search

Deltares-research / coastviewer

Coast viewer server side. Serves several sources as KML and geojson.
Other
5 stars 2 forks source link

Scheduled biweekly dependency update for week 25 #186

Closed pyup-bot closed 1 year ago

pyup-bot commented 1 year ago

Update certifi from 2019.11.28 to 2023.5.7.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/certifi - Repo: https://github.com/certifi/python-certifi

Update Click from 7.0 to 8.1.3.

Changelog ### 8.1.3 ``` ------------- Released 2022-04-28 - Use verbose form of ``typing.Callable`` for ``command`` and ``group``. :issue:`2255` - Show error when attempting to create an option with ``multiple=True, is_flag=True``. Use ``count`` instead. :issue:`2246` ``` ### 8.1.2 ``` ------------- Released 2022-03-31 - Fix error message for readable path check that was mixed up with the executable check. :pr:`2236` - Restore parameter order for ``Path``, placing the ``executable`` parameter at the end. It is recommended to use keyword arguments instead of positional arguments. :issue:`2235` ``` ### 8.1.1 ``` ------------- Released 2022-03-30 - Fix an issue with decorator typing that caused type checking to report that a command was not callable. :issue:`2227` ``` ### 8.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`2129` - Remove previously deprecated code. :pr:`2130` - ``Group.resultcallback`` is renamed to ``result_callback``. - ``autocompletion`` parameter to ``Command`` is renamed to ``shell_complete``. - ``get_terminal_size`` is removed, use ``shutil.get_terminal_size`` instead. - ``get_os_args`` is removed, use ``sys.argv[1:]`` instead. - Rely on :pep:`538` and :pep:`540` to handle selecting UTF-8 encoding instead of ASCII. Click's locale encoding detection is removed. :issue:`2198` - Single options boolean flags with ``show_default=True`` only show the default if it is ``True``. :issue:`1971` - The ``command`` and ``group`` decorators can be applied with or without parentheses. :issue:`1359` - The ``Path`` type can check whether the target is executable. :issue:`1961` - ``Command.show_default`` overrides ``Context.show_default``, instead of the other way around. :issue:`1963` - Parameter decorators and ``group`` handles ``cls=None`` the same as not passing ``cls``. ``option`` handles ``help=None`` the same as not passing ``help``. :issue:`1959` - A flag option with ``required=True`` requires that the flag is passed instead of choosing the implicit default value. :issue:`1978` - Indentation in help text passed to ``Option`` and ``Command`` is cleaned the same as using the ``option`` and ``command`` decorators does. A command's ``epilog`` and ``short_help`` are also processed. :issue:`1985` - Store unprocessed ``Command.help``, ``epilog`` and ``short_help`` strings. Processing is only done when formatting help text for output. :issue:`2149` - Allow empty str input for ``prompt()`` when ``confirmation_prompt=True`` and ``default=""``. :issue:`2157` - Windows glob pattern expansion doesn't fail if a value is an invalid pattern. :issue:`2195` - It's possible to pass a list of ``params`` to ``command``. Any params defined with decorators are appended to the passed params. :issue:`2131`. - ``command`` decorator is annotated as returning the correct type if a ``cls`` argument is used. :issue:`2211` - A ``Group`` with ``invoke_without_command=True`` and ``chain=False`` will invoke its result callback with the group function's return value. :issue:`2124` - ``to_info_dict`` will not fail if a ``ParamType`` doesn't define a ``name``. :issue:`2168` - Shell completion prioritizes option values with option prefixes over new options. :issue:`2040` - Options that get an environment variable value using ``autoenvvar_prefix`` treat an empty value as ``None``, consistent with a direct ``envvar``. :issue:`2146` ``` ### 8.0.4 ``` ------------- Released 2022-02-18 - ``open_file`` recognizes ``Path("-")`` as a standard stream, the same as the string ``"-"``. :issue:`2106` - The ``option`` and ``argument`` decorators preserve the type annotation of the decorated function. :pr:`2155` - A callable default value can customize its help text by overriding ``__str__`` instead of always showing ``(dynamic)``. :issue:`2099` - Fix a typo in the Bash completion script that affected file and directory completion. If this script was generated by a previous version, it should be regenerated. :issue:`2163` - Fix typing for ``echo`` and ``secho`` file argument. :issue:`2174, 2185` ``` ### 8.0.3 ``` ------------- Released 2021-10-10 - Fix issue with ``Path(resolve_path=True)`` type creating invalid paths. :issue:`2088` - Importing ``readline`` does not cause the ``confirm()`` prompt to disappear when pressing backspace. :issue:`2092` - Any default values injected by ``invoke()`` are cast to the corresponding parameter's type. :issue:`2089, 2090` ``` ### 8.0.2 ``` ------------- Released 2021-10-08 - ``is_bool_flag`` is not set to ``True`` if ``is_flag`` is ``False``. :issue:`1925` - Bash version detection is locale independent. :issue:`1940` - Empty ``default`` value is not shown for ``multiple=True``. :issue:`1969` - Fix shell completion for arguments that start with a forward slash such as absolute file paths. :issue:`1929` - ``Path`` type with ``resolve_path=True`` resolves relative symlinks to be relative to the containing directory. :issue:`1921` - Completion does not skip Python's resource cleanup when exiting, avoiding some unexpected warning output. :issue:`1738, 2017` - Fix type annotation for ``type`` argument in ``prompt`` function. :issue:`2062` - Fix overline and italic styles, which were incorrectly added when adding underline. :pr:`2058` - An option with ``count=True`` will not show "[x>=0]" in help text. :issue:`2072` - Default values are not cast to the parameter type twice during processing. :issue:`2085` - Options with ``multiple`` and ``flag_value`` use the flag value instead of leaving an internal placeholder. :issue:`2001` ``` ### 8.0.1 ``` ------------- Released 2021-05-19 - Mark top-level names as exported so type checking understand imports in user projects. :issue:`1879` - Annotate ``Context.obj`` as ``Any`` so type checking allows all operations on the arbitrary object. :issue:`1885` - Fix some types that weren't available in Python 3.6.0. :issue:`1882` - Fix type checking for iterating over ``ProgressBar`` object. :issue:`1892` - The ``importlib_metadata`` backport package is installed on Python < 3.8. :issue:`1889` - Arguments with ``nargs=-1`` only use env var value if no command line values are given. :issue:`1903` - Flag options guess their type from ``flag_value`` if given, like regular options do from ``default``. :issue:`1886` - Added documentation that custom parameter types may be passed already valid values in addition to strings. :issue:`1898` - Resolving commands returns the name that was given, not ``command.name``, fixing an unintended change to help text and ``default_map`` lookups. When using patterns like ``AliasedGroup``, override ``resolve_command`` to change the name that is returned if needed. :issue:`1895` - If a default value is invalid, it does not prevent showing help text. :issue:`1889` - Pass ``windows_expand_args=False`` when calling the main command to disable pattern expansion on Windows. There is no way to escape patterns in CMD, so if the program needs to pass them on as-is then expansion must be disabled. :issue:`1901` ``` ### 8.0.0 ``` ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - Colorama is always installed on Windows in order to provide style and color support. :pr:`1784` - Adds a repr to Command, showing the command name for friendlier debugging. :issue:`1267`, :pr:`1295` - Add support for distinguishing the source of a command line parameter. :issue:`1264`, :pr:`1329` - Add an optional parameter to ``ProgressBar.update`` to set the ``current_item``. :issue:`1226`, :pr:`1332` - ``version_option`` uses ``importlib.metadata`` (or the ``importlib_metadata`` backport) instead of ``pkg_resources``. The version is detected based on the package name, not the entry point name. The Python package name must match the installed package name, or be passed with ``package_name=``. :issue:`1582` - If validation fails for a prompt with ``hide_input=True``, the value is not shown in the error message. :issue:`1460` - An ``IntRange`` or ``FloatRange`` option shows the accepted range in its help text. :issue:`1525`, :pr:`1303` - ``IntRange`` and ``FloatRange`` bounds can be open (``<``) instead of closed (``<=``) by setting ``min_open`` and ``max_open``. Error messages have changed to reflect this. :issue:`1100` - An option defined with duplicate flag names (``"--foo/--foo"``) raises a ``ValueError``. :issue:`1465` - ``echo()`` will not fail when using pytest's ``capsys`` fixture on Windows. :issue:`1590` - Resolving commands returns the canonical command name instead of the matched name. This makes behavior such as help text and ``Context.invoked_subcommand`` consistent when using patterns like ``AliasedGroup``. :issue:`1422` - The ``BOOL`` type accepts the values "on" and "off". :issue:`1629` - A ``Group`` with ``invoke_without_command=True`` will always invoke its result callback. :issue:`1178` - ``nargs == -1`` and ``nargs > 1`` is parsed and validated for values from environment variables and defaults. :issue:`729` - Detect the program name when executing a module or package with ``python -m name``. :issue:`1603` - Include required parent arguments in help synopsis of subcommands. :issue:`1475` - Help for boolean flags with ``show_default=True`` shows the flag name instead of ``True`` or ``False``. :issue:`1538` - Non-string objects passed to ``style()`` and ``secho()`` will be converted to string. :pr:`1146` - ``edit(require_save=True)`` will detect saves for editors that exit very fast on filesystems with 1 second resolution. :pr:`1050` - New class attributes make it easier to use custom core objects throughout an entire application. :pr:`938` - ``Command.context_class`` controls the context created when running the command. - ``Context.invoke`` creates new contexts of the same type, so a custom type will persist to invoked subcommands. - ``Context.formatter_class`` controls the formatter used to generate help and usage. - ``Group.command_class`` changes the default type for subcommands with ``group.command()``. - ``Group.group_class`` changes the default type for subgroups with ``group.group()``. Setting it to ``type`` will create subgroups of the same type as the group itself. - Core objects use ``super()`` consistently for better support of subclassing. - Use ``Context.with_resource()`` to manage resources that would normally be used in a ``with`` statement, allowing them to be used across subcommands and callbacks, then cleaned up when the context ends. :pr:`1191` - The result object returned by the test runner's ``invoke()`` method has a ``return_value`` attribute with the value returned by the invoked command. :pr:`1312` - Required arguments with the ``Choice`` type show the choices in curly braces to indicate that one is required (``{a|b|c}``). :issue:`1272` - If only a name is passed to ``option()``, Click suggests renaming it to ``--name``. :pr:`1355` - A context's ``show_default`` parameter defaults to the value from the parent context. :issue:`1565` - ``click.style()`` can output 256 and RGB color codes. Most modern terminals support these codes. :pr:`1429` - When using ``CliRunner.invoke()``, the replaced ``stdin`` file has ``name`` and ``mode`` attributes. This lets ``File`` options with the ``-`` value match non-testing behavior. :issue:`1064` - When creating a ``Group``, allow passing a list of commands instead of a dict. :issue:`1339` - When a long option name isn't valid, use ``difflib`` to make better suggestions for possible corrections. :issue:`1446` - Core objects have a ``to_info_dict()`` method. This gathers information about the object's structure that could be useful for a tool generating user-facing documentation. To get the structure of an entire CLI, use ``Context(cli).to_info_dict()``. :issue:`461` - Redesign the shell completion system. :issue:`1484`, :pr:`1622` - Support Bash >= 4.4, Zsh, and Fish, with the ability for extensions to add support for other shells. - Allow commands, groups, parameters, and types to override their completions suggestions. - Groups complete the names commands were registered with, which can differ from the name they were created with. - The ``autocompletion`` parameter for options and arguments is renamed to ``shell_complete``. The function must take ``ctx, param, incomplete``, must do matching rather than return all values, and must return a list of strings or a list of ``CompletionItem``. The old name and behavior is deprecated and will be removed in 8.1. - The env var values used to start completion have changed order. The shell now comes first, such as ``{shell}_source`` rather than ``source_{shell}``, and is always required. - Completion correctly parses command line strings with incomplete quoting or escape sequences. :issue:`1708` - Extra context settings (``obj=...``, etc.) are passed on to the completion system. :issue:`942` - Include ``--help`` option in completion. :pr:`1504` - ``ParameterSource`` is an ``enum.Enum`` subclass. :issue:`1530` - Boolean and UUID types strip surrounding space before converting. :issue:`1605` - Adjusted error message from parameter type validation to be more consistent. Quotes are used to distinguish the invalid value. :issue:`1605` - The default value for a parameter with ``nargs`` > 1 and ``multiple=True`` must be a list of tuples. :issue:`1649` - When getting the value for a parameter, the default is tried in the same section as other sources to ensure consistent processing. :issue:`1649` - All parameter types accept a value that is already the correct type. :issue:`1649` - For shell completion, an argument is considered incomplete if its value did not come from the command line args. :issue:`1649` - Added ``ParameterSource.PROMPT`` to track parameter values that were prompted for. :issue:`1649` - Options with ``nargs`` > 1 no longer raise an error if a default is not given. Parameters with ``nargs`` > 1 default to ``None``, and parameters with ``multiple=True`` or ``nargs=-1`` default to an empty tuple. :issue:`472` - Handle empty env vars as though the option were not passed. This extends the change introduced in 7.1 to be consistent in more cases. :issue:`1285` - ``Parameter.get_default()`` checks ``Context.default_map`` to handle overrides consistently in help text, ``invoke()``, and prompts. :issue:`1548` - Add ``prompt_required`` param to ``Option``. When set to ``False``, the user will only be prompted for an input if no value was passed. :issue:`736` - Providing the value to an option can be made optional through ``is_flag=False``, and the value can instead be prompted for or passed in as a default value. :issue:`549, 736, 764, 921, 1015, 1618` - Fix formatting when ``Command.options_metavar`` is empty. :pr:`1551` - Revert adding space between option help text that wraps. :issue:`1831` - The default value passed to ``prompt`` will be cast to the correct type like an input value would be. :pr:`1517` - Automatically generated short help messages will stop at the first ending of a phrase or double linebreak. :issue:`1082` - Skip progress bar render steps for efficiency with very fast iterators by setting ``update_min_steps``. :issue:`676` - Respect ``case_sensitive=False`` when doing shell completion for ``Choice`` :issue:`1692` - Use ``mkstemp()`` instead of ``mktemp()`` in pager implementation. :issue:`1752` - If ``Option.show_default`` is a string, it is displayed even if ``default`` is ``None``. :issue:`1732` - ``click.get_terminal_size()`` is deprecated and will be removed in 8.1. Use :func:`shutil.get_terminal_size` instead. :issue:`1736` - Control the location of the temporary directory created by ``CLIRunner.isolated_filesystem`` by passing ``temp_dir``. A custom directory will not be removed automatically. :issue:`395` - ``click.confirm()`` will prompt until input is given if called with ``default=None``. :issue:`1381` - Option prompts validate the value with the option's callback in addition to its type. :issue:`457` - ``confirmation_prompt`` can be set to a custom string. :issue:`723` - Allow styled output in Jupyter on Windows. :issue:`1271` - ``style()`` supports the ``strikethrough``, ``italic``, and ``overline`` styles. :issue:`805, 1821` - Multiline marker is removed from short help text. :issue:`1597` - Restore progress bar behavior of echoing only the label if the file is not a TTY. :issue:`1138` - Progress bar output is shown even if execution time is less than 0.5 seconds. :issue:`1648` - Progress bar ``item_show_func`` shows the current item, not the previous item. :issue:`1353` - The ``Path`` param type can be passed ``path_type=pathlib.Path`` to return a path object instead of a string. :issue:`405` - ``TypeError`` is raised when parameter with ``multiple=True`` or ``nargs > 1`` has non-iterable default. :issue:`1749` - Add a ``pass_meta_key`` decorator for passing a key from ``Context.meta``. This is useful for extensions using ``meta`` to store information. :issue:`1739` - ``Path`` ``resolve_path`` resolves symlinks on Windows Python < 3.8. :issue:`1813` - Command deprecation notice appears at the start of the help text, as well as in the short help. The notice is not in all caps. :issue:`1791` - When taking arguments from ``sys.argv`` on Windows, glob patterns, user dir, and env vars are expanded. :issue:`1096` - Marked messages shown by the CLI with ``gettext()`` to allow applications to translate Click's built-in strings. :issue:`303` - Writing invalid characters to ``stderr`` when using the test runner does not raise a ``UnicodeEncodeError``. :issue:`848` - Fix an issue where ``readline`` would clear the entire ``prompt()`` line instead of only the input when pressing backspace. :issue:`665` - Add all kwargs passed to ``Context.invoke()`` to ``ctx.params``. Fixes an inconsistency when nesting ``Context.forward()`` calls. :issue:`1568` - The ``MultiCommand.resultcallback`` decorator is renamed to ``result_callback``. The old name is deprecated. :issue:`1160` - Fix issues with ``CliRunner`` output when using ``echo_stdin=True``. :issue:`1101` - Fix a bug of ``click.utils.make_default_short_help`` for which the returned string could be as long as ``max_width + 3``. :issue:`1849` - When defining a parameter, ``default`` is validated with ``multiple`` and ``nargs``. More validation is done for values being processed as well. :issue:`1806` - ``HelpFormatter.write_text`` uses the full line width when wrapping text. :issue:`1871` ``` ### 7.1.2 ``` ------------- Released 2020-04-27 - Revert applying shell quoting to commands for ``echo_with_pager`` and ``edit``. This was intended to allows spaces in commands, but caused issues if the string was actually a command and arguments, or on Windows. Instead, the string must be quoted manually as it should appear on the command line. :issue:`1514` ``` ### 7.1.1 ``` ------------- Released 2020-03-09 - Fix ``ClickException`` output going to stdout instead of stderr. :issue:`1495` ``` ### 7.1 ``` ----------- Released 2020-03-09 - Fix PyPI package name, "click" is lowercase again. - Fix link in ``unicode_literals`` error message. :pr:`1151` - Add support for colored output on UNIX Jupyter notebooks. :issue:`1185` - Operations that strip ANSI controls will strip the cursor hide/show sequences. :issue:`1216` - Remove unused compat shim for ``bytes``. :pr:`1195` - Expand testing around termui, especially getchar on Windows. :issue:`1116` - Fix output on Windows Python 2.7 built with MSVC 14. :pr:`1342` - Fix ``OSError`` when running in MSYS2. :issue:`1338` - Fix ``OSError`` when redirecting to ``NUL`` stream on Windows. :issue:`1065` - Fix memory leak when parsing Unicode arguments on Windows. :issue:`1136` - Fix error in new AppEngine environments. :issue:`1462` - Always return one of the passed choices for ``click.Choice`` :issue:`1277`, :pr:`1318` - Add ``no_args_is_help`` option to ``click.Command``, defaults to False :pr:`1167` - Add ``show_default`` parameter to ``Context`` to enable showing defaults globally. :issue:`1018` - Handle ``env MYPATH=''`` as though the option were not passed. :issue:`1196` - It is once again possible to call ``next(bar)`` on an active progress bar instance. :issue:`1125` - ``open_file`` with ``atomic=True`` retains permissions of existing files and respects the current umask for new files. :issue:`1376` - When using the test ``CliRunner`` with ``mix_stderr=False``, if ``result.stderr`` is empty it will not raise a ``ValueError``. :issue:`1193` - Remove the unused ``mix_stderr`` parameter from ``CliRunner.invoke``. :issue:`1435` - Fix ``TypeError`` raised when using bool flags and specifying ``type=bool``. :issue:`1287` - Newlines in option help text are replaced with spaces before re-wrapping to avoid uneven line breaks. :issue:`834` - ``MissingParameter`` exceptions are printable in the Python interpreter. :issue:`1139` - Fix how default values for file-type options are shown during prompts. :issue:`914` - Fix environment variable automatic generation for commands containing ``-``. :issue:`1253` - Option help text replaces newlines with spaces when rewrapping, but preserves paragraph breaks, fixing multiline formatting. :issue:`834, 1066, 1397` - Option help text that is wrapped adds an extra newline at the end to distinguish it from the next option. :issue:`1075` - Consider ``sensible-editor`` when determining the editor to use for ``click.edit()``. :pr:`1469` - Arguments to system calls such as the executable path passed to ``click.edit`` can contains spaces. :pr:`1470` - Add ZSH completion autoloading and error handling. :issue:`1348` - Add a repr to ``Command``, ``Group``, ``Option``, and ``Argument``, showing the name for friendlier debugging. :issue:`1267` - Completion doesn't consider option names if a value starts with ``-`` after the ``--`` separator. :issue:`1247` - ZSH completion escapes special characters in values. :pr:`1418` - Add completion support for Fish shell. :pr:`1423` - Decoding bytes option values falls back to UTF-8 in more cases. :pr:`1468` - Make the warning about old 2-arg parameter callbacks a deprecation warning, to be removed in 8.0. This has been a warning since Click 2.0. :pr:`1492` - Adjust error messages to standardize the types of quotes used so they match error messages from Python. ```
Links - PyPI: https://pypi.org/project/click - Changelog: https://pyup.io/changelogs/click/ - Homepage: https://palletsprojects.com/p/click/

Update cryptography from 3.4.7 to 41.0.1.

Changelog ### 41.0.1 ``` ~~~~~~~~~~~~~~~~~~~ * Temporarily allow invalid ECDSA signature algorithm parameters in X.509 certificates, which are generated by older versions of Java. * Allow null bytes in pass phrases when serializing private keys. .. _v41-0-0: ``` ### 41.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1d has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been removed. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.6. * Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.1. * Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses` OCSP extension. * Added support for the :class:`~cryptography.x509.MSCertificateTemplate` proprietary Microsoft certificate extension. * Implemented support for equality checks on all asymmetric public key types. * Added support for ``aes256-gcmopenssh.com`` encrypted keys in :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. * Added support for obtaining X.509 certificate signature algorithm parameters (including PSS) via :meth:`~cryptography.x509.Certificate.signature_algorithm_parameters`. * Support signing :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` X.509 certificates via the new keyword-only argument ``rsa_padding`` on :meth:`~cryptography.x509.CertificateBuilder.sign`. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` on BoringSSL. .. _v40-0-2: ``` ### 40.0.2 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed compilation when using LibreSSL 3.7.2. * Added some functions to support an upcoming ``pyOpenSSL`` release. .. _v40-0-1: ``` ### 40.0.1 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed a bug where certain operations would fail if an object happened to be in the top-half of the memory-space. This only impacted 32-bit systems. .. _v40-0-0: ``` ### 40.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way ``cryptography`` links OpenSSL has changed. This only impacts users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables are no longer valid. Instead, users need to configure their builds `as documented here`_. * Support for Python 3.6 is deprecated and will be removed in the next release. * Deprecated the current minimum supported Rust version (MSRV) of 1.48.0. In the next release we will raise MSRV to 1.56.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated support for OpenSSL less than 1.1.1d. The next release of ``cryptography`` will drop support for older versions. * Deprecated support for DSA keys in :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` and :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. * Deprecated support for OpenSSH serialization in :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. * The minimum supported version of PyPy3 is now 7.3.10. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0. * Added support for parsing SSH certificates in addition to public keys with :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`. :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` continues to support only public keys. * Added support for generating SSH certificates with :class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`. * Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to :class:`~cryptography.x509.Certificate`. * Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that :class:`~cryptography.x509.DNSName` constraints do not contain any ``*`` wildcards. * Removed many unused CFFI OpenSSL bindings. This will not impact you unless you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that these have never been considered a stable, supported, public API by ``cryptography``, this note is included as a courtesy. * The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of ``ValueError`` if an unsupported hash algorithm is passed. * Added public union type aliases for type hinting: * Asymmetric types: :const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`. * SSH keys: :const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`. * PKCS12: :const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTypes` * PKCS7: :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`, :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes`. * Two-factor: :const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes` * Deprecated previously undocumented but not private type aliases in the ``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new ones above. .. _v39-0-2: ``` ### 39.0.2 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed a bug where the content type header was not properly encoded for PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding. .. _v39-0-1: ``` ### 39.0.1 ``` ~~~~~~~~~~~~~~~~~~~ * **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931** * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8. .. _v39-0-0: ``` ### 39.