Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin pyramid to latest version 1.8.3 #94

Merged
merged 1 commit into from Apr 30, 2017

Conversation

Projects
None yet
3 participants
@pyup-bot
Copy link
Collaborator

commented Apr 30, 2017

pyramid is not pinned to a specific version.

I'm pinning it to the latest version 1.8.3 for now.

These links might come in handy: PyPI | Changelog | Homepage

Changelog

1.8

================

  • No major changes from 1.8b1.

1.8b1

==================

Features

  • Added an override option to config.add_translation_dirs to allow
    later calls to place translation directories at a higher priority than
    earlier calls. See Pylons/pyramid#2902

Documentation Changes

  • Improve registry documentation to discuss uses as a component registry
    and as a dictionary. See Pylons/pyramid#2893
  • Fix unittests in wiki2 to work without different dependencies between
    py2 and py3. See Pylons/pyramid#2899
  • Update Windows documentation to track newer Python 3 improvements to the
    installer. See Pylons/pyramid#2900

1.8a1

==================

Backward Incompatibilities

  • Support for the IContextURL interface that was deprecated in Pyramid 1.3
    has been removed. See Pylons/pyramid#2822
  • Following the Pyramid deprecation period (1.6 -> 1.8),
    daemon support for pserve has been removed. This includes removing the
    daemon commands (start, stop, restart, status) as well as the following
    arguments: --daemon, --pid-file, --log-file,
    --monitor-restart, --status, --user, --group,
    --stop-daemon

To run your server as a daemon you should use a process manager instead of
pserve.

See Pylons/pyramid#2615

  • pcreate is now interactive by default. You will be prompted if a file
    already exists with different content. Previously if there were similar
    files it would silently skip them unless you specified --interactive
    or --overwrite.
    See Pylons/pyramid#2775
  • Removed undocumented argument cachebust_match from
    pyramid.static.static_view. This argument was shipped accidentally
    in Pyramid 1.6. See Pylons/pyramid#2681
  • Change static view to avoid setting the Content-Encoding response header
    to an encoding guessed using Python's mimetypes module. This was causing
    clients to decode the content of gzipped files when downloading them. The
    client would end up with a foo.txt.gz file on disk that was already
    decoded, thus should really be foo.txt. Also, the Content-Encoding
    should only have been used if the client itself broadcast support for the
    encoding via Accept-Encoding request headers.
    See Pylons/pyramid#2810
  • Settings are no longer accessible as attributes on the settings object
    (e.g. request.registry.settings.foo). This was deprecated in Pyramid 1.2.
    See Pylons/pyramid#2823

Features

  • pcreate learned about --package-name to allow you to create a new
    project in an existing folder with a different package name than the project
    name. See Pylons/pyramid#2783
  • The _get_credentials private method of BasicAuthAuthenticationPolicy
    has been extracted into standalone function extract_http_basic_credentials
    in pyramid.authentication module, this function extracts HTTP Basic
    credentials from a request object, and returns them as a named tuple.
    See Pylons/pyramid#2662
  • Pyramid 1.4 silently dropped a feature of the configurator that has been
    restored. It's again possible for action discriminators to conflict across
    different action orders.
    See Pylons/pyramid#2757
  • pyramid.paster.bootstrap and its sibling pyramid.scripting.prepare
    can now be used as context managers to automatically invoke the closer
    and pop threadlocals off of the stack to prevent memory leaks.
    See Pylons/pyramid#2760
  • Added pyramid.config.Configurator.add_exception_view and the
    pyramid.view.exception_view_config decorator. It is now possible using
    these methods or via the new exception_only=True option to add_view
    to add a view which will only be matched when handling an exception.
    Previously any exception views were also registered for a traversal
    context that inherited from the exception class which prevented any
    exception-only optimizations.
    See Pylons/pyramid#2660
  • Added the exception_only boolean to
    pyramid.interfaces.IViewDeriverInfo which can be used by view derivers
    to determine if they are wrapping a view which only handles exceptions.
    This means that it is no longer necessary to perform request-time checks
    for request.exception to determine if the view is handling an exception
  • the pipeline can be optimized at config-time.
    See Pylons/pyramid#2660
  • pserve should now work with gevent and other workers that need
    to monkeypatch the process, assuming the server and / or the app do so
    as soon as possible before importing the rest of pyramid.
    See Pylons/pyramid#2797
  • Pyramid no longer copies the settings object passed to the
    pyramid.config.Configurator(settings=). The original dict is kept.
    See Pylons/pyramid#2823
  • The csrf trusted origins setting may now be a whitespace-separated list of
    domains. Previously only a python list was allowed. Also, it can now be set
    using the PYRAMID_CSRF_TRUSTED_ORIGINS environment variable similar to
    other settings. See Pylons/pyramid#2823
  • pserve --reload now uses the
    hupper <http://docs.pylonsproject.org/projects/hupper/en/latest/>
    library to monitor file changes. This comes with many improvements:
  • If the watchdog <http://pythonhosted.org/watchdog/>_ package is
    installed then monitoring will be done using inotify instead of
    cpu and disk-intensive polling.
  • The monitor is now a separate process that will not crash and starts up
    before any of your code.
  • The monitor will not restart the process after a crash until a file is
    saved.
  • The monitor works on windows.
  • You can now trigger a reload manually from a pyramid view or any other
    code via hupper.get_reloader().trigger_reload(). Kind of neat.
  • You can trigger a reload by issuing a SIGHUP to the monitor process.

