` proxy object failed to
     include a ``.engine`` attribute used within the reflection routines.

 .. change::
     :tags: bug, mysql
     :tickets: 4743

     Fixed bug where the special logic to render "NULL" for the
     :class:`.TIMESTAMP` datatype when ``nullable=True`` would not work if the
     column's datatype were a :class:`.TypeDecorator` or a :class:`.Variant`.
     The logic now ensures that it unwraps down to the original
     :class:`.TIMESTAMP` so that this special case NULL keyword is correctly
     rendered when requested.

 .. change::
     :tags: performance, orm
     :tickets: 4775

     The optimization applied to selectin loading in :ticket:`4340` where a JOIN
     is not needed to eagerly load related items is now applied to many-to-one
     relationships as well, so that only the related table is queried for a
     simple join condition.   In this case, the related items are queried
     based on the value of a foreign key column on the parent; if these columns
     are deferred or otherwise not loaded on any of the parent objects in
     the collection, the loader falls back to the JOIN method.


 .. change::
     :tags: bug, orm
     :tickets: 4773

     Fixed regression caused by :ticket:`4365` where a join from an entity to
     itself without using aliases no longer raises an informative error message,
     instead failing on an assertion.  The informative error condition has been
     restored.


 .. change::
     :tags: orm, feature
     :tickets: 4736

     Added new loader option method :meth:`.Load.options` which allows loader
     options to be constructed hierarchically, so that many sub-options can be
     applied to a particular path without needing to call :func:`.defaultload`
     many times.  Thanks to Alessio Bogon for the idea.


 .. change::
     :tags: usecase, postgresql
     :tickets: 4771

     Added support for reflection of indexes on PostgreSQL partitioned tables,
     which was added to PostgreSQL as of version 11.

 .. change::
    :tags: bug, mysql
    :tickets: 4624

    Enhanced MySQL/MariaDB version string parsing to accommodate for exotic
    MariaDB version strings where the "MariaDB" word is embedded among other
    alphanumeric characters such as "MariaDBV1".   This detection is critical in
    order to correctly accommodate for API features that have split between MySQL
    and MariaDB such as the "transaction_isolation" system variable.


 .. change::
     :tags: bug, mssql
     :tickets: 4745

     Ensured that the queries used to reflect indexes and view definitions will
     explicitly CAST string parameters into NVARCHAR, as many SQL Server drivers
     frequently treat string values, particularly those with non-ascii
     characters or larger string values, as TEXT which often don't compare
     correctly against VARCHAR characters in SQL Server's information schema
     tables for some reason.    These CAST operations already take place for
     reflection queries against SQL Server ``information_schema.`` tables but
     were missing from three additional queries that are against ``sys.``
     tables.

 .. change::
     :tags: bug, orm
     :tickets: 4713

     Fixed an issue where the :meth:`.orm._ORMJoin.join` method, which is a
     not-internally-used ORM-level method that exposes what is normally an
     internal process of :meth:`.Query.join`, did not propagate the ``full`` and
     ``outerjoin`` keyword arguments correctly.  Pull request courtesy Denis
     Kataev.

 .. change::
     :tags: bug, sql
     :tickets: 4758

     Adjusted the initialization for :class:`.Enum` to minimize how often it
     invokes the ``.__members__`` attribute of a given PEP-435 enumeration
     object, to suit the case where this attribute is expensive to invoke, as is
     the case for some popular third party enumeration libraries.


 .. change::
     :tags: bug, orm
     :tickets: 4772

     Fixed bug where a many-to-one relationship that specified ``uselist=True``
     would fail to update correctly during a primary key change where a related
     column needs to change.


 .. change::
     :tags: bug, orm
     :tickets: 4772

     Fixed bug where the detection for many-to-one or one-to-one use with a
     "dynamic" relationship, which is an invalid configuration, would fail to
     raise if the relationship were configured with ``uselist=True``.  The
     current fix is that it warns, instead of raises, as this would otherwise be
     backwards incompatible, however in a future release it will be a raise.


