New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Un-deprecate `--process-dependency-links` until an alternative is implemented #4187

Closed
TMiguelT opened this Issue Dec 19, 2016 · 54 comments

Comments

Projects
None yet
@TMiguelT

TMiguelT commented Dec 19, 2016

  • Pip version: 8.1.1
  • Python version: 3.5.2
  • Operating System: Ubuntu 16.04

Description:

The --process-dependency-links was re-added to pip a while ago because there are a number of valid use-cases for the flag: #1955

For this reason, it should probably be un-deprecated until an implementation of PEP 508/440 is in pip. The dependency_links argument to setuptools's setup is also still documented and not deprecated: http://setuptools.readthedocs.io/en/latest/setuptools.html#dependencies-that-aren-t-in-pypi

What I've run:

$ pip install request --process-dependency-links
Collecting request
  Downloading request-0.0.12.tar.gz
  DEPRECATION: Dependency Links processing has been deprecated and will be removed in a future release.
... 
@Kxrr

This comment has been minimized.

Show comment
Hide comment
@Kxrr

Kxrr May 11, 2017

Agreed. Current behaviour of pip for dependency-links really sucks.
#4295
#3610

Kxrr commented May 11, 2017

Agreed. Current behaviour of pip for dependency-links really sucks.
#4295
#3610

@jleclanche

This comment has been minimized.

Show comment
Hide comment
@jleclanche

jleclanche Sep 19, 2017

[Wrote in #3939, moving my comment here]

So, here's the main issue: If I don't want to use a requirements.txt file (because, say, I want declarative dependencies all specified in setup.cfg), how am I supposed to specify a URL as dependency?

This doesn't work:

[options]
install_requires = 
  requests==2.18.4
  https://github.com/example/example_lib/archive/master.zip

I also think dependency links are weird and fine to drop, but canonically how is this use case served if not with those?

jleclanche commented Sep 19, 2017

[Wrote in #3939, moving my comment here]

So, here's the main issue: If I don't want to use a requirements.txt file (because, say, I want declarative dependencies all specified in setup.cfg), how am I supposed to specify a URL as dependency?

This doesn't work:

[options]
install_requires = 
  requests==2.18.4
  https://github.com/example/example_lib/archive/master.zip

I also think dependency links are weird and fine to drop, but canonically how is this use case served if not with those?

@jleclanche

This comment has been minimized.

Show comment
Hide comment
@jleclanche

jleclanche Sep 19, 2017

Another issue is that dependency_links apparently cannot be specified in setup.cfg, only as setup.py arguments. If they are to be undeprecated, that should be fixed.

jleclanche commented Sep 19, 2017

Another issue is that dependency_links apparently cannot be specified in setup.cfg, only as setup.py arguments. If they are to be undeprecated, that should be fixed.

@robertour

This comment has been minimized.

Show comment
Hide comment
@robertour

robertour Sep 20, 2017

Is there any news regarding this? Is there any alternative in progress? dependency_links_ seems to be the only option for internal/private distribution of libraries.

Instead of deprecating it, it should be fixed, a lot of people forget or get confuse because they forget to put both the name-version of the library in the the install_requires and the dependency link that contains the tarbal together with the egg. As an alternative, I would love to see that @jleclanche has suggested, a simple link to the tarball in the install_requires (specifying the egg could be optional).

I don't think we are alone: https://stackoverflow.com/questions/3472430/how-can-i-make-setuptools-install-a-package-thats-not-on-pypi

robertour commented Sep 20, 2017

Is there any news regarding this? Is there any alternative in progress? dependency_links_ seems to be the only option for internal/private distribution of libraries.

Instead of deprecating it, it should be fixed, a lot of people forget or get confuse because they forget to put both the name-version of the library in the the install_requires and the dependency link that contains the tarbal together with the egg. As an alternative, I would love to see that @jleclanche has suggested, a simple link to the tarball in the install_requires (specifying the egg could be optional).

I don't think we are alone: https://stackoverflow.com/questions/3472430/how-can-i-make-setuptools-install-a-package-thats-not-on-pypi

@RonnyPfannschmidt

This comment has been minimized.

Show comment
Hide comment
@RonnyPfannschmidt

RonnyPfannschmidt Sep 20, 2017

Contributor

@robertour tools like devpi support a more clear approach since years now

Contributor

RonnyPfannschmidt commented Sep 20, 2017

@robertour tools like devpi support a more clear approach since years now

@RonnyPfannschmidt

This comment has been minimized.

Show comment
Hide comment
@RonnyPfannschmidt

RonnyPfannschmidt Sep 20, 2017

Contributor

@dstufft btw - i would like to argue that the existene of devpi demonstrates a more clean solution to the problem making dependency links unnecessary

IMHO index inheritance + white listing/blacklisting is more consistent and more comprehensible at a ops level

Contributor

RonnyPfannschmidt commented Sep 20, 2017

@dstufft btw - i would like to argue that the existene of devpi demonstrates a more clean solution to the problem making dependency links unnecessary

IMHO index inheritance + white listing/blacklisting is more consistent and more comprehensible at a ops level

@robertour

This comment has been minimized.

Show comment
Hide comment
@robertour

robertour Sep 20, 2017

@RonnyPfannschmidt, thanks for the suggestion, it seems I am missing something important (discussions about this deprecation have been going for too long) but generally speaking I cannot agree more with this comment from reddit:

devpi could be a solution, but bringing another service into the game that needs maintenance and having to wait for some administrator to setup, will not get me into working very soon. Also we still would have the need to build packages and then put them onto devip (or has devpi a feature to track git repositories??)

Ideally, I would like an alternative that won't take me more than adding a file in my library, or few lines in the setup.py.

I basically don't understand the underlying decision of removing it, I can see how it can lead to bad practices and insecurities, but as long as it is keep for internal use, it should not be a major issue.

robertour commented Sep 20, 2017

@RonnyPfannschmidt, thanks for the suggestion, it seems I am missing something important (discussions about this deprecation have been going for too long) but generally speaking I cannot agree more with this comment from reddit:

devpi could be a solution, but bringing another service into the game that needs maintenance and having to wait for some administrator to setup, will not get me into working very soon. Also we still would have the need to build packages and then put them onto devip (or has devpi a feature to track git repositories??)

Ideally, I would like an alternative that won't take me more than adding a file in my library, or few lines in the setup.py.

I basically don't understand the underlying decision of removing it, I can see how it can lead to bad practices and insecurities, but as long as it is keep for internal use, it should not be a major issue.

@pradyunsg

This comment has been minimized.

Show comment
Hide comment
@pradyunsg

pradyunsg Oct 2, 2017

Member

#4175 means that PEP 508 URL support will be there in pip 10. I think this can be closed.

Thoughts @pfmoore @dstufft?

Member

pradyunsg commented Oct 2, 2017

#4175 means that PEP 508 URL support will be there in pip 10. I think this can be closed.

Thoughts @pfmoore @dstufft?

@pfmoore

This comment has been minimized.

Show comment
Hide comment
@pfmoore

pfmoore Oct 2, 2017

Member

I thought 86b0779 meant that the @ syntax cannot be used for dependencies, so this means #4175 isn't a solution for this issue. The comments over there were that we shouldn't implement @ support for dependencies until PyPI was able to block uploads that used it (because we don't want installing something from PyPI to be able to grab stuff from arbitrary URLs, presumably).

Member

pfmoore commented Oct 2, 2017

I thought 86b0779 meant that the @ syntax cannot be used for dependencies, so this means #4175 isn't a solution for this issue. The comments over there were that we shouldn't implement @ support for dependencies until PyPI was able to block uploads that used it (because we don't want installing something from PyPI to be able to grab stuff from arbitrary URLs, presumably).

@rgerkin

This comment has been minimized.

Show comment
Hide comment
@rgerkin

rgerkin Oct 13, 2017

It shouldn't be deprecated until there is an alternative in place, i.e. PEP 508 support. Until then, too many people are using it.

rgerkin commented Oct 13, 2017

It shouldn't be deprecated until there is an alternative in place, i.e. PEP 508 support. Until then, too many people are using it.

@teran-mckinney

This comment has been minimized.

Show comment
Hide comment
@teran-mckinney

teran-mckinney Nov 21, 2017

What's the proper workflow for this?

Let 's say there's a library that I need to add a feature to. I fork it on Github. Feature isn't going to be merged any time soon, so I have a tool that I set to use my Github fork instead of PyPi.

Now all of my users have to add --process-dependency-links when installing my tool with pip, which is a deprecated and even once removed flag?

Is there some option in setup.py that I'm missing or is there really no way around this? It seems like the only viable way to do this is to push up a forked pypi package. That is just going to add to user's confusion once your pull request does get merged, anyway.

teran-mckinney commented Nov 21, 2017

What's the proper workflow for this?

Let 's say there's a library that I need to add a feature to. I fork it on Github. Feature isn't going to be merged any time soon, so I have a tool that I set to use my Github fork instead of PyPi.

Now all of my users have to add --process-dependency-links when installing my tool with pip, which is a deprecated and even once removed flag?

Is there some option in setup.py that I'm missing or is there really no way around this? It seems like the only viable way to do this is to push up a forked pypi package. That is just going to add to user's confusion once your pull request does get merged, anyway.

@pradyunsg pradyunsg modified the milestones: 18.0, 18.1 Jul 21, 2018

@pradyunsg

This comment has been minimized.

Show comment
Hide comment
@pradyunsg

pradyunsg Jul 21, 2018

Member

See #5571 -- the PR for this for why this has been pushed to a later release.

Member

pradyunsg commented Jul 21, 2018

See #5571 -- the PR for this for why this has been pushed to a later release.

@wvxvw-traiana

This comment has been minimized.

Show comment
Hide comment
@wvxvw-traiana

wvxvw-traiana Aug 22, 2018

The warning in PIP installation log gives this URL, but there is no solution to the problem neither here nor in the other tickets mentioned.

Moreover, this is even more confusing: what do you mean when you say PyPI? Do you mean any server that implements the PyPI interface (eg. Artifactory), or, specifically, pypi.org?

Now, obviously, someone who wants to support both installing a package through setuptools (a.k.a. running setup.py install) and through using pip install will be now in a pickle. Specifying dependency links is the only way for someone in this situation to deal with multiple interdependent packages.

Now, correct me if I'm wrong, but so far it seems like if you take this away based on whatever decision PyPA has made about uploads to their servers, you, basically, make pip useless for Artifactory users / companies who have private repositories with interdependent packages.

Please tell me that I'm wrong and missed something in this whole story (I was following it on and off for a while). I red PEP 508, but it really makes no difference in this regard, at least, I cannot see how it would make things better or worse.

wvxvw-traiana commented Aug 22, 2018

The warning in PIP installation log gives this URL, but there is no solution to the problem neither here nor in the other tickets mentioned.

Moreover, this is even more confusing: what do you mean when you say PyPI? Do you mean any server that implements the PyPI interface (eg. Artifactory), or, specifically, pypi.org?

Now, obviously, someone who wants to support both installing a package through setuptools (a.k.a. running setup.py install) and through using pip install will be now in a pickle. Specifying dependency links is the only way for someone in this situation to deal with multiple interdependent packages.

Now, correct me if I'm wrong, but so far it seems like if you take this away based on whatever decision PyPA has made about uploads to their servers, you, basically, make pip useless for Artifactory users / companies who have private repositories with interdependent packages.

Please tell me that I'm wrong and missed something in this whole story (I was following it on and off for a while). I red PEP 508, but it really makes no difference in this regard, at least, I cannot see how it would make things better or worse.

@bstrdsmkr

This comment has been minimized.

Show comment
Hide comment
@bstrdsmkr

bstrdsmkr Aug 22, 2018

Contributor

@wvxvw-traiana I think you missed PR #5571
Before that PR (and in the current release -- 18.0) pip will refuse to install any dependency specified via PEP508 syntax.

After that PR (already merged so should be in 18.1+) pip will only refuse such dependencies if the package that depends on them comes from pypi.org.

If you install a package from your private repo which depends on stuff from pypi, obviously that's fine.
If you install a package from pypi.org which depends on stuff from your private repo, that fails.
If you install a package from your private repo that depends on stuff in your private repo, that's fine.

Hope that helps clear things up

Contributor

bstrdsmkr commented Aug 22, 2018

@wvxvw-traiana I think you missed PR #5571
Before that PR (and in the current release -- 18.0) pip will refuse to install any dependency specified via PEP508 syntax.

After that PR (already merged so should be in 18.1+) pip will only refuse such dependencies if the package that depends on them comes from pypi.org.

If you install a package from your private repo which depends on stuff from pypi, obviously that's fine.
If you install a package from pypi.org which depends on stuff from your private repo, that fails.
If you install a package from your private repo that depends on stuff in your private repo, that's fine.

Hope that helps clear things up

@dpwrussell

This comment has been minimized.

Show comment
Hide comment
@dpwrussell

dpwrussell Aug 22, 2018

@bstrdsmkr Is it same origin or is pypi a special case? I.e.

If you install a package from your private repo which depends on stuff from a different private repo.

dpwrussell commented Aug 22, 2018

@bstrdsmkr Is it same origin or is pypi a special case? I.e.

If you install a package from your private repo which depends on stuff from a different private repo.

@pfmoore

This comment has been minimized.

Show comment
Hide comment
@pfmoore

pfmoore Aug 22, 2018

Member

To add some further context on the reasons behind this:

  1. Direct URL links allow a package to trigger downloading and running arbitrary code from anywhere on the internet. That's OK if you're taking responsibility for the package doing that, so we allow direct URL links on that understanding.
  2. People expect to install from PyPI (specifically PyPI, not package indexes in general) and trust the packages they download from there. To prevent a compromise of a PyPI package exposing a large number of Python users, we do not allow packages coming from PyPI to depend on direct URL links (because it imposes too much of a burden on our users to insist that they have to audit everything from PyPI that they use for links to external code).
  3. Dependency links are a setuptools-specific mechanism, and are processed by setuptools' internal machinery, not by pip. So unlike direct URL links, we don't have any control over what they do. That's why we deprecated them in favour of the standard direct URL form, which we do handle ourselves.

someone who wants to support both installing a package through setuptools (a.k.a. running setup.py install) and through using pip install will be now in a pickle.

If true, that's because setuptools hasn't implemented support for direct URL links, which is an agreed standard. Feel free to raise that with them.

If you install a package from your private repo which depends on stuff from a different private repo.

That works fine. PyPI isn't involved.

Member

pfmoore commented Aug 22, 2018

To add some further context on the reasons behind this:

  1. Direct URL links allow a package to trigger downloading and running arbitrary code from anywhere on the internet. That's OK if you're taking responsibility for the package doing that, so we allow direct URL links on that understanding.
  2. People expect to install from PyPI (specifically PyPI, not package indexes in general) and trust the packages they download from there. To prevent a compromise of a PyPI package exposing a large number of Python users, we do not allow packages coming from PyPI to depend on direct URL links (because it imposes too much of a burden on our users to insist that they have to audit everything from PyPI that they use for links to external code).
  3. Dependency links are a setuptools-specific mechanism, and are processed by setuptools' internal machinery, not by pip. So unlike direct URL links, we don't have any control over what they do. That's why we deprecated them in favour of the standard direct URL form, which we do handle ourselves.

someone who wants to support both installing a package through setuptools (a.k.a. running setup.py install) and through using pip install will be now in a pickle.

If true, that's because setuptools hasn't implemented support for direct URL links, which is an agreed standard. Feel free to raise that with them.

If you install a package from your private repo which depends on stuff from a different private repo.

That works fine. PyPI isn't involved.

@wvxvw-traiana

This comment has been minimized.

Show comment
Hide comment
@wvxvw-traiana

wvxvw-traiana Aug 22, 2018

OK, so, on one hand, I'm happy that this doesn't affect me.

On the other hand, this "fix" seems, how'd I put it... too easy to work around.

echo "not-pypi 151.101.61.63" >> /etc/hosts
pip install --index-url not-pypi

Not my business, really, but seems like a really surface-level approach. (The other attack vector was mentioned in other comments, where you can simply download whatever you want in setup.py).

wvxvw-traiana commented Aug 22, 2018

OK, so, on one hand, I'm happy that this doesn't affect me.

On the other hand, this "fix" seems, how'd I put it... too easy to work around.

echo "not-pypi 151.101.61.63" >> /etc/hosts
pip install --index-url not-pypi

Not my business, really, but seems like a really surface-level approach. (The other attack vector was mentioned in other comments, where you can simply download whatever you want in setup.py).

@pfmoore

This comment has been minimized.

Show comment
Hide comment
@pfmoore

pfmoore Aug 22, 2018

Member

It's not designed to be hard for users to work around by users. It's a means of offering a (limited) solution to the fact that PyPI doesn't yet have a way to block people from uploading packages with direct URL dependencies. See #4175 (comment) for some context.

Member

pfmoore commented Aug 22, 2018

It's not designed to be hard for users to work around by users. It's a means of offering a (limited) solution to the fact that PyPI doesn't yet have a way to block people from uploading packages with direct URL dependencies. See #4175 (comment) for some context.

@bstrdsmkr

This comment has been minimized.

Show comment
Hide comment
@bstrdsmkr

bstrdsmkr Aug 22, 2018

Contributor

@dpwrussell pypi.org is a special case. Any private repo to any private repo works fine after the change.

@wvxvw-traiana it isn't meant to prevent you from doing that yourself. It is meant to keep someone else from doing that to you when you think you're just installing a package from pypi.org

Contributor

bstrdsmkr commented Aug 22, 2018

@dpwrussell pypi.org is a special case. Any private repo to any private repo works fine after the change.

@wvxvw-traiana it isn't meant to prevent you from doing that yourself. It is meant to keep someone else from doing that to you when you think you're just installing a package from pypi.org

@pradyunsg

This comment has been minimized.

Show comment
Hide comment
@pradyunsg

pradyunsg Aug 22, 2018

Member

Unrelated to the current discussion, I'm reopening this since we haven't actually updated the deprecation warning for this.

Member

pradyunsg commented Aug 22, 2018

Unrelated to the current discussion, I'm reopening this since we haven't actually updated the deprecation warning for this.

@pradyunsg

This comment has been minimized.

Show comment
Hide comment
@pradyunsg

pradyunsg Aug 23, 2018

Member

#5726 adds language suggesting the use of PEP 508 URLs, which IMO is the last bit needed for this.

Member

pradyunsg commented Aug 23, 2018

#5726 adds language suggesting the use of PEP 508 URLs, which IMO is the last bit needed for this.

@pradyunsg

This comment has been minimized.

Show comment
Hide comment
@pradyunsg

pradyunsg Aug 24, 2018

Member

Alrighty then. Let me summarize:

  • dependency links are still deprecated and are now scheduled for removal in pip 19.0.
  • standard backed replacement for it is PEP 508 URL dependencies
  • When installing from PyPI, if a package has PEP 508 URL dependencies, it will result in pip aborting the installation.