See Pylons/pyramid#2805

  • A new [pserve] section is supported in your config files with a
    watch_files key that can configure pserve --reload to monitor custom
    file paths. See Pylons/pyramid#2827
  • Allow streaming responses to be made from subclasses of
    pyramid.httpexceptions.HTTPException. Previously the response would
    be unrolled while testing for a body, making it impossible to stream
    a response.
    See Pylons/pyramid#2863
  • Update starter, alchemy and zodb scaffolds to support IPv6 by using the
    new listen directives in waitress.
    See Pylons/pyramid#2853
  • All p* scripts now use argparse instead of optparse. This improves their
    --help output as well as enabling nicer documentation of their options.
    See Pylons/pyramid#2864
  • Any deferred configuration action registered via config.action may now
    depend on threadlocal state, such as asset overrides, being active when
    the action is executed.
    See Pylons/pyramid#2873
  • Asset specifications for directories passed to
    config.add_translation_dirs now support overriding the entire asset
    specification, including the folder name. Previously only the package name
    was supported and the folder would always need to have the same name.
    See Pylons/pyramid#2873
  • config.begin() will propagate the current threadlocal request through
    as long as the registry is the same. For example:

.. code-block:: python

request = Request.blank(...)
config.begin(request)   pushes a request
config.begin()          propagates the previous request through unchanged
assert get_current_request() is request

See Pylons/pyramid#2873

  • Added a new callback option to config.set_default_csrf_options which
    can be used to determine per-request whether CSRF checking should be enabled
    to allow for a mix authentication methods. Only cookie-based methods
    generally require CSRF checking.
    See Pylons/pyramid#2778

Bug Fixes

  • Fixed bug in proutes such that it now shows the correct view when a
    class and attr is involved.
    See: Pylons/pyramid#2687
  • Fix a FutureWarning in Python 3.5 when using re.split on the
    format setting to the proutes script.
    See Pylons/pyramid#2714
  • Fix a RuntimeWarning emitted by WebOb when using arbitrary objects
    as the userid in the AuthTktAuthenticationPolicy. This is now caught
    by the policy and the object is serialized as a base64 string to avoid
    the cryptic warning. Since the userid will be read back as a string on
    subsequent requests a more useful warning is emitted encouraging you to
    use a primitive type instead.
    See Pylons/pyramid#2715
  • Pyramid 1.6 introduced the ability for an action to invoke another action.
    There was a bug in the way that config.add_view would interact with
    custom view derivers introduced in Pyramid 1.7 because the view's
    discriminator cannot be computed until view derivers and view predicates
    have been created in earlier orders. Invoking an action from another action
    would trigger an unrolling of the pipeline and would compute discriminators
    before they were ready. The new behavior respects the order of the action
    and ensures the discriminators are not computed until dependent actions
    from previous orders have executed.
    See Pylons/pyramid#2757
  • Fix bug in i18n where the default domain would always use the Germanic plural
    style, even if a different plural function is defined in the relevant
    messages file. See Pylons/pyramid#2859
  • The config.override_asset method now occurs during
    pyramid.config.PHASE1_CONFIG such that it is ordered to execute before
    any calls to config.add_translation_dirs.
    See Pylons/pyramid#2873

Deprecations

  • The pcreate script and related scaffolds have been deprecated in favor
    of the popular
    cookiecutter <https://cookiecutter.readthedocs.io/en/latest/>_ project.

All of Pyramid's official scaffolds as well as the tutorials have been
ported to cookiecutters:

  • pyramid-cookiecutter-starter <https://github.com/Pylons/pyramid-cookiecutter-starter>_
  • pyramid-cookiecutter-alchemy <https://github.com/Pylons/pyramid-cookiecutter-alchemy>_
  • pyramid-cookiecutter-zodb <https://github.com/Pylons/pyramid-cookiecutter-zodb>_

See Pylons/pyramid#2780

Documentation Changes

  • Add pyramid_nacl_session <http://docs.pylonsproject.org/projects/pyramid-nacl-session/en/latest/>_
    to session factories. See Pylons/pyramid#2791
  • Update HACKING.txt from stale branch that was never merged to master.
    See Pylons/pyramid#2782
  • Fix an inconsistency in the documentation between view predicates and
    route predicates and highlight the differences in their APIs.
    See Pylons/pyramid#2764
  • Clarify a possible misuse of the headers kwarg to subclasses of
    pyramid.httpexceptions.HTTPException in which more appropriate
    kwargs from the parent class pyramid.response.Response should be
    used instead. See Pylons/pyramid#2750
  • The SQLAlchemy + URL Dispatch + Jinja2 (wiki2) and
    ZODB + Traversal + Chameleon (wiki) tutorials have been updated to
    utilize the new cookiecutters and drop support for the pcreate
    scaffolds.

See Pylons/pyramid#2881 and
Pylons/pyramid#2883.

  • Quick Tour updated to use cookiecutters instead of pcreate and scaffolds.
    See Pylons/pyramid#2888

1.7

================

  • Fix a bug in the wiki2 tutorial where bcrypt is always expecting byte
    strings. See Pylons/pyramid#2576

1.7b4

==================

  • Fixed the exception view tween to re-raise the original exception if
    no exception view could be found to handle the exception. This better
    allows tweens further up the chain to handle exceptions that were
    left unhandled. Previously they would be converted into a
    PredicateMismatch exception if predicates failed to allow the view to
    handle the exception.
    See Pylons/pyramid#2567
  • Exposed the pyramid.interfaces.IRequestFactory interface to mirror
    the public pyramid.interfaces.IResponseFactory interface.

1.7b3

==================

  • Fix request.invoke_exception_view to raise an HTTPNotFound
    exception if no view is matched. Previously None would be returned
    if no views were matched and a PredicateMismatch would be raised if
    a view "almost" matched (a view was found matching the context).
    See Pylons/pyramid#2564
  • Add defaults for py.test configuration and coverage to all three scaffolds,
    and update documentation accordingly.
    See Pylons/pyramid#2550
  • Add linkcheck to Makefile for Sphinx. To check the documentation for
    broken links, use the command make linkcheck SPHINXBUILD=$VENV/bin/sphinx-build. Also removed and fixed dozens of broken
    external links.
  • Fix the internal runner for scaffold tests to ensure they work with pip
    and py.test.
    See Pylons/pyramid#2565

1.7b2

==================

  • Removed inclusion of pyramid_tm in development.ini for alchemy scaffold
    See Pylons/pyramid#2538
  • A default permission set via config.set_default_permission will no
    longer be enforced on an exception view. This has been the case for a while
    with the default exception views (config.add_notfound_view and
    config.add_forbidden_view), however for any other exception view a
    developer had to remember to set permission=NO_PERMISSION_REQUIRED or
    be surprised when things didn't work. It is still possible to force a
    permission check on an exception view by setting the permission argument
    manually to config.add_view. This behavior is consistent with the new
    CSRF features added in the 1.7 series.
    See Pylons/pyramid#2534

