Accepting request 1093788 from devel:languages:python
- Update to 2.3.6: * FileStorage.content_length does not fail if the form data did not provide a value. - Update to 2.3.5: * Python 3.12 compatibility. * Fix handling of invalid base64 values in Authorization.from_header. * The debugger escapes the exception message in the page title. * When binding routing.Map, a long IDNA server_name with a port does not fail encoding. * iri_to_uri shows a deprecation warning instead of an error when passing bytes. * When parsing numbers in HTTP request headers such as Content-Length, only ASCII digits are accepted rather than any format that Python’s int and float accept. - Update to 2.3.4: * Authorization.from_header and WWWAuthenticate.from_header detects tokens that end with base64 padding (=). * Remove usage of warnings.catch_warnings. * Remove max_form_parts restriction from standard form data parsing and only use if for multipart content. * Response will avoid converting the Location header in some cases to preserve invalid URL schemes like itms-services. - Update to 2.3.3: * Fix parsing of large multipart bodies. Remove invalid leading newline, and restore parsing speed. * The cookie Path attribute is set to / by default again, to prevent clients from falling back to RFC 6265’s default-path behavior. - Update to 2.3.2: * Parse the cookie Expires attribute correctly in the test client. * max_content_length can only be enforced on streaming requests if the server sets wsgi.input_terminated. - Update to 2.3.1: * Percent-encode plus (+) when building URLs and in test requests. * Cookie values don’t quote characters defined in RFC 6265. * Include pyi files for datastructures type annotations. * Authorization and WWWAuthenticate objects can be compared for equality. - Update to 2.3.0: * Drop support for Python 3.7. * Remove previously deprecated code. * Passing bytes where strings are expected is deprecated, as well as the charset and errors parameters in many places. Anywhere that was annotated, documented, or tested to accept bytes shows a warning. Removing this artifact of the transition from Python 2 to 3 removes a significant amount of overhead in instance checks and encoding cycles. In general, always work with UTF-8, the modern HTML, URL, and HTTP standards all strongly recommend this. * Deprecate the werkzeug.urls module, except for the uri_to_iri and iri_to_uri functions. Use the urllib.parse library instead. * Update which characters are considered safe when using percent encoding in URLs, based on the WhatWG URL Standard. * Update which characters are considered safe when using percent encoding for Unicode filenames in downloads. * Deprecate the safe_conversion parameter of iri_to_uri. The Location header is converted to IRI using the same process as everywhere else. * Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter. * Use modern packaging metadata with pyproject.toml instead of setup.cfg. * Request.get_json() will raise a 415 Unsupported Media Type error if the Content-Type header is not application/json, instead of a generic 400. * A URL converter’s part_isolating defaults to False if its regex contains a /. * A custom converter’s regex can have capturing groups without breaking the router. * The reloader can pick up arguments to python like -X dev, and does not require heuristics to determine how to reload the command. Only available on Python >= 3.10. * The Watchdog reloader ignores file opened events. Bump the minimum version of Watchdog to 2.3.0. * When using a Unix socket for the development server, the path can start with a dot. * Increase default work factor for PBKDF2 to 600,000 iterations. * parse_options_header is 2-3 times faster. It conforms to RFC 9110, some invalid parts that were previously accepted are now ignored. * The is_filename parameter to unquote_header_value is deprecated. * Deprecate the extra_chars parameter and passing bytes to quote_header_value, the allow_token parameter to dump_header, and the cls parameter and passing bytes to parse_dict_header. * Improve parse_accept_header implementation. Parse according to RFC 9110. Discard items with invalid q values. * quote_header_value quotes the empty string. * dump_options_header skips None values rather than using a bare key. * dump_header and dump_options_header will not quote a value if the key ends with an asterisk *. * parse_dict_header will decode values with charsets. * Refactor the Authorization and WWWAuthenticate header data structures. + Both classes have type, parameters, and token attributes. The token attribute supports auth schemes that use a single opaque token rather than key=value parameters, such as Bearer. + Neither class is a dict anymore, although they still implement getting, setting, and deleting auth[key] and auth.key syntax, as well as auth.get(key) and key in auth. + Both classes have a from_header class method. parse_authorization_header and parse_www_authenticate_header are deprecated. + The methods WWWAuthenticate.set_basic and set_digest are deprecated. Instead, an instance should be created and assigned to response.www_authenticate. + A list of instances can be assigned to response.www_authenticate to set multiple header values. However, accessing the property only returns the first instance. * Refactor parse_cookie and dump_cookie. + parse_cookie is up to 40% faster, dump_cookie is up to 60% faster. + Passing bytes to parse_cookie and dump_cookie is deprecated. The dump_cookie charset parameter is deprecated. + dump_cookie allows domain values that do not include a dot ., and strips off a leading dot. + dump_cookie does not set path="/" unnecessarily by default. * Refactor the test client cookie implementation. + The cookie_jar attribute is deprecated. http.cookiejar is no longer used for storage. + Domain and path matching is used when sending cookies in requests. The domain and path parameters default to localhost and /. + Added a get_cookie method to inspect cookies. + Cookies have decoded_key and decoded_value attributes to match what the app sees rather than the encoded values a client would see. + The first positional server_name parameter to set_cookie and delete_cookie is deprecated. Use the domain parameter instead. + Other parameters to delete_cookie besides domain, path, and value are deprecated. * If request.max_content_length is set, it is checked immediately when accessing the stream, and while reading from the stream in general, rather than only during form parsing. * The development server, which must not be used in production, will exhaust the request stream up to 10GB or 1000 reads. This allows clients to see a 413 error if max_content_length is exceeded, instead of a “connection reset” failure. * The development server discards header keys that contain underscores _, as they are ambiguous with dashes - in WSGI. * secure_filename looks for more Windows reserved file names. * Update type annotation for best_match to make default parameter clearer. * Multipart parser handles empty fields correctly. * The Map charset parameter and Request.url_charset property are deprecated. Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes are left percent encoded rather than replaced. * The Request.charset, Request.encoding_errors, Response.charset, and Client.charset attributes are deprecated. Request and response data must always use UTF-8. * Header values that have charset information only allow ASCII, UTF-8, and ISO-8859-1. * Update type annotation for ProfilerMiddleware stream parameter. * Use postponed evaluation of annotations. * The development server escapes ASCII control characters in decoded URLs before logging the request to the terminal. * The FormDataParser parse_functions attribute and get_parse_func method, and the invalid application/x-url-encoded content type, are deprecated. * generate_password_hash supports scrypt. Plain hash methods are deprecated, only scrypt and pbkdf2 are supported. - Remove patch which was made obsolete by upstream: * moved_root.patch OBS-URL: https://build.opensuse.org/request/show/1093788 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=42
This commit is contained in:
commit
c629e985d0
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe
|
||||
size 845884
|
3
Werkzeug-2.3.6.tar.gz
Normal file
3
Werkzeug-2.3.6.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:98c774df2f91b05550078891dee5f0eb0cb797a522c757a2452b9cee5b202330
|
||||
size 833282
|
@ -1,36 +0,0 @@
|
||||
---
|
||||
tests/test_serving.py | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: Werkzeug-2.2.3/tests/test_serving.py
|
||||
===================================================================
|
||||
--- Werkzeug-2.2.3.orig/tests/test_serving.py
|
||||
+++ Werkzeug-2.2.3/tests/test_serving.py
|
||||
@@ -10,6 +10,7 @@ from pathlib import Path
|
||||
|
||||
import pytest
|
||||
|
||||
+import werkzeug
|
||||
from werkzeug import run_simple
|
||||
from werkzeug._reloader import _find_stat_paths
|
||||
from werkzeug._reloader import _find_watchdog_paths
|
||||
@@ -128,12 +129,15 @@ def test_windows_get_args_for_reloading(
|
||||
@pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
|
||||
@pytest.mark.parametrize("find", [_find_stat_paths, _find_watchdog_paths])
|
||||
def test_exclude_patterns(find):
|
||||
- # Imported paths under sys.prefix will be included by default.
|
||||
+ # Don’t use sys.prefix, we may have redefined PYTHONPATH and
|
||||
+ # libraries elsewhere.
|
||||
+ cur_prefix = str(Path(werkzeug.__file__).parents[1])
|
||||
+ # Imported paths under cur_prefix will be included by default.
|
||||
paths = find(set(), set())
|
||||
- assert any(p.startswith(sys.prefix) for p in paths)
|
||||
+ assert any(p.startswith(cur_prefix) for p in paths)
|
||||
# Those paths should be excluded due to the pattern.
|
||||
- paths = find(set(), {f"{sys.prefix}*"})
|
||||
- assert not any(p.startswith(sys.prefix) for p in paths)
|
||||
+ paths = find(set(), {f"{str(cur_prefix)}*"})
|
||||
+ assert not any(p.startswith(cur_prefix) for p in paths)
|
||||
|
||||
|
||||
@pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
|
@ -1,3 +1,154 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 19 06:24:50 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
- Update to 2.3.6:
|
||||
* FileStorage.content_length does not fail if the form data did not provide
|
||||
a value.
|
||||
- Update to 2.3.5:
|
||||
* Python 3.12 compatibility.
|
||||
* Fix handling of invalid base64 values in Authorization.from_header.
|
||||
* The debugger escapes the exception message in the page title.
|
||||
* When binding routing.Map, a long IDNA server_name with a port does not
|
||||
fail encoding.
|
||||
* iri_to_uri shows a deprecation warning instead of an error when passing
|
||||
bytes.
|
||||
* When parsing numbers in HTTP request headers such as Content-Length, only
|
||||
ASCII digits are accepted rather than any format that Python’s int and
|
||||
float accept.
|
||||
- Update to 2.3.4:
|
||||
* Authorization.from_header and WWWAuthenticate.from_header detects tokens
|
||||
that end with base64 padding (=).
|
||||
* Remove usage of warnings.catch_warnings.
|
||||
* Remove max_form_parts restriction from standard form data parsing and only
|
||||
use if for multipart content.
|
||||
* Response will avoid converting the Location header in some cases to
|
||||
preserve invalid URL schemes like itms-services.
|
||||
- Update to 2.3.3:
|
||||
* Fix parsing of large multipart bodies. Remove invalid leading newline, and
|
||||
restore parsing speed.
|
||||
* The cookie Path attribute is set to / by default again, to prevent clients
|
||||
from falling back to RFC 6265’s default-path behavior.
|
||||
- Update to 2.3.2:
|
||||
* Parse the cookie Expires attribute correctly in the test client.
|
||||
* max_content_length can only be enforced on streaming requests if the
|
||||
server sets wsgi.input_terminated.
|
||||
- Update to 2.3.1:
|
||||
* Percent-encode plus (+) when building URLs and in test requests.
|
||||
* Cookie values don’t quote characters defined in RFC 6265.
|
||||
* Include pyi files for datastructures type annotations.
|
||||
* Authorization and WWWAuthenticate objects can be compared for equality.
|
||||
- Update to 2.3.0:
|
||||
* Drop support for Python 3.7.
|
||||
* Remove previously deprecated code.
|
||||
* Passing bytes where strings are expected is deprecated, as well as the
|
||||
charset and errors parameters in many places. Anywhere that was annotated,
|
||||
documented, or tested to accept bytes shows a warning. Removing this
|
||||
artifact of the transition from Python 2 to 3 removes a significant amount
|
||||
of overhead in instance checks and encoding cycles. In general, always
|
||||
work with UTF-8, the modern HTML, URL, and HTTP standards all strongly
|
||||
recommend this.
|
||||
* Deprecate the werkzeug.urls module, except for the uri_to_iri and
|
||||
iri_to_uri functions. Use the urllib.parse library instead.
|
||||
* Update which characters are considered safe when using percent encoding
|
||||
in URLs, based on the WhatWG URL Standard.
|
||||
* Update which characters are considered safe when using percent encoding
|
||||
for Unicode filenames in downloads.
|
||||
* Deprecate the safe_conversion parameter of iri_to_uri. The Location header
|
||||
is converted to IRI using the same process as everywhere else.
|
||||
* Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter.
|
||||
* Use modern packaging metadata with pyproject.toml instead of setup.cfg.
|
||||
* Request.get_json() will raise a 415 Unsupported Media Type error if the
|
||||
Content-Type header is not application/json, instead of a generic 400.
|
||||
* A URL converter’s part_isolating defaults to False if its regex contains
|
||||
a /.
|
||||
* A custom converter’s regex can have capturing groups without breaking
|
||||
the router.
|
||||
* The reloader can pick up arguments to python like -X dev, and does not
|
||||
require heuristics to determine how to reload the command. Only available
|
||||
on Python >= 3.10.
|
||||
* The Watchdog reloader ignores file opened events. Bump the minimum version
|
||||
of Watchdog to 2.3.0.
|
||||
* When using a Unix socket for the development server, the path can start
|
||||
with a dot.
|
||||
* Increase default work factor for PBKDF2 to 600,000 iterations.
|
||||
* parse_options_header is 2-3 times faster. It conforms to RFC 9110, some
|
||||
invalid parts that were previously accepted are now ignored.
|
||||
* The is_filename parameter to unquote_header_value is deprecated.
|
||||
* Deprecate the extra_chars parameter and passing bytes to
|
||||
quote_header_value, the allow_token parameter to dump_header, and the cls
|
||||
parameter and passing bytes to parse_dict_header.
|
||||
* Improve parse_accept_header implementation. Parse according to RFC 9110.
|
||||
Discard items with invalid q values.
|
||||
* quote_header_value quotes the empty string.
|
||||
* dump_options_header skips None values rather than using a bare key.
|
||||
* dump_header and dump_options_header will not quote a value if the key ends
|
||||
with an asterisk *.
|
||||
* parse_dict_header will decode values with charsets.
|
||||
* Refactor the Authorization and WWWAuthenticate header data structures.
|
||||
+ Both classes have type, parameters, and token attributes. The token
|
||||
attribute supports auth schemes that use a single opaque token rather
|
||||
than key=value parameters, such as Bearer.
|
||||
+ Neither class is a dict anymore, although they still implement getting,
|
||||
setting, and deleting auth[key] and auth.key syntax, as well as
|
||||
auth.get(key) and key in auth.
|
||||
+ Both classes have a from_header class method. parse_authorization_header
|
||||
and parse_www_authenticate_header are deprecated.
|
||||
+ The methods WWWAuthenticate.set_basic and set_digest are deprecated.
|
||||
Instead, an instance should be created and assigned to
|
||||
response.www_authenticate.
|
||||
+ A list of instances can be assigned to response.www_authenticate to set
|
||||
multiple header values. However, accessing the property only returns the
|
||||
first instance.
|
||||
* Refactor parse_cookie and dump_cookie.
|
||||
+ parse_cookie is up to 40% faster, dump_cookie is up to 60% faster.
|
||||
+ Passing bytes to parse_cookie and dump_cookie is deprecated. The
|
||||
dump_cookie charset parameter is deprecated.
|
||||
+ dump_cookie allows domain values that do not include a dot ., and strips
|
||||
off a leading dot.
|
||||
+ dump_cookie does not set path="/" unnecessarily by default.
|
||||
* Refactor the test client cookie implementation.
|
||||
+ The cookie_jar attribute is deprecated. http.cookiejar is no longer used
|
||||
for storage.
|
||||
+ Domain and path matching is used when sending cookies in requests. The
|
||||
domain and path parameters default to localhost and /.
|
||||
+ Added a get_cookie method to inspect cookies.
|
||||
+ Cookies have decoded_key and decoded_value attributes to match what the
|
||||
app sees rather than the encoded values a client would see.
|
||||
+ The first positional server_name parameter to set_cookie and
|
||||
delete_cookie is deprecated. Use the domain parameter instead.
|
||||
+ Other parameters to delete_cookie besides domain, path, and value are
|
||||
deprecated.
|
||||
* If request.max_content_length is set, it is checked immediately when
|
||||
accessing the stream, and while reading from the stream in general, rather
|
||||
than only during form parsing.
|
||||
* The development server, which must not be used in production, will exhaust
|
||||
the request stream up to 10GB or 1000 reads. This allows clients to see a
|
||||
413 error if max_content_length is exceeded, instead of a “connection
|
||||
reset” failure.
|
||||
* The development server discards header keys that contain underscores _, as
|
||||
they are ambiguous with dashes - in WSGI.
|
||||
* secure_filename looks for more Windows reserved file names.
|
||||
* Update type annotation for best_match to make default parameter clearer.
|
||||
* Multipart parser handles empty fields correctly.
|
||||
* The Map charset parameter and Request.url_charset property are deprecated.
|
||||
Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes
|
||||
are left percent encoded rather than replaced.
|
||||
* The Request.charset, Request.encoding_errors, Response.charset, and
|
||||
Client.charset attributes are deprecated. Request and response data must
|
||||
always use UTF-8.
|
||||
* Header values that have charset information only allow ASCII, UTF-8, and
|
||||
ISO-8859-1.
|
||||
* Update type annotation for ProfilerMiddleware stream parameter.
|
||||
* Use postponed evaluation of annotations.
|
||||
* The development server escapes ASCII control characters in decoded URLs
|
||||
before logging the request to the terminal.
|
||||
* The FormDataParser parse_functions attribute and get_parse_func method,
|
||||
and the invalid application/x-url-encoded content type, are deprecated.
|
||||
* generate_password_hash supports scrypt. Plain hash methods are deprecated,
|
||||
only scrypt and pbkdf2 are supported.
|
||||
- Remove patch which was made obsolete by upstream:
|
||||
* moved_root.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 21 12:21:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
|
@ -27,19 +27,17 @@
|
||||
|
||||
%{?sle15_python_module_pythons}
|
||||
Name: python-Werkzeug%{psuffix}
|
||||
Version: 2.2.3
|
||||
Version: 2.3.6
|
||||
Release: 0
|
||||
Summary: The Swiss Army knife of Python web development
|
||||
License: BSD-3-Clause
|
||||
Group: Development/Languages/Python
|
||||
URL: https://werkzeug.palletsprojects.com
|
||||
Source: https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
|
||||
# PATCH-FIX-UPSTREAM moved_root.patch bsc#[0-9]+ mcepl@suse.com
|
||||
# this patch makes things totally awesome
|
||||
Patch1: moved_root.patch
|
||||
BuildRequires: %{python_module base >= 3.7}
|
||||
BuildRequires: %{python_module setuptools_scm}
|
||||
BuildRequires: %{python_module base >= 3.8}
|
||||
BuildRequires: %{python_module pip}
|
||||
BuildRequires: %{python_module setuptools}
|
||||
BuildRequires: %{python_module wheel}
|
||||
%if %{with test}
|
||||
BuildRequires: %{python_module Werkzeug = %{version}}
|
||||
BuildRequires: %{python_module cryptography}
|
||||
@ -50,12 +48,13 @@ BuildRequires: %{python_module pytest-timeout}
|
||||
BuildRequires: %{python_module pytest-xprocess}
|
||||
BuildRequires: %{python_module requests}
|
||||
BuildRequires: %{python_module sortedcontainers}
|
||||
BuildRequires: %{python_module watchdog >= 3.0.0}
|
||||
%endif
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: python-rpm-macros
|
||||
Requires: python-MarkupSafe >= 2.1.1
|
||||
Requires: python-MarkupSafe >= 2.1.2
|
||||
Recommends: python-termcolor
|
||||
Recommends: python-watchdog
|
||||
Recommends: python-watchdog >= 3.0.0
|
||||
Obsoletes: python-Werkzeug-doc < %{version}
|
||||
Provides: python-Werkzeug-doc = %{version}
|
||||
BuildArch: noarch
|
||||
@ -82,11 +81,11 @@ bulletin boards, etc.).
|
||||
sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylike,plnt,coolmagic}.py # Fix non-executable scripts
|
||||
|
||||
%build
|
||||
%python_build
|
||||
%pyproject_wheel
|
||||
|
||||
%install
|
||||
%if ! %{with test}
|
||||
%python_install
|
||||
%pyproject_install
|
||||
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||
%endif
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user