voxpupuli / puppetboard

Web frontend for PuppetDB
https://pypi.org/project/puppetboard/
Apache License 2.0
708 stars 239 forks source link

Bump the python group across 1 directory with 19 updates #1179

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps the python group with 19 updates in the / directory:

Package From To
certifi 2024.7.4 2024.8.30
charset-normalizer 3.3.2 3.4.0
flask-wtf 1.2.1 1.2.2
idna 3.7 3.10
markupsafe 2.1.5 3.0.2
pyparsing 3.1.2 3.2.0
urllib3 2.2.2 2.2.3
werkzeug 3.0.3 3.1.2
wtforms 3.1.2 3.2.1
zipp 3.19.2 3.20.2
gunicorn 22.0.0 23.0.0
coverage 7.6.1 7.6.4
pytest 8.3.2 8.3.3
pylint 3.2.6 3.3.1
pytest-cov 5.0.0 6.0.0
pytest-randomly 3.15.0 3.16.0
bandit 1.7.9 1.7.10
mypy 1.11.1 1.13.0
types-setuptools 71.1.0.20240806 75.3.0.20241105

Updates certifi from 2024.7.4 to 2024.8.30

Commits


Updates charset-normalizer from 3.3.2 to 3.4.0

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.0

🚀 charset-normalizer is raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] All of this while our community is still struggling to make a firm advancement in HTTP clients. Now, many of you use Requests as the defacto http client, now, and for many years now, Requests has been frozen. Being left in a vegetative state and not evolving, this blocked millions of developers from using more advanced features.

We promptly invite Python developers to look at the drop-in replacement for Requests, namely Niquests. It leverage charset-normalizer in a better way! Check it out, you will be positively surprised! Don't wait another decade.

We are thankful to @​microsoft and involved parties for funding our work through the Microsoft FOSS Fund program.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Changelog

Sourced from charset-normalizer's changelog.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Commits
  • f3118e3 :wrench: change download/upload artifact version to last working version
  • 33e67e8 :wrench: set compile-generator in generator_generic_slsa3 action
  • 73dd24c :wrench: add explicit build deps to setuptools
  • 78f1e9b :wrench: attempt to fix cd.yml *3
  • 56ae702 :wrench: attempt to fix cd.yml *2
  • 9720055 :wrench: attempt to fix cd.yml (macos part)
  • 1e10d06 Update CHANGELOG.md
  • 36c103a :bookmark: Release 3.4.0 (#545)
  • 7658dfc :arrow_up: Bump github/codeql-action from 3.26.11 to 3.26.12 (#544)
  • ca2535d :arrow_up: Bump github/codeql-action from 3.26.9 to 3.26.11 (#542)
  • Additional commits viewable in compare view


Updates flask-wtf from 1.2.1 to 1.2.2

Release notes

Sourced from flask-wtf's releases.

v1.2.2

  • Move the project to the pallets-eco organization. #602
  • Stop support for Python 3.8. Start support for Python 3.13. #603
Changelog

Sourced from flask-wtf's changelog.

Version 1.2.2

Released 2024-10-20

  • Move the project to the pallets-eco organization. :pr:602
  • Stop support for Python 3.8. Start support for Python 3.13. :pr:603
Commits
  • 2e14295 chore: pre-commit autoupdate
  • 552b7a7 chore: bump to 1.2.2
  • 32f1276 chore: install 'build' dependency for the release GHA workflow
  • f712367 chore: dependencies update
  • b929162 chore: use Flask inspired GHA workflow
  • 07049e3 Merge pull request #604 from azmeuk/flask-pre-commit
  • 49a1380 chore: pre-commit configuration insipred from Flask
  • f2bbd1b Merge pull request #603 from azmeuk/py313
  • d3cd8bf chore: stop support for python 3.8; start support for python 3.13
  • 0b2e5e4 Merge pull request #602 from azmeuk/pallets-eco
  • Additional commits viewable in compare view


Updates idna from 3.7 to 3.10

Release notes

Sourced from idna's releases.

v3.10

No release notes provided.

v3.9

No release notes provided.

v3.8

What's Changed

  • Fix regression where IDNAError exception was not being produced for certain inputs.
  • Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
  • Documentation improvements
  • Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: https://github.com/kjd/idna/compare/v3.7...v3.8

Changelog

Sourced from idna's changelog.

