Accepting request 1093788 from devel:languages:python

- Update to 2.3.6:
  * FileStorage.content_length does not fail if the form data did not provide
    a value.
- Update to 2.3.5:
  * Python 3.12 compatibility.
  * Fix handling of invalid base64 values in Authorization.from_header.
  * The debugger escapes the exception message in the page title.
  * When binding routing.Map, a long IDNA server_name with a port does not
    fail encoding.
  * iri_to_uri shows a deprecation warning instead of an error when passing
    bytes.
  * When parsing numbers in HTTP request headers such as Content-Length, only
    ASCII digits are accepted rather than any format that Python’s int and
    float accept.
- Update to 2.3.4:
  * Authorization.from_header and WWWAuthenticate.from_header detects tokens
    that end with base64 padding (=).
  * Remove usage of warnings.catch_warnings.
  * Remove max_form_parts restriction from standard form data parsing and only
    use if for multipart content.
  * Response will avoid converting the Location header in some cases to
    preserve invalid URL schemes like itms-services.
- Update to 2.3.3:
  * Fix parsing of large multipart bodies. Remove invalid leading newline, and
    restore parsing speed.
  * The cookie Path attribute is set to / by default again, to prevent clients
    from falling back to RFC 6265’s default-path behavior.
- Update to 2.3.2:
  * Parse the cookie Expires attribute correctly in the test client.
  * max_content_length can only be enforced on streaming requests if the
    server sets wsgi.input_terminated.
- Update to 2.3.1:
  * Percent-encode plus (+) when building URLs and in test requests.
  * Cookie values don’t quote characters defined in RFC 6265.
  * Include pyi files for datastructures type annotations.
  * Authorization and WWWAuthenticate objects can be compared for equality.
- Update to 2.3.0:
  * Drop support for Python 3.7.
  * Remove previously deprecated code.
  * Passing bytes where strings are expected is deprecated, as well as the
    charset and errors parameters in many places. Anywhere that was annotated,
    documented, or tested to accept bytes shows a warning. Removing this
    artifact of the transition from Python 2 to 3 removes a significant amount
    of overhead in instance checks and encoding cycles. In general, always
    work with UTF-8, the modern HTML, URL, and HTTP standards all strongly
    recommend this.
  * Deprecate the werkzeug.urls module, except for the uri_to_iri and
    iri_to_uri functions. Use the urllib.parse library instead.
  * Update which characters are considered safe when using percent encoding
    in URLs, based on the WhatWG URL Standard.
  * Update which characters are considered safe when using percent encoding
    for Unicode filenames in downloads.
  * Deprecate the safe_conversion parameter of iri_to_uri. The Location header
    is converted to IRI using the same process as everywhere else.
  * Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter.
  * Use modern packaging metadata with pyproject.toml instead of setup.cfg.
  * Request.get_json() will raise a 415 Unsupported Media Type error if the
    Content-Type header is not application/json, instead of a generic 400.
  * A URL converter’s part_isolating defaults to False if its regex contains
    a /.
  * A custom converter’s regex can have capturing groups without breaking
    the router.
  * The reloader can pick up arguments to python like -X dev, and does not
    require heuristics to determine how to reload the command. Only available
    on Python >= 3.10.
  * The Watchdog reloader ignores file opened events. Bump the minimum version
    of Watchdog to 2.3.0.
  * When using a Unix socket for the development server, the path can start
    with a dot.
  * Increase default work factor for PBKDF2 to 600,000 iterations.
  * parse_options_header is 2-3 times faster. It conforms to RFC 9110, some
    invalid parts that were previously accepted are now ignored.
  * The is_filename parameter to unquote_header_value is deprecated.
  * Deprecate the extra_chars parameter and passing bytes to
    quote_header_value, the allow_token parameter to dump_header, and the cls
    parameter and passing bytes to parse_dict_header.
  * Improve parse_accept_header implementation. Parse according to RFC 9110.
    Discard items with invalid q values.
  * quote_header_value quotes the empty string.
  * dump_options_header skips None values rather than using a bare key.
  * dump_header and dump_options_header will not quote a value if the key ends
    with an asterisk *.
  * parse_dict_header will decode values with charsets.
  * Refactor the Authorization and WWWAuthenticate header data structures.
    + Both classes have type, parameters, and token attributes. The token
      attribute supports auth schemes that use a single opaque token rather
      than key=value parameters, such as Bearer.
    + Neither class is a dict anymore, although they still implement getting,
      setting, and deleting auth[key] and auth.key syntax, as well as
      auth.get(key) and key in auth.
    + Both classes have a from_header class method. parse_authorization_header
      and parse_www_authenticate_header are deprecated.
    + The methods WWWAuthenticate.set_basic and set_digest are deprecated.
      Instead, an instance should be created and assigned to
      response.www_authenticate.
    + A list of instances can be assigned to response.www_authenticate to set
      multiple header values. However, accessing the property only returns the
      first instance.
  * Refactor parse_cookie and dump_cookie.
    + parse_cookie is up to 40% faster, dump_cookie is up to 60% faster.
    + Passing bytes to parse_cookie and dump_cookie is deprecated. The
      dump_cookie charset parameter is deprecated.
    + dump_cookie allows domain values that do not include a dot ., and strips
      off a leading dot.
    + dump_cookie does not set path="/" unnecessarily by default.
  * Refactor the test client cookie implementation.
    + The cookie_jar attribute is deprecated. http.cookiejar is no longer used
      for storage.
    + Domain and path matching is used when sending cookies in requests. The
      domain and path parameters default to localhost and /.
    + Added a get_cookie method to inspect cookies.
    + Cookies have decoded_key and decoded_value attributes to match what the
      app sees rather than the encoded values a client would see.
    + The first positional server_name parameter to set_cookie and
      delete_cookie is deprecated. Use the domain parameter instead.
    + Other parameters to delete_cookie besides domain, path, and value are
      deprecated.
  * If request.max_content_length is set, it is checked immediately when
    accessing the stream, and while reading from the stream in general, rather
    than only during form parsing.
  * The development server, which must not be used in production, will exhaust
    the request stream up to 10GB or 1000 reads. This allows clients to see a
    413 error if max_content_length is exceeded, instead of a “connection
    reset” failure.
  * The development server discards header keys that contain underscores _, as
    they are ambiguous with dashes - in WSGI.
  * secure_filename looks for more Windows reserved file names.
  * Update type annotation for best_match to make default parameter clearer.
  * Multipart parser handles empty fields correctly.
  * The Map charset parameter and Request.url_charset property are deprecated.
    Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes
    are left percent encoded rather than replaced.
  * The Request.charset, Request.encoding_errors, Response.charset, and
    Client.charset attributes are deprecated. Request and response data must
    always use UTF-8.
  * Header values that have charset information only allow ASCII, UTF-8, and
    ISO-8859-1.
  * Update type annotation for ProfilerMiddleware stream parameter.
  * Use postponed evaluation of annotations.
  * The development server escapes ASCII control characters in decoded URLs
    before logging the request to the terminal.
  * The FormDataParser parse_functions attribute and get_parse_func method,
    and the invalid application/x-url-encoded content type, are deprecated.
  * generate_password_hash supports scrypt. Plain hash methods are deprecated,
    only scrypt and pbkdf2 are supported.
- Remove patch which was made obsolete by upstream:
  * moved_root.patch

