Scheduled daily dependency update on Saturday

[pyup-bot]

Update webrequest from 0.0.52 to 0.0.78.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/webrequest
• Repo: https://github.com/fake-name/WebRequest

Update sqlalchemy_utils from 0.33.11 to 0.41.2.

Changelog

0.41.2

^^^^^^^^^^^^^^^^^^^

- Fix breaking change introduced on SQLAlchemy 2.0.22 changes to `attributes.AttributeImpl` constructor (733)

0.41.1

^^^^^^^^^^^^^^^^^^^

- Use a custom SQL construct for refreshing materialized views in
`refresh_materialized_view` (703)

0.41.0

^^^^^^^^^^^^^^^^^^^

- Support psycopg3 for ``create_database()`` and ``delete_database()``.
(701, pull request by LerikP)

0.40.0

^^^^^^^^^^^^^^^^^^^

- Remove Python 3.6 support
- Add SQLAlchemy 2 support
- Add comparison operator support for LTree type (668, pull request by salimfadhley)

0.39.0

^^^^^^^^^^^^^^^^^^^

- Support Python 3.11.
- Add pre-commit hooks for uniform text checks, isort, flake8, and pyupgrade.
- Fix a crash that occurs if the ``colour-science`` package is installed,
which shares the same import name as the ``colour`` package that sqlalchemy-utils supports.
(`637 <https://github.com/kvesteri/sqlalchemy-utils/pull/637>`_, courtesy of JayPalm)
- Fix a crash that occurs if the installed sqlalchemy version is a beta (like ``"2.0.0b3"``).
(Reported in `643 <https://github.com/kvesteri/sqlalchemy-utils/pull/643>`_, thanks Dinmukhamet!)

0.38.3

^^^^^^^^^^^^^^^^^^^

- Fixed double-quoted UUID's in sqlalchemy >= 1.4.30 (581, pull request courtesy of kurtmckee)
- Fixed create_database() and drop_database() crashing with CockroachDB (586, pull request courtesy of kurtmckee)
- Added mixed case support for pg composite (584, pull request courtesy of bamartin125)
- Support Python 3.10.
- Drop support for Python 3.4 and 3.5.
- Remove the dependency on the six package. (605)
- Introduce sqlalchemy 2.0 compatibility. (513)

0.38.2

^^^^^^^^^^^^^^^^^^^

- Added inherit_cache=False in order to avoid SQLAlchemy warnings in `cast_locale_expr` (571)

0.38.1

^^^^^^^^^^^^^^^^^^^

- Added cache_ok=True for various different types

0.38.0

^^^^^^^^^^^^^^^^^^^

- Removed CompositeArray. Instead of CompositeArray one should use ARRAY(dimensions=1)
- Made ChoicesType only convert lists to tuples internally.

0.37.9

^^^^^^^^^^^^^^^^^^^

- Fixed base padding class abstract methods (547, pull request courtesy of dpgaspar)
- Optimized cast_locale function (552, pull request courtesy of tvuotila)
- Allow for arbitrary Table keyword arguments in create_table_from_selectable (551, pull request courtesy of quoimec)

0.37.8

^^^^^^^^^^^^^^^^^^^

- Added 'zoneinfo' backend to TimezoneType (510, pull request courtesy of huonw)

0.37.7

^^^^^^^^^^^^^^^^^^^

- Added identifier quoting for view functions and constructs
- Added literal processor for UUIDType

0.37.6

^^^^^^^^^^^^^^^^^^^

- Added `cache_ok=True` for TSVectorType

0.37.5

^^^^^^^^^^^^^^^^^^^

- Fixed instant_defaults_listener to respect constructor supplied kwargs (516, pull request courtesy of soundstripe)

0.37.4

^^^^^^^^^^^^^^^^^^^

- Fixed incorrect Ltree.lca behaviour (468, pull request courtesy of slymit)

0.37.3

^^^^^^^^^^^^^^^^^^^

- Added `cache_ok=True` for all custom types
- Added CockroachDB support for UUIDType (526, pull request courtesy of chrishemmings)

0.37.2

^^^^^^^^^^^^^^^^^^^

- Added python_requires to setup.py

0.37.1

^^^^^^^^^^^^^^^^^^^

- Removed py27 from pypi wheel

0.37.0

^^^^^^^^^^^^^^^^^^^

- Added SQLAlchemy 1.4 support
- Fixed database_exists() on PostgreSQL (462)
- Added create_database support pymssql (486)
- Removed `sort_query`, `get_query_entities` and `get_query_entity_by_alias` functions

0.36.8

^^^^^^^^^^^^^^^^^^^

- Don't connect to 'postgres' data base for database existence check (372, pull request courtesy of bernt-matthias)

0.36.7

^^^^^^^^^^^^^^^^^^^

- Fix dynamic relationships for observables (455)

0.36.6

^^^^^^^^^^^^^^^^^^^

- Dropped support for Python 2.7 (thanks for the help graingert)
- Reverted 426 and added support for Legacy Encrypted Type (450, pull request courtesy of rushilsrivastava)
- Added psycopg2cffi support for create_database and drop_database (447, pull request courtesy of DominicBurkart)

0.36.5

^^^^^^^^^^^^^^^^^^^

- Added support for dictionary input in CompositeType (435, pull request courtesy of cozos)
- Added new EnrichedDateTime and EnrichedDate types (403, pull request courtesy of yk-lab)
- Using String instead of LargeBinary for impl of EncryptedType (426, pull request courtesy of aicioara)
- Added support for JSONType in EncryptedType (439, pull request courtesy of rushilsrivastava)

0.36.4

^^^^^^^^^^^^^^^^^^^

- Added jsonb_sql function (377, pull request courtesy of getglad)
- Drop py27 support

0.36.3

^^^^^^^^^^^^^^^^^^^

- Added hash method for PhoneNumberType (428, pull request courtesy of hanc1208)

0.36.2

^^^^^^^^^^^^^^^^^^^

- Added repr for UUIDType (424, pull request courtesy of ziima)

0.36.1

^^^^^^^^^^^^^^^^^^^

- Added support for CASCADE option when dropping views (406, pull request courtesy of amicks)
- Added `aliases` parameter to create_materialized_view function.

0.36.0

^^^^^^^^^^^^^^^^^^^

- Removed explain and explain_analyze due to the internal changes in SQLAlchemy version 1.3.

0.35.0

^^^^^^^^^^^^^^^^^^^

- Removed some deprecation warnings
- Added Int8RangeType (401, pull request courtesy of lpsinger)

0.34.2

^^^^^^^^^^^^^^^^^^^

- Remove ABC deprecation warnings (386, pull request courtesy of VizualAbstract)

0.34.1

^^^^^^^^^^^^^^^^^^^

- Remove deprecation warnings (379, pull request courtesy of Le-Stagiaire)
- Drop py34 support

0.34.0

^^^^^^^^^^^^^^^^^^^


- Removed array_agg compilation which was never a good idea and collided with the latest version of SA. (374)
- Removed deprecation warnings (373, pull request courtesy of pbasista)

0.33.12

^^^^^^^^^^^^^^^^^^^^

- Added ordering support for Country primitive (361, pull request courtesy of TrilceAC)

Links

• PyPI: https://pypi.org/project/sqlalchemy-utils
• Changelog: https://data.safetycli.com/changelogs/sqlalchemy-utils/
• Repo: https://github.com/kvesteri/sqlalchemy-utils

Update mdx_linkify from 1.2 to 2.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/mdx-linkify
• Repo: https://github.com/daGrevis/mdx_linkify

Update apscheduler from 3.5.3 to 3.11.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/apscheduler
• Docs: https://pythonhosted.org/APScheduler/

Update psycopg2 from 2.7.7 to 2.9.10.

