Skip to content
This repository has been archived by the owner on Dec 5, 2019. It is now read-only.

Scheduled weekly dependency update for week 05 #984

Closed
wants to merge 12 commits into from

Conversation

pyup-bot
Copy link
Contributor

@pyup-bot pyup-bot commented Feb 5, 2018

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

Django 1.11.7 » 1.11.10 PyPI | Changelog | Homepage
boto3 1.5.16 » 1.5.22 PyPI | Changelog | Repo
botocore 1.8.30 » 1.8.36 PyPI | Changelog | Repo
raven 6.4.0 » 6.5.0 PyPI | Changelog | Repo
msgpack-python 0.5.1 » 0.5.2 PyPI | Homepage
certifi 2017.11.5 » 2018.1.18 PyPI | Homepage
Sphinx 1.6.6 » 1.6.7 PyPI | Changelog | Homepage
olefile 0.44 » 0.45.1 PyPI | Changelog | Repo | Homepage
pytest 3.3.2 » 3.4.0 PyPI | Changelog | Repo | Homepage
coverage 4.4.2 » 4.5 PyPI | Changelog | Repo
pytest-factoryboy 1.3.1 » 2.0.1 PyPI | Changelog | Repo
factory_boy 2.8.1 » 2.10.0 PyPI | Changelog | Repo

Changelogs

Django 1.11.7 -> 1.11.10

1.11.10

============================

February 1, 2018

Django 1.11.10 fixes a security issue and several bugs in 1.11.9.

CVE-2018-6188: Information leakage in AuthenticationForm

A regression in Django 1.11.8 made
:class:~django.contrib.auth.forms.AuthenticationForm run its
confirm_login_allowed() method even if an incorrect password is entered.
This can leak information about a user, depending on what messages
confirm_login_allowed() raises. If confirm_login_allowed() isn't
overridden, an attacker enter an arbitrary username and see if that user has
been set to is_active=False. If confirm_login_allowed() is overridden,
more sensitive details could be leaked.

This issue is fixed with the caveat that AuthenticationForm can no longer
raise the "This account is inactive." error if the authentication backend
rejects inactive users (the default authentication backend, ModelBackend,
has done that since Django 1.10). This issue will be revisited for Django 2.1
as a fix to address the caveat will likely be too invasive for inclusion in
older versions.

Bugfixes

  • Fixed incorrect foreign key nullification if a model has two foreign keys to
    the same model and a target model is deleted (:ticket:29016).
  • Fixed a regression where contrib.auth.authenticate() crashes if an
    authentication backend doesn't accept request and a later one does
    (:ticket:29071).
  • Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields
    (:ticket:29094).

===========================

1.11.9

===========================

January 1, 2018

Django 1.11.9 fixes several bugs in 1.11.8.

Bugfixes

  • Fixed a regression in Django 1.11 that added newlines between MultiWidget's
    subwidgets (:ticket:28890).
  • Fixed incorrect class-based model index name generation for models with
    quoted db_table (:ticket:28876).
  • Fixed incorrect foreign key constraint name for models with quoted
    db_table (:ticket:28876).
  • Fixed a regression in caching of a GenericForeignKey when the referenced
    model instance uses more than one level of multi-table inheritance
    (:ticket:28856).

===========================

1.11.8

===========================

December 2, 2017

Django 1.11.8 fixes several bugs in 1.11.7.

Bugfixes

  • Reallowed, following a regression in Django 1.10, AuthenticationForm to
    raise the inactive user error when using ModelBackend (:ticket:28645).
  • Added support for QuerySet.values() and values_list() for
    union(), difference(), and intersection() queries
    (:ticket:28781).
  • Fixed incorrect index name truncation when using a namespaced db_table
    (:ticket:28792).
  • Made QuerySet.iterator() use server-side cursors on PostgreSQL after
    values() and values_list() (:ticket:28817).
  • Fixed crash on SQLite and MySQL when ordering by a filtered subquery that
    uses nulls_first or nulls_last (:ticket:28848).
  • Made query lookups for CICharField, CIEmailField, and CITextField
    use a citext cast (:ticket:28702).
  • Fixed a regression in caching of a GenericForeignKey when the referenced
    model instance uses multi-table inheritance (:ticket:28856).
  • Fixed "Cannot change column 'x': used in a foreign key constraint" crash on
    MySQL with a sequence of AlterField and/or RenameField operations in
    a migration (:ticket:28305).

