Update flask-wtf to 0.14 #111

pyup-bot · 2017-01-06T00:37:09Z

There's a new version of Flask-WTF available.
You are currently using 0.13.1. I have updated it to 0.14

These links might come in handy: PyPI | Changelog | Repo | Docs

Changelog

0.14

Released 2017-01-06

Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
ourselves. (264_)

All tokens are URL safe, removing the url_safe parameter from
generate_csrf. (206_)

All tokens store a timestamp, which is checked in validate_csrf. The
time_limit parameter of generate_csrf is removed.

Remove the app attribute from CsrfProtect, use current_app.
(264_)

CsrfProtect protects the DELETE method by default. (264_)

The same CSRF token is generated for the lifetime of a request. It is exposed
as request.csrf_token for use during testing. (227, 264)

CsrfProtect.error_handler is deprecated. (264_)

Handlers that return a response work in addition to those that raise an
error. The behavior was not clear in previous docs.

(200, 209, 243, 252)

Use Form.Meta instead of deprecated SecureForm for CSRF (and
everything else). (216, 271)

csrf_enabled parameter is still recognized but deprecated. All other
attributes and methods from SecureForm are removed. (271_)

Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
(271_)

validate_csrf raises wtforms.ValidationError with specific messages
instead of returning True or False. This breaks anything that was
calling the method directly. (239, 271)

CSRF errors are logged as well as raised. (239_)

CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
when using the old name. CsrfError is renamed to CSRFError without
deprecation. (271_)

FileField is deprecated because it no longer provides functionality over
the provided validators. Use wtforms.FileField directly. (272_)

.. _200: wtforms/flask-wtf#200
.. _209: wtforms/flask-wtf#209
.. _216: wtforms/flask-wtf#216
.. _227: wtforms/flask-wtf#227
.. _239: wtforms/flask-wtf#239
.. _243: wtforms/flask-wtf#243
.. _252: wtforms/flask-wtf#252
.. _264: wtforms/flask-wtf#264
.. _271: wtforms/flask-wtf#271
.. _272: wtforms/flask-wtf#272

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖

) Bumps [pep8-naming](https://github.com/PyCQA/pep8-naming) from 0.8.0 to 0.8.2. <details> <summary>Changelog</summary> *Sourced from [pep8-naming's changelog](https://github.com/PyCQA/pep8-naming/blob/master/CHANGELOG.rst).* > 0.8.2 - 2019-02-04 > ------------------ > > * Fix a problem with ``ignore-names`` option initialization. > > 0.8.1 - 2019-02-04 > ------------------ > > * ``ignore-names`` now also applies to the N806, N815, and N816 checks. > > * ``failureException``, ``longMessage``, and ``maxDiff`` have been added to > the default ``ignore-names`` list. > > * Allow lowercase names to be imported as just ``_``. > > * Allow function arguments to be named just ``_``. > > * Support Python 2's tuple syntax in ``except`` clauses. </details> <details> <summary>Commits</summary> - [`7654783`](PyCQA/pep8-naming@7654783) Merge pull request [#111](https://github-redirect.dependabot.com/PyCQA/pep8-naming/issues/111) from jparise/ignore-names-default - [`3401bd1`](PyCQA/pep8-naming@3401bd1) Test --ignore-names for relevant error codes - [`743b26c`](PyCQA/pep8-naming@743b26c) Fix ignore-names option initialization - [`2d0e538`](PyCQA/pep8-naming@2d0e538) Merge pull request [#108](https://github-redirect.dependabot.com/PyCQA/pep8-naming/issues/108) from jparise/setup-check-rest - [`dadf0af`](PyCQA/pep8-naming@dadf0af) Merge pull request [#107](https://github-redirect.dependabot.com/PyCQA/pep8-naming/issues/107) from jparise/0.8.1-changelog - [`a71425b`](PyCQA/pep8-naming@a71425b) Check reStructuredText syntax along with flake8 - [`a7c1539`](PyCQA/pep8-naming@a7c1539) Prepare the changelog for the 0.8.1 release - [`3b10510`](PyCQA/pep8-naming@3b10510) Merge pull request [#105](https://github-redirect.dependabot.com/PyCQA/pep8-naming/issues/105) from jparise/function-type - [`67294f0`](PyCQA/pep8-naming@67294f0) Consistently use the _FunctionType constants - [`9596c43`](PyCQA/pep8-naming@9596c43) Merge pull request [#100](https://github-redirect.dependabot.com/PyCQA/pep8-naming/issues/100) from jparise/excepthandler-tuple - Additional commits viewable in [compare view](PyCQA/pep8-naming@0.8.0...0.8.2) </details> <br /> [![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=pep8-naming&package-manager=pip&previous-version=0.8.0&new-version=0.8.2)](https://dependabot.com/compatibility-score.html?dependency-name=pep8-naming&package-manager=pip&previous-version=0.8.0&new-version=0.8.2) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will **not** automatically merge this PR because this dependency is pre-1.0.0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details>

…sk-wtf-0.13.1-to-0.14 Update flask-wtf to 0.14

Update flask-wtf from 0.13.1 to 0.14

91b15da

sloria merged commit 8ac6f6f into master Jan 8, 2017

sloria deleted the pyup-update-flask-wtf-0.13.1-to-0.14 branch January 8, 2017 04:25

curest0x1021 added a commit to curest0x1021/cookiecutter-flask that referenced this pull request May 17, 2019

Merge pull request cookiecutter-flask#111 from sloria/pyup-update-fla…

c62d8d4

…sk-wtf-0.13.1-to-0.14 Update flask-wtf to 0.14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update flask-wtf to 0.14 #111

Update flask-wtf to 0.14 #111

pyup-bot commented Jan 6, 2017

Update flask-wtf to 0.14 #111

Update flask-wtf to 0.14 #111

Conversation

pyup-bot commented Jan 6, 2017

Changelog

0.14