Changelog

2.9.10

^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Add support for Python 3.13.
- Receive notifications on commit (:ticket:`1728`).
- `~psycopg2.errorcodes` map and `~psycopg2.errors` classes updated to
PostgreSQL 17.
- Drop support for Python 3.7.

2.9.9

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Add support for Python 3.12.
- Drop support for Python 3.6.

2.9.8

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Wheel package bundled with PostgreSQL 16 libpq in order to add support for
recent features, such as ``sslcertmode``.

2.9.7

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fix propagation of exceptions raised during module initialization
(:ticket:`1598`).
- Fix building when pg_config returns an empty string (:ticket:`1599`).
- Wheel package bundled with OpenSSL 1.1.1v.

2.9.6

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Package manylinux 2014 for aarch64 and ppc64le platforms, in order to
include libpq 15 in the binary package (:ticket:`1396`).
- Wheel package bundled with OpenSSL 1.1.1t.

2.9.5

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Add support for Python 3.11.
- Add support for rowcount in MERGE statements in binary packages
(:ticket:`1497`).
- Wheel package bundled with OpenSSL 1.1.1r and PostgreSQL 15 libpq.

2.9.4

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fix `~psycopg2.extras.register_composite()`,
`~psycopg2.extras.register_range()` with customized :sql:`search_path`
(:ticket:`1487`).
- Handle correctly composite types with names or in schemas requiring escape.
- Find ``pg_service.conf`` file in the ``/etc/postgresql-common`` directory in
binary packages (:ticket:`1365`).
- `~psycopg2.errorcodes` map and `~psycopg2.errors` classes updated to
PostgreSQL 15.
- Wheel package bundled with OpenSSL 1.1.1q and PostgreSQL 14.4 libpq.

2.9.3

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Alpine (musl) wheels now available (:ticket:`1392`).
- macOS arm64 (Apple M1) wheels now available (:ticket:`1482`).

2.9.2

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Raise `ValueError` for dates >= Y10k (:ticket:`1307`).
- `~psycopg2.errorcodes` map and `~psycopg2.errors` classes updated to
PostgreSQL 14.
- Add preliminary support for Python 3.11 (:tickets:`1376, 1386`).
- Wheel package bundled with OpenSSL 1.1.1l and PostgreSQL 14.1 libpq
(:ticket:`1388`).

2.9.1

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fix regression with named `~psycopg2.sql.Placeholder` (:ticket:`1291`).

2.9

-------------------------

- ``with connection`` starts a transaction on autocommit transactions too
(:ticket:`941`).
- Timezones with fractional minutes are supported on Python 3.7 and following
(:ticket:`1272`).
- Escape table and column names in `~cursor.copy_from()` and
`~cursor.copy_to()`.
- Connection exceptions with sqlstate ``08XXX`` reclassified as
`~psycopg2.OperationalError` (a subclass of the previously used
`~psycopg2.DatabaseError`) (:ticket:`1148`).
- Include library dirs required from libpq to work around MacOS build problems
(:ticket:`1200`).

Other changes:

- Dropped support for Python 2.7, 3.4, 3.5 (:tickets:`1198, 1000, 1197`).
- Dropped support for mx.DateTime.
- Use `datetime.timezone` objects by default in datetime objects instead of
`~psycopg2.tz.FixedOffsetTimezone`.
- The `psycopg2.tz` module is deprecated and scheduled to be dropped in the
next major release.
- Provide :pep:`599` wheels packages (manylinux2014 tag) for i686 and x86_64
platforms.
- Provide :pep:`600` wheels packages (manylinux_2_24 tag) for aarch64 and
ppc64le platforms.
- Wheel package bundled with OpenSSL 1.1.1k and PostgreSQL 13.3 libpq.
- Build system for Linux/MacOS binary packages moved to GitHub Actions.

2.8.7

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Accept empty params as `~psycopg2.connect()` (:ticket:`1250`).
- Fix attributes refcount in `Column` initialisation (:ticket:`1252`).
- Allow re-initialisation of static variables in the C module (:ticket:`1267`).

2.8.6

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fixed memory leak changing connection encoding to the current one
(:ticket:`1101`).
- Fixed search of mxDateTime headers in virtualenvs (:ticket:`996`).
- Added missing values from errorcodes (:ticket:`1133`).
- `cursor.query` reports the query of the last :sql:`COPY` operation too
(:ticket:`1141`).
- `~psycopg2.errorcodes` map and `~psycopg2.errors` classes updated to
PostgreSQL 13.
- Added wheel packages for ARM architecture (:ticket:`1125`).
- Wheel package bundled with OpenSSL 1.1.1g.

2.8.5

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fixed use of `!connection_factory` and `!cursor_factory` together
(:ticket:`1019`).
- Added support for `~logging.LoggerAdapter` in
`~psycopg2.extras.LoggingConnection` (:ticket:`1026`).
- `~psycopg2.extensions.Column` objects in `cursor.description` can be sliced
(:ticket:`1034`).
- Added AIX support (:ticket:`1061`).
- Fixed `~copy.copy()` of `~psycopg2.extras.DictCursor` rows (:ticket:`1073`).

2.8.4

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fixed building with Python 3.8 (:ticket:`854`).
- Don't swallow keyboard interrupts on connect when a password is specified
in the connection string (:ticket:`898`).
- Don't advance replication cursor when the message wasn't confirmed
(:ticket:`940`).
- Fixed inclusion of ``time.h`` on linux (:ticket:`951`).
- Fixed int overflow for large values in `~psycopg2.extensions.Column.table_oid`
and `~psycopg2.extensions.Column.type_code` (:ticket:`961`).
- `~psycopg2.errorcodes` map and `~psycopg2.errors` classes updated to
PostgreSQL 12.
- Wheel package bundled with OpenSSL 1.1.1d and PostgreSQL at least 11.4.

2.8.3

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Added *interval_status* parameter to
`~psycopg2.extras.ReplicationCursor.start_replication()` method and other
facilities to send automatic replication keepalives at periodic intervals
(:ticket:`913`).
- Fixed namedtuples caching introduced in 2.8 (:ticket:`928`).

2.8.2

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fixed `~psycopg2.extras.RealDictCursor` when there are repeated columns
(:ticket:`884`).
- Binary packages built with openssl 1.1.1b. Should fix concurrency problems
(:tickets:`543, 836`).

2.8.1

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Fixed `~psycopg2.extras.RealDictRow` modifiability (:ticket:`886`).
- Fixed "there's no async cursor" error polling a connection with no cursor
(:ticket:`887`).

2.8

-------------------------

New features:

- Added `~psycopg2.errors` module. Every PostgreSQL error is converted into
a specific exception class (:ticket:`682`).
- Added `~psycopg2.extensions.encrypt_password()` function (:ticket:`576`).
- Added `~psycopg2.extensions.BYTES` adapter to manage databases with mixed
encodings on Python 3 (:ticket:`835`).
- Added `~psycopg2.extensions.Column.table_oid` and
`~psycopg2.extensions.Column.table_column` attributes on `cursor.description`
items (:ticket:`661`).
- Added `connection.info` object to retrieve various PostgreSQL connection
information (:ticket:`726`).
- Added `~connection.get_native_connection()` to expose the raw ``PGconn``
structure to C extensions via Capsule (:ticket:`782`).
- Added `~connection.pgconn_ptr` and `~cursor.pgresult_ptr` to expose raw
C structures to Python and interact with libpq via ctypes (:ticket:`782`).
- `~psycopg2.sql.Identifier` can represent qualified names in SQL composition
(:ticket:`732`).
- Added `!ReplicationCursor`.\ `~psycopg2.extras.ReplicationCursor.wal_end`
attribute (:ticket:`800`).
- Added *fetch* parameter to `~psycopg2.extras.execute_values()` function
(:ticket:`813`).
- `!str()` on `~psycopg2.extras.Range` produces a human-readable representation
(:ticket:`773`).
- `~psycopg2.extras.DictCursor` and `~psycopg2.extras.RealDictCursor` rows
maintain columns order (:ticket:`177`).
- Added `~psycopg2.extensions.Diagnostics.severity_nonlocalized` attribute on
the `~psycopg2.extensions.Diagnostics` object (:ticket:`783`).
- More efficient `~psycopg2.extras.NamedTupleCursor` (:ticket:`838`).