 .. change::
     :tags: bug, orm
     :tickets: 4767

     Fixed bug where a synonym created against a mapped attribute that does not
     exist yet, as is the case when it refers to backref before mappers are
     configured, would raise recursion errors when trying to test for attributes
     on it which ultimately don't exist (as occurs when the classes are run
     through Sphinx autodoc), as the unconfigured state of the synonym would put
     it into an attribute not found loop.


 .. change::
     :tags: usecase, postgresql
     :tickets: 4756

     Added support for multidimensional Postgresql array literals via nesting
     the :class:`.postgresql.array` object within another one.  The
     multidimensional array type is detected automatically.

     .. seealso::

         :class:`.postgresql.array`

 .. change::
     :tags: bug, sql, postgresql
     :tickets: 4760

     Fixed issue where the :class:`.array_agg` construct in combination with
     :meth:`.FunctionElement.filter` would not produce the correct operator
     precedence in combination with the array index operator.


 .. change::
     :tags: bug, sql
     :tickets: 4747

     Fixed an unlikely issue where the "corresponding column" routine for unions
     and other :class:`.CompoundSelect` objects could return the wrong column in
     some overlapping column situtations, thus potentially impacting some ORM
     operations when set operations are in use, if the underlying
     :func:`.select` constructs were used previously in other similar kinds of
     routines, due to a cached value not being cleared.

 .. change::
     :tags: usecase, sqlite
     :tickets: 4766

     Added support for composite (tuple) IN operators with SQLite, by rendering
     the VALUES keyword for this backend.  As other backends such as DB2 are
     known to use the same syntax, the syntax is enabled in the base compiler
     using a dialect-level flag ``tuple_in_values``.   The change also includes
     support for "empty IN tuple" expressions for SQLite when using "in_()"
     between a tuple value and an empty set.


.. changelog::

1.3.5

:released: June 17, 2019

 .. change::
     :tags: bug, mysql
     :tickets: 4715

     Fixed bug where MySQL ON DUPLICATE KEY UPDATE would not accommodate setting
     a column to the value NULL.  Pull request courtesy Lukáš Banič.

 .. change::
     :tags: bug, orm
     :tickets: 4723

     Fixed a series of related bugs regarding joined table inheritance more than
     two levels deep, in conjunction with modification to primary key values,
     where those primary key columns are also linked together in a foreign key
     relationship as is typical for joined table inheritance.  The intermediary
     table in a  three-level inheritance hierarchy will now get its UPDATE if
     only the primary key value has changed and passive_updates=False (e.g.
     foreign key constraints not being enforced), whereas before it would be
     skipped; similarly, with passive_updates=True (e.g. ON UPDATE  CASCADE in
     effect), the third-level table will not receive an UPDATE statement as was
     the case earlier which would fail since CASCADE already modified it.   In a
     related issue, a relationship linked to a three-level inheritance hierarchy
     on the primary key of an intermediary table of a joined-inheritance
     hierarchy will also correctly have its foreign key column updated when the
     parent object's primary key is modified, even if that parent object is a
     subclass of the linked parent class, whereas before these classes would
     not be counted.

 .. change::
     :tags: bug, orm
     :tickets: 4729

     Fixed bug where the :attr:`.Mapper.all_orm_descriptors` accessor would
     return an entry for the :class:`.Mapper` itself under the declarative
     ``__mapper___`` key, when this is not a descriptor.  The ``.is_attribute``
     flag that's present on all :class:`.InspectionAttr` objects is now
     consulted, which has also been modified to be ``True`` for an association
     proxy, as it was erroneously set to False for this object.

 .. change::
     :tags: bug, orm
     :tickets: 4704

     Fixed regression in :meth:`.Query.join` where the ``aliased=True`` flag
     would not properly apply clause adaptation to filter criteria, if a
     previous join were made to the same entity.  This is because the adapters
     were placed in the wrong order.   The order has been reversed so that the
     adapter for the most recent ``aliased=True`` call takes precedence as was
     the case in 1.2 and earlier.  This broke the "elementtree" examples among
     other things.

