Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update flask-wtf to 0.14 #69

Merged
merged 1 commit into from Jan 6, 2017

Conversation

@pyup-bot
Copy link
Collaborator

commented Jan 6, 2017

There's a new version of Flask-WTF available.
You are currently using 0.13.1. I have updated it to 0.14

These links might come in handy: PyPI | Changelog | Repo | Docs

Changelog

0.14


Released 2017-01-06

  • Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
    ourselves. (264_)
  • All tokens are URL safe, removing the url_safe parameter from
    generate_csrf. (206_)
  • All tokens store a timestamp, which is checked in validate_csrf. The
    time_limit parameter of generate_csrf is removed.
  • Remove the app attribute from CsrfProtect, use current_app.
    (264_)
  • CsrfProtect protects the DELETE method by default. (264_)
  • The same CSRF token is generated for the lifetime of a request. It is exposed
    as request.csrf_token for use during testing. (227, 264)
  • CsrfProtect.error_handler is deprecated. (264_)
  • Handlers that return a response work in addition to those that raise an
    error. The behavior was not clear in previous docs.
  • (200, 209, 243, 252)
  • Use Form.Meta instead of deprecated SecureForm for CSRF (and
    everything else). (216, 271)
  • csrf_enabled parameter is still recognized but deprecated. All other
    attributes and methods from SecureForm are removed. (271_)
  • Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
    (271_)
  • validate_csrf raises wtforms.ValidationError with specific messages
    instead of returning True or False. This breaks anything that was
    calling the method directly. (239, 271)
  • CSRF errors are logged as well as raised. (239_)
  • CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
    when using the old name. CsrfError is renamed to CSRFError without
    deprecation. (271_)
  • FileField is deprecated because it no longer provides functionality over
    the provided validators. Use wtforms.FileField directly. (272_)

.. _200: lepture/flask-wtf#200
.. _209: lepture/flask-wtf#209
.. _216: lepture/flask-wtf#216
.. _227: lepture/flask-wtf#227
.. _239: lepture/flask-wtf#239
.. _243: lepture/flask-wtf#243
.. _252: lepture/flask-wtf#252
.. _264: lepture/flask-wtf#264
.. _271: lepture/flask-wtf#271
.. _272: lepture/flask-wtf#272

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 馃

@feliciaan feliciaan merged commit 846db00 into master Jan 6, 2017

@feliciaan feliciaan deleted the pyup-update-flask-wtf-0.13.1-to-0.14 branch Jan 14, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can鈥檛 perform that action at this time.