Scheduled weekly dependency update for week 25

[pyup-bot]

Update psycopg2-binary from 2.8.2 to 2.8.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/psycopg2-binary
• Homepage: http://initd.org/psycopg/

Update Django from 1.11.20 to 1.11.21.

Changelog

1.11.21

============================

*June 3, 2019*

Django 1.11.21 fixes a security issue in 1.11.20.

CVE-2019-12308: AdminURLFieldWidget XSS
---------------------------------------

The clickable "Current URL" link generated by ``AdminURLFieldWidget`` displayed
the provided value without validating it as a safe URL. Thus, an unvalidated
value stored in the database, or a value provided as a URL query parameter
payload, could result in an clickable JavaScript link.

``AdminURLFieldWidget`` now validates the provided value using
:class:`~django.core.validators.URLValidator` before displaying the clickable
link. You may customise the validator by passing a ``validator_class`` kwarg to
``AdminURLFieldWidget.__init__()``, e.g. when using
:attr:`~django.contrib.admin.ModelAdmin.formfield_overrides`.


============================

Links

• PyPI: https://pypi.org/project/django
• Changelog: https://pyup.io/changelogs/django/
• Homepage: https://www.djangoproject.com/

Update bcrypt from 3.1.6 to 3.1.7.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/bcrypt
• Repo: https://github.com/pyca/bcrypt/

Update zeep from 3.3.1 to 3.4.0.

Changelog

3.4.0

------------------
- Allow passing xsd.Nil to sequences (959, smilingDima)
- Add support for passing custom digest and signature methods during WSSE
signing (957, Florian Apolloner)
- Fix path resolving during XSD imports (962, adambogocz)

Links

• PyPI: https://pypi.org/project/zeep
• Changelog: https://pyup.io/changelogs/zeep/
• Homepage: http://docs.python-zeep.org

Update django-widget-tweaks from 1.4.3 to 1.4.5.

Changelog

1.4.5

------------------

* Fix rST formatting errors.

1.4.4

------------------

* Add support for type attr.
* Add Python 3.7 and drop Python 3.3 support.
* Add support for double colon syntax.

Links

• PyPI: https://pypi.org/project/django-widget-tweaks
• Changelog: https://pyup.io/changelogs/django-widget-tweaks/
• Repo: https://github.com/jazzband/django-widget-tweaks

Update django-debug-toolbar from 1.11 to 2.0.

Changelog

2.0

----------------

* Updated ``StaticFilesPanel`` to be compatible with Django 3.0.
* The ``ProfilingPanel`` is now enabled but inactive by default.
* Fixed toggling of table rows in the profiling panel UI.
* The ``ProfilingPanel`` no longer skips remaining panels or middlewares.
* Improved the installation documentation.
* Fixed a possible crash in the template panel.
* Added support for psycopg2 ``Composed`` objects.
* Changed the Jinja2 tests to use Django's own Jinja2 template backend.
* Added instrumentation to queries using server side cursors.
* Too many small improvements and cleanups to list them all.

**Backwards incompatible changes**
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Removed support for Python 2.
* Removed support for Django's deprecated ``MIDDLEWARE_CLASSES`` setting.
* Restructured ``Panel`` to execute more like the new-style Django MIDDLEWARE.
The ``Panel.__init__()`` method is now passed ``get_response`` as the first
positional argument. The ``Panel.process_request()`` method must now always
return a response. Usually this is the response returned by
``get_response()`` but the panel may also return a different response as is
the case in the ``RedirectsPanel``. Third party panels must adjust to this
new architecture. ``Panel.process_response()`` and ``Panel.process_view()``
have been removed as a result of this change.

The deprecated API, ``debug_toolbar.panels.DebugPanel``, has been removed.
Third party panels should use ``debug_toolbar.panels.Panel`` instead.

The following deprecated settings have been removed:

* ``HIDDEN_STACKTRACE_MODULES``
* ``HIDE_DJANGO_SQL``
* ``INTERCEPT_REDIRECTS``
* ``RESULTS_STORE_SIZE``
* ``ROOT_TAG_ATTRS``
* ``TAG``

Links

• PyPI: https://pypi.org/project/django-debug-toolbar
• Changelog: https://pyup.io/changelogs/django-debug-toolbar/
• Repo: https://github.com/jazzband/django-debug-toolbar

Update freezegun from 0.3.11 to 0.3.12.

Changelog

0.3.12

------

* Refactor classes to functions
* Ignore Selenium
* Move to pytest
* Conditionally patch time.clock

Links

• PyPI: https://pypi.org/project/freezegun
• Changelog: https://pyup.io/changelogs/freezegun/
• Repo: https://github.com/spulec/freezegun

Update pytest-django from 3.4.8 to 3.5.0.

Changelog

3.5.0

------------------

Features
^^^^^^^^

* Run tests in the same order as Django (223)

* Use verbosity=0 with disabled migrations (729, 730)

Bugfixes
^^^^^^^^

* django_db_setup: warn instead of crash with teardown errors (726)

Misc
^^^^
* tests: fix test_sqlite_database_renamed (739, 741)

* tests/conftest.py: move import of db_helpers (737)

* Cleanup/improve coverage, mainly with tests (706)

* Slightly revisit unittest handling (740)

Links

• PyPI: https://pypi.org/project/pytest-django
• Changelog: https://pyup.io/changelogs/pytest-django/
• Docs: https://pytest-django.readthedocs.io/

Update pytest from 4.5.0 to 4.6.3.

Changelog

4.6.2

=========================

Bug Fixes
---------

- `5370 <https://github.com/pytest-dev/pytest/issues/5370>`_: Revert unrolling of ``all()`` to fix ``NameError`` on nested comprehensions.


- `5371 <https://github.com/pytest-dev/pytest/issues/5371>`_: Revert unrolling of ``all()`` to fix incorrect handling of generators with ``if``.


- `5372 <https://github.com/pytest-dev/pytest/issues/5372>`_: Revert unrolling of ``all()`` to fix incorrect assertion when using ``all()`` in an expression.

4.6.1

=========================

Bug Fixes
---------

- `5354 <https://github.com/pytest-dev/pytest/issues/5354>`_: Fix ``pytest.mark.parametrize`` when the argvalues is an iterator.


- `5358 <https://github.com/pytest-dev/pytest/issues/5358>`_: Fix assertion rewriting of ``all()`` calls to deal with non-generators.

4.6.0

=========================

Important
---------

The ``4.6.X`` series will be the last series to support **Python 2 and Python 3.4**.

For more details, see our `Python 2.7 and 3.4 support plan <https://docs.pytest.org/en/latest/py27-py34-deprecation.html>`__.


Features
--------

- `4559 <https://github.com/pytest-dev/pytest/issues/4559>`_: Added the ``junit_log_passing_tests`` ini value which can be used to enable or disable logging of passing test output in the Junit XML file.


- `4956 <https://github.com/pytest-dev/pytest/issues/4956>`_: pytester's ``testdir.spawn`` uses ``tmpdir`` as HOME/USERPROFILE directory.


- `5062 <https://github.com/pytest-dev/pytest/issues/5062>`_: Unroll calls to ``all`` to full for-loops with assertion rewriting for better failure messages, especially when using Generator Expressions.


- `5063 <https://github.com/pytest-dev/pytest/issues/5063>`_: Switch from ``pkg_resources`` to ``importlib-metadata`` for entrypoint detection for improved performance and import time.


- `5091 <https://github.com/pytest-dev/pytest/issues/5091>`_: The output for ini options in ``--help`` has been improved.


- `5269 <https://github.com/pytest-dev/pytest/issues/5269>`_: ``pytest.importorskip`` includes the ``ImportError`` now in the default ``reason``.


- `5311 <https://github.com/pytest-dev/pytest/issues/5311>`_: Captured logs that are output for each failing test are formatted using the
ColoredLevelFormatter.


- `5312 <https://github.com/pytest-dev/pytest/issues/5312>`_: Improved formatting of multiline log messages in Python 3.



Bug Fixes
---------

- `2064 <https://github.com/pytest-dev/pytest/issues/2064>`_: The debugging plugin imports the wrapped ``Pdb`` class (``--pdbcls``) on-demand now.


- `4908 <https://github.com/pytest-dev/pytest/issues/4908>`_: The ``pytest_enter_pdb`` hook gets called with post-mortem (``--pdb``).


- `5036 <https://github.com/pytest-dev/pytest/issues/5036>`_: Fix issue where fixtures dependent on other parametrized fixtures would be erroneously parametrized.


- `5256 <https://github.com/pytest-dev/pytest/issues/5256>`_: Handle internal error due to a lone surrogate unicode character not being representable in Jython.


- `5257 <https://github.com/pytest-dev/pytest/issues/5257>`_: Ensure that ``sys.stdout.mode`` does not include ``'b'`` as it is a text stream.


- `5278 <https://github.com/pytest-dev/pytest/issues/5278>`_: Pytest's internal python plugin can be disabled using ``-p no:python`` again.


- `5286 <https://github.com/pytest-dev/pytest/issues/5286>`_: Fix issue with ``disable_test_id_escaping_and_forfeit_all_rights_to_community_support`` option not working when using a list of test IDs in parametrized tests.


- `5330 <https://github.com/pytest-dev/pytest/issues/5330>`_: Show the test module being collected when emitting ``PytestCollectionWarning`` messages for
test classes with ``__init__`` and ``__new__`` methods to make it easier to pin down the problem.


- `5333 <https://github.com/pytest-dev/pytest/issues/5333>`_: Fix regression in 4.5.0 with ``--lf`` not re-running all tests with known failures from non-selected tests.



Improved Documentation
----------------------

- `5250 <https://github.com/pytest-dev/pytest/issues/5250>`_: Expand docs on use of ``setenv`` and ``delenv`` with ``monkeypatch``.

Links

• PyPI: https://pypi.org/project/pytest
• Changelog: https://pyup.io/changelogs/pytest/
• Homepage: https://docs.pytest.org/en/latest/