1.7b1

==================

  • This release announces the beta period for 1.7.
  • Fix an issue where some files were being included in the alchemy scafffold
    which had been removed from the 1.7 series.
    See Pylons/pyramid#2525

1.7a2

==================

Features

  • Automatic CSRF checks are now disabled by default on exception views. They
    can be turned back on by setting the appropriate require_csrf option on
    the view.
    See Pylons/pyramid#2517
  • The automatic CSRF API was reworked to use a config directive for
    setting the options. The pyramid.require_default_csrf setting is
    no longer supported. Instead, a new config.set_default_csrf_options
    directive has been introduced that allows the developer to specify
    the default value for require_csrf as well as change the CSRF token,
    header and safe request methods. The pyramid.csrf_trusted_origins
    setting is still supported.
    See Pylons/pyramid#2518

Bug fixes

1.7a1

==================

Backward Incompatibilities

  • Following the Pyramid deprecation period (1.4 -> 1.6),
    AuthTktAuthenticationPolicy's default hashing algorithm is changing from md5
    to sha512. If you are using the authentication policy and need to continue
    using md5, please explicitly set hashalg to 'md5'.

This change does mean that any existing auth tickets (and associated cookies)
will no longer be valid, and users will no longer be logged in, and have to
login to their accounts again.

See Pylons/pyramid#2496

  • The check_csrf_token function no longer validates a csrf token in the
    query string of a request. Only headers and request bodies are supported.
    See Pylons/pyramid#2500

Features

  • Added a new setting, pyramid.require_default_csrf which may be used
    to turn on CSRF checks globally for every POST request in the application.
    This should be considered a good default for websites built on Pyramid.
    It is possible to opt-out of CSRF checks on a per-view basis by setting
    require_csrf=False on those views.
    See Pylons/pyramid#2413
  • Added a require_csrf view option which will enforce CSRF checks on any
    request with an unsafe method as defined by RFC2616. If the CSRF check fails
    a BadCSRFToken exception will be raised and may be caught by exception
    views (the default response is a 400 Bad Request). This option should be
    used in place of the deprecated check_csrf view predicate which would
    normally result in unexpected 404 Not Found response to the client
    instead of a catchable exception. See
    Pylons/pyramid#2413 and
    Pylons/pyramid#2500
  • Added an additional CSRF validation that checks the origin/referrer of a
    request and makes sure it matches the current request.domain. This
    particular check is only active when accessing a site over HTTPS as otherwise
    browsers don't always send the required information. If this additional CSRF
    validation fails a BadCSRFOrigin exception will be raised and may be
    caught by exception views (the default response is 400 Bad Request).
    Additional allowed origins may be configured by setting
    pyramid.csrf_trusted_origins to a list of domain names (with ports if on
    a non standard port) to allow. Subdomains are not allowed unless the domain
    name has been prefixed with a .. See
    Pylons/pyramid#2501
  • Added a new pyramid.session.check_csrf_origin API for validating the
    origin or referrer headers against the request's domain.
    See Pylons/pyramid#2501
  • Pyramid HTTPExceptions will now take into account the best match for the
    clients Accept header, and depending on what is requested will return
    text/html, application/json or text/plain. The default for / is still
    text/html, but if application/json is explicitly mentioned it will now
    receive a valid JSON response. See
    Pylons/pyramid#2489
  • Add a new "view deriver" concept to Pyramid to allow framework authors to
    inject elements into the standard Pyramid view pipeline and affect all
    views in an application. This is similar to a decorator except that it
    has access to options passed to config.add_view and can affect other
    stages of the pipeline such as the raw response from a view or prior to
    security checks. See Pylons/pyramid#2021
  • Allow a leading = on the key of the request param predicate.
    For example, '=abc=1' is equivalent down to
    request.params['=abc'] == '1'.
    See Pylons/pyramid#1370
  • A new request.invoke_exception_view(...) method which can be used to
    invoke an exception view and get back a response. This is useful for
    rendering an exception view outside of the context of the excview tween
    where you may need more control over the request.
    See Pylons/pyramid#2393
  • Allow using variable substitutions like %(LOGGING_LOGGER_ROOT_LEVEL)s
    for logging sections of the .ini file and populate these variables from
    the pserve command line -- e.g.:
    pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG
    See Pylons/pyramid#2399

Documentation Changes

  • A complete overhaul of the docs:
  • Use pip instead of easy_install.
  • Become opinionated by preferring Python 3.4 or greater to simplify
    installation of Python and its required packaging tools.
  • Use venv for the tool, and virtual environment for the thing created,
    instead of virtualenv.
  • Use py.test and pytest-cov instead of nose and coverage.
  • Further updates to the scaffolds as well as tutorials and their src files.

See Pylons/pyramid#2468

  • A complete overhaul of the alchemy scaffold as well as the
    Wiki2 SQLAlchemy + URLDispatch tutorial to introduce more modern features
    into the usage of SQLAlchemy with Pyramid and provide a better starting
    point for new projects.
    See Pylons/pyramid#2024

Bug Fixes

  • Fix pserve --browser to use the --server-name instead of the
    app name when selecting a section to use. This was only working for people
    who had server and app sections with the same name, for example
    [app:main] and [server:main].
    See Pylons/pyramid#2292

Deprecations

  • The check_csrf view predicate has been deprecated. Use the
    new require_csrf option or the pyramid.require_default_csrf setting
    to ensure that the BadCSRFToken exception is raised.
    See Pylons/pyramid#2413

1.6

================

Deprecations

  • Continue removal of pserve daemon/process management features
    by deprecating --user and --group options.
    See Pylons/pyramid#2190

1.6b3

==================

Backward Incompatibilities

  • Remove the cachebust option from config.add_static_view. See
    config.add_cache_buster for the new way to attach cache busters to
    static assets.
    See Pylons/pyramid#2186
  • Modify the pyramid.interfaces.ICacheBuster API to be a simple callable
    instead of an object with match and pregenerate methods. Cache
    busters are now focused solely on generation. Matching has been dropped.

Note this affects usage of pyramid.static.QueryStringCacheBuster and
pyramid.static.ManifestCacheBuster.

See Pylons/pyramid#2186

Features

  • Add a new config.add_cache_buster API for attaching cache busters to
    static assets. See Pylons/pyramid#2186

Bug Fixes

  • Ensure that IAssetDescriptor.abspath always returns an absolute path.
    There were cases depending on the process CWD that a relative path would
    be returned. See Pylons/pyramid#2188

1.6b2

==================

Features

  • Allow asset specifications to be supplied to
    pyramid.static.ManifestCacheBuster instead of requiring a
    filesystem path.

1.6b1

==================

Backward Incompatibilities

  • IPython and BPython support have been removed from pshell in the core.
    To continue using them on Pyramid 1.6+ you must install the binding
    packages explicitly::

$ pip install pyramid_ipython

or

$ pip install pyramid_bpython

  • Remove default cache busters introduced in 1.6a1 including
    PathSegmentCacheBuster, PathSegmentMd5CacheBuster, and
    QueryStringMd5CacheBuster.
    See Pylons/pyramid#2116

Features

  • The variables injected into pshell are now displayed with their
    docstrings instead of the default str(obj) when possible.
    See Pylons/pyramid#1929
  • Add new pyramid.static.ManifestCacheBuster for use with external
    asset pipelines as well as examples of common usages in the narrative.
    See Pylons/pyramid#2116
  • Fix an issue when user passes unparsed strings to pyramid.session.CookieSession
    and pyramid.authentication.AuthTktCookieHelper for time related parameters
    timeout, reissue_time, max_age that expect an integer value.
    See Pylons/pyramid#2050

Bug Fixes

  • pyramid.httpexceptions.HTTPException now defaults to
    520 Unknown Error instead of None None to conform with changes in
    WebOb 1.5.
    See Pylons/pyramid#1865
  • pshell will now preserve the capitalization of variables in the
    [pshell] section of the INI file. This makes exposing classes to the
    shell a little more straightfoward.
    See Pylons/pyramid#1883
  • Fixed usage of pserve --monitor-restart --daemon which would fail in
    horrible ways. See Pylons/pyramid#2118
  • Explicitly prevent pserve --reload --daemon from being used. It's never
    been supported but would work and fail in weird ways.
    See Pylons/pyramid#2119
  • Fix an issue on Windows when running pserve --reload in which the
    process failed to fork because it could not find the pserve script to
    run. See Pylons/pyramid#2138

Deprecations

  • Deprecate pserve --monitor-restart in favor of user's using a real
    process manager such as Systemd or Upstart as well as Python-based
    solutions like Circus and Supervisor.
    See Pylons/pyramid#2120

1.6a2

==================

Bug Fixes

  • Ensure that pyramid.httpexceptions.exception_response returns the
    appropriate "concrete" class for 400 and 500 status codes.
    See Pylons/pyramid#1832
  • Fix an infinite recursion bug introduced in 1.6a1 when
    pyramid.view.render_view_to_response was called directly or indirectly.
    See Pylons/pyramid#1643
  • Further fix the JSONP renderer by prefixing the returned content with
    a comment. This should mitigate attacks from Flash (See CVE-2014-4671).
    See Pylons/pyramid#1649
  • Allow periods and brackets ([]) in the JSONP callback. The original
    fix was overly-restrictive and broke Angular.
    See Pylons/pyramid#1649

1.6a1

==================

Features

  • pcreate will now ask for confirmation if invoked with
    an argument for a project name that already exists or
    is importable in the current environment.
    See Pylons/pyramid#1357 and
    Pylons/pyramid#1837
  • Make it possible to subclass pyramid.request.Request and also use
    pyramid.request.Request.add_request.method. See
    Pylons/pyramid#1529
  • The pyramid.config.Configurator has grown the ability to allow
    actions to call other actions during a commit-cycle. This enables much more
    logic to be placed into actions, such as the ability to invoke other actions
    or group them for improved conflict detection. We have also exposed and
    documented the config phases that Pyramid uses in order to further assist
    in building conforming addons.
    See Pylons/pyramid#1513
  • Add pyramid.request.apply_request_extensions function which can be
    used in testing to apply any request extensions configured via
    config.add_request_method. Previously it was only possible to test
    the extensions by going through Pyramid's router.
    See Pylons/pyramid#1581
  • Automate code coverage metrics across py2 and py3 instead of just py2.
    See Pylons/pyramid#1471
  • Cache busting for static resources has been added and is available via a new
    argument to pyramid.config.Configurator.add_static_view: cachebust.
    Core APIs are shipped for both cache busting via query strings and
    path segments and may be extended to fit into custom asset pipelines.
    See Pylons/pyramid#1380 and
    Pylons/pyramid#1583
  • Add pyramid.config.Configurator.root_package attribute and init
    parameter to assist with includeable packages that wish to resolve
    resources relative to the package in which the Configurator was created.
    This is especially useful for addons that need to load asset specs from
    settings, in which case it is may be natural for a developer to define
    imports or assets relative to the top-level package.
    See Pylons/pyramid#1337
  • Added line numbers to the log formatters in the scaffolds to assist with
    debugging. See Pylons/pyramid#1326
  • The pshell script will now load a PYTHONSTARTUP file if one is
    defined in the environment prior to launching the interpreter.
    See Pylons/pyramid#1448
  • Make it simple to define notfound and forbidden views that wish to use
    the default exception-response view but with altered predicates and other
    configuration options. The view argument is now optional in
    config.add_notfound_view and config.add_forbidden_view..
    See Pylons/pyramid#494
  • Improve robustness to timing attacks in the AuthTktCookieHelper and
    the SignedCookieSessionFactory classes by using the stdlib's
    hmac.compare_digest if it is available (such as Python 2.7.7+ and 3.3+).
    See Pylons/pyramid#1457
  • Assets can now be overidden by an absolute path on the filesystem when using
    the config.override_asset API. This makes it possible to fully support
    serving up static content from a mutable directory while still being able
    to use the request.static_url API and config.add_static_view.
    Previously it was not possible to use config.add_static_view with an
    absolute path and generate urls to the content. This change replaces
    the call, config.add_static_view('/abs/path', 'static'), with
    config.add_static_view('myapp:static', 'static') and
    config.override_asset(to_override='myapp:static/', override_with='/abs/path/'). The myapp:static asset spec is completely
    made up and does not need to exist - it is used for generating urls
    via request.static_url('myapp:static/foo.png').
    See Pylons/pyramid#1252
  • Added pyramid.config.Configurator.set_response_factory and the
    response_factory keyword argument to the Configurator for defining
    a factory that will return a custom Response class.
    See Pylons/pyramid#1499
  • Allow an iterator to be returned from a renderer. Previously it was only
    possible to return bytes or unicode.
    See Pylons/pyramid#1417
  • pserve can now take a -b or --browser option to open the server
    URL in a web browser. See Pylons/pyramid#1533
  • Overall improvments for the proutes command. Added --format and
    --glob arguments to the command, introduced the method
    column for displaying available request methods, and improved the view
    output by showing the module instead of just __repr__.
    See Pylons/pyramid#1488
  • Support keyword-only arguments and function annotations in views in
    Python 3. See Pylons/pyramid#1556
  • request.response will no longer be mutated when using the
    pyramid.renderers.render_to_response() API. It is now necessary to
    pass in a response= argument to render_to_response if you wish to
    supply the renderer with a custom response object for it to use. If you
    do not pass one then a response object will be created using the
    application's IResponseFactory. Almost all renderers
    mutate the request.response response object (for example, the JSON
    renderer sets request.response.content_type to application/json).
    However, when invoking render_to_response it is not expected that the
    response object being returned would be the same one used later in the
    request. The response object returned from render_to_response is now
    explicitly different from request.response. This does not change the
    API of a renderer. See Pylons/pyramid#1563
  • The append_slash argument of ```Configurator().add_notfound_view()will now accept anything that implements theIResponse`` interface and will use
    that as the response class instead of the default ``HTTPFound``. See
    Pylons/pyramid#1610

Bug Fixes

  • The JSONP renderer created JavaScript code in such a way that a callback
    variable could be used to arbitrarily inject javascript into the response
    object. Pylons/pyramid#1627
  • pyramid.wsgi.wsgiapp and pyramid.wsgi.wsgiapp2 now raise
    ValueError when accidentally passed None.
    See Pylons/pyramid#1320
  • Fix an issue whereby predicates would be resolved as maybe_dotted in the
    introspectable but not when passed for registration. This would mean that
    add_route_predicate for example can not take a string and turn it into
    the actual callable function.
    See Pylons/pyramid#1306
  • Fix pyramid.testing.setUp to return a Configurator with a proper
    package. Previously it was not possible to do package-relative includes
    using the returned Configurator during testing. There is now a
    package argument that can override this behavior as well.
    See Pylons/pyramid#1322
  • Fix an issue where a pyramid.response.FileResponse may apply a charset
    where it does not belong. See Pylons/pyramid#1251
  • Work around a bug introduced in Python 2.7.7 on Windows where
    mimetypes.guess_type returns Unicode rather than str for the content
    type, unlike any previous version of Python. See
    Pylons/pyramid#1360 for more information.
  • pcreate now normalizes the package name by converting hyphens to
    underscores. See Pylons/pyramid#1376
  • Fix an issue with the final response/finished callback being unable to
    add another callback to the list. See
    Pylons/pyramid#1373
  • Fix a failing unittest caused by differing mimetypes across various OSs.
    See Pylons/pyramid#1405
  • Fix route generation for static view asset specifications having no path.
    See Pylons/pyramid#1377
  • Allow the pyramid.renderers.JSONP renderer to work even if there is no
    valid request object. In this case it will not wrap the object in a
    callback and thus behave just like the pyramid.renderers.JSON renderer.
    See Pylons/pyramid#1561
  • Prevent "parameters to load are deprecated" DeprecationWarning
    from setuptools>=11.3. See Pylons/pyramid#1541
  • Avoiding sharing the IRenderer objects across threads when attached to
    a view using the renderer= argument. These renderers were instantiated
    at time of first render and shared between requests, causing potentially
    subtle effects like pyramid.reload_templates = true failing to work
    in pyramid_mako. See Pylons/pyramid#1575
    and Pylons/pyramid#1268
  • request.finished_callbacks and request.response_callbacks now
    default to an iterable instead of None. It may be checked for a length
    of 0. This was the behavior in 1.5.

Deprecations

  • The pserve command's daemonization features have been deprecated. This
    includes the [start,stop,restart,status] subcommands as well as the
    --daemon, --stop-server, --pid-file, and --status flags.

Please use a real process manager in the future instead of relying on the
pserve to daemonize itself. Many options exist including your Operating
System's services such as Systemd or Upstart, as well as Python-based
solutions like Circus and Supervisor.

See Pylons/pyramid#1641

  • Renamed the principal argument to pyramid.security.remember() to
    userid in order to clarify its intended purpose.
    See Pylons/pyramid#1399

Docs

  • Moved the documentation for accept on Configurator.add_view to no
    longer be part of the predicate list. See
    Pylons/pyramid#1391 for a bug report stating
    not_ was failing on accept. Discussion with mcdonc led to the
    conclusion that it should not be documented as a predicate.
    See Pylons/pyramid#1487 for this PR
  • Removed logging configuration from Quick Tutorial ini files except for
    scaffolding- and logging-related chapters to avoid needing to explain it too
    early.
  • Clarify a previously-implied detail of the ISession.invalidate API
    documentation.
  • Improve and clarify the documentation on what Pyramid defines as a
    principal and a userid in its security APIs.
    See Pylons/pyramid#1399

Scaffolds

  • Update scaffold generating machinery to return the version of pyramid and
    pyramid docs for use in scaffolds. Updated starter, alchemy and zodb
    templates to have links to correctly versioned documentation and reflect
    which pyramid was used to generate the scaffold.
  • Removed non-ascii copyright symbol from templates, as this was
    causing the scaffolds to fail for project generation.
  • You can now run the scaffolding func tests via tox py2-scaffolds and
    tox py3-scaffolds.

1.5

================

  • Python 3.4 compatibility.
  • Avoid crash in pserve --reload under Py3k, when iterating over possibly
    mutated sys.modules.
  • UnencryptedCookieSessionFactoryConfig failed if the secret contained
    higher order characters. See Pylons/pyramid#1246
  • Fixed a bug in UnencryptedCookieSessionFactoryConfig and
    SignedCookieSessionFactory where timeout=None would cause a new
    session to always be created. Also in SignedCookieSessionFactory a
    reissue_time=None would cause an exception when modifying the session.
    See Pylons/pyramid#1247
  • Updated docs and scaffolds to keep in step with new 2.0 release of
    Lingua. This included removing all setup.cfg files from scaffolds
    and documentation environments.

1.5b1

==================

Features

  • We no longer eagerly clear request.exception and request.exc_info in
    the exception view tween. This makes it possible to inspect exception
    information within a finished callback. See
    Pylons/pyramid#1223.

1.5a4

==================

Features

  • Updated scaffolds with new theme, fixed documentation and sample project.

Bug Fixes

  • Depend on a newer version of WebOb so that we pull in some crucial bug-fixes
    that were showstoppers for functionality in Pyramid.
  • Add a trailing semicolon to the JSONP response. This fixes JavaScript syntax
    errors for old IE versions. See Pylons/pyramid#1205
  • Fix a memory leak when the configurator's set_request_property method was
    used or when the configurator's add_request_method method was used with
    the property=True attribute. See
    Pylons/pyramid#1212 .

1.5a3

==================

Features

  • An authorization API has been added as a method of the
    request: request.has_permission.

request.has_permission is a method-based alternative to the
pyramid.security.has_permission API and works exactly the same. The
older API is now deprecated.

  • Property API attributes have been added to the request for easier access to
    authentication data: request.authenticated_userid,
    request.unauthenticated_userid, and request.effective_principals.

These are analogues, respectively, of
pyramid.security.authenticated_userid,
pyramid.security.unauthenticated_userid, and
pyramid.security.effective_principals. They operate exactly the same,
except they are attributes of the request instead of functions accepting a
request. They are properties, so they cannot be assigned to. The older
function-based APIs are now deprecated.

  • Pyramid's console scripts (pserve, pviews, etc) can now be run
    directly, allowing custom arguments to be sent to the python interpreter
    at runtime. For example::
 python -3 -m pyramid.scripts.pserve development.ini
  • Added a specific subclass of HTTPBadRequest named
    pyramid.exceptions.BadCSRFToken which will now be raised in response
    to failures in check_csrf_token.
    See Pylons/pyramid#1149
  • Added a new SignedCookieSessionFactory which is very similar to the
    UnencryptedCookieSessionFactoryConfig but with a clearer focus on signing
    content. The custom serializer arguments to this function should only focus
    on serializing, unlike its predecessor which required the serializer to also
    perform signing. See Pylons/pyramid#1142 . Note
    that cookies generated using SignedCookieSessionFactory are not
    compatible with cookies generated using UnencryptedCookieSessionFactory,
    so existing user session data will be destroyed if you switch to it.
  • Added a new BaseCookieSessionFactory which acts as a generic cookie
    factory that can be used by framework implementors to create their own
    session implementations. It provides a reusable API which focuses strictly
    on providing a dictionary-like object that properly handles renewals,
    timeouts, and conformance with the ISession API.
    See Pylons/pyramid#1142
  • The anchor argument to pyramid.request.Request.route_url and
    pyramid.request.Request.resource_url and their derivatives will now be
    escaped via URL quoting to ensure minimal conformance. See
    Pylons/pyramid#1183
  • Allow sending of _query and _anchor options to
    pyramid.request.Request.static_url when an external URL is being
    generated.
    See Pylons/pyramid#1183
  • You can now send a string as the _query argument to
    pyramid.request.Request.route_url and
    pyramid.request.Request.resource_url and their derivatives. When a
    string is sent instead of a list or dictionary. it is URL-quoted however it
    does not need to be in k=v form. This is useful if you want to be able
    to use a different query string format than x-www-form-urlencoded. See
    Pylons/pyramid#1183
  • pyramid.testing.DummyRequest now has a domain attribute to match the
    new WebOb 1.3 API. Its value is example.com.

Bug Fixes

  • Fix the pcreate script so that when the target directory name ends with a
    slash it does not produce a non-working project directory structure.
    Previously saying pcreate -s starter /foo/bar/ produced different output
    than saying pcreate -s starter /foo/bar. The former did not work
    properly.
  • Fix the principals_allowed_by_permission method of
    ACLAuthorizationPolicy so it anticipates a callable __acl__
    on resources. Previously it did not try to call the __acl__
    if it was callable.
  • The pviews script did not work when a url required custom request
    methods in order to perform traversal. Custom methods and descriptors added
    via pyramid.config.Configurator.add_request_method will now be present,
    allowing traversal to continue.
    See Pylons/pyramid#1104
  • Remove unused renderer argument from Configurator.add_route.
  • Allow the BasicAuthenticationPolicy to work with non-ascii usernames
    and passwords. The charset is not passed as part of the header and different
    browsers alternate between UTF-8 and Latin-1, so the policy now attempts
    to decode with UTF-8 first, and will fallback to Latin-1.
    See Pylons/pyramid#1170
  • The view_defaults now apply to notfound and forbidden views
    that are defined as methods of a decorated class.
    See Pylons/pyramid#1173

Documentation

  • Added a "Quick Tutorial" to go with the Quick Tour
  • Removed mention of pyramid_beaker from docs. Beaker is no longer
    maintained. Point people at pyramid_redis_sessions instead.
  • Add documentation for pyramid.interfaces.IRendererFactory and
    pyramid.interfaces.IRenderer.

Backwards Incompatibilities

  • The key/values in the _query parameter of request.route_url and the
    query parameter of request.resource_url (and their variants), used
    to encode a value of None as the string 'None', leaving the resulting
    query string to be a=b&key=None. The value is now dropped in this
    situation, leaving a query string of a=b&key=.
    See Pylons/pyramid#1119

Deprecations

  • Deprecate the pyramid.interfaces.ITemplateRenderer interface. It was
    ill-defined and became unused when Mako and Chameleon template bindings were
    split into their own packages.
  • The pyramid.session.UnencryptedCookieSessionFactoryConfig API has been
    deprecated and is superseded by the
    pyramid.session.SignedCookieSessionFactory. Note that while the cookies
    generated by the UnencryptedCookieSessionFactoryConfig
    are compatible with cookies generated by old releases, cookies generated by
    the SignedCookieSessionFactory are not. See
    Pylons/pyramid#1142
  • The pyramid.security.has_permission API is now deprecated. Instead, use
    the newly-added has_permission method of the request object.
  • The pyramid.security.effective_principals API is now deprecated.
    Instead, use the newly-added effective_principals attribute of the
    request object.
  • The pyramid.security.authenticated_userid API is now deprecated.
    Instead, use the newly-added authenticated_userid attribute of the
    request object.
  • The pyramid.security.unauthenticated_userid API is now deprecated.
    Instead, use the newly-added unauthenticated_userid attribute of the
    request object.

Dependencies

  • Pyramid now depends on WebOb>=1.3 (it uses webob.cookies.CookieProfile
    from 1.3+).

1.5a2

==================

Features

  • Users can now provide dotted Python names to as the factory argument
    the Configurator methods named add_{view,route,subscriber}_predicate
    (instead of passing the predicate factory directly, you can pass a
    dotted name which refers to the factory).

Bug Fixes

  • Fix an exception in pyramid.path.package_name when resolving the package
    name for namespace packages that had no __file__ attribute.

Backwards Incompatibilities

  • Pyramid no longer depends on or configures the Mako and Chameleon templating
    system renderers by default. Disincluding these templating systems by
    default means that the Pyramid core has fewer dependencies and can run on
    future platforms without immediate concern for the compatibility of its
    templating add-ons. It also makes maintenance slightly more effective, as
    different people can maintain the templating system add-ons that they
    understand and care about without needing commit access to the Pyramid core,
    and it allows users who just don't want to see any packages they don't use
    come along for the ride when they install Pyramid.

This means that upon upgrading to Pyramid 1.5a2+, projects that use either
of these templating systems will see a traceback that ends something like
this when their application attempts to render a Chameleon or Mako template::

ValueError: No such renderer factory .pt

Or::

ValueError: No such renderer factory .mako

Or::

ValueError: No such renderer factory .mak

Support for Mako templating has been moved into an add-on package named
pyramid_mako, and support for Chameleon templating has been moved into
an add-on package named pyramid_chameleon. These packages are drop-in
replacements for the old built-in support for these templating langauges.
All you have to do is install them and make them active in your configuration
to register renderer factories for .pt and/or .mako (or .mak) to
make your application work again.

To re-add support for Chameleon and/or Mako template renderers into your
existing projects, follow the below steps.

If you depend on Mako templates:

  • Make sure the pyramid_mako package is installed. One way to do this
    is by adding pyramid_mako to the install_requires section of your
    package's setup.py file and afterwards rerunning setup.py develop::
   setup(
       ...
       install_requires=[
           'pyramid_mako',          new dependency
           'pyramid',
           ...
       ],
   )
  • Within the portion of your application which instantiates a Pyramid
    pyramid.config.Configurator (often the main() function in
    your project's __init__.py file), tell Pyramid to include the
    pyramid_mako includeme::
   config = Configurator(.....)
   config.include('pyramid_mako')

If you depend on Chameleon templates:

  • Make sure the pyramid_chameleon package is installed. One way to do
    this is by adding pyramid_chameleon to the install_requires section
    of your package's setup.py file and afterwards rerunning
    setup.py develop::
   setup(
       ...
       install_requires=[
           'pyramid_chameleon',          new dependency
           'pyramid',
           ...
       ],
   )
  • Within the portion of your application which instantiates a Pyramid
    ~pyramid.config.Configurator (often the main() function in
    your project's __init__.py file), tell Pyramid to include the
    pyramid_chameleon includeme::
   config = Configurator(.....)
   config.include('pyramid_chameleon')

Note that it's also fine to install these packages into older Pyramids for
forward compatibility purposes. Even if you don't upgrade to Pyramid 1.5
immediately, performing the above steps in a Pyramid 1.4 installation is
perfectly fine, won't cause any difference, and will give you forward
compatibility when you eventually do upgrade to Pyramid 1.5.

With the removal of Mako and Chameleon support from the core, some
unit tests that use the pyramid.renderers.render* methods may begin to
fail. If any of your unit tests are invoking either
pyramid.renderers.render() or pyramid.renderers.render_to_response()
with either Mako or Chameleon templates then the
pyramid.config.Configurator instance in effect during
the unit test should be also be updated to include the addons, as shown
above. For example::

   class ATest(unittest.TestCase):
       def setUp(self):
           self.config = pyramid.testing.setUp()
           self.config.include('pyramid_mako')
       def test_it(self):
           result = pyramid.renderers.render('mypkg:templates/home.mako', {})

Or::

   class ATest(unittest.TestCase):
       def setUp(self):
           self.config = pyramid.testing.setUp()
           self.config.include('pyramid_chameleon')
       def test_it(self):
           result = pyramid.renderers.render('mypkg:templates/home.pt', {})
  • If you're using the Pyramid debug toolbar, when you upgrade Pyramid to
    1.5a2+, you'll also need to upgrade the pyramid_debugtoolbar package to
    at least version 1.0.8, as older toolbar versions are not compatible with
    Pyramid 1.5a2+ due to the removal of Mako support from the core. It's
    fine to use this newer version of the toolbar code with older Pyramids too.
  • Removed the request.response_* varying attributes. These attributes
    have been deprecated since Pyramid 1.1, and as per the deprecation policy,
    have now been removed.
  • request.response will no longer be mutated when using the
    pyramid.renderers.render() API. Almost all renderers mutate the
    request.response response object (for example, the JSON renderer sets
    request.response.content_type to application/json), but this is
    only necessary when the renderer is generating a response; it was a bug
    when it was done as a side effect of calling pyramid.renderers.render().
  • Removed the bfg2pyramid fixer script.
  • The pyramid.events.NewResponse event is now sent after response
    callbacks are executed. It previously executed before response callbacks
    were executed. Rationale: it's more useful to be able to inspect the response
    after response callbacks have done their jobs instead of before.
  • Removed the class named pyramid.view.static that had been deprecated
    since Pyramid 1.1. Instead use pyramid.static.static_view with
    use_subpath=True argument.
  • Removed the pyramid.view.is_response function that had been deprecated
    since Pyramid 1.1. Use the pyramid.request.Request.is_response method
    instead.
  • Removed the ability to pass the following arguments to
    pyramid.config.Configurator.add_route: view, view_context.
    view_for, view_permission, view_renderer, and view_attr.
    Using these arguments had been deprecated since Pyramid 1.1. Instead of
    passing view-related arguments to add_route, use a separate call to
    pyramid.config.Configurator.add_view to associate a view with a route
    using its route_name argument. Note that this impacts the
    pyramid.config.Configurator.add_static_view function too, because it
    delegates to add_route.
  • Removed the ability to influence and query a pyramid.request.Request
    object as if it were a dictionary. Previously it was possible to use methods
    like __getitem__, get, items, and other dictlike methods to
    access values in the WSGI environment. This behavior had been deprecated
    since Pyramid 1.1. Use methods of request.environ (a real dictionary)
    instead.
  • Removed ancient backwards compatibily hack in
    pyramid.traversal.DefaultRootFactory which populated the __dict__ of
    the factory with the matchdict values for compatibility with BFG 0.9.
  • The renderer_globals_factory argument to the
    pyramid.config.Configurator` constructor and its setup_registrymethod has been removed. Theset_renderer_globals_factorymethod of pyramid.config.Configuratorhas also been removed. The (internal) pyramid.interfaces.IRendererGlobalsinterface was also removed. These arguments, methods and interfaces had been deprecated since 1.1. Use a BeforeRender`` event subscriber as documented in the "Hooks" chapter of the
    Pyramid narrative documentation instead of providing renderer globals values
    to the configurator.

Deprecations

  • The pyramid.config.Configurator.set_request_property method now issues
    a deprecation warning when used. It had been docs-deprecated in 1.4
    but did not issue a deprecation warning when used.

1.5a1

==================

Features

  • A new http exception subclass named pyramid.httpexceptions.HTTPSuccessful
    was added. You can use this class as the context of an exception
    view to catch all 200-series "exceptions" (e.g. "raise HTTPOk"). This
    also allows you to catch only the HTTPOk exception itself; previously
    this was impossible because a number of other exceptions
    (such as HTTPNoContent) inherited from HTTPOk, but now they do not.
  • You can now generate "hybrid" urldispatch/traversal URLs more easily
    by using the new route_name, route_kw and route_remainder_name
    arguments to request.resource_url and request.resource_path. See
    the new section of the "Combining Traversal and URL Dispatch" documentation
    chapter entitled "Hybrid URL Generation".
  • It is now possible to escape double braces in Pyramid scaffolds (unescaped,
    these represent replacement values). You can use \{\{a\}\} to
    represent a "bare" {{a}}. See
    Pylons/pyramid#862
  • Add localizer and locale_name properties (reified) to the request.
    See Pylons/pyramid#508. Note that the
    pyramid.i18n.get_localizer and pyramid.i18n.get_locale_name functions
    now simply look up these properties on the request.
  • Add pdistreport script, which prints the Python version in use, the
    Pyramid version in use, and the version number and location of all Python
    distributions currently installed.
  • Add the ability to invert the result of any view, route, or subscriber
    predicate using the not_ class. For example::
from pyramid.config import not_
view_config(route_name='myroute', request_method=not_('POST'))
def myview(request): ...

The above example will ensure that the view is called if the request method
is not POST (at least if no other view is more specific).

The pyramid.config.not_ class can be used against any value that is
a predicate value passed in any of these contexts:

  • pyramid.config.Configurator.add_view
  • pyramid.config.Configurator.add_route
  • pyramid.config.Configurator.add_subscriber
  • pyramid.view.view_config
  • pyramid.events.subscriber
  • scripts/prequest.py: add support for submitting PUT and PATCH
    requests. See Pylons/pyramid#1033. add support for
    submitting OPTIONS and PROPFIND requests, and allow users to specify
    basic authentication credentials in the request via a --login argument to
    the script. See Pylons/pyramid#1039.
  • ACLAuthorizationPolicy supports __acl__ as a callable. This
    removes the ambiguity between the potential AttributeError that would
    be raised on the context when the property was not defined and the
    AttributeError that could be raised from any user-defined code within
    a dynamic property. It is recommended to define a dynamic ACL as a callable
    to avoid this ambiguity. See Pylons/pyramid#735.
  • Allow a protocol-relative URL (e.g. //example.com/images) to be passed to
    pyramid.config.Configurator.add_static_view. This allows
    externally-hosted static URLs to be generated based on the current protocol.
  • The AuthTktAuthenticationPolicy has two new options to configure its
    domain usage:
  • parent_domain: if set the authentication cookie is set on
    the parent domain. This is useful if you have multiple sites sharing the
    same domain.
  • domain: if provided the cookie is always set for this domain, bypassing
    all usual logic.

See Pylons/pyramid#1028,
Pylons/pyramid#1072 and
Pylons/pyramid#1078.

  • The AuthTktAuthenticationPolicy now supports IPv6 addresses when using
    the include_ip=True option. This is possibly incompatible with
    alternative auth_tkt implementations, as the specification does not
    define how to properly handle IPv6. See
    Pylons/pyramid#831.
  • Make it possible to use variable arguments via
    pyramid.paster.get_appsettings. This also allowed the generated
    initialize_db script from the alchemy scaffold to grow support
    for options in the form a=1 b=2 so you can fill in
    values in a parameterized .ini file, e.g.
    initialize_myapp_db etc/development.ini a=1 b=2.
    See https://github.com/Pylons/pyrami
@coveralls

This comment has been minimized.

Copy link

commented Apr 30, 2017

Coverage Status

Coverage remained the same at 33.499% when pulling 73cb96f on pyup-pin-pyramid-1.8.3 into d9e543d on master.

@nicfit nicfit merged commit bc4770a into master Apr 30, 2017

5 checks passed

Lintly Linting introduced no new issues.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
coverage/coveralls Coverage remained the same at 33.499%
Details
pyup.io/safety-ci No dependencies with known security vulnerabilities.
Details

@nicfit nicfit deleted the pyup-pin-pyramid-1.8.3 branch Apr 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.