Skip to content
This repository has been archived by the owner. It is now read-only.

Scheduled monthly dependency update for June #28

merged 15 commits into from Jun 3, 2019


Copy link

pyup-bot commented Jun 1, 2019

Update aiohttp from 3.4.4 to 3.5.4.





- ``FileResponse`` from ```` uses a ``ThreadPoolExecutor`` to work with files asynchronously.
I/O based payloads from ```` uses a ``ThreadPoolExecutor`` to work with I/O objects asynchronously.
`3313 <>`_
- Internal Server Errors in plain text if the browser does not support HTML.
`3483 <>`_


- Preserve MultipartWriter parts headers on write.

Refactor the way how ``Payload.headers`` are handled. Payload instances now always
have headers and Content-Type defined.

Fix Payload Content-Disposition header reset after initial creation.
`3035 <>`_
- Log suppressed exceptions in ``GunicornWebWorker``.
`3464 <>`_
- Remove wildcard imports.
`3468 <>`_
- Use the same task for app initialization and web server handling in gunicorn workers.
It allows to use Python3.7 context vars smoothly.
`3471 <>`_
- Fix handling of chunked+gzipped response when first chunk does not give uncompressed data
`3477 <>`_
- Replace ``collections.MutableMapping`` with ```` to avoid a deprecation warning.
`3480 <>`_
- ``Payload.size`` type annotation changed from `Optional[float]` to `Optional[int]`.
`3484 <>`_
- Ignore done tasks when cancels pending activities on ``web.run_app`` finalization.
`3497 <>`_

Improved Documentation

- Add documentation for ``aiohttp.web.HTTPException``.
`3490 <>`_


- `3487 <>`_




- Fix a regression about ``ClientSession._requote_redirect_url`` modification in debug




- The library type annotations are checked in strict mode now.
- Add support for setting cookies for individual request (`2387 <>`_)
- Application.add_domain implementation (`2809 <>`_)
- The default ``app`` in the request returned by ``test_utils.make_mocked_request``
can now have objects assigned to it and retrieved using the ``[]`` operator. (`3174 <>`_)
- Make ``request.url`` accessible when transport is closed. (`3177 <>`_)
- Add ``zlib_executor_size`` argument to ``Response`` constructor to allow compression to run in a background executor to avoid blocking the main thread and potentially triggering health check failures. (`3205 <>`_)
- Enable users to set `ClientTimeout` in `aiohttp.request` (`3213 <>`_)
- Don't raise a warning if ``NETRC`` environment variable is not set and ``~/.netrc`` file
doesn't exist. (`3267 <>`_)
- Add default logging handler to web.run_app

If the `Application.debug` flag is set and the default logger `aiohttp.access` is used, access logs will now be output using a `stderr` `StreamHandler` if no handlers are attached. Furthermore, if the default logger has no log level set, the log level will be set to `DEBUG`. (`3324 <>`_)
- Add method argument to ``session.ws_connect()``.

Sometimes server API requires a different HTTP method for WebSocket connection establishment.

For example, ``Docker exec`` needs POST. (`3378 <>`_)
- Create a task per request handling. (`3406 <>`_)


- Enable passing `access_log_class` via `handler_args` (`3158 <>`_)
- Return empty bytes with end-of-chunk marker in empty stream reader. (`3186 <>`_)
- Accept ``CIMultiDictProxy`` instances for ``headers`` argument in ``web.Response``
constructor. (`3207 <>`_)
- Don't uppercase HTTP method in parser (`3233 <>`_)
- Make method match regexp RFC-7230 compliant (`3235 <>`_)
- Add ``app.pre_frozen`` state to properly handle startup signals in sub-applications. (`3237 <>`_)
- Enhanced parsing and validation of helpers.BasicAuth.decode. (`3239 <>`_)
- Change imports from collections module in preparation for 3.8. (`3258 <>`_)
- Ensure Host header is added first to ClientRequest to better replicate browser (`3265 <>`_)
- Fix forward compatibility with Python 3.8: importing ABCs directly from the collections module will not be supported anymore. (`3273 <>`_)
- Keep the query string by `normalize_path_middleware`. (`3278 <>`_)
- Fix missing parameter ``raise_for_status`` for aiohttp.request() (`3290 <>`_)
- Bracket IPv6 addresses in the HOST header (`3304 <>`_)
- Fix default message for server ping and pong frames. (`3308 <>`_)
- Fix tests/ typo and tests/autobahn/ duplicate loop def. (`3337 <>`_)
- Fix false-negative indicator end_of_HTTP_chunk in StreamReader.readchunk function (`3361 <>`_)
- Release HTTP response before raising status exception (`3364 <>`_)
- Fix task cancellation when ``sendfile()`` syscall is used by static file handling. (`3383 <>`_)
- Fix stack trace for ``asyncio.TimeoutError`` which was not logged, when it is caught
in the handler. (`3414 <>`_)

Improved Documentation

- Improve documentation of ``Application.make_handler`` parameters. (`3152 <>`_)
- Fix BaseRequest.raw_headers doc. (`3215 <>`_)
- Fix typo in TypeError exception reason in ``web.Application._handle`` (`3229 <>`_)
- Make server access log format placeholder %b documentation reflect
behavior and docstring. (`3307 <>`_)

Deprecations and Removals

- Deprecate modification of ``session.requote_redirect_url`` (`2278 <>`_)
- Deprecate ``stream.unread_data()`` (`3260 <>`_)
- Deprecated use of boolean in ``resp.enable_compression()`` (`3318 <>`_)
- Encourage creation of aiohttp public objects inside a coroutine (`3331 <>`_)
- Drop dead ``Connection.detach()`` and ``Connection.writer``. Both methods were broken
for more than 2 years. (`3358 <>`_)
- Deprecate ``app.loop``, ``request.loop``, ``client.loop`` and ``connector.loop`` properties. (`3374 <>`_)
- Deprecate explicit debug argument. Use asyncio debug mode instead. (`3381 <>`_)
- Deprecate body parameter in HTTPException (and derived classes) constructor. (`3385 <>`_)
- Deprecate bare connector close, use ``async with connector:`` and ``await connector.close()`` instead. (`3417 <>`_)
- Deprecate obsolete ``read_timeout`` and ``conn_timeout`` in ``ClientSession`` constructor. (`3438 <>`_)


- 3341, 3351

Update async-timeout from 3.0.0 to 3.0.1.




- More aggressive typing (48)

Update attrs from 18.2.0 to 19.1.0.




Backward-incompatible Changes

- Fixed a bug where deserialized objects with ``cache_hash=True`` could have incorrect hash code values.
This change breaks classes with ``cache_hash=True`` when a custom ``__setstate__`` is present.
An exception will be thrown when applying the ``attrs`` annotation to such a class.
This limitation is tracked in issue `494 <>`_.
`482 <>`_


- Add ``is_callable``, ``deep_iterable``, and ``deep_mapping`` validators.

* ``is_callable``: validates that a value is callable
* ``deep_iterable``: Allows recursion down into an iterable,
 applying another validator to every member in the iterable
 as well as applying an optional validator to the iterable itself.
* ``deep_mapping``: Allows recursion down into the items in a mapping object,
 applying a key validator and a value validator to the key and value in every item.
 Also applies an optional validator to the mapping object itself.

You can find them in the ``attr.validators`` package.
`425 <>`_
- Fixed stub files to prevent errors raised by mypy's ``disallow_any_generics = True`` option.
`443 <>`_
- Attributes with ``init=False`` now can follow after ``kw_only=True`` attributes.
`450 <>`_
- ``attrs`` now has first class support for defining exception classes.

If you define a class using ``attr.s(auto_exc=True)`` and subclass an exception, the class will behave like a well-behaved exception class including an appropriate ``__str__`` method, and all attributes additionally available in an ``args`` attribute.
`500 <>`_
- Clarified documentation for hashing to warn that hashable objects should be deeply immutable (in their usage, even if this is not enforced).
`503 <>`_


Update cffi from 1.11.5 to 1.12.3.




* Fix for nested struct types that end in a var-sized array (405).

* Add support for using ``U`` and ``L`` characters at the end of integer
constants in ``ffi.cdef()`` (thanks Guillaume).

* More 3.8 fixes.



* Added temporary workaround to compile on CPython 3.8.0a2.