OBS-URL: https://build.opensuse.org/request/show/1093788
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=42
This commit is contained in:
Dominique Leuenberger 2023-06-22 21:24:46 +00:00 committed by Git OBS Bridge
commit c629e985d0
5 changed files with 163 additions and 49 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe
size 845884

3
Werkzeug-2.3.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330
size 833282

View File

@ -1,36 +0,0 @@
---
tests/test_serving.py | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
Index: Werkzeug-2.2.3/tests/test_serving.py
===================================================================
--- Werkzeug-2.2.3.orig/tests/test_serving.py
+++ Werkzeug-2.2.3/tests/test_serving.py
@@ -10,6 +10,7 @@ from pathlib import Path
import pytest
+import werkzeug
from werkzeug import run_simple
from werkzeug._reloader import _find_stat_paths
from werkzeug._reloader import _find_watchdog_paths
@@ -128,12 +129,15 @@ def test_windows_get_args_for_reloading(
@pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
@pytest.mark.parametrize("find", [_find_stat_paths, _find_watchdog_paths])
def test_exclude_patterns(find):
- # Imported paths under sys.prefix will be included by default.
+ # Dont use sys.prefix, we may have redefined PYTHONPATH and
+ # libraries elsewhere.
+ cur_prefix = str(Path(werkzeug.__file__).parents[1])
+ # Imported paths under cur_prefix will be included by default.
paths = find(set(), set())
- assert any(p.startswith(sys.prefix) for p in paths)
+ assert any(p.startswith(cur_prefix) for p in paths)
# Those paths should be excluded due to the pattern.
- paths = find(set(), {f"{sys.prefix}*"})
- assert not any(p.startswith(sys.prefix) for p in paths)
+ paths = find(set(), {f"{str(cur_prefix)}*"})
+ assert not any(p.startswith(cur_prefix) for p in paths)
@pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")

View File

@ -1,3 +1,154 @@
-------------------------------------------------------------------
Mon Jun 19 06:24:50 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>
- Update to 2.3.6:
* FileStorage.content_length does not fail if the form data did not provide
a value.
- Update to 2.3.5:
* Python 3.12 compatibility.
* Fix handling of invalid base64 values in Authorization.from_header.
* The debugger escapes the exception message in the page title.
* When binding routing.Map, a long IDNA server_name with a port does not
fail encoding.
* iri_to_uri shows a deprecation warning instead of an error when passing
bytes.
* When parsing numbers in HTTP request headers such as Content-Length, only
ASCII digits are accepted rather than any format that Pythons int and
float accept.
- Update to 2.3.4:
* Authorization.from_header and WWWAuthenticate.from_header detects tokens
that end with base64 padding (=).
* Remove usage of warnings.catch_warnings.
* Remove max_form_parts restriction from standard form data parsing and only
use if for multipart content.
* Response will avoid converting the Location header in some cases to
preserve invalid URL schemes like itms-services.
- Update to 2.3.3:
* Fix parsing of large multipart bodies. Remove invalid leading newline, and
restore parsing speed.
* The cookie Path attribute is set to / by default again, to prevent clients
from falling back to RFC 6265s default-path behavior.
- Update to 2.3.2:
* Parse the cookie Expires attribute correctly in the test client.
* max_content_length can only be enforced on streaming requests if the
server sets wsgi.input_terminated.
- Update to 2.3.1:
* Percent-encode plus (+) when building URLs and in test requests.
* Cookie values dont quote characters defined in RFC 6265.
* Include pyi files for datastructures type annotations.
* Authorization and WWWAuthenticate objects can be compared for equality.
- Update to 2.3.0:
* Drop support for Python 3.7.
* Remove previously deprecated code.
* Passing bytes where strings are expected is deprecated, as well as the
charset and errors parameters in many places. Anywhere that was annotated,
documented, or tested to accept bytes shows a warning. Removing this
artifact of the transition from Python 2 to 3 removes a significant amount
of overhead in instance checks and encoding cycles. In general, always
work with UTF-8, the modern HTML, URL, and HTTP standards all strongly
recommend this.
* Deprecate the werkzeug.urls module, except for the uri_to_iri and
iri_to_uri functions. Use the urllib.parse library instead.
* Update which characters are considered safe when using percent encoding
in URLs, based on the WhatWG URL Standard.
* Update which characters are considered safe when using percent encoding
for Unicode filenames in downloads.
* Deprecate the safe_conversion parameter of iri_to_uri. The Location header
is converted to IRI using the same process as everywhere else.
* Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter.
* Use modern packaging metadata with pyproject.toml instead of setup.cfg.
* Request.get_json() will raise a 415 Unsupported Media Type error if the
Content-Type header is not application/json, instead of a generic 400.
* A URL converters part_isolating defaults to False if its regex contains
a /.
* A custom converters regex can have capturing groups without breaking
the router.
* The reloader can pick up arguments to python like -X dev, and does not
require heuristics to determine how to reload the command. Only available
on Python >= 3.10.
* The Watchdog reloader ignores file opened events. Bump the minimum version
of Watchdog to 2.3.0.
* When using a Unix socket for the development server, the path can start
with a dot.
* Increase default work factor for PBKDF2 to 600,000 iterations.
* parse_options_header is 2-3 times faster. It conforms to RFC 9110, some
invalid parts that were previously accepted are now ignored.
* The is_filename parameter to unquote_header_value is deprecated.
* Deprecate the extra_chars parameter and passing bytes to
quote_header_value, the allow_token parameter to dump_header, and the cls
parameter and passing bytes to parse_dict_header.
* Improve parse_accept_header implementation. Parse according to RFC 9110.
Discard items with invalid q values.
* quote_header_value quotes the empty string.
* dump_options_header skips None values rather than using a bare key.
* dump_header and dump_options_header will not quote a value if the key ends
with an asterisk *.
* parse_dict_header will decode values with charsets.
* Refactor the Authorization and WWWAuthenticate header data structures.
+ Both classes have type, parameters, and token attributes. The token
attribute supports auth schemes that use a single opaque token rather
than key=value parameters, such as Bearer.
+ Neither class is a dict anymore, although they still implement getting,
setting, and deleting auth[key] and auth.key syntax, as well as
auth.get(key) and key in auth.
+ Both classes have a from_header class method. parse_authorization_header
and parse_www_authenticate_header are deprecated.
+ The methods WWWAuthenticate.set_basic and set_digest are deprecated.
Instead, an instance should be created and assigned to
response.www_authenticate.
+ A list of instances can be assigned to response.www_authenticate to set
multiple header values. However, accessing the property only returns the
first instance.
* Refactor parse_cookie and dump_cookie.
+ parse_cookie is up to 40% faster, dump_cookie is up to 60% faster.
+ Passing bytes to parse_cookie and dump_cookie is deprecated. The
dump_cookie charset parameter is deprecated.
+ dump_cookie allows domain values that do not include a dot ., and strips
off a leading dot.
+ dump_cookie does not set path="/" unnecessarily by default.
* Refactor the test client cookie implementation.
+ The cookie_jar attribute is deprecated. http.cookiejar is no longer used
for storage.
+ Domain and path matching is used when sending cookies in requests. The
domain and path parameters default to localhost and /.
+ Added a get_cookie method to inspect cookies.
+ Cookies have decoded_key and decoded_value attributes to match what the
app sees rather than the encoded values a client would see.
+ The first positional server_name parameter to set_cookie and
delete_cookie is deprecated. Use the domain parameter instead.
+ Other parameters to delete_cookie besides domain, path, and value are
deprecated.
* If request.max_content_length is set, it is checked immediately when
accessing the stream, and while reading from the stream in general, rather
than only during form parsing.
* The development server, which must not be used in production, will exhaust
the request stream up to 10GB or 1000 reads. This allows clients to see a
413 error if max_content_length is exceeded, instead of a “connection
reset” failure.
* The development server discards header keys that contain underscores _, as
they are ambiguous with dashes - in WSGI.
* secure_filename looks for more Windows reserved file names.
* Update type annotation for best_match to make default parameter clearer.
* Multipart parser handles empty fields correctly.
* The Map charset parameter and Request.url_charset property are deprecated.
Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes
are left percent encoded rather than replaced.
* The Request.charset, Request.encoding_errors, Response.charset, and
Client.charset attributes are deprecated. Request and response data must
always use UTF-8.
* Header values that have charset information only allow ASCII, UTF-8, and
ISO-8859-1.
* Update type annotation for ProfilerMiddleware stream parameter.
* Use postponed evaluation of annotations.
* The development server escapes ASCII control characters in decoded URLs
before logging the request to the terminal.
* The FormDataParser parse_functions attribute and get_parse_func method,
and the invalid application/x-url-encoded content type, are deprecated.
* generate_password_hash supports scrypt. Plain hash methods are deprecated,
only scrypt and pbkdf2 are supported.
- Remove patch which was made obsolete by upstream:
* moved_root.patch
-------------------------------------------------------------------
Fri Apr 21 12:21:32 UTC 2023 - Dirk Müller <dmueller@suse.com>

