Fix an issue that caused str(Request.headers) to always appear empty. #2985
3.1.0
This is the Werkzeug 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.
Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. #2964
OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. #2968
Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.
Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. #2980
max_age is None if present without a value, rather than -1. #2980
no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. #2980
max_stale is True if present without a value, rather than "*". #2980
no_transform is a boolean. Previously it was mistakenly always None. #2881
min_fresh is None if present without a value, rather than "*". #2881
private is True if present without a value, rather than "*". #2980
Increase default work factor for PBKDF2 to 1,000,000 iterations. #2969
Inline annotations for datastructures, removing stub files. #2970
MultiDict.getlist catches TypeError in addition to ValueError when doing type conversion. #2976
Implement | and |= operators for MultiDict, Headers, and CallbackDict, and disallow |= on immutable types. #2977
3.0.6
This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.
Fix an issue that caused str(Request.headers) to always appear empty.
:issue:2985
Version 3.1.0
Released 2024-10-31
Drop support for Python 3.8. :pr:2966
Remove previously deprecated code. :pr:2967
Request.max_form_memory_size defaults to 500kB instead of unlimited.
Non-file form fields over this size will cause a RequestEntityTooLarge
error. :issue:2964
OrderedMultiDict and ImmutableOrderedMultiDict are deprecated.
Use MultiDict and ImmutableMultiDict instead. :issue:2968
Behavior of properties on request.cache_control and
response.cache_control has been significantly adjusted.
Dict values are always str | None. Setting properties will convert
the value to a string. Setting a property to False is equivalent to
setting it to None. Getting typed properties will return None if
conversion raises ValueError, rather than the string. :issue:2980
max_age is None if present without a value, rather than -1.
:issue:2980
no_cache is a boolean for requests, it is True instead of
"*" when present. It remains a string for responses. :issue:2980
max_stale is True if present without a value, rather
than "*". :issue:2980
no_transform is a boolean. Previously it was mistakenly always
None. :issue:2881
min_fresh is None if present without a value, rather than
"*". :issue:2881
private is True if present without a value, rather than "*".
:issue:2980
Added the must_understand property. :issue:2881
Added the stale_while_revalidate, and stale_if_error
properties. :issue:2948
Type annotations more accurately reflect the values. :issue:2881
Support Cookie CHIPS (Partitioned Cookies). :issue:2797
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps werkzeug from 3.0.4 to 3.1.1.
Release notes
Sourced from werkzeug's releases.
... (truncated)
Changelog
Sourced from werkzeug's changelog.
... (truncated)
Commits
82ad306
release version 3.1.164d27f7
fixstr(request.headers)
(#2986)afc4ea7
fix str(request.headers)d1f60d6
start version 3.1.10d345ce
release version 3.1.0 (#2984)df655e6
release version 3.1.0564835a
add docstring changelogs1735b75
more cache-control cleanup (#2983)b0f361c
more cache-control cleanupfa38728
more cache-control cleanup (#2981)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show