3.10 (2024-09-15) +++++++++++++++++

  • Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

  • Update to Unicode 16.0.0
  • Deprecate setup.cfg in favour of pyproject.toml
  • Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8 (2024-08-23) ++++++++++++++++

  • Fix regression where IDNAError exception was not being produced for certain inputs.
  • Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
  • Documentation improvements
  • Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Commits


Updates markupsafe from 2.1.5 to 3.0.2

Release notes

Sourced from markupsafe's releases.

3.0.2

This is the MarkupSafe 3.0.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.2/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-2 Milestone: https://github.com/pallets/markupsafe/milestone/14?closed=1

  • Fix compatibility when __str__ returns a str subclass. #472
  • Build requires setuptools >= 70.1. #475

3.0.1

This is the MarkupSafe 3.0.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.1/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-1 Milestone: https://github.com/pallets/markupsafe/milestone/13?closed=1

  • Address compiler warnings that became errors in GCC 14. #466
  • Fix compatibility with proxy objects. #467

3.0.0

This is the MarkupSafe 3.0.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. The 3.0.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/MarkupSafe/3.0.0/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-0 Milestone: https://github.com/pallets/markupsafe/milestone/10?closed=1

  • Support Python 3.13 and its experimental free-threaded build. #461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348
  • Change distutils imports to setuptools. #399
  • Use deferred evaluation of annotations. #400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402
  • Speed up escaping plain strings by 40%. #434
  • Simplify speedups implementation. #437
Changelog

Sourced from markupsafe's changelog.

Version 3.0.2

Released 2024-10-18

  • Fix compatibility when __str__ returns a str subclass. :issue:472
  • Build requires setuptools >= 70.1. :issue:475

Version 3.0.1

Released 2024-10-08

  • Address compiler warnings that became errors in GCC 14. :issue:466
  • Fix compatibility with proxy objects. :issue:467

Version 3.0.0

Released 2024-10-07

  • Support Python 3.13 and its experimental free-threaded build. :pr:461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:348
  • Change distutils imports to setuptools. :pr:399
  • Use deferred evaluation of annotations. :pr:400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. :pr:400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. :issue:401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. :pr:402
  • Speed up escaping plain strings by 40%. :pr:434
  • Simplify speedups implementation. :pr:437
Commits


Updates pyparsing from 3.1.2 to 3.2.0

Changelog

Sourced from pyparsing's changelog.

Version 3.2.0 - October, 2024

  • Discontinued support for Python 3.6, 3.7, and 3.8. Adopted new Python features from Python versions 3.7-3.9:

    • Updated type annotations to use built-in container types instead of names imported from the typing module (e.g., list[str] vs List[str]).
    • Reworked portions of the packrat cache to leverage insertion-preserving ordering in dicts (including removal of uses of OrderedDict).
    • Changed pdb.set_trace() call in ParserElement.set_break() to breakpoint().
    • Converted typing.NamedTuple to dataclasses.dataclass in railroad diagramming code.
    • Added from __future__ import annotations to clean up some type annotations. (with assistance from ISyncWithFoo, issue #535, thanks for the help!)
  • POSSIBLE BREAKING CHANGES

    The following bugfixes may result in subtle changes in the results returned or exceptions raised by pyparsing.

    • Fixed code in ParseElementEnhance subclasses that replaced detailed exception messages raised in contained expressions with a less-specific and less-informative generic exception message and location.

      If your code has conditional logic based on the message content in raised ParseExceptions, this bugfix may require changes in your code.

    • Fixed bug in transform_string() where whitespace in the input string was not properly preserved in the output string.

      If your code uses transform_string, this bugfix may require changes in your code.

    • Fixed bug where an IndexError raised in a parse action was incorrectly handled as an IndexError raised as part of the ParserElement parsing methods, and reraised as a ParseException. Now an IndexError that raises inside a parse action will properly propagate out as an IndexError. (Issue #573, reported by August Karlstedt, thanks!)

      If your code raises IndexErrors in parse actions, this bugfix may require changes in your code.

  • FIXES AND NEW FEATURES

    • Added type annotations to remainder of pyparsing package, and added mypy run to tox.ini, so that type annotations are now run as part of pyparsing's CI. Addresses Issue #373, raised by Iwan Aucamp, thanks!

