Initial Update #1

pyup-bot · 2017-04-16T17:08:51Z

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

Fabric	1.8.2	»	1.13.1	PyPI \| Homepage
Flask	0.10.1	»	0.12.1	PyPI \| Changelog \| Repo
Flask-SQLAlchemy	1.0	»	2.2	PyPI \| Changelog \| Repo \| Docs
Flask-WTF	0.9.4	»	0.14.2	PyPI \| Changelog \| Repo \| Docs
Jinja2	2.7.2	»	2.9.6	PyPI \| Changelog \| Homepage
MarkupSafe	0.18	»	1.0	PyPI \| Changelog \| Repo
SQLAlchemy	0.9.3	»	1.1.9	PyPI \| Homepage
WTForms	1.0.5	»	2.1	PyPI \| Changelog \| Homepage \| Docs
Werkzeug	0.9.4	»	0.12.1	PyPI \| Changelog \| Homepage
coverage	3.7.1	»	4.3.4	PyPI \| Changelog \| Docs
ecdsa	0.10	»	0.13	PyPI \| Changelog \| Repo
gunicorn	19.3.0	»	19.7.1	PyPI \| Changelog \| Homepage
itsdangerous	0.23	»	0.24	PyPI \| Changelog \| Repo \| Docs
paramiko	1.12.2	»	2.1.2	PyPI \| Changelog \| Repo

Changelogs

Flask 0.10.1 -> 0.12.1

0.12.1

Bugfix release, released on March 31st 2017

Prevent flask run from showing a NoAppException when an ImportError occurs
within the imported application module.

Fix encoding behavior of app.config.from_pyfile for Python 3. Fix
2118.

Use the SERVER_NAME config if it is present as default values for
app.run. 2109, 2152

Call ctx.auto_pop with the exception object instead of None, in the
event that a BaseException such as KeyboardInterrupt is raised in a
request handler.

0.12

Released on December 21st 2016, codename Punsch.

the cli command now responds to --version.

Mimetype guessing and ETag generation for file-like objects in send_file
has been removed, as per issue 104. See pull request 1849.

Mimetype guessing in send_file now fails loudly and doesn't fall back to
application/octet-stream. See pull request 1988.

Make flask.safe_join able to join multiple paths like os.path.join
(pull request 1730).

Revert a behavior change that made the dev server crash instead of returning
a Internal Server Error (pull request 2006).

Correctly invoke response handlers for both regular request dispatching as
well as error handlers.

Disable logger propagation by default for the app logger.

Add support for range requests in send_file.

app.test_client includes preset default environment, which can now be
directly set, instead of per client.get.

0.11.2

Bugfix release, unreleased

Fix crash when running under PyPy3, see pull request 1814.

0.11.1

Bugfix release, released on June 7th 2016.

Fixed a bug that prevented FLASK_APP=foobar/__init__.py from working. See
pull request 1872.

0.11

Released on May 29th 2016, codename Absinthe.

Added support to serializing top-level arrays to :func:flask.jsonify. This
introduces a security risk in ancient browsers. See
:ref:json-security for details.

Added before_render_template signal.

Added **kwargs to :meth:flask.Test.test_client to support passing
additional keyword arguments to the constructor of
:attr:flask.Flask.test_client_class.

Added SESSION_REFRESH_EACH_REQUEST config key that controls the
set-cookie behavior. If set to True a permanent session will be
refreshed each request and get their lifetime extended, if set to
False it will only be modified if the session actually modifies.
Non permanent sessions are not affected by this and will always
expire if the browser window closes.

Made Flask support custom JSON mimetypes for incoming data.

Added support for returning tuples in the form (response, headers)
from a view function.

Added :meth:flask.Config.from_json.

Added :attr:flask.Flask.config_class.

Added :meth:flask.Config.get_namespace.

Templates are no longer automatically reloaded outside of debug mode. This
can be configured with the new TEMPLATES_AUTO_RELOAD config key.

Added a workaround for a limitation in Python 3.3's namespace loader.

Added support for explicit root paths when using Python 3.3's namespace
packages.

Added :command:flask and the flask.cli module to start the local
debug server through the click CLI system. This is recommended over the old
flask.run() method as it works faster and more reliable due to a
different design and also replaces Flask-Script.

Error handlers that match specific classes are now checked first,
thereby allowing catching exceptions that are subclasses of HTTP
exceptions (in werkzeug.exceptions). This makes it possible
for an extension author to create exceptions that will by default
result in the HTTP error of their choosing, but may be caught with
a custom error handler if desired.

Added :meth:flask.Config.from_mapping.

Flask will now log by default even if debug is disabled. The log format is
now hardcoded but the default log handling can be disabled through the
LOGGER_HANDLER_POLICY configuration key.

Removed deprecated module functionality.

Added the EXPLAIN_TEMPLATE_LOADING config flag which when enabled will
instruct Flask to explain how it locates templates. This should help
users debug when the wrong templates are loaded.

Enforce blueprint handling in the order they were registered for template
loading.

Ported test suite to py.test.

Deprecated request.json in favour of request.get_json().

Add "pretty" and "compressed" separators definitions in jsonify() method.
Reduces JSON response size when JSONIFY_PRETTYPRINT_REGULAR=False by removing
unnecessary white space included by default after separators.

JSON responses are now terminated with a newline character, because it is a
convention that UNIX text files end with a newline and some clients don't
deal well when this newline is missing. See
Add JSONIFY_END_WITH_NEWLINE config variable pallets/flask#1262 -- this came up originally as a
part of https://github.com/kennethreitz/httpbin/issues/168

The automatically provided OPTIONS method is now correctly disabled if
the user registered an overriding rule with the lowercase-version
options (issue 1288).

flask.json.jsonify now supports the datetime.date type (pull request
1326).

Don't leak exception info of already catched exceptions to context teardown
handlers (pull request 1393).

Allow custom Jinja environment subclasses (pull request 1422).

flask.g now has pop() and setdefault methods.

Turn on autoescape for flask.templating.render_template_string by default
(pull request 1515).

flask.ext is now deprecated (pull request 1484).

send_from_directory now raises BadRequest if the filename is invalid on
the server OS (pull request 1763).

Added the JSONIFY_MIMETYPE configuration variable (pull request 1728).

Exceptions during teardown handling will no longer leave bad application
contexts lingering around.

0.10.2

(bugfix release, release date to be announced)

Fixed broken test_appcontext_signals() test case.

Raise an :exc:AttributeError in :func:flask.helpers.find_package with a
useful message explaining why it is raised when a PEP 302 import hook is used
without an is_package() method.

Fixed an issue causing exceptions raised before entering a request or app
context to be passed to teardown handlers.

