Scheduled monthly dependency update for July

[pyup-bot]

Update babel from 2.6.0 to 2.7.0.

Changelog

### 2.7.0 ``` ------------- Possibly incompatible changes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These may be backward incompatible in some cases, as some more-or-less internal APIs have changed. Please feel free to file issues if you bump into anything strange and we'll try to help! * General: Internal uses of ``babel.util.odict`` have been replaced with ``collections.OrderedDict`` from The Python standard library. Improvements ~~~~~~~~~~~~ * CLDR: Upgrade to CLDR 35.1 - Alberto Mardegan, Aarni Koskela (626, 643) * General: allow anchoring path patterns to the start of a string - Brian Cappello (600) * General: Bumped version requirement on pytz - chrisbrake (592) * Messages: `pybabel compile`: exit with code 1 if errors were encountered - Aarni Koskela (647) * Messages: Add omit-header to update_catalog - Cédric Krier (633) * Messages: Catalog update: keep user comments from destination by default - Aarni Koskela (648) * Messages: Skip empty message when writing mo file - Cédric Krier (564) * Messages: Small fixes to avoid crashes on badly formatted .po files - Bryn Truscott (597) * Numbers: `parse_decimal()` `strict` argument and `suggestions` - Charly C (590) * Numbers: don't repeat suggestions in parse_decimal strict - Serban Constantin (599) * Numbers: implement currency formatting with long display names - Luke Plant (585) * Numbers: parse_decimal(): assume spaces are equivalent to non-breaking spaces when not in strict mode - Aarni Koskela (649) * Performance: Cache locale_identifiers() - Aarni Koskela (644) Bugfixes ~~~~~~~~ * CLDR: Skip alt=... for week data (minDays, firstDay, weekendStart, weekendEnd) - Aarni Koskela (634) * Dates: Fix wrong weeknumber for 31.12.2018 - BT-sschmid (621) * Locale: Avoid KeyError trying to get data on WindowsXP - mondeja (604) * Locale: get_display_name(): Don't attempt to concatenate variant information to None - Aarni Koskela (645) * Messages: pofile: Add comparison operators to _NormalizedString - Aarni Koskela (646) * Messages: pofile: don't crash when message.locations can't be sorted - Aarni Koskela (646) Tooling & docs ~~~~~~~~~~~~~~ * Docs: Remove all references to deprecated easy_install - Jon Dufresne (610) * Docs: Switch print statement in docs to print function - NotAFile * Docs: Update all pypi.python.org URLs to pypi.org - Jon Dufresne (587) * Docs: Use https URLs throughout project where available - Jon Dufresne (588) * Support: Add testing and document support for Python 3.7 - Jon Dufresne (611) * Support: Test on Python 3.8-dev - Aarni Koskela (642) * Support: Using ABCs from collections instead of collections.abc is deprecated. - Julien Palard (609) * Tests: Fix conftest.py compatibility with pytest 4.3 - Miro Hrončok (635) * Tests: Update pytest and pytest-cov - Miro Hrončok (635) ```

Links

- PyPI: https://pypi.org/project/babel - Changelog: https://pyup.io/changelogs/babel/ - Homepage: http://babel.pocoo.org/ - Docs: https://pythonhosted.org/Babel/

Update certifi from 2018.11.29 to 2019.6.16.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/certifi - Homepage: https://certifi.io/

Update django from 2.1.4 to 2.2.3.

