Scheduled monthly dependency update for November

[pyup-bot]

Update requests from 2.18.4 to 2.20.0.

Changelog

2.20.0

-------------------

**Bugfixes**

-   Content-Type header parsing is now case-insensitive (e.g.
 charset=utf8 v Charset=utf8).
-   Fixed exception leak where certain redirect urls would raise
 uncaught urllib3 exceptions.
-   Requests removes Authorization header from requests redirected
 from https to http on the same hostname. (CVE-2018-18074)
-   `should_bypass_proxies` now handles URIs without hostnames (e.g.
 files).

**Dependencies**

- Requests now supports urllib3 v1.24.

**Deprecations**

- Requests has officially stopped support for Python 2.6.

2.19.1

-------------------

**Bugfixes**

-   Fixed issue where status\_codes.py's `init` function failed trying
 to append to a `__doc__` value of `None`.

2.19.0

-------------------

**Improvements**

-   Warn user about possible slowdown when using cryptography version
 < 1.3.4
-   Check for invalid host in proxy URL, before forwarding request to
 adapter.
-   Fragments are now properly maintained across redirects. (RFC7231
 7.1.2)
-   Removed use of cgi module to expedite library load time.
-   Added support for SHA-256 and SHA-512 digest auth algorithms.
-   Minor performance improvement to `Request.content`.
-   Migrate to using collections.abc for 3.7 compatibility.

**Bugfixes**

-   Parsing empty `Link` headers with `parse_header_links()` no longer
 return one bogus entry.
-   Fixed issue where loading the default certificate bundle from a zip
 archive would raise an `IOError`.
-   Fixed issue with unexpected `ImportError` on windows system which do
 not support `winreg` module.
-   DNS resolution in proxy bypass no longer includes the username and
 password in the request. This also fixes the issue of DNS queries
 failing on macOS.
-   Properly normalize adapter prefixes for url comparison.
-   Passing `None` as a file pointer to the `files` param no longer
 raises an exception.
-   Calling `copy` on a `RequestsCookieJar` will now preserve the cookie
 policy correctly.

**Dependencies**

-   We now support idna v2.7.
-   We now support urllib3 v1.23.

Links

• PyPI: https://pypi.org/project/requests
• Changelog: https://pyup.io/changelogs/requests/
• Homepage: http://python-requests.org

Update pyramid from 1.9.2 to 1.10.

Changelog

1.10

=================

- No major changes from 1.10b1.

1.10b1

===================

Bug Fixes
---------

- Fix the ``pyramid.testing.DummyRequest`` to support the new
``request.accept`` API so that ``acceptable_offers`` is available even
when code sets the value to a string.
See https://github.com/Pylons/pyramid/pull/3396

- Fix deprecated escape sequences in preparation for Python 3.8.
See https://github.com/Pylons/pyramid/pull/3400

1.10a1

===================

Features
--------

- Add a ``_depth`` and ``_category`` arguments to all of the venusian
decorators. The ``_category`` argument can be used to affect which actions
are registered when performing a ``config.scan(..., category=...)`` with a
specific category. The ``_depth`` argument should be used when wrapping
the decorator in your own. This change affects ``pyramid.view.view_config``,
``pyramid.view.exception_view_config``,
``pyramid.view.forbidden_view_config``, ``pyramid.view.notfound_view_config``,
``pyramid.events.subscriber`` and ``pyramid.response.response_adapter``
decorators. See https://github.com/Pylons/pyramid/pull/3105 and
https://github.com/Pylons/pyramid/pull/3122

- Fix the ``pyramid.request.Request`` class name after using
``set_property`` or ``config.add_request_method`` such that the
``str(request.__class__)`` would appear as ``pyramid.request.Request``
instead of ``pyramid.util.Request``.
See https://github.com/Pylons/pyramid/pull/3129

- In ``cherrypy_server_runner``, prefer imports from the ``cheroot`` package
over the legacy imports from `cherrypy.wsgiserver`.
See https://github.com/Pylons/pyramid/pull/3235

- Add a context manager ``route_prefix_context`` to the
``pyramid.config.Configurator`` to allow for convenient setting of the
route_prefix for ``include`` and ``add_route`` calls inside the context.
See https://github.com/Pylons/pyramid/pull/3279

- Modify the builtin session implementations to support ``SameSite`` options
on cookies and set the default to ``'Lax'``. This affects
``pyramid.session.BaseCookieSessionFactory``,
``pyramid.session.SignedCookieSessionFactory``, and
``pyramid.session.UnencryptedCookieSessionFactoryConfig``.
See https://github.com/Pylons/pyramid/pull/3300

- Modify ``pyramid.authentication.AuthTktAuthenticationPolicy`` and
``pyramid.csrf.CookieCSRFStoragePolicy`` to support the ``SameSite`` option
on cookies and set the default to ``'Lax'``.
See https://github.com/Pylons/pyramid/pull/3319

- Added new ``pyramid.httpexceptions.HTTPPermanentRedirect``
exception/response object for a HTTP 308 redirect.
See https://github.com/Pylons/pyramid/pull/3302

- Within ``pshell``, allow the user-defined ``setup`` function to be a
generator, in which case it may wrap the command's lifecycle.
See https://github.com/Pylons/pyramid/pull/3318

- Within ``pshell``, variables defined by the ``[pshell]`` settings are
available within the user-defined ``setup`` function.
See https://github.com/Pylons/pyramid/pull/3318

- Add support for Python 3.7. Add testing on Python 3.8 with allowed failures.
See https://github.com/Pylons/pyramid/pull/3333

- Added the ``pyramid.config.Configurator.add_accept_view_order`` directive,
allowing users to specify media type preferences in ambiguous situations
such as when several views match. A default ordering is defined for media
types that prefers human-readable html/text responses over JSON.
See https://github.com/Pylons/pyramid/pull/3326

- Support a list of media types in the ``accept`` predicate used in
``pyramid.config.Configurator.add_route``.
See https://github.com/Pylons/pyramid/pull/3326

- Added ``pyramid.session.JSONSerializer``. See "Upcoming Changes to ISession
in Pyramid 2.0" in the "Sessions" chapter of the documentation for more
information about this feature.
See https://github.com/Pylons/pyramid/pull/3353

- Add a ``registry`` argument to ``pyramid.renderers.get_renderer``
to allow users to avoid threadlocals during renderer lookup.
See https://github.com/Pylons/pyramid/pull/3358

- Pyramid's test suite is no longer distributed with the universal wheel.
See https://github.com/Pylons/pyramid/pull/3387

- All Python code is now formatted automatically using ``black``.
See https://github.com/Pylons/pyramid/pull/3388

Bug Fixes
---------

- Set appropriate ``code`` and ``title`` attributes on the ``HTTPClientError``
and ``HTTPServerError`` exception classes. This prevents inadvertently
returning a 520 error code.
See https://github.com/Pylons/pyramid/pull/3280

- Replace ``webob.acceptparse.MIMEAccept`` from WebOb with
``webob.acceptparse.create_accept_header`` in the HTTP exception handling
code. The old ``MIMEAccept`` has been deprecated. The new methods follow the
RFC's more closely. See https://github.com/Pylons/pyramid/pull/3251

- Catch extra errors like ``AttributeError`` when unpickling "trusted"
session cookies with bad pickle data in them. This would occur when sharing
a secret between projects that shouldn't actually share session cookies,
like when reusing secrets between projects in development.
See https://github.com/Pylons/pyramid/pull/3325

Deprecations
------------

- The ``pyramid.intefaces.ISession`` interface will move to require
JSON-serializable objects in Pyramid 2.0. See
"Upcoming Changes to ISession in Pyramid 2.0" in the "Sessions" chapter
of the documentation for more information about this change.
See https://github.com/Pylons/pyramid/pull/3353

- The ``pyramid.session.signed_serialize`` and
``pyramid.session.signed_deserialize`` functions will be removed in Pyramid
2.0, along with the removal of
``pyramid.session.UnencryptedCookieSessionFactoryConfig`` which was
deprecated in Pyramid 1.5. Please switch to using the
``SignedCookieSessionFactory``, copying the code, or another session
implementation if you're still using these features.
See https://github.com/Pylons/pyramid/pull/3353

- Media ranges are deprecated in the ``accept`` argument of
``pyramid.config.Configurator.add_route``. Use a list of explicit
media types to ``add_route`` to support multiple types.