Bug fixes:

- Fixed connections occasionally broken by the unrelated use of the
multiprocessing module (:ticket:`829`).
- Fixed async communication blocking if results are returned in different
chunks, e.g. with notices interspersed to the results (:ticket:`856`).
- Fixed adaptation of numeric subclasses such as `~enum.IntEnum`
(:ticket:`591`).

Other changes:

- Dropped support for Python 2.6, 3.2, 3.3.
- Dropped `psycopg1` module.
- Dropped deprecated `!register_tstz_w_secs()` (was previously a no-op).
- Dropped deprecated `!PersistentConnectionPool`. This pool class was mostly
designed to interact with Zope. Use `!ZPsycopgDA.pool` instead.
- Binary packages no longer installed by default. The 'psycopg2-binary'
package must be used explicitly.
- Dropped `!PSYCOPG_DISPLAY_SIZE` build parameter.
- Dropped support for mxDateTime as the default date and time adapter.
mxDatetime support continues to be available as an alternative to Python's
builtin datetime.
- No longer use 2to3 during installation for Python 2 & 3 compatibility. All
source files are now compatible with Python 2 & 3 as is.
- The `!psycopg2.test` package is no longer installed by ``python setup.py
install``.
- Wheel package bundled with OpenSSL 1.0.2r and PostgreSQL 11.2 libpq.

Links

• PyPI: https://pypi.org/project/psycopg2
• Changelog: https://data.safetycli.com/changelogs/psycopg2/
• Homepage: https://psycopg.org/

Update babel from 2.6.0 to 2.16.0.

Changelog

2.16.0

--------------

Features
~~~~~~~~

* CLDR: Upgrade to CLDR 45 by tomasr8 in :gh:`1077`
* Lists: Support list format fallbacks by akx in :gh:`1099`
* Messages: Initial support for reading mapping configuration as TOML by akx in :gh:`1108`

Bugfixes
~~~~~~~~

* CLDR: Do not allow substituting alternates or drafts in derived locales by akx in :gh:`1113`
* Core: Allow falling back to modifier-less locale data by akx in :gh:`1104`
* Core: Allow use of importlib.metadata for finding entrypoints by akx in :gh:`1102`
* Dates: Avoid crashing on importing localtime when TZ is malformed by akx in :gh:`1100`
* Messages: Allow parsing .po files that have an extant but empty Language header by akx in :gh:`1101`
* Messages: Fix ``--ignore-dirs`` being incorrectly read (1094) by john-psina and Edwin18 in :gh:`1052` and :gh:`1095`
* Messages: Make pgettext search plurals when translation is not found by tomasr8 in :gh:`1085`

Infrastructure
~~~~~~~~~~~~~~

* Replace deprecated `ast.Str` with `ast.Constant` by tomasr8 in :gh:`1083`
* CI fixes by akx in :gh:`1080`, :gh:`1097`, :gh:`1103`, :gh:`1107`
* Test on Python 3.13 beta releases by akx in
* Normalize package name to lower-case in setup.py by akx in :gh:`1110`

Documentation
~~~~~~~~~~~~~

* Add a mention to the docs that `format_skeleton(..., fuzzy=True)` may raise by tomasr8 in :gh:`1106`
* Two hyperlinks (to CLDR) and some typos by buhtz in :gh:`1115`

2.15.0

--------------

Python version support
~~~~~~~~~~~~~~~~~~~~~~

* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)

Features
~~~~~~~~

* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (akx)
* Message: More versatile .po IO functions (:gh:`1068`) (akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (ronnix's first contribution)

Infrastructure
~~~~~~~~~~~~~~

* Upgrade GitHub Actions (:gh:`1054`) (cclauss's first contribution)
* The Unicode license is now included in `locale-data` and in the documentation (:gh:`1074`) (akx)

2.14.0

--------------

Upcoming deprecation
~~~~~~~~~~~~~~~~~~~~

* This version, Babel 2.14, is the last version of Babel to support Python 3.7.
Babel 2.15 will require Python 3.8 or newer.
* We had previously announced Babel 2.13 to have been the last version to support
Python 3.7, but being able to use CLDR 43 with Python 3.7 was deemed important
enough to keep supporting the EOL Python version for one more release.

Possibly backwards incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ``Locale.number_symbols`` will now have first-level keys for each numbering system.
Since the implicit default numbering system still is ``"latn"``, what had previously
been e.g. ``Locale.number_symbols['decimal']`` is now ``Locale.number_symbols['latn']['decimal']``.
* Babel no longer directly depends on either ``distutils`` or ``setuptools``; if you had been
using the Babel setuptools command extensions, you would need to explicitly depend on ``setuptools`` –
though given you're running ``setup.py`` you probably already do.

Features
~~~~~~~~

* CLDR/Numbers: Add support of local numbering systems for number symbols by kajte in :gh:`1036`
* CLDR: Upgrade to CLDR 43 by rix0rrr in :gh:`1043`
* Frontend: Allow last_translator to be passed as an option to extract_message by AivGitHub in :gh:`1044`
* Frontend: Decouple `pybabel` CLI frontend from distutils/setuptools by akx in :gh:`1041`
* Numbers: Improve parsing of malformed decimals by Olunusib and akx in :gh:`1042`

Infrastructure
~~~~~~~~~~~~~~

* Enforce trailing commas (enable Ruff COM rule and autofix) by akx in :gh:`1045`
* CI: use GitHub output formats by akx in :gh:`1046`

2.13.1

--------------

This is a patch release to fix a few bugs.

Fixes
~~~~~

* Fix a typo in ``_locales_to_names`` by Dl84 in :gh:`1038` (issue :gh:`1037`)
* Fix ``setuptools`` dependency for Python 3.12 by opryprin in :gh:`1033`

2.13.0

--------------

Upcoming deprecation (reverted)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* It was previously announced that this version, Babel 2.13, would be the last version of
Babel to support Python 3.7. Babel 2.14 will still support Python 3.7.

Features
~~~~~~~~

* Add flag to ignore POT-Creation-Date for updates by joeportela in :gh:`999`
* Support 't' specifier in keywords by jeanas in :gh:`1015`
* Add f-string parsing for Python 3.12 (PEP 701) by encukou in :gh:`1027`

Fixes
~~~~~

* Various typing-related fixes by akx in :gh:`979`, in :gh:`978`, :gh:`981`,  :gh:`983`
* babel.messages.catalog: deduplicate _to_fuzzy_match_key logic by akx in :gh:`980`
* Freeze format_time() tests to a specific date to fix test failures by mgorny in :gh:`998`
* Spelling and grammar fixes by scop in :gh:`1008`
* Renovate lint tools by akx in :gh:`1017`, :gh:`1028`
* Use SPDX license identifier by vargenau in :gh:`994`
* Use aware UTC datetimes internally by scop in :gh:`1009`

New Contributors
~~~~~~~~~~~~~~~~

* mgorny made their first contribution in :gh:`998`
* vargenau made their first contribution in :gh:`994`
* joeportela made their first contribution in :gh:`999`
* encukou made their first contribution in :gh:`1027`

2.12.1

--------------

Fixes
~~~~~

* Version 2.12.0 was missing the ``py.typed`` marker file. Thanks to Alex Waygood for the fix! :gh:`975`
* The copyright year in all files was bumped to 2023.

2.12.0

--------------

Deprecations & breaking changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Python 3.6 is no longer supported (:gh:`919`) - Aarni Koskela
* The `get_next_timezone_transition` function is no more (:gh:`958`) - Aarni Koskela
* `Locale.parse()` will no longer return `None`; it will always return a Locale or raise an exception.
Passing in `None`, though technically allowed by the typing, will raise. (:gh:`966`)

New features
~~~~~~~~~~~~

* CLDR: Babel now uses CLDR 42 (:gh:`951`) - Aarni Koskela
* Dates: `pytz` is now optional; Babel will prefer it but will use `zoneinfo` when available. (:gh:`940`) - ds-cbo
* General: Babel now ships type annotations, thanks to Jonah Lawrence's work in multiple PRs.
* Locales: modifiers are now retained when parsing locales (:gh:`947`) - martin f. krafft
* Messages: JavaScript template string expression extraction is now smarter. (:gh:`939`) - Johannes Wilm
* Numbers: NaN and Infinity are now better supported (:gh:`955`) - Jonah Lawrence
* Numbers: Short compact currency formats are now supported (:gh:`926`) - Jonah Lawrence
* Numbers: There's now a `Format.compact_decimal` utility function. (:gh:`921`) - Jonah Lawrence

Bugfixes
~~~~~~~~

* Dates: The cache for parsed datetime patterns is now bounded (:gh:`967`) - Aarni Koskela
* Messages: Fuzzy candidate matching accuracy is improved (:gh:`970`) - Jean Abou Samra
* Numbers: Compact singular formats and patterns with no numbers work correctly (:gh:`930`, :gh:`932`) - Jonah Lawrence, Jun Omae

Improvements & cleanup
~~~~~~~~~~~~~~~~~~~~~~

* Dates: `babel.dates.UTC` is now an alias for `datetime.timezone.utc` (:gh:`957`) - Aarni Koskela
* Dates: `babel.localtime` was slightly cleaned up. (:gh:`952`) - Aarni Koskela
* Documentation: Documentation was improved by Maciej Olko, Jonah Lawrence, lilinjie, and Aarni Koskela.
* Infrastructure: Babel is now being linted with pre-commit and ruff. - Aarni Koskela

2.11.0

--------------

Upcoming deprecation
~~~~~~~~~~~~~~~~~~~~

* This version, Babel 2.11, is the last version of Babel to support Python 3.6.
Babel 2.12 will require Python 3.7 or newer.

Improvements
~~~~~~~~~~~~

* Support for hex escapes in JavaScript string literals :gh:`877` - Przemyslaw Wegrzyn
* Add support for formatting decimals in compact form :gh:`909` - Jonah Lawrence
* Adapt parse_date to handle ISO dates in ASCII format :gh:`842` - Eric L.
* Use `ast` instead of `eval` for Python string extraction :gh:`915` - Aarni Koskela
 * This also enables extraction from static f-strings.
   F-strings with expressions are silently ignored (but won't raise an error as they used to).

Infrastructure
~~~~~~~~~~~~~~

* Tests: Use regular asserts and ``pytest.raises()`` :gh:`875` – Aarni Koskela
* Wheels are now built in GitHub Actions :gh:`888` – Aarni Koskela
* Small improvements to the CLDR downloader script :gh:`894` – Aarni Koskela
* Remove antiquated `__nonzero__` methods :gh:`896` - Nikita Sobolev
* Remove superfluous `__unicode__` declarations :gh:`905` - Lukas Juhrich
* Mark package compatible with Python 3.11 :gh:`913` - Aarni Koskela
* Quiesce pytest warnings :gh:`916` - Aarni Koskela

Bugfixes
~~~~~~~~

* Use email.Message for pofile header parsing instead of the deprecated ``cgi.parse_header`` function. :gh:`876` – Aarni Koskela
* Remove determining time zone via systemsetup on macOS :gh:`914` - Aarni Koskela

Documentation
~~~~~~~~~~~~~

* Update Python versions in documentation :gh:`898` - Raphael Nestler
* Align BSD-3 license with OSI template :gh:`912` - Lukas Kahwe Smith

2.10.3

--------------

This is a bugfix release for Babel 2.10.2, which was mistakenly packaged with outdated locale data.

Thanks to Michał Górny for pointing this out and Jun Omae for verifying.

This and future Babel PyPI packages will be built by a more automated process,
which should make problems like this less likely to occur.

2.10.2

--------------

This is a bugfix release for Babel 2.10.1.

* Fallback count="other" format in format_currency() (:gh:`872`) - Jun Omae
* Fix get_period_id() with ``dayPeriodRule`` across 0:00 (:gh:`871`) - Jun Omae
* Add support for ``b`` and ``B`` period symbols in time format (:gh:`869`) - Jun Omae
* chore(docs/typo): Fixes a minor typo in a function comment (:gh:`864`) - Frank Harrison

2.10.1

--------------

This is a bugfix release for Babel 2.10.0.

* Messages: Fix ``distutils`` import. Regressed in :gh:`843`. (:gh:`852`) - Nehal J Wani
* The wheel file is no longer marked as universal, since Babel only supports Python 3.

2.10.0

--------------

Upcoming deprecation
~~~~~~~~~~~~~~~~~~~~

* The ``get_next_timezone_transition()`` function is marked deprecated in this version and will be removed
likely as soon as Babel 2.11.  No replacement for this function is planned; based on discussion in
:gh:`716`, it's likely the function is not used in any real code. (:gh:`852`) - Aarni Koskela, Paul Ganssle

Improvements
~~~~~~~~~~~~

* CLDR: Upgrade to CLDR 41.0. (:gh:`853`) - Aarni Koskela

* The ``c`` and ``e`` plural form operands introduced in CLDR 40 are parsed, but otherwise unsupported. (:gh:`826`)
* Non-nominative forms of units are currently ignored.

* Messages: Implement ``--init-missing`` option for ``pybabel update`` (:gh:`785`) - ruro
* Messages: For ``extract``, you can now replace the built-in ``.*`` / ``_*`` ignored directory patterns
with ones of your own. (:gh:`832`) - Aarni Koskela, Kinshuk Dua
* Messages: Add ``--check`` to verify if catalogs are up-to-date (:gh:`831`) - Krzysztof Jagiełło
* Messages: Add ``--header-comment`` to override default header comment (:gh:`720`) - Mohamed Hafez Morsy, Aarni Koskela
* Dates: ``parse_time`` now supports 12-hour clock, and is better at parsing partial times.
(:gh:`834`) - Aarni Koskela, David Bauer, Arthur Jovart
* Dates: ``parse_date`` and ``parse_time`` now raise ``ParseError``, a subclass of ``ValueError``, in certain cases.
(:gh:`834`) - Aarni Koskela
* Dates: ``parse_date`` and ``parse_time`` now accept the ``format`` parameter.
(:gh:`834`) - Juliette Monsel, Aarni Koskela

Infrastructure
~~~~~~~~~~~~~~

* The internal ``babel/_compat.py`` module is no more (:gh:`808`) - Hugo van Kemenade
* Python 3.10 is officially supported (:gh:`809`) - Hugo van Kemenade
* There's now a friendly GitHub issue template. (:gh:`800`) – Álvaro Mondéjar Rubio
* Don't use the deprecated format_number function internally or in tests - Aarni Koskela
* Add GitHub URL for PyPi (:gh:`846`) - Andrii Oriekhov
* Python 3.12 compatibility: Prefer setuptools imports to distutils imports (:gh:`843`) - Aarni Koskela
* Python 3.11 compatibility: Add deprecations to l*gettext variants (:gh:`835`) - Aarni Koskela
* CI: Babel is now tested with PyPy 3.7. (:gh:`851`) - Aarni Koskela

