HateSonar
HateSonar copied to clipboard
Update werkzeug to 2.2.2
This PR updates Werkzeug from 2.0.3 to 2.2.2.
Changelog
2.2.2
-------------
Released 2022-08-08
- Fix router to restore the 2.1 ``strict_slashes == False`` behaviour
whereby leaf-requests match branch rules and vice
versa. :pr:`2489`
- Fix router to identify invalid rules rather than hang parsing them,
and to correctly parse ``/`` within converter arguments. :pr:`2489`
- Update subpackage imports in :mod:`werkzeug.routing` to use the
``import as`` syntax for explicitly re-exporting public attributes.
:pr:`2493`
- Parsing of some invalid header characters is more robust. :pr:`2494`
- When starting the development server, a warning not to use it in a
production deployment is always shown. :issue:`2480`
- ``LocalProxy.__wrapped__`` is always set to the wrapped object when
the proxy is unbound, fixing an issue in doctest that would cause it
to fail. :issue:`2485`
- Address one ``ResourceWarning`` related to the socket used by
``run_simple``. :issue:`2421`
2.2.1
-------------
Released 2022-07-27
- Fix router so that ``/path/`` will match a rule ``/path`` if strict
slashes mode is disabled for the rule. :issue:`2467`
- Fix router so that partial part matches are not allowed
i.e. ``/2df`` does not match ``/<int>``. :pr:`2470`
- Fix router static part weighting, so that simpler routes are matched
before more complex ones. :issue:`2471`
- Restore ``ValidationError`` to be importable from
``werkzeug.routing``. :issue:`2465`
2.2.0
-------------
Released 2022-07-23
- Deprecated ``get_script_name``, ``get_query_string``,
``peek_path_info``, ``pop_path_info``, and
``extract_path_info``. :pr:`2461`
- Remove previously deprecated code. :pr:`2461`
- Add MarkupSafe as a dependency and use it to escape values when
rendering HTML. :issue:`2419`
- Added the ``werkzeug.debug.preserve_context`` mechanism for
restoring context-local data for a request when running code in the
debug console. :pr:`2439`
- Fix compatibility with Python 3.11 by ensuring that ``end_lineno``
and ``end_col_offset`` are present on AST nodes. :issue:`2425`
- Add a new faster matching router based on a state
machine. :pr:`2433`
- Fix branch leaf path masking branch paths when strict-slashes is
disabled. :issue:`1074`
- Names within options headers are always converted to lowercase. This
matches :rfc:`6266` that the case is not relevant. :issue:`2442`
- ``AnyConverter`` validates the value passed for it when building
URLs. :issue:`2388`
- The debugger shows enhanced error locations in tracebacks in Python
3.11. :issue:`2407`
- Added Sans-IO ``is_resource_modified`` and ``parse_cookie`` functions
based on WSGI versions. :issue:`2408`
- Added Sans-IO ``get_content_length`` function. :pr:`2415`
- Don't assume a mimetype for test responses. :issue:`2450`
- Type checking ``FileStorage`` accepts ``os.PathLike``. :pr:`2418`
2.1.2
-------------
Released 2022-04-28
- The development server does not set ``Transfer-Encoding: chunked``
for 1xx, 204, 304, and HEAD responses. :issue:`2375`
- Response HTML for exceptions and redirects starts with
``<!doctype html>`` and ``<html lang=en>``. :issue:`2390`
- Fix ability to set some ``cache_control`` attributes to ``False``.
:issue:`2379`
- Disable ``keep-alive`` connections in the development server, which
are not supported sufficiently by Python's ``http.server``.
:issue:`2397`
2.1.1
-------------
Released 2022-04-01
- ``ResponseCacheControl.s_maxage`` converts its value to an int, like
``max_age``. :issue:`2364`
2.1.0
-------------
Released 2022-03-28
- Drop support for Python 3.6. :pr:`2277`
- Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
``werkzeug.locals`` and ``contextvars`` will not work correctly with
older versions. :pr:`2278`
- Remove previously deprecated code. :pr:`2276`
- Remove the non-standard ``shutdown`` function from the WSGI
environ when running the development server. See the docs for
alternatives.
- Request and response mixins have all been merged into the
``Request`` and ``Response`` classes.
- The user agent parser and the ``useragents`` module is removed.
The ``user_agent`` module provides an interface that can be
subclassed to add a parser, such as ua-parser. By default it
only stores the whole string.
- The test client returns ``TestResponse`` instances and can no
longer be treated as a tuple. All data is available as
properties on the response.