 .. change::
     :tags: bug, orm, py3k
     :tickets: 4674

     Replaced the Python compatbility routines for ``getfullargspec()`` with a
     fully vendored version from Python 3.3.  Originally, Python was emitting
     deprecation warnings for this function in Python 3.8 alphas.  While this
     change was reverted, it was observed that Python 3 implementations for
     ``getfullargspec()`` are an order of magnitude slower as of the 3.4 series
     where it was rewritten against ``Signature``.  While Python plans to
     improve upon this situation, SQLAlchemy projects for now are using a simple
     replacement to avoid any future issues.

 .. change::
     :tags: bug, orm
     :tickets: 4694

     Reworked the attribute mechanics used by :class:`.AliasedClass` to no
     longer rely upon calling ``__getattribute__`` on the MRO of the wrapped
     class, and to instead resolve the attribute normally on the wrapped class
     using getattr(), and then unwrap/adapt that.  This allows a greater range
     of attribute styles on the mapped class including special ``__getattr__()``
     schemes; but it also makes the code simpler and more resilient in general.

 .. change::
     :tags: usecase, postgresql
     :tickets: 4717

     Added support for column sorting flags when reflecting indexes for
     PostgreSQL, including ASC, DESC, NULLSFIRST, NULLSLAST.  Also adds this
     facility to the reflection system in general which can be applied to other
     dialects in future releases.  Pull request courtesy Eli Collins.

 .. change::
     :tags: bug, postgresql
     :tickets: 4701

     Fixed bug where PostgreSQL dialect could not correctly reflect an ENUM
     datatype that has no members, returning a list with ``None`` for the
     ``get_enums()`` call and raising a TypeError when reflecting a column which
     has such a datatype.   The inspection now returns an empty list.

 .. change::
     :tags: bug, sql
     :tickets: 4730

     Fixed a series of quoting issues which all stemmed from the concept of the
     :func:`.literal_column` construct, which when being "proxied" through a
     subquery to be referred towards by a label that matches its text, the label
     would not have quoting rules applied to it, even if the string in the
     :class:`.Label` were set up as a :class:`.quoted_name` construct.  Not
     applying quoting to the text of the :class:`.Label` is a bug because this
     text is strictly a SQL identifier name and not a SQL expression, and the
     string should not have quotes embedded into it already unlike the
     :func:`.literal_column` which it may be applied towards.   The existing
     behavior of a non-labeled :func:`.literal_column` being propagated as is on
     the outside of a subquery is maintained in order to help with manual
     quoting schemes, although it's not clear if valid SQL can be generated for
     such a construct in any case.

.. changelog::

1.3.4

:released: May 27, 2019

 .. change::
     :tags: feature, mssql
     :tickets: 4657

     Added support for SQL Server filtered indexes, via the ``mssql_where``
     parameter which works similarly to that of the ``postgresql_where`` index
     function in the PostgreSQL dialect.

     .. seealso::

         :ref:`mssql_index_where`

 .. change::
    :tags: bug, misc
    :tickets: 4625

    Removed errant "sqla_nose.py" symbol from MANIFEST.in which created an
    undesirable warning message.

 .. change::
     :tags: bug, sql
     :tickets: 4653

     Fixed that the :class:`.GenericFunction` class was inadvertently
     registering itself as one of the named functions.  Pull request courtesy
     Adrien Berchet.

 .. change::
    :tags: bug, engine, postgresql
    :tickets: 4663

    Moved the "rollback" which occurs during dialect initialization so that it
    occurs after additional dialect-specific initialize steps, in particular
    those of the psycopg2 dialect which would inadvertently leave transactional
    state on the first new connection, which could interfere with some
    psycopg2-specific APIs which require that no transaction is started.  Pull
    request courtesy Matthew Wilkes.


 .. change::
     :tags: bug, orm
     :tickets: 4695

     Fixed issue where the :paramref:`.AttributeEvents.active_history` flag
     would not be set for an event listener that propgated to a subclass via the
     :paramref:`.AttributeEvents.propagate` flag.   This bug has been present
     for the full span of the :class:`.AttributeEvents` system.