Fixed an issue with query parameters getting removed from requests in
the test client when absolute URLs were requested.

Made before_first_request into a decorator as intended.

Fixed an etags bug when sending a file streams with a name.

Fixed send_from_directory not expanding to the application root path
correctly.

Changed logic of before first request handlers to flip the flag after
invoking. This will allow some uses that are potentially dangerous but
should probably be permitted.

Fixed Python 3 bug when a handler from app.url_build_error_handlers
reraises the BuildError.

Flask-SQLAlchemy 1.0 -> 2.2

2.2

Released on February 27, 2017, codename Dubnium

Minimum SQLAlchemy version is 0.8 due to use of sqlalchemy.inspect.

Added support for custom query_class and model_class as args
to the SQLAlchemy constructor. (328_)

Allow listening to SQLAlchemy events on db.session. (364_)

Allow __bind_key__ on abstract models. (373_)

Allow SQLALCHEMY_ECHO to be a string. (409_)

Warn when SQLALCHEMY_DATABASE_URI is not set. (443_)

Don't let pagination generate invalid page numbers. (460_)

Drop support of Flask < 0.10. This means the db session is always tied to
the app context and its teardown event. (461_)

Tablename generation logic no longer accesses class properties unless they
are declared_attr. (467_)

.. _328: pallets-eco/flask-sqlalchemy#328
.. _364: pallets-eco/flask-sqlalchemy#364
.. _373: pallets-eco/flask-sqlalchemy#373
.. _409: pallets-eco/flask-sqlalchemy#409
.. _443: pallets-eco/flask-sqlalchemy#443
.. _460: pallets-eco/flask-sqlalchemy#460
.. _461: pallets-eco/flask-sqlalchemy#461
.. _467: pallets-eco/flask-sqlalchemy#467

2.1

Released on October 23rd 2015, codename Caesium

Table names are automatically generated in more cases, including
subclassing mixins and abstract models.

Allow using a custom MetaData object.

Add support for binds parameter to session.

2.0

Released on August 29th 2014, codename Bohrium

Changed how the builtin signals are subscribed to skip non Flask-SQLAlchemy
sessions. This will also fix the attribute error about model changes
not existing.

Added a way to control how signals for model modifications are tracked.

Made the SignallingSession a public interface and added a hook
for customizing session creation.

If the bind parameter is given to the signalling session it will no
longer cause an error that a parameter is given twice.

Added working table reflection support.

Enabled autoflush by default.

Consider SQLALCHEMY_COMMIT_ON_TEARDOWN harmful and remove from docs.

Flask-WTF 0.9.4 -> 0.14.2

0.14.2

Released 2017-01-10

Fix bug where FlaskForm assumed meta argument was not None if it
was passed. (278_)

.. _278: wtforms/flask-wtf#278

0.14.1

Released 2017-01-10

Fix bug where the file validators would incorrectly identify an empty file as
valid data. (276, 277)

FileField is no longer deprecated. The data is checked during
processing and only set if it's a valid file.

has_file is deprecated; it's now equivalent to bool(field.data).

FileRequired and FileAllowed work with both the Flask-WTF and
WTForms FileField classes.

The Optional validator now works with FileField.

.. _276: wtforms/flask-wtf#276
.. _277: wtforms/flask-wtf#277

0.14

Released 2017-01-06

Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
ourselves. (264_)

All tokens are URL safe, removing the url_safe parameter from
generate_csrf. (206_)

All tokens store a timestamp, which is checked in validate_csrf. The
time_limit parameter of generate_csrf is removed.

Remove the app attribute from CsrfProtect, use current_app.
(264_)

CsrfProtect protects the DELETE method by default. (264_)

The same CSRF token is generated for the lifetime of a request. It is exposed
as request.csrf_token for use during testing. (227, 264)

CsrfProtect.error_handler is deprecated. (264_)

Handlers that return a response work in addition to those that raise an
error. The behavior was not clear in previous docs.

(200, 209, 243, 252)

Use Form.Meta instead of deprecated SecureForm for CSRF (and
everything else). (216, 271)

csrf_enabled parameter is still recognized but deprecated. All other
attributes and methods from SecureForm are removed. (271_)

Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
(271_)

validate_csrf raises wtforms.ValidationError with specific messages
instead of returning True or False. This breaks anything that was
calling the method directly. (239, 271)

CSRF errors are logged as well as raised. (239_)

CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
when using the old name. CsrfError is renamed to CSRFError without
deprecation. (271_)

FileField is deprecated because it no longer provides functionality over
the provided validators. Use wtforms.FileField directly. (272_)

.. _200: wtforms/flask-wtf#200
.. _209: wtforms/flask-wtf#209
.. _216: wtforms/flask-wtf#216
.. _227: wtforms/flask-wtf#227
.. _239: wtforms/flask-wtf#239
.. _243: wtforms/flask-wtf#243
.. _252: wtforms/flask-wtf#252
.. _264: wtforms/flask-wtf#264
.. _271: wtforms/flask-wtf#271
.. _272: wtforms/flask-wtf#272

0.13.1

Released 2016/10/6

Deprecation warning for Form is shown during __init__ instead of immediately when subclassing. (262_)

Don't use pkg_resources to get version, for compatibility with GAE. (261_)

.. _261: wtforms/flask-wtf#261
.. _262: wtforms/flask-wtf#262

0.13

Released 2016/09/29

Form is renamed to FlaskForm in order to avoid name collision with WTForms's base class. Using Form will show a deprecation warning. (250_)

hidden_tag no longer wraps the hidden inputs in a hidden div. This is valid HTML5 and any modern HTML parser will behave correctly. (217, 193)

flask_wtf.html5 is deprecated. Import directly from wtforms.fields.html5. (251_)

is_submitted is true for PATCH and DELETE in addition to POST and PUT. (187_)

generate_csrf takes a token_key parameter to specify the key stored in the session. (206_)

generate_csrf takes a url_safe parameter to allow the token to be used in URLs. (206_)

form.data can be accessed multiple times without raising an exception. (248_)

File extension with multiple parts (.tar.gz) can be used in the FileAllowed validator. (201_)

.. _187: wtforms/flask-wtf#187
.. _193: wtforms/flask-wtf#193
.. _201: wtforms/flask-wtf#201
.. _206: wtforms/flask-wtf#206
.. _217: wtforms/flask-wtf#217
.. _248: wtforms/flask-wtf#248
.. _250: wtforms/flask-wtf#250
.. _251: wtforms/flask-wtf#251

0.12

Released 2015/07/09

Abstract protect_csrf() into a separate method

Update reCAPTCHA configuration

Fix reCAPTCHA error handle

0.11

Released 2015/01/21

Use the new reCAPTCHA API via 164_.

.. _164: wtforms/flask-wtf#164

0.10.3

Released 2014/11/16

Add configuration: WTF_CSRF_HEADERS via 159_.

Support customize hidden tags via 150_.

And many more bug fixes

.. _150: wtforms/flask-wtf#150
.. _159: wtforms/flask-wtf#159

0.10.2

Released 2014/09/03

Update translation for reCaptcha via 146_.

.. _146: wtforms/flask-wtf#146

0.10.1

Released 2014/08/26

Update RECAPTCHA API SERVER URL via 145_.

Update requirement Werkzeug>=0.9.5

Fix CsrfProtect exempt for blueprints via 143_.

.. _145: wtforms/flask-wtf#145
.. _143: wtforms/flask-wtf#143

0.10.0

Released 2014/07/16

Add configuration: WTF_CSRF_METHODS

Support WTForms 2.0 now

Fix csrf validation without time limit (time_limit=False)

CSRF exempt supports blueprint 111_.

.. _111: wtforms/flask-wtf#111

0.9.5

Released 2014/03/21

csrf_token for all template types 112_.

Make FileRequired a subclass of InputRequired 108_.

.. _108: wtforms/flask-wtf#108
.. _112: wtforms/flask-wtf#112

Jinja2 2.7.2 -> 2.9.6

2.9.6

(bugfix release, released on April 3rd 2017)

Fixed custom context behavior in fast resolve mode (675)

2.9.5

(bugfix release, released on January 28th 2017)

Restored the original repr of the internal _GroupTuple because this
caused issues with ansible and it was an unintended change. (654)

Added back support for custom contexts that override the old resolve
method since it was hard for people to spot that this could cause a
regression.

Correctly use the buffer for the else block of for loops. This caused
invalid syntax errors to be caused on 2.x and completely wrong behavior
on Python 3 (669)

Resolve an issue where the {% extends %} tag could not be used with
async environments. (668)

Reduce memory footprint slightly by reducing our unicode database dump
we use for identifier matching on Python 3 (666)

Fixed autoescaping not working for macros in async compilation mode. (671)

2.9.4

(bugfix release, released on January 10th 2017)

Solved some warnings for string literals. (646)

Increment the bytecode cache version which was not done due to an
oversight before.

Corrected bad code generation and scoping for filtered loops. (649)

Resolved an issue where top-level output silencing after known extend
blocks could generate invalid code when blocks where contained in if
statements. (651)

Made the truncate.leeway default configurable to improve compatibility
with older templates.

2.9.3

(bugfix release, released on January 8th 2017)

Restored the use of blocks in macros to the extend that was possible
before. On Python 3 it would render a generator repr instead of
the block contents. (645)

Set a consistent behavior for assigning of variables in inner scopes
when the variable is also read from an outer scope. This now sets the
intended behavior in all situations however it does not restore the
old behavior where limited assignments to outer scopes was possible.
For more information and a discussion see 641

Resolved an issue where block scoped would not take advantage of the
new scoping rules. In some more exotic cases a variable overriden in a
local scope would not make it into a block.

Change the code generation of the with statement to be in line with the
new scoping rules. This resolves some unlikely bugs in edge cases. This
also introduces a new internal With node that can be used by extensions.

2.9.2

(bugfix release, released on January 8th 2017)

Fixed a regression that caused for loops to not be able to use the same
variable for the target as well as source iterator. (640)

Add support for a previously unknown behavior of macros. It used to be
possible in some circumstances to explicitly provide a caller argument
to macros. While badly buggy and unintended it turns out that this is a
common case that gets copy pasted around. To not completely break backwards
compatibility with the most common cases it's now possible to provide an
explicit keyword argument for caller if it's given an explicit default.
(642)

2.9.1

(bugfix release, released on January 7th 2017)

Resolved a regression with call block scoping for macros. Nested caller
blocks that used the same identifiers as outer macros could refer to the
wrong variable incorrectly.

2.9

(codename Derivation, released on January 7th 2017)

Change cache key definition in environment. This fixes a performance
regression introduced in 2.8.

Added support for generator_stop on supported Python versions
(Python 3.5 and later)

Corrected a long standing issue with operator precedence of math operations
not being what was expected.

Added support for Python 3.6 async iterators through a new async mode.

Added policies for filter defaults and similar things.

urlize now sets "rel noopener" by default.

Support attribute fallback for old-style classes in 2.x.

Support toplevel set statements in extend situations.

Restored behavior of Cycler for Python 3 users.

Subtraction now follows the same behavior as other operators on undefined
values.

map and friends will now give better error messages if you forgot to
quote the parameter.

Depend on MarkupSafe 0.23 or higher.

Improved the truncate filter to support better truncation in case
the string is barely truncated at all.

Change the logic for macro autoescaping to be based on the runtime
autoescaping information at call time instead of macro define time.

Ported a modified version of the tojson filter from Flask to Jinja2
and hooked it up with the new policy framework.

Block sets are now marked safe by default.

On Python 2 the asciification of ASCII strings can now be disabled with
the compiler.ascii_str policy.

Tests now no longer accept an arbitrary expression as first argument but
a restricted one. This means that you can now properly use multiple
tests in one expression without extra parentheses. In particular you can
now write foo is divisibleby 2 or foo is divisibleby 3
as you would expect.

Greatly changed the scoping system to be more consistent with what template
designers and developers expect. There is now no more magic difference
between the different include and import constructs. Context is now always
propagated the same way. The only remaining differences is the defaults
for with context and without context.

The with and autoescape tags are now built-in.

Added the new select_autoescape function which helps configuring better
autoescaping easier.

2.8.2

(bugfix release, unreleased)

Fixed a runtime error in the sandbox when attributes of async generators
were accessed.

2.8.1

(bugfix release, released on December 29th 2016)

Fixed the for_qs flag for urlencode.

Fixed regression when applying int to non-string values.

SECURITY: if the sandbox mode is used format expressions are now sandboxed
with the same rules as in Jinja. This solves various information leakage
problems that can occur with format strings.

2.8

(codename Replacement, released on July 26th 2015)

Added target parameter to urlize function.

Added support for followsymlinks to the file system loader.

The truncate filter now counts the length.

Added equalto filter that helps with select filters.

Changed cache keys to use absolute file names if available
instead of load names.

Fixed loop length calculation for some iterators.

Changed how Jinja2 enforces strings to be native strings in
Python 2 to work when people break their default encoding.

Added :func:make_logging_undefined which returns an undefined
object that logs failures into a logger.

If unmarshalling of cached data fails the template will be
reloaded now.

Implemented a block set tag.

Default cache size was increased to 400 from a low 50.

Fixed is number test to accept long integers in all Python versions.

Changed is number to accept Decimal as a number.

Added a check for default arguments followed by non-default arguments. This
change makes {% macro m(x, y=1, z) %}...{% endmacro %} a syntax error. The
previous behavior for this code was broken anyway (resulting in the default
value being applied to y).

Add ability to use custom subclasses of jinja2.compiler.CodeGenerator and
jinja2.runtime.Context by adding two new attributes to the environment
(code_generator_class and context_class) (pull request 404).

added support for context/environment/evalctx decorator functions on
the finalize callback of the environment.

escape query strings for urlencode properly. Previously slashes were not
escaped in that place.

Add 'base' parameter to 'int' filter.

2.7.3

(bugfix release, released on June 6th 2014)

Security issue: Corrected the security fix for the cache folder. This
fix was provided by RedHat.

MarkupSafe 0.18 -> 1.0

1.0

Fixed custom types not invoking __unicode__ when used
with format().

Added __version__ module attribute

Improve unescape code to leave lone ampersands alone.

WTForms 1.0.5 -> 2.1

2.1

Released December 15, 2015

Added render_kw to allow default rendering time options.

Updated / added a number of localizations

Updated docs

Allow widgets to set flags

2.0.2

Released January 18, 2015

Added more localizations and updated some.

Validators for email and URL can validate IDNA-encoded domain names and new TLDs

Better DeprecationWarnings

Support localization files in /usr/share/locale (for distro packaging)

2.0.1

Released July 1, 2014

Update wheel install to conditionally install ordereddict for python 2.6.

Doc improvements

2.0

Released May 20, 2014

Add new class Meta paradigm for much more powerful customization
of WTForms.

Move i18n into core. Deprecate wtforms.ext.i18n.

Move CSRF into core. Deprecate wtforms.ext.csrf.

Fix issue rendering SelectFields with value=True

Make DecimalField able to use babel locale-based number formatting.

Drop Python 3.2 support (Python3 support for 3.3+ only)

passing attr=False to WTForms widgets causes the value to be ignored.

Unique validator in wtforms.ext.sqlalchemy has been removed.

Werkzeug 0.9.4 -> 0.12.1

0.12.1

Released on March 15th 2017

Fix crash of reloader (used on debug mode) on Windows.
(OSError: [WinError 10038]). See pull request 1081

Partially revert change to class hierarchy of Headers. See 1084.

0.12

Released on March 10th 2017

Spit out big deprecation warnings for werkzeug.script

Use inspect.getfullargspec internally when available as
inspect.getargspec is gone in 3.6

Added support for status code 451 and 423

Improved the build error suggestions. In particular only if
someone stringifies the error will the suggestions be calculated.

Added support for uWSGI's caching backend.

Fix a bug where iterating over a FileStorage would result in an infinite
loop.

Datastructures now inherit from the relevant baseclasses from the
collections module in the stdlib. See 794.

Add support for recognizing NetBSD, OpenBSD, FreeBSD, DragonFlyBSD platforms
in the user agent string.

Recognize SeaMonkey browser name and version correctly

Recognize Baiduspider, and bingbot user agents

If LocalProxy's wrapped object is a function, refer to it with wrapped
attribute.

The defaults of generate_password_hash have been changed to more secure
ones, see pull request 753.

Add support for encoding in options header parsing, see pull request
933.

test.Client now properly handles Location headers with relative URLs, see
pull request 879.

When HTTPException is raised, it now prints the description, for easier
debugging.

Werkzeug's dict-like datastructures now have view-methods under Python 2,
see pull request 968.

Fix a bug in MultiPartParser when no stream_factory was provided
during initialization, see pull request 973.

Disable autocorrect and spellchecker in the debugger middleware's Python
prompt, see pull request 994.

Don't redirect to slash route when method doesn't match, see pull request
907.

Fix a bug when using SharedDataMiddleware with frozen packages, see pull
request 959.

Range header parsing function fixed for invalid values 974.

Add support for byte Range Requests, see pull request 978.

Use modern cryptographic defaults in the dev servers 1004.

the post() method of the test client now accept file object through the data
parameter.

Color run_simple's terminal output based on HTTP codes 1013.

Fix self-XSS in debugger console, see 1031.

Fix IPython 5.x shell support, see 1033.

0.11.16

werkzeug.serving: set CONTENT_TYPE / CONTENT_LENGTH if only they're provided by the client

werkzeug.serving: Fix crash of reloader when using python -m werkzeug.serving.

0.11.15

Released on December 30th 2016.

Bugfix for the bugfix in the previous release.

0.11.14

Released on December 30th 2016.

Check if platform can fork before importing ForkingMixIn, raise exception
when creating ForkingWSGIServer on such a platform, see PR 999.

0.11.13

Released on December 26th 2016.

Correct fix for the reloader issuer on certain Windows installations.

0.11.12

Released on December 26th 2016.

Fix more bugs in multidicts regarding empty lists. See 1000.

Add some docstrings to some EnvironBuilder properties that were previously
unintentionally missing.

Added a workaround for the reloader on windows.

0.11.11

Released on August 31st 2016.

Fix JSONRequestMixin for Python3. See 731

Fix broken string handling in test client when passing integers. See 852

Fix a bug in parse_options_header where an invalid content type
starting with comma or semi-colon would result in an invalid return value,
see issue 995.

Fix a bug in multidicts when passing empty lists as values, see issue
979.

Fix a security issue that allows XSS on the Werkzeug debugger. See 1001.

0.11.10

Released on May 24th 2016.

Fixed a bug that occurs when running on Python 2.6 and using a broken locale.
See pull request 912.

Fixed a crash when running the debugger on Google App Engine. See issue 925.

Fixed an issue with multipart parsing that could cause memory exhaustion.

0.11.9

Released on April 24th 2016.

Corrected an issue that caused the debugger not to use the
machine GUID on POSIX systems.

Corrected a Unicode error on Python 3 for the debugger's
PIN usage.

Corrected the timestamp verification in the pin debug code.
Without this fix the pin was remembered for too long.

0.11.8

Released on April 15th 2016.

fixed a problem with the machine GUID detection code on OS X
on Python 3.

0.11.7

Released on April 14th 2016.

fixed a regression on Python 3 for the debugger.

0.11.6

Released on April 14th 2016.

werkzeug.serving: Still show the client address on bad requests.

improved the PIN based protection for the debugger to make it harder to
brute force via trying cookies. Please keep in mind that the debugger
is not intended for running on production environments

increased the pin timeout to a week to make it less annoying for people
which should decrease the chance that users disable the pin check
entirely.

werkzeug.serving: Fix broken HTTP_HOST when path starts with double slash.

0.11.5

Released on March 22nd 2016.

werkzeug.serving: Fix crash when attempting SSL connection to HTTP server.

0.11.4

Released on February 14th 2016.

Fixed werkzeug.serving not working from -m flag.

Fixed incorrect weak etag handling.

0.11.3

Released on December 20th 2015.

Fixed an issue with copy operations not working against
proxies.

Changed the logging operations of the development server to
correctly log where the server is running in all situations
again.

Fixed another regression with SSL wrapping similar to the
fix in 0.11.2 but for a different code path.

0.11.2

Released on November 12th 2015.

Fix inheritable sockets on Windows on Python 3.

Fixed an issue with the forking server not starting any longer.

Fixed SSL wrapping on platforms that supported opening sockets
by file descriptor.

No longer log from the watchdog reloader.

Unicode errors in hosts are now better caught or converted into
bad request errors.

0.11.1

Released on November 10th 2015.

Fixed a regression on Python 3 in the debugger.

0.11

Released on November 8th 2015, codename Gleisbaumaschine.

Added reloader_paths option to run_simple and other functions in
werkzeug.serving. This allows the user to completely override the Python
module watching of Werkzeug with custom paths.

Many custom cached properties of Werkzeug's classes are now subclasses of
Python's property type (issue 616).

bind_to_environ now doesn't differentiate between implicit and explicit
default port numbers in HTTP_HOST (pull request 204).

BuildErrors are now more informative. They come with a complete sentence
as error message, and also provide suggestions (pull request 691).

Fix a bug in the user agent parser where Safari's build number instead of
version would be extracted (pull request 703).

Fixed issue where RedisCache set_many was broken for twemproxy, which doesn't
support the default MULTI command (pull request 702).

mimetype parameters on request and response classes are now always
converted to lowercase.

Changed cache so that cache never expires if timeout is 0. This also fixes
an issue with redis setex (issue 550)

Werkzeug now assumes UTF-8 as filesystem encoding on Unix if Python
detected it as ASCII.

New optional has method on caches.

Fixed various bugs in parse_options_header (pull request 643).

If the reloader is enabled the server will now open the socket in the parent
process if this is possible. This means that when the reloader kicks in
the connection from client will wait instead of tearing down. This does
not work on all Python versions.

Implemented PIN based authentication for the debugger. This can optionally
be disabled but is discouraged. This change was necessary as it has been
discovered that too many people run the debugger in production.

Devserver no longer requires SSL module to be installed.

0.10.5

(bugfix release, release date yet to be decided)

Reloader: Correctly detect file changes made by moving temporary files over
the original, which is e.g. the case with PyCharm (pull request 722).

Fix bool behavior of werkzeug.datastructures.ETags under Python 3 (issue
744).

0.10.4

(bugfix release, released on March 26th 2015)

Re-release of 0.10.3 with packaging artifacts manually removed.

0.10.3

(bugfix release, released on March 26th 2015)

Re-release of 0.10.2 without packaging artifacts.

0.10.2

(bugfix release, released on March 26th 2015)

Fixed issue where empty could break third-party libraries that relied on
keyword arguments (pull request 675)

Improved Rule.empty by providing a ```get_empty_kwargsto allow setting custom kwargs without having to override entireempty`` method. (pull
request ``675``)

Fixed extra_files parameter for reloader to not cause startup
to crash when included in server params

Using MultiDict when building URLs is now not supported again. The behavior
introduced several regressions.

Fix performance problems with stat-reloader (pull request 715).

0.10.1

(bugfix release, released on February 3rd 2015)

Fixed regression with multiple query values for URLs (pull request 667).

Fix issues with eventlet's monkeypatching and the builtin server (pull
request 663).

0.10

Released on January 30th 2015, codename Bagger.

Changed the error handling of and improved testsuite for the caches in
contrib.cache.

Fixed a bug on Python 3 when creating adhoc ssl contexts, due to sys.maxint
not being defined.

Fixed a bug on Python 3, that caused
:func:~werkzeug.serving.make_ssl_devcert to fail with an exception.

Added exceptions for 504 and 505.

Added support for ChromeOS detection.

Added UUID converter to the routing system.

Added message that explains how to quit the server.

Fixed a bug on Python 2, that caused len for
:class:werkzeug.datastructures.CombinedMultiDict to crash.

Added support for stdlib pbkdf2 hmac if a compatible digest
is found.

Ported testsuite to use py.test.

Minor optimizations to various middlewares (pull requests 496 and
571).

Use stdlib ssl module instead of OpenSSL for the builtin server
(issue 434). This means that OpenSSL contexts are not supported anymore,
but instead ssl.SSLContext from the stdlib.

Allow protocol-relative URLs when building external URLs.

Fixed Atom syndication to print time zone offset for tz-aware datetime
objects (pull request 254).

Improved reloader to track added files and to recover from broken
sys.modules setups with syntax errors in packages.

cache.RedisCache now supports arbitrary **kwargs for the redis
object.

werkzeug.test.Client now uses the original request method when resolving
307 redirects (pull request 556).

werkzeug.datastructures.MIMEAccept now properly deals with mimetype
parameters (pull request 205).

werkzeug.datastructures.Accept now handles a quality of 0 as
intolerable, as per RFC 2616 (pull request 536).

werkzeug.urls.url_fix now properly encodes hostnames with idna
encoding (issue 559). It also doesn't crash on malformed URLs anymore
(issue 582).

werkzeug.routing.MapAdapter.match now recognizes the difference between
the path / and an empty one (issue 360).

The interactive debugger now tries to decode non-ascii filenames (issue
469).

Increased default key size of generated SSL certificates to 1024 bits (issue
611).

Added support for specifying a Response subclass to use when calling
:func:~werkzeug.utils.redirect\ .

werkzeug.test.EnvironBuilder now doesn't use the request method anymore
to guess the content type, and purely relies on the form, files and
input_stream properties (issue 620).

Added Symbian to the user agent platform list.

Fixed make_conditional to respect automatically_set_content_length

Unset Content-Length when writing to response.stream (issue 451)

wrappers.Request.method is now always uppercase, eliminating
inconsistencies of the WSGI environment (issue 647).

routing.Rule.empty now works correctly with subclasses of Rule (pull
request 645).

Made map updating safe in light of concurrent updates.

Allow multiple values for the same field for url building (issue 658).

0.9.7

Fixed uri_to_iri() not re-encoding hashes in query string parameters.

0.9.6

(bugfix release, released on June 7th 2014)

Added a safe conversion for IRI to URI conversion and use that
internally to work around issues with spec violations for
protocols such as itms-service.

0.9.5

(bugfix release, released on June 7th 2014)

Forward charset argument from request objects to the environ
builder.

Fixed error handling for missing boundaries in multipart data.

Fixed session creation on systems without os.urandom().

Fixed pluses in dictionary keys not being properly URL encoded.

Fixed a problem with deepcopy not working for multi dicts.

Fixed a double quoting issue on redirects.

Fixed a problem with unicode keys appearing in headers on 2.x.

Fixed a bug with unicode strings in the test builder.

Fixed a unicode bug on Python 3 in the WSGI profiler.

Fixed an issue with the safe string compare function on
Python 2.7.7 and Python 3.4.

coverage 3.7.1 -> 4.3.4

4.3.4

Fixing 2.6 in version 4.3.3 broke other things, because the too-tricky
exception wasn't properly derived from Exception, described in issue 556_.
A newb mistake; it hasn't been a good few days.

.. _issue 556: https://bitbucket.org/ned/coveragepy/issues/556/43-fails-if-there-are-html-files-in-the

.. _changes_433:

4.3.3

Python 2.6 support was broken due to a testing exception imported for the
benefit of the coverage.py test suite. Properly conditionalizing it fixed
issue 554_ so that Python 2.6 works again.

.. _issue 554: https://bitbucket.org/ned/coveragepy/issues/554/traceback-on-python-26-starting-with-432

.. _changes_432:

4.3.2

Using the --skip-covered option on an HTML report with 100% coverage
would cause a "No data to report" error, as reported in issue 549_. This is
now fixed; thanks, Loïc Dachary.

If-statements can be optimized away during compilation, for example, if 0:
or if __debug__:. Coverage.py had problems properly understanding these
statements which existed in the source, but not in the compiled bytecode.
This problem, reported in issue 522_, is now fixed.

If you specified --source as a directory, then coverage.py would look for
importable Python files in that directory, and could identify ones that had
never been executed at all. But if you specified it as a package name, that
detection wasn't performed. Now it is, closing issue 426_. Thanks to Loïc
Dachary for the fix.

If you started and stopped coverage measurement thousands of times in your
process, you could crash Python with a "Fatal Python error: deallocating
None" error. This is now fixed. Thanks to Alex Groce for the bug report.

On PyPy, measuring coverage in subprocesses could produce a warning: "Trace
function changed, measurement is likely wrong: None". This was spurious, and
has been suppressed.

Previously, coverage.py couldn't start on Jython, due to that implementation
missing the multiprocessing module (issue 551). This problem has now been
fixed. Also, issue 322 about not being able to invoke coverage
conveniently, seems much better: jython -m coverage run myprog.py works
properly.

Let's say you ran the HTML report over and over again in the same output
directory, with --skip-covered. And imagine due to your heroic
test-writing efforts, a file just acheived the goal of 100% coverage. With
coverage.py 4.3, the old HTML file with the less-than-100% coverage would be
left behind. This file is now properly deleted.

.. _issue 322: https://bitbucket.org/ned/coveragepy/issues/322/cannot-use-coverage-with-jython
.. issue 426: https://bitbucket.org/ned/coveragepy/issues/426/difference-between-coverage-results-with
.. issue 522: https://bitbucket.org/ned/coveragepy/issues/522/incorrect-branch-reporting-with-__debug
.. _issue 549: https://bitbucket.org/ned/coveragepy/issues/549/skip-covered-with-100-coverage-throws-a-no
.. _issue 551: https://bitbucket.org/ned/coveragepy/issues/551/coveragepy-cannot-be-imported-in-jython27

.. _changes_431:

4.3.1

Some environments couldn't install 4.3, as described in issue 540_. This is
now fixed.

The check for conflicting --source and --include was too simple in a
few different ways, breaking a few perfectly reasonable use cases, described
in issue 541. The check has been reverted while we re-think the fix for
issue 265.

.. _issue 540: https://bitbucket.org/ned/coveragepy/issues/540/cant-install-coverage-v43-into-under
.. _issue 541: https://bitbucket.org/ned/coveragepy/issues/541/coverage-43-breaks-nosetest-with-coverage

.. _changes_43:

4.3

Special thanks to Loïc Dachary, who took an extraordinary interest in
coverage.py and contributed a number of improvements in this release.

Subprocesses that are measured with automatic subprocess measurement_ used
to read in any pre-existing data file. This meant data would be incorrectly
carried forward from run to run. Now those files are not read, so each
subprocess only writes its own data. Fixes issue 510_.

The coverage combine command will now fail if there are no data files to
combine. The combine changes in 4.2 meant that multiple combines could lose
data, leaving you with an empty .coverage data file. Fixes
issue 525, issue 412, issue 516, and probably issue 511.

Coverage.py wouldn't execute sys.excepthook_ when an exception happened in
your program. Now it does, thanks to Andrew Hoos. Closes issue 535_.

Branch coverage fixes:

Branch coverage could misunderstand a finally clause on a try block that
never continued on to the following statement, as described in issue 493_. This is now fixed. Thanks to Joe Doherty for the report and Loïc
Dachary for the fix.

A while loop with a constant condition (while True) and a continue
statement would be mis-analyzed, as described in issue 496_. This is now
fixed, thanks to a bug report by Eli Skeggs and a fix by Loïc Dachary.

While loops with constant conditions that were never executed could result
in a non-zero coverage report. Artem Dayneko reported this in issue 502_, and Loïc Dachary provided the fix.

The HTML report now supports a --skip-covered option like the other
reporting commands. Thanks, Loïc Dachary for the implementation, closing
issue 433_.

Options can now be read from a tox.ini file, if any. Like setup.cfg, sections
are prefixed with "coverage:", so [run] options will be read from the
[coverage:run] section of tox.ini. Implements part of issue 519_.
Thanks, Stephen Finucane.

Specifying both --source and --include no longer silently ignores the
include setting, instead it fails with a message. Thanks, Nathan Land and
Loïc Dachary. Closes issue 265_.

The Coverage.combine method has a new parameter, strict=False, to
support failing if there are no data files to combine.

When forking subprocesses, the coverage data files would have the same random
number appended to the file name. This didn't cause problems, because the
file names had the process id also, making collisions (nearly) impossible.
But it was disconcerting. This is now fixed.

The text report now properly sizes headers when skipping some files, fixing
issue 524_. Thanks, Anthony Sottile and Loïc Dachary.

Coverage.py can now search .pex files for source, just as it can .zip and
.egg. Thanks, Peter Ebden.

Data files are now about 15% smaller.

Improvements in the [run] debug setting:

The "dataio" debug setting now also logs when data files are deleted during
combining or erasing.

A new debug option, "multiproc", for logging the behavior of
concurrency=multiprocessing.

If you used the debug options "config" and "callers" together, you'd get a
call stack printed for every line in the multi-line config output. This is
now fixed.

Fixed an unusual bug involving multiple coding declarations affecting code
containing code in multi-line strings: issue 529_.

Coverage.py will no longer be misled into thinking that a plain file is a
package when interpreting --source options. Thanks, Cosimo Lupo.

If you try to run a non-Python file with coverage.py, you will now get a more
useful error message. Issue 514_.

The default pragma regex changed slightly, but this will only matter to you
if you are deranged and use mixed-case pragmas.

Deal properly with non-ASCII file names in an ASCII-only world, issue 533_.

Programs that set Unicode configuration values could cause UnicodeErrors when
generating HTML reports. Pytest-cov is one example. This is now fixed.

Prevented deprecation warnings from configparser that happened in some
circumstances, closing issue 530_.

Corrected the name of the jquery.ba-throttle-debounce.js library. Thanks,
Ben Finney. Closes issue 505_.

Testing against PyPy 5.6 and PyPy3 5.5.

Switched to pytest from nose for running the coverage.py tests.

Renamed AUTHORS.txt to CONTRIBUTORS.txt, since there are other ways to
contribute than by writing code. Also put the count of contributors into the
author string in setup.py, though this might be too cute.

.. _sys.excepthook: https://docs.python.org/3/library/sys.htmlsys.excepthook
.. _issue 265: https://bitbucket.org/ned/coveragepy/issues/265/when-using-source-include-is-silently
.. _issue 412: https://bitbucket.org/ned/coveragepy/issues/412/coverage-combine-should-error-if-no
.. _issue 433: https://bitbucket.org/ned/coveragepy/issues/433/coverage-html-does-not-suport-skip-covered
.. _issue 493: https://bitbucket.org/ned/coveragepy/issues/493/confusing-branching-failure
.. _issue 496: https://bitbucket.org/ned/coveragepy/issues/496/incorrect-coverage-with-branching-and
.. _issue 502: https://bitbucket.org/ned/coveragepy/issues/502/incorrect-coverage-report-with-cover
.. _issue 505: https://bitbucket.org/ned/coveragepy/issues/505/use-canonical-filename-for-debounce
.. _issue 514: https://bitbucket.org/ned/coveragepy/issues/514/path-to-problem-file-not-reported-when
.. _issue 510: https://bitbucket.org/ned/coveragepy/issues/510/erase-still-needed-in-42
.. _issue 511: https://bitbucket.org/ned/coveragepy/issues/511/version-42-coverage-combine-empties
.. _issue 516: https://bitbucket.org/ned/coveragepy/issues/516/running-coverage-combine-twice-deletes-all
.. _issue 519: https://bitbucket.org/ned/coveragepy/issues/519/coverage-run-sections-in-toxini-or-as
.. _issue 524: https://bitbucket.org/ned/coveragepy/issues/524/coverage-report-with-skip-covered-column
.. _issue 525: https://bitbucket.org/ned/coveragepy/issues/525/coverage-combine-when-not-in-parallel-mode
.. _issue 529: https://bitbucket.org/ned/coveragepy/issues/529/encoding-marker-may-only-appear-on-the
.. _issue 530: https://bitbucket.org/ned/coveragepy/issues/530/deprecationwarning-you-passed-a-bytestring
.. _issue 533: https://bitbucket.org/ned/coveragepy/issues/533/exception-on-unencodable-file-name
.. _issue 535: https://bitbucket.org/ned/coveragepy/issues/535/sysexcepthook-is-not-called

.. _changes_42:

4.2

Since concurrency=multiprocessing uses subprocesses, options specified on
the coverage.py command line will not be communicated down to them. Only
options in the configuration file will apply to the subprocesses.
Previously, the options didn't apply to the subprocesses, but there was no
indication. Now it is an error to use --concurrency=multiprocessing and
other run-affecting options on the command line. This prevents
failures like those reported in issue 495_.

Filtering the HTML report is now faster, thanks to Ville Skyttä.

.. _issue 495: https://bitbucket.org/ned/coveragepy/issues/495/branch-and-concurrency-are-conflicting

4.2b1

Work from the PyCon 2016 Sprints!

BACKWARD INCOMPATIBILITY: the coverage combine command now ignores an
existing .coverage data file. It used to include that file in its
combining. This caused confusing results, and extra tox "clean" steps. If
you want the old behavior, use the new coverage combine --append option.

The concurrency option can now take multiple values, to support programs
using multiprocessing and another library such as eventlet. This is only
possible in the configuration file, not from the command line. The
configuration file is the only way for sub-processes to all run with the same
options. Fixes issue 484_. Thanks to Josh Williams for prototyping.

Using a concurrency setting of multiprocessing now implies
--parallel so that the main program is measured similarly to the
sub-processes.

When using automatic subprocess measurement, running coverage commands
would create spurious data files. This is now fixed, thanks to diagnosis and
testing by Dan Riti. Closes issue 492.

A new configuration option, report:sort, controls what column of the
text report is used to sort the rows. Thanks to Dan Wandschneider, this
closes issue 199_.

The HTML report has a more-visible indicator for which column is being
sorted. Closes issue 298_, thanks to Josh Williams.

If the HTML report cannot find the source for a file, the message now
suggests using the -i flag to allow the report to continue. Closes
issue 231_, thanks, Nathan Land.

When reports are ignoring errors, there's now a warning if a file cannot be
parsed, rather than being silently ignored. Closes issue 396_. Thanks,
Matthew Boehm.

A new option for coverage debug is available: coverage debug config
shows the current configuration. Closes issue 454_, thanks to Matthew
Boehm.

Running coverage as a module (python -m coverage) no longer shows the
program name as __main__.py. Fixes issue 478_. Thanks, Scott Belden.

The test_helpers module has been moved into a separate pip-installable
package: unittest-mixins_.

.. _automatic subprocess measurement: http://coverage.readthedocs.io/en/latest/subprocess.html
.. _issue 199: https://bitbucket.org/ned/coveragepy/issues/199/add-a-way-to-sort-the-text-report
.. _issue 231: https://bitbucket.org/ned/coveragepy/issues/231/various-default-behavior-in-report-phase
.. _issue 298: https://bitbucket.org/ned/coveragepy/issues/298/show-in-html-report-that-the-columns-are
.. _issue 396: https://bitbucket.org/ned/coveragepy/issues/396/coverage-xml-shouldnt-bail-out-on-parse
.. _issue 454: https://bitbucket.org/ned/coveragepy/issues/454/coverage-debug-config-should-be
.. _issue 478: https://bitbucket.org/ned/coveragepy/issues/478/help-shows-silly-program-name-when-running
.. _issue 484: https://bitbucket.org/ned/coveragepy/issues/484/multiprocessing-greenlet-concurrency
.. _issue 492: https://bitbucket.org/ned/coveragepy/issues/492/subprocess-coverage-strange-detection-of
.. _unittest-mixins: https://pypi.python.org/pypi/unittest-mixins

.. _changes_41:

4.1

The internal attribute Reporter.file_reporters was removed in 4.1b3. It
should have come has no surprise that there were third-party tools out there
using that attribute. It has been restored, but with a deprecation warning.

4.1b3

When running your program, execution can jump from an except X: line to
some other line when an exception other than X happens. This jump is no
longer considered a branch when measuring branch coverage.

When measuring branch coverage, yield statements that were never resumed
were incorrectly marked as missing, as reported in issue 440_. This is now
fixed.

During branch coverage of single-line callables like lambdas and generator
expressions, coverage.py can now distinguish between them never being called,
or being called but not completed. Fixes issue 90, issue 460 and
issue 475_.

The HTML report now has a map of the file along the rightmost edge of the
page, giving an overview of where the missed lines are. Thanks, Dmitry
Shishov.

The HTML report now uses different monospaced fonts, favoring Consolas over
Courier. Along the way, issue 472_ about not properly handling one-space
indents was fixed. The index page also has slightly different styling, to
try to make the clickable detail pages more apparent.

Missing branches reported with coverage report -m will now say ->exit
for missed branches to the exit of a function, rather than a negative number.
Fixes issue 469_.

coverage --help and coverage --version now mention which tracer is
installed, to help diagnose problems. The docs mention which features need
the C extension. (issue 479_)

Officially support PyPy 5.1, which required no changes, just updates to the
docs.

The Coverage.report function had two parameters with non-None defaults,
which have been changed. show_missing used to default to True, but now
defaults to None. If you had been calling Coverage.report without
specifying show_missing, you'll need to explicitly set it to True to keep
the same behavior. skip_covered used to default to False. It is now None,
which doesn't change the behavior. This fixes issue 485_.

It's never been possible to pass a namespace module to one of the analysis
functions, but now at least we raise a more specific error message, rather
than getting confused. (issue 456_)

The coverage.process_startup function now returns the Coverage instance
it creates, as suggested in issue 481_.

Make a small tweak to how we compare threads, to avoid buggy custom
comparison code in thread classes. (issue 245_)

.. _issue 90: https://bitbucket.org/ned/coveragepy/issues/90/lambda-expression-confuses-branch
.. _issue 245: https://bitbucket.org/ned/coveragepy/issues/245/change-solution-for-issue-164
.. _issue 440: https://bitbucket.org/ned/coveragepy/issues/440/yielded-twisted-failure-marked-as-missed
.. _issue 456: https://bitbucket.org/ned/coveragepy/issues/456/coverage-breaks-with-implicit-namespaces
.. _issue 460: https://bitbucket.org/ned/coveragepy/issues/460/confusing-html-report-for-certain-partial
.. _issue 469: https://bitbucket.org/ned/coveragepy/issues/469/strange-1-line-number-in-branch-coverage
.. _issue 472: https://bitbucket.org/ned/coveragepy/issues/472/html-report-indents-incorrectly-for-one
.. _issue 475: https://bitbucket.org/ned/coveragepy/issues/475/generator-expression-is-marked-as-not
.. _issue 479: https://bitbucket.org/ned/coveragepy/issues/479/clarify-the-need-for-the-c-extension
.. _issue 481: https://bitbucket.org/ned/coveragepy/issues/481/asyncioprocesspoolexecutor-tracing-not
.. _issue 485: https://bitbucket.org/ned/coveragepy/issues/485/coveragereport-ignores-show_missing-and

4.1b2

Problems with the new branch measurement in 4.1 beta 1 were fixed:

Class docstrings were considered executable. Now they no longer are.

yield from and await were considered returns from functions, since
they could tranfer control to the caller. This produced unhelpful "missing
branch" reports in a number of circumstances. Now they no longer are
considered returns.

In unusual situations, a missing branch to a negative number was reported.
This has been fixed

b-reich

works

pyup-bot added 14 commits April 16, 2017 19:08

Update fabric from 1.8.2 to 1.13.1

0d8e7c9

Update flask from 0.10.1 to 0.12.1

b31fb4e

Update flask-sqlalchemy from 1.0 to 2.2

baf125c

Update flask-wtf from 0.9.4 to 0.14.2

9b81bce

Update jinja2 from 2.7.2 to 2.9.6

1d070a3

Update markupsafe from 0.18 to 1.0

4ba8284

Update sqlalchemy from 0.9.3 to 1.1.9

783f480

Update wtforms from 1.0.5 to 2.1

d7ed571

Update werkzeug from 0.9.4 to 0.12.1

800b425

Update coverage from 3.7.1 to 4.3.4

3d5e412

Update ecdsa from 0.10 to 0.13

0c58689

Update gunicorn from 19.3.0 to 19.7.1

e459fcf

Update itsdangerous from 0.23 to 0.24

25be715

Update paramiko from 1.12.2 to 2.1.2

55ea68e

b-reich approved these changes Apr 16, 2017

View reviewed changes

b-reich merged commit ac5fce5 into master Apr 16, 2017

b-reich deleted the pyup-initial-update branch April 17, 2017 14:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Initial Update #1

Initial Update #1

pyup-bot commented Apr 16, 2017

b-reich left a comment

Initial Update #1

Initial Update #1

Conversation

pyup-bot commented Apr 16, 2017

Updates

Changelogs

Flask 0.10.1 -> 0.12.1

0.12.1

0.12

0.11.2

0.11.1

0.11

0.10.2

Flask-SQLAlchemy 1.0 -> 2.2

2.2

2.1

2.0

Flask-WTF 0.9.4 -> 0.14.2

0.14.2

0.14.1

0.14

0.13.1

0.13

0.12

0.11

0.10.3

0.10.2

0.10.1

0.10.0

0.9.5

Jinja2 2.7.2 -> 2.9.6

2.9.6

2.9.5

2.9.4

2.9.3

2.9.2

2.9.1

2.9

2.8.2

2.8.1

2.8

2.7.3

MarkupSafe 0.18 -> 1.0

1.0

WTForms 1.0.5 -> 2.1

2.1

2.0.2

2.0.1

2.0

Werkzeug 0.9.4 -> 0.12.1

0.12.1

0.12

0.11.16

0.11.15

0.11.14

0.11.13

0.11.12

0.11.11

0.11.10

0.11.9

0.11.8

0.11.7

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10

0.9.7

0.9.6

0.9.5

coverage 3.7.1 -> 4.3.4

4.3.4