@pfmoore has elaborated the reasons for these decisions here: #4187 (comment)

Member

pradyunsg commented Aug 24, 2018

Alrighty then. Let me summarize:

  • dependency links are still deprecated and are now scheduled for removal in pip 19.0.
  • standard backed replacement for it is PEP 508 URL dependencies
  • When installing from PyPI, if a package has PEP 508 URL dependencies, it will result in pip aborting the installation.

@pfmoore has elaborated the reasons for these decisions here: #4187 (comment)

@wreed4

This comment has been minimized.

Show comment
Hide comment
@wreed4

wreed4 Aug 27, 2018

@pradyunsg When will PEP 508 URL dependencies be allowed in install_requires in the setup.py? Is there a date set?

wreed4 commented Aug 27, 2018

@pradyunsg When will PEP 508 URL dependencies be allowed in install_requires in the setup.py? Is there a date set?

@pradyunsg

This comment has been minimized.

Show comment
Hide comment
@pradyunsg

pradyunsg Aug 27, 2018

Member

In the next release of pip -- that's 18.1, scheduled for October. You can read more about pip's 3 month release cycle at https://pip.pypa.io/en/latest/development/release-process/. :)

Member

pradyunsg commented Aug 27, 2018

In the next release of pip -- that's 18.1, scheduled for October. You can read more about pip's 3 month release cycle at https://pip.pypa.io/en/latest/development/release-process/. :)

@benoit-pierre

This comment has been minimized.

Show comment
Hide comment
@benoit-pierre

benoit-pierre Aug 27, 2018

Member

pypa/wheel#249 needs to be addressed before PEP 508 URL dependencies become a viable alternative.

Member

benoit-pierre commented Aug 27, 2018

pypa/wheel#249 needs to be addressed before PEP 508 URL dependencies become a viable alternative.

kilemensi added a commit to TakwimuAfrica/Takwimu that referenced this issue Sep 5, 2018

Force pip to install wazimap from Github
`pip` doesn't process `dependency_links` in `setup.py` by default. One needs to pass `--process-dependency-links` as part of install arguments. However, this has also been deprecated: pypa/pip#4187

Hence add a direct link to wazimap in `requrements.txt`

@kilemensi kilemensi referenced this issue Sep 5, 2018

Merged

Force pip to install wazimap from Github #364

3 of 5 tasks complete

DavidLemayian added a commit to CodeForAfrica/HURUmap that referenced this issue Sep 23, 2018

Remove --process-dependency-links documentation
Misleading title at pypa/pip#4187 . --process-dependency-links is *not* bein undeprecated.
@pradyunsg

This comment has been minimized.

Show comment
Hide comment
@pradyunsg

pradyunsg Oct 5, 2018

Member

pypa/wheel#249 needs to be addressed before PEP 508 URL dependencies become a viable alternative.

This has been addressed.

Member

pradyunsg commented Oct 5, 2018

pypa/wheel#249 needs to be addressed before PEP 508 URL dependencies become a viable alternative.

This has been addressed.

bors bot added a commit to mozilla/normandy that referenced this issue Oct 8, 2018

Merge #1576
1576: Scheduled weekly dependency update for week 40 r=peterbe a=pyup-bot






### Update [botocore](https://pypi.org/project/botocore) from **1.11.6** to **1.12.18**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.12.18
   ```
   =======

* api-change:``ds``: Update ds client to latest version
   ```
   
  
  
   ### 1.12.17
   ```
   =======

* api-change:``ssm``: Update ssm client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
* enhancement:HTTP Session: Added the ability to enable TCP Keepalive via the shared config file&#39;s ``tcp_keepalive`` option.
* api-change:``apigateway``: Update apigateway client to latest version
* api-change:``storagegateway``: Update storagegateway client to latest version
   ```
   
  
  
   ### 1.12.16
   ```
   =======

* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``secretsmanager``: Update secretsmanager client to latest version
   ```
   
  
  
   ### 1.12.15
   ```
   =======

* api-change:``rekognition``: Update rekognition client to latest version
* api-change:``guardduty``: Update guardduty client to latest version
   ```
   
  
  
   ### 1.12.14
   ```
   =======

* api-change:``codestar``: Update codestar client to latest version
* api-change:``ec2``: Update ec2 client to latest version
   ```
   
  
  
   ### 1.12.13
   ```
   =======

* api-change:``mq``: Update mq client to latest version
* api-change:``apigateway``: Update apigateway client to latest version
* enhancement:Event: Add the `before-send` event which allows finalized requests to be inspected before being sent across the wire and allows for custom responses to be returned.
* api-change:``codecommit``: Update codecommit client to latest version
   ```
   
  
  
   ### 1.12.12
   ```
   =======

* api-change:``sqs``: Update sqs client to latest version
* api-change:``glue``: Update glue client to latest version
* api-change:``opsworkscm``: Update opsworkscm client to latest version
* api-change:``rds``: Update rds client to latest version
   ```
   
  
  
   ### 1.12.11
   ```
   =======

* api-change:``ec2``: Update ec2 client to latest version
* api-change:``cloudfront``: Update cloudfront client to latest version
* api-change:``ds``: Update ds client to latest version
   ```
   
  
  
   ### 1.12.10
   ```
   =======

* api-change:``connect``: Update connect client to latest version
* api-change:``rds``: Update rds client to latest version
   ```
   
  
  
   ### 1.12.9
   ```
   ======

* api-change:``mediaconvert``: Update mediaconvert client to latest version
   ```
   
  
  
   ### 1.12.8
   ```
   ======

* api-change:``rds``: Update rds client to latest version
* api-change:``ds``: Update ds client to latest version
* api-change:``ec2``: Update ec2 client to latest version
   ```
   
  
  
   ### 1.12.7
   ```
   ======

* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``s3``: Update s3 client to latest version
* api-change:``organizations``: Update organizations client to latest version
   ```
   
  
  
   ### 1.12.6
   ```
   ======

* bugfix:Serialization: Fixes `1557 &lt;https://github.com/boto/botocore/issues/1557&gt;`__. Fixed a regression in serialization where request bodies would be improperly encoded.
* api-change:``es``: Update es client to latest version
* api-change:``rekognition``: Update rekognition client to latest version
   ```
   
  
  
   ### 1.12.5
   ```
   ======

* api-change:``codebuild``: Update codebuild client to latest version
* api-change:``elastictranscoder``: Update elastictranscoder client to latest version
* api-change:``ecs``: Update ecs client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``secretsmanager``: Update secretsmanager client to latest version
* api-change:``elasticache``: Update elasticache client to latest version
   ```
   
  
  
   ### 1.12.4
   ```
   ======

* enhancement:s3: Adds encoding and decoding handlers for ListObjectsV2 `1552 &lt;https://github.com/boto/botocore/issues/1552&gt;`__
* api-change:``polly``: Update polly client to latest version
   ```
   
  
  
   ### 1.12.3
   ```
   ======

* api-change:``ses``: Update ses client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``fms``: Update fms client to latest version
* api-change:``connect``: Update connect client to latest version
   ```
   
  
  
   ### 1.12.2
   ```
   ======

* api-change:``opsworkscm``: Update opsworkscm client to latest version
* api-change:``ssm``: Update ssm client to latest version
   ```
   
  
  
   ### 1.12.1
   ```
   ======

* api-change:``redshift``: Update redshift client to latest version
* api-change:``cloudhsmv2``: Update cloudhsmv2 client to latest version
   ```
   
  
  
   ### 1.12.0
   ```
   ======

* api-change:``logs``: Update logs client to latest version
* api-change:``config``: Update config client to latest version
* feature:Events: This migrates the event system to using sevice ids instead of either client name or endpoint prefix. This prevents issues that might arise when a service changes their endpoint prefix, also fixes a long-standing bug where you could not register an event to a particular service if it happened to share its endpoint prefix with another service (e.g. ``autoscaling`` and ``application-autoscaling`` both use the endpoint prefix ``autoscaling``). Please see the `upgrade notes &lt;https://botocore.amazonaws.com/v1/documentation/api/latest/index.htmlupgrade-notes&gt;`_ to determine if you are impacted and how to proceed if you are.
   ```
   
  
  
   ### 1.11.9
   ```
   ======

* api-change:``apigateway``: Update apigateway client to latest version
* api-change:``codecommit``: Update codecommit client to latest version
* api-change:``mediaconvert``: Update mediaconvert client to latest version
   ```
   
  
  
   ### 1.11.8
   ```
   ======

* api-change:``rds``: Update rds client to latest version
* api-change:``s3``: Update s3 client to latest version
* api-change:``appstream``: Update appstream client to latest version
* api-change:``dynamodb``: Update dynamodb client to latest version
* api-change:``elb``: Update elb client to latest version
   ```
   
  
  
   ### 1.11.7
   ```
   ======

* api-change:``rds``: Update rds client to latest version
* api-change:``rekognition``: Update rekognition client to latest version
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/botocore
  - Changelog: https://pyup.io/changelogs/botocore/
  - Repo: https://github.com/boto/botocore
</details>





### Update [Faker](https://pypi.org/project/Faker) from **0.8.18** to **0.9.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 0.9.1
   ```
   ---------------------------------------------------------------------------------------

* Fix missing and misplaced comma&#39;s in many providers. Thanks 153957.
* Refactor IPv4 address generation to leverage ``ipaddress`` module. Thanks maticomp.
* An ``en_NZ`` provider for addresses, phone numbers and email addresses. Thanks doctorlard.
* Add ``unique`` argument to ``words()`` for returning unique words. Thanks micahstrube.
* Allow US territories to be excluded from ``state_abbr()`` for ``en_US`` provider. Thanks micahstrube.
* Add support for Python 3.7. Thanks michael-k.
   ```
   
  
  
   ### 0.9.0
   ```
   -------------------------------------------------------------------------------------