 .. change::
     :tags: bug, orm
     :tickets: 4690

     Fixed regression where new association proxy system was still not proxying
     hybrid attributes when they made use of the ``hybrid_property.expression``
     decorator to return an alternate SQL expression, or when the hybrid
     returned an arbitrary :class:`.PropComparator`, at the expression level.
     This involved further generalization of the heuristics used to detect the
     type of object being proxied at the level of :class:`.QueryableAttribute`,
     to better detect if the descriptor ultimately serves mapped classes or
     column expressions.

 .. change::
     :tags: bug, orm
     :tickets: 4686

     Applied the mapper "configure mutex" against the declarative class mapping
     process, to guard against the race which can occur if mappers are used
     while dynamic module import schemes are still in the process of configuring
     mappers for related classes.  This does not guard against all possible race
     conditions, such as if the concurrent import has not yet encountered the
     dependent classes as of yet, however it guards against as much as possible
     within the SQLAlchemy declarative process.

 .. change::
     :tags: bug, mssql
     :tickets: 4680

     Added error code 20047 to "is_disconnect" for pymssql.  Pull request
     courtesy Jon Schuff.


 .. change::
    :tags: bug, postgresql, orm
    :tickets: 4661

    Fixed an issue where the "number of rows matched" warning would emit even if
    the dialect reported "supports_sane_multi_rowcount=False", as is the case
    for psycogp2 with ``use_batch_mode=True`` and others.


 .. change::
     :tags: bug, sql
     :tickets: 4618

     Fixed issue where double negation of a boolean column wouldn't reset
     the "NOT" operator.

 .. change::
     :tags: mysql, bug
     :tickets: 4650

     Added support for DROP CHECK constraint which is required by MySQL 8.0.16
     to drop a CHECK constraint; MariaDB supports plain DROP CONSTRAINT.  The
     logic distinguishes between the two syntaxes by checking the server version
     string for MariaDB presence.    Alembic migrations has already worked
     around this issue by implementing its own DROP for MySQL / MariaDB CHECK
     constraints, however this change implements it straight in Core so that its
     available for general use.   Pull request courtesy Hannes Hansen.

 .. change::
    :tags: bug, orm
    :tickets: 4647

    A warning is now emitted for the case where a transient object is being
    merged into the session with :meth:`.Session.merge` when that object is
    already transient in the :class:`.Session`.   This warns for the case where
    the object would normally be double-inserted.


 .. change::
     :tags: bug, orm
     :tickets: 4676

     Fixed regression in new relationship m2o comparison logic first introduced
     at :ref:`change_4359` when comparing to an attribute that is persisted as
     NULL and is in an un-fetched state in the mapped instance.  Since the
     attribute has no explicit default, it needs to default to NULL when
     accessed in a persistent setting.


 .. change::
     :tags: bug, sql
     :tickets: 4569

     The :class:`.GenericFunction` namespace is being migrated so that function
     names are looked up in a case-insensitive manner, as SQL  functions do not
     collide on case sensitive differences nor is this something which would
     occur with user-defined functions or stored procedures.   Lookups for
     functions declared with :class:`.GenericFunction` now use a case
     insensitive scheme,  however a deprecation case is supported which allows
     two or more :class:`.GenericFunction` objects with the same name of
     different cases to exist, which will cause case sensitive lookups to occur
     for that particular name, while emitting a warning at function registration
     time.  Thanks to Adrien Berchet for a lot of work on this complicated
     feature.


.. changelog::

1.3.3

:released: April 15, 2019

 .. change::
     :tags: bug, postgresql
     :tickets: 4601

     Fixed regression from release 1.3.2 caused by :ticket:`4562` where a URL
     that contained only a query string and no hostname, such as for the
     purposes of specifying a service file with connection information, would no
     longer be propagated to psycopg2 properly.   The change in :ticket:`4562`
     has been adjusted to further suit psycopg2's exact requirements, which is
     that if there are any connection parameters whatsoever, the "dsn" parameter
     is no longer required, so in this case the query string parameters are
     passed alone.