Bugfixes
~~~~~~~~

* Date formatting: Allow using ``other`` as fallback form (:gh:`827`) - Aarni Koskela
* Locales: ``Locale.parse()`` normalizes variant tags to upper case (:gh:`829`) - Aarni Koskela
* A typo in the plural format for Maltese is fixed. (:gh:`796`) - Lukas Winkler
* Messages: Catalog date parsing is now timezone independent. (:gh:`701`) - rachele-collin
* Messages: Fix duplicate locations when writing without lineno (:gh:`837`) - Sigurd Ljødal
* Messages: Fix missing trailing semicolon in plural form headers (:gh:`848`) - farhan5900
* CLI: Fix output of ``--list-locales`` to not be a bytes repr (:gh:`845`) - Morgan Wahl

Documentation
~~~~~~~~~~~~~

* Documentation is now correctly built again, and up to date (:gh:`830`) - Aarni Koskela

2.9.1

-------------

Bugfixes
~~~~~~~~

* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

2.9.0

-------------

Upcoming version support changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements
~~~~~~~~~~~~

* CLDR: Use CLDR 37 – Aarni Koskela (:gh:`734`)
* Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (:gh:`741`)
* Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (:gh:`726`)

Bugfixes
~~~~~~~~

* Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
* Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
* Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
* Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
* Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
* Tests: fix tests when using Python 3.9 – Felix Schwarz
* Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
* Tests: Support Py.test 6.x – Aarni Koskela
* Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (:gh:`724`)
* Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation
~~~~~~~~~~~~~

* Update parse_number comments – Brad Martin (:gh:`708`)
* Add __iter__ to Catalog documentation – CyanNani123

2.8.1

-------------

This is solely a patch release to make running tests on Py.test 6+ possible.

Bugfixes
~~~~~~~~

* Support Py.test 6 - Aarni Koskela (:gh:`747`, :gh:`750`, :gh:`752`)

2.8.0

-------------

Improvements
~~~~~~~~~~~~

* CLDR: Upgrade to CLDR 36.0 - Aarni Koskela (:gh:`679`)
* Messages: Don't even open files with the "ignore" extraction method - sebleblanc (:gh:`678`)

Bugfixes
~~~~~~~~

* Numbers: Fix formatting very small decimals when quantization is disabled - Lev Lybin, miluChen (:gh:`662`)
* Messages: Attempt to sort all messages – Mario Frasca (:gh:`651`, :gh:`606`)

Docs
~~~~

* Add years to changelog - Romuald Brunet
* Note that installation requires pytz - Steve (Gadget) Barnes

2.7.0

-------------

Possibly incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

These may be backward incompatible in some cases, as some more-or-less internal
APIs have changed. Please feel free to file issues if you bump into anything
strange and we'll try to help!

* General: Internal uses of ``babel.util.odict`` have been replaced with
``collections.OrderedDict`` from The Python standard library.

Improvements
~~~~~~~~~~~~

* CLDR: Upgrade to CLDR 35.1 - Alberto Mardegan, Aarni Koskela (:gh:`626`, :gh:`643`)
* General: allow anchoring path patterns to the start of a string - Brian Cappello (:gh:`600`)
* General: Bumped version requirement on pytz - chrisbrake (:gh:`592`)
* Messages: `pybabel compile`: exit with code 1 if errors were encountered - Aarni Koskela (:gh:`647`)
* Messages: Add omit-header to update_catalog - Cédric Krier (:gh:`633`)
* Messages: Catalog update: keep user comments from destination by default - Aarni Koskela (:gh:`648`)
* Messages: Skip empty message when writing mo file - Cédric Krier (:gh:`564`)
* Messages: Small fixes to avoid crashes on badly formatted .po files - Bryn Truscott (:gh:`597`)
* Numbers: `parse_decimal()` `strict` argument and `suggestions` - Charly C (:gh:`590`)
* Numbers: don't repeat suggestions in parse_decimal strict - Serban Constantin (:gh:`599`)
* Numbers: implement currency formatting with long display names - Luke Plant (:gh:`585`)
* Numbers: parse_decimal(): assume spaces are equivalent to non-breaking spaces when not in strict mode - Aarni Koskela (:gh:`649`)
* Performance: Cache locale_identifiers() - Aarni Koskela (:gh:`644`)

Bugfixes
~~~~~~~~

* CLDR: Skip alt=... for week data (minDays, firstDay, weekendStart, weekendEnd) - Aarni Koskela (:gh:`634`)
* Dates: Fix wrong weeknumber for 31.12.2018 - BT-sschmid (:gh:`621`)
* Locale: Avoid KeyError trying to get data on WindowsXP - mondeja (:gh:`604`)
* Locale: get_display_name(): Don't attempt to concatenate variant information to None - Aarni Koskela (:gh:`645`)
* Messages: pofile: Add comparison operators to _NormalizedString - Aarni Koskela (:gh:`646`)
* Messages: pofile: don't crash when message.locations can't be sorted - Aarni Koskela (:gh:`646`)