- Media ranges are deprecated in the ``accept`` argument of
``pyramid.config.Configurator.add_view``.  There is no replacement for
ranges to ``add_view``, but after much discussion the workflow is
fundamentally ambiguous in the face of various client-supplied values for
the ``Accept`` header.
See https://github.com/Pylons/pyramid/pull/3326

Backward Incompatibilities
--------------------------

- On Python 3.4+ the ``repoze.lru`` dependency is dropped. If you were using
this package directly in your apps you should make sure that you are
depending on it directly within your project.
See https://github.com/Pylons/pyramid/pull/3140

- Remove the ``permission`` argument from
``pyramid.config.Configurator.add_route``. This was an argument left over
from a feature removed in Pyramid 1.5 and has had no effect since then.
See https://github.com/Pylons/pyramid/pull/3299

- Modify the builtin session implementations to set ``SameSite='Lax'`` on
cookies. This affects ``pyramid.session.BaseCookieSessionFactory``,
``pyramid.session.SignedCookieSessionFactory``, and
``pyramid.session.UnencryptedCookieSessionFactoryConfig``.
See https://github.com/Pylons/pyramid/pull/3300

- Variables defined in the ``[pshell]`` section of the settings will no
longer override those set by the ``setup`` function.
See https://github.com/Pylons/pyramid/pull/3318

- ``pyramid.config.Configurator.add_notfound_view`` uses default redirect
class exception ``pyramid.httpexceptions.HTTPTemporaryRedirect`` instead
of previous ``pyramid.httpexceptions.HTTPFound``.
See https://github.com/Pylons/pyramid/pull/3328

- Removed ``pyramid.config.Configurator.set_request_property`` which had been
deprecated since Pyramid 1.5. Instead use
``pyramid.config.Configurator.add_request_method`` with ``reify=True`` or
``property=True``.
See https://github.com/Pylons/pyramid/pull/3368

- Removed the ``principal`` keyword argument from
``pyramid.security.remember`` which had been deprecated since Pyramid 1.6
and replaced by the ``userid`` argument.
See https://github.com/Pylons/pyramid/pull/3369

- Removed the ``pyramid.tests`` subpackage that used to contain the Pyramid
test suite. These changes also changed the format of the repository to move
the code into a ``src`` folder.
See https://github.com/Pylons/pyramid/pull/3387

Documentation Changes
---------------------

- Ad support for Read The Docs Ethical Ads.
See https://github.com/Pylons/pyramid/pull/3360 and
https://docs.readthedocs.io/en/latest/advertising/ethical-advertising.html

- Add support for alembic to the pyramid-cookiecutter-alchemy cookiecutter
and update the wiki2 tutorial to explain how it works.
See https://github.com/Pylons/pyramid/pull/3307 and
https://github.com/Pylons/pyramid-cookiecutter-alchemy/pull/7

- Bump Sphinx to >= 1.7.4 in setup.py to support ``emphasize-lines`` in PDFs
and to pave the way for xelatex support.  See
https://github.com/Pylons/pyramid/pull/3271,
https://github.com/Pylons/pyramid/issues/667, and
https://github.com/Pylons/pyramid/issues/2572

- Added extra tests to the quick tutorial.
See https://github.com/Pylons/pyramid/pull/3375

Links

• PyPI: https://pypi.org/project/pyramid
• Changelog: https://pyup.io/changelogs/pyramid/
• Homepage: https://trypyramid.com

[coveralls]

Coverage remained the same at 98.649% when pulling b63c51a on pyup-scheduled-update-2018-11-01 into 248978a on master.

[pyup-bot]

Closing this in favor of #53