    • Exception message format can now be customized, by overriding ParseBaseException.format_message:

... (truncated)

Commits
  • 36fc04b Fix docstring with invalid esc sequence
  • a46066d Prep for 3.2.0 release
  • a0c219b Docs cleanup; added new whats_new_* docs for 3.1 and 3.2
  • d9b1f14 Rewrite _collapse_string_to_ranges to use _GroupConsecutive class instead of ...
  • 0d3c2d7 Fix minor internal bug in one_of building regex when all choices are single c...
  • 2165ab2 Cleanup ambiguous "contains" vs "in" usage in mongodb_query_expression.py
  • 25ddb02 Prep for dev before final release
  • 08846ae Prep for release
  • 9ee042b Remove deprecated utcnow()
  • a2b2f25 Final cleanup on mongodb_query_expression.py and mongodb_query_expression_ste...
  • Additional commits viewable in compare view


Updates urllib3 from 2.2.2 to 2.2.3

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

  • Added support for Python 3.13. (#3473)

Bugfixes

  • Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)
  • Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)
  • Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)
  • Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)
  • Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

  • Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)
  • Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)
  • Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)
  • Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: https://github.com/urllib3/urllib3/compare/2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

  • Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

  • Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)
  • Fixed ResourceWarning on CONNECT with Python `__)
  • Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)
  • Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)
  • Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

  • Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

  • Added version checking for h2 (https://pypi.org/project/h2/) usage.

    Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

  • Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

  • Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

  • Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)
  • Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)
Commits


Updates werkzeug from 3.0.3 to 3.1.2

Release notes

Sourced from werkzeug's releases.

3.1.2

This is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.2/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2 Milestone: https://github.com/pallets/werkzeug/milestone/40?closed=1

  • Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. #2988
  • Headers does not inherit from MutableMapping, as it is does not exactly match that interface. #2989

3.1.1

This is the Werkzeug 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.1/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone: https://github.com/pallets/werkzeug/milestone/38?closed=1

  • Fix an issue that caused str(Request.headers) to always appear empty. #2985

3.1.0

This is the Werkzeug 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Werkzeug/3.1.0/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/werkzeug/milestone/34?closed=1

  • Drop support for Python 3.8. #2966
  • Remove previously deprecated code. #2967
  • Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. #2964
  • OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. #2968
  • Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.
    • Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. #2980
    • max_age is None if present without a value, rather than -1. #2980
    • no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. #2980
    • max_stale is True if present without a value, rather than "*". #2980
    • no_transform is a boolean. Previously it was mistakenly always None. #2881
    • min_fresh is None if present without a value, rather than "*". #2881
    • private is True if present without a value, rather than "*". #2980
    • Added the must_understand property. #2881
    • Added the stale_while_revalidate, and stale_if_error properties. #2948
    • Type annotations more accurately reflect the values. #2881
  • Support Cookie CHIPS (Partitioned Cookies). #2797
  • Add 421 MisdirectedRequest HTTP exception. #2850
  • Increase default work factor for PBKDF2 to 1,000,000 iterations. #2969
  • Inline annotations for datastructures, removing stub files. #2970
  • MultiDict.getlist catches TypeError in addition to ValueError when doing type conversion. #2976
  • Implement | and |= operators for MultiDict, Headers, and CallbackDict, and disallow |= on immutable types. #2977

3.0.6

This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.1.2

Released 2024-11-04

  • Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. :issue:2988
  • Headers does not inherit from MutableMapping, as it is does not exactly match that interface. :issue:2989

Version 3.1.1

Released 2024-11-01

  • Fix an issue that caused str(Request.headers) to always appear empty. :issue:2985

Version 3.1.0

Released 2024-10-31

  • Drop support for Python 3.8. :pr:2966

  • Remove previously deprecated code. :pr:2967

  • Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. :issue:2964

  • OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. :issue:2968

  • Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.

    • Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. :issue:2980
    • max_age is None if present without a value, rather than -1. :issue:2980
    • no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. :issue:2980
    • max_stale is True if present without a value, rather than "*". :issue:2980
    • no_transform is a boolean. Previously it was mistakenly always None. :issue:2881
    • min_fresh is None if present without a value, rather than "*". :issue:2881
    • private is True if present without a value, rather than "*".

... (truncated)

Commits


Updates wtforms from 3.1.2 to 3.2.1

Release notes

Sourced from wtforms's releases.

3.2.1

Released 2024-10-21

  • Fix SelectMultipleBase import. #861 #862

3.2.0

Released 2024-10-20

  • Translations update: korean, chinese (traditional), portugese, russian, dutch, kazakh, swedish, turkish, slovak, ukranian, spanish, french.
  • Move the repository to the pallets-eco organization. #854
  • Stop supporting Python 3.9 and start supporting Python 3.13 #855
  • Removed required flag support from HiddenWidget, RangeWidget and SelectWidget to conform to W3C #810
  • NoneOf and AnyOf can validate multiple valued fields like SelectMultipleField #538 #807
  • Use GHA and pre-commit workflows inspired from Flask. #856 #860

[!WARNING] Some deprecated code was removed (#859):

  • Flags can no longer be tuples. #467
  • iter_choices needs a tuple of 4 items #816

[!WARNING] The key for form errors moved from :data:None to empty string "". #829 #858

[!NOTE]
If you need to keep the old behavior you can set the _form_error_key parameter of your form to :data:None.

Changelog

Sourced from wtforms's changelog.

Version 3.2.1

Released 2024-10-21

  • Fix :class:~fields.SelectMultipleBase import. :issue:861 :pr:862

Version 3.2.0

Released 2024-10-20

  • Translations update: korean, chinese (traditional), portugese, russian, dutch, kazakh, swedish, turkish, slovak, ukranian, spanish, french.

  • Move the repository to the pallets-eco organization. :pr:854

  • Stop supporting Python 3.9 and start supporting Python 3.13 :pr:855

  • Removed required flag support from :class:~fields.HiddenWidget, :class:~fields.RangeWidget and :class:~fields.SelectWidget to conform to W3C :pr:810

  • :class:~wtforms.validators.NoneOf and :class:~wtforms.validators.AnyOf can validate multiple valued fields like :class:~fields.SelectMultipleField :pr:538 :pr:807

  • Use GHA and pre-commit workflows inspired from Flask. :pr:856 :pr:860

  • ⚠️Breaking change⚠️: Some deprecated code was removed (:pr:859):

    • :class:~wtforms.Flags can no longer be tuples. :issue:467
    • iter_choices needs a tuple of 4 items :issue:816
  • ⚠️Breaking change⚠️: The key for form errors moved from :data:None to empty string "". :issue:829 :pr:858

.. note:: If you need to keep the old behavior you can set the _form_error_key parameter of your form to :data:None.

Commits
  • f9a999e chore: bump to 3.2.1
  • 6565960 Merge pull request #862 from azmeuk/issue-861-selectfieldbase
  • ffccfed fix: SelectFieldBase import
  • 6ff08ce chore: install 'build' dependency for the release GHA workflow
  • 2ce93f2 chore: bump to 3.2.0
  • ba21823 docs: changelog update
  • 05ad5da Merge pull request #860 from azmeuk/flask-gha
  • 6867ba9 chore: bump to pallets-sphinx-themes 2.2.0
  • a09d53c chore: use Flask inspired GHA workflow
  • 3ba396e tests: remove useless flake8 related dependency in the style tox env
  • Additional commits viewable in compare view


Updates zipp from 3.19.2 to 3.20.2

Changelog

Sourced from zipp's changelog.

v3.20.2

Bugfixes

  • Make zipp.compat.overlay.zipfile hashable. (#126)

v3.20.1

Bugfixes

  • python/cpython#123270

v3.20.0

Features

  • Made the zipfile compatibility overlay available as zipp.compat.overlay.

v3.19.3

Bugfixes

  • Also match directories in Path.glob. (#121)
Commits


Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits
  • 411986d fix doc
  • 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
  • e75c353 Merge pull request #3189 from pajod/patch-py36
  • 9357b28 keep document user in access_log_format setting
  • 79fdef0 bump to 23.0.0
  • 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
  • 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
  • 256d474 docs: revert duped directive
  • ffa48b5 test: default change was intentional
  • 52538ca docs: recommend SCRIPT... _Description has been truncated_
dependabot[bot] commented 1 week ago

Superseded by #1181.