Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pyup: Scheduled weekly dependency update for week 28 #7287

merged 38 commits into from Jul 22, 2020


Copy link

@pyup-bot pyup-bot commented Jul 13, 2020

Update pip from 20.1 to 20.1.1.




Deprecations and Removals

- Revert building of local directories in place, restoring the pre-20.1
behaviour of copying to a temporary directory. (`7555 <>`_)
- Drop parallelization from ``pip list --outdated``. (`8167 <>`_)

Bug Fixes

- Fix metadata permission issues when umask has the executable bit set. (`8164 <>`_)
- Avoid unnecessary message about the wheel package not being installed
when a wheel would not have been built. Additionally, clarify the message. (`8178 <>`_)

Update virtualenv from 20.0.20 to 20.0.26.



- Fix that when the ``app-data`` seeders image creation fails the exception is silently ignored. Avoid two virtual environment creations to step on each others toes by using a lock while creating the base images. By :user:`gaborbernat`. (`1869 <>`_)


- How seeding mechanisms discover (and automatically keep it up to date) wheels at :ref:`wheels` - by :user:`gaborbernat`. (`1821 <>`_)
- How distributions should handle shipping their own embedded wheels at  :ref:`distribution_wheels` - by :user:`gaborbernat`. (`1840 <>`_)


- Fix typo in ``setup.cfg`` - by :user:`RowdyHowell`. (`1857 <>`_)


- Relax ``importlib.resources`` requirement to also allow version 2 - by :user:`asottile`. (`1846 <>`_)
- Upgrade embedded setuptools to ``44.1.1`` for python 2 and ``47.1.1`` for python3.5+ - by :user:`gaborbernat`. (`1855 <>`_)


- Fix virtualenv fails sometimes when run concurrently, ``--clear-app-data`` conflicts with :option:`clear` flag when
abbreviation is turned on. To bypass this while allowing abbreviated flags on the command line we had to move it to
:option:`reset-app-data` - by :user:`gaborbernat`. (`1824 <>`_)
- Upgrade embedded ``setuptools`` to ``46.4.0`` from ``46.1.3`` on Python ``3.5+``, and ``pip`` from ``20.1`` to ``20.1.1`` - by :user:`gaborbernat`. (`1827 <>`_)
- Seeder pip now correctly handles ``--extra-search-dir`` - by :user:`frenzymadness`. (`1834 <>`_)

Update django from 2.2.12 to 2.2.14.




*July 1, 2020*

Django 2.2.14 fixes a bug in 2.2.13.


* Fixed messages of ``InvalidCacheKey`` exceptions and ``CacheKeyWarning``
warnings raised by cache key validation (:ticket:`31654`).




*June 3, 2020*

Django 2.2.13 fixes two security issues and a regression in 2.2.12.

CVE-2020-13254: Potential data leakage via malformed memcached keys

In cases where a memcached backend does not perform key validation, passing
malformed cache keys could result in a key collision, and potential data
leakage. In order to avoid this vulnerability, key validation is added to the
memcached cache backends.

CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``

Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL
encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now
ensures query parameters are correctly URL encoded.


* Fixed a regression in Django 2.2.12 that affected translation loading for
apps providing translations for territorial language variants as well as a
generic language, where the project has different plural equations for the
language (:ticket:`31570`).

* Tracking a jQuery security release, upgraded the version of jQuery used by
the admin from 3.3.1 to 3.5.1.


Update django-extensions from 2.2.9 to 3.0.2.




- Fix: shell_plus, fix honouring SHELL_PLUS in



- Fix:, add python_requires and remove legacy trove classifiers



This is the first Django Extensions release which only targets Django 2.2 and above.
It drops official support for Python 2.7.

- Removal of Python 2 support
- Removal of deprecated keyczar encrypted fields EncryptedTextField and EncryptedCharField
- Removal of deprecated passwd command
- Removal of truncate_letters filter
- Change: TimeStampedModel; Removed default ordering on abstract model
- New: DjangoExtensionsConfig AppConfig
- New: shell_plus, JupyterLab support
- New: list_signals, List all signals by model and signal type
- Improvement: shell_plus, use -- to directly pass additional arguments to Jupyter
- Improvement: shell_plus, improvements to MySQL support
- Improvement: jobs, use logging to record errors
- Improvement: syncdata, added --remove-before flag
- Improvement: graph_models, add field and model to template context
- Fix: syncdata, fix non existent field in fixture data
- Fix: pipchecker, compatibility with pip 20.1

Update django-autoslug from 1.9.6 to 1.9.7.




Fix assertion error on empty slug

Update django-filter from 2.2.0 to 2.3.0.




* Fixed import of FieldDoesNotExist. (1127)
* Added testing against Django 3.0. (1125)
* Declared support for, and added testing against, Python 3.8. (1138)
* Fix filterset multiple inheritance bug (1131)
* Allowed customising default lookup expression. (1129)
* Drop Django 2.1 and below (1180)
* Fixed IsoDateTimeRangeFieldTests for Django 3.1
* Require tests to pass against Django `master`.

Update drf-flex-fields from 0.8.0 to 0.8.5.



* Adds options to customize parameter names and wildcard values. Closes 10.


* Fixes 44, related to the experimental filter backend. Thanks jsatt!

Update django-vanilla-views from 1.0.6 to 1.1.0.

The bot wasn't able to find a changelog for this release. Got an idea?


Update requests from 2.23.0 to 2.24.0.





- pyOpenSSL TLS implementation is now only used if Python
either doesn't have an `ssl` module or doesn't support
SNI. Previously pyOpenSSL was unconditionally used if available.
This applies even if pyOpenSSL is installed via the
`requests[security]` extra (5443)

- Redirect resolution should now only occur when
`allow_redirects` is True. (5492)

- No longer perform unnecessary Content-Length calculation for
requests that won't use it. (5496)

Update django-allauth from 0.41.0 to 0.42.0.




Note worthy changes

- New providers: EDX, Yandex, Mixer.

- Fixed Twitch ``get_avatar_url()`` method to use the profile picture retrieved
by new user details endpoint introduced in version 0.40.0.

- The Facebook API version now defaults to v7.0.

Update GitPython from 3.1.1 to 3.1.7.




* Fix tutorial examples, which disappeared in 3.1.6 due to a missed path change.



* Greatly reduced package size, see



* rollback: package size was reduced significantly not placing tests into the package anymore.



* all exceptions now keep track of their cause
* package size was reduced significantly not placing tests into the package anymore.

See the following for details:*



See the following for details:*



* Re-release of 3.1.1, with known signature

See the following for details:

Update stripe from 2.47.0 to 2.48.0.



* [655]( Add support for the `LineItem` resource and APIs

Update regex from 2020.4.4 to 2020.6.8.

The bot wasn't able to find a changelog for this release. Got an idea?


Update django-crispy-forms from 1.9.0 to 1.9.2.



* Fixed FileField UI bug

See the [1.9.2 Milestone]( for the full change list.


* Added Bootstrap 4 styling for clearable file widget.
* Fixed FileField UI bug.
* Project now uses GitHub actions for testing.

See the [1.9.1 Milestone]( for the full change list.

Update docker from 4.2.0 to 4.2.2.




[List of PRs / issues for this release](


- Add option on when to use `tls` on Context constructor
- Make context orchestrator field optional

Update django-taggit from 1.2.0 to 1.3.0.




* Model and field ``verbose_name`` and ``verbose_name_plural`` attributes are
now lowercase. This simplifies using the name in the middle of a sentence.
When used as a header, title, or at the beginning of a sentence, a text
transformed can be used to adjust the case.
* Fix prefetch_related when using UUIDTaggedItem.
* Allow for passing in extra constructor parameters when using
``TaggableManager.add``. This is especially useful when using custom
tag models.

Update dj-pagination from 2.4.0 to 2.5.0.

The bot wasn't able to find a changelog for this release. Got an idea?


Update packaging from 20.3 to 20.4.




* Canonicalize version before comparing specifiers. (:issue:`282`)
* Change type hint for ``canonicalize_name`` to return
This enables the use of static typing tools (like mypy) to detect mixing of
normalized and un-normalized names.

Update pillow from 7.1.2 to 7.2.0.




- Do not convert I;16 images when showing PNGs 4744

- Fixed ICNS file pointer saving 4741

- Fixed loading non-RGBA mode APNGs with dispose background 4742

- Deprecated _showxv 4714

- Deprecate"...") 4646
[nulano, hugovk, radarhere]

- Updated JPEG magic number 4707
[Cykooz, radarhere]

- Change STRIPBYTECOUNTS to LONG if necessary when saving 4626
[radarhere, hugovk]

- Write JFIF header when saving JPEG 4639

- Replaced tiff_jpeg with jpeg compression when saving TIFF images 4627

- Writing TIFF tags: improved BYTE, added UNDEFINED 4605

- Consider transparency when pasting text on an RGBA image 4566

- Added method argument to single frame WebP saving 4547

- Use ImageFileDirectory_v2 in Image.Exif 4637

- Corrected reading EXIF metadata without prefix 4677

- Fixed drawing a jointed line with a sequence of numeric values 4580

- Added support for 1-D NumPy arrays 4608

- Parse orientation from XMP tags 4560

- Speed up text layout by not rendering glyphs 4652

- Fixed ZeroDivisionError in Image.thumbnail 4625

- Replaced TiffImagePlugin DEBUG with logging 4550

- Fix repeatedly loading .gbr 4620
[ElinksFr, radarhere]

- JPEG: Truncate icclist instead of setting to None 4613

- Fixes default offset for Exif 4594
[rodrigob, radarhere]

- Fixed bug when unpickling TIFF images 4565

- Fix pickling WebP 4561
[hugovk, radarhere]

- Replace IOError and WindowsError aliases with OSError 4536
[hugovk, radarhere]

Update watchdog from 0.10.2 to 0.10.3.




2020-06-25 • `full history <>`__

- Ensure ``ObservedWatch.path`` is a string (`651 <>`_)
- [inotify] Allow to monitor single file (`655 <>`__)
- [inotify] Prevent raising an exception when a file in a monitored folder has no permissions (`669 <>`__, `670 <>`__)
- Thanks to our beloved contributors: brant-ruan, rec, andfoy, BoboTiG

Update ipdb from 0.13.2 to 0.13.3.




- Allow runcall, runeval to also use set context value

- Add condition argument to set_trace

Update tox from 3.15.0 to 3.16.1.

The bot wasn't able to find a changelog for this release. Got an idea?


Update Sphinx from 3.0.4 to 3.1.2.




Incompatible changes

* 7650: autodoc: the signature of base function will be shown for decorated
functions, not a signature of decorator

Bugs fixed

* 7844: autodoc: Failed to detect module when relative module name given
* 7856: autodoc: AttributeError is raised when non-class object is given to
the autoclass directive
* 7850: autodoc: KeyError is raised for invalid mark up when autodoc_typehints
is 'description'
* 7812: autodoc: crashed if the target name matches to both an attribute and
module that are same name
* 7650: autodoc: function signature becomes ``(*args, **kwargs)`` if the
function is decorated by generic decorator
* 7812: autosummary: generates broken stub files if the target code contains
an attribute and module that are same name
* 7806: viewcode: Failed to resolve viewcode references on 3rd party builders
* 7838: html theme: List items have extra vertical space
* 7878: html theme: Undesired interaction between "overflow" and "float"



Incompatible changes

* 7808: napoleon: a type for attribute are represented as typed field

Features added

* 7807: autodoc: Show detailed warning when type_comment is mismatched with its

Bugs fixed

* 7808: autodoc: Warnings raised on variable and attribute type annotations
* 7802: autodoc: EOFError is raised on parallel build
* 7821: autodoc: TypeError is raised for overloaded C-ext function
* 7805: autodoc: an object which descriptors returns is unexpectedly documented
* 7807: autodoc: wrong signature is shown for the function using contextmanager
* 7812: autosummary: generates broken stub files if the target code contains
an attribute and module that are same name
* 7808: napoleon: Warnings raised on variable and attribute type annotations
* 7811: sphinx.util.inspect causes circular import problem




* 7746: mathjax: Update to 2.7.5

Incompatible changes

* 7477: imgconverter: Invoke "magick convert" command by default on Windows


* The first argument for sphinx.ext.autosummary.generate.AutosummaryRenderer has
been changed to Sphinx object
* ``sphinx.ext.autosummary.generate.AutosummaryRenderer`` takes an object type
as an argument
* The ``ignore`` argument of ``sphinx.ext.autodoc.Documenter.get_doc()``
* The ``template_dir`` argument of ``sphinx.ext.autosummary.generate.
* The ``module`` argument of ``sphinx.ext.autosummary.generate.
* The ``builder`` argument of ``sphinx.ext.autosummary.generate.
* The ``template_dir`` argument of ``sphinx.ext.autosummary.generate.
* The ``ignore`` argument of ``sphinx.util.docstring.prepare_docstring()``
* ``sphinx.ext.autosummary.generate.AutosummaryRenderer.exists()``
* ``sphinx.util.rpartition()``

Features added

* LaTeX: Make the ``toplevel_sectioning`` setting optional in LaTeX theme
* LaTeX: Allow to override papersize and pointsize from LaTeX themes
* LaTeX: Add :confval:`latex_theme_options` to override theme options
* 7410: Allow to suppress "circular toctree references detected" warnings using
* C, added scope control directives, :rst:dir:`c:namespace`,
:rst:dir:`c:namespace-push`, and :rst:dir:`c:namespace-pop`.
* 2044: autodoc: Suppress default value for instance attributes
* 7473: autodoc: consider a member public if docstring contains
``:meta public:`` in info-field-list
* 7487: autodoc: Allow to generate docs for singledispatch functions by
* 7143: autodoc: Support final classes and methods
* 7384: autodoc: Support signatures defined by ``__new__()``, metaclasses and
builtin base classes
* 2106: autodoc: Support multiple signatures on docstring
* 4422: autodoc: Support GenericAlias in Python 3.7 or above
* 3610: autodoc: Support overloaded functions
* 7722: autodoc: Support TypeVar
* 7466: autosummary: headings in generated documents are not translated
* 7490: autosummary: Add ``:caption:`` option to autosummary directive to set a
caption to the toctree
* 7469: autosummary: Support module attributes
* 248, 6040: autosummary: Add ``:recursive:`` option to autosummary directive
to generate stub files recursively
* 4030: autosummary: Add :confval:`autosummary_context` to add template
variables for custom templates
* 7530: html: Support nested <kbd> elements
* 7481: html theme: Add right margin to footnote/citation labels
* 7482, 7717: html theme: CSS spacing for code blocks with captions and line
* 7443: html theme: Add new options :confval:`globaltoc_collapse` and
:confval:`globaltoc_includehidden` to control the behavior of globaltoc in
* 7484: html theme: Avoid clashes between sidebar and other blocks
* 7476: html theme: Relbar breadcrumb should contain current page
* 7506: html theme: A canonical URL is not escaped
* 7533: html theme: Avoid whitespace at the beginning of genindex.html
* 7541: html theme: Add a "clearer" at the end of the "body"
* 7542: html theme: Make admonition/topic/sidebar scrollable
* 7543: html theme: Add top and bottom margins to tables
* 7695: html theme: Add viewport meta tag for basic theme
* 7721: html theme: classic: default codetextcolor/codebgcolor doesn't override
* C and C++: allow semicolon in the end of declarations.
* C++, parse parameterized noexcept specifiers.
* 7294: C++, parse expressions with user-defined literals.
* C++, parse trailing return types.
* 7143: py domain: Add ``:final:`` option to :rst:dir:`py:class:`,
:rst:dir:`py:exception:` and :rst:dir:`py:method:` directives
* 7596: py domain: Change a type annotation for variables to a hyperlink
* 7770: std domain: :rst:dir:`option` directive support arguments in the form
of ``foo[=bar]``
* 7582: napoleon: a type for attribute are represented like type annotation
* 7734: napoleon: overescaped trailing underscore on attribute
* 7247: linkcheck: Add :confval:`linkcheck_request_headers` to send custom HTTP
headers for specific host
* 7792: setuptools: Support ``--verbosity`` option
* 7683: Add ``allowed_exceptions`` parameter to ``Sphinx.emit()`` to allow
handlers to raise specified exceptions
* 7295: C++, parse (trailing) requires clauses.

Bugs fixed

* 6703: autodoc: incremental build does not work for imported objects
* 7564: autodoc: annotations not to be shown for descriptors
* 6588: autodoc: Decorated inherited method has no documentation
* 7469: autodoc: The change of autodoc-process-docstring for variables is
cached unexpectedly
* 7559: autodoc: misdetects a sync function is async
* 6857: autodoc: failed to detect a classmethod on Enum class
* 7562: autodoc: a typehint contains spaces is wrongly rendered under
autodoc_typehints='description' mode
* 7551: autodoc: failed to import nested class
* 7362: autodoc: does not render correct signatures for built-in functions
* 7654: autodoc: ``Optional[Union[foo, bar]]`` is presented as
``Union[foo, bar, None]``
* 7629: autodoc: autofunction emits an unfriendly warning if an invalid object
* 7650: autodoc: undecorated signature is shown for decorated functions
* 7676: autodoc: typo in the default value of autodoc_member_order
* 7676: autodoc: wrong value for :member-order: option is ignored silently
* 7676: autodoc: member-order="bysource" does not work for C module
* 3673: autodoc: member-order="bysource" does not work for a module having
* 7668: autodoc: wrong retann value is passed to a handler of
* 7711: autodoc: fails with ValueError when processing numpy objects
* 7791: autodoc: TypeError is raised on documenting singledispatch function
* 7551: autosummary: a nested class is indexed as non-nested class
* 7661: autosummary: autosummary directive emits warnings twices if failed to
import the target module
* 7685: autosummary: The template variable "members" contains imported members
even if :confval:`autossummary_imported_members` is False
* 7671: autosummary: The location of import failure warning is missing
* 7535: sphinx-autogen: crashes when custom template uses inheritance
* 7536: sphinx-autogen: crashes when template uses i18n feature
* 7781: sphinx-build: Wrong error message when outdir is not directory
* 7653: sphinx-quickstart: Fix multiple directory creation for nested relpath
* 2785: html: Bad alignment of equation links
* 7718: html theme: some themes does not respect background color of Pygments
style (agogo, haiku, nature, pyramid, scrolls, sphinxdoc and traditional)
* 7544: html theme: inconsistent padding in admonitions
* 7581: napoleon: bad parsing of inline code in attribute docstrings
* 7628: imgconverter: runs imagemagick once unnecessary for builders not
supporting images
* 7610: incorrectly renders consecutive backslashes for docutils-0.16
* 7646: handle errors on event handlers
* 4187: LaTeX: EN DASH disappears from PDF bookmarks in Japanese documents
* 7701: LaTeX: Anonymous indirect hyperlink target causes duplicated labels
* 7723: LaTeX: pdflatex crashed when URL contains a single quote
* 7756: py domain: The default value for positional only argument is not shown
* 7760: coverage: Add :confval:`coverage_show_missing_items` to show coverage
result to console
* C++, fix rendering and xrefs in nested names explicitly starting
in global scope, e.g., ``::A::B``.
* C, fix rendering and xrefs in nested names explicitly starting
in global scope, e.g., ``.A.B``.
* 7763: C and C++, don't crash during display stringification of unary
expressions and fold expressions.

Update sphinx_rtd_theme from 0.5.0rc2 to 0.5.0.

The bot wasn't able to find a changelog for this release. Got an idea?


Update mkdocs from 1.1 to 1.1.2.

The bot wasn't able to find a changelog for this release. Got an idea?


Update Markdown from 3.2.1 to 3.2.2.

The bot wasn't able to find a changelog for this release. Got an idea?


Update sphinxemoji from 0.1.5 to 0.1.6.

The bot wasn't able to find a changelog for this release. Got an idea?


Update pytest from 5.4.2 to 5.4.3.

The bot wasn't able to find a changelog for this release. Got an idea?


Update pytest-xdist from 1.32.0 to 1.33.0.





- `554 <>`_: Fix warnings support for upcoming pytest 6.0.

Trivial Changes

- `548 <>`_: SCM and CI files are no longer included in the source distribution.

Update pytest-cov from 2.8.1 to 2.10.0.




* Improved the ``--no-cov`` warning. Now it's only shown if ``--no-cov`` is present before ``--cov``.
* Removed legacy pytest support. Changed ```` so that ``pytest>=4.6`` is required.



* Fixed ``RemovedInPytest4Warning`` when using Pytest 3.10.
Contributed by Michael Manganiello in `354 <>`_.
* Made pytest startup faster when plugin not active by lazy-importing.
Contributed by Anders Hovmöller in `339 <>`_.
* Various CI improvements.
Contributed by Daniel Hahler in `363 <>`_ and
`364 <>`_.
* Various Python support updates (drop EOL 3.4, test against 3.8 final).
Contributed by Hugo van Kemenade in
`336 <>`_ and
`367 <>`_.
* Changed ``--cov-append`` to always enable ``data_suffix`` (a coverage setting).
Contributed by Harm Geerts in
`387 <>`_.
* Changed ``--cov-append`` to handle loading previous data better
(fixes various path aliasing issues).
* Various other testing improvements, github issue templates, example updates.
* Fixed internal failures that are caused by tests that change the current working directory by
ensuring a consistent working directory when coverage is called.
See `306 <>`_ and
`coveragepy881 <>`_

Update yamale from 2.0.1 to 3.0.0.



We're doing a major version jump to include the following changes:
* Remove Python 2.x support
* Make the default validation "strict". The `--strict` command line is now replaced with `--no-strict` for those that want the old behavior. See the README for more details.


Ability to specify schema and data without a filename 104


Removed the printing of stacktraces to the command line (83)
Add support for a "key" constraint to the "map" validator (95)
Make any() accept anything (93)
Empty data file should fail if schema requires something (81)
Add a check for an empty schema file (70)

Update pytest-mock from 3.1.0 to 3.2.0.




* `AsyncMock <>`__ is now exposed in ``mocker`` and supports provides assertion introspection similar to ``Mock`` objects.

Added by `tirkarthi`_ in `197`_.

.. _tirkarthi:
.. _197:



* Fixed performance regression caused by the ``ValueError`` raised
when ``mocker`` is used as context manager (`191`_).

.. _191:

stsewd approved these changes Jul 13, 2020
Copy link

@stsewd stsewd left a comment

Most packages are dropping support for old versions of python/django, and some bug fixes. Seems safe to merge after tomorrow's deploy.

@stsewd stsewd requested a review from a team Jul 13, 2020
Copy link

humitos commented Jul 14, 2020

I'd say to merge after today's deploy, so we test them locally for some days before deploying. Just in case.

@humitos humitos merged commit da2850f into master Jul 22, 2020
2 checks passed
@humitos humitos deleted the pyup/scheduled-update-2020-07-13 branch Jul 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

3 participants