Changelog

### 2.2.3 ``` ========================== *Expected July 1, 2019* Django 2.2.3 fixes several bugs in 2.2.2. Also, the latest string translations from Transifex are incorporated. Bugfixes ======== * Fixed a regression in Django 2.2 where :class:`~django.db.models.Avg`, :class:`~django.db.models.StdDev`, and :class:`~django.db.models.Variance` crash with ``filter`` argument (:ticket:`30542`). * Fixed a regression in Django 2.2.2 where auto-reloader crashes with ``AttributeError``, e.g. when using ``ipdb`` (:ticket:`30588`). ========================== ``` ### 2.2.2 ``` ========================== *June 3, 2019* Django 2.2.2 fixes security issues and several bugs in 2.2.1. CVE-2019-12308: AdminURLFieldWidget XSS --------------------------------------- The clickable "Current URL" link generated by ``AdminURLFieldWidget`` displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. ``AdminURLFieldWidget`` now validates the provided value using :class:`~django.core.validators.URLValidator` before displaying the clickable link. You may customize the validator by passing a ``validator_class`` kwarg to ``AdminURLFieldWidget.__init__()``, e.g. when using :attr:`~django.contrib.admin.ModelAdmin.formfield_overrides`. Patched bundled jQuery for CVE-2019-11358: Prototype pollution -------------------------------------------------------------- jQuery before 3.4.0, mishandles ``jQuery.extend(true, {}, ...)`` because of ``Object.prototype`` pollution. If an unsanitized source object contained an enumerable ``__proto__`` property, it could extend the native ``Object.prototype``. The bundled version of jQuery used by the Django admin has been patched to allow for the ``select2`` library's use of ``jQuery.extend()``. Bugfixes ======== * Fixed a regression in Django 2.2 that stopped Show/Hide toggles working on dynamically added admin inlines (:ticket:`30459`). * Fixed a regression in Django 2.2 where deprecation message crashes if ``Meta.ordering`` contains an expression (:ticket:`30463`). * Fixed a regression in Django 2.2.1 where :class:`~django.contrib.postgres.search.SearchVector` generates SQL with a redundant ``Coalesce`` call (:ticket:`30488`). * Fixed a regression in Django 2.2 where auto-reloader doesn't detect changes in ``manage.py`` file when using ``StatReloader`` (:ticket:`30479`). * Fixed crash of :class:`~django.contrib.postgres.aggregates.ArrayAgg` and :class:`~django.contrib.postgres.aggregates.StringAgg` with ``ordering`` argument when used in a ``Subquery`` (:ticket:`30315`). * Fixed a regression in Django 2.2 that caused a crash of auto-reloader when an exception with custom signature is raised (:ticket:`30516`). * Fixed a regression in Django 2.2.1 where auto-reloader unnecessarily reloads translation files multiple times when using ``StatReloader`` (:ticket:`30523`). ========================== ``` ### 2.2.1 ``` ========================== *May 1, 2019* Django 2.2.1 fixes several bugs in 2.2. Bugfixes ======== * Fixed a regression in Django 2.1 that caused the incorrect quoting of database user password when using :djadmin:`dbshell` on Oracle (:ticket:`30307`). * Added compatibility for ``psycopg2`` 2.8 (:ticket:`30331`). * Fixed a regression in Django 2.2 that caused a crash when loading the template for the technical 500 debug page (:ticket:`30324`). * Fixed crash of ``ordering`` argument in :class:`~django.contrib.postgres.aggregates.ArrayAgg` and :class:`~django.contrib.postgres.aggregates.StringAgg` when it contains an expression with params (:ticket:`30332`). * Fixed a regression in Django 2.2 that caused a single instance fast-delete to not set the primary key to ``None`` (:ticket:`30330`). * Prevented :djadmin:`makemigrations` from generating infinite migrations for check constraints and partial indexes when ``condition`` contains a :class:`~python:range` object (:ticket:`30350`). * Reverted an optimization in Django 2.2 (:ticket:`29725`) that caused the inconsistent behavior of ``count()`` and ``exists()`` on a reverse many-to-many relationship with a custom manager (:ticket:`30325`). * Fixed a regression in Django 2.2 where :class:`~django.core.paginator.Paginator` crashes if ``object_list`` is a queryset ordered or aggregated over a nested ``JSONField`` key transform (:ticket:`30335`). * Fixed a regression in Django 2.2 where ``IntegerField`` validation of database limits crashes if ``limit_value`` attribute in a custom validator is callable (:ticket:`30328`). * Fixed a regression in Django 2.2 where :class:`~django.contrib.postgres.search.SearchVector` generates SQL that is not indexable (:ticket:`30385`). * Fixed a regression in Django 2.2 that caused an exception to be raised when a custom error handler could not be imported (:ticket:`30318`). * Relaxed the system check added in Django 2.2 for the admin app's dependencies to reallow use of :class:`~django.contrib.sessions.middleware.SessionMiddleware` subclasses, rather than requiring :mod:`django.contrib.sessions` to be in :setting:`INSTALLED_APPS` (:ticket:`30312`). * Increased the default timeout when using ``Watchman`` to 5 seconds to prevent falling back to ``StatReloader`` on larger projects and made it customizable via the ``DJANGO_WATCHMAN_TIMEOUT`` environment variable (:ticket:`30361`). * Fixed a regression in Django 2.2 that caused a crash when migrating permissions for proxy models if the target permissions already existed. For example, when a permission had been created manually or a model had been migrated from concrete to proxy (:ticket:`30351`). * Fixed a regression in Django 2.2 that caused a crash of :djadmin:`runserver` when URLConf modules raised exceptions (:ticket:`30323`). * Fixed a regression in Django 2.2 where changes were not reliably detected by auto-reloader when using ``StatReloader`` (:ticket:`30323`). * Fixed a migration crash on Oracle and PostgreSQL when adding a check constraint with a ``contains``, ``startswith``, or ``endswith`` lookup (or their case-insensitive variant) (:ticket:`30408`). * Fixed a migration crash on Oracle and SQLite when adding a check constraint with ``condition`` contains ``|`` (``OR``) operator (:ticket:`30412`). ======================== ``` ### 2.2 ``` ======================== *April 1, 2019* Welcome to Django 2.2! These release notes cover the :ref:`new features <whats-new-2.2>`, as well as some :ref:`backwards incompatible changes <backwards-incompatible-2.2>` you'll want to be aware of when upgrading from Django 2.1 or earlier. We've :ref:`begun the deprecation process for some features <deprecated-features-2.2>`. See the :doc:`/howto/upgrade-version` guide if you're updating an existing project. Django 2.2 is designated as a :term:`long-term support release`. It will receive security updates for at least three years after its release. Support for the previous LTS, Django 1.11, will end in April 2020. Python compatibility ==================== Django 2.2 supports Python 3.5, 3.6, and 3.7. We **highly recommend** and only officially support the latest release of each series. .. _whats-new-2.2: What's new in Django 2.2 ======================== Constraints ----------- The new :class:`~django.db.models.CheckConstraint` and :class:`~django.db.models.UniqueConstraint` classes enable adding custom database constraints. Constraints are added to models using the :attr:`Meta.constraints <django.db.models.Options.constraints>` option. Minor features -------------- :mod:`django.contrib.admin` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Added a CSS class to the column headers of :class:`~django.contrib.admin.TabularInline`. :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ * The ``HttpRequest`` is now passed as the first positional argument to :meth:`.RemoteUserBackend.configure_user`, if it accepts it. :mod:`django.contrib.gis` ~~~~~~~~~~~~~~~~~~~~~~~~~ * Added Oracle support for the :class:`~django.contrib.gis.db.models.functions.Envelope` function. * Added SpatiaLite support for the :lookup:`coveredby` and :lookup:`covers` lookups. :mod:`django.contrib.postgres` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new ``ordering`` argument for :class:`~django.contrib.postgres.aggregates.ArrayAgg` and :class:`~django.contrib.postgres.aggregates.StringAgg` determines the ordering of the aggregated elements. * The new :class:`~django.contrib.postgres.indexes.BTreeIndex`, :class:`~django.contrib.postgres.indexes.HashIndex` and :class:`~django.contrib.postgres.indexes.SpGistIndex` classes allow creating ``B-Tree``, ``hash``, and ``SP-GiST`` indexes in the database. * :class:`~django.contrib.postgres.indexes.BrinIndex` now has the ``autosummarize`` parameter. * The new ``search_type`` parameter of :class:`~django.contrib.postgres.search.SearchQuery` allows searching for a phrase or raw expression. :mod:`django.contrib.staticfiles` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Added path matching to the :option:`collectstatic --ignore` option so that patterns like ``/vendor/*.js`` can be used. Database backends ~~~~~~~~~~~~~~~~~ * Added result streaming for :meth:`.QuerySet.iterator` on SQLite. Generic Views ~~~~~~~~~~~~~ * The new :meth:`View.setup <django.views.generic.base.View.setup>` hook initializes view attributes before calling :meth:`~django.views.generic.base.View.dispatch`. It allows mixins to setup instance attributes for reuse in child classes. Internationalization ~~~~~~~~~~~~~~~~~~~~ * Added support and translations for the Armenian language. Management Commands ~~~~~~~~~~~~~~~~~~~ * The new :option:`--force-color` option