* CPython 3 on Windows: we again no longer compile with ``Py_LIMITED_API``
by default because such modules *still* cannot be used with virtualenv.
The problem is that it doesn't work in CPython <= 3.4, and for
technical reason we can't enable this flag automatically based on the
version of Python.

Like before, `Issue 350`_ mentions a workaround if you still want
the ``Py_LIMITED_API`` flag and *either* you are not concerned about
virtualenv *or* you are sure your module will not be used on CPython
<= 3.4: pass ``define_macros=[("Py_LIMITED_API", None)]`` to the
``ffibuilder.set_source()`` call.



* `Direct support for pkg-config`__.

* ``ffi.from_buffer()`` takes a new optional *first* argument that gives
the array type of the result.  It also takes an optional keyword argument
``require_writable`` to refuse read-only Python buffers.

* ````, ``ffi.gc()`` or ``ffi.from_buffer()`` cdata objects
can now be released at known times, either by using the ``with``
keyword or by calling the new ``ffi.release()``.

* Windows, CPython 3.x: cffi modules are linked with ``python3.dll``
again.  This makes them independant on the exact CPython version,
like they are on other platforms.  **It requires virtualenv 16.0.0.**

* Accept an expression like ``"int[4]", p)`` if ``p`` is itself
another cdata ``int[4]``.

* CPython 2.x: ``ffi.dlopen()`` failed with non-ascii file names on Posix

* CPython: if a thread is started from C and then runs Python code (with
callbacks or with the embedding solution), then previous versions of
cffi would contain possible crashes and/or memory leaks.  Hopefully,
this has been fixed (see `issue 362`_).

* Support for ``ffi.cdef(..., pack=N)`` where N is a power of two.
Means to emulate ``pragma pack(N)`` on MSVC.  Also, the default on
Windows is now ``pack=8``, like on MSVC.  This might make a difference
in corner cases, although I can't think of one in the context of CFFI.
The old way ``ffi.cdef(..., packed=True)`` remains and is equivalent
to ``pack=1`` (saying e.g. that fields like ``int`` should be aligned
to 1 byte instead of 4).

.. __: cdef.htmlpkgconfig
.. _`issue 362`:

Older Versions

Update cryptography from 2.3.1 to 2.7.




* **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
wheels. Continuing to produce them was a maintenance burden.
``cryptography.hazmat.primitives.mac.MACContext`` interface. The ``CMAC`` and
``HMAC`` APIs have not changed, but they are no longer registered as
``MACContext`` instances.
* Removed support for running our tests with `` test``. Users
interested in running our tests can continue to follow the directions in our
:doc:`development documentation</development/getting-started>`.
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
when using OpenSSL 1.1.1 or newer.
* Support serialization with ``Encoding.OpenSSH`` and ``PublicFormat.OpenSSH``
* Correctly allow passing a ``SubjectKeyIdentifier`` to
and deprecate passing an ``Extension`` object. The documentation always
required ``SubjectKeyIdentifier`` but the implementation previously
required an ``Extension``.

.. _v2-6-1:



* Resolved an error in our build infrastructure that broke our Python3 wheels
for macOS and Linux.

.. _v2-6:



which had been deprecated for nearly 4 years. Use
* **BACKWARDS INCOMPATIBLE**: Removed ``cryptography.x509.Certificate.serial``,
which had been deprecated for nearly 3 years. Use
:attr:`~cryptography.x509.Certificate.serial_number` instead.
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.1b.
* Added support for :doc:`/hazmat/primitives/asymmetric/ed448` when using
OpenSSL 1.1.1b or newer.
* Added support for :doc:`/hazmat/primitives/asymmetric/ed25519` when using
OpenSSL 1.1.1b or newer.
* :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can
now load ``ed25519`` public keys.
* Add support for easily mapping an object identifier to its elliptic curve
class via
* Add support for OpenSSL when compiled with the ``no-engine``

.. _v2-5:



* **BACKWARDS INCOMPATIBLE:** :term:`U-label` strings were deprecated in
version 2.1, but this version removes the default ``idna`` dependency as
well. If you still need this deprecated path please install cryptography
with the ``idna`` extra: ``pip install cryptography[idna]``.
* **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.4.
* Numerous classes and functions have been updated to allow :term:`bytes-like`
types for keying material and passwords, including symmetric algorithms, AEAD
ciphers, KDFs, loading asymmetric keys, and one time password classes.
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.1a.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA512_224`
and :class:`~cryptography.hazmat.primitives.hashes.SHA512_256` when using
OpenSSL 1.1.1.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA3_224`,
:class:`~cryptography.hazmat.primitives.hashes.SHA3_384`, and
:class:`~cryptography.hazmat.primitives.hashes.SHA3_512` when using OpenSSL
* Added support for :doc:`/hazmat/primitives/asymmetric/x448` when using
OpenSSL 1.1.1.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHAKE128`
and :class:`~cryptography.hazmat.primitives.hashes.SHAKE256` when using
OpenSSL 1.1.1.
* Added initial support for parsing PKCS12 files with
* Added support for :class:`~cryptography.x509.IssuingDistributionPoint`.
* Added ``rfc4514_string()`` method to
:meth:`x509.Name <cryptography.x509.Name.rfc4514_string>`,
<cryptography.x509.RelativeDistinguishedName.rfc4514_string>`, and
:meth:`x509.NameAttribute <cryptography.x509.NameAttribute.rfc4514_string>`
to format the name or component an :rfc:`4514` Distinguished Name string.
* Added
which immediately checks if the point is on the curve and supports compressed
points. Deprecated the previous method
* Added :attr:`~cryptography.x509.ocsp.OCSPResponse.signature_hash_algorithm`
to ``OCSPResponse``.
* Updated :doc:`/hazmat/primitives/asymmetric/x25519` support to allow
additional serialization methods. Calling
with no arguments has been deprecated.
* Added support for encoding compressed and uncompressed points via
:meth:``. Deprecated the previous method

.. _v2-4-2:



* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0j.

.. _v2-4-1:



* Fixed a build breakage in our ``manylinux1`` wheels.

.. _v2-4:



* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.4.x.
* Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no longer supported by
the OpenSSL project. At this time there is no time table for dropping
support, however we strongly encourage all users to upgrade or install
``cryptography`` from a wheel.
* Added initial :doc:`OCSP </x509/ocsp>` support.
* Added support for :class:`~cryptography.x509.PrecertPoison`.

.. _v2-3-1:

Update gidgethub from 3.0.0 to 3.1.0.


Update idna from 2.7 to 2.8.




- Update to Unicode 11.0.0.
- Provide more specific exceptions for some malformed labels.

Update multidict from 4.4.2 to 4.5.2.




* Fix another memory leak introduced by 4.5.0 release (:pr:`307`)



* Fix a memory leak introduced by 4.5.0 release (:pr:`306`)



* Multidict views ported from Cython to C extension (:pr:`275`)

Update PyJWT from 1.6.4 to 1.7.1.





- Reverse an unintentional breaking API change to .decode() [352][352]


- All exceptions inherit from PyJWTError [340][340]


- Add type hints [344][344]
- Add help module [7ca41e][7ca41e]


- Added section to usage docs for jwt.get_unverified_header() [350][350]
- Update legacy instructions for using pycrypto [337][337]


- Audience parameter throws `InvalidAudienceError` when application does not specify an audience, but the token does. [336][336]

Update PyYAML from 3.13 to 5.1.

The bot wasn't able to find a changelog for this release. Got an idea?


Update six from 1.11.0 to 1.12.0.




- Issue 259, pull request 260: `six.add_metaclass` now preserves
`__qualname__` from the original class.

- Pull request 204: Add `six.ensure_binary`, `six.ensure_text`, and

Update yarl from 1.2.6 to 1.3.0.




* Fix annotations for ``query`` parameter (207)

* An incoming query sequence can have int variables (the same as for
Mapping type) (208)

* Add ``URL.explicit_port`` property (218)

* Give a friendlier error when port cant be converted to int (168)

* ``bool(URL())`` now returns ``False`` (272)
LordAro added 3 commits Jun 3, 2019
@TrueBrain TrueBrain merged commit 41614f3 into master Jun 3, 2019
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed
@LordAro LordAro deleted the pyup-scheduled-update-2019-06-01 branch Jun 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.