Tooling & docs
~~~~~~~~~~~~~~

* Docs: Remove all references to deprecated easy_install - Jon Dufresne (:gh:`610`)
* Docs: Switch print statement in docs to print function - NotAFile
* Docs: Update all pypi.python.org URLs to pypi.org - Jon Dufresne (:gh:`587`)
* Docs: Use https URLs throughout project where available - Jon Dufresne (:gh:`588`)
* Support: Add testing and document support for Python 3.7 - Jon Dufresne (:gh:`611`)
* Support: Test on Python 3.8-dev - Aarni Koskela (:gh:`642`)
* Support: Using ABCs from collections instead of collections.abc is deprecated. - Julien Palard (:gh:`609`)
* Tests: Fix conftest.py compatibility with pytest 4.3 - Miro Hrončok (:gh:`635`)
* Tests: Update pytest and pytest-cov - Miro Hrončok (:gh:`635`)

Links

• PyPI: https://pypi.org/project/babel
• Changelog: https://data.safetycli.com/changelogs/babel/
• Homepage: https://babel.pocoo.org/
• Docs: https://pythonhosted.org/babel/

Update sqlalchemy_jsonfield from 0.7.1 to 1.0.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/sqlalchemy-jsonfield
• Changelog: https://data.safetycli.com/changelogs/sqlalchemy-jsonfield/

Update flask from 1.0.2 to 3.1.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/flask

Update alembic from 1.0.6 to 1.14.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/alembic
• Homepage: https://alembic.sqlalchemy.org
• Docs: https://pythonhosted.org/alembic/

Update flask-wtf from 0.14.2 to 1.2.2.

Changelog

1.2.2

-------------

Released 2024-10-20

- Move the project to the pallets-eco organization. :pr:`602`
- Stop support for Python 3.8. Start support for Python 3.13. :pr:`603`

1.2.1

-------------

Released 2023-10-02

- Fix a bug introduced with :pr:`556` where file validators were editing
the file fields content. :pr:`578`

1.2.0

-------------

Released 2023-10-01

-   Add field ``MultipleFileField``. ``FileRequired``, ``FileAllowed``, ``FileSize``
 now can be used to validate multiple files :pr:`556` :issue:`338`

1.1.2

-------------

Released 2023-09-29

-   Fixed Flask 2.3 deprecations of ``werkzeug.urls.url_encode`` and
 ``flask.Markup`` :pr:`565` :issue:`561`
-   Stop support for python 3.7 :pr:`574`
-   Use `pyproject.toml` instead of `setup.cfg` :pr:`576`
-   Fixed nested blueprint CSRF exemption :pr:`572`

1.1.1

-------------

Released 2023-01-17

-   Fixed `validate` `extra_validators` parameter. :pr:`548`

1.1.0

-------------

Released 2023-01-15

-   Drop support for Python 3.6.
-   ``validate_on_submit`` takes a ``extra_validators`` parameters :pr:`479`
-   Stop supporting Flask-Babelex :pr:`540`
-   Support for python 3.11 :pr:`542`
-   Remove unused call to `JSONEncoder` :pr:`536`

1.0.1

-------------

Released 2022-03-31

-   Update compatibility with the latest Werkzeug release. :issue:`511`

1.0.0

--------------

Released 2021-11-07

-   Deprecated items removal :pr:`484`
-   Support for alternatives captcha services :pr:`425` :pr:`342`
 :pr:`387` :issue:`384`

0.15.1

--------------

Released 2021-05-25

-   Add ``python_requires`` metadata to avoid installing on unsupported
 Python versions. :pr:`442`

0.15.0

--------------

Released 2021-05-24

-   Drop support for Python < 3.6. :pr:`416`
-   ``FileSize`` validator. :pr:`307, 365`
-   Extra requirement ``email`` installs the ``email_validator``
 package. :pr:`423`
-   Fixed Flask 2.0 warnings. :pr:`434`
-   Various documentation fixes. :pr:`315, 321, 335, 344, 386, 400`,
 :pr:`404, 420, 437`
-   Various CI fixes. :pr:`405, 438`

0.14.3

--------------

Released 2020-02-06

-   Fix deprecated imports from ``werkzeug`` and ``collections``.

Links

• PyPI: https://pypi.org/project/flask-wtf
• Changelog: https://data.safetycli.com/changelogs/flask-wtf/
• Docs: https://pythonhosted.org/Flask-WTF/

Update cherrypy from 18.1.0 to 18.10.0.

Changelog

18.10.0

--------

* Removed the use of :mod:`cgi` deprecated in Python 3.11
-- by :user:`radez`.
* Various `changes <https://github.com/cherrypy/cherrypy/compare/v18.9.0...7104cfb3cfc6e6582f0773529142d777b1aff1bd>`_.

18.9.0

-------

* Various
`changes <https://github.com/cherrypy/cherrypy/compare/v18.8.0...v18.9.0>`_.

18.8.0

-------

* :issue:`1974`: Dangerous characters received in a host header
encoded using RFC 2047 are now elided by default. Currently,
dangerous characters are defined as CR and LF. The original
value is still available as ``cherrypy.request.headers['Host'].raw``
if needed.

18.7.0

-------

* :pr:`1923`: Drop support for Python 3.5.
* :pr:`1945`: Fixed compatibility on Python 3.11.

18.6.1

-------

* :issue:`1849` via :pr:`1879`: Fixed XLF flag in gzip header
emitted by gzip compression tool per
:rfc:`1952section-2.3.1` -- by :user:`webknjaz`.

* :issue:`1874`: Restricted depending on pywin32 only under
CPython so that it won't get pulled-in under PyPy
-- by :user:`webknjaz`.

* :issue:`1920`: Bumped minimum version of PyWin32 to 227.
Block pywin32 install on Python 3.10 and later.

18.6.0

-------

* :issue:`1776` via :pr:`1851`: Add support for UTF-8 encoded attachment
file names in ``Content-Disposition`` header via :rfc:`6266appendix-D`.

18.5.0

-------

* :issue:`1827`: Fixed issue where bytes values in a ``HeaderMap``
would be converted to strings.

* :pr:`1826`: Rely on
`jaraco.collections <https://pypi.org/project/jaraco.collections>`_
for its case-insensitive dictionary support.

18.4.0

-------

* :pr:`1715`: Fixed issue in cpstats where the ``data/`` endpoint
would fail with encoding errors on Python 3.

* :pr:`1821`: Simplify the passthrough of parameters to
``CPWebCase.getPage`` to cheroot. CherryPy now requires
cheroot 8.2.1 or later.

18.3.0

-------

* :pr:`1806`: Support handling multiple exceptions when processing hooks as
reported in :issue:`1770`.

18.2.0

-------

* File-based sessions no longer attempt to remove the lock files
when releasing locks, instead deferring to the default behavior
of zc.lockfile. Fixes :issue:`1391` and :issue:`1779`.

* :pr:`1794`: Add native support for ``308 Permanent Redirect``
usable via ``raise cherrypy.HTTPRedirect('/new_uri', 308)``.

18.1.2

-------

* Fixed :issue:`1377` via :pr:`1785`: Restore a native WSGI-less
HTTP server support.
* :pr:`1769`: Reduce log level for non-error events in win32.py

18.1.1

-------

* :pr:`1774` reverts :pr:`1759` as new evidence emerged that
the original behavior was intentional. Re-opens :issue:`1758`.

Links

• PyPI: https://pypi.org/project/cherrypy
• Changelog: https://data.safetycli.com/changelogs/cherrypy/
• Homepage: https://www.cherrypy.dev

Update pyramid from 1.10.1 to 2.0.2.

Changelog

2.0

================

- No changes from 2.0b1.

2.0b1

==================

- Break potential reference cycle between ``request`` and ``context``.
See https://github.com/Pylons/pyramid/pull/3649

- Remove ``update_wrapper`` from ``pyramid.decorator.reify``.
See https://github.com/Pylons/pyramid/pull/3657

2.0b0

==================

- Overhaul tutorials and update cookiecutter to de-emphasize ``request.user``
in favor of ``request.identity`` for common use cases.
See https://github.com/Pylons/pyramid/pull/3629

- Improve documentation and patterns with builtin fixtures shipped in the
cookiecutters.
See https://github.com/Pylons/pyramid/pull/3629

2.0a0

==================

Features
--------

- Add support for Python 3.9.
See https://github.com/Pylons/pyramid/issues/3622

- The ``aslist`` method now handles non-string objects when flattening.
See https://github.com/Pylons/pyramid/pull/3594

- It is now possible to pass multiple values to the ``header`` predicate
for route and view configuration.
See https://github.com/Pylons/pyramid/pull/3576

- Add support for Python 3.8.
See https://github.com/Pylons/pyramid/pull/3547

- New security APIs have been added to support a massive overhaul of the
authentication and authorization system. Read
"Upgrading Authentication/Authorization" in the "What's New in Pyramid 2.0"
chapter of the documentation for information about using this new system.

- ``pyramid.config.Configurator.set_security_policy``.
- ``pyramid.interfaces.ISecurityPolicy``
- ``pyramid.request.Request.identity``.
- ``pyramid.request.Request.is_authenticated``
- ``pyramid.authentication.SessionAuthenticationHelper``
- ``pyramid.authorization.ACLHelper``
- ``is_authenticated=True/False`` predicate for route and view configs

See https://github.com/Pylons/pyramid/pull/3465 and
https://github.com/Pylons/pyramid/pull/3598