- Remove ``locals.get_ident`` and related thread-local code from
``locals``, it no longer makes sense when moving to a
contextvars-based implementation.
- Remove the ``python -m werkzeug.serving`` CLI.
- The ``has_key`` method on some mapping datastructures; use
``key in data`` instead.
- ``Request.disable_data_descriptor`` is removed, pass
``shallow=True`` instead.
- Remove the ``no_etag`` parameter from ``Response.freeze()``.
- Remove the ``HTTPException.wrap`` class method.
- Remove the ``cookie_date`` function. Use ``http_date`` instead.
- Remove the ``pbkdf2_hex``, ``pbkdf2_bin``, and ``safe_str_cmp``
functions. Use equivalents in ``hashlib`` and ``hmac`` modules
instead.
- Remove the ``Href`` class.
- Remove the ``HTMLBuilder`` class.
- Remove the ``invalidate_cached_property`` function. Use
``del obj.attr`` instead.
- Remove ``bind_arguments`` and ``validate_arguments``. Use
:meth:`Signature.bind` and :func:`inspect.signature` instead.
- Remove ``detect_utf_encoding``, it's built-in to ``json.loads``.
- Remove ``format_string``, use :class:`string.Template` instead.
- Remove ``escape`` and ``unescape``. Use MarkupSafe instead.
- The ``multiple`` parameter of ``parse_options_header`` is
deprecated. :pr:`2357`
- Rely on :pep:`538` and :pep:`540` to handle decoding file names
with the correct filesystem encoding. The ``filesystem`` module is
removed. :issue:`1760`
- Default values passed to ``Headers`` are validated the same way
values added later are. :issue:`1608`
- Setting ``CacheControl`` int properties, such as ``max_age``, will
convert the value to an int. :issue:`2230`
- Always use ``socket.fromfd`` when restarting the dev server.
:pr:`2287`
- When passing a dict of URL values to ``Map.build``, list values do
not filter out ``None`` or collapse to a single value. Passing a
``MultiDict`` does collapse single items. This undoes a previous
change that made it difficult to pass a list, or ``None`` values in
a list, to custom URL converters. :issue:`2249`
- ``run_simple`` shows instructions for dealing with "address already
in use" errors, including extra instructions for macOS. :pr:`2321`
- Extend list of characters considered always safe in URLs based on
:rfc:`3986`. :issue:`2319`
- Optimize the stat reloader to avoid watching unnecessary files in
more cases. The watchdog reloader is still recommended for
performance and accuracy. :issue:`2141`
- The development server uses ``Transfer-Encoding: chunked`` for
streaming responses when it is configured for HTTP/1.1.
:issue:`2090, 1327`, :pr:`2091`
- The development server uses HTTP/1.1, which enables keep-alive
connections and chunked streaming responses, when ``threaded`` or
``processes`` is enabled. :pr:`2323`
- ``cached_property`` works for classes with ``__slots__`` if a
corresponding ``_cache_{name}`` slot is added. :pr:`2332`
- Refactor the debugger traceback formatter to use Python's built-in
``traceback`` module as much as possible. :issue:`1753`
- The ``TestResponse.text`` property is a shortcut for
``r.get_data(as_text=True)``, for convenient testing against text
instead of bytes. :pr:`2337`
- ``safe_join`` ensures that the path remains relative if the trusted
directory is the empty string. :pr:`2349`
- Percent-encoded newlines (``%0a``), which are decoded by WSGI
servers, are considered when routing instead of terminating the
match early. :pr:`2350`
- The test client doesn't set duplicate headers for ``CONTENT_LENGTH``
and ``CONTENT_TYPE``. :pr:`2348`
- ``append_slash_redirect`` handles ``PATH_INFO`` with internal
slashes. :issue:`1972`, :pr:`2338`
- The default status code for ``append_slash_redirect`` is 308 instead
of 301. This preserves the request body, and matches a previous
change to ``strict_slashes`` in routing. :issue:`2351`
- Fix ``ValueError: I/O operation on closed file.`` with the test
client when following more than one redirect. :issue:`2353`
- ``Response.autocorrect_location_header`` is disabled by default.
The ``Location`` header URL will remain relative, and exclude the
scheme and domain, by default. :issue:`2352`
- ``Request.get_json()`` will raise a 400 ``BadRequest`` error if the
``Content-Type`` header is not ``application/json``. This makes a
very common source of confusion more visible. :issue:`2339`
Links
- PyPI: https://pypi.org/project/werkzeug
- Changelog: https://pyup.io/changelogs/werkzeug/
- Homepage: https://palletsprojects.com/p/werkzeug/