Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin flask-wtf to latest version 0.14.2 #78

Merged
merged 1 commit into from Jan 2, 2018

Conversation

@pyup-bot
Copy link
Contributor

commented Jan 2, 2018

Flask-WTF is not pinned to a specific version.

I'm pinning it to the latest version 0.14.2 for now.

These links might come in handy: PyPI | Changelog | Repo | Docs

Changelog

0.14.2


Released 2017-01-10

  • Fix bug where FlaskForm assumed meta argument was not None if it
    was passed. (278_)

.. _278: lepture/flask-wtf#278

0.14.1


Released 2017-01-10

  • Fix bug where the file validators would incorrectly identify an empty file as
    valid data. (276, 277)
  • FileField is no longer deprecated. The data is checked during
    processing and only set if it's a valid file.
  • has_file is deprecated; it's now equivalent to bool(field.data).
  • FileRequired and FileAllowed work with both the Flask-WTF and
    WTForms FileField classes.
  • The Optional validator now works with FileField.

.. _276: lepture/flask-wtf#276
.. _277: lepture/flask-wtf#277

0.14


Released 2017-01-06

  • Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
    ourselves. (264_)
  • All tokens are URL safe, removing the url_safe parameter from
    generate_csrf. (206_)
  • All tokens store a timestamp, which is checked in validate_csrf. The
    time_limit parameter of generate_csrf is removed.
  • Remove the app attribute from CsrfProtect, use current_app.
    (264_)
  • CsrfProtect protects the DELETE method by default. (264_)
  • The same CSRF token is generated for the lifetime of a request. It is exposed
    as g.csrf_token for use during testing. (227, 264)
  • CsrfProtect.error_handler is deprecated. (264_)
  • Handlers that return a response work in addition to those that raise an
    error. The behavior was not clear in previous docs.
  • (200, 209, 243, 252)
  • Use Form.Meta instead of deprecated SecureForm for CSRF (and
    everything else). (216, 271)
  • csrf_enabled parameter is still recognized but deprecated. All other
    attributes and methods from SecureForm are removed. (271_)
  • Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
    (271_)
  • validate_csrf raises wtforms.ValidationError with specific messages
    instead of returning True or False. This breaks anything that was
    calling the method directly. (239, 271)
  • CSRF errors are logged as well as raised. (239_)
  • CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
    when using the old name. CsrfError is renamed to CSRFError without
    deprecation. (271_)
  • FileField is deprecated because it no longer provides functionality over
    the provided validators. Use wtforms.FileField directly. (272_)

.. _200: lepture/flask-wtf#200
.. _209: lepture/flask-wtf#209
.. _216: lepture/flask-wtf#216
.. _227: lepture/flask-wtf#227
.. _239: lepture/flask-wtf#239
.. _243: lepture/flask-wtf#243
.. _252: lepture/flask-wtf#252
.. _264: lepture/flask-wtf#264
.. _271: lepture/flask-wtf#271
.. _272: lepture/flask-wtf#272

0.13.1


Released 2016/10/6

  • Deprecation warning for Form is shown during __init__ instead of immediately when subclassing. (262_)
  • Don't use pkg_resources to get version, for compatibility with GAE. (261_)

.. _261: lepture/flask-wtf#261
.. _262: lepture/flask-wtf#262

0.13


Released 2016/09/29

  • Form is renamed to FlaskForm in order to avoid name collision with WTForms's base class. Using Form will show a deprecation warning. (250_)
  • hidden_tag no longer wraps the hidden inputs in a hidden div. This is valid HTML5 and any modern HTML parser will behave correctly. (217, 193)
  • flask_wtf.html5 is deprecated. Import directly from wtforms.fields.html5. (251_)
  • is_submitted is true for PATCH and DELETE in addition to POST and PUT. (187_)
  • generate_csrf takes a token_key parameter to specify the key stored in the session. (206_)
  • generate_csrf takes a url_safe parameter to allow the token to be used in URLs. (206_)
  • form.data can be accessed multiple times without raising an exception. (248_)
  • File extension with multiple parts (.tar.gz) can be used in the FileAllowed validator. (201_)

.. _187: lepture/flask-wtf#187
.. _193: lepture/flask-wtf#193
.. _201: lepture/flask-wtf#201
.. _206: lepture/flask-wtf#206
.. _217: lepture/flask-wtf#217
.. _248: lepture/flask-wtf#248
.. _250: lepture/flask-wtf#250
.. _251: lepture/flask-wtf#251

0.12


Released 2015/07/09

  • Abstract protect_csrf() into a separate method
  • Update reCAPTCHA configuration
  • Fix reCAPTCHA error handle

0.11


Released 2015/01/21

  • Use the new reCAPTCHA API via 164_.

.. _164: lepture/flask-wtf#164

0.10.3


Released 2014/11/16

  • Add configuration: WTF_CSRF_HEADERS via 159_.
  • Support customize hidden tags via 150_.
  • And many more bug fixes

.. _150: lepture/flask-wtf#150
.. _159: lepture/flask-wtf#159

0.10.2


Released 2014/09/03

  • Update translation for reCaptcha via 146_.

.. _146: lepture/flask-wtf#146

0.10.1


Released 2014/08/26

  • Update RECAPTCHA API SERVER URL via 145_.
  • Update requirement Werkzeug>=0.9.5
  • Fix CsrfProtect exempt for blueprints via 143_.

.. _145: lepture/flask-wtf#145
.. _143: lepture/flask-wtf#143

0.10.0


Released 2014/07/16

  • Add configuration: WTF_CSRF_METHODS
  • Support WTForms 2.0 now
  • Fix csrf validation without time limit (time_limit=False)
  • CSRF exempt supports blueprint 111_.

.. _111: lepture/flask-wtf#111

0.9.5


Released 2014/03/21

  • csrf_token for all template types 112_.
  • Make FileRequired a subclass of InputRequired 108_.

.. _108: lepture/flask-wtf#108
.. _112: lepture/flask-wtf#112

0.9.4


Released 2013/12/20

  • Bugfix for csrf module when form has a prefix
  • Compatible support for wtforms2
  • Remove file API for FileField

0.9.3


Released 2013/10/02

  • Fix validation of recaptcha when app in testing mode 89_.
  • Bugfix for csrf module 91_

.. _89: lepture/flask-wtf#89
.. _91: lepture/flask-wtf#91

0.9.2


Released 2013/9/11

  • Upgrade wtforms to 1.0.5.
  • No lazy string for i18n 77_.
  • No DateInput widget in html5 81_.
  • PUT and PATCH for CSRF 86_.

.. _77: lepture/flask-wtf#77
.. _81: lepture/flask-wtf#81
.. _86: lepture/flask-wtf#86

0.9.1


Released 2013/8/21

This is a patch version for backward compitable for Flask<0.10 82_.

.. _82: lepture/flask-wtf#82

0.9.0


Released 2013/8/15

  • Add i18n support (issue 65)
  • Use default html5 widgets and fields provided by wtforms
  • Python 3.3+ support
  • Redesign form, replace SessionSecureForm
  • CSRF protection solution
  • Drop wtforms imports
  • Fix recaptcha i18n support
  • Fix recaptcha validator for python 3
  • More test cases, it's 90%+ coverage now
  • Redesign documentation

0.8.4


Released 2013/3/28

  • Recaptcha Validator now returns provided message (issue 66)
  • Minor doc fixes
  • Fixed issue with tests barking because of nose/multiprocessing issue.

0.8.3


Released 2013/3/13

  • Update documentation to indicate pending deprecation of WTForms namespace
    facade
  • PEP8 fixes (issue 64)
  • Fix Recaptcha widget (issue 49)

0.8.2


Initial development by Dan Jacob and Ron Duplain. 0.8.2 and prior there was not
a change log.

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 馃

@fake-name fake-name merged commit dad90e6 into master Jan 2, 2018

1 check passed

pyup.io/safety-ci No dependencies with known security vulnerabilities.
Details

@fake-name fake-name deleted the pyup-pin-flask-wtf-0.14.2 branch Jan 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can鈥檛 perform that action at this time.