Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump werkzeug from 0.15.4 to 1.0.0 #191

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps werkzeug from 0.15.4 to 1.0.0.

Release notes

Sourced from werkzeug's releases.

1.0.0 Release Candidate 1

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==1.0.0rc1

0.16.1

0.16.0

Most of the top-level attributes in the werkzeug module are now deprecated, and will be removed in 1.0.0.

For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. A deprecation warning will show the correct import to use. werkzeug.exceptions and werkzeug.routing should also be imported instead of accessed, but for technical reasons can’t show a warning.

0.15.6

The issue causing the reloader to fail when running from a setuptools entry point (like flask run) on Windows has been fixed.

0.15.5

Changelog

Sourced from werkzeug's changelog.

Version 1.0.0

Released 2020-02-06

  • Drop support for Python 3.4. (1478)
  • Remove code that issued deprecation warnings in version 0.15. (1477)
  • Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. 2, 1640
  • Added utils.invalidate_cached_property() to invalidate cached properties. (1474)
  • Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as "expires" and "version". (1495)
  • Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. 1562, 1458
  • Add charset=utf-8 to an HTTP exception response's CONTENT_TYPE header. (1526)
  • The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. 913, 1037, 1532
  • The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". 1556
  • The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (1572)
  • Issue a warning when the current server name does not match the configured server name. 760
  • A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. 1584
  • ~exceptions.InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. 1590
  • Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. 1605
  • http.dump_cookie accepts 'None' as a value for samesite. 1549
  • ~test.Client.set_cookie accepts a samesite argument. 1705
  • Support the Content Security Policy header through the Response.content_security_policy data structure. 1617
  • LanguageAccept will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. 450, 1507
  • MIMEAccept uses MIME parameters for specificity when matching. 458, 1574
  • If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. 1469
  • is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. 409
  • SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. 1599
  • Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. 1185
  • Optional request log highlighting with the development server is handled by Click instead of termcolor. 1235
  • Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. 1555
  • FileStorage.save() supports pathlib and 519 PathLike objects. 1653
  • The debugger security pin is unique in containers managed by Podman. 1661
  • Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. 488
  • The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. 1657
  • Map and Rule have a merge_slashes option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. 1286, 1694
  • Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. 1678
  • Add update, setlist, and setlistdefault methods to the Headers data structure. extend method can take MultiDict and kwargs. 1687, 1697
  • The development server accepts paths that start with two slashes, rather than stripping off the first path segment. 491
  • Add access control (Cross Origin Request Sharing, CORS) header properties to the Request and Response wrappers. 1699
  • Accept values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. 1686
  • Added Map.lock_class attribute for alternative implementations. 1702
  • Support matching and building WebSocket rules in the routing system, for use by async frameworks. 1709
  • Range requests that span an entire file respond with 206 instead of 200, to be more compliant with 7233. This may help serving media to older browsers. 410, 1704
  • The ~middleware.shared_data.SharedDataMiddleware default fallback_mimetype is application/octet-stream. If a filename looks like a text mimetype, the utf-8 charset is added to it. This matches the behavior of ~wrappers.BaseResponse and Flask's send_file(). 1689

Version 0.16.1

Released 2020-01-27

... (truncated)
Commits
  • dfde671 release version 1.0.0
  • 1daf2c7 Merge pull request #1712 from pallets/shared-data-charset
  • a8b2df2 SharedDataMiddleware adds utf-8 charset
  • 0474354 Merge pull request #1711 from pallets/video-range
  • 85eaee9 range request always returns 206 status
  • 07e3c97 Merge pull request #1708 from bsolomon1124/master
  • 4249e01 document werkzeug logger
  • 13b6ef0 Merge pull request #1709 from pgjones/websocket
  • ecd0d75 docs cleanup
  • e932a1f Add support for WebSocket rules in the routing
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.4 to 1.0.0.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst)
- [Commits](pallets/werkzeug@0.15.4...1.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Mar 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant