Accepting request 1223597 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/1223597
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Werkzeug?expand=0&rev=50

python-Werkzeug.changes

@@ -1,3 +1,84 @@
+-------------------------------------------------------------------
+Tue Nov 12 07:59:40 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 3.1.3
+  * Initial data passed to ``MultiDict`` and similar interfaces only accepts
+    ``list``, ``tuple``, or ``set`` when passing multiple values. It had been
+    changed to accept any ``Collection``, but this matched types that should be
+    treated as single values, such as ``bytes``. :issue:`2994`
+  * When the ``Host`` header is not set and ``Request.host`` falls back to the
+    WSGI ``SERVER_NAME`` value, if that value is an IPv6 address it is wrapped
+    in ``[]`` to match the ``Host`` header. :issue:`2993`
+- from version 3.1.2
+  * Improve type annotation for ``TypeConversionDict.get`` to allow the ``type``
+    parameter to be a callable. :issue:`2988`
+  * ``Headers`` does not inherit from ``MutableMapping``, as it is does not
+    exactly match that interface. :issue:`2989`
+
+-------------------------------------------------------------------
+Mon Nov  4 10:57:09 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 3.1.1
+  * Fix an issue that caused ``str(Request.headers)`` to always appear empty.
+    :issue:`2985`
+- from version 3.1.0
+  * Drop support for Python 3.8. :pr:`2966`
+  * Remove previously deprecated code. :pr:`2967`
+  * ``Request.max_form_memory_size`` defaults to 500kB instead of unlimited.
+    Non-file form fields over this size will cause a ``RequestEntityTooLarge``
+    error. :issue:`2964`
+  * ``OrderedMultiDict`` and ``ImmutableOrderedMultiDict`` are deprecated.
+    Use ``MultiDict`` and ``ImmutableMultiDict`` instead. :issue:`2968`
+  * Behavior of properties on ``request.cache_control`` and
+    ``response.cache_control`` has been significantly adjusted.
+    * Dict values are always ``str | None``. Setting properties will convert
+      the value to a string. Setting a property to ``False`` is equivalent to
+      setting it to ``None``. Getting typed properties will return ``None`` if
+      conversion raises ``ValueError``, rather than the string. :issue:`2980`
+    * ``max_age`` is ``None`` if present without a value, rather than ``-1``.
+      :issue:`2980`
+    * ``no_cache`` is a boolean for requests, it is ``True`` instead of
+      ``"*"`` when present. It remains a string for responses. :issue:`2980`
+    * ``max_stale`` is ``True`` if present without a value, rather
+      than ``"*"``. :issue:`2980`
+    * ``no_transform`` is a boolean. Previously it was mistakenly always
+      ``None``. :issue:`2881`
+    * ``min_fresh`` is ``None`` if present without a value, rather than
+      ``"*"``. :issue:`2881`
+    * ``private`` is ``True`` if present without a value, rather than ``"*"``.
+      :issue:`2980`
+    * Added the ``must_understand`` property. :issue:`2881`
+    * Added the ``stale_while_revalidate``, and ``stale_if_error``
+      properties. :issue:`2948`
+    * Type annotations more accurately reflect the values. :issue:`2881`
+  * Support Cookie CHIPS (Partitioned Cookies). :issue:`2797`
+  * Add 421 ``MisdirectedRequest`` HTTP exception. :issue:`2850`
+  * Increase default work factor for PBKDF2 to 1,000,000 iterations.
+    :issue:`2969`
+  * Inline annotations for ``datastructures``, removing stub files.
+    :issue:`2970`
+  * ``MultiDict.getlist`` catches ``TypeError`` in addition to ``ValueError``
+    when doing type conversion. :issue:`2976`
+  * Implement ``|`` and ``|=`` operators for ``MultiDict``, ``Headers``, and
+    ``CallbackDict``, and disallow ``|=`` on immutable types. :issue:`2977`
+
+-------------------------------------------------------------------
+Mon Oct 28 12:57:32 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.0.6 (bsc#1232449, CVE-2024-49767):
+  * Fix how max_form_memory_size is applied when parsing large
+    non-file fields. GHSA-q34m-jh98-gwm2
+  * safe_join catches certain paths on Windows that were not caught by
+    ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j
+- 3.0.5:
+  * The Watchdog reloader ignores file closed no write events. #2945
+  * Logging works with client addresses containing an IPv6 scope.
+    #2952
+  * Ignore invalid authorization parameters. #2955
+  * Improve type annotation fore SharedDataMiddleware. #2958
+  * Compatibility with Python 3.13 when generating debugger pin and
+    the current UID does not have an associated name. #2957
+
 -------------------------------------------------------------------
 Mon Aug 26 14:36:39 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
 

python-Werkzeug.spec

@@ -27,7 +27,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-Werkzeug%{psuffix}
-Version:        3.0.4
+Version:        3.1.3
 Release:        0
 Summary:        The Swiss Army knife of Python web development
 License:        BSD-3-Clause
@@ -109,6 +109,7 @@ donttest+=" or test_wrong_protocol"
 donttest+=" or test_content_type_and_length"
 donttest+=" or test_multiple_headers_concatenated"
 donttest+=" or test_multiline_header_folding"
+donttest+=" or test_host_with_ipv6_scope"
 %pytest -k "not ($donttest)"
 %endif
 

werkzeug-3.0.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:34f2371506b250df4d4f84bfe7b0921e4762525762bbd936614909fe25cd7306
-size 803966

werkzeug-3.1.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:60723ce945c19328679790e3282cc758aa4a6040e4bb330f53d30fa546d44746
+size 806925