- Changed the default ``serializer`` on
``pyramid.session.SignedCookieSessionFactory`` to use
``pyramid.session.JSONSerializer`` instead of
``pyramid.session.PickleSerializer``. Read
"Upgrading Session Serialization" in the "What's New in Pyramid 2.0" chapter
of the documentation for more information about why this change was made.
See https://github.com/Pylons/pyramid/pull/3413

- It is now possible to control whether a route pattern contains a trailing
slash when it is composed with a route prefix using
``config.include(..., route_prefix=...)`` or
``with config.route_prefix_context(...)``. This can be done by specifying
an empty pattern and setting the new argument
``inherit_slash=True``. For example:

.. code-block:: python

   with config.route_prefix_context('/users'):
       config.add_route('users', '', inherit_slash=True)

In the example, the resulting pattern will be ``/users``. Similarly, if the
route prefix were ``/users/`` then the final pattern would be ``/users/``.
If the ``pattern`` was ``'/'``, then the final pattern would always be
``/users/``. This new setting is only available if the pattern supplied
to ``add_route`` is the empty string (``''``).
See https://github.com/Pylons/pyramid/pull/3420

- No longer define ``pyramid.request.Request.json_body`` which is already
provided by WebOb. This allows the attribute to now be settable.
See https://github.com/Pylons/pyramid/pull/3447

- Improve debugging info from ``pyramid.view.view_config`` decorator.
See https://github.com/Pylons/pyramid/pull/3483

- A new parameter, ``allow_no_origin``, was added to
``pyramid.config.Configurator.set_default_csrf_options`` as well as
``pyramid.csrf.check_csrf_origin``. This option controls whether a
request is rejected if it has no ``Origin`` or ``Referer`` header -
often the result of a user configuring their browser not to send a
``Referer`` header for privacy reasons even on same-domain requests.
The default is to reject requests without a known origin. It is also
possible to allow the special ``Origin: null`` header by adding it to the
``pyramid.csrf_trusted_origins`` list in the settings.
See https://github.com/Pylons/pyramid/pull/3512
and https://github.com/Pylons/pyramid/pull/3518

- A new parameter, ``check_origin``, was added to
``pyramid.config.Configurator.set_default_csrf_options`` which disables
origin checking entirely.
See https://github.com/Pylons/pyramid/pull/3518

- Added ``pyramid.interfaces.IPredicateInfo`` which defines the object passed
to predicate factories as their second argument.
See https://github.com/Pylons/pyramid/pull/3514

- Added support for serving pre-compressed static assets by using the
``content_encodings`` argument of
``pyramid.config.Configurator.add_static_view`` and
``pyramid.static.static_view``.
See https://github.com/Pylons/pyramid/pull/3537

- Fix ``DeprecationWarning`` emitted by using the ``imp`` module.
See https://github.com/Pylons/pyramid/pull/3553

- Properties created via ``config.add_request_method(..., property=True)`` or
``request.set_property`` used to be readonly. They can now be overridden
via ``request.foo = ...`` and until the value is deleted it will return
the overridden value. This is most useful when mocking request properties
in testing.
See https://github.com/Pylons/pyramid/pull/3559

- Finished callbacks are now executed as part of the ``closer`` that is
invoked as part of ``pyramid.scripting.prepare`` and
``pyramid.paster.bootstrap``.
See https://github.com/Pylons/pyramid/pull/3561

- Added ``pyramid.request.RequestLocalCache`` which can be used to create
simple objects that are shared across requests and can be used to store
per-request data. This is useful when the source of data is external to
the request itself. Often a reified property is used on a request via
``pyramid.config.Configurator.add_request_method``, or
``pyramid.decorator.reify``, and these work great when the data is
generated on-demand when accessing the request property. However, often
the case is that the data is generated when accessing some other system
and then we want to cache the data for the duration of the request.
See https://github.com/Pylons/pyramid/pull/3561

- Exposed ``pyramid.authorization.ALL_PERMISSIONS`` and
``pyramid.authorization.DENY_ALL`` such that all of the ACL-related constants
are now importable from the ``pyramid.authorization`` namespace.
See https://github.com/Pylons/pyramid/pull/3563

- ``pserve`` now outputs verbose messaging to `stderr` instead of `stdout`
to circumvent buffering issues that exist by default on `stdout`.
See https://github.com/Pylons/pyramid/pull/3593

Deprecations
------------

- Deprecated the authentication and authorization interfaces and
principal-based support. See "Upgrading Authentication/Authorization" in
the "What's New in Pyramid 2.0" chapter of the documentation for information
on equivalent APIs and notes on upgrading. The following APIs are deprecated
as a result of this change:

- ``pyramid.config.Configurator.set_authentication_policy``
- ``pyramid.config.Configurator.set_authorization_policy``
- ``pyramid.interfaces.IAuthenticationPolicy``
- ``pyramid.interfaces.IAuthorizationPolicy``
- ``pyramid.request.Request.effective_principals``
- ``pyramid.request.Request.unauthenticated_userid``
- ``pyramid.authentication.AuthTktAuthenticationPolicy``
- ``pyramid.authentication.RemoteUserAuthenticationPolicy``
- ``pyramid.authentication.RepozeWho1AuthenticationPolicy``
- ``pyramid.authentication.SessionAuthenticationPolicy``
- ``pyramid.authentication.BasicAuthAuthenticationPolicy``
- ``pyramid.authorization.ACLAuthorizationPolicy``
- The ``effective_principals`` view and route predicates.

See https://github.com/Pylons/pyramid/pull/3465

- Deprecated ``pyramid.security.principals_allowed_by_permission``. This
method continues to work with the deprecated
``pyramid.interfaces.IAuthorizationPolicy`` interface but will not work with
the new ``pyramid.interfaces.ISecurityPolicy``.
See https://github.com/Pylons/pyramid/pull/3465

- Deprecated several ACL-related aspects of ``pyramid.security``. Equivalent
objects should now be imported from the ``pyramid.authorization`` namespace.
This includes:

- ``pyramid.security.Everyone``
- ``pyramid.security.Authenticated``
- ``pyramid.security.ALL_PERMISSIONS``
- ``pyramid.security.DENY_ALL``
- ``pyramid.security.ACLAllowed``
- ``pyramid.security.ACLDenied``

See https://github.com/Pylons/pyramid/pull/3563

- Deprecated ``pyramid.session.PickleSerializer``.
See https://github.com/pylons/pyramid/issues/2709,
and https://github.com/pylons/pyramid/pull/3353,
and https://github.com/pylons/pyramid/pull/3413

Backward Incompatibilities
--------------------------

- Drop support for Python 2.7, 3.4, and 3.5.
See https://github.com/Pylons/pyramid/pull/3421,
and https://github.com/Pylons/pyramid/pull/3547,
and https://github.com/Pylons/pyramid/pull/3634

- Removed the ``pyramid.compat`` module. Integrators should use the ``six``
module or vendor shims they are using into their own codebases going forward.
https://github.com/Pylons/pyramid/pull/3421

- ``pcreate`` and the builtin scaffolds have been removed in favor of
using the ``cookiecutter`` tool and the ``pyramid-cookiecutter-starter``
cookiecutter. The script and scaffolds were deprecated in Pyramid 1.8.
See https://github.com/Pylons/pyramid/pull/3406

- Changed the default ``hashalg`` on
``pyramid.authentication.AuthTktCookieHelper`` to ``sha512``.
See https://github.com/Pylons/pyramid/pull/3557

- Removed ``pyramid.interfaces.ITemplateRenderer``. This interface was
deprecated since Pyramid 1.5 and was an interface
used by libraries like ``pyramid_mako`` and ``pyramid_chameleon`` but
provided no functionality within Pyramid itself.
See https://github.com/Pylons/pyramid/pull/3409

- Removed ``pyramid.security.has_permission``,
``pyramid.security.authenticated_userid``,
``pyramid.security.unauthenticated_userid``, and
``pyramid.security.effective_principals``. These methods were deprecated
in Pyramid 1.5 and all have equivalents available as properties on the
request. For example, ``request.authenticated_userid``.
See https://github.com/Pylons/pyramid/pull/3410

- Removed support for supplying a media range to the ``accept`` predicate of
both ``pyramid.config.Configurator.add_view`` and
``pyramid.config.Configurator.add_route``. These options were deprecated
in Pyramid 1.10 and WebOb 1.8 because they resulted in uncontrollable
