Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update pyramid to 1.9.1 #41

wants to merge 1 commit into
base: master


None yet
1 participant
Copy link

commented Feb 5, 2018

There's a new version of pyramid available.
You are currently using 1.7.3. I have updated it to 1.9.1

These links might come in handy: PyPI | Changelog | Homepage




  • No major changes from 1.9b1.
  • Updated documentation links for to use HTTPS.



  • Add an informative error message when unknown predicates are supplied. The
    new message suggests alternatives based on the list of known predicates.
    See Pylons/pyramid#3054
  • Added integrity attributes for JavaScripts in cookiecutters, scaffolds, and
    resulting source files in tutorials.
    See Pylons/pyramid#2548
  • Update RELEASING.txt for updating cookiecutters. Change cookiecutter URLs to
    use shortcut.
    See Pylons/pyramid#3042
  • Ensure the correct threadlocals are pushed during view execution when
    invoked from request.invoke_exception_view.
    See Pylons/pyramid#3060
  • Fix a bug in which failed to return
    a valid iterator in its __iter__ implementation.
    See Pylons/pyramid#3074
  • Normalize the permission results to a proper class hierarchy. is now a subclass of and is now a
    subclass of
    See Pylons/pyramid#3084
  • Add a quote_via argument to pyramid.encode.urlencode to follow
    the stdlib's version and enable custom quoting functions.
    See Pylons/pyramid#3088
  • Support _query=None and _anchor=None in request.route_url as well
    as query=None and anchor=None in request.resource_url.
    Previously this would cause an ? and a ``, respectively, in the url
    with nothing after it. Now the unnecessary parts are dropped from the
    generated URL. See Pylons/pyramid#3034
  • Revamp the IRouter API used by IExecutionPolicy to force
    pushing/popping the request threadlocals. The
    IRouter.make_request(environ) API has been replaced by
    IRouter.request_context(environ) which should be used as a context
    manager. See Pylons/pyramid#3086



Backward Incompatibilities

  • request.exception and request.exc_info will only be set if the
    response was generated by the EXCVIEW tween. This is to avoid any confusion
    where a response was generated elsewhere in the pipeline and not in
    direct relation to the original exception. If anyone upstream wants to
    catch and render responses for exceptions they should set
    request.exception and request.exc_info themselves to indicate
    the exception that was squashed when generating the response.

Similar behavior occurs with request.invoke_exception_view in which
the exception properties are set to reflect the exception if a response
is successfully generated by the method.

This is a very minor incompatibility. Most tweens right now would give
priority to the raised exception and ignore request.exception. This
change just improves and clarifies that bookkeeping by trying to be
more clear about the relationship between the response and its squashed
exception. See Pylons/pyramid#3029 and



Major Features

  • The file format used by all p* command line scripts such as pserve
    and pshell, as well as the pyramid.paster.bootstrap function
    is now replaceable thanks to a new dependency on
    plaster <>_.

For now, Pyramid is still shipping with integrated support for the
PasteDeploy INI format by depending on the
plaster_pastedeploy <>_
binding library. This may change in the future.

See Pylons/pyramid#2985

  • Added an execution policy hook to the request pipeline. An execution
    policy has the ability to control creation and execution of the request
    objects before they enter the rest of the pipeline. This means for a single
    request environ the policy may create more than one request object.

The first library to use this feature is
pyramid_retry <>_.

See Pylons/pyramid#2964

  • CSRF support has been refactored out of sessions and into its own
    independent API in the pyramid.csrf module. It supports a pluggable
    pyramid.interfaces.ICSRFStoragePolicy which can be used to define your
    own mechanism for generating and validating CSRF tokens. By default,
    Pyramid continues to use the pyramid.csrf.LegacySessionCSRFStoragePolicy
    that uses the request.session.get_csrf_token and
    request.session.new_csrf_token APIs under the hood to preserve
    compatibility. Two new policies are shipped as well,
    pyramid.csrf.SessionCSRFStoragePolicy and
    pyramid.csrf.CookieCSRFStoragePolicy which will store the CSRF tokens
    in the session and in a standalone cookie, respectively. The storage policy
    can be changed by using the new
    pyramid.config.Configurator.set_csrf_storage_policy config directive.