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new minimum LibreSSL version is 3.5.0. Going forward our policy is to support versions of LibreSSL that are available in versions of OpenBSD that are still receiving security support. * **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and ``from_encoded_point`` methods on :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`, which had been deprecated for several years. :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes` and :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point` should be used instead. * **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and PKCS7 has been removed. * **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS users must upgrade to 10.12 or newer. * **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change the way we link OpenSSL. This will only impact users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables will no longer be respected. Instead, users will need to configure their builds `as documented here`_. * Added support for :ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`. * Added support for disabling RSA key validation checks when loading RSA keys via :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`, :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`, and :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`. This speeds up key loading but is :term:`unsafe` if you are loading potentially attacker supplied keys. * Significantly improved performance for :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` when repeatedly calling ``encrypt`` or ``decrypt`` with the same key. * Added support for creating OCSP requests with precomputed hashes using :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`. * Added support for loading multiple PEM-encoded X.509 certificates from a single input via :func:`~cryptography.x509.load_pem_x509_certificates`. .. _v38-0-4: ``` ### 38.0.4 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed compilation when using LibreSSL 3.6.0. * Fixed error when using ``py2app`` to build an application with a ``cryptography`` dependency. .. _v38-0-3: ``` ### 38.0.3 ``` ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves *CVE-2022-3602* and *CVE-2022-3786*. .. _v38-0-2: ``` ### 38.0.2 ``` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. attention:: This release was subsequently yanked from PyPI due to a regression in OpenSSL. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6. .. _v38-0-1: ``` ### 38.0.1 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). .. _v38-0-0: ``` ### 38.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography`` will drop support. * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't cause issues downloading wheels on their platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept both ``str`` and ``bytes`` tokens. * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing that the ``Extension`` ``critical`` field must be correctly encoded DER. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete details. * Added two new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. * When parsing :class:`~cryptography.x509.CertificateRevocationList` and :class:`~cryptography.x509.CertificateSigningRequest` values, it is now enforced that the ``version`` value in the input must be valid according to the rules of :rfc:`2986` and :rfc:`5280`. * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and other X.509 builders is deprecated and support will be removed in the next version. * Added additional APIs to :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`, :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`, :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`. * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification. * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed` counter location. * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method :meth:`~cryptography.x509.Name.from_rfc4514_string`. * It is now possible to customize some aspects of encryption when serializing private keys, using :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`. * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade. * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes. These classes do not replace :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length. .. _v37-0-4: ``` ### 37.0.4 ``` ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5. .. _v37-0-3: ``` ### 37.0.3 ``` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. attention:: This release was subsequently yanked from PyPI due to a regression in OpenSSL. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4. .. _v37-0-2: ``` ### 37.0.2 ``` ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3. * Added a constant needed for an upcoming pyOpenSSL release. .. _v37-0-1: ``` ### 37.0.1 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be removed again in the future, so ``pyOpenSSL`` users should still upgrade to the latest version of that package when they upgrade ``cryptography``. .. _v37-0-0: ``` ### 37.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to ``sign`` and ``verify``. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of ``cryptography`` will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future ``cryptography`` release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because they are legacy algorithms with extremely low usage. These will be removed in a future version of ``cryptography``. * Added limited support for distinguished names containing a bit string. * We now ship ``universal2`` wheels on macOS, which contain both ``arm64`` and ``x86_64`` architectures. Users on macOS should upgrade to the latest ``pip`` to ensure they can use this wheel, although we will continue to ship ``x86_64`` specific wheels for now to ease the transition. * This will be the final release for which we ship ``manylinux2010`` wheels. Going forward the minimum supported ``manylinux`` ABI for our wheels will be ``manylinux2014``. The vast majority of users will continue to receive ``manylinux`` wheels provided they have an up to date ``pip``. For PyPy wheels this release already requires ``manylinux2014`` for compatibility with binaries distributed by upstream. * Added support for multiple :class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a :class:`~cryptography.x509.ocsp.OCSPResponse`. * Restored support for signing certificates and other structures in :doc:`/x509/index` with SHA3 hash algorithms. * :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is disabled in FIPS mode. * Added support for serialization of PKCS12 CA friendly names/aliases in :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates` * Added support for 12-15 byte (96 to 120 bit) nonces to :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class previously supported only 12 byte (96 bit). * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using OpenSSL 3.0.0+. * Added support for serializing PKCS7 structures from a list of certificates with :class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`. * Added support for parsing :rfc:`4514` strings with :meth:`~cryptography.x509.Name.from_rfc4514_string`. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can be used to verify a signature where the salt length is not already known. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This constant will set the salt length to the same length as the ``PSS`` hash algorithm. * Added support for loading RSA-PSS key types with :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` and :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`. This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information. .. _v36-0-2: ``` ### 36.0.2 ``` ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. .. _v36-0-1: ``` ### 36.0.1 ``` ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. .. _v36-0-0: ``` ### 36.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * **FINAL DEPRECATION** Support for ``verifier`` and ``signer`` on our asymmetric key classes was deprecated in version 2.0. These functions had an extended deprecation due to usage, however the next version of ``cryptography`` will drop support. Users should migrate to ``sign`` and ``verify``. * The entire :doc:`/x509/index` layer is now written in Rust. This allows alternate asymmetric key implementations that can support cloud key management services or hardware security modules provided they implement the necessary interface (for example: :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`). * :ref:`Deprecated the backend argument<faq-missing-backend>` for all functions. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. * Added support for iterating over arbitrary request :attr:`~cryptography.x509.CertificateSigningRequest.attributes`. * Deprecated the ``get_attribute_for_oid`` method on :class:`~cryptography.x509.CertificateSigningRequest` in favor of :meth:`~cryptography.x509.Attributes.get_attribute_for_oid` on the new :class:`~cryptography.x509.Attributes` object. * Fixed handling of PEM files to allow loading when certificate and key are in the same file. * Fixed parsing of :class:`~cryptography.x509.CertificatePolicies` extensions containing legacy ``BMPString`` values in their ``explicitText``. * Allow parsing of negative serial numbers in certificates. Negative serial numbers are prohibited by :rfc:`5280` so a deprecation warning will be raised whenever they are encountered. A future version of ``cryptography`` will drop support for parsing them. * Added support for parsing PKCS12 files with friendly names for all certificates with :func:`~cryptography.hazmat.primitives.serialization.pkcs12.load_pkcs12`, which will return an object of type :class:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12KeyAndCertificates`. * :meth:`~cryptography.x509.Name.rfc4514_string` and related methods now have an optional ``attr_name_overrides`` parameter to supply custom OID to name mappings, which can be used to match vendor-specific extensions. * **BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email address fields as ``E`` in :meth:`~cryptography.x509.Name.rfc4514_string` methods from version 35.0. The previous behavior can be restored with: ``name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})`` * Allow :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey` and :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey` to be used as public keys when parsing certificates or creating them with :class:`~cryptography.x509.CertificateBuilder`. These key types must be signed with a different signing algorithm as ``X25519`` and ``X448`` do not support signing. * Extension values can now be serialized to a DER byte string by calling :func:`~cryptography.x509.ExtensionType.public_bytes`. * Added experimental support for compiling against BoringSSL. As BoringSSL does not commit to a stable API, ``cryptography`` tests against the latest commit only. Please note that several features are not available when building against BoringSSL. * Parsing ``CertificateSigningRequest`` from DER and PEM now, for a limited time period, allows the ``Extension`` ``critical`` field to be incorrectly encoded. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete details. This will be reverted in a future ``cryptography`` release. * When :class:`~cryptography.x509.OCSPNonce` are parsed and generated their value is now correctly wrapped in an ASN.1 ``OCTET STRING``. This conforms to :rfc:`6960` but conflicts with the original behavior specified in :rfc:`2560`. For a temporary period for backwards compatibility, we will also parse values that are encoded as specified in :rfc:`2560` but this behavior will be removed in a future release. .. _v35-0-0: ``` ### 35.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * Changed the :ref:`version scheme <api-stability:versioning>`. This will result in us incrementing the major version more frequently, but does not change our existing backwards compatibility policy. * **BACKWARDS INCOMPATIBLE:** The :doc:`/x509/index` PEM parsers now require that the PEM string passed have PEM delimiters of the correct type. For example, parsing a private key PEM concatenated with a certificate PEM will no longer be accepted by the PEM certificate parser. * **BACKWARDS INCOMPATIBLE:** The X.509 certificate parser no longer allows negative serial numbers. :rfc:`5280` has always prohibited these. * **BACKWARDS INCOMPATIBLE:** Additional forms of invalid ASN.1 found during :doc:`/x509/index` parsing will raise an error on initial parse rather than when the malformed field is accessed. * Rust is now required for building ``cryptography``, the ``CRYPTOGRAPHY_DONT_BUILD_RUST`` environment variable is no longer respected. * Parsers for :doc:`/x509/index` no longer use OpenSSL and have been rewritten in Rust. This should be backwards compatible (modulo the items listed above) and improve both security and performance. * Added support for OpenSSL 3.0.0 as a compilation target. * Added support for :class:`~cryptography.hazmat.primitives.hashes.SM3` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4`, when using OpenSSL 1.1.1. These algorithms are provided for compatibility in regions where they may be required, and are not generally recommended. * We now ship ``manylinux_2_24`` and ``musllinux_1_1`` wheels, in addition to our ``manylinux2010`` and ``manylinux2014`` wheels. Users on distributions like Alpine Linux should ensure they upgrade to the latest ``pip`` to correctly receive wheels. * Added ``rfc4514_attribute_name`` attribute to :attr:`x509.NameAttribute <cryptography.x509.NameAttribute.rfc4514_attribute_name>`. * Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`. .. _v3-4-8: ``` ### 3.4.8 ``` ~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and ``manylinux`` wheels to be compiled with OpenSSL 1.1.1l. .. _v3-4-7: ```
Links - PyPI: https://pypi.org/project/cryptography - Changelog: https://pyup.io/changelogs/cryptography/

Update Flask from 1.1.1 to 2.3.2.

