Accepting request 1093739 from home:alarrosa:branches:devel:languages:python

- Update to 2.3.6: * FileStorage.content_length does not fail if the form data did not provide a value. - Update to 2.3.5: * Python 3.12 compatibility. * Fix handling of invalid base64 values in Authorization.from_header. * The debugger escapes the exception message in the page title. * When binding routing.Map, a long IDNA server_name with a port does not fail encoding. * iri_to_uri shows a deprecation warning instead of an error when passing bytes. * When parsing numbers in HTTP request headers such as Content-Length, only ASCII digits are accepted rather than any format that Python’s int and float accept. - Update to 2.3.4: * Authorization.from_header and WWWAuthenticate.from_header detects tokens that end with base64 padding (=). * Remove usage of warnings.catch_warnings. * Remove max_form_parts restriction from standard form data parsing and only use if for multipart content. * Response will avoid converting the Location header in some cases to preserve invalid URL schemes like itms-services. - Update to 2.3.3: * Fix parsing of large multipart bodies. Remove invalid leading newline, and restore parsing speed. * The cookie Path attribute is set to / by default again, to prevent clients from falling back to RFC 6265’s default-path behavior. - Update to 2.3.2: * Parse the cookie Expires attribute correctly in the test client. * max_content_length can only be enforced on streaming requests if the OBS-URL: https://build.opensuse.org/request/show/1093739 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=81
2023-06-19 10:31:50 +00:00 · 2023-06-19 10:31:50 +00:00 · 06c84985bf
commit 06c84985bf
parent 73fe74305b
6 changed files with 172 additions and 46 deletions
--- a/Werkzeug-2.2.3.tar.gz
+++ b/Werkzeug-2.2.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe
-size 845884
--- a/Werkzeug-2.3.6.tar.gz
+++ b/Werkzeug-2.3.6.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330
+size 833282
--- a/moved_root.patch
+++ b/moved_root.patch
@ -1,36 +0,0 @@
---
- tests/test_serving.py |   12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-Index: Werkzeug-2.2.3/tests/test_serving.py
-===================================================================
--- Werkzeug-2.2.3.orig/tests/test_serving.py
-+++ Werkzeug-2.2.3/tests/test_serving.py
-@@ -10,6 +10,7 @@ from pathlib import Path
- 
- import pytest
- 
-+import werkzeug
- from werkzeug import run_simple
- from werkzeug._reloader import _find_stat_paths
- from werkzeug._reloader import _find_watchdog_paths
-@@ -128,12 +129,15 @@ def test_windows_get_args_for_reloading(
- @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
- @pytest.mark.parametrize("find", [_find_stat_paths, _find_watchdog_paths])
- def test_exclude_patterns(find):
-    # Imported paths under sys.prefix will be included by default.
-+    # Don’t use sys.prefix, we may have redefined PYTHONPATH and
-+    # libraries elsewhere.
-+    cur_prefix = str(Path(werkzeug.__file__).parents[1])
-+    # Imported paths under cur_prefix will be included by default.
-     paths = find(set(), set())
-    assert any(p.startswith(sys.prefix) for p in paths)
-+    assert any(p.startswith(cur_prefix) for p in paths)
-     # Those paths should be excluded due to the pattern.
-    paths = find(set(), {f"{sys.prefix}*"})
-    assert not any(p.startswith(sys.prefix) for p in paths)
-+    paths = find(set(), {f"{str(cur_prefix)}*"})
-+    assert not any(p.startswith(cur_prefix) for p in paths)
- 
- 
- @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
--- a/python-Werkzeug.changes
+++ b/python-Werkzeug.changes
@ -1,3 +1,157 @@
+-------------------------------------------------------------------
+Mon Jun 19 06:24:50 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>
+
+- Update to 2.3.6:
+  * FileStorage.content_length does not fail if the form data did not provide
+    a value.
+- Update to 2.3.5:
+  * Python 3.12 compatibility.
+  * Fix handling of invalid base64 values in Authorization.from_header.
+  * The debugger escapes the exception message in the page title.
+  * When binding routing.Map, a long IDNA server_name with a port does not
+    fail encoding.
+  * iri_to_uri shows a deprecation warning instead of an error when passing
+    bytes.
+  * When parsing numbers in HTTP request headers such as Content-Length, only
+    ASCII digits are accepted rather than any format that Python’s int and
+    float accept.
+- Update to 2.3.4:
+  * Authorization.from_header and WWWAuthenticate.from_header detects tokens
+    that end with base64 padding (=).
+  * Remove usage of warnings.catch_warnings.
+  * Remove max_form_parts restriction from standard form data parsing and only
+    use if for multipart content.
+  * Response will avoid converting the Location header in some cases to
+    preserve invalid URL schemes like itms-services.
+- Update to 2.3.3:
+  * Fix parsing of large multipart bodies. Remove invalid leading newline, and
+    restore parsing speed.
+  * The cookie Path attribute is set to / by default again, to prevent clients
+    from falling back to RFC 6265’s default-path behavior.
+- Update to 2.3.2:
+  * Parse the cookie Expires attribute correctly in the test client.
+  * max_content_length can only be enforced on streaming requests if the
+    server sets wsgi.input_terminated.
+- Update to 2.3.1:
+  * Percent-encode plus (+) when building URLs and in test requests.
+  * Cookie values don’t quote characters defined in RFC 6265.
+  * Include pyi files for datastructures type annotations.
+  * Authorization and WWWAuthenticate objects can be compared for equality.
+- Update to 2.3.0:
+  * Drop support for Python 3.7.
+  * Remove previously deprecated code.
+  * Passing bytes where strings are expected is deprecated, as well as the
+    charset and errors parameters in many places. Anywhere that was annotated,
+    documented, or tested to accept bytes shows a warning. Removing this
+    artifact of the transition from Python 2 to 3 removes a significant amount
+    of overhead in instance checks and encoding cycles. In general, always
+    work with UTF-8, the modern HTML, URL, and HTTP standards all strongly
+    recommend this.
+  * Deprecate the werkzeug.urls module, except for the uri_to_iri and