forces colorization of the command output. * :djadmin:`inspectdb` now creates models for foreign tables on PostgreSQL. * :option:`inspectdb --include-views` now creates models for materialized views on Oracle and PostgreSQL. * The new :option:`inspectdb --include-partitions` option allows creating models for partition tables on PostgreSQL. In older versions, models are created child tables instead the parent. * :djadmin:`inspectdb` now introspects :class:`~django.db.models.DurationField` for Oracle and PostgreSQL, and :class:`~django.db.models.AutoField` for SQLite. * On Oracle, :djadmin:`dbshell` is wrapped with ``rlwrap``, if available. ``rlwrap`` provides a command history and editing of keyboard input. * The new :option:`makemigrations --no-header` option avoids writing header comments in generated migration file(s). This option is also available for :djadmin:`squashmigrations`. * :djadmin:`runserver` can now use `Watchman <https://facebook.github.io/watchman/>`_ to improve the performance of watching a large number of files for changes. Migrations ~~~~~~~~~~ * The new :option:`migrate --plan` option prints the list of migration operations that will be performed. * ``NoneType`` can now be serialized in migrations. * You can now :ref:`register custom serializers <custom-migration-serializers>` for migrations. Models ~~~~~~ * Added support for PostgreSQL operator classes (:attr:`.Index.opclasses`). * Added support for partial indexes (:attr:`.Index.condition`). * Added the :class:`~django.db.models.functions.NullIf` and :class:`~django.db.models.functions.Reverse` database functions, as well as many :ref:`math database functions <math-functions>`. * Setting the new ``ignore_conflicts`` parameter of :meth:`.QuerySet.bulk_create` to ``True`` tells the database to ignore failure to insert rows that fail uniqueness constraints or other checks. * The new :class:`~django.db.models.functions.ExtractIsoYear` function extracts ISO-8601 week-numbering years from :class:`~django.db.models.DateField` and :class:`~django.db.models.DateTimeField`, and the new :lookup:`iso_year` lookup allows querying by an ISO-8601 week-numbering year. * The new :meth:`.QuerySet.bulk_update` method allows efficiently updating specific fields on multiple model instances. * Django no longer always starts a transaction when a single query is being performed, such as ``Model.save()``, ``QuerySet.update()``, and ``Model.delete()``. This improves the performance of autocommit by reducing the number of database round trips. * Added SQLite support for the :class:`~django.db.models.StdDev` and :class:`~django.db.models.Variance` functions. * The handling of ``DISTINCT`` aggregation is added to the :class:`~django.db.models.Aggregate` class. Adding :attr:`allow_distinct = True <django.db.models.Aggregate.allow_distinct>` as a class attribute on ``Aggregate`` subclasses allows a ``distinct`` keyword argument to be specified on initialization to ensure that the aggregate function is only called for each distinct value of ``expressions``. * The :meth:`.RelatedManager.add`, :meth:`~.RelatedManager.create`, :meth:`~.RelatedManager.remove`, :meth:`~.RelatedManager.set`, ``get_or_create()``, and ``update_or_create()`` methods are now allowed on many-to-many relationships with intermediate models. The new ``through_defaults`` argument is used to specify values for new intermediate model instance(s). Requests and Responses ~~~~~~~~~~~~~~~~~~~~~~ * Added :attr:`.HttpRequest.headers` to allow simple access to a request's headers. Serialization ~~~~~~~~~~~~~ * You can now deserialize data using natural keys containing :ref:`forward references <natural-keys-and-forward-references>` by passing ``handle_forward_references=True`` to ``serializers.deserialize()``. Additionally, :djadmin:`loaddata` handles forward references automatically. Tests ~~~~~ * The new :meth:`.SimpleTestCase.assertURLEqual` assertion checks for a given URL, ignoring the ordering of the query string. :meth:`~.SimpleTestCase.assertRedirects` uses the new assertion. * The test :class:`~.django.test.Client` now supports automatic JSON serialization of list and tuple ``data`` when ``content_type='application/json'``. * The new :setting:`ORACLE_MANAGED_FILES <TEST_ORACLE_MANAGED_FILES>` test database setting allows using Oracle Managed Files (OMF) tablespaces. * Deferrable database constraints are now checked at the end of each :class:`~django.test.TestCase` test on SQLite 3.20+, just like on other backends that support deferrable constraints. These checks aren't implemented for older versions of SQLite because they would require expensive table introspection there. * :class:`~django.test.runner.DiscoverRunner` now skips the setup of databases not :ref:`referenced by tests<testing-multi-db>`. URLs ~~~~ * The new :attr:`.ResolverMatch.route` attribute stores the route of the matching URL pattern. Validators ~~~~~~~~~~ * :class:`.MaxValueValidator`, :class:`.MinValueValidator`, :class:`.MinLengthValidator`, and :class:`.MaxLengthValidator` now accept a callable ``limit_value``. .. _backwards-incompatible-2.2: Backwards incompatible changes in 2.2 ===================================== Database backend API -------------------- This section describes changes that may be needed in third-party database backends. * Third-party database backends must implement support for table check constraints or set ``DatabaseFeatures.supports_table_check_constraints`` to ``False``. * Third party database backends must implement support for ignoring constraints or uniqueness errors while inserting or set ``DatabaseFeatures.supports_ignore_conflicts`` to ``False``. * Third party database backends must implement introspection for ``DurationField`` or set ``DatabaseFeatures.can_introspect_duration_field`` to ``False``. * ``DatabaseFeatures.uses_savepoints`` now defaults to ``True``. * Third party database backends must implement support for partial indexes or set ``DatabaseFeatures.supports_partial_indexes`` to ``False``. * ``DatabaseIntrospection.table_name_converter()`` and ``column_name_converter()`` are removed. Third party database backends may need to instead implement ``DatabaseIntrospection.identifier_converter()``. In that case, the constraint names that ``DatabaseIntrospection.get_constraints()`` returns must be normalized by ``identifier_converter()``. * SQL generation for indexes is moved from :class:`~django.db.models.Index` to ``SchemaEditor`` and these ``SchemaEditor`` methods are added: * ``_create_primary_key_sql()`` and ``_delete_primary_key_sql()`` * ``_delete_index_sql()`` (to pair with ``_create_index_sql()``) * ``_delete_unique_sql`` (to pair with ``_create_unique_sql()``) * ``_delete_fk_sql()`` (to pair with ``_create_fk_sql()``) * ``_create_check_sql()`` and ``_delete_check_sql()`` * The third argument of ``DatabaseWrapper.__init__()``, ``allow_thread_sharing``, is removed. Admin actions are no longer collected from base ``ModelAdmin`` classes ---------------------------------------------------------------------- For example, in older versions of Django:: from django.contrib import admin class BaseAdmin(admin.ModelAdmin): actions = ['a'] class SubAdmin(BaseAdmin): actions = ['b'] ``SubAdmin`` would have actions ``'a'`` and ``'b'``. Now ``actions`` follows standard Python inheritance. To get the same result as before:: class SubAdmin(BaseAdmin): actions = BaseAdmin.actions + ['b'] :mod:`django.contrib.gis` ------------------------- * Support for GDAL 1.9 and 1.10 is dropped. ``TransactionTestCase`` serialized data loading ----------------------------------------------- Initial data migrations are now loaded in :class:`~django.test.TransactionTestCase` at the end of the test, after the database flush. In older versions, this data was loaded at the beginning of the test, but this prevents the :option:`test --keepdb` option from working properly (the database was empty at the end of the whole test suite). This change shouldn't have an impact on your tests unless you've customized :class:`~django.test.TransactionTestCase`'s internals. ``sqlparse`` is required dependency ----------------------------------- To simplify a few parts of Django's database handling, `sqlparse <https://pypi.org/project/sqlparse/>`_ is now a required dependency. It's automatically installed along with Django. ``cached_property`` aliases --------------------------- In usage like:: from django.utils.functional import cached_property class A: cached_property def base(self): return ... alias = base ``alias`` is not cached. Where the problem can be detected (Python 3.6 and later), such usage now raises ``TypeError: Cannot assign the same cached_property to two different names ('base' and 'alias').