* ``.random_sample()`` now returns a list of unique elements instead of a set.
* ``.random_sample_unique()`` is removed in favor of ``.random_sample()``.
* Added ``random_choices()``, ``random_elements()`` and ``random_letters()``.
* Added ``faker.utils.distribution.choices_distribution_unique()``.
* ``words()``, ``password()``, ``uri_path`` and ``pystr()`` now use the new the ``random_choices()``
  method.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/faker
  - Changelog: https://pyup.io/changelogs/faker/
  - Repo: https://github.com/joke2k/faker
</details>





### Update [greenlet](https://pypi.org/project/greenlet) from **0.4.14** to **0.4.15**.


<details>
  <summary>Changelog</summary>
  
  
   ### 0.4.15
   ```
   ===========
- Support for RISC-V architecture
- Workaround a gcc bug on ppc64
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/greenlet
  - Changelog: https://pyup.io/changelogs/greenlet/
  - Repo: https://github.com/python-greenlet/greenlet
  - Docs: https://pythonhosted.org/greenlet/
</details>





### Update [pycparser](https://pypi.org/project/pycparser) from **2.18** to **2.19**.


<details>
  <summary>Changelog</summary>
  
  
   ### 2.19
   ```
   - PR 277: Fix parsing of floating point literals
  - PR 254: Add support for parsing empty structs
  - PR 240: Fix enum formatting in generated C code (also 216)
  - PR 222: Add support for pragma in struct declarations
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pycparser
  - Changelog: https://pyup.io/changelogs/pycparser/
  - Repo: https://github.com/eliben/pycparser
</details>





### Update [setuptools](https://pypi.org/project/setuptools) from **40.2.0** to **40.4.3**.


<details>
  <summary>Changelog</summary>
  
  
   ### 40.4.3
   ```
   -------

* 1480: Bump vendored pyparsing in pkg_resources to 2.2.1.
   ```
   
  
  
   ### 40.4.2
   ```
   -------

* 1497: Updated gitignore in repo.
   ```
   
  
  
   ### 40.4.1
   ```
   -------

* 1480: Bump vendored pyparsing to 2.2.1.
   ```
   
  
  
   ### 40.4.0
   ```
   -------

* 1481: Join the sdist ``--dist-dir`` and the ``build_meta`` sdist directory argument to point to the same target (meaning the build frontend no longer needs to clean manually the dist dir to avoid multiple sdist presence, and setuptools no longer needs to handle conflicts between the two).
   ```
   
  
  
   ### 40.3.0
   ```
   -------

* 1402: Fixed a bug with namespace packages under Python 3.6 when one package in
  current directory hides another which is installed.
* 1427: Set timestamp of ``.egg-info`` directory whenever ``egg_info`` command is run.
* 1474: ``build_meta.get_requires_for_build_sdist`` now does not include the ``wheel`` package anymore.
* 1486: Suppress warnings in pkg_resources.handle_ns.
* 1479: Remove internal use of six.binary_type.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/setuptools
  - Changelog: https://pyup.io/changelogs/setuptools/
  - Repo: https://github.com/pypa/setuptools
</details>





### Update [alabaster](https://pypi.org/project/alabaster) from **0.7.11** to **0.7.12**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/alabaster
  - Changelog: https://pyup.io/changelogs/alabaster/
  - Docs: https://alabaster.readthedocs.io
</details>





### Update [packaging](https://pypi.org/project/packaging) from **17.1** to **18.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 17.2
   ```
   ~~~~~~~~~~~~~~~~

.. note:: This version is not yet released and is under active development.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/packaging
  - Changelog: https://pyup.io/changelogs/packaging/
  - Repo: https://github.com/pypa/packaging
</details>





### Update [pyparsing](https://pypi.org/project/pyparsing) from **2.2.0** to **2.2.2**.


<details>
  <summary>Changelog</summary>
  
  
   ### 2.2.2
   ```
   -------------------------------
- Fixed bug in SkipTo, if a SkipTo expression that was skipping to
  an expression that returned a list (such as an And), and the 
  SkipTo was saved as a named result, the named result could be 
  saved as a ParseResults - should always be saved as a string.
  Issue 28, reported by seron.

- Added simple_unit_tests.py, as a collection of easy-to-follow unit 
  tests for various classes and features of the pyparsing library. 
  Primary intent is more to be instructional than actually rigorous 
  testing. Complex tests can still be added in the unitTests.py file.

- New features added to the Regex class:
  - optional asGroupList parameter, returns all the capture groups as
    a list
  - optional asMatch parameter, returns the raw re.match result
  - new sub(repl) method, which adds a parse action calling
    re.sub(pattern, repl, parsed_result). Simplifies creating 
    Regex expressions to be used with transformString. Like re.sub,
    repl may be an ordinary string (similar to using pyparsing&#39;s 
    replaceWith), or may contain references to capture groups by group 
    number, or may be a callable that takes an re match group and 
    returns a string.
    
    For instance:
        expr = pp.Regex(r&quot;([Hh]\d):\s*(.*)&quot;).sub(r&quot;&lt;\1&gt;\2&lt;/\1&gt;&quot;)
        expr.transformString(&quot;h1: This is the title&quot;)

    will return
        &lt;h1&gt;This is the title&lt;/h1&gt;

- Fixed omission of LICENSE file in source tarball, also added 
  CODE_OF_CONDUCT.md per GitHub community standards.
   ```
   
  
  
   ### 2.2.1
   ```
   -------------------------------
- Applied changes necessary to migrate hosting of pyparsing source
  over to GitHub. Many thanks for help and contributions from hugovk,
  jdufresne, and cngkaygusuz among others through this transition,
  sorry it took me so long!

- Fixed import of collections.abc to address DeprecationWarnings
  in Python 3.7.

- Updated oc.py example to support function calls in arithmetic
  expressions; fixed regex for &#39;==&#39; operator; and added packrat
  parsing. Raised on the pyparsing wiki by Boris Marin, thanks!

- Fixed bug in select_parser.py example, group_by_terms was not
  reported. Reported on SF bugs by Adam Groszer, thanks Adam!

- Added &quot;Getting Started&quot; section to the module docstring, to 
  guide new users to the most common starting points in pyparsing&#39;s
  API.

- Fixed bug in Literal and Keyword classes, which erroneously
  raised IndexError instead of ParseException.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyparsing
  - Changelog: https://pyup.io/changelogs/pyparsing/
  - Repo: https://github.com/pyparsing/pyparsing/
  - Docs: https://pythonhosted.org/pyparsing/
</details>





### Update [click](https://pypi.org/project/click) from **6.7** to **7.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 7.0
   ```
   -----------

Released 2018-09-25

-   Drop support for Python 2.6 and 3.3. (`967`_, `976`_)
-   Wrap ``click.Choice``&#39;s missing message. (`202`_, `1000`_)
-   Add native ZSH autocompletion support. (`323`_, `865`_)
-   Document that ANSI color info isn&#39;t parsed from bytearrays in
    Python 2. (`334`_)
-   Document byte-stripping behavior of ``CliRunner``. (`334`_,
    `1010`_)
-   Usage errors now hint at the ``--help`` option. (`393`_, `557`_)
-   Implement streaming pager. (`409`_, `889`_)
-   Extract bar formatting to its own method. (`414`_)
-   Add ``DateTime`` type for converting input in given date time
    formats. (`423`_)
-   ``secho``&#39;s first argument can now be ``None``, like in ``echo``.
    (`424`_)
-   Fixes a ``ZeroDivisionError`` in ``ProgressBar.make_step``, when the
    arg passed to the first call of ``ProgressBar.update`` is 0.
    (`447`_, `1012`_)
-   Show progressbar only if total execution time is visible. (`487`_)
-   Added the ability to hide commands and options from help. (`500`_)
-   Document that options can be ``required=True``. (`514`_, `1022`_)
-   Non-standalone calls to ``Context.exit`` return the exit code,
    rather than calling ``sys.exit``. (`533`_, `667`_, `1098`_)
-   ``click.getchar()`` returns Unicode in Python 3 on Windows,
    consistent with other platforms. (`537`_, `821`_, `822`_,
    `1088`_, `1108`_)
-   Added ``FloatRange`` type. (`538`_, `553`_)
-   Added support for bash completion of ``type=click.Choice`` for
    ``Options`` and ``Arguments``. (`535`_, `681`_)
-   Only allow one positional arg for ``Argument`` parameter
    declaration. (`568`_, `574`_, `1014`_)
-   Add ``case_sensitive=False`` as an option to Choice. (`569`_)
-   ``click.getchar()`` correctly raises ``KeyboardInterrupt`` on &quot;^C&quot;
    and ``EOFError`` on &quot;^D&quot; on Linux. (`583`_, `1115`_)
-   Fix encoding issue with ``click.getchar(echo=True)`` on Linux.
    (`1115`_)
-   ``param_hint`` in errors now derived from param itself. (`598`_,
    `704`_, `709`_)
-   Add a test that ensures that when an argument is formatted into a
    usage error, its metavar is used, not its name. (`612`_)
-   Allow setting ``prog_name`` as extra in ``CliRunner.invoke``.
    (`616`_, `999`_)
-   Help text taken from docstrings truncates at the ``\f`` form feed
    character, useful for hiding Sphinx-style parameter documentation.
    (`629`_, `1091`_)
-   ``launch`` now works properly under Cygwin. (`650`_)
-   Update progress after iteration. (`651`_, `706`_)
-   ``CliRunner.invoke`` now may receive ``args`` as a string
    representing a Unix shell command. (`664`_)
-   Make ``Argument.make_metavar()`` default to type metavar. (`675`_)
-   Add documentation for ``ignore_unknown_options``. (`684`_)
-   Add bright colors support for ``click.style`` and fix the reset
    option for parameters ``fg`` and ``bg``. (`703`_, `809`_)
-   Add ``show_envvar`` for showing environment variables in help.
    (`710`_)
-   Avoid ``BrokenPipeError`` during interpreter shutdown when stdout or
    stderr is a closed pipe. (`712`_, `1106`_)
-   Document customizing option names. (`725`_, `1016`_)
-   Disable ``sys._getframes()`` on Python interpreters that don&#39;t
    support it. (`728`_)
-   Fix bug in test runner when calling ``sys.exit`` with ``None``.
    (`739`_)
-   Clarify documentation on command line options. (`741`_, `1003`_)
-   Fix crash on Windows console. (`744`_)
-   Fix bug that caused bash completion to give improper completions on
    chained commands. (`754`_, `774`_)
-   Added support for dynamic bash completion from a user-supplied
    callback. (`755`_)
-   Added support for bash completions containing spaces. (`773`_)
-   Allow autocompletion function to determine whether or not to return
    completions that start with the incomplete argument. (`790`_,
    `806`_)
-   Fix option naming routine to match documentation and be
    deterministic. (`793`_, `794`_)
-   Fix path validation bug. (`795`_, `1020`_)
-   Add test and documentation for ``Option`` naming: functionality.
    (`799`_)
-   Update doc to match arg name for ``path_type``. (`801`_)
-   Raw strings added so correct escaping occurs. (`807`_)
-   Fix 16k character limit of ``click.echo`` on Windows. (`816`_,
    `819`_)
-   Overcome 64k character limit when writing to binary stream on
    Windows 7. (`825`_, `830`_)
-   Add bool conversion for &quot;t&quot; and &quot;f&quot;. (`842`_)
-   ``NoSuchOption`` errors take ``ctx`` so that ``--help`` hint gets
    printed in error output. (`860`_)
-   Fixed the behavior of Click error messages with regards to Unicode
    on 2.x and 3.x. Message is now always Unicode and the str and
    Unicode special methods work as you expect on that platform.
    (`862`_)
-   Progress bar now uses stderr by default. (`863`_)
-   Add support for auto-completion documentation. (`866`_, `869`_)
-   Allow ``CliRunner`` to separate stdout and stderr. (`868`_)
-   Fix variable precedence. (`873`_, `874`_)
-   Fix invalid escape sequences. (`877`_)
-   Fix ``ResourceWarning`` that occurs during some tests. (`878`_)
-   When detecting a misconfigured locale, don&#39;t fail if the ``locale``
    command fails. (`880`_)
-   Add ``case_sensitive=False`` as an option to ``Choice`` types.
    (`887`_)
-   Force stdout/stderr writable. This works around issues with badly
    patched standard streams like those from Jupyter. (`918`_)
-   Fix completion of subcommand options after last argument (`919`_,
    `930`_)
-   ``_AtomicFile`` now uses the ``realpath`` of the original filename
    so that changing the working directory does not affect it.
    (`920`_)
-   Fix incorrect completions when defaults are present (`925`_,
    `930`_)
-   Add copy option attrs so that custom classes can be re-used.
    (`926`_, `994`_)
-   &quot;x&quot; and &quot;a&quot; file modes now use stdout when file is ``&quot;-&quot;``.
    (`929`_)
-   Fix missing comma in ``__all__`` list. (`935`_)
-   Clarify how parameters are named. (`949`_, `1009`_)
-   Stdout is now automatically set to non blocking. (`954`_)
-   Do not set options twice. (`962`_)
-   Move ``fcntl`` import. (`965`_)
-   Fix Google App Engine ``ImportError``. (`995`_)
-   Better handling of help text for dynamic default option values.
    (`996`_)
-   Fix ``get_winter_size()`` so it correctly returns ``(0,0)``.
    (`997`_)
-   Add test case checking for custom param type. (`1001`_)
-   Allow short width to address cmd formatting. (`1002`_)
-   Add details about Python version support. (`1004`_)
-   Added deprecation flag to commands. (`1005`_)
-   Fixed issues where ``fd`` was undefined. (`1007`_)
-   Fix formatting for short help. (`1008`_)
-   Document how ``auto_envvar_prefix`` works with command groups.
    (`1011`_)
-   Don&#39;t add newlines by default for progress bars. (`1013`_)
-   Use Python sorting order for ZSH completions. (`1047`_, `1059`_)
-   Document that parameter names are converted to lowercase by default.
    (`1055`_)
-   Subcommands that are named by the function now automatically have
    the underscore replaced with a dash. If you register a function
    named ``my_command`` it becomes ``my-command`` in the command line
    interface.
-   Hide hidden commands and options from completion. (`1058`_,
    `1061`_)
-   Fix absolute import blocking Click from being vendored into a
    project on Windows. (`1068`_, `1069`_)
-   Fix issue where a lowercase ``auto_envvar_prefix`` would not be
    converted to uppercase. (`1105`_)

.. _202: https://github.com/pallets/click/issues/202
.. _323: https://github.com/pallets/click/issues/323
.. _334: https://github.com/pallets/click/issues/334
.. _393: https://github.com/pallets/click/issues/393
.. _409: https://github.com/pallets/click/issues/409
.. _414: https://github.com/pallets/click/pull/414
.. _423: https://github.com/pallets/click/pull/423
.. _424: https://github.com/pallets/click/pull/424
.. _447: https://github.com/pallets/click/issues/447
.. _487: https://github.com/pallets/click/pull/487
.. _500: https://github.com/pallets/click/pull/500
.. _514: https://github.com/pallets/click/issues/514
.. _533: https://github.com/pallets/click/pull/533
.. _535: https://github.com/pallets/click/issues/535
.. _537: https://github.com/pallets/click/issues/537
.. _538: https://github.com/pallets/click/pull/538
.. _553: https://github.com/pallets/click/pull/553
.. _557: https://github.com/pallets/click/pull/557
.. _568: https://github.com/pallets/click/issues/568
.. _569: https://github.com/pallets/click/issues/569
.. _574: https://github.com/pallets/click/issues/574
.. _583: https://github.com/pallets/click/issues/583
.. _598: https://github.com/pallets/click/issues/598
.. _612: https://github.com/pallets/click/pull/612
.. _616: https://github.com/pallets/click/issues/616
.. _629: https://github.com/pallets/click/pull/629
.. _650: https://github.com/pallets/click/pull/650
.. _651: https://github.com/pallets/click/issues/651
.. _664: https://github.com/pallets/click/pull/664
.. _667: https://github.com/pallets/click/issues/667
.. _675: https://github.com/pallets/click/pull/675
.. _681: https://github.com/pallets/click/pull/681
.. _684: https://github.com/pallets/click/pull/684
.. _703: https://github.com/pallets/click/issues/703
.. _704: https://github.com/pallets/click/issues/704
.. _706: https://github.com/pallets/click/pull/706
.. _709: https://github.com/pallets/click/pull/709
.. _710: https://github.com/pallets/click/pull/710
.. _712: https://github.com/pallets/click/pull/712
.. _719: https://github.com/pallets/click/issues/719
.. _725: https://github.com/pallets/click/issues/725
.. _728: https://github.com/pallets/click/pull/728
.. _739: https://github.com/pallets/click/pull/739
.. _741: https://github.com/pallets/click/issues/741
.. _744: https://github.com/pallets/click/issues/744
.. _754: https://github.com/pallets/click/issues/754
.. _755: https://github.com/pallets/click/pull/755
.. _773: https://github.com/pallets/click/pull/773
.. _774: https://github.com/pallets/click/pull/774
.. _790: https://github.com/pallets/click/issues/790
.. _793: https://github.com/pallets/click/issues/793
.. _794: https://github.com/pallets/click/pull/794
.. _795: https://github.com/pallets/click/issues/795
.. _799: https://github.com/pallets/click/pull/799
.. _801: https://github.com/pallets/click/pull/801
.. _806: https://github.com/pallets/click/pull/806
.. _807: https://github.com/pallets/click/pull/807
.. _809: https://github.com/pallets/click/pull/809
.. _816: https://github.com/pallets/click/pull/816
.. _819: https://github.com/pallets/click/pull/819
.. _821: https://github.com/pallets/click/issues/821
.. _822: https://github.com/pallets/click/issues/822
.. _825: https://github.com/pallets/click/issues/825
.. _830: https://github.com/pallets/click/pull/830
.. _842: https://github.com/pallets/click/pull/842
.. _860: https://github.com/pallets/click/issues/860
.. _862: https://github.com/pallets/click/issues/862
.. _863: https://github.com/pallets/click/pull/863
.. _865: https://github.com/pallets/click/pull/865
.. _866: https://github.com/pallets/click/issues/866
.. _868: https://github.com/pallets/click/pull/868
.. _869: https://github.com/pallets/click/pull/869
.. _873: https://github.com/pallets/click/issues/873
.. _874: https://github.com/pallets/click/pull/874
.. _877: https://github.com/pallets/click/pull/877
.. _878: https://github.com/pallets/click/pull/878
.. _880: https://github.com/pallets/click/pull/880
.. _883: https://github.com/pallets/click/pull/883
.. _887: https://github.com/pallets/click/pull/887
.. _889: https://github.com/pallets/click/pull/889
.. _918: https://github.com/pallets/click/pull/918
.. _919: https://github.com/pallets/click/issues/919
.. _920: https://github.com/pallets/click/pull/920
.. _925: https://github.com/pallets/click/issues/925
.. _926: https://github.com/pallets/click/issues/926
.. _929: https://github.com/pallets/click/pull/929
.. _930: https://github.com/pallets/click/pull/930
.. _935: https://github.com/pallets/click/pull/935
.. _949: https://github.com/pallets/click/issues/949
.. _954: https://github.com/pallets/click/pull/954
.. _962: https://github.com/pallets/click/pull/962
.. _965: https://github.com/pallets/click/pull/965
.. _967: https://github.com/pallets/click/pull/967
.. _976: https://github.com/pallets/click/pull/976
.. _990: https://github.com/pallets/click/pull/990
.. _991: https://github.com/pallets/click/pull/991
.. _993: https://github.com/pallets/click/pull/993
.. _994: https://github.com/pallets/click/pull/994
.. _995: https://github.com/pallets/click/pull/995
.. _996: https://github.com/pallets/click/pull/996
.. _997: https://github.com/pallets/click/pull/997
.. _999: https://github.com/pallets/click/pull/999
.. _1000: https://github.com/pallets/click/pull/1000
.. _1001: https://github.com/pallets/click/pull/1001
.. _1002: https://github.com/pallets/click/pull/1002
.. _1003: https://github.com/pallets/click/pull/1003
.. _1004: https://github.com/pallets/click/pull/1004
.. _1005: https://github.com/pallets/click/pull/1005
.. _1007: https://github.com/pallets/click/pull/1007
.. _1008: https://github.com/pallets/click/pull/1008
.. _1009: https://github.com/pallets/click/pull/1009
.. _1010: https://github.com/pallets/click/pull/1010
.. _1011: https://github.com/pallets/click/pull/1011
.. _1012: https://github.com/pallets/click/pull/1012
.. _1013: https://github.com/pallets/click/pull/1013
.. _1014: https://github.com/pallets/click/pull/1014
.. _1016: https://github.com/pallets/click/pull/1016
.. _1020: https://github.com/pallets/click/pull/1020
.. _1022: https://github.com/pallets/click/pull/1022
.. _1027: https://github.com/pallets/click/pull/1027
.. _1047: https://github.com/pallets/click/pull/1047
.. _1055: https://github.com/pallets/click/pull/1055
.. _1058: https://github.com/pallets/click/pull/1058
.. _1059: https://github.com/pallets/click/pull/1059
.. _1061: https://github.com/pallets/click/pull/1061
.. _1068: https://github.com/pallets/click/issues/1068
.. _1069: https://github.com/pallets/click/pull/1069
.. _1088: https://github.com/pallets/click/issues/1088
.. _1091: https://github.com/pallets/click/pull/1091
.. _1098: https://github.com/pallets/click/pull/1098
.. _1105: https://github.com/pallets/click/pull/1105
.. _1106: https://github.com/pallets/click/pull/1106
.. _1108: https://github.com/pallets/click/pull/1108
.. _1115: https://github.com/pallets/click/pull/1115
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/click
  - Changelog: https://pyup.io/changelogs/click/
  - Homepage: https://palletsprojects.com/p/click/
</details>





### Update [toml](https://pypi.org/project/toml) from **0.9.4** to **0.10.0**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/toml
  - Changelog: https://pyup.io/changelogs/toml/
  - Repo: https://github.com/uiri/toml
</details>





### Update [boto3](https://pypi.org/project/boto3) from **1.8.6** to **1.9.18**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.9.18
   ```
   ======

* api-change:``ds``: [``botocore``] Update ds client to latest version
   ```
   
  
  
   ### 1.9.17
   ```
   ======

* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* enhancement:HTTP Session: [``botocore``] Added the ability to enable TCP Keepalive via the shared config file&#39;s ``tcp_keepalive`` option.
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
   ```
   
  
  
   ### 1.9.16
   ```
   ======

* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version
   ```
   
  
  
   ### 1.9.15
   ```
   ======

* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
* api-change:``guardduty``: [``botocore``] Update guardduty client to latest version
   ```
   
  
  
   ### 1.9.14
   ```
   ======

* api-change:``codestar``: [``botocore``] Update codestar client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
   ```
   
  
  
   ### 1.9.13
   ```
   ======

* api-change:``mq``: [``botocore``] Update mq client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* enhancement:Event: [``botocore``] Add the `before-send` event which allows finalized requests to be inspected before being sent across the wire and allows for custom responses to be returned.
* api-change:``codecommit``: [``botocore``] Update codecommit client to latest version
   ```
   
  
  
   ### 1.9.12
   ```
   ======

* api-change:``sqs``: [``botocore``] Update sqs client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
   ```
   
  
  
   ### 1.9.11
   ```
   ======

* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``ds``: [``botocore``] Update ds client to latest version
   ```
   
  
  
   ### 1.9.10
   ```
   ======

* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
   ```
   
  
  
   ### 1.9.9
   ```
   =====

* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
   ```
   
  
  
   ### 1.9.8
   ```
   =====

* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``ds``: [``botocore``] Update ds client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
   ```
   
  
  
   ### 1.9.7
   ```
   =====

* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
   ```
   
  
  
   ### 1.9.6
   ```
   =====

* bugfix:Serialization: [``botocore``] Fixes `1557 &lt;https://github.com/boto/botocore/issues/1557&gt;`__. Fixed a regression in serialization where request bodies would be improperly encoded.
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
   ```
   
  
  
   ### 1.9.5
   ```
   =====

* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``elastictranscoder``: [``botocore``] Update elastictranscoder client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
   ```
   
  
  
   ### 1.9.4
   ```
   =====

* enhancement:s3: [``botocore``] Adds encoding and decoding handlers for ListObjectsV2 `1552 &lt;https://github.com/boto/botocore/issues/1552&gt;`__
* api-change:``polly``: [``botocore``] Update polly client to latest version
   ```
   
  
  
   ### 1.9.3
   ```
   =====

* api-change:``ses``: [``botocore``] Update ses client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``fms``: [``botocore``] Update fms client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
   ```
   
  
  
   ### 1.9.2
   ```
   =====

* api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
   ```
   
  
  
   ### 1.9.1
   ```
   =====

* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``cloudhsmv2``: [``botocore``] Update cloudhsmv2 client to latest version
   ```
   
  
  
   ### 1.9.0
   ```
   =====

* api-change:``logs``: [``botocore``] Update logs client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
* feature:Events: [``botocore``] This migrates the event system to using sevice ids instead of either client name or endpoint prefix. This prevents issues that might arise when a service changes their endpoint prefix, also fixes a long-standing bug where you could not register an event to a particular service if it happened to share its endpoint prefix with another service (e.g. ``autoscaling`` and ``application-autoscaling`` both use the endpoint prefix ``autoscaling``). Please see the `upgrade notes &lt;https://botocore.amazonaws.com/v1/documentation/api/latest/index.htmlupgrade-notes&gt;`_ to determine if you are impacted and how to proceed if you are.
* feature:Events: This migrates the event system to using sevice ids instead of either client name or endpoint prefix. This prevents issues that might arise when a service changes their endpoint prefix, also fixes a long-standing bug where you could not register an event to a particular service if it happened to share its endpoint prefix with another service (e.g. ``autoscaling`` and ``application-autoscaling`` both use the endpoint prefix ``autoscaling``). Please see the `upgrade notes &lt;https://boto3.amazonaws.com/v1/documentation/api/latest/guide/upgrading.html&gt;`_ to determine if you are impacted and how to proceed if you are.
   ```
   
  
  
   ### 1.8.9
   ```
   =====

* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``codecommit``: [``botocore``] Update codecommit client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
   ```
   
  
  
   ### 1.8.8
   ```
   =====

* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``appstream``: [``botocore``] Update appstream client to latest version
* api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
* api-change:``elb``: [``botocore``] Update elb client to latest version
   ```
   
  
  
   ### 1.8.7
   ```
   =====

* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/boto3
  - Changelog: https://pyup.io/changelogs/boto3/
  - Repo: https://github.com/boto/boto3
</details>





### Update [Django](https://pypi.org/project/Django) from **2.0.8** to **2.0.9**.


<details>
  <summary>Changelog</summary>
  
  
   ### 2.0.9
   ```
   ==========================

*October 1, 2018*

Django 2.0.9 fixes a data loss bug in 2.0.8.

Bugfixes
========

* Fixed a race condition in ``QuerySet.update_or_create()`` that could result
  in data loss (:ticket:`29499`).


==========================
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/django
  - Changelog: https://pyup.io/changelogs/django/
  - Homepage: https://www.djangoproject.com/
</details>





### Update [django-storages](https://pypi.org/project/django-storages) from **1.7** to **1.7.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.7.1
   ```
   ******************

- Fix off-by-1 error in ``get_available_name`` whenever ``file_overwrite`` or ``overwrite_files`` is ``True`` (`588`_, `589`_)
- Change ``S3Boto3Storage.listdir()`` to use ``list_objects`` instead of ``list_objects_v2`` to restore
  compatibility with services implementing the S3 protocol that do not yet support the new method (`586`_, `590`_)

.. _588: https://github.com/jschneier/django-storages/issues/588
.. _589: https://github.com/jschneier/django-storages/pull/589
.. _586: https://github.com/jschneier/django-storages/issues/586
.. _590: https://github.com/jschneier/django-storages/pull/590
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/django-storages
  - Changelog: https://pyup.io/changelogs/django-storages/
  - Repo: https://github.com/jschneier/django-storages
</details>





### Update [newrelic](https://pypi.org/project/newrelic) from **4.2.0.100** to **4.4.1.104**.


<details>
  <summary>Changelog</summary>
  
  
   ### 4.4.1.104
   ```
   This release of the Python agent contains bug fixes.

The agent can be installed using easy_install/pip/distribute via the Python Package Index or can be downloaded directly from the New Relic download site.

Bug Fixes


The creation of sampled events sometimes raised an exception in Python 3

When more events (Transaction, Transaction Error, Custom, or Span) were created than allowed per harvest period in Python 3, sometimes a TypeError: &#39;&lt;&#39; not supported between instances of &#39;dict&#39; and &#39;dict&#39; was raised. This issue has now been fixed.
   ```
   
  
  
   ### 4.4.0.103
   ```
   This release of the Python agent introduces instrumentation for Sanic, and contains bug fixes.

The agent can be installed using easy_install/pip/distribute via the Python Package Index or can be downloaded directly from the New Relic download site.

Features


Add instrumentation for Sanic framework

Data is now automatically collected for applications using the Sanic framework. Data for Sanic applications will appear in both APM and Insights. Additionally, cross application tracing and distributed tracing is supported for incoming requests for Sanic applications. In addition to service maps, Sanic applications will now show the calling application in transaction traces. See the instrumented packages page for more details.


Bug Fixes


Explain plans were not generated when using psycopg2 named cursors

When using named cursors in psycopg2, the agent attempted to generate an explain plan using the same named cursor. This resulted in a syntax error when the query was issued to the database. When using the default connection and cursor factories, the agent will now execute the explain query using only unnamed cursors.
Convert bytes-like SQL statements to strings before obfuscating

If a bytes-like object is used instead of a string when making a SQL call, a traceback was seen in the logs with TypeError: cannot use a string pattern on a bytes-like object. This issue has now been fixed.
Save settings to MessageTrace objects

If an external call using an instrumented http external library (for example requests) was used within a MessageTrace, a traceback was seen in the logs with AttributeError: &#39;MessageTrace&#39; object has no attribute &#39;settings&#39;. This issue has now been fixed.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/newrelic
  - Changelog: https://pyup.io/changelogs/newrelic/
  - Homepage: http://newrelic.com/docs/python/new-relic-for-python
</details>





### Update [pytest-django](https://pypi.org/project/pytest-django) from **3.4.2** to **3.4.3**.


<details>
  <summary>Changelog</summary>
  
  
   ### 3.4.3
   ```
   ------------------

Bugfixes
^^^^^^^^

* Fix OSError with arguments containing ``::`` on Windows (641).
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pytest-django
  - Changelog: https://pyup.io/changelogs/pytest-django/
  - Docs: https://pytest-django.readthedocs.io/
</details>





### Update [pytest](https://pypi.org/project/pytest) from **3.7.4** to **3.8.2**.


<details>
  <summary>Changelog</summary>
  
  
   ### 3.8.2
   ```
   =========================

Deprecations and Removals
-------------------------

- `4036 &lt;https://github.com/pytest-dev/pytest/issues/4036&gt;`_: The ``item`` parameter of ``pytest_warning_captured`` hook is now documented as deprecated. We realized only after
  the ``3.8`` release that this parameter is incompatible with ``pytest-xdist``.

  Our policy is to not deprecate features during bugfix releases, but in this case we believe it makes sense as we are
  only documenting it as deprecated, without issuing warnings which might potentially break test suites. This will get
  the word out that hook implementers should not use this parameter at all.

  In a future release ``item`` will always be ``None`` and will emit a proper warning when a hook implementation
  makes use of it.



Bug Fixes
---------

- `3539 &lt;https://github.com/pytest-dev/pytest/issues/3539&gt;`_: Fix reload on assertion rewritten modules.


- `4034 &lt;https://github.com/pytest-dev/pytest/issues/4034&gt;`_: The ``.user_properties`` attribute of ``TestReport`` objects is a list
  of (name, value) tuples, but could sometimes be instantiated as a tuple
  of tuples.  It is now always a list.


- `4039 &lt;https://github.com/pytest-dev/pytest/issues/4039&gt;`_: No longer issue warnings about using ``pytest_plugins`` in non-top-level directories when using ``--pyargs``: the
  current ``--pyargs`` mechanism is not reliable and might give false negatives.


- `4040 &lt;https://github.com/pytest-dev/pytest/issues/4040&gt;`_: Exclude empty reports for passed tests when ``-rP`` option is used.


- `4051 &lt;https://github.com/pytest-dev/pytest/issues/4051&gt;`_: Improve error message when an invalid Python expression is passed to the ``-m`` option.


- `4056 &lt;https://github.com/pytest-dev/pytest/issues/4056&gt;`_: ``MonkeyPatch.setenv`` and ``MonkeyPatch.delenv`` issue a warning if the environment variable name is not ``str`` on Python 2.

  In Python 2, adding ``unicode`` keys to ``os.environ`` causes problems with ``subprocess`` (and possible other modules),
  making this a subtle bug specially susceptible when used with ``from __future__ import unicode_literals``.



Improved Documentation
----------------------

- `3928 &lt;https://github.com/pytest-dev/pytest/issues/3928&gt;`_: Add possible values for fixture scope to docs.
   ```
   
  
  
   ### 3.8.1
   ```
   =========================

Bug Fixes
---------

- `3286 &lt;https://github.com/pytest-dev/pytest/issues/3286&gt;`_: ``.pytest_cache`` directory is now automatically ignored by Git. Users who would like to contribute a solution for other SCMs please consult/comment on this issue.


- `3749 &lt;https://github.com/pytest-dev/pytest/issues/3749&gt;`_: Fix the following error during collection of tests inside packages::

      TypeError: object of type &#39;Package&#39; has no len()


- `3941 &lt;https://github.com/pytest-dev/pytest/issues/3941&gt;`_: Fix bug where indirect parametrization would consider the scope of all fixtures used by the test function to determine the parametrization scope, and not only the scope of the fixtures being parametrized.


- `3973 &lt;https://github.com/pytest-dev/pytest/issues/3973&gt;`_: Fix crash of the assertion rewriter if a test changed the current working directory without restoring it afterwards.


- `3998 &lt;https://github.com/pytest-dev/pytest/issues/3998&gt;`_: Fix issue that prevented some caplog properties (for example ``record_tuples``) from being available when entering the debugger with ``--pdb``.


- `3999 &lt;https://github.com/pytest-dev/pytest/issues/3999&gt;`_: Fix ``UnicodeDecodeError`` in python2.x when a class returns a non-ascii binary ``__repr__`` in an assertion which also contains non-ascii text.



Improved Documentation
----------------------

- `3996 &lt;https://github.com/pytest-dev/pytest/issues/3996&gt;`_: New `Deprecations and Removals &lt;https://docs.pytest.org/en/latest/deprecations.html&gt;`_ page shows all currently
  deprecated features, the rationale to do so, and alternatives to update your code. It also list features removed
  from pytest in past major releases to help those with ancient pytest versions to upgrade.



Trivial/Internal Changes
------------------------

- `3955 &lt;https://github.com/pytest-dev/pytest/issues/3955&gt;`_: Improve pre-commit detection for changelog filenames


- `3975 &lt;https://github.com/pytest-dev/pytest/issues/3975&gt;`_: Remove legacy code around im_func as that was python2 only
   ```
   
  
  
   ### 3.8.0
   ```
   =========================

Deprecations and Removals
-------------------------

- `2452 &lt;https://github.com/pytest-dev/pytest/issues/2452&gt;`_: ``Config.warn`` and ``Node.warn`` have been
  deprecated, see `&lt;https://docs.pytest.org/en/latest/deprecations.htmlconfig-warn-and-node-warn&gt;`_ for rationale and
  examples.

- `3936 &lt;https://github.com/pytest-dev/pytest/issues/3936&gt;`_: ``pytest.mark.filterwarnings`` second parameter is no longer regex-escaped,
  making it possible to actually use regular expressions to check the warning message.

  **Note**: regex-escaping the match string was an implementation oversight that might break test suites which depend
  on the old behavior.



Features
--------

- `2452 &lt;https://github.com/pytest-dev/pytest/issues/2452&gt;`_: Internal pytest warnings are now issued using the standard ``warnings`` module, making it possible to use
  the standard warnings filters to manage those warnings. This introduces ``PytestWarning``,
  ``PytestDeprecationWarning`` and ``RemovedInPytest4Warning`` warning types as part of the public API.

  Consult `the documentation &lt;https://docs.pytest.org/en/latest/warnings.htmlinternal-pytest-warnings&gt;`_ for more info.


- `2908 &lt;https://github.com/pytest-dev/pytest/issues/2908&gt;`_: ``DeprecationWarning`` and ``PendingDeprecationWarning`` are now shown by default if no other warning filter is
  configured. This makes pytest more compliant with
  `PEP-0506 &lt;https://www.python.org/dev/peps/pep-0565/recommended-filter-settings-for-test-runners&gt;`_. See
  `the docs &lt;https://docs.pytest.org/en/latest/warnings.htmldeprecationwarning-and-pendingdeprecationwarning&gt;`_ for
  more info.


- `3251 &lt;https://github.com/pytest-dev/pytest/issues/3251&gt;`_: Warnings are now captured and displayed during test collection.


- `3784 &lt;https://github.com/pytest-dev/pytest/issues/3784&gt;`_: ``PYTEST_DISABLE_PLUGIN_AUTOLOAD`` environment variable disables plugin auto-loading when set.


- `3829 &lt;https://github.com/pytest-dev/pytest/issues/3829&gt;`_: Added the ``count`` option to ``console_output_style`` to enable displaying the progress as a count instead of a percentage.


- `3837 &lt;https://github.com/pytest-dev/pytest/issues/3837&gt;`_: Added support for &#39;xfailed&#39; and &#39;xpassed&#39; outcomes to the ``pytester.RunResult.assert_outcomes`` signature.



Bug Fixes
---------

- `3911 &lt;https://github.com/pytest-dev/pytest/issues/3911&gt;`_: Terminal writer now takes into account unicode character width when writing out progress.


- `3913 &lt;https://github.com/pytest-dev/pytest/issues/3913&gt;`_: Pytest now returns with correct exit code (EXIT_USAGEERROR, 4) when called with unknown arguments.


- `3918 &lt;https://github.com/pytest-dev/pytest/issues/3918&gt;`_: Improve performance of assertion rewriting.



Improved Documentation
----------------------

- `3566 &lt;https://github.com/pytest-dev/pytest/issues/3566&gt;`_: Added a blurb in usage.rst for the usage of -r flag which is used to show an extra test summary info.


- `3907 &lt;https://github.com/pytest-dev/pytest/issues/3907&gt;`_: Corrected type of the exceptions collection passed to ``xfail``: ``raises`` argument accepts a ``tuple`` instead of ``list``.



Trivial/Internal Changes
------------------------

- `3853 &lt;https://github.com/pytest-dev/pytest/issues/3853&gt;`_: Removed ``&quot;run all (no recorded failures)&quot;`` message printed with ``--failed-first`` and ``--last-failed`` when there are no failed tests.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pytest
  - Changelog: https://pyup.io/changelogs/pytest/
  - Homepage: https://docs.pytest.org/en/latest/
</details>





### Update [whitenoise](https://pypi.org/project/whitenoise) from **4.0** to **4.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 4.1
   ```
   ----

 * Silenced spurious warning about missing directories when in development (i.e
   &quot;autorefresh&quot;) mode.
 * Support supplying paths as `Pathlib
   &lt;https://docs.python.org/3.4/library/pathlib.html&gt;`_ instances, rather than
   just strings (thanks `browniebroke &lt;https://github.com/browniebroke&gt;`_).
 * Add a new :ref:`CompressedStaticFilesStorage &lt;compression-and-caching&gt;`
   backend to support applying compression without applying Django&#39;s hash-versioning
   process.
 * Documentation improvements.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/whitenoise
  - Changelog: https://pyup.io/changelogs/whitenoise/
  - Homepage: http://whitenoise.evans.io
</details>





### Update [black](https://pypi.org/project/black) from **18.6b4** to **18.9b0**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/black
  - Repo: https://github.com/ambv/black
</details>





### Update [sphinx_rtd_theme](https://pypi.org/project/sphinx_rtd_theme) from **0.4.1** to **0.4.2**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/sphinx-rtd-theme
  - Repo: https://github.com/rtfd/sphinx_rtd_theme/
</details>





### Update [Sphinx](https://pypi.org/project/Sphinx) from **1.7.8** to **1.8.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.8.1
   ```
   =====================================

Incompatible changes
--------------------

* LaTeX ``\pagestyle`` commands have been moved to the LaTeX template. No
  changes in PDF, except possibly if ``\sphinxtableofcontents``, which
  contained them, had been customized in :file:`conf.py`. (refs: 5455)

Bugs fixed
----------

* 5418: Incorrect default path for sphinx-build -d/doctrees files
* 5421: autodoc emits deprecation warning for :confval:`autodoc_default_flags`
* 5422: lambda object causes PicklingError on storing environment
* 5417: Sphinx fails to build with syntax error in Python 2.7.5
* 4911: add latexpdf to make.bat for non make-mode
* 5436: Autodoc does not work with enum subclasses with properties/methods
* 5437: autodoc: crashed on modules importing eggs
* 5433: latex: ImportError: cannot import name &#39;DEFAULT_SETTINGS&#39;
* 5431: autodoc: ``autofunction`` emits a warning for callable objects
* 5457: Fix TypeError in error message when override is prohibited
* 5453: PDF builds of &#39;howto&#39; documents have no page numbers
* 5463: mathbase: math_role and MathDirective was disappeared in 1.8.0
* 5454: latex: Index has disappeared from PDF for Japanese documents
* 5432: py domain: ``:type:`` field can&#39;t process ``:term:`` references
* 5426: py domain: TypeError has been raised for class attribute
   ```
   
  
  
   ### 1.8.0
   ```
   =====================================

Dependencies
------------
   ```
   
  
  
   ### 1.8.0b2
   ```
   * html: search box overrides to other elements if scrolled
* i18n: warnings for translation catalogs have wrong line numbers (refs: 5321)
* 5325: latex: cross references has been broken by multiply labeled objects
* C++, fixes for symbol addition and lookup. Lookup should no longer break
  in partial builds. See also 5337.
* 5348: download reference to remote file is not displayed
* 5282: html theme: ``pygments_style`` of theme was overrided by ``conf.py``
  by default
* 4379: toctree shows confusible warning when document is excluded
* 2401: autodoc: ``:members:`` causes ``:special-members:`` not to be shown
* autodoc: ImportError is replaced by AttributeError for deeper module
* 2720, 4034: Incorrect links with ``:download:``, duplicate names, and
  parallel builds
* 5290: autodoc: failed to analyze source code in egg package
* 5399: Sphinx crashes if unknown po file exists
   ```
   
  
  
   ### 1.8.0b1
   ```
   * 5083: Fix wrong make.bat option for internationalization.
* 5115: napoleon: add admonitions added by 4613 to the docs.
   ```
   
  
  
   ### 1.7.10
   ```
   ===============================

Dependencies
------------

Incompatible changes
--------------------

Deprecated
----------

Features added
--------------

Bugs fixed
----------

Testing
--------
   ```
   
  
  
   ### 1.7.9
   ```
   =====================================

Features added
--------------

* 5359: Make generated texinfo files reproducible by sorting the anchors

Bugs fixed
----------

* 5361: crashed on incremental build if document uses include directive
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/sphinx
  - Changelog: https://pyup.io/changelogs/sphinx/
  - Homepage: http://sphinx-doc.org/
</details>





### Update [pip](https://pypi.org/project/pip) from **18.0** to **18.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.1
   ```
   =================

Features
--------

- Allow PEP 508 URL requirements to be used as dependencies.

  As a security measure, pip will raise an exception when installing packages from
  PyPI if those packages depend on packages not also hosted on PyPI.
  In the future, PyPI will block uploading packages with such external URL dependencies directly. (`4187 &lt;https://github.com/pypa/pip/issues/4187&gt;`_)
- Upgrade pyparsing to 2.2.1. (`5013 &lt;https://github.com/pypa/pip/issues/5013&gt;`_)
- Allows dist options (--abi, --python-version, --platform, --implementation) when installing with --target (`5355 &lt;https://github.com/pypa/pip/issues/5355&gt;`_)
- Support passing ``svn+ssh`` URLs with a username to ``pip install -e``. (`5375 &lt;https://github.com/pypa/pip/issues/5375&gt;`_)
- pip now ensures that the RECORD file is sorted when installing from a wheel file. (`5525 &lt;https://github.com/pypa/pip/issues/5525&gt;`_)
- Add support for Python 3.7. (`5561 &lt;https://github.com/pypa/pip/issues/5561&gt;`_)
- Malformed configuration files now show helpful error messages, instead of tracebacks. (`5798 &lt;https://github.com/pypa/pip/issues/5798&gt;`_)

Bug Fixes
---------

- Checkout the correct branch when doing an editable Git install. (`2037 &lt;https://github.com/pypa/pip/issues/2037&gt;`_)
- Run self-version-check only on commands that may access the index, instead of
  trying on every run and failing to do so due to missing options. (`5433 &lt;https://github.com/pypa/pip/issues/5433&gt;`_)
- Allow a Git ref to be installed over an existing installation. (`5624 &lt;https://github.com/pypa/pip/issues/5624&gt;`_)
- Show a better error message when a configuration option has an invalid value. (`5644 &lt;https://github.com/pypa/pip/issues/5644&gt;`_)
- Always revalidate cached simple API pages instead of blindly caching them for up to 10
  minutes. (`5670 &lt;https://github.com/pypa/pip/issues/5670&gt;`_)
- Avoid caching self-version-check information when cache is disabled. (`5679 &lt;https://github.com/pypa/pip/issues/5679&gt;`_)
- Avoid traceback printing on autocomplete after flags in the CLI. (`5751 &lt;https://github.com/pypa/pip/issues/5751&gt;`_)
- Fix incorrect parsing of egg names if pip needs to guess the package name. (`5819 &lt;https://github.com/pypa/pip/issues/5819&gt;`_)

Vendored Libraries
------------------

- Upgrade certifi to 2018.8.24
- Upgrade packaging to 18.0
- Add pep517 version 0.2
- Upgrade pytoml to 0.1.19
- Upgrade pkg_resources to 40.4.3 (via setuptools)

Improved Documentation
----------------------

- Fix &quot;Requirements Files&quot; reference in User Guide (`user_guide_fix_requirements_file_ref &lt;https://github.com/pypa/pip/issues/user_guide_fix_requirements_file_ref&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pip
  - Changelog: https://pyup.io/changelogs/pip/
  - Homepage: https://pip.pypa.io/
</details>







Co-authored-by: pyup-bot <github-bot@pyup.io>
Co-authored-by: Mike Cooper <mythmon@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment