Most of the top-level attributes in the werkzeug module are now deprecated, and will be removed in 1.0.0.
For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. A deprecation warning will show the correct import to use. werkzeug.exceptions and werkzeug.routing should also be imported instead of accessed, but for technical reasons can’t show a warning.
Remove code that issued deprecation warnings in version 0.15. (1477)
Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. 2, 1640
Added utils.invalidate_cached_property() to invalidate cached properties. (1474)
Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as "expires" and "version". (1495)
Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. 1562, 1458
Add charset=utf-8 to an HTTP exception response's CONTENT_TYPE header. (1526)
The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. 913, 1037, 1532
The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". 1556
The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (1572)
Issue a warning when the current server name does not match the configured server name. 760
A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. 1584
~exceptions.InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. 1590
Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. 1605
http.dump_cookie accepts 'None' as a value for samesite. 1549
~test.Client.set_cookie accepts a samesite argument. 1705
Support the Content Security Policy header through the Response.content_security_policy data structure. 1617
LanguageAccept will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. 450, 1507
MIMEAccept uses MIME parameters for specificity when matching. 458, 1574
If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. 1469
is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. 409
SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. 1599
Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. 1185
Optional request log highlighting with the development server is handled by Click instead of termcolor. 1235
Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. 1555
FileStorage.save() supports pathlib and 519 PathLike objects. 1653
The debugger security pin is unique in containers managed by Podman. 1661
Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. 488
The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. 1657
Map and Rule have a merge_slashes option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. 1286, 1694
Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. 1678
Add update, setlist, and setlistdefault methods to the Headers data structure. extend method can take MultiDict and kwargs. 1687, 1697
The development server accepts paths that start with two slashes, rather than stripping off the first path segment. 491
Add access control (Cross Origin Request Sharing, CORS) header properties to the Request and Response wrappers. 1699
Accept values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. 1686
Added Map.lock_class attribute for alternative implementations. 1702
Support matching and building WebSocket rules in the routing system, for use by async frameworks. 1709
Range requests that span an entire file respond with 206 instead of 200, to be more compliant with 7233. This may help serving media to older browsers. 410, 1704
The ~middleware.shared_data.SharedDataMiddleware default fallback_mimetype is application/octet-stream. If a filename looks like a text mimetype, the utf-8 charset is added to it. This matches the behavior of ~wrappers.BaseResponse and Flask's send_file(). 1689
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps werkzeug from 0.15.4 to 1.0.0.
Release notes
Sourced from werkzeug's releases.
Changelog
Sourced from werkzeug's changelog.
Commits
dfde671release version 1.0.01daf2c7Merge pull request #1712 from pallets/shared-data-charseta8b2df2SharedDataMiddleware adds utf-8 charset0474354Merge pull request #1711 from pallets/video-range85eaee9range request always returns 206 status07e3c97Merge pull request #1708 from bsolomon1124/master4249e01document werkzeug logger13b6ef0Merge pull request #1709 from pgjones/websocketecd0d75docs cleanupe932a1fAdd support for WebSocket rules in the routingDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)