===========================

boto3 1.5.16 -> 1.5.22

1.5.22

======

  • api-change:mturk: [botocore] Update mturk client to latest version
  • api-change:medialive: [botocore] Update medialive client to latest version
  • api-change:devicefarm: [botocore] Update devicefarm client to latest version

1.5.21

======

  • api-change:lambda: [botocore] Update lambda client to latest version
  • api-change:codebuild: [botocore] Update codebuild client to latest version
  • api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
  • bugfix:Presign: [botocore] Fix issue where some events were not fired during the presigning of a request thus not including a variety of customizations (1340 <https://github.com/boto/botocore/issues/1340>__)
  • enhancement:Credentials: [botocore] Improved error message when the source profile for an assume role is misconfigured. Fixes aws/aws-cli2763 <https://github.com/aws/aws-cli/issues/2763>__
  • api-change:guardduty: [botocore] Update guardduty client to latest version
  • enhancment:Paginator: [botocore] Added paginators for a number of services where the result key is unambiguous.

1.5.20

======

  • api-change:budgets: [botocore] Update budgets client to latest version

1.5.19

======

  • api-change:glue: [botocore] Update glue client to latest version
  • api-change:transcribe: [botocore] Update transcribe client to latest version

1.5.18

======

  • api-change:sagemaker: [botocore] Update sagemaker client to latest version

1.5.17

======

  • api-change:ec2: [botocore] Update ec2 client to latest version
  • api-change:autoscaling-plans: [botocore] Update autoscaling-plans client to latest version

botocore 1.8.30 -> 1.8.36

1.8.36

======

  • api-change:mturk: Update mturk client to latest version
  • api-change:medialive: Update medialive client to latest version
  • api-change:devicefarm: Update devicefarm client to latest version

1.8.35

======

  • api-change:lambda: Update lambda client to latest version
  • api-change:codebuild: Update codebuild client to latest version
  • api-change:alexaforbusiness: Update alexaforbusiness client to latest version
  • bugfix:Presign: Fix issue where some events were not fired during the presigning of a request thus not including a variety of customizations (1340 <https://github.com/boto/botocore/issues/1340>__)
  • enhancement:Credentials: Improved error message when the source profile for an assume role is misconfigured. Fixes aws/aws-cli2763 <https://github.com/aws/aws-cli/issues/2763>__
  • api-change:guardduty: Update guardduty client to latest version
  • enhancment:Paginator: Added paginators for a number of services where the result key is unambiguous.

1.8.34

======

  • api-change:budgets: Update budgets client to latest version

1.8.33

======

  • api-change:glue: Update glue client to latest version
  • api-change:transcribe: Update transcribe client to latest version

1.8.32

======

  • api-change:sagemaker: Update sagemaker client to latest version

1.8.31

======

  • api-change:ec2: Update ec2 client to latest version
  • api-change:autoscaling-plans: Update autoscaling-plans client to latest version

raven 6.4.0 -> 6.5.0

6.5.0


  • [Core] Fixed missing deprecation on processors.SanitizePasswordsProcessor
  • [Core] Improve exception handling in Serializer.transform
  • [Core] Fixed celery.register_logger_signal ignoring subclasses
  • [Core] Fixed sanitizer skipping byte instances
  • [Lambda] Fixed AttributeError when requestContext not present

Sphinx 1.6.6 -> 1.6.7

1.6.7

==============================

Dependencies

Incompatible changes

Deprecated

Features added

Bugs fixed

  • 1922: html search: Upper characters problem in French
  • 4412: Updated jQuery version from 3.1.0 to 3.2.1
  • 4438: math: math with labels with whitespace cause html error
  • 2437: make full reference for classes, aliased with "alias of"
  • 4434: pure numbers as link targets produce warning
  • 4477: Build fails after building specific files
  • 4449: apidoc: include "empty" packages that contain modules
  • 3917: citation labels are tranformed to ellipsis
  • 4501: graphviz: epub3 validation error caused if graph is not clickable
  • 4514: graphviz: workaround for wrong map ID which graphviz generates
  • 4525: autosectionlabel does not support parallel build
  • 3953: Do not raise warning when there is a working intersphinx inventory
  • 4487: math: ValueError is raised on parallel build. Thanks to jschueller.
  • 2372: autosummary: invalid signatures are shown for type annotated functions
  • 3942: html: table is not aligned to center even if :align: center

Testing

pytest 3.3.2 -> 3.4.0

3.4.0

=========================

Deprecations and Removals

  • All pytest classes now subclass object for better Python 2/3 compatibility.
    This should not affect user code except in very rare edge cases. (2147 <https://github.com/pytest-dev/pytest/issues/2147>_)