`` Use this instead:: import operator class A: ... alias = property(operator.attrgetter('base')) Permissions for proxy models ---------------------------- :ref:`Permissions for proxy models <proxy-models-permissions-topic>` are now created using the content type of the proxy model rather than the content type of the concrete model. A migration will update existing permissions when you run :djadmin:`migrate`. In the admin, the change is transparent for proxy models having the same ``app_label`` as their concrete model. However, in older versions, users with permissions for a proxy model with a *different* ``app_label`` than its concrete model couldn't access the model in the admin. That's now fixed, but you might want to audit the permissions assignments for such proxy models (``[add|view|change|delete]_myproxy``) prior to upgrading to ensure the new access is appropriate. Finally, proxy model permission strings must be updated to use their own ``app_label``. For example, for ``app.MyProxyModel`` inheriting from ``other_app.ConcreteModel``, update ``user.has_perm('other_app.add_myproxymodel')`` to ``user.has_perm('app.add_myproxymodel')``. Merging of form ``Media`` assets -------------------------------- Form ``Media`` assets are now merged using a topological sort algorithm, as the old pairwise merging algorithm is insufficient for some cases. CSS and JavaScript files which don't include their dependencies may now be sorted incorrectly (where the old algorithm produced results correctly by coincidence). Audit all ``Media`` classes for any missing dependencies. For example, widgets depending on ``django.jQuery`` must specify ``js=['admin/js/jquery.init.js', ...]`` when :ref:`declaring form media assets <assets-as-a-static-definition>`. Miscellaneous ------------- * To improve readability, the ``UUIDField`` form field now displays values with dashes, e.g. ``550e8400-e29b-41d4-a716-446655440000`` instead of ``550e8400e29b41d4a716446655440000``. * On SQLite, ``PositiveIntegerField`` and ``PositiveSmallIntegerField`` now include a check constraint to prevent negative values in the database. If you have existing invalid data and run a migration that recreates a table, you'll see ``CHECK constraint failed``. * For consistency with WSGI servers, the test client now sets the ``Content-Length`` header to a string rather than an integer. * The return value of :func:`django.utils.text.slugify` is no longer marked as HTML safe. * The default truncation character used by the :tfilter:`urlizetrunc`, :tfilter:`truncatechars`, :tfilter:`truncatechars_html`, :tfilter:`truncatewords`, and :tfilter:`truncatewords_html` template filters is now the real ellipsis character (``…``) instead of 3 dots. You may have to adapt some test output comparisons. * Support for bytestring paths in the template filesystem loader is removed. * :func:`django.utils.http.urlsafe_base64_encode` now returns a string instead of a bytestring, and :func:`django.utils.http.urlsafe_base64_decode` may no longer be passed a bytestring. * Support for ``cx_Oracle`` < 6.0 is removed. * The minimum supported version of ``mysqlclient`` is increased from 1.3.7 to 1.3.13. * The minimum supported version of SQLite is increased from 3.7.15 to 3.8.3. * In an attempt to provide more semantic query data, ``NullBooleanSelect`` now renders ``<option>`` values of ``unknown``, ``true``, and ``false`` instead of ``1``, ``2``, and ``3``. For backwards compatibility, the old values are still accepted as data. * :attr:`Group.name <django.contrib.auth.models.Group.name>` ``max_length`` is increased from 80 to 150 characters. * Tests that violate deferrable database constraints now error when run on SQLite 3.20+, just like on other backends that support such constraints. * To catch usage mistakes, the test :class:`~django.test.Client` and :func:`django.utils.http.urlencode` now raise ``TypeError`` if ``None`` is passed as a value to encode because ``None`` can't be encoded in GET and POST data. Either pass an empty string or omit the value. * The :djadmin:`ping_google` management command now defaults to ``https`` instead of ``http`` for the sitemap's URL. If your site uses http, use the new :option:`ping_google --sitemap-uses-http` option. If you use the :func:`~django.contrib.sitemaps.ping_google` function, set the new ``sitemap_uses_https`` argument to ``False``. * :djadmin:`runserver` no longer supports `pyinotify` (replaced by Watchman). * The :class:`~django.db.models.Avg`, :class:`~django.db.models.StdDev`, and :class:`~django.db.models.Variance` aggregate functions now return a ``Decimal`` instead of a ``float`` when the input is ``Decimal``. * Tests will fail on SQLite if apps without migrations have relations to apps with migrations. This has been a documented restriction since migrations were added in Django 1.7, but it fails more reliably now. You'll see tests failing with errors like ``no such table: <app_label>_<model>``. This was observed with several third-party apps that had models in tests without migrations. You must add migrations for such models. .. _deprecated-features-2.2: Features deprecated in 2.2 ========================== Model ``Meta.ordering`` will no longer affect ``GROUP BY`` queries ------------------------------------------------------------------ A model's ``Meta.ordering`` affecting ``GROUP BY`` queries (such as ``.annotate().values()``) is a common source of confusion. Such queries now issue a deprecation warning with the advice to add an ``order_by()`` to retain the current query. ``Meta.ordering`` will be ignored in such queries starting in Django 3.1. Miscellaneous ------------- * ``django.utils.timezone.FixedOffset`` is deprecated in favor of :class:`datetime.timezone`. * The undocumented ``QuerySetPaginator`` alias of ``django.core.paginator.Paginator`` is deprecated. * The ``FloatRangeField`` model and form fields in ``django.contrib.postgres`` are deprecated in favor of a new name, ``DecimalRangeField``, to match the underlying ``numrange`` data type used in the database. * The ``FILE_CHARSET`` setting is deprecated. Starting with Django 3.1, files read from disk must be UTF-8 encoded. * ``django.contrib.staticfiles.storage.CachedStaticFilesStorage`` is deprecated due to the intractable problems that it has. Use :class:`.ManifestStaticFilesStorage` or a third-party cloud storage instead. * :meth:`.RemoteUserBackend.configure_user` is now passed ``request`` as the first positional argument, if it accepts it. Support for overrides that don't accept it will be removed in Django 3.1. * The :attr:`.SimpleTestCase.allow_database_queries`, :attr:`.TransactionTestCase.multi_db`, and :attr:`.TestCase.multi_db` attributes are deprecated in favor of :attr:`.SimpleTestCase.databases`, :attr:`.TransactionTestCase.databases`, and :attr:`.TestCase.databases`. These new attributes allow databases dependencies to be declared in order to prevent unexpected queries against non-default databases to leak state between tests. The previous behavior of ``allow_database_queries=True`` and ``multi_db=True`` can be achieved by setting ``databases='__all__'``. =========================== ``` ### 2.1.10 ``` =========================== *July 1, 2019* Django 2.1.10 fixes a security issue in 2.1.9. ============================ ``` ### 2.1.9 ``` ============================ *June 3, 2019* Django 2.1.9 fixes security issues in 2.1.8. CVE-2019-12308: AdminURLFieldWidget XSS --------------------------------------- The clickable "Current URL" link generated by ``AdminURLFieldWidget`` displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. ``AdminURLFieldWidget`` now validates the provided value using :class:`~django.core.validators.URLValidator` before displaying the clickable link. You may customize the validator by passing a ``validator_class`` kwarg to ``AdminURLFieldWidget.__init__()``, e.g. when using :attr:`~django.contrib.admin.ModelAdmin.formfield_overrides`. Patched bundled jQuery for CVE-2019-11358: Prototype pollution -------------------------------------------------------------- jQuery before 3.4.0, mishandles ``jQuery.extend(true, {}, ...)`` because of ``Object.prototype`` pollution. If an unsanitized source object contained an enumerable ``__proto__`` property, it could extend the native ``Object.prototype``. The bundled version of jQuery used by the Django admin has been patched to allow for the ``select2`` library's use of ``jQuery.extend()``. ========================== ``` ### 2.1.8 ``` ========================== *April 1, 2019* Django 2.1.8 fixes a bug in 2.1.7. Bugfixes ======== * Prevented admin inlines for a ``ManyToManyField``\'s implicit through model from being editable if the user only has the view permission (:ticket:`30289`). ========================== ``` ### 2.1.7 ``` ========================== *February 11, 2019* Django 2.1.7 fixes a packaging error in 2.1.6. Bugfixes ======== * Corrected packaging error from 2.1.6 (:ticket:`30175`). ========================== ``` ### 2.1.5 ``` ========================== *January 4, 2019* Django 2.1.5 fixes a security issue and several bugs in 2.1.4. CVE-2019-3498: Content spoofing possibility in the default 404 page ------------------------------------------------------------------- An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the ``django.views.defaults.page_not_found()`` view. The URL path is no longer displayed in the default 404 template and the ``request_path`` context variable is now quoted to fix the issue for custom templates that use the path. Bugfixes ======== * Fixed compatibility with mysqlclient 1.3.14 (:ticket:`30013`). * Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and rebuild your SQLite database if you applied a migration while using an older version of Django with SQLite 3.26 or later (:ticket:`29182`). * Prevented SQLite schema alterations while foreign key checks are enabled to avoid the possibility of schema corruption (:ticket:`30023`). * Fixed a regression in Django 2.1.4 (which enabled keep-alive connections) where request body data isn't properly consumed for such connections (:ticket:`30015`). * Fixed a regression in Django 2.1.4 where ``InlineModelAdmin.has_change_permission()`` is incorrectly called with a non-``None`` ``obj`` argument during an object add (:ticket:`30050`). ========================== ```

Links

- PyPI: https://pypi.org/project/django - Changelog: https://pyup.io/changelogs/django/ - Homepage: https://www.djangoproject.com/

Update jinja2 from 2.10 to 2.10.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/jinja2 - Homepage: http://jinja.pocoo.org/

Update livereload from 2.6.0 to 2.6.1.

Changelog

### 2.6.1 ``` ------------- Released on May 7, 2019 1. Fixed bugs ```

Links

- PyPI: https://pypi.org/project/livereload - Changelog: https://pyup.io/changelogs/livereload/ - Repo: https://github.com/lepture/python-livereload

Update markupsafe from 1.1.0 to 1.1.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/markupsafe - Changelog: https://pyup.io/changelogs/markupsafe/ - Homepage: https://palletsprojects.com/p/markupsafe/

Update packaging from 18.0 to 19.0.

Changelog

### 19.0 ``` ~~~~~~~~~~~~~~~~~ * Fix string representation of PEP 508 direct URL requirements with markers. * Better handling of file URLs This allows for using ``file:///absolute/path``, which was previously prevented due to the missing ``netloc``. This allows for all file URLs that ``urlunparse`` turns back into the original URL to be valid. ```

Links

- PyPI: https://pypi.org/project/packaging - Changelog: https://pyup.io/changelogs/packaging/ - Repo: https://github.com/pypa/packaging

Update port-for from 0.3.1 to 0.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/port-for - Repo: https://github.com/kmike/port-for/

Update psycopg2 from 2.7.6.1 to 2.8.3.

Changelog

### 2.8.3 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Added *interval_status* parameter to `~psycopg2.extras.ReplicationCursor.start_replication()` method and other facilities to send automatic replication keepalives at periodic intervals (:ticket:`913`). - Fixed namedtuples caching introduced in 2.8 (:ticket:`928`). ``` ### 2.8.2 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Fixed `~psycopg2.extras.RealDictCursor` when there are repeated columns (:ticket:`884`). - Binary packages built with openssl 1.1.1b. Should fix concurrency problems (:tickets:`543, 836`). ``` ### 2.8.1 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Fixed `~psycopg2.extras.RealDictRow` modifiability (:ticket:`886`). - Fixed "there's no async cursor" error polling a connection with no cursor (:ticket:`887`). ``` ### 2.8 ``` ------------------------- New features: - Added `~psycopg2.errors` module. Every PostgreSQL error is converted into a specific exception class (:ticket:`682`). - Added `~psycopg2.extensions.encrypt_password()` function (:ticket:`576`). - Added `~psycopg2.extensions.BYTES` adapter to manage databases with mixed encodings on Python 3 (:ticket:`835`). - Added `~psycopg2.extensions.Column.table_oid` and `~psycopg2.extensions.Column.table_column` attributes on `cursor.description` items (:ticket:`661`). - Added `connection.info` object to retrieve various PostgreSQL connection information (:ticket:`726`). - Added `~connection.get_native_connection()` to expose the raw ``PGconn`` structure to C extensions via Capsule (:ticket:`782`). - Added `~connection.pgconn_ptr` and `~cursor.pgresult_ptr` to expose raw C structures to Python and interact with libpq via ctypes (:ticket:`782`). - `~psycopg2.sql.Identifier` can represent qualified names in SQL composition (:ticket:`732`). - Added `!ReplicationCursor`.\ `~psycopg2.extras.ReplicationCursor.wal_end` attribute (:ticket:`800`). - Added *fetch* parameter to `~psycopg2.extras.execute_values()` function (:ticket:`813`). - `!str()` on `~psycopg2.extras.Range` produces a human-readable representation (:ticket:`773`). - `~psycopg2.extras.DictCursor` and `~psycopg2.extras.RealDictCursor` rows maintain columns order (:ticket:`177`). - Added `~psycopg2.extensions.Diagnostics.severity_nonlocalized` attribute on the `~psycopg2.extensions.Diagnostics` object (:ticket:`783`). - More efficient `~psycopg2.extras.NamedTupleCursor` (:ticket:`838`). Bug fixes: - Fixed connections occasionally broken by the unrelated use of the multiprocessing module (:ticket:`829`). - Fixed async communication blocking if results are returned in different chunks, e.g. with notices interspersed to the results (:ticket:`856`). - Fixed adaptation of numeric subclasses such as `~enum.IntEnum` (:ticket:`591`). Other changes: - Dropped support for Python 2.6, 3.2, 3.3. - Dropped `psycopg1` module. - Dropped deprecated `!register_tstz_w_secs()` (was previously a no-op). - Dropped deprecated `!PersistentConnectionPool`. This pool class was mostly designed to interact with Zope. Use `!ZPsycopgDA.pool` instead. - Binary packages no longer installed by default. The 'psycopg2-binary' package must be used explicitly. - Dropped `!PSYCOPG_DISPLAY_SIZE` build parameter. - Dropped support for mxDateTime as the default date and time adapter. mxDatetime support continues to be available as an alternative to Python's builtin datetime. - No longer use 2to3 during installation for Python 2 & 3 compatibility. All source files are now compatible with Python 2 & 3 as is. - The `!psycopg2.test` package is no longer installed by ``python setup.py install``. - Wheel package compiled against OpenSSL 1.0.2r and PostgreSQL 11.2 libpq. ``` ### 2.7.7 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Cleanup of the cursor results assignment code, which might have solved double free and inconsistencies in concurrent usage (:tickets:`346, 384`). - Wheel package compiled against OpenSSL 1.0.2q. ```

Links

- PyPI: https://pypi.org/project/psycopg2 - Changelog: https://pyup.io/changelogs/psycopg2/ - Homepage: http://initd.org/psycopg/

Update pygments from 2.3.0 to 2.4.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/pygments - Homepage: http://pygments.org/

Update pyparsing from 2.3.0 to 2.4.0.

