Changelog
### 1.0.1
```
-------------
Released 2020-03-31
- Make the argument to ``RequestRedirect.get_response`` optional.
:issue:`1718`
- Only allow a single access control allow origin value. :pr:`1723`
- Fix crash when trying to parse a non-existent Content Security
Policy header. :pr:`1731`
- ``http_date`` zero fills years < 1000 to always output four digits.
:issue:`1739`
- Fix missing local variables in interactive debugger console.
:issue:`1746`
- Fix passing file-like objects like ``io.BytesIO`` to
``FileStorage.save``. :issue:`1733`
```
### 1.0.0
```
-------------
Released 2020-02-06
- Drop support for Python 3.4. (:issue:`1478`)
- Remove code that issued deprecation warnings in version 0.15.
(:issue:`1477`)
- Remove most top-level attributes provided by the ``werkzeug``
module in favor of direct imports. For example, instead of
``import werkzeug; werkzeug.url_quote``, do
``from werkzeug.urls import url_quote``. Install version 0.16 first
to see deprecation warnings while upgrading. :issue:`2`, :pr:`1640`
- Added ``utils.invalidate_cached_property()`` to invalidate cached
properties. (:pr:`1474`)
- Directive keys for the ``Set-Cookie`` response header are not
ignored when parsing the ``Cookie`` request header. This allows
cookies with names such as "expires" and "version". (:issue:`1495`)
- Request cookies are parsed into a ``MultiDict`` to capture all
values for cookies with the same key. ``cookies[key]`` returns the
first value rather than the last. Use ``cookies.getlist(key)`` to
get all values. ``parse_cookie`` also defaults to a ``MultiDict``.
:issue:`1562`, :pr:`1458`
- Add ``charset=utf-8`` to an HTTP exception response's
``CONTENT_TYPE`` header. (:pr:`1526`)
- The interactive debugger handles outer variables in nested scopes
such as lambdas and comprehensions. :issue:`913`, :issue:`1037`,
:pr:`1532`
- The user agent for Opera 60 on Mac is correctly reported as
"opera" instead of "chrome". :issue:`1556`
- The platform for Crosswalk on Android is correctly reported as
"android" instead of "chromeos". (:pr:`1572`)
- Issue a warning when the current server name does not match the
configured server name. :issue:`760`
- A configured server name with the default port for a scheme will
match the current server name without the port if the current scheme
matches. :pr:`1584`
- :exc:`~exceptions.InternalServerError` has a ``original_exception``
attribute that frameworks can use to track the original cause of the
error. :pr:`1590`
- Headers are tested for equality independent of the header key case,
such that ``X-Foo`` is the same as ``x-foo``. :pr:`1605`
- :meth:`http.dump_cookie` accepts ``'None'`` as a value for
``samesite``. :issue:`1549`
- :meth:`~test.Client.set_cookie` accepts a ``samesite`` argument.
:pr:`1705`
- Support the Content Security Policy header through the
`Response.content_security_policy` data structure. :pr:`1617`
- ``LanguageAccept`` will fall back to matching "en" for "en-US" or
"en-US" for "en" to better support clients or translations that
only match at the primary language tag. :issue:`450`, :pr:`1507`
- ``MIMEAccept`` uses MIME parameters for specificity when matching.
:issue:`458`, :pr:`1574`
- If the development server is started with an ``SSLContext``
configured to verify client certificates, the certificate in PEM
format will be available as ``environ["SSL_CLIENT_CERT"]``.
:pr:`1469`
- ``is_resource_modified`` will run for methods other than ``GET`` and
``HEAD``, rather than always returning ``False``. :issue:`409`
- ``SharedDataMiddleware`` returns 404 rather than 500 when trying to
access a directory instead of a file with the package loader. The
dependency on setuptools and pkg_resources is removed.
:issue:`1599`
- Add a ``response.cache_control.immutable`` flag. Keep in mind that
browser support for this ``Cache-Control`` header option is still
experimental and may not be implemented. :issue:`1185`
- Optional request log highlighting with the development server is
handled by Click instead of termcolor. :issue:`1235`
- Optional ad-hoc TLS support for the development server is handled
by cryptography instead of pyOpenSSL. :pr:`1555`
- ``FileStorage.save()`` supports ``pathlib`` and :pep:`519`
``PathLike`` objects. :issue:`1653`
- The debugger security pin is unique in containers managed by Podman.
:issue:`1661`
- Building a URL when ``host_matching`` is enabled takes into account
the current host when there are duplicate endpoints with different
hosts. :issue:`488`
- The ``429 TooManyRequests`` and ``503 ServiceUnavailable`` HTTP
exceptions takes a ``retry_after`` parameter to set the
``Retry-After`` header. :issue:`1657`
- ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse
multiple slashes into one, similar to how many HTTP servers behave.
This is enabled by default. :pr:`1286, 1694`
- Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status
codes. :pr:`1678`
- Add ``update``, ``setlist``, and ``setlistdefault`` methods to the
``Headers`` data structure. ``extend`` method can take ``MultiDict``
and kwargs. :pr:`1687, 1697`
- The development server accepts paths that start with two slashes,
rather than stripping off the first path segment. :issue:`491`
- Add access control (Cross Origin Request Sharing, CORS) header
properties to the ``Request`` and ``Response`` wrappers. :pr:`1699`
- ``Accept`` values are no longer ordered alphabetically for equal
quality tags. Instead the initial order is preserved. :issue:`1686`
- Added ``Map.lock_class`` attribute for alternative
implementations. :pr:`1702`
- Support matching and building WebSocket rules in the routing system,
for use by async frameworks. :pr:`1709`
- Range requests that span an entire file respond with 206 instead of
200, to be more compliant with :rfc:`7233`. This may help serving
media to older browsers. :issue:`410, 1704`
- The :class:`~middleware.shared_data.SharedDataMiddleware` default
``fallback_mimetype`` is ``application/octet-stream``. If a filename
looks like a text mimetype, the ``utf-8`` charset is added to it.
This matches the behavior of :class:`~wrappers.BaseResponse` and
Flask's ``send_file()``. :issue:`1689`
```
### 0.16.1
```
--------------
Released 2020-01-27
- Fix import location in deprecation messages for subpackages.
:issue:`1663`
- Fix an SSL error on Python 3.5 when the dev server responds with no
content. :issue:`1659`
```
Links
- PyPI: https://pypi.org/project/werkzeug
- Changelog: https://pyup.io/changelogs/werkzeug/
- Homepage: https://palletsprojects.com/p/werkzeug/
This PR updates werkzeug from 0.16.0 to 1.0.1.
Changelog
### 1.0.1 ``` ------------- Released 2020-03-31 - Make the argument to ``RequestRedirect.get_response`` optional. :issue:`1718` - Only allow a single access control allow origin value. :pr:`1723` - Fix crash when trying to parse a non-existent Content Security Policy header. :pr:`1731` - ``http_date`` zero fills years < 1000 to always output four digits. :issue:`1739` - Fix missing local variables in interactive debugger console. :issue:`1746` - Fix passing file-like objects like ``io.BytesIO`` to ``FileStorage.save``. :issue:`1733` ``` ### 1.0.0 ``` ------------- Released 2020-02-06 - Drop support for Python 3.4. (:issue:`1478`) - Remove code that issued deprecation warnings in version 0.15. (:issue:`1477`) - Remove most top-level attributes provided by the ``werkzeug`` module in favor of direct imports. For example, instead of ``import werkzeug; werkzeug.url_quote``, do ``from werkzeug.urls import url_quote``. Install version 0.16 first to see deprecation warnings while upgrading. :issue:`2`, :pr:`1640` - Added ``utils.invalidate_cached_property()`` to invalidate cached properties. (:pr:`1474`) - Directive keys for the ``Set-Cookie`` response header are not ignored when parsing the ``Cookie`` request header. This allows cookies with names such as "expires" and "version". (:issue:`1495`) - Request cookies are parsed into a ``MultiDict`` to capture all values for cookies with the same key. ``cookies[key]`` returns the first value rather than the last. Use ``cookies.getlist(key)`` to get all values. ``parse_cookie`` also defaults to a ``MultiDict``. :issue:`1562`, :pr:`1458` - Add ``charset=utf-8`` to an HTTP exception response's ``CONTENT_TYPE`` header. (:pr:`1526`) - The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. :issue:`913`, :issue:`1037`, :pr:`1532` - The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". :issue:`1556` - The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (:pr:`1572`) - Issue a warning when the current server name does not match the configured server name. :issue:`760` - A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. :pr:`1584` - :exc:`~exceptions.InternalServerError` has a ``original_exception`` attribute that frameworks can use to track the original cause of the error. :pr:`1590` - Headers are tested for equality independent of the header key case, such that ``X-Foo`` is the same as ``x-foo``. :pr:`1605` - :meth:`http.dump_cookie` accepts ``'None'`` as a value for ``samesite``. :issue:`1549` - :meth:`~test.Client.set_cookie` accepts a ``samesite`` argument. :pr:`1705` - Support the Content Security Policy header through the `Response.content_security_policy` data structure. :pr:`1617` - ``LanguageAccept`` will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. :issue:`450`, :pr:`1507` - ``MIMEAccept`` uses MIME parameters for specificity when matching. :issue:`458`, :pr:`1574` - If the development server is started with an ``SSLContext`` configured to verify client certificates, the certificate in PEM format will be available as ``environ["SSL_CLIENT_CERT"]``. :pr:`1469` - ``is_resource_modified`` will run for methods other than ``GET`` and ``HEAD``, rather than always returning ``False``. :issue:`409` - ``SharedDataMiddleware`` returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. :issue:`1599` - Add a ``response.cache_control.immutable`` flag. Keep in mind that browser support for this ``Cache-Control`` header option is still experimental and may not be implemented. :issue:`1185` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. :pr:`1555` - ``FileStorage.save()`` supports ``pathlib`` and :pep:`519` ``PathLike`` objects. :issue:`1653` - The debugger security pin is unique in containers managed by Podman. :issue:`1661` - Building a URL when ``host_matching`` is enabled takes into account the current host when there are duplicate endpoints with different hosts. :issue:`488` - The ``429 TooManyRequests`` and ``503 ServiceUnavailable`` HTTP exceptions takes a ``retry_after`` parameter to set the ``Retry-After`` header. :issue:`1657` - ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. :pr:`1286, 1694` - Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. :pr:`1678` - Add ``update``, ``setlist``, and ``setlistdefault`` methods to the ``Headers`` data structure. ``extend`` method can take ``MultiDict`` and kwargs. :pr:`1687, 1697` - The development server accepts paths that start with two slashes, rather than stripping off the first path segment. :issue:`491` - Add access control (Cross Origin Request Sharing, CORS) header properties to the ``Request`` and ``Response`` wrappers. :pr:`1699` - ``Accept`` values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. :issue:`1686` - Added ``Map.lock_class`` attribute for alternative implementations. :pr:`1702` - Support matching and building WebSocket rules in the routing system, for use by async frameworks. :pr:`1709` - Range requests that span an entire file respond with 206 instead of 200, to be more compliant with :rfc:`7233`. This may help serving media to older browsers. :issue:`410, 1704` - The :class:`~middleware.shared_data.SharedDataMiddleware` default ``fallback_mimetype`` is ``application/octet-stream``. If a filename looks like a text mimetype, the ``utf-8`` charset is added to it. This matches the behavior of :class:`~wrappers.BaseResponse` and Flask's ``send_file()``. :issue:`1689` ``` ### 0.16.1 ``` -------------- Released 2020-01-27 - Fix import location in deprecation messages for subpackages. :issue:`1663` - Fix an SSL error on Python 3.5 when the dev server responds with no content. :issue:`1659` ```Links
- PyPI: https://pypi.org/project/werkzeug - Changelog: https://pyup.io/changelogs/werkzeug/ - Homepage: https://palletsprojects.com/p/werkzeug/