+    iri_to_uri functions. Use the urllib.parse library instead.
+  * Update which characters are considered safe when using percent encoding
+    in URLs, based on the WhatWG URL Standard.
+  * Update which characters are considered safe when using percent encoding
+    for Unicode filenames in downloads.
+  * Deprecate the safe_conversion parameter of iri_to_uri. The Location header
+    is converted to IRI using the same process as everywhere else.
+  * Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter.
+  * Use modern packaging metadata with pyproject.toml instead of setup.cfg.
+  * Request.get_json() will raise a 415 Unsupported Media Type error if the
+    Content-Type header is not application/json, instead of a generic 400.
+  * A URL converter’s part_isolating defaults to False if its regex contains
+    a /.
+  * A custom converter’s regex can have capturing groups without breaking
+    the router.
+  * The reloader can pick up arguments to python like -X dev, and does not
+    require heuristics to determine how to reload the command. Only available
+    on Python >= 3.10.
+  * The Watchdog reloader ignores file opened events. Bump the minimum version
+    of Watchdog to 2.3.0.
+  * When using a Unix socket for the development server, the path can start
+    with a dot.
+  * Increase default work factor for PBKDF2 to 600,000 iterations.
+  * parse_options_header is 2-3 times faster. It conforms to RFC 9110, some
+    invalid parts that were previously accepted are now ignored.
+  * The is_filename parameter to unquote_header_value is deprecated.
+  * Deprecate the extra_chars parameter and passing bytes to
+    quote_header_value, the allow_token parameter to dump_header, and the cls
+    parameter and passing bytes to parse_dict_header.
+  * Improve parse_accept_header implementation. Parse according to RFC 9110.
+    Discard items with invalid q values.
+  * quote_header_value quotes the empty string.
+  * dump_options_header skips None values rather than using a bare key.
+  * dump_header and dump_options_header will not quote a value if the key ends
+    with an asterisk *.
+  * parse_dict_header will decode values with charsets.
+  * Refactor the Authorization and WWWAuthenticate header data structures.
+    + Both classes have type, parameters, and token attributes. The token
+      attribute supports auth schemes that use a single opaque token rather
+      than key=value parameters, such as Bearer.
+    + Neither class is a dict anymore, although they still implement getting,
+      setting, and deleting auth[key] and auth.key syntax, as well as
+      auth.get(key) and key in auth.
+    + Both classes have a from_header class method. parse_authorization_header
+      and parse_www_authenticate_header are deprecated.
+    + The methods WWWAuthenticate.set_basic and set_digest are deprecated.
+      Instead, an instance should be created and assigned to
+      response.www_authenticate.
+    + A list of instances can be assigned to response.www_authenticate to set
+      multiple header values. However, accessing the property only returns the
+      first instance.
+  * Refactor parse_cookie and dump_cookie.
+    + parse_cookie is up to 40% faster, dump_cookie is up to 60% faster.
+    + Passing bytes to parse_cookie and dump_cookie is deprecated. The
+      dump_cookie charset parameter is deprecated.
+    + dump_cookie allows domain values that do not include a dot ., and strips
+      off a leading dot.
+    + dump_cookie does not set path="/" unnecessarily by default.
+  * Refactor the test client cookie implementation.
+    + The cookie_jar attribute is deprecated. http.cookiejar is no longer used
+      for storage.
+    + Domain and path matching is used when sending cookies in requests. The
+      domain and path parameters default to localhost and /.
+    + Added a get_cookie method to inspect cookies.
+    + Cookies have decoded_key and decoded_value attributes to match what the
+      app sees rather than the encoded values a client would see.
+    + The first positional server_name parameter to set_cookie and
+      delete_cookie is deprecated. Use the domain parameter instead.
+    + Other parameters to delete_cookie besides domain, path, and value are
+      deprecated.
+  * If request.max_content_length is set, it is checked immediately when
+    accessing the stream, and while reading from the stream in general, rather
+    than only during form parsing.
+  * The development server, which must not be used in production, will exhaust
+    the request stream up to 10GB or 1000 reads. This allows clients to see a
+    413 error if max_content_length is exceeded, instead of a “connection
+    reset” failure.
+  * The development server discards header keys that contain underscores _, as
+    they are ambiguous with dashes - in WSGI.
+  * secure_filename looks for more Windows reserved file names.
+  * Update type annotation for best_match to make default parameter clearer.
+  * Multipart parser handles empty fields correctly.
+  * The Map charset parameter and Request.url_charset property are deprecated.
+    Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes
+    are left percent encoded rather than replaced.
+  * The Request.charset, Request.encoding_errors, Response.charset, and
+    Client.charset attributes are deprecated. Request and response data must
+    always use UTF-8.
+  * Header values that have charset information only allow ASCII, UTF-8, and
+    ISO-8859-1.
+  * Update type annotation for ProfilerMiddleware stream parameter.
+  * Use postponed evaluation of annotations.
+  * The development server escapes ASCII control characters in decoded URLs
+    before logging the request to the terminal.
+  * The FormDataParser parse_functions attribute and get_parse_func method,
+    and the invalid application/x-url-encoded content type, are deprecated.
+  * generate_password_hash supports scrypt. Plain hash methods are deprecated,
+    only scrypt and pbkdf2 are supported.
+- Remove patch which was already included by upstream:
+  * moved_root.patch
+- Add source file from version 2.2.3 so we can keep using the standard
+  python build macros:
+  * setup.py
+
 -------------------------------------------------------------------
 Fri Apr 21 12:21:32 UTC 2023 - Dirk Müller <dmueller@suse.com>