matching that was not compliant with the RFC.
See https://github.com/Pylons/pyramid/pull/3411

- Removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. This
session factory was replaced with
``pyramid.session.SignedCookieSessionFactory`` in Pyramid 1.5 and has been
deprecated since then.
See https://github.com/Pylons/pyramid/pull/3412

- Removed ``pyramid.session.signed_serialize``, and
``pyramid.session.signed_deserialize``. These methods were only used by
the now-removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``
and were coupled to the vulnerable pickle serialization format which could
lead to remove code execution if the secret key is compromised.
See https://github.com/Pylons/pyramid/pull/3412

- Changed the default ``serializer`` on
``pyramid.session.SignedCookieSessionFactory`` to use
``pyramid.session.JSONSerializer`` instead of
``pyramid.session.PickleSerializer``. Read "Upgrading Session Serialization"
in the "What's New in Pyramid 2.0" chapter of the documentation for more
information about why this change was made.
See https://github.com/Pylons/pyramid/pull/3413

- ``pyramid.request.Request.invoke_exception_view`` will no longer be called
by the default execution policy.
See https://github.com/Pylons/pyramid/pull/3496

- ``pyramid.config.Configurator.scan`` will no longer, by default, execute
Venusian decorator callbacks registered for categories other than
``'pyramid'``. To find any decorator regardless of category, specify
``config.scan(..., categories=None)``.
See https://github.com/Pylons/pyramid/pull/3510

- The second argument to predicate factories has been changed from ``config``
to ``info``, an instance of ``pyramid.interfaces.IPredicateInfo``. This
limits the data available to predicates but still provides the package,
registry, settings and dotted-name resolver which should cover most use
cases and is largely backward compatible.
See https://github.com/Pylons/pyramid/pull/3514

- Removed the ``check_csrf`` predicate. Instead, use
``pyramid.config.Configurator.set_default_csrf_options`` and the
``require_csrf`` view option to enable automatic CSRF checking.
See https://github.com/Pylons/pyramid/pull/3521

- Update the default behavior of
``pyramid.authenticationAuthTktAuthenticationPolicy`` and
``pyramid.authentication.AuthTktCookieHelper`` to only set a single cookie
without a domain parameter when no other domain constraints are specified.
Prior to this change, ``wild_domain=False`` (the default) was effectively
treated the same as ``wild_domain=True``, in which a cookie was defined
such that browsers would use it both for the request's domain, as well as
any subdomain. In the new behavior, cookies will only affect the current
domain, and not subdomains, by default.
See https://github.com/Pylons/pyramid/pull/3587

Documentation Changes
---------------------

- Restore build of PDF on Read The Docs.
See https://github.com/Pylons/pyramid/issues/3290

- Fix docs build for Sphinx 2.0.
See https://github.com/Pylons/pyramid/pull/3480

- Significant updates to the wiki, wiki2 tutorials to demonstrate the new
security policy usage as well as a much more production-ready test harness.
See https://github.com/Pylons/pyramid/pull/3557

Links

• PyPI: https://pypi.org/project/pyramid
• Changelog: https://data.safetycli.com/changelogs/pyramid/
• Homepage: https://trypyramid.com

Update beautifulsoup4 from 4.7.1 to 4.12.3.

Changelog

4.11.1

This release was done to ensure that the unit tests are packaged along
with the released source. There are no functionality changes in this
release, but there are a few other packaging changes:

* The Japanese and Korean translations of the documentation are included.
* The changelog is now packaged as CHANGELOG, and the license file is
packaged as LICENSE. NEWS.txt and COPYING.txt are still present,
but may be removed in the future.
* TODO.txt is no longer packaged, since a TODO is not relevant for released
code.

4.11.0

* Ported unit tests to use pytest.

* Added special string classes, RubyParenthesisString and RubyTextString,
to make it possible to treat ruby text specially in get_text() calls.
[bug=1941980]

* It's now possible to customize the way output is indented by
providing a value for the 'indent' argument to the Formatter
constructor. The 'indent' argument works very similarly to the
argument of the same name in the Python standard library's
json.dump() function. [bug=1955497]

* If the charset-normalizer Python module
(https://pypi.org/project/charset-normalizer/) is installed, Beautiful
Soup will use it to detect the character sets of incoming documents.
This is also the module used by newer versions of the Requests library.
For the sake of backwards compatibility, chardet and cchardet both take
precedence if installed. [bug=1955346]

* Added a workaround for an lxml bug
(https://bugs.launchpad.net/lxml/+bug/1948551) that causes
problems when parsing a Unicode string beginning with BYTE ORDER MARK.
[bug=1947768]

* Issue a warning when an HTML parser is used to parse a document that
looks like XML but not XHTML. [bug=1939121]

* Do a better job of keeping track of namespaces as an XML document is
parsed, so that CSS selectors that use namespaces will do the right
thing more often. [bug=1946243]

* Some time ago, the misleadingly named "text" argument to find-type
methods was renamed to the more accurate "string." But this supposed
"renaming" didn't make it into important places like the method
signatures or the docstrings. That's corrected in this
version. "text" still works, but will give a DeprecationWarning.
[bug=1947038]

* Fixed a crash when pickling a BeautifulSoup object that has no
tree builder. [bug=1934003]

* Fixed a crash when overriding multi_valued_attributes and using the
html5lib parser. [bug=1948488]

* Standardized the wording of the MarkupResemblesLocatorWarning
warnings to omit untrusted input and make the warnings less
judgmental about what you ought to be doing. [bug=1955450]

* Removed support for the iconv_codec library, which doesn't seem
to exist anymore and was never put up on PyPI. (The closest
replacement on PyPI, iconv_codecs, is GPL-licensed, so we can't use
it--it's also quite old.)

4.10.0

* This is the first release of Beautiful Soup to only support Python
3. I dropped Python 2 support to maintain support for newer versions
(58 and up) of setuptools. See:
https://github.com/pypa/setuptools/issues/2769 [bug=1942919]

* The behavior of methods like .get_text() and .strings now differs
depending on the type of tag. The change is visible with HTML tags
like <script>, <style>, and <template>. Starting in 4.9.0, methods
like get_text() returned no results on such tags, because the
contents of those tags are not considered 'text' within the document
as a whole.

But a user who calls script.get_text() is working from a different
definition of 'text' than a user who calls div.get_text()--otherwise
there would be no need to call script.get_text() at all. In 4.10.0,
the contents of (e.g.) a <script> tag are considered 'text' during a
get_text() call on the tag itself, but not considered 'text' during
a get_text() call on the tag's parent.

Because of this change, calling get_text() on each child of a tag
may now return a different result than calling get_text() on the tag
itself. That's because different tags now have different
understandings of what counts as 'text'. [bug=1906226] [bug=1868861]

* NavigableString and its subclasses now implement the get_text()
method, as well as the properties .strings and
.stripped_strings. These methods will either return the string
itself, or nothing, so the only reason to use this is when iterating
over a list of mixed Tag and NavigableString objects. [bug=1904309]

* The 'html5' formatter now treats attributes whose values are the
empty string as HTML boolean attributes. Previously (and in other
formatters), an attribute value must be set as None to be treated as
a boolean attribute. In a future release, I plan to also give this
behavior to the 'html' formatter. Patch by Isaac Muse. [bug=1915424]

* The 'replace_with()' method now takes a variable number of arguments,
and can be used to replace a single element with a sequence of elements.
Patch by Bill Chandos. [rev=605]

* Corrected output when the namespace prefix associated with a
namespaced attribute is the empty string, as opposed to
None. [bug=1915583]

* Perfo

[pyup-bot]

Closing this in favor of #1760