Update py-flask-wtf to 0.14.2.

Version 0.14.2
--------------

Released 2017-01-10

- Fix bug where ``FlaskForm`` assumed ``meta`` argument was not ``None`` if it
  was passed. (`#278`_)

.. _#278: wtforms/flask-wtf#278

Version 0.14.1
--------------

Released 2017-01-10

- Fix bug where the file validators would incorrectly identify an empty file as
  valid data. (`#276`_, `#277`_)

    - ``FileField`` is no longer deprecated. The data is checked during
      processing and only set if it's a valid file.
    - ``has_file`` *is* deprecated; it's now equivalent to ``bool(field.data)``.
    - ``FileRequired`` and ``FileAllowed`` work with both the Flask-WTF and
      WTForms ``FileField`` classes.
    - The ``Optional`` validator now works with ``FileField``.

.. _#276: wtforms/flask-wtf#276
.. _#277: wtforms/flask-wtf#277

Version 0.14
------------

Released 2017-01-06

- Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
  ourselves. (`#264`_)

    - All tokens are URL safe, removing the ``url_safe`` parameter from
      ``generate_csrf``. (`#206`_)
    - All tokens store a timestamp, which is checked in ``validate_csrf``. The
      ``time_limit`` parameter of ``generate_csrf`` is removed.

- Remove the ``app`` attribute from ``CsrfProtect``, use ``current_app``.
  (`#264`_)
- ``CsrfProtect`` protects the ``DELETE`` method by default. (`#264`_)
- The same CSRF token is generated for the lifetime of a request. It is exposed
  as ``g.csrf_token`` for use during testing. (`#227`_, `#264`_)
- ``CsrfProtect.error_handler`` is deprecated. (`#264`_)

    - Handlers that return a response work in addition to those that raise an
      error. The behavior was not clear in previous docs.
    - (`#200`_, `#209`_, `#243`_, `#252`_)

- Use ``Form.Meta`` instead of deprecated ``SecureForm`` for CSRF (and
  everything else). (`#216`_, `#271`_)

    - ``csrf_enabled`` parameter is still recognized but deprecated. All other
      attributes and methods from ``SecureForm`` are removed. (`#271`_)

- Provide ``WTF_CSRF_FIELD_NAME`` to configure the name of the CSRF token.
  (`#271`_)
- ``validate_csrf`` raises ``wtforms.ValidationError`` with specific messages
  instead of returning ``True`` or ``False``. This breaks anything that was
  calling the method directly. (`#239`_, `#271`_)

    - CSRF errors are logged as well as raised. (`#239`_)

- ``CsrfProtect`` is renamed to ``CSRFProtect``. A deprecation warning is issued
  when using the old name. ``CsrfError`` is renamed to ``CSRFError`` without
  deprecation. (`#271`_)
- ``FileField`` is deprecated because it no longer provides functionality over
  the provided validators. Use ``wtforms.FileField`` directly. (`#272`_)

.. _`#200`: wtforms/flask-wtf#200
.. _`#209`: wtforms/flask-wtf#209
.. _`#216`: wtforms/flask-wtf#216
.. _`#227`: wtforms/flask-wtf#227
.. _`#239`: wtforms/flask-wtf#239
.. _`#243`: wtforms/flask-wtf#243
.. _`#252`: wtforms/flask-wtf#252
.. _`#264`: wtforms/flask-wtf#264
.. _`#271`: wtforms/flask-wtf#271
.. _`#272`: wtforms/flask-wtf#272

Version 0.13.1
--------------

Released 2016/10/6

- Deprecation warning for ``Form`` is shown during ``__init__`` instead of immediately when subclassing. (`#262`_)
- Don't use ``pkg_resources`` to get version, for compatibility with GAE. (`#261`_)

.. _`#261`: wtforms/flask-wtf#261
.. _`#262`: wtforms/flask-wtf#262

Version 0.13
------------

Released 2016/09/29

- ``Form`` is renamed to ``FlaskForm`` in order to avoid name collision with WTForms's base class.  Using ``Form`` will show a deprecation warning. (`#250`_)
- ``hidden_tag`` no longer wraps the hidden inputs in a hidden div.  This is valid HTML5 and any modern HTML parser will behave correctly. (`#217`_, `#193`_)
- ``flask_wtf.html5`` is deprecated.  Import directly from ``wtforms.fields.html5``. (`#251`_)
- ``is_submitted`` is true for ``PATCH`` and ``DELETE`` in addition to ``POST`` and ``PUT``. (`#187`_)
- ``generate_csrf`` takes a ``token_key`` parameter to specify the key stored in the session. (`#206`_)
- ``generate_csrf`` takes a ``url_safe`` parameter to allow the token to be used in URLs. (`#206`_)
- ``form.data`` can be accessed multiple times without raising an exception. (`#248`_)
- File extension with multiple parts (``.tar.gz``) can be used in the ``FileAllowed`` validator. (`#201`_)

.. _`#187`: wtforms/flask-wtf#187
.. _`#193`: wtforms/flask-wtf#193
.. _`#201`: wtforms/flask-wtf#201
.. _`#206`: wtforms/flask-wtf#206
.. _`#217`: wtforms/flask-wtf#217
.. _`#248`: wtforms/flask-wtf#248
.. _`#250`: wtforms/flask-wtf#250
.. _`#251`: wtforms/flask-wtf#251

www/py-flask-wtf/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2015/08/14 18:55:11 kleink Exp $
+# $NetBSD: Makefile,v 1.20 2017/02/20 15:27:12 kleink Exp $
 
-DISTNAME=	Flask-WTF-0.12
+DISTNAME=	Flask-WTF-0.14.2
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME:tl}
 CATEGORIES=	www python
 MASTER_SITES=	${MASTER_SITE_PYPI:=F/Flask-WTF/}

www/py-flask-wtf/distinfo

@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.13 2015/11/04 02:47:28 agc Exp $
+$NetBSD: distinfo,v 1.14 2017/02/20 15:27:12 kleink Exp $
 
-SHA1 (Flask-WTF-0.12.tar.gz) = ae22d907a3ed58bed2df80e09a07e86be27f409b
-RMD160 (Flask-WTF-0.12.tar.gz) = d8856771e92c7f3986b57ee6c5eb829a9e41e054
-SHA512 (Flask-WTF-0.12.tar.gz) = d9861a4fa6ace46fb2a632ff51777bc30af9b63c4f2a35cbe4a68a2777468eb7b6e1813ce331472458c05ce7069f73d998b4e9d3fd9d6ef56fc3abf0bb219a9e
-Size (Flask-WTF-0.12.tar.gz) = 247397 bytes
+SHA1 (Flask-WTF-0.14.2.tar.gz) = b8e8c9f2b76e43839b982b96683d2cfd70ac668f
+RMD160 (Flask-WTF-0.14.2.tar.gz) = cd4f34deded49a868b4f0894dc18fc533010b79d
+SHA512 (Flask-WTF-0.14.2.tar.gz) = 9d4b4b24eb24827aeb524699e6720eab384c42901a102daddd9fdc6b8dbc8eebec8c9d31a1e9052c9af4d61bd08eef8ef9dc4cdc8d9b950ff5bdd0201db1dfde
+Size (Flask-WTF-0.14.2.tar.gz) = 254903 bytes