Changelog

### 2.4.0 ``` --------------------------- - Well, it looks like the API change that was introduced in 2.3.1 was more drastic than expected, so for a friendlier forward upgrade path, this release: . Bumps the current version number to 2.4.0, to reflect this incompatible change. . Adds a pyparsing.__compat__ object for specifying compatibility with future breaking changes. . Conditionalizes the API-breaking behavior, based on the value pyparsing.__compat__.collect_all_And_tokens. By default, this value will be set to True, reflecting the new bugfixed behavior. To set this value to False, add to your code: import pyparsing pyparsing.__compat__.collect_all_And_tokens = False . User code that is dependent on the pre-bugfix behavior can restore it by setting this value to False. In 2.5 and later versions, the conditional code will be removed and setting the flag to True or False in these later versions will have no effect. - Updated unitTests.py and simple_unit_tests.py to be compatible with "python setup.py test". To run tests using setup, do: python setup.py test python setup.py test -s unitTests.suite python setup.py test -s simple_unit_tests.suite Prompted by issue 83 and PR submitted by bdragon28, thanks. - Fixed bug in runTests handling '\n' literals in quoted strings. - Added tag_body attribute to the start tag expressions generated by makeHTMLTags, so that you can avoid using SkipTo to roll your own tag body expression: a, aEnd = pp.makeHTMLTags('a') link = a + a.tag_body("displayed_text") + aEnd for t in s.searchString(html_page): print(t.displayed_text, '->', t.startA.href) - indentedBlock failure handling was improved; PR submitted by TMiguelT, thanks! - Address Py2 incompatibility in simpleUnitTests, plus explain() and Forward str() cleanup; PRs graciously provided by eswald. - Fixed docstring with embedded '\w', which creates SyntaxWarnings in Py3.8, issue 80. - Examples: - Added example parser for rosettacode.org tutorial compiler. - Added example to show how an HTML table can be parsed into a collection of Python lists or dicts, one per row. - Updated SimpleSQL.py example to handle nested selects, reworked 'where' expression to use infixNotation. - Added include_preprocessor.py, similar to macroExpander.py. - Examples using makeHTMLTags use new tag_body expression when retrieving a tag's body text. - Updated examples that are runnable as unit tests: python setup.py test -s examples.antlr_grammar_tests python setup.py test -s examples.test_bibparse ``` ### 2.3.1 ``` ----------------------------- - POSSIBLE API CHANGE: this release fixes a bug when results names were attached to a MatchFirst or Or object containing an And object. Previously, a results name on an And object within an enclosing MatchFirst or Or could return just the first token in the And. Now, all the tokens matched by the And are correctly returned. This may result in subtle changes in the tokens returned if you have this condition in your pyparsing scripts. - New staticmethod ParseException.explain() to help diagnose parse exceptions by showing the failing input line and the trace of ParserElements in the parser leading up to the exception. explain() returns a multiline string listing each element by name. (This is still an experimental method, and the method signature and format of the returned string may evolve over the next few releases.) Example: define a parser to parse an integer followed by an alphabetic word expr = pp.Word(pp.nums).setName("int") + pp.Word(pp.alphas).setName("word") try: parse a string with a numeric second value instead of alpha expr.parseString("123 355") except pp.ParseException as pe: print(pp.ParseException.explain(pe)) Prints: 123 355 ^ ParseException: Expected word (at char 4), (line:1, col:5) __main__.ExplainExceptionTest pyparsing.And - {int word} pyparsing.Word - word explain() will accept any exception type and will list the function names and parse expressions in the stack trace. This is especially useful when an exception is raised in a parse action. Note: explain() is only supported under Python 3. - Fix bug in dictOf which could match an empty sequence, making it infinitely loop if wrapped in a OneOrMore. - Added unicode sets to pyparsing_unicode for Latin-A and Latin-B ranges. - Added ability to define custom unicode sets as combinations of other sets using multiple inheritance. class Turkish_set(pp.pyparsing_unicode.Latin1, pp.pyparsing_unicode.LatinA): pass turkish_word = pp.Word(Turkish_set.alphas) - Updated state machine import examples, with state machine demos for: . traffic light . library book checkin/checkout . document review/approval In the traffic light example, you can use the custom 'statemachine' keyword to define the states for a traffic light, and have the state classes auto-generated for you: statemachine TrafficLightState: Red -> Green Green -> Yellow Yellow -> Red Similar for state machines with named transitions, like the library book state example: statemachine LibraryBookState: New -(shelve)-> Available Available -(reserve)-> OnHold OnHold -(release)-> Available Available -(checkout)-> CheckedOut CheckedOut -(checkin)-> Available Once the classes are defined, then additional Python code can reference those classes to add class attributes, instance methods, etc. See the examples in examples/statemachine - Added an example parser for the decaf language. This language is used in CS compiler classes in many colleges and universities. - Fixup of docstrings to Sphinx format, inclusion of test files in the source package, and convert markdown to rst throughout the distribution, great job by Matěj Cepl! - Expanded the whitespace characters recognized by the White class to include all unicode defined spaces. Suggested in Issue 51 by rtkjbillo. - Added optional postParse argument to ParserElement.runTests() to add a custom callback to be called for test strings that parse successfully. Useful for running tests that do additional validation or processing on the parsed results. See updated chemicalFormulas.py example. - Removed distutils fallback in setup.py. If installing the package fails, please update to the latest version of setuptools. Plus overall project code cleanup (CRLFs, whitespace, imports, etc.), thanks Jon Dufresne! - Fix bug in CaselessKeyword, to make its behavior consistent with Keyword(caseless=True). Fixes Issue 65 reported by telesphore. ```

Links

- PyPI: https://pypi.org/project/pyparsing - Changelog: https://pyup.io/changelogs/pyparsing/ - Repo: https://github.com/pyparsing/pyparsing/ - Docs: https://pythonhosted.org/pyparsing/

Update python-dotenv from 0.10.1 to 0.10.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/python-dotenv - Changelog: https://pyup.io/changelogs/python-dotenv/ - Repo: http://github.com/theskumar/python-dotenv

Update pytz from 2018.7 to 2019.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/pytz - Homepage: http://pythonhosted.org/pytz - Docs: https://pythonhosted.org/pytz/

Update pyyaml from 3.13 to 5.1.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/pyyaml - Repo: https://github.com/yaml/pyyaml

Update requests from 2.21.0 to 2.22.0.