 .. change::
    :tags: bug, pool
    :tickets: 4585

    Fixed behavioral regression as a result of deprecating the "use_threadlocal"
    flag for :class:`.Pool`, where the :class:`.SingletonThreadPool` no longer
    makes use of this option which causes the "rollback on return" logic to take
    place when the same :class:`.Engine` is used multiple times in the context
    of a transaction to connect or implicitly execute, thereby cancelling the
    transaction.   While this is not the recommended way to work with engines
    and connections, it is nonetheless a confusing behavioral change as when
    using :class:`.SingletonThreadPool`, the transaction should stay open
    regardless of what else is done with the same engine in the same thread.
    The ``use_threadlocal`` flag remains deprecated however the
    :class:`.SingletonThreadPool` now implements its own version of the same
    logic.


 .. change::
    :tags: bug, orm
    :tickets: 4584

    Fixed 1.3 regression in new "ambiguous FROMs" query logic introduced in
    :ref:`change_4365` where a :class:`.Query` that explicitly places an entity
    in the FROM clause with :meth:`.Query.select_from` and also joins to it
    using :meth:`.Query.join` would later cause an "ambiguous FROM" error if
    that entity were used in additional joins, as the entity appears twice in
    the "from" list of the :class:`.Query`.  The fix resolves this ambiguity by
    folding the standalone entity into the join that it's already a part of in
    the same way that ultimately happens when the SELECT statement is rendered.

 .. change::
     :tags: bug, ext
     :tickets: 4603

     Fixed bug where using ``copy.copy()`` or ``copy.deepcopy()`` on
     :class:`.MutableList` would cause the items within the list to be
     duplicated, due to an inconsistency in how Python pickle and copy both make
     use of ``__getstate__()`` and ``__setstate__()`` regarding lists.  In order
     to resolve, a ``__reduce_ex__`` method had to be added to
     :class:`.MutableList`.  In order to maintain backwards compatibility with
     existing pickles based on ``__getstate__()``, the ``__setstate__()`` method
     remains as well; the test suite asserts that pickles made against the old
     version of the class can still be deserialized by the pickle module.

 .. change::
    :tags: bug, orm
    :tickets: 4606

    Adjusted the :meth:`.Query.filter_by` method to not call :func:`.and()`
    internally against multiple criteria, instead passing it off to
    :meth:`.Query.filter` as a series of criteria, instead of a single criteria.
    This allows :meth:`.Query.filter_by` to defer to :meth:`.Query.filter`'s
    treatment of variable numbers of clauses, including the case where the list
    is empty.  In this case, the :class:`.Query` object will not have a
    ``.whereclause``, which allows subsequent "no whereclause" methods like
    :meth:`.Query.select_from` to behave consistently.

 .. change::
    :tags: bug, mssql
    :tickets: 4587

    Fixed issue in SQL Server dialect where if a bound parameter were present in
    an ORDER BY expression that would ultimately not be rendered in the SQL
    Server version of the statement, the parameters would still be part of the
    execution parameters, leading to DBAPI-level errors.  Pull request courtesy
    Matt Lewellyn.

.. changelog::

1.3.2

:released: April 2, 2019

 .. change::
    :tags: bug, documentation, sql
    :tickets: 4580

    Thanks to :ref:`change_3981`, we no longer need to rely on recipes that
    subclass dialect-specific types directly, :class:`.TypeDecorator` can now
    handle all cases.   Additionally, the above change made it slightly less
    likely that a direct subclass of a base SQLAlchemy type would work as
    expected, which could be misleading.  Documentation has been updated to use
    :class:`.TypeDecorator` for these examples including the PostgreSQL
    "ArrayOfEnum" example datatype and direct support for the "subclass a type
    directly" has been removed.

 .. change::
    :tags: bug, postgresql
    :tickets: 4550

    Modified the :paramref:`.Select.with_for_update.of` parameter so that if a
    join or other composed selectable is passed, the individual :class:`.Table`
    objects will be filtered from it, allowing one to pass a join() object to
    the parameter, as occurs normally when using joined table inheritance with
    the ORM.  Pull request courtesy Raymond Lu.