CSRF tokens should be used via the new pyramid.csrf.get_csrf_token,
pyramid.csrf.new_csrf_token and pyramid.csrf.check_csrf_token APIs
in order to continue working if the storage policy is changed. Also, the
pyramid.csrf.get_csrf_token function is injected into templates to be
used conveniently in UI code.

See Pylons/pyramid#2854 and

Minor Features

  • Support an open_url config setting in the pserve section of the
    config file. This url is used to open a web browser when pserve --browser
    is invoked. When this setting is unavailable the pserve script will
    attempt to guess the port the server is using from the
    server:<server_name> section of the config file but there is no
    requirement that the server is being run in this format so it may fail.
    See Pylons/pyramid#2984
  • The pyramid.config.Configurator can now be used as a context manager
    which will automatically push/pop threadlocals (similar to
    config.begin() and config.end()). It will also automatically perform
    a config.commit() and thus it is only recommended to be used at the
    top-level of your app. See Pylons/pyramid#2874
  • The threadlocals are now available inside any function invoked via
    config.include. This means the only config-time code that cannot rely
    on threadlocals is code executed from non-actions inside the main. This
    can be alleviated by invoking config.begin() and config.end()
    appropriately or using the new context manager feature of the configurator.
    See Pylons/pyramid#2989

Bug Fixes

  • HTTPException's accepts a detail kwarg that may be used to pass additional
    details to the exception. You may now pass objects so long as they have a
    valid str method. See Pylons/pyramid#2951
  • Fix a reference cycle causing memory leaks in which the registry
    would keep a Configurator instance alive even after the configurator
    was discarded. Another fix was also added for the global_registries
    object in which the registry was stored in a closure preventing it from
    being deallocated. See Pylons/pyramid#2967
  • Fix a bug directly invoking pyramid.scripts.pserve.main with the
    --reload option in which sys.argv is always used in the subprocess
    instead of the supplied argv.
    See Pylons/pyramid#2962


  • Pyramid currently depends on plaster_pastedeploy to simplify the
    transition to plaster by maintaining integrated support for INI files.
    This dependency on plaster_pastedeploy should be considered subject to
    Pyramid's deprecation policy and may be removed in the future.
    Applications should depend on the appropriate plaster binding to satisfy
    their needs.
  • Retrieving CSRF token from the session has been deprecated in favor of
    equivalent methods in the pyramid.csrf module. The CSRF methods
    (ISession.get_csrf_token and ISession.new_csrf_token) are no longer
    required on the ISession interface except when using the default

Also, pyramid.session.check_csrf_token is now located at

See Pylons/pyramid#2854 and

Documentation Changes

  • Added the execution policy to the routing diagram in the Request Processing
    chapter. See Pylons/pyramid#2993



  • No major changes from 1.8b1.




  • Added an override option to config.add_translation_dirs to allow
    later calls to place translation directories at a higher priority than
    earlier calls. See Pylons/pyramid#2902

Documentation Changes

  • Improve registry documentation to discuss uses as a component registry
    and as a dictionary. See Pylons/pyramid#2893
  • Fix unittests in wiki2 to work without different dependencies between
    py2 and py3. See Pylons/pyramid#2899
  • Update Windows documentation to track newer Python 3 improvements to the
    installer. See Pylons/pyramid#2900



Backward Incompatibilities

  • Support for the IContextURL interface that was deprecated in Pyramid 1.3
    has been removed. See Pylons/pyramid#2822
  • Following the Pyramid deprecation period (1.6 -> 1.8),
    daemon support for pserve has been removed. This includes removing the
    daemon commands (start, stop, restart, status) as well as the following
    arguments: --daemon, --pid-file, --log-file,
    --monitor-restart, --status, --user, --group,

To run your server as a daemon you should use a process manager instead of

See Pylons/pyramid#2615

  • pcreate is now interactive by default. You will be prompted if a file
    already exists with different content. Previously if there were similar
    files it would silently skip them unless you specified --interactive
    or --overwrite.
    See Pylons/pyramid#2775
  • Removed undocumented argument cachebust_match from
    pyramid.static.static_view. This argument was shipped accidentally
    in Pyramid 1.6. See Pylons/pyramid#2681
  • Change static view to avoid setting the Content-Encoding response header
    to an encoding guessed using Python's mimetypes module. This was causing
    clients to decode the content of gzipped files when downloading them. The
    client would end up with a foo.txt.gz file on disk that was already
    decoded, thus should really be foo.txt. Also, the Content-Encoding
    should only have been used if the client itself broadcast support for the
    encoding via Accept-Encoding request headers.
    See Pylons/pyramid#2810
  • Settings are no longer accessible as attributes on the settings object
    (e.g. This was deprecated in Pyramid 1.2.
    See Pylons/pyramid#2823


  • pcreate learned about --package-name to allow you to create a new
    project in an existing folder with a different package name than the project
    name. See Pylons/pyramid#2783
  • The _get_credentials private method of BasicAuthAuthenticationPolicy
    has been extracted into standalone function extract_http_basic_credentials
    in pyramid.authentication module, this function extracts HTTP Basic
    credentials from a request object, and returns them as a named tuple.
    See Pylons/pyramid#2662
  • Pyramid 1.4 silently dropped a feature of the configurator that has been
    restored. It's again possible for action discriminators to conflict across
    different action orders.
    See Pylons/pyramid#2757
  • pyramid.paster.bootstrap and its sibling pyramid.scripting.prepare
    can now be used as context managers to automatically invoke the closer
    and pop threadlocals off of the stack to prevent memory leaks.
    See Pylons/pyramid#2760
  • Added pyramid.config.Configurator.add_exception_view and the
    pyramid.view.exception_view_config decorator. It is now possible using
    these methods or via the new exception_only=True option to add_view
    to add a view which will only be matched when handling an exception.
    Previously any exception views were also registered for a traversal
    context that inherited from the exception class which prevented any
    exception-only optimizations.
    See Pylons/pyramid#2660
  • Added the exception_only boolean to
    pyramid.interfaces.IViewDeriverInfo which can be used by view derivers
    to determine if they are wrapping a view which only handles exceptions.
    This means that it is no longer necessary to perform request-time checks
    for request.exception to determine if the view is handling an exception
  • the pipeline can be optimized at config-time.
    See Pylons/pyramid#2660
  • pserve should now work with gevent and other workers that need
    to monkeypatch the process, assuming the server and / or the app do so
    as soon as possible before importing the rest of pyramid.
    See Pylons/pyramid#2797
  • Pyramid no longer copies the settings object passed to the
    pyramid.config.Configurator(settings=). The original dict is kept.
    See Pylons/pyramid#2823
  • The csrf trusted origins setting may now be a whitespace-separated list of
    domains. Previously only a python list was allowed. Also, it can now be set
    using the PYRAMID_CSRF_TRUSTED_ORIGINS environment variable similar to
    other settings. See Pylons/pyramid#2823
  • pserve --reload now uses the
    hupper <>
    library to monitor file changes. This comes with many improvements:
  • If the watchdog <>_ package is
    installed then monitoring will be done using inotify instead of
    cpu and disk-intensive polling.
  • The monitor is now a separate process that will not crash and starts up
    before any of your code.
  • The monitor will not restart the process after a crash until a file is
  • The monitor works on windows.
  • You can now trigger a reload manually from a pyramid view or any other
    code via hupper.get_reloader().trigger_reload(). Kind of neat.
  • You can trigger a reload by issuing a SIGHUP to the monitor process.

See Pylons/pyramid#2805

  • A new [pserve] section is supported in your config files with a
    watch_files key that can configure pserve --reload to monitor custom
    file paths. See Pylons/pyramid#2827
  • Allow streaming responses to be made from subclasses of
    pyramid.httpexceptions.HTTPException. Previously the response would
    be unrolled while testing for a body, making it impossible to stream
    a response.
    See Pylons/pyramid#2863
  • Update starter, alchemy and zodb scaffolds to support IPv6 by using the
    new listen directives in waitress.
    See Pylons/pyramid#2853
  • All p* scripts now use argparse instead of optparse. This improves their
    --help output as well as enabling nicer documentation of their options.
    See Pylons/pyramid#2864
  • Any deferred configuration action registered via config.action may now
    depend on threadlocal state, such as asset overrides, being active when
    the action is executed.
    See Pylons/pyramid#2873
  • Asset specifications for directories passed to
    config.add_translation_dirs now support overriding the entire asset
    specification, including the folder name. Previously only the package name
    was supported and the folder would always need to have the same name.
    See Pylons/pyramid#2873
  • config.begin() will propagate the current threadlocal request through
    as long as the registry is the same. For example:

.. code-block:: python

request = Request.blank(...)
config.begin(request)   pushes a request
config.begin()          propagates the previous request through unchanged
assert get_current_request() is request

See Pylons/pyramid#2873

  • Added a new callback option to config.set_default_csrf_options which
    can be used to determine per-request whether CSRF checking should be enabled
    to allow for a mix authentication methods. Only cookie-based methods
    generally require CSRF checking.
    See Pylons/pyramid#2778

Bug Fixes

  • Fixed bug in proutes such that it now shows the correct view when a
    class and attr is involved.
    See: Pylons/pyramid#2687
  • Fix a FutureWarning in Python 3.5 when using re.split on the
    format setting to the proutes script.
    See Pylons/pyramid#2714
  • Fix a RuntimeWarning emitted by WebOb when using arbitrary objects
    as the userid in the AuthTktAuthenticationPolicy. This is now caught
    by the policy and the object is serialized as a base64 string to avoid
    the cryptic warning. Since the userid will be read back as a string on
    subsequent requests a more useful warning is emitted encouraging you to
    use a primitive type instead.
    See Pylons/pyramid#2715
  • Pyramid 1.6 introduced the ability for an action to invoke another action.
    There was a bug in the way that config.add_view would interact with
    custom view derivers introduced in Pyramid 1.7 because the view's
    discriminator cannot be computed until view derivers and view predicates
    have been created in earlier orders. Invoking an action from another action
    would trigger an unrolling of the pipeline and would compute discriminators
    before they were ready. The new behavior respects the order of the action
    and ensures the discriminators are not computed until dependent actions
    from previous orders have executed.
    See Pylons/pyramid#2757
  • Fix bug in i18n where the default domain would always use the Germanic plural
    style, even if a different plural function is defined in the relevant
    messages file. See Pylons/pyramid#2859
  • The config.override_asset method now occurs during
    pyramid.config.PHASE1_CONFIG such that it is ordered to execute before
    any calls to config.add_translation_dirs.
    See Pylons/pyramid#2873


  • The pcreate script and related scaffolds have been deprecated in favor
    of the popular
    cookiecutter <>_ project.

All of Pyramid's official scaffolds as well as the tutorials have been
ported to cookiecutters:

  • pyramid-cookiecutter-starter <>_
  • pyramid-cookiecutter-alchemy <>_
  • pyramid-cookiecutter-zodb <>_

See Pylons/pyramid#2780

Documentation Changes

  • Add pyramid_nacl_session <>_
    to session factories. See Pylons/pyramid#2791
  • Update HACKING.txt from stale branch that was never merged to master.
    See Pylons/pyramid#2782
  • Fix an inconsistency in the documentation between view predicates and
    route predicates and highlight the differences in their APIs.
    See Pylons/pyramid#2764
  • Clarify a possible misuse of the headers kwarg to subclasses of
    pyramid.httpexceptions.HTTPException in which more appropriate
    kwargs from the parent class pyramid.response.Response should be
    used instead. See Pylons/pyramid#2750
  • The SQLAlchemy + URL Dispatch + Jinja2 (wiki2) and
    ZODB + Traversal + Chameleon (wiki) tutorials have been updated to
    utilize the new cookiecutters and drop support for the pcreate

See Pylons/pyramid#2881 and

  • Quick Tour updated to use cookiecutters instead of pcreate and scaffolds.
    See Pylons/pyramid#2888

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 馃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can鈥檛 perform that action at this time.