Changelog

### 2.22.0 ``` ------------------- **Dependencies** - Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible) **Deprecations** - Requests has officially stopped support for Python 3.4. ```

Links

- PyPI: https://pypi.org/project/requests - Changelog: https://pyup.io/changelogs/requests/ - Homepage: http://python-requests.org

Update snowballstemmer from 1.2.1 to 1.9.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/snowballstemmer - Repo: https://github.com/snowballstem/snowball

Update sphinx from 1.8.2 to 2.1.2.

Changelog

### 2.1.2 ``` ============================== Dependencies ------------ Incompatible changes -------------------- Deprecated ---------- Features added -------------- Bugs fixed ---------- Testing -------- ``` ### 2.1.1 ``` ===================================== Incompatible changes -------------------- * 6447: autodoc: Stop to generate document for undocumented module variables Bugs fixed ---------- * 6442: LaTeX: admonitions of :rst:dir:`note` type can get separated from immediately preceding section title by pagebreak * 6448: autodoc: crashed when autodocumenting classes with ``__slots__ = None`` * 6451: autodoc: generates docs for "optional import"ed modules as variables * 6452: autosummary: crashed when generating document of properties * 6455: napoleon: docstrings for properties are not processed * 6436: napoleon: "Unknown target name" error if variable name ends with underscore * 6440: apidoc: missing blank lines between modules ``` ### 2.1.0 ``` ===================================== Incompatible changes -------------------- * Ignore filenames without file extension given to ``Builder.build_specific()`` API directly * 6230: The anchor of term in glossary directive is changed if it is consisted by non-ASCII characters * 4550: html: Centering tables by default using CSS * 6239: latex: xelatex and xeCJK are used for Chinese documents by default * ``Sphinx.add_lexer()`` now takes a Lexer class instead of instance. An instance of lexers are still supported until Sphinx-3.x. Deprecated ---------- * ``sphinx.builders.latex.LaTeXBuilder.apply_transforms()`` * ``sphinx.builders._epub_base.EpubBuilder.esc()`` * ``sphinx.directives.Acks`` * ``sphinx.directives.Author`` * ``sphinx.directives.Centered`` * ``sphinx.directives.Class`` * ``sphinx.directives.CodeBlock`` * ``sphinx.directives.Figure`` * ``sphinx.directives.HList`` * ``sphinx.directives.Highlight`` * ``sphinx.directives.Include`` * ``sphinx.directives.Index`` * ``sphinx.directives.LiteralInclude`` * ``sphinx.directives.Meta`` * ``sphinx.directives.Only`` * ``sphinx.directives.SeeAlso`` * ``sphinx.directives.TabularColumns`` * ``sphinx.directives.TocTree`` * ``sphinx.directives.VersionChange`` * ``sphinx.domains.python.PyClassmember`` * ``sphinx.domains.python.PyModulelevel`` * ``sphinx.domains.std.StandardDomain._resolve_citation_xref()`` * ``sphinx.domains.std.StandardDomain.note_citations()`` * ``sphinx.domains.std.StandardDomain.note_citation_refs()`` * ``sphinx.domains.std.StandardDomain.note_labels()`` * ``sphinx.environment.NoUri`` * ``sphinx.ext.apidoc.format_directive()`` * ``sphinx.ext.apidoc.format_heading()`` * ``sphinx.ext.apidoc.makename()`` * ``sphinx.ext.autodoc.importer.MockFinder`` * ``sphinx.ext.autodoc.importer.MockLoader`` * ``sphinx.ext.autodoc.importer.mock()`` * ``sphinx.ext.autosummary.autolink_role()`` * ``sphinx.ext.imgmath.DOC_BODY`` * ``sphinx.ext.imgmath.DOC_BODY_PREVIEW`` * ``sphinx.ext.imgmath.DOC_HEAD`` * ``sphinx.transforms.CitationReferences`` * ``sphinx.transforms.SmartQuotesSkipper`` * ``sphinx.util.docfields.DocFieldTransformer.preprocess_fieldtypes()`` * ``sphinx.util.node.find_source_node()`` * ``sphinx.util.i18n.find_catalog()`` * ``sphinx.util.i18n.find_catalog_files()`` * ``sphinx.util.i18n.find_catalog_source_files()`` For more details, see :ref:`deprecation APIs list <dev-deprecated-apis>`. Features added -------------- * Add a helper class ``sphinx.transforms.post_transforms.SphinxPostTransform`` * Add helper methods - ``PythonDomain.note_module()`` - ``PythonDomain.note_object()`` - ``SphinxDirective.set_source_info()`` * 6180: Support ``--keep-going`` with BuildDoc setup command * ``math`` directive now supports ``:class:`` option * 6310: imgmath: let :confval:`imgmath_use_preview` work also with the SVG format for images rendering inline math * todo: ``todo`` directive now supports ``:name:`` option * Enable override via environment of ``SPHINXOPTS`` and ``SPHINXBUILD`` Makefile variables (refs: 6232, 6303) * 6287: autodoc: Unable to document bound instance methods exported as module functions * 6289: autodoc: :confval:`autodoc_default_options` now supports ``imported-members`` option * 4777: autodoc: Support coroutine * 744: autodoc: Support abstractmethod * 6325: autodoc: Support attributes in __slots__. For dict-style __slots__, autodoc considers values as a docstring of the attribute * 6361: autodoc: Add :confval:`autodoc_typehints` to suppress typehints from signature * 1063: autodoc: ``automodule`` directive now handles undocumented module level variables * 6212 autosummary: Add :confval:`autosummary_imported_members` to display imported members on autosummary * 6271: ``make clean`` is catastrophically broken if building into '.' * 6363: Support ``%O%`` environment variable in make.bat * 4777: py domain: Add ``:async:`` option to :rst:dir:`py:function` directive * py domain: Add new options to :rst:dir:`py:method` directive - ``:abstractmethod:`` - ``:async:`` - ``:classmethod:`` - ``:property:`` - ``:staticmethod:`` * rst domain: Add :rst:dir:`directive:option` directive to describe the option for directive * 6306: html: Add a label to search form for accessability purposes * 4390: html: Consistent and semantic CSS for signatures * 6358: The ``rawsource`` property of ``production`` nodes now contains the full production rule * 6373: autosectionlabel: Allow suppression of warnings * coverage: Support a new ``coverage_ignore_pyobjects`` option * 6239: latex: Support to build Chinese documents Bugs fixed ---------- * 6230: Inappropriate node_id has been generated by glossary directive if term is consisted by non-ASCII characters * 6213: ifconfig: contents after headings are not shown * commented term in glossary directive is wrongly recognized * 6299: rst domain: rst:directive directive generates waste space * 6379: py domain: Module index (py-modindex.html) has duplicate titles * 6331: man: invalid output when doctest follows rubric * 6351: "Hyperlink target is not referenced" message is shown even if referenced * 6165: autodoc: ``tab_width`` setting of docutils has been ignored * 6347: autodoc: crashes with a plain Tuple on Python 3.6 and 3.5 * 6311: autosummary: autosummary table gets confused by complex type hints * 6350: autosummary: confused by an argument having some kind of default value * Generated Makefiles lack a final EOL (refs: 6232) * 6375: extlinks: Cannot escape angle brackets in link caption * 6378: linkcheck: Send commonly used User-Agent * 6387: html search: failed to search document with haiku and scrolls themes * 6408: html search: Fix the ranking of search results * 6406: Wrong year is returned for ``SOURCE_DATE_EPOCH`` * 6402: image directive crashes by unknown image format * 6286: C++, allow 8 and 9 in hexadecimal integer literals. * 6305: Fix the string in quickstart for 'path' argument of parser * LaTeX: Figures in admonitions produced errors (refs: 6364) ``` ### 2.0.1 ``` ===================================== Bugs fixed ---------- * LaTeX: some system labels are not translated * RemovedInSphinx30Warning is marked as pending * deprecation warnings are not emitted - sphinx.application.CONFIG_FILENAME - sphinx.builders.htmlhelp - :confval:`viewcode_import` * 6208: C++, properly parse full xrefs that happen to have a short xref as prefix * 6220, 6225: napoleon: AttributeError is raised for raised section having references * 6245: circular import error on importing SerializingHTMLBuilder * 6243: LaTeX: 'releasename' setting for latex_elements is ignored * 6244: html: Search function is broken with 3rd party themes * 6263: html: HTML5Translator crashed with invalid field node * 6262: html theme: The style of field lists has changed in bizstyle theme ``` ### 2.0.0 ``` * 6196: py domain: unexpected prefix is generated Testing -------- ``` ### 2.0.0b2 ``` * Add a helper function: ``sphinx.testing.restructuredtext.parse()`` ``` ### 2.0.0b1 ``` * Stop to use ``SPHINX_TEST_TEMPDIR`` envvar ``` ### 1.8.5 ``` ===================================== Bugs fixed ---------- * LaTeX: Remove extraneous space after author names on PDF title page (refs: 6004) * 6026: LaTeX: A cross reference to definition list does not work * 6046: LaTeX: ``TypeError`` is raised when invalid latex_elements given * 6067: LaTeX: images having a target are concatenated to next line * 6067: LaTeX: images having a target are not aligned even if specified * 6149: LaTeX: ``:index:`` role in titles causes ``Use of \icentercr doesn't match its definition`` error on latexpdf build * 6019: imgconverter: Including multipage PDF fails * 6047: autodoc: ``autofunction`` emits a warning for method objects * 6028: graphviz: Ensure the graphviz filenames are reproducible * 6068: doctest: ``skipif`` option may remove the code block from documentation * 6136: ``:name:`` option for ``math`` directive causes a crash * 6139: intersphinx: ValueError on failure reporting * 6135: changes: Fix UnboundLocalError when any module found * 3859: manpage: code-block captions are not displayed correctly ``` ### 1.8.4 ``` ===================================== Bugs fixed ---------- * 3707: latex: no bold checkmark (✔) available. * 5605: with the documentation language set to Chinese, English words could not be searched. * 5889: LaTeX: user ``numfig_format`` is stripped of spaces and may cause build failure * C++, fix hyperlinks for declarations involving east cv-qualifiers. * 5755: C++, fix duplicate declaration error on function templates with constraints in the return type. * C++, parse unary right fold expressions and binary fold expressions. * pycode could not handle egg files on windows * 5928: KeyError: 'DOCUTILSCONFIG' when running build * 5936: LaTeX: PDF build broken by inclusion of image taller than page height in an admonition * 5231: "make html" does not read and build "po" files in "locale" dir * 5954: ``:scale:`` image option may break PDF build if image in an admonition * 5966: mathjax has not been loaded on incremental build * 5960: LaTeX: modified PDF layout since September 2018 TeXLive update of :file:`parskip.sty` * 5948: LaTeX: duplicated labels are generated for sections * 5958: versionadded directive causes crash with Python 3.5.0 * 5995: autodoc: autodoc_mock_imports conflict with metaclass on Python 3.7 * 5871: texinfo: a section title ``.`` is not allowed ``` ### 1.8.3 ``` ===================================== Features added -------------- * LaTeX: it is possible to insert custom material to appear on back of title page, see discussion of ``'maketitle'`` key of :confval:`latex_elements` (``'manual'`` docclass only) Bugs fixed ---------- * 5725: mathjax: Use CDN URL for "latest" version by default * 5460: html search does not work with some 3rd party themes * 5520: LaTeX, caption package incompatibility since Sphinx 1.6 * 5614: autodoc: incremental build is broken when builtin modules are imported * 5627: qthelp: index.html missing in QtHelp * 5659: linkcheck: crashes for a hyperlink containing multibyte character * 5754: DOC: Fix some mistakes in :doc:`/latex` * 5810: LaTeX: sphinxVerbatim requires explicit "hllines" set-up since 1.6.6 (refs: 1238) * 5636: C++, fix parsing of floating point literals. * 5496 (again): C++, fix assertion in partial builds with duplicates. * 5724: quickstart: sphinx-quickstart fails when $LC_ALL is empty * 1956: Default conf.py is not PEP8-compliant * 5849: LaTeX: document class ``\maketitle`` is overwritten with no possibility to use original meaning in place of Sphinx custom one * 5834: apidoc: wrong help for ``--tocfile`` * 5800: todo: crashed if todo is defined in TextElement * 5846: htmlhelp: convert hex escaping to decimal escaping in .hhc/.hhk files * htmlhelp: broken .hhk file generated when title contains a double quote ```

Links

- PyPI: https://pypi.org/project/sphinx - Changelog: https://pyup.io/changelogs/sphinx/ - Homepage: http://sphinx-doc.org/

Update sphinx-rtd-theme from 0.4.2 to 0.4.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/sphinx-rtd-theme - Repo: https://github.com/rtfd/sphinx_rtd_theme/

Update sphinxcontrib-websupport from 1.1.0 to 1.1.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

- PyPI: https://pypi.org/project/sphinxcontrib-websupport - Homepage: http://sphinx-doc.org/

Update tornado from 5.1.1 to 6.0.3.

Changelog

Links

- PyPI: https://pypi.org/project/tornado - Changelog: https://pyup.io/changelogs/tornado/ - Homepage: http://www.tornadoweb.org/

Update urllib3 from 1.24.1 to 1.25.3.

Changelog

### 1.25.3 ``` ------------------- * Change ``HTTPSConnection`` to load system CA certificates when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are unspecified. (Pull 1608, Issue 1603) * Upgrade bundled rfc3986 to v1.3.2. (Pull 1609, Issue 1605) ``` ### 1.25.2 ``` ------------------- * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull 1583) * Change ``parse_url`` to percent-encode invalid characters within the path, query, and target components. (Pull 1586) ``` ### 1.25.1 ``` ------------------- * Add support for Google's ``Brotli`` package. (Pull 1572, Pull 1579) * Upgrade bundled rfc3986 to v1.3.1 (Pull 1578) ``` ### 1.25 ``` ----------------- * Requi

[pyup-bot]

Closing this in favor of #21