Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scheduled weekly dependency update for week 26 #1935

Closed
wants to merge 13 commits into from
Closed

Scheduled weekly dependency update for week 26 #1935

wants to merge 13 commits into from

Conversation

pyup-bot
Copy link
Contributor

Update django-redis from 4.11.0 to 4.12.1.

Changelog

4.12.1

--------------

Date: 2020-05-27

- No code changes.
- Fixed a typo in setup.cfg metadata preventing a successful release.

4.12.0

--------------

Date: 2020-05-27

- The project has moved to `Jazzband <https://jazzband.co/>`_. This is the
first release under the new organization. The new repository URL is
`<https://github.com/jazzband/django-redis>`_.
- Removed support for end-of-life Django < 2.2.
- Removed support for unmaintained redis-py 2.X.
- Changed uses of deprecated ``smart_text()`` to ``smart_str()``.
- Fixed deprecation warning with the msgpack serializer.
- The ``.touch()`` method now uses the default timeout, to cache forever pass
``None``.
- Subclasses of ``JSONSerializer`` can now override the ``encoder_class``
attribute to change the JSON encoder. It defaults to ``DjangoJSONEncoder``.
- Fixed ``DefaultClient.set()`` to work with empty ``Pipeline``.
- The ``thread_local`` parameter is now forwarded to the Redis client.
Links

Update whitenoise from 5.0.1 to 5.1.0.

Changelog

5.1.0

------

* Add a :any:`manifest_strict <WHITENOISE_MANIFEST_STRICT>` setting to prevent
Django throwing errors when missing files are referenced (thanks
`MegacoderKim <https://github.com/MegacoderKim>`_).
Links

Update Django from 2.2.12 to 2.2.13.

Changelog

2.2.13

===========================

*June 3, 2020*

Django 2.2.13 fixes two security issues and a regression in 2.2.12.

CVE-2020-13254: Potential data leakage via malformed memcached keys
===================================================================

In cases where a memcached backend does not perform key validation, passing
malformed cache keys could result in a key collision, and potential data
leakage. In order to avoid this vulnerability, key validation is added to the
memcached cache backends.

CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``
================================================================

Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL
encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now
ensures query parameters are correctly URL encoded.

Bugfixes
========

* Fixed a regression in Django 2.2.12 that affected translation loading for
apps providing translations for territorial language variants as well as a
generic language, where the project has different plural equations for the
language (:ticket:`31570`).

* Tracking a jQuery security release, upgraded the version of jQuery used by
the admin from 3.3.1 to 3.5.1.


===========================
Links

Update django-allauth from 0.41.0 to 0.42.0.

Changelog

0.42.0

*******************

Note worthy changes
-------------------

- New providers: EDX, Yandex, Mixer.

- Fixed Twitch ``get_avatar_url()`` method to use the profile picture retrieved
by new user details endpoint introduced in version 0.40.0.

- The Facebook API version now defaults to v7.0.
Links

Update django-filter from 2.2.0 to 2.3.0.

Changelog

2.3.0

------------------------

* Fixed import of FieldDoesNotExist. (1127)
* Added testing against Django 3.0. (1125)
* Declared support for, and added testing against, Python 3.8. (1138)
* Fix filterset multiple inheritance bug (1131)
* Allowed customising default lookup expression. (1129)
* Drop Django 2.1 and below (1180)
* Fixed IsoDateTimeRangeFieldTests for Django 3.1
* Require tests to pass against Django `master`.
Links

Update html5lib from 1.0.1 to 1.1.

Changelog

1.1

~~~

UNRELEASED

Breaking changes:

* Drop support for Python 3.3. (358)
* Drop support for Python 3.4. (421)

Deprecations:

* Deprecate the ``html5lib`` sanitizer (``html5lib.serialize(sanitize=True)`` and
``html5lib.filters.sanitizer``). We recommend users migrate to `Bleach
<https://github.com/mozilla/bleach>`. Please let us know if Bleach doesn't suffice for your
use. (443)

Other changes:

* Try to import from ``collections.abc`` to remove DeprecationWarning and ensure
``html5lib`` keeps working in future Python versions. (403)
* Drop optional ``datrie`` dependency. (442)
Links

Update XlsxWriter from 1.2.8 to 1.2.9.

Changelog

1.2.9

---------------------------

* Added support for ``stacked`` and ``percent_stacked`` Line charts.
Links

Update Faker from 4.1.0 to 4.1.1.

Changelog

4.1.1

----------------------------------------------------------------------------------

* Add ``date_time`` providers for ``cs_CZ``, ``de_AT``, ``es_ES``, ``it_IT``, ``sk_SK``,
``tr_TR``. Thanks eumiro.
* Add prefix support to BarcodeProvider. Thanks yu-ichiro.
* Fix company format for ``hy_AM`` provider. Thanks mdantonio.
* Add .uk email providers and TLDs for ``en_GB``. Thanks craiga.
* Add ``language_name`` generator. Thanks ikhomutov and mondeja.
* Add ``pytimezone`` generator returning ``tzinfo`` objects. Thanks OJFord.
* Add ``es_ES`` currency provider. Thanks mondeja.
Links

Update flake8 from 3.8.1 to 3.8.3.

Changelog

3.8.3

-------------------

You can view the `3.8.3 milestone`_ on GitLab for more details.

Bugs Fixed
~~~~~~~~~~

- Also catch ``SyntaxError`` when tokenizing (See also `GitLab!433`_,
`GitLab662`_)

- Fix ``--jobs`` default display in ``flake8 --help`` (See also `GitLab!434`_,
`GitLab665`_)

.. all links
.. _3.8.3 milestone:
 https://gitlab.com/pycqa/flake8/-/milestones/36

.. issue links
.. _GitLab662:
 https://gitlab.com/pycqa/flake8/issues/662
.. _GitLab665:
 https://gitlab.com/pycqa/flake8/issues/665

.. merge request links
.. _GitLab!433:
 https://gitlab.com/pycqa/flake8/merge_requests/433
.. _GitLab!434:
 https://gitlab.com/pycqa/flake8/merge_requests/434

3.8.2

-------------------

You can view the `3.8.2 milestone`_ on GitLab for more details.

Bugs Fixed
~~~~~~~~~~

- Improve performance by eliminating unncessary sort (See also `GitLab!429`_)

- Improve messaging of ``--jobs`` argument by utilizing ``argparse`` (See also
`GitLab!428`_, `GitLab567`_)

- Fix file configuration options to be relative to the config passed on the
command line (See also `GitLab!431`_, `GitLab651`_)

- Fix incorrect handling of ``--extend-exclude`` by treating its values as
files (See also `GitLab!432`_, `GitLab653`_)

.. all links
.. _3.8.2 milestone:
 https://gitlab.com/pycqa/flake8/-/milestones/35

.. issue links
.. _GitLab567:
 https://gitlab.com/pycqa/flake8/issues/567
.. _GitLab651:
 https://gitlab.com/pycqa/flake8/issues/651
.. _GitLab653:
 https://gitlab.com/pycqa/flake8/issues/653

.. merge request links
.. _GitLab!428:
 https://gitlab.com/pycqa/flake8/merge_requests/428
.. _GitLab!429:
 https://gitlab.com/pycqa/flake8/merge_requests/429
.. _GitLab!431:
 https://gitlab.com/pycqa/flake8/merge_requests/431
.. _GitLab!432:
 https://gitlab.com/pycqa/flake8/merge_requests/432
Links

Update pytest-cov from 2.8.1 to 2.10.0.

Changelog

2.10.0

-------------------

* Improved the ``--no-cov`` warning. Now it's only shown if ``--no-cov`` is present before ``--cov``.
* Removed legacy pytest support. Changed ``setup.py`` so that ``pytest>=4.6`` is required.

2.9.0

------------------

* Fixed ``RemovedInPytest4Warning`` when using Pytest 3.10.
Contributed by Michael Manganiello in `354 <https://github.com/pytest-dev/pytest-cov/pull/354>`_.
* Made pytest startup faster when plugin not active by lazy-importing.
Contributed by Anders Hovmöller in `339 <https://github.com/pytest-dev/pytest-cov/pull/339>`_.
* Various CI improvements.
Contributed by Daniel Hahler in `363 <https://github.com/pytest-dev/pytest-cov/pull/>`_ and
`364 <https://github.com/pytest-dev/pytest-cov/pull/364>`_.
* Various Python support updates (drop EOL 3.4, test against 3.8 final).
Contributed by Hugo van Kemenade in
`336 <https://github.com/pytest-dev/pytest-cov/pull/336>`_ and
`367 <https://github.com/pytest-dev/pytest-cov/pull/367>`_.
* Changed ``--cov-append`` to always enable ``data_suffix`` (a coverage setting).
Contributed by Harm Geerts in
`387 <https://github.com/pytest-dev/pytest-cov/pull/387>`_.
* Changed ``--cov-append`` to handle loading previous data better
(fixes various path aliasing issues).
* Various other testing improvements, github issue templates, example updates.
* Fixed internal failures that are caused by tests that change the current working directory by
ensuring a consistent working directory when coverage is called.
See `306 <https://github.com/pytest-dev/pytest-cov/issues/306>`_ and
`coveragepy881 <https://github.com/nedbat/coveragepy/issues/881>`_
Links

Update pytest from 5.4.2 to 5.4.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update six from 1.14.0 to 1.15.0.

Changelog

1.15.0

------

- Pull request 331: Optimize `six.ensure_str` and `six.ensure_binary`.
Links

Update transifex-client from 0.13.9 to 0.13.10.

Changelog
Links

@pyup-bot pyup-bot mentioned this pull request Jun 29, 2020
Closed
@pyup-bot
Copy link
Contributor Author

pyup-bot commented Jul 6, 2020

Closing this in favor of #1939

@pyup-bot pyup-bot closed this Jul 6, 2020
@fuzzylogic2000 fuzzylogic2000 deleted the pyup-scheduled-update-2020-06-29 branch July 6, 2020 17:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pyup-bot