--- a/python-Werkzeug.spec
+++ b/python-Werkzeug.spec
@ -27,17 +27,15 @@

 %{?sle15_python_module_pythons}
 Name:           python-Werkzeug%{psuffix}
-Version:        2.2.3
+Version:        2.3.6
 Release:        0
 Summary:        The Swiss Army knife of Python web development
 License:        BSD-3-Clause
 Group:          Development/Languages/Python
 URL:            https://werkzeug.palletsprojects.com
 Source:         https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM moved_root.patch bsc#[0-9]+ mcepl@suse.com
-# this patch makes things totally awesome
-Patch1:         moved_root.patch
-BuildRequires:  %{python_module base >= 3.7}
+Source1:        setup.py
+BuildRequires:  %{python_module base >= 3.8}
 BuildRequires:  %{python_module setuptools_scm}
 BuildRequires:  %{python_module setuptools}
 %if %{with test}
@ -50,12 +48,13 @@ BuildRequires:  %{python_module pytest-timeout}
 BuildRequires:  %{python_module pytest-xprocess}
 BuildRequires:  %{python_module requests}
 BuildRequires:  %{python_module sortedcontainers}
+BuildRequires:  %{python_module watchdog >= 3.0.0}
 %endif
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-MarkupSafe >= 2.1.1
+Requires:       python-MarkupSafe >= 2.1.2
 Recommends:     python-termcolor
-Recommends:     python-watchdog
+Recommends:     python-watchdog >= 3.0.0
 Obsoletes:      python-Werkzeug-doc < %{version}
 Provides:       python-Werkzeug-doc = %{version}
 BuildArch:      noarch
@ -80,6 +79,7 @@ bulletin boards, etc.).
 %autosetup -p1 -n Werkzeug-%{version}

 sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylike,plnt,coolmagic}.py # Fix non-executable scripts
+cp %{S:1} .

 %build
 %python_build
--- a/setup.py
+++ b/setup.py
@ -0,0 +1,8 @@
+from setuptools import setup
+
+# Metadata goes in setup.cfg. These are here for GitHub's dependency graph.
+setup(
+    name="Werkzeug",
+    install_requires=["MarkupSafe>=2.1.1"],
+    extras_require={"watchdog": ["watchdog"]},
+)