Features

  • Introduce empty_parameter_set_mark ini option to select which mark to
    apply when pytest.mark.parametrize is given an empty set of parameters.
    Valid options are skip (default) and xfail. Note that it is planned
    to change the default to xfail in future releases as this is considered
    less error prone. (2527 <https://github.com/pytest-dev/pytest/issues/2527>_)
  • Incompatible change: after community feedback the logging <https://docs.pytest.org/en/latest/logging.html>_ functionality has
    undergone some changes. Please consult the logging documentation <https://docs.pytest.org/en/latest/logging.htmlincompatible-changes-in-pytest-3-4>_
    for details. (3013 <https://github.com/pytest-dev/pytest/issues/3013>_)
  • Console output falls back to "classic" mode when capturing is disabled (-s),
    otherwise the output gets garbled to the point of being useless. (3038 <https://github.com/pytest-dev/pytest/issues/3038>_)
  • New pytest_runtest_logfinish <https://docs.pytest.org/en/latest/writing_plugins.html_pytest.hookspec.pytest_runtest_logfinish>_
    hook which is called when a test item has finished executing, analogous to
    pytest_runtest_logstart <https://docs.pytest.org/en/latest/writing_plugins.html_pytest.hookspec.pytest_runtest_start>.
    (3101 <https://github.com/pytest-dev/pytest/issues/3101>
    )
  • Improve performance when collecting tests using many fixtures. (3107 <https://github.com/pytest-dev/pytest/issues/3107>_)
  • New caplog.get_records(when) method which provides access to the captured
    records for the "setup", "call" and "teardown"
    testing stages. (3117 <https://github.com/pytest-dev/pytest/issues/3117>_)
  • New fixture record_xml_attribute that allows modifying and inserting
    attributes on the <testcase> xml node in JUnit reports. (3130 <https://github.com/pytest-dev/pytest/issues/3130>_)
  • The default cache directory has been renamed from .cache to
    .pytest_cache after community feedback that the name .cache did not
    make it clear that it was used by pytest. (3138 <https://github.com/pytest-dev/pytest/issues/3138>_)
  • Colorize the levelname column in the live-log output. (3142 <https://github.com/pytest-dev/pytest/issues/3142>_)

Bug Fixes

  • Fix hanging pexpect test on MacOS by using flush() instead of wait().
    (2022 <https://github.com/pytest-dev/pytest/issues/2022>_)
  • Fix restoring Python state after in-process pytest runs with the
    pytester plugin; this may break tests using multiple inprocess
    pytest runs if later ones depend on earlier ones leaking global interpreter
    changes. (3016 <https://github.com/pytest-dev/pytest/issues/3016>_)
  • Fix skipping plugin reporting hook when test aborted before plugin setup
    hook. (3074 <https://github.com/pytest-dev/pytest/issues/3074>_)
  • Fix progress percentage reported when tests fail during teardown. (3088 <https://github.com/pytest-dev/pytest/issues/3088>_)
  • Incompatible change: -o/--override option no longer eats all the
    remaining options, which can lead to surprising behavior: for example,
    pytest -o foo=1 /path/to/test.py would fail because /path/to/test.py
    would be considered as part of the -o command-line argument. One
    consequence of this is that now multiple configuration overrides need
    multiple -o flags: pytest -o foo=1 -o bar=2. (3103 <https://github.com/pytest-dev/pytest/issues/3103>_)

Improved Documentation

  • Document hooks (defined with historic=True) which cannot be used with
    hookwrapper=True. (2423 <https://github.com/pytest-dev/pytest/issues/2423>_)
  • Clarify that warning capturing doesn't change the warning filter by default.
    (2457 <https://github.com/pytest-dev/pytest/issues/2457>_)
  • Clarify a possible confusion when using pytest_fixture_setup with fixture
    functions that return None. (2698 <https://github.com/pytest-dev/pytest/issues/2698>_)
  • Fix the wording of a sentence on doctest flags used in pytest. (3076 <https://github.com/pytest-dev/pytest/issues/3076>_)
  • Prefer https://*.readthedocs.io over http://*.rtfd.org for links in
    the documentation. (3092 <https://github.com/pytest-dev/pytest/issues/3092>_)
  • Improve readability (wording, grammar) of Getting Started guide (3131 <https://github.com/pytest-dev/pytest/issues/3131>_)
  • Added note that calling pytest.main multiple times from the same process is
    not recommended because of import caching. (3143 <https://github.com/pytest-dev/pytest/issues/3143>_)