View File

@ -27,19 +27,17 @@
%{?sle15_python_module_pythons}
Name: python-Werkzeug%{psuffix}
Version: 2.2.3
Version: 2.3.6
Release: 0
Summary: The Swiss Army knife of Python web development
License: BSD-3-Clause
Group: Development/Languages/Python
URL: https://werkzeug.palletsprojects.com
Source: https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
# PATCH-FIX-UPSTREAM moved_root.patch bsc#[0-9]+ mcepl@suse.com
# this patch makes things totally awesome
Patch1: moved_root.patch
BuildRequires: %{python_module base >= 3.7}
BuildRequires: %{python_module setuptools_scm}
BuildRequires: %{python_module base >= 3.8}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
%if %{with test}
BuildRequires: %{python_module Werkzeug = %{version}}
BuildRequires: %{python_module cryptography}
@ -50,12 +48,13 @@ BuildRequires: %{python_module pytest-timeout}
BuildRequires: %{python_module pytest-xprocess}
BuildRequires: %{python_module requests}
BuildRequires: %{python_module sortedcontainers}
BuildRequires: %{python_module watchdog >= 3.0.0}
%endif
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: python-MarkupSafe >= 2.1.1
Requires: python-MarkupSafe >= 2.1.2
Recommends: python-termcolor
Recommends: python-watchdog
Recommends: python-watchdog >= 3.0.0
Obsoletes: python-Werkzeug-doc < %{version}
Provides: python-Werkzeug-doc = %{version}
BuildArch: noarch
@ -82,11 +81,11 @@ bulletin boards, etc.).
sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylike,plnt,coolmagic}.py # Fix non-executable scripts
%build
%python_build
%pyproject_wheel
%install
%if ! %{with test}
%python_install
%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%endif