Changelog ### 2.3.2 ``` ------------- Released 2023-05-01 - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. - Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes. ``` ### 2.3.1 ``` ------------- Released 2023-04-25 - Restore deprecated ``from flask import Markup``. :issue:`5084` ``` ### 2.3.0 ``` ------------- Released 2023-04-25 - Drop support for Python 3.7. :pr:`5072` - Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2, itsdangerous>=2.1.2, click>=8.1.3. - Remove previously deprecated code. :pr:`4995` - The ``push`` and ``pop`` methods of the deprecated ``_app_ctx_stack`` and ``_request_ctx_stack`` objects are removed. ``top`` still exists to give extensions more time to update, but it will be removed. - The ``FLASK_ENV`` environment variable, ``ENV`` config key, and ``app.env`` property are removed. - The ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload`` properties on ``app`` are removed. - The ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` config keys are removed. - The ``app.before_first_request`` and ``bp.before_app_first_request`` decorators are removed. - ``json_encoder`` and ``json_decoder`` attributes on app and blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are removed. - The ``json.htmlsafe_dumps`` and ``htmlsafe_dump`` functions are removed. - Calling setup methods on blueprints after registration is an error instead of a warning. :pr:`4997` - Importing ``escape`` and ``Markup`` from ``flask`` is deprecated. Import them directly from ``markupsafe`` instead. :pr:`4996` - The ``app.got_first_request`` property is deprecated. :pr:`4997` - The ``locked_cached_property`` decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:`4993` - Signals are always available. ``blinker>=1.6.2`` is a required dependency. The ``signals_available`` attribute is deprecated. :issue:`5056` - Signals support ``async`` subscriber functions. :pr:`5049` - Remove uses of locks that could cause requests to block each other very briefly. :issue:`4993` - Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``. :pr:`4947` - Ensure subdomains are applied with nested blueprints. :issue:`4834` - ``config.from_file`` can use ``text=False`` to indicate that the parser wants a binary file instead. :issue:`4989` - If a blueprint is created with an empty name it raises a ``ValueError``. :issue:`5010` - ``SESSION_COOKIE_DOMAIN`` does not fall back to ``SERVER_NAME``. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about ``localhost`` and IP addresses are also removed. :issue:`5051` - The ``routes`` command shows each rule's ``subdomain`` or ``host`` when domain matching is in use. :issue:`5004` - Use postponed evaluation of annotations. :pr:`5071` ``` ### 2.2.5 ``` ------------- Released 2023-05-02 - Update for compatibility with Werkzeug 2.3.3. - Set ``Vary: Cookie`` header when the session is accessed, modified, or refreshed. ``` ### 2.2.4 ``` ------------- Released 2023-04-25 - Update for compatibility with Werkzeug 2.3. ``` ### 2.2.3 ``` ------------- Released 2023-02-15 - Autoescape is enabled by default for ``.svg`` template files. :issue:`4831` - Fix the type of ``template_folder`` to accept ``pathlib.Path``. :issue:`4892` - Add ``--debug`` option to the ``flask run`` command. :issue:`4777` ``` ### 2.2.2 ``` ------------- Released 2022-08-08 - Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:`4754` - Fix the default value for ``app.env`` to be ``"production"``. This attribute remains deprecated. :issue:`4740` ``` ### 2.2.1 ``` ------------- Released 2022-08-03 - Setting or accessing ``json_encoder`` or ``json_decoder`` raises a deprecation warning. :issue:`4732` ``` ### 2.2.0 ``` ------------- Released 2022-08-01 - Remove previously deprecated code. :pr:`4667` - Old names for some ``send_file`` parameters have been removed. ``download_name`` replaces ``attachment_filename``, ``max_age`` replaces ``cache_timeout``, and ``etag`` replaces ``add_etags``. Additionally, ``path`` replaces ``filename`` in ``send_from_directory``. - The ``RequestContext.g`` property returning ``AppContext.g`` is removed. - Update Werkzeug dependency to >= 2.2. - The app and request contexts are managed using Python context vars directly rather than Werkzeug's ``LocalStack``. This should result in better performance and memory use. :pr:`4682` - Extension maintainers, be aware that ``_app_ctx_stack.top`` and ``_request_ctx_stack.top`` are deprecated. Store data on ``g`` instead using a unique prefix, like ``g._extension_name_attr``. - The ``FLASK_ENV`` environment variable and ``app.env`` attribute are deprecated, removing the distinction between development and debug mode. Debug mode should be controlled directly using the ``--debug`` option or ``app.run(debug=True)``. :issue:`4714` - Some attributes that proxied config keys on ``app`` are deprecated: ``session_cookie_name``, ``send_file_max_age_default``, ``use_x_sendfile``, ``propagate_exceptions``, and ``templates_auto_reload``. Use the relevant config keys instead. :issue:`4716` - Add new customization points to the ``Flask`` app object for many previously global behaviors. - ``flask.url_for`` will call ``app.url_for``. :issue:`4568` - ``flask.abort`` will call ``app.aborter``. ``Flask.aborter_class`` and ``Flask.make_aborter`` can be used to customize this aborter. :issue:`4567` - ``flask.redirect`` will call ``app.redirect``. :issue:`4569` - ``flask.json`` is an instance of ``JSONProvider``. A different provider can be set to use a different JSON library. ``flask.jsonify`` will call ``app.json.response``, other functions in ``flask.json`` will call corresponding functions in ``app.json``. :pr:`4692` - JSON configuration is moved to attributes on the default ``app.json`` provider. ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_MIMETYPE``, and ``JSONIFY_PRETTYPRINT_REGULAR`` are deprecated. :pr:`4692` - Setting custom ``json_encoder`` and ``json_decoder`` classes on the app or a blueprint, and the corresponding ``json.JSONEncoder`` and ``JSONDecoder`` classes, are deprecated. JSON behavior can now be overridden using the ``app.json`` provider interface. :pr:`4692` - ``json.htmlsafe_dumps`` and ``json.htmlsafe_dump`` are deprecated, the function is built-in to Jinja now. :pr:`4692` - Refactor ``register_error_handler`` to consolidate error checking. Rewrite some error messages to be more consistent. :issue:`4559` - Use Blueprint decorators and functions intended for setup after registering the blueprint will show a warning. In the next version, this will become an error just like the application setup methods. :issue:`4571` - ``before_first_request`` is deprecated. Run setup code when creating the application instead. :issue:`4605` - Added the ``View.init_every_request`` class attribute. If a view subclass sets this to ``False``, the view will not create a new instance on every request. :issue:`2520`. - A ``flask.cli.FlaskGroup`` Click group can be nested as a sub-command in a custom CLI. :issue:`3263` - Add ``--app`` and ``--debug`` options to the ``flask`` CLI, instead of requiring that they are set through environment variables. :issue:`2836` - Add ``--env-file`` option to the ``flask`` CLI. This allows specifying a dotenv file to load in addition to ``.env`` and ``.flaskenv``. :issue:`3108` - It is no longer required to decorate custom CLI commands on ``app.cli`` or ``blueprint.cli`` with ``with_appcontext``, an app context will already be active at that point. :issue:`2410` - ``SessionInterface.get_expiration_time`` uses a timezone-aware value. :pr:`4645` - View functions can return generators directly instead of wrapping them in a ``Response``. :pr:`4629` - Add ``stream_template`` and ``stream_template_string`` functions to render a template as a stream of pieces. :pr:`4629` - A new implementation of context preservation during debugging and testing. :pr:`4666` - ``request``, ``g``, and other context-locals point to the correct data when running code in the interactive debugger console. :issue:`2836` - Teardown functions are always run at the end of the request, even if the context is preserved. They are also run after the preserved context is popped. - ``stream_with_context`` preserves context separately from a ``with client`` block. It will be cleaned up when ``response.get_data()`` or ``response.close()`` is called. - Allow returning a list from a view function, to convert it to a JSON response like a dict is. :issue:`4672` - When type checking, allow ``TypedDict`` to be returned from view functions. :pr:`4695` - Remove the ``--eager-loading/--lazy-loading`` options from the ``flask run`` command. The app is always eager loaded the first time, then lazily loaded in the reloader. The reloader always prints errors immediately but continues serving. Remove the internal ``DispatchingApp`` middleware used by the previous implementation. :issue:`4715` ``` ### 2.1.3 ``` ------------- Released 2022-07-13 - Inline some optional imports that are only used for certain CLI commands. :pr:`4606` - Relax type annotation for ``after_request`` functions. :issue:`4600` - ``instance_path`` for namespace packages uses the path closest to the imported submodule. :issue:`4610` - Clearer error message when ``render_template`` and ``render_template_string`` are used outside an application context. :pr:`4693` ``` ### 2.1.2 ``` ------------- Released 2022-04-28 - Fix type annotation for ``json.loads``, it accepts str or bytes. :issue:`4519` - The ``--cert`` and ``--key`` options on ``flask run`` can be given in either order. :issue:`4459` ``` ### 2.1.1 ``` ------------- Released on 2022-03-30 - Set the minimum required version of importlib_metadata to 3.6.0, which is required on Python < 3.10. :issue:`4502` ``` ### 2.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`4335` - Update Click dependency to >= 8.0. :pr:`4008` - Remove previously deprecated code. :pr:`4337` - The CLI does not pass ``script_info`` to app factory functions. - ``config.from_json`` is replaced by ``config.from_file(name, load=json.load)``. - ``json`` functions no longer take an ``encoding`` parameter. - ``safe_join`` is removed, use ``werkzeug.utils.safe_join`` instead. - ``total_seconds`` is removed, use ``timedelta.total_seconds`` instead. - The same blueprint cannot be registered with the same name. Use ``name=`` when registering to specify a unique name. - The test client's ``as_tuple`` parameter is removed. Use ``response.request.environ`` instead. :pr:`4417` - Some parameters in ``send_file`` and ``send_from_directory`` were renamed in 2.0. The deprecation period for the old names is extended to 2.2. Be sure to test with deprecation warnings visible. - ``attachment_filename`` is renamed to ``download_name``. - ``cache_timeout`` is renamed to ``max_age``. - ``add_etags`` is renamed to ``etag``. - ``filename`` is renamed to ``path``. - The ``RequestContext.g`` property is deprecated. Use ``g`` directly or ``AppContext.g`` instead. :issue:`3898` - ``copy_current_request_context`` can decorate async functions. :pr:`4303` - The CLI uses ``importlib.metadata`` instead of ``setuptools`` to load command entry points. :issue:`4419` - Overriding ``FlaskClient.open`` will not cause an error on redirect. :issue:`3396` - Add an ``--exclude-patterns`` option to the ``flask run`` CLI command to specify patterns that will be ignored by the reloader. :issue:`4188` - When using lazy loading (the default with the debugger), the Click context from the ``flask run`` command remains available in the loader thread. :issue:`4460` - Deleting the session cookie uses the ``httponly`` flag. :issue:`4485` - Relax typing for ``errorhandler`` to allow the user to use more precise types and decorate the same function multiple times. :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` - From Werkzeug, for redirect responses the ``Location`` header URL will remain relative, and exclude the scheme and domain, by default. :pr:`4496` - Add ``Config.from_prefixed_env()`` to load config values from environment variables that start with ``FLASK_`` or another prefix. This parses values as JSON by default, and allows setting keys in nested dicts. :pr:`4479` ``` ### 2.0.3 ``` ------------- Released 2022-02-14 - The test client's ``as_tuple`` parameter is deprecated and will be removed in Werkzeug 2.1. It is now also deprecated in Flask, to be removed in Flask 2.1, while remaining compatible with both in 2.0.x. Use ``response.r
pyup-bot commented 1 year ago

Closing this in favor of #187