 .. change::
     :tags: feature, postgresql
     :tickets: 4562

     Added support for parameter-less connection URLs for the psycopg2 dialect,
     meaning, the URL can be passed to :func:`.create_engine` as
     ``"postgresql+psycopg2://"`` with no additional arguments to indicate an
     empty DSN passed to libpq, which indicates to connect to "localhost" with
     no username, password, or database given. Pull request courtesy Julian
     Mehnle.

 .. change::
    :tags: bug, orm, ext
    :tickets: 4574, 4573

    Restored instance-level support for plain Python descriptors, e.g.
    ``property`` objects, in conjunction with association proxies, in that if
    the proxied object is not within ORM scope at all, it gets classified as
    "ambiguous" but is proxed directly.  For class level access, a basic class
    level``__get__()`` now returns the
    :class:`.AmbiguousAssociationProxyInstance` directly, rather than raising
    its exception, which is the closest approximation to the previous behavior
    that returned the :class:`.AssociationProxy` itself that's possible.  Also
    improved the stringification of these objects to be more descriptive of
    current state.

 .. change::
    :tags: bug, orm
    :tickets: 4537

    Fixed bug where use of :func:`.with_polymorphic` or other aliased construct
    would not properly adapt when the aliased target were used as the
    :meth:`.Select.correlate_except` target of a subquery used inside of a
    :func:`.column_property`. This required a fix to the clause adaption
    mechanics to properly handle a selectable that shows up in the "correlate
    except" list, in a similar manner as which occurs for selectables that show
    up in the "correlate" list.  This is ultimately a fairly fundamental bug
    that has lasted for a long time but it is hard to come across it.


 .. change::
    :tags: bug, orm
    :tickets: 4566

    Fixed regression where a new error message that was supposed to raise when
    attempting to link a relationship option to an AliasedClass without using
    :meth:`.PropComparator.of_type` would instead raise an ``AttributeError``.
    Note that in 1.3, it is no longer valid to create an option path from a
    plain mapper relationship to an :class:`.AliasedClass` without using
    :meth:`.PropComparator.of_type`.

.. changelog::

Links

• PyPI: https://pypi.org/project/sqlalchemy
• Changelog: https://pyup.io/changelogs/sqlalchemy/
• Homepage: http://www.sqlalchemy.org

Update Werkzeug from 0.15.1 to 0.16.0.

Changelog

0.16.0

--------------

Unreleased

-   Deprecate most top-level attributes provided by the ``werkzeug``
 module in favor of direct imports. The deprecated imports will be
 removed in version 1.0.

 For example, instead of ``import werkzeug; werkzeug.url_quote``, do
 ``from werkzeug.urls import url_quote``. A deprecation warning will
 show the correct import to use. ``werkzeug.exceptions`` and
 ``werkzeug.routing`` should also be imported instead of accessed,
 but for technical reasons can't show a warning.

 :issue:`2`, :pr:`1640`

0.15.6

--------------

Released 2019-09-04

-   Work around a bug in pip that caused the reloader to fail on
 Windows when the script was an entry point. This fixes the issue
 with Flask's `flask run` command failing with "No module named
 Scripts\flask". :issue:`1614`
-   ``ProxyFix`` trusts the ``X-Forwarded-Proto`` header by default.
 :issue:`1630`
-   The deprecated ``num_proxies`` argument to ``ProxyFix`` sets
 ``x_for``, ``x_proto``, and ``x_host`` to match 0.14 behavior. This
 is intended to make intermediate upgrades less disruptive, but the
 argument will still be removed in 1.0. :issue:`1630`

0.15.5

--------------

Released 2019-07-17

-   Fix a ``TypeError`` due to changes to ``ast.Module`` in Python 3.8.
 :issue:`1551`
-   Fix a C assertion failure in debug builds of some Python 2.7
 releases. :issue:`1553`
-   :class:`~exceptions.BadRequestKeyError` adds the ``KeyError``
 message to the description if ``e.show_exception`` is set to
 ``True``. This is a more secure default than the original 0.15.0
 behavior and makes it easier to control without losing information.
 :pr:`1592`
-   Upgrade the debugger to jQuery 3.4.1. :issue:`1581`
-   Work around an issue in some external debuggers that caused the
 reloader to fail. :issue:`1607`
-   Work around an issue where the reloader couldn't introspect a
 setuptools script installed as an egg. :issue:`1600`
-   The reloader will use ``sys.executable`` even if the script is
 marked executable, reverting a behavior intended for NixOS
 introduced in 0.15. The reloader should no longer cause
 ``OSError: [Errno 8] Exec format error``. :issue:`1482`,
 :issue:`1580`
-   ``SharedDataMiddleware`` safely handles paths with Windows drive
 names. :issue:`1589`

0.15.4

--------------

Released 2019-05-14

-   Fix a ``SyntaxError`` on Python 2.7.5. (:issue:`1544`)

0.15.3

--------------

Released 2019-05-14

-   Properly handle multi-line header folding in development server in
 Python 2.7. (:issue:`1080`)
-   Restore the ``response`` argument to :exc:`~exceptions.Unauthorized`.
 (:pr:`1527`)
-   :exc:`~exceptions.Unauthorized` doesn't add the ``WWW-Authenticate``
 header if ``www_authenticate`` is not given. (:issue:`1516`)
-   The default URL converter correctly encodes bytes to string rather
 than representing them with ``b''``. (:issue:`1502`)
-   Fix the filename format string in
 :class:`~middleware.profiler.ProfilerMiddleware` to correctly handle
 float values. (:issue:`1511`)
-   Update :class:`~middleware.lint.LintMiddleware` to work on Python 3.
 (:issue:`1510`)
-   The debugger detects cycles in chained exceptions and does not time
 out in that case. (:issue:`1536`)
-   When running the development server in Docker, the debugger security
 pin is now unique per container.

0.15.2

--------------

Released 2019-04-02

-   ``Rule`` code generation uses a filename that coverage will ignore.
 The previous value, "generated", was causing coverage to fail.
 (:issue:`1487`)
-   The test client removes the cookie header if there are no persisted
 cookies. This fixes an issue introduced in 0.15.0 where the cookies
 from the original request were used for redirects, causing functions
 such as logout to fail. (:issue:`1491`)
-   The test client copies the environ before passing it to the app, to
 prevent in-place modifications from affecting redirect requests.
 (:issue:`1498`)
-   The ``"werkzeug"`` logger only adds a handler if there is no handler
 configured for its level in the logging chain. This avoids double
 logging if other code configures logging first. (:issue:`1492`)

Links

• PyPI: https://pypi.org/project/werkzeug
• Changelog: https://pyup.io/changelogs/werkzeug/
• Homepage: https://palletsprojects.com/p/werkzeug/

Update coverage from 4.5.3 to 4.5.4.

Changelog

4.5.4

---------------------------

- Multiprocessing support in Python 3.8 was broken, but is now fixed.  Closes
`issue 828`_.

.. _issue 828: https://github.com/nedbat/coveragepy/issues/828


.. _changes_453:

Links

• PyPI: https://pypi.org/project/coverage
• Changelog: https://pyup.io/changelogs/coverage/
• Repo: https://github.com/nedbat/coveragepy

Update ecdsa from 0.13 to 0.13.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/ecdsa
• Changelog: https://pyup.io/changelogs/ecdsa/
• Repo: http://github.com/warner/python-ecdsa

Update paramiko from 2.4.2 to 2.6.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/paramiko
• Changelog: https://pyup.io/changelogs/paramiko/
• Repo: https://github.com/paramiko/paramiko/

Update bcrypt from 3.1.6 to 3.1.7.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/bcrypt
• Repo: https://github.com/pyca/bcrypt/

Update pytz from 2018.9 to 2019.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pytz
• Homepage: http://pythonhosted.org/pytz
• Docs: https://pythonhosted.org/pytz/

Update tzlocal from 1.5.1 to 2.0.0.

Changelog

2.0.0

------------------

- No differences since 2.0.0b3

Links

• PyPI: https://pypi.org/project/tzlocal
• Changelog: https://pyup.io/changelogs/tzlocal/
• Repo: https://github.com/regebro/tzlocal

Update pytest-flask from 0.14.0 to 0.15.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pytest-flask
• Repo: https://github.com/vitalk/pytest-flask