Accepting request 901091 from home:stroeder:python

This replaces SR#900998 which came from the wrong branch project.

OBS-URL: https://build.opensuse.org/request/show/901091
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Werkzeug?expand=0&rev=59

Werkzeug-1.0.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6c80b1e5ad3665290ea39320b91e1be1e0d5f60652b964a3070216de83d2e47c
-size 904455

Werkzeug-2.0.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1de1db30d010ff1af14a009224ec49ab2329ad2cde454c8a708130642d579c42
+size 892730

python-Werkzeug.changes

@@ -1,3 +1,181 @@
+-------------------------------------------------------------------
+Sat Jun 19 07:42:14 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- skip building for Python 2.x
+- updated upstream project URL
+- Update to 2.0.1
+  * Version 2.0.1
+    - Fix type annotation for send_file max_age callable. Don’t pass 
+      pathlib.Path to max_age. #2119
+    - Mark top-level names as exported so type checking understands imports 
+      in user projects. #2122
+    - Fix some types that weren’t available in Python 3.6.0. #2123
+    - cached_property is generic over its return type, properties decorated 
+      with it report the correct type. #2113
+    - Fix multipart parsing bug when boundary contains special regex 
+      characters. #2125
+    - Type checking understands that calling headers.get with a string 
+      default will always return a string. #2128
+    - If HTTPException.description is not a string, get_description will 
+      convert it to a string. #2115
+  * Version 2.0.0
+    - Drop support for Python 2 and 3.5. #1693
+    - Deprecate utils.format_string(), use string.Template instead. #1756
+    - Deprecate utils.bind_arguments() and utils.validate_arguments(),
+      use Signature.bind() and inspect.signature() instead. #1757
+    - Deprecate utils.HTMLBuilder. #1761
+    - Deprecate utils.escape() and utils.unescape(), use MarkupSafe instead. #1758
+    - Deprecate the undocumented python -m werkzeug.serving CLI. #1834
+    - Deprecate the environ["werkzeug.server.shutdown"] function that is 
+      available when running the development server. #1752
+    - Deprecate the useragents module and the built-in user agent parser. Use 
+      a dedicated parser library instead by subclassing user_agent.UserAgent 
+      and setting Request.user_agent_class. #2078
+    - Remove the unused, internal posixemulation module. #1759
+    - All datetime values are timezone-aware with tzinfo=timezone.utc. This 
+      applies to anything using http.parse_date: Request.date, 
+      .if_modified_since, .if_unmodified_since; Response.date, .expires, 
+      .last_modified, .retry_after; parse_if_range_header, and IfRange.date. 
+      When comparing values, the other values must also be aware, or these 
+      values must be made naive. When passing parameters or setting 
+      attributes, naive values are still assumed to be in UTC. #2040
+    - Merge all request and response wrapper mixin code into single Request 
+      and Response classes. Using the mixin classes is no longer necessary 
+      and will show a deprecation warning. Checking isinstance or issubclass 
+      against BaseRequest and BaseResponse will show a deprecation warning 
+      and check against Request or Response instead. #1963
+    - JSON support no longer uses simplejson if it’s installed. To use 
+      another JSON module, override Request.json_module and 
+      Response.json_module. #1766
+    - Response.get_json() no longer caches the result, and the cache 
+      parameter is removed. #1698
+    - Response.freeze() generates an ETag header if one is not set. The 
+      no_etag parameter (which usually wasn’t visible anyway) is no longer 
+      used. #1963
+    - Add a url_scheme argument to build() to override the bound scheme. #1721
+    - Passing an empty list as a query string parameter to build() won’t 
+      append an unnecessary ?. Also drop any number of None items in a list. 
+      #1992
+    - When passing a Headers object to a test client method or 
+      EnvironBuilder, multiple values for a key are joined into one comma 
+      separated value. This matches the HTTP spec on multi-value headers. 
+      #1655
+    - Setting Response.status and status_code uses identical parsing and 
+      error checking. #1658, #1728
+    - MethodNotAllowed and RequestedRangeNotSatisfiable take a response 
+      kwarg, consistent with other HTTP errors. #1748
+    - The response generated by Unauthorized produces one WWW-Authenticate 
+      header per value in www_authenticate, rather than joining them into a 
+      single value, to improve interoperability with browsers and other 
+      clients. #1755
+    - If parse_authorization_header can’t decode the header value, it returns 
+      None instead of raising a UnicodeDecodeError. #1816
+    - The debugger no longer uses jQuery. #1807
+    - The test client includes the query string in REQUEST_URI and RAW_URI. #1781
+    - Switch the parameter order of default_stream_factory to match the order 
+      used when calling it. #1085
+    - Add send_file function to generate a response that serves a file. 
+      Adapted from Flask’s implementation. #265, #1850
+    - Add send_from_directory function to safely serve an untrusted path 
+      within a trusted directory. Adapted from Flask’s implementation. #1880
+    - send_file takes download_name, which is passed even if 
+      as_attachment=False by using Content-Disposition: inline. download_name 
+      replaces Flask’s attachment_filename. #1869
+    - send_file sets conditional=True and max_age=None by default. 
+      Cache-Control is set to no-cache if max_age is not set, otherwise 
+      public. This tells browsers to validate conditional requests instead of 
+      using a timed cache. max_age=None replaces Flask’s cache_timeout=43200. 
+      #1882
+    - send_file can be called with etag="string" to set a custom ETag instead 
+      of generating one. etag replaces Flask’s add_etags. #1868
+    - send_file sets the Content-Encoding header if an encoding is returned 
+      when guessing mimetype from download_name. #3896
+    - Update the defaults used by generate_password_hash. Increase PBKDF2 
+      iterations to 260000 from 150000. Increase salt length to 16 from 8. 
+      Use secrets module to generate salt. #1935
+    - The reloader doesn’t crash if sys.stdin is somehow None. #1915
+    - Add arguments to delete_cookie to match set_cookie and the attributes 
+      modern browsers expect. #1889
+    - utils.cookie_date is deprecated, use utils.http_date instead. The value 
+      for Set-Cookie expires is no longer “-” delimited. #2040
+    - Use request.headers instead of request.environ to look up header attributes. #1808
+    - The test Client request methods (client.get, etc.) always return an 
+      instance of TestResponse. In addition to the normal behavior of 
+      Response, this class provides request with the request that produced 
+      the response, and history to track intermediate responses when 
+      follow_redirects is used. #763, #1894
+    - The test Client request methods takes an auth parameter to add an 
+      Authorization header. It can be an Authorization object or a (username, 
+      password) tuple for Basic auth. #1809
+    - Calling response.close() on a response from the test Client will close 
+      the request input stream. This matches file behavior and can prevent a 
+      ResourceWarning in some cases. #1785
+    - EnvironBuilder.from_environ decodes values encoded for WSGI, to avoid 
+      double encoding the new values. #1959
+    - The default stat reloader will watch Python files under 
+      non-system/virtualenv sys.path entries, which should contain most user 
+      code. It will also watch all Python files under directories given in 
+      extra_files. #1945
+    - The reloader ignores __pycache__ directories again. #1945
+    - run_simple takes exclude_patterns a list of fnmatch patterns that will 
+      not be scanned by the reloader. #1333
+    - Cookie names are no longer unquoted. This was against RFC 6265 and 
+      potentially allowed setting __Secure prefixed cookies. #1965
+    - Fix some word matches for user agent platform when the word can be a substring. #1923
+    - The development server logs ignored SSL errors. #1967
+    - Temporary files for form data are opened in rb+ instead of wb+ mode for 
+      better compatibility with some libraries. #1961
+    - Use SHA-1 instead of MD5 for generating ETags and the debugger pin, and 
+      in some tests. MD5 is not available in some environments, such as FIPS 
+      140. This may invalidate some caches since the ETag will be different. 
+      #1897
+    - Add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy 
+      response header properties. #2008
+    - run_simple tries to show a valid IP address when binding to all 
+      addresses, instead of 0.0.0.0 or ::. It also warns about not running 
+      the development server in production in this case. #1964
+    - Colors in the development server log are displayed if Colorama is 
+      installed on Windows. For all platforms, style support no longer 
+      requires Click. #1832
+    - A range request for an empty file (or other data with length 0) will 
+      return a 200 response with the empty file instead of a 416 error. #1937
+    - New sans-IO base classes for Request and Response have been extracted 
+      to contain all the behavior that is not WSGI or IO dependent. These are 
+      not a public API, they are part of an ongoing refactor to let ASGI 
+      frameworks use Werkzeug. #2005
+    - Parsing multipart/form-data has been refactored to use sans-io 
+      patterns. This should also make parsing forms with large binary file 
+      uploads significantly faster. #1788, #875
+    - LocalProxy matches the current Python data model special methods, 
+      including all r-ops, in-place ops, and async. __class__ is proxied, so 
+      the proxy will look like the object in more cases, including 
+      isinstance. Use issubclass(type(obj), LocalProxy) to check if an object 
+      is actually a proxy. #1754
+    - Local uses ContextVar on Python 3.7+ instead of threading.local. #1778
+    - request.values does not include form for GET requests (even though GET 
+      bodies are undefined). This prevents bad caching proxies from caching 
+      form data instead of query strings. #2037
+    - The development server adds the underlying socket to environ as 
+      werkzeug.socket. This is non-standard and specific to the dev server, 
+      other servers may expose this under their own key. It is useful for 
+      handling a WebSocket upgrade request. #2052
+    - URL matching assumes websocket=True mode for WebSocket upgrade requests. #2052
+    - Updated UserAgentParser to handle more cases. #1971
+    - werzeug.DechunkedInput.readinto will not read beyond the size of the buffer. #2021
+    - Fix connection reset when exceeding max content size. #2051
+    - pbkdf2_hex, pbkdf2_bin, and safe_str_cmp are deprecated. hashlib and 
+      hmac provide equivalents. #2083
+    - invalidate_cached_property is deprecated. Use del obj.name instead. #2084
+    - Href is deprecated. Use werkzeug.routing instead. #2085
+    - Request.disable_data_descriptor is deprecated. Create the request with 
+      shallow=True instead. #2085
+    - HTTPException.wrap is deprecated. Create a subclass manually instead. #2085
+
+-------------------------------------------------------------------
+Sun Jun 13 14:12:36 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- skip building for Python 2.x
+
 -------------------------------------------------------------------
 Tue Jan 12 16:09:32 UTC 2021 - Markéta Machová <mmachova@suse.com>
 

python-Werkzeug.spec

@@ -16,24 +16,31 @@
 #
 
 
-%define oldpython python
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+%define skip_python2 1
 Name:           python-Werkzeug
-Version:        1.0.1
+Version:        2.0.1
 Release:        0
 Summary:        The Swiss Army knife of Python web development
 License:        BSD-3-Clause
 Group:          Development/Languages/Python
-URL:            http://werkzeug.pocoo.org/
+URL:            https://werkzeug.palletsprojects.com
 Source:         https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
+BuildRequires:  %{python_module cryptography}
+BuildRequires:  %{python_module dataclasses if %python-base < 3.7}
 BuildRequires:  %{python_module hypothesis}
+BuildRequires:  %{python_module pytest >= 6.2.4}
 BuildRequires:  %{python_module pytest-timeout}
-BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module pytest-xprocess}
 BuildRequires:  %{python_module requests}
+BuildRequires:  %{python_module setuptools_scm}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module sortedcontainers}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
+%if %python_version_nodots < 37
+Requires:       python-dataclasses
+%endif
 Recommends:     python-termcolor
 Recommends:     python-watchdog
 Obsoletes:      python-Werkzeug-doc < %{version}
@@ -42,10 +49,6 @@ BuildArch:      noarch
 %if 0%{?suse_version} < 1500
 BuildRequires:  python
 %endif
-%ifpython2
-Provides:       %{oldpython}-werkzeug = %{version}
-Obsoletes:      %{oldpython}-werkzeug < %{version}
-%endif
 %python_subpackages
 
 %description
@@ -78,7 +81,7 @@ sed -i "1d" examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylik
 export LANG=en_US.UTF-8
 export PYTHONDONTWRITEBYTECODE=1
 # workaround pytest 6.2 (like https://github.com/pallets/werkzeug/commit/16718f461d016b88b6457d3ef63816b7df1f0d1f, but shorter)
-%pytest -p no:unraisableexception
+%pytest -k 'not test_reloader_sys_path and not test_chunked_encoding and not test_basic and not test_server and not test_ssl and not test_http_proxy and not test_500_error and not test_untrusted_host and not test_double_slash_path and not test_wrong_protocol and not test_content_type_and_length and not test_multiple_headers_concatenated and not test_multiline_header_folding'
 
 %files %{python_files}
 %license LICENSE.rst