Trivial/Internal Changes

  • Show a simple and easy error when keyword expressions trigger a syntax error
    (for example, "-k foo and import" will show an error that you can not use
    the import keyword in expressions). (2953 <https://github.com/pytest-dev/pytest/issues/2953>_)
  • Change parametrized automatic test id generation to use the __name__
    attribute of functions instead of the fallback argument name plus counter.
    (2976 <https://github.com/pytest-dev/pytest/issues/2976>_)
  • Replace py.std with stdlib imports. (3067 <https://github.com/pytest-dev/pytest/issues/3067>_)
  • Corrected 'you' to 'your' in logging docs. (3129 <https://github.com/pytest-dev/pytest/issues/3129>_)

coverage 4.4.2 -> 4.5

4.5


  • A new kind of plugin is supported: configurators are invoked at start-up to
    allow more complex configuration than the .coveragerc file can easily do.
    See :ref:api_plugin for details. This solves the complex configuration
    problem described in issue 563_.
  • The fail_under option can now be a float. Note that you must specify the
    [report] precision configuration option for the fractional part to be
    used. Thanks to Lars Hupfeldt Nielsen for help with the implementation.
    Fixes issue 631_.
  • The include and omit options can be specified for both the [run]
    and [report] phases of execution. 4.4.2 introduced some incorrect
    interactions between those phases, where the options for one were confused
    for the other. This is now corrected, fixing issue 621_ and issue 622_.
    Thanks to Daniel Hahler for seeing more clearly than I could.
  • The coverage combine command used to always overwrite the data file, even
    when no data had been read from apparently combinable files. Now, an error
    is raised if we thought there were files to combine, but in fact none of them
    could be used. Fixes issue 629_.
  • The coverage combine command could get confused about path separators
    when combining data collected on Windows with data collected on Linux, as
    described in issue 618_. This is now fixed: the result path always uses
    the path separator specified in the [paths] result.
  • On Windows, the HTML report could fail when source trees are deeply nested,
    due to attempting to create HTML filenames longer than the 250-character
    maximum. Now filenames will never get much larger than 200 characters,
    fixing issue 627_. Thanks to Alex Sandro for helping with the fix.

.. _issue 563: https://bitbucket.org/ned/coveragepy/issues/563/platform-specific-configuration
.. _issue 618: https://bitbucket.org/ned/coveragepy/issues/618/problem-when-combining-windows-generated
.. _issue 621: https://bitbucket.org/ned/coveragepy/issues/621/include-ignored-warning-when-using
.. _issue 622: https://bitbucket.org/ned/coveragepy/issues/622/report-omit-overwrites-run-omit
.. _issue 627: https://bitbucket.org/ned/coveragepy/issues/627/failure-generating-html-reports-when-the
.. _issue 629: https://bitbucket.org/ned/coveragepy/issues/629/multiple-use-of-combine-leads-to-empty
.. _issue 631: https://bitbucket.org/ned/coveragepy/issues/631/precise-coverage-percentage-value

.. _changes_442:

pytest-factoryboy 1.3.1 -> 2.0.1

2.0.1


Breaking change due to the heavy refactor of both pytest and factory_boy.

  • Failing test for using a attributes field on the factory (blueyed)
  • Minimal pytest version is 3.3.2 (olegpidsadnyi)
  • Minimal factory_boy version is 2.10.0 (olegpidsadnyi)

1.3.2


  • use {posargs} in pytest command (blueyed)
  • pin factory_boy<2.9 (blueyed)

factory_boy 2.8.1 -> 2.10.0

2.10.0


Bugfix:

  • :issue:443: Don't crash when calling :meth:factory.Iterator.reset() on a brand new iterator.

New:

  • :issue:397: Allow a :class:factory.Maybe to contain a :class:~factory.PostGenerationDeclaration.
    This also applies to :class:factory.Trait, since they use a :class:factory.Maybe declaration internally.

2.9.2


Bugfix:

  • Fix declaration corruption bug when a factory defined foo__bar__baz=1 and a caller
    provided a foo__bar=x parameter at call time: this got merged into the factory's base
    declarations.

2.9.1


Bugfix:

2.9.0


This version brings massive changes to the core engine, thus reducing the number of
corner cases and weird behaviourrs.

New:

  • :issue:275: factory.fuzzy and factory.faker now use the same random seed.
  • Add :class:factory.Maybe, which chooses among two possible declarations based
    on another field's value (powers the :class:~factory.Trait feature).
  • :class:~factory.PostGenerationMethodCall only allows to pass one positional argument; use keyword arguments for
    extra parameters.

Deprecation:

  • factory.fuzzy.get_random_state is deprecated, factory.random.get_random_state should be used instead.
  • factory.fuzzy.set_random_state is deprecated, factory.random.set_random_state should be used instead.
  • factory.fuzzy.reseed_random is deprecated, factory.random.reseed_random should be used instead.

That's it for now!

Happy merging! 🤖

@pyup-bot pyup-bot added the update label Feb 5, 2018
@pyup-bot
Copy link
Contributor Author

Closing this in favor of #986

@pyup-bot pyup-bot closed this Feb 12, 2018
@jezdez jezdez deleted the pyup-scheduled-update-2018-02-05 branch February 12, 2018 15:14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant