Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scheduled monthly dependency update for March #16

wants to merge 28 commits into from


None yet
2 participants
Copy link

commented Mar 1, 2018


Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

wheel 0.29.0 » 0.30.0 PyPI | Changelog | Repo
django-braces 1.11.0 » 1.12.0 PyPI | Changelog | Repo
django-crispy-forms 1.6.1 » 1.7.0 PyPI | Changelog | Repo
django-model-utils 3.0.0 » 3.1.1 PyPI | Changelog | Repo
django-atom 0.15.3 » 0.16.2 PyPI | Changelog | Repo
Pillow 4.2.1 » 5.0.0 PyPI | Changelog | Homepage
mysqlclient 1.3.11 » 1.3.12 PyPI | Changelog | Repo
pytz 2017.2 » 2018.3 PyPI | Homepage | Docs
django-redis 4.8.0 » 4.9.0 PyPI | Changelog | Repo
django-import-export 0.5.1 » 1.0.0 PyPI | Changelog | Repo
coverage 4.4.1 » 4.5.1 PyPI | Changelog | Repo
Sphinx 1.6.3 » 1.7.1 PyPI | Changelog | Homepage
django-extensions 1.9.0 » 2.0.0 PyPI | Changelog | Repo | Docs
Werkzeug 0.12.2 » 0.14.1 PyPI | Changelog | Homepage
factory-boy 2.9.2 » 2.10.0 PyPI | Changelog | Repo
django-debug-toolbar 1.8 » 1.9.1 PyPI | Changelog | Repo
ipdb 0.10.3 » 0.11 PyPI | Changelog | Repo
pytest-sugar 0.9.0 » 0.9.1 PyPI | Changelog | Homepage
django 1.10.7 » 1.10.8 PyPI | Changelog | Homepage
Collectfast 0.5.2 » 0.6.0 PyPI | Changelog | Repo
django-anymail 0.11.1 » 1.4 PyPI | Changelog | Repo
raven 6.1.0 » 6.6.0 PyPI | Changelog | Repo
flake8 3.4.1 » 3.5.0 PyPI | Changelog | Repo
django-test-plus 1.0.18 » 1.0.22 PyPI | Changelog | Repo


wheel 0.29.0 -> 0.30.0



  • Added py-limited-api {cp32|cp33|cp34|...} flag to produce cpNN.abi3.{arch}
    tags on CPython 3.
  • Documented the license_file metadata key
  • Improved Python, abi tagging for wheel convert. Thanks Ales Erjavec.
  • Fixed > being prepended to lines starting with "From" in the long description
  • Added support for specifying a build number (as per PEP 427).
    Thanks Ian Cordasco.
  • Made the order of files in generated ZIP files deterministic.
    Thanks Matthias Bach.
  • Made the order of requirements in metadata deterministic. Thanks Chris Lamb.
  • Fixed wheel install clobbering existing files
  • Improved the error message when trying to verify an unsigned wheel file
  • Removed support for Python 2.6, 3.2 and 3.3.

django-crispy-forms 1.6.1 -> 1.7.0


  • Fixes compatibility with Django 2.0
  • Various other fixes.

See 1.7 Milestone
for full issue list.

django-model-utils 3.0.0 -> 3.1.1


  • Update classifiers and README via GH-306, fixes GH-305


  • Support for Django 2.0 via GH-298, fixes GH-297
  • Remove old travis script via GH-300
  • Fix codecov and switch to py.test 301

django-atom 0.15.3 -> 0.16.2


  • Fix redirect_unauthenticated_users support in


  • Add
  • Add

Pillow 4.2.1 -> 5.0.0


  • Docs: Added docstrings from documentation 2914
  • Test: Switch from nose to pytest 2815
  • Rework Source directory layout, preventing accidental import of PIL. 2911
  • Dynamically link libraqm 2753

  • Removed scripts directory 2901

  • TIFF: Run all compressed tiffs through libtiff decoder 2899

  • GIF: Add disposal option when saving GIFs 2902
    [linnil1, wiredfool]

  • EPS: Allow for an empty line in EPS header data 2903
  • PNG: Add support for sRGB and cHRM chunks, permit sRGB when no iCCP chunk present 2898
  • Dependencies: Update Tk Tcl to 8.6.8 2905
  • Decompression bomb error now raised for images 2x larger than a decompression bomb warning 2583
  • Test: avoid random failure in test_effect_noise 2894
  • Increased epsilon for due to Arch update. 2896
  • Removed check parameter from _save in BmpImagePlugin, PngImagePlugin, ImImagePlugin, PalmImagePlugin, and PcxImagePlugin. 2873
  • Make PngImagePlugin.add_text() zip argument type bool 2890
  • Depends: Updated libwebp to 0.6.1 2880
  • Remove unnecessary bool() calls in Image.registered_extensions and skipKnownBadTests 2891
  • Fix count of BITSPERSAMPLE items in broken TIFF files 2883
  • Fillcolor parameter for Image.Transform 2852
  • Test: Display differences for test failures 2862
  • Added executable flag to file with shebang line 2884
  • Setup: Specify compatible Python versions for pip 2877
  • Dependencies: Updated libimagequant to 2.11.4 2878
  • Setup: Warn if trying to install for Py3.7 on Windows 2855
  • Doc: Fonts can be loaded from a file-like object, not just filename 2861
  • Add eog support for Ubuntu Image Viewer 2864
  • Test: Test on 3.7-dev on 2870
  • Dependencies: Update libtiff to 4.0.9 2871
  • Setup: Replace deprecated platform.dist with file existence check 2869
  • Build: Fix on Debian 2853
  • Docs: Correct error in ImageDraw documentation 2858
  • Test: Drop Ubuntu Precise, Fedora 24, Fedora 25, add Fedora 27, Centos 7, Amazon v2 CI Support 2854, 2843, 2895, 2897
  • Dependencies: Updated libimagequant to 2.11.3 2849
  • Test: Fix to use tempfile 2841
  • Replace PIL.OleFileIO deprecation warning with descriptive ImportError 2833
  • WebP: Add support for animated WebP files 2761
  • PDF: Set encoderinfo for images when saving multi-page PDF. Fixes 2804. 2805
  • Allow the olefile dependency to be optional 2789
  • GIF: Permit LZW code lengths up to 12 bits in GIF decode 2813
  • Fix unterminiated string and unchecked exception in _font_text_asBytes. 2825
  • PPM: Use fixed list of whitespace, rather relying on locale, fixes 272. 2831
  • Added support for generators when using append_images 2829, 2835
  • Doc: Correct PixelAccess.rst 2824
  • Depends: Update raqm to 0.3.0 2822
  • Docs: Link to maintained version of aggdraw 2809
  • Include license file in the generated wheel packages 2801
  • Depends: Update openjpeg to 2.3.0 2791
  • Add option to Makefile to build and install with C coverage 2781
  • Add context manager support to ImageFile.Parser and PngImagePlugin.ChunkStream 2793
  • ImageDraw.textsize: fix zero length error 2788
    [wiredfool, hugovk]


  • Fix warning on pointer cast in isblock 2775, 2778
  • Doc: Added macOS High Sierra tested Pillow version 2777
  • Use correct Windows handle type on 64 bit in imagingcms 2774
  • 64 Bit Windows fix for block storage 2773
  • Fix "expression result unused" warning 2764
  • Add 16bit Read/Write and RLE read support to SgiImageFile 2769
    [jbltx, wiredfool]
  • Block & array hybrid storage 2738
  • Common seek frame position check 1849
  • Doc: Add note about aspect ratio to Image thumbnail script 2281
  • Fix ValueError: invalid version number '1.0.0rc1' in scipy release candidate 2771
  • Unfreeze requirements.txt 2766
  • Test: ResourceWarning tests 2756
  • Use n_frames to determine is_animated if possible 2315
  • Doc: Corrected parameters in documentation 2768
  • Avoid unnecessary Image operations 1891
  • Added register_extensions method 1860
  • Fix TIFF support for I;16S, I;16BS, and I;32BS rawmodes 2748
  • Fixed doc syntax in ImageDraw 2752
  • Fixed support for building on Windows/msys2. Added Appveyor CI coverage for python3 on msys2 2476
  • Fix ValueError in Exif/Tiff IFD 2719
  • Use pathlib2 for Path objects on Python < 3.4 2291
  • Export only required properties in unsafe_ptrs 2740
  • Alpha composite fixes 2709
  • Faster Transpose operations, added 'Transverse' option 2730
  • Deprecate ImageOps undocumented functions gaussian_blur, gblur, unsharp_mask, usm and box_blur in favor of ImageFilter implementations 2735
  • Dependencies: Updated freetype to 2.8.1 2741
  • Bug: Player skipped first image 2742
  • Faster filter operations for Kernel, Gaussian, and Unsharp Mask filters 2679
  • EPS: Add showpage to force rendering of some EPS images 2636
  • DOC: Fix type of palette parameter in Image.quantize. 2703
  • DOC: Fix Ico docs to match code 2712
  • Added file pointer save to SpiderImagePlugin 2647
  • Add targa version 2 footer 2713
  • Removed redundant lines 2714
  • Travis CI: Use default pypy/pypy3 2721
  • Fix for SystemError when rendering an empty string, added in 4.2.0 2706
  • Fix for memory leaks in font handling added in 4.2.0 2634
  • Tests: cleanup, more tests. Fixed WMF save handler 2689
  • Removed debugging interface for Image.core.grabclipboard 2708
  • Doc syntax fix 2710
  • Faster packing and unpacking for RGB, LA, and related storage modes 2693
  • Use RGBX rawmode for RGB JPEG images where possible 1989
  • Remove palettes from non-palette modes in _new 2702
  • Delete transparency info when convert'ing RGB/L to RGBA 2633
  • Code tweaks to ease type annotations 2687
  • Fixed incorrect use of 's' to byteslike object 2691
  • Fix JPEG subsampling labels for subsampling=2 2698
  • Region of interest (box) for resampling 2254
  • Basic support for Termux (android) in 2684
  • Bug: Fix Image.fromarray for numpy.bool type. 2683
  • CI: Add Fedora 24 and 26 to Docker tests
  • JPEG: Fix ZeroDivisionError when EXIF contains invalid DPI (0/0). 2667
  • Depends: Updated openjpeg to 2.2.0 2669
  • Depends: Updated Tk Tcl to 8.6.7 2668
  • Depends: Updated libimagequant to 2.10.2 2660
  • Test: Added test for ImImagePlugin tell() 2675
  • Test: Additional tests for SGIImagePlugin 2659
  • New Image.getchannel method 2661
  • Remove unused im.copy2 and core.copy methods 2657
  • Fast Image.merge() 2677
  • Fast Image.split() 2676
  • Fast image allocation 2655
  • Storage cleanup 2654
  • FLI: Use frame count from FLI header 2674
  • Test: Test animated FLI file 2650
  • Bug: Fixed uninitialized memory in bc5 decoding 2648
  • Moved SgiImagePlugin save error to before the start of write operations 2646
  • Move so isn't installed globally 2645
  • Bug: Fix unexpected keyword argument 'align' 2641
  • Add newlines to error message for clarity 2640
  • Docs: Updated redirected URL 2637
  • Bug: Fix JPEG DPI when EXIF is invalid 2632
  • Bug: Fix for font getsize on empty string 2624
  • Docs: Improved ImageDraw documentation 2626
  • Docs: Corrected alpha_composite args documentation 2627
  • Docs: added the description of the filename attribute to images.rst 2621
  • Dependencies: Updated libimagequant to 2.10.1 2616
  • PDF: Renamed parameter to not shadow built-in dict 2612

mysqlclient 1.3.11 -> 1.3.12



Fix tuple argument again (201)

InterfaceError is raised when Connection.query() is called for closed connection (202)


django-redis 4.8.0 -> 4.9.0


Date: 2018-03-01

  • Add testing and support for Django 2.0. No actual code changes were required.
  • Escape KEY_PREFIX and VERSION when used in glob expressions.
  • Improve handling timeouts less than 1ms.
  • Remove fakeredis support.
  • Add datetime, date, time, and timedelta serialization support to the JSON
  • The deprecated feature of passing True as a timeout value is no longer
  • Fix add() with a negative timeout to not store key (it is immediately
  • Remove support for Django < 1.11.
  • Add support for atomic incr if key is not set.

django-import-export 0.5.1 -> 1.0.0


  • Switch to semver versioning (687)
  • Require Django>=1.8 (685)
  • upgrade tox configuration (737)


  • skip_row override example (702)
  • Testing against Django 2.0 should not fail (709)
  • Refactor transaction handling (690)
  • Resolves 703 fields shadowed (703)
  • discourage installation as a zipped egg (548)
  • Fixed middleware settings in test app for Django 2.x (696)


  • Refactors and optimizations (686, 632, 684, 636, 631, 629, 635, 683)
  • Travis tests for Django 2.0.x (691)


  • Refactor import_row call by using keyword arguments (585)
  • Added {{ block.super }} call in block bodyclass in admin/base_site.html (582)
  • Add support for the Django DurationField with DurationWidget (575)
  • GitHub bmihelac -> django-import-export Account Update (574)
  • Add intersphinx links to documentation (572)
  • Add Resource.get_import_fields() (569)
  • Fixed readme mistake (568)
  • Bugfix/fix m2m widget clean (515)
  • Allow injection of context data for template rendered by import_action() and export_action() (544)
  • Bugfix/fix exception in generate_log_entries() (543)
  • Process import dataset and result in separate methods (542)
  • Bugfix/fix error in converting exceptions to strings (526)
  • Fix admin integration tests for the new "Import finished..." message, update Czech translations to 100% coverage. (596)
  • Make import form type easier to override (604)
  • Add saves_null_values attribute to Field to control whether null values are saved on the object (611)
  • Add Bulgarian translations (656)
  • Add django 1.11 to TravisCI (621)
  • Make Signals code example format correctly in documentation (553)
  • Add Django as requirement to (634)
  • Update import of reverse for django 2.x (620)
  • Add Django-version classifiers to’s CLASSIFIERS (616)
  • Some fixes for Django 2.0 (672)
  • Strip whitespace when looking up ManyToMany fields (668)
  • Fix all ResourceWarnings during tests in Python 3.x (637)
  • Remove downloads count badge from README since no longer supports it for PyPi (677)
  • Add coveralls support and README badge (678)

coverage 4.4.1 -> 4.5.1


  • Now that 4.5 properly separated the [run] omit and [report] omit
    settings, an old bug has become apparent. If you specified a package name
    for [run] source, then omit patterns weren't matched inside that package.
    This bug (issue 638_) is now fixed.
  • On Python 3.7, reporting about a decorated function with no body other than a
    docstring would crash with an IndexError (issue 640_). This is
    now fixed.
  • Configurer plugins are now reported in the output of --debug=sys.

.. _issue 638:
.. _issue 640:

.. _changes_45:


  • A new kind of plugin is supported: configurators are invoked at start-up to
    allow more complex configuration than the .coveragerc file can easily do.
    See :ref:api_plugin for details. This solves the complex configuration
    problem described in issue 563_.
  • The fail_under option can now be a float. Note that you must specify the
    [report] precision configuration option for the fractional part to be
    used. Thanks to Lars Hupfeldt Nielsen for help with the implementation.
    Fixes issue 631_.
  • The include and omit options can be specified for both the [run]
    and [report] phases of execution. 4.4.2 introduced some incorrect
    interactions between those phases, where the options for one were confused
    for the other. This is now corrected, fixing issue 621_ and issue 622_.
    Thanks to Daniel Hahler for seeing more clearly than I could.
  • The coverage combine command used to always overwrite the data file, even
    when no data had been read from apparently combinable files. Now, an error
    is raised if we thought there were files to combine, but in fact none of them
    could be used. Fixes issue 629_.
  • The coverage combine command could get confused about path separators
    when combining data collected on Windows with data collected on Linux, as
    described in issue 618_. This is now fixed: the result path always uses
    the path separator specified in the [paths] result.
  • On Windows, the HTML report could fail when source trees are deeply nested,
    due to attempting to create HTML filenames longer than the 250-character
    maximum. Now filenames will never get much larger than 200 characters,
    fixing issue 627_. Thanks to Alex Sandro for helping with the fix.

.. _issue 563:
.. _issue 618:
.. _issue 621:
.. _issue 622:
.. _issue 627:
.. _issue 629:
.. _issue 631:

.. _changes_442:


  • Support for Python 3.7. In some cases, class and module docstrings are no
    longer counted in statement totals, which could slightly change your total
  • Specifying both --source and --include no longer silently ignores the
    include setting, instead it displays a warning. Thanks, Loïc Dachary. Closes
    issue 265_ and issue 101_.
  • Fixed a race condition when saving data and multiple threads are tracing
    (issue 581_). It could produce a "dictionary changed size during iteration"
    RuntimeError. I believe this mostly but not entirely fixes the race
    condition. A true fix would likely be too expensive. Thanks, Peter Baughman
    for the debugging, and Olivier Grisel for the fix with tests.
  • Configuration values which are file paths will now apply tilde-expansion,
    closing issue 589_.
  • Now secondary config files like tox.ini and setup.cfg can be specified
    explicitly, and prefixed sections like [coverage:run] will be read. Fixes
    issue 588_.
  • Be more flexible about the command name displayed by help, fixing
    issue 600_. Thanks, Ben Finney.

.. _issue 101:
.. _issue 581:
.. _issue 588:
.. _issue 589:
.. _issue 600:

.. _changes_441:

Sphinx 1.6.3 -> 1.7.1




  • 4623: sphinx.build_main() is deprecated. Use instead.
  • autosummary: The interface of sphinx.ext.autosummary.get_documenter() has
    been changed (Since 1.7.0)
  • 4664: sphinx.ext.intersphinx.debug() is deprecated. Use
    sphinx.ext.intersphinx.inspect_main() instead.

Bugs fixed

  • 4608: epub: Invalid meta tag is generated
  • 4260: autodoc: keyword only argument separator is not disappeared if it is
    appeared at top of the argument list
  • 4622: epub: :confval:epub_scheme does not effect to content.opf
  • 4627: graphviz: Fit graphviz images to page
  • 4617: quickstart: PROJECT_DIR argument is required
  • 4623: sphinx.build_main no longer exists in 1.7.0
  • 4615: The argument of has been changed in 1.7.0
  • autosummary: The interface of sphinx.ext.autosummary.get_documenter() has
    been changed
  • 4630: Have order on msgids in sphinx.pot deterministic
  • 4563: autosummary: Incorrect end of line punctuation detection
  • 4577: Enumerated sublists with explicit start with wrong number
  • 4641: A external link in TOC cannot contain "?" with :glob: option
  • C++, add missing parsing of explicit casts and typeid in expression parsing.
  • C++, add missing parsing of this in expression parsing.
  • 4655: Fix incomplete localization strings in Polish
  • 4653: Fix error reporting for parameterless ImportErrors
  • 4664: Reading objects.inv fails again
  • 4662: any refs with term targets crash when an ambiguity is





  • 4019: inheritance_diagram AttributeError stoping make process
  • 4531: autosummary: methods are not treated as attributes
  • 4538: autodoc: sphinx.ext.autodoc.Options has been moved
  • 4539: autodoc emits warnings for partialmethods
  • 4223: doctest: failing tests reported in wrong file, at wrong line
  • i18n: message catalogs are not compiled if specific filenames are given for
    sphinx-build as arguments (refs: 4560)
  • 4027: sphinx.ext.autosectionlabel now expects labels to be the same as they
    are in the raw source; no smart quotes, nothig fancy.
  • 4581: apidoc: Excluded modules still included



  • 4415: autodoc classifies inherited classmethods as regular methods
  • 4415: autodoc classifies inherited staticmethods as regular methods
  • 4472: DOCUMENTATION_OPTIONS is not defined
  • 4491: autodoc: prefer _MockImporter over other importers in sys.meta_path
  • 4490: autodoc: type annotation is broken with python 3.7.0a4+
  • utils package is no longer installed
  • 3952: apidoc: module header is too escaped
  • 4275: Formats accepted by sphinx.util.i18n.format_date are limited
  • 4493: recommonmark raises AttributeError if AutoStructify enabled
  • 4209: intersphinx: In link title, "v" should be optional if target has no
  • 4230: slowdown in writing pages with sphinx 1.6
  • 4522: epub: document is not rebuilt even if config changed


  • Add support for docutils 0.14
  • Add tests for the sphinx.ext.inheritance_diagram extension.



Bugs fixed

  • 1922: html search: Upper characters problem in French
  • 4412: Updated jQuery version from 3.1.0 to 3.2.1
  • 4438: math: math with labels with whitespace cause html error
  • 2437: make full reference for classes, aliased with "alias of"
  • 4434: pure numbers as link targets produce warning
  • 4477: Build fails after building specific files
  • 4449: apidoc: include "empty" packages that contain modules
  • 3917: citation labels are tranformed to ellipsis
  • 4501: graphviz: epub3 validation error caused if graph is not clickable
  • 4514: graphviz: workaround for wrong map ID which graphviz generates
  • 4525: autosectionlabel does not support parallel build
  • 3953: Do not raise warning when there is a working intersphinx inventory
  • 4487: math: ValueError is raised on parallel build. Thanks to jschueller.
  • 2372: autosummary: invalid signatures are shown for type annotated functions
  • 3942: html: table is not aligned to center even if :align: center



Features added

  • 4181: autodoc: Sort dictionary keys when possible
  • VerbatimHighlightColor is a new
    :ref:LaTeX &#39;sphinxsetup&#39; &lt;latexsphinxsetup&gt; key (refs: 4285)
  • Easier customizability of LaTeX macros involved in rendering of code-blocks
  • Show traceback if raises an exception (refs: 4369)
  • Add :confval:smartquotes to disable smart quotes through
    (refs: 3967)
  • Add :confval:smartquotes_action and :confval:smartquotes_excludes
    (refs: 4142, 4357)

Bugs fixed

  • 4334: sphinx-apidoc: Don't generate references to non-existing files in TOC
  • 4206: latex: reST label between paragraphs loses paragraph break
  • 4231: html: Apply fixFirefoxAnchorBug only under Firefox
  • 4221: napoleon depends on autodoc, but users need to load it manually
  • 2298: automodule fails to document a class attribute
  • 4099: C++: properly link class reference to class from inside constructor
  • 4267: PDF build broken by Unicode U+2116 NUMERO SIGN character
  • 4249: PDF output: Pygments error highlighting increases line spacing in
    code blocks
  • 1238: Support :emphasize-lines: in PDF output
  • 4279: Sphinx crashes with pickling error when run with multiple processes and
    remote image
  • 1421: Respect the quiet flag in sphinx-quickstart
  • 4281: Race conditions when creating output directory
  • 4315: For PDF 'howto' documents, latex_toplevel_sectioning=&#39;part&#39; generates
    \chapter commands
  • 4214: Two todolist directives break sphinx-1.6.5
  • Fix links to external option docs with intersphinx (refs: 3769)
  • 4091: Private members not documented without :undoc-members:



Features added

  • 4107: Make searchtools.js compatible with pre-Sphinx1.5 templates
  • 4112: Don't override the smart_quotes setting if it was already set
  • 4125: Display reference texts of original and translated passages on
    i18n warning message
  • 4147: Include the exception when logging PO/MO file read/write

Bugs fixed

  • 4085: Failed PDF build from image in parsed-literal using :align: option
  • 4100: Remove debug print from autodoc extension
  • 3987: Changing theme from alabaster causes HTML build to fail
  • 4096: C++, don't crash when using the wrong role type. Thanks to mitya57.
  • 4070, 4111: crashes when the warning message contains format strings (again)
  • 4108: Search word highlighting breaks SVG images
  • 3692: Unable to build HTML if writing .buildinfo failed
  • 4152: HTML writer crashes if a field list is placed on top of the document
  • 4063: Sphinx crashes when labeling directive .. todolist::
  • 4134: [doc] :file:docutils.conf is not documented explicitly
  • 4169: Chinese language doesn't trigger Chinese search automatically
  • 1020: ext.todo todolist not linking to the page in pdflatex
  • 3965: New quickstart generates wrong SPHINXBUILD in Makefile
  • 3739: :module: option is ignored at content of pyobjects
  • 4149: Documentation: Help choosing :confval:latex_engine
  • 4090: [doc] :confval:latex_additional_files with extra LaTeX macros should
    not use .tex extension
  • Failed to convert reST parser error to warning (refs: 4132)



Features added

  • 3926: Add autodoc_warningiserror to suppress the behavior of -W
    option during importing target modules on autodoc

Bugs fixed

  • 3924: docname lost after dynamically parsing RST in extension
  • 3946: Typo in sphinx.sty (this was a bug with no effect in default context)
  • :pep: and :rfc: does not supports default-role directive (refs: 3960)
  • 3960: default_role = 'guilabel' not functioning
  • Missing texinputs_win/Makefile to be used in latexpdf builder on windows.
  • 4026: nature: Fix macOS Safari scrollbar color
  • 3877: Fix for C++ multiline signatures.
  • 4006: Fix crash on parallel build
  • 3969: private instance attributes causes AttributeError
  • 4041: C++, remove extra name linking in function pointers.
  • 4038: C, add missing documentation of member role.
  • 4044: An empty multicolumn cell causes extra row height in PDF output
  • 4049: Fix typo in output of sphinx-build -h
  • 4062: hashlib.sha1() must take bytes, not unicode on Python 3
  • Avoid indent after index entries in latex (refs: 4066)
  • 4070: crashes when the warning message contains format strings
  • 4067: Return non-zero exit status when make subprocess fails
  • 4055: graphviz: the :align: option does not work for SVG output
  • 4055: graphviz: the :align: center option does not work for latex output
  • 4051: warn() function for HTML theme outputs 'None' string

django-extensions 1.9.0 -> 2.0.0



  • Fix: runserver_plus, for 1.11 still using MIDDLEWARE_CLASSES
  • Fix: show_urls, Fix display in Django 2.0
  • Fix: validate_templates, remove realpath in validate_templates
  • Fix: sqldiff, bug with including proxy models in sqldiff output
  • Improvement: shell_plus, allow configurating of sqlparse formatting and pygments formatting
  • Improvement: shell_plus, add collision resolvers based on app label
  • Improvement: shell_plus, automatic importing of subclasses defined in SHELL_PLUS_SUBCLASSES_IMPORT
  • New: reset_schema, simple command to recreate public schema in PostgreSQL
  • Docs: fix links to Werkzeug documentation



  • Fix: runserver_plus, fix for Django 2.0 middleware handling
  • Fix: shell_plus, fixed app_name resolving
  • Fix: AutoSlugfield, deconstruct did not match construction values
  • Fix: runjob, not compatible with apps that use AppConfig in INSTALLED_APPS
  • Improvement: runserver_plus, added configuring paths to certificates
  • Improvement: template, add newline to avoid linter warnings
  • Improvement: jobs, add integration tests for runjob and runjobs management commands
  • New: merge_model_instances, new management command for de-duplicating model instances



  • Fix: show_urls, fix for Django 2.0 (Locale URL Resolvers are still broken)
  • Fix: runserver_plus, fix rendering of ipv6 link
  • Improvement: validate_templates, allow relative paths
  • Improvement: validate_templates, automatically include app templates
  • Improvement: pip_checker, could not find some packages
  • Docs: shell_plus, --print-sql usage clearification


This release add checking types with MyPy to the test suite. At this point
only a few lines of code are explicitly typed.


  • Improvement: shell_plus, Collision resolver implemented.
  • Improvement: shell_plus, Skipping all models importing feature added.
  • Improvement: runscript, Script execution directory policy feature added.
  • django-extensions now requires the typing package.


Fix boo-boo with release version in django_extensions/



  • Fix missing test case



  • Tests: shell_plus, simple test for get_imported_objects



  • Fix: mail_debug, regression in mail_debug for older Pythons
  • Fix: shell_plus, SyntaxError on exec(), python compatibility
  • Fix: ForeignKeyAutocompleteAdminMixin, use text/plain



  • Fix: graph_models, fix json option
  • Fix: runserver_plus, avoid duplicate messages logged to console
  • Fix: mail_debug, python3 fix
  • Improvement: sqldiff, basic support for array types in postgresql
  • Improvement: runscript, handle import errors better
  • Docs: updated documentation for model extensions

Werkzeug 0.12.2 -> 0.14.1


Released on December 31st 2017

  • Resolved a regression with status code handling in the integrated
    development server.


Released on December 31st 2017

  • HTTP exceptions are now automatically caught by
  • Added support for edge as browser.
  • Added support for platforms that lack SpooledTemporaryFile.
  • Add support for etag handling through if-match
  • Added support for the SameSite cookie attribute.
  • Added werkzeug.wsgi.ProxyMiddleware
  • Implemented has for NullCache
  • get_multi on cache clients now returns lists all the time.
  • Improved the watchdog observer shutdown for the reloader to not crash
    on exit on older Python versions.
  • Added support for filename* filename attributes according to
    RFC 2231
  • Resolved an issue where machine ID for the reloader PIN was not
    read accurately on windows.
  • Added a workaround for syntax errors in init files in the reloader.
  • Added support for using the reloader with console scripts on windows.
  • The built-in HTTP server will no longer close a connection in cases
    where no HTTP body is expected (204, 204, HEAD requests etc.)
  • The EnvironHeaders object now skips over empty content type and
    lengths if they are set to falsy values.
  • Werkzeug will no longer send the content-length header on 1xx or
    204/304 responses.
  • Cookie values are now also permitted to include slashes and equal
    signs without quoting.
  • Relaxed the regex for the routing converter arguments.
  • If cookies are sent without values they are now assumed to have an
    empty value and the parser accepts this. Previously this could have
    corrupted cookies that followed the value.
  • The test Client and EnvironBuilder now support mimetypes like
    the request object does.
  • Added support for static weights in URL rules.
  • Better handle some more complex reloader scenarios where sys.path
    contained non directory paths.
  • EnvironHeaders no longer raises weird errors if non string keys
    are passed to it.


Released on December 7th 2017

  • Deprecate support for Python 2.6 and 3.3. CI tests will not run
    for these versions, and support will be dropped completely in the next
    version. (pallets/meta24_)
  • Raise TypeError when port is not an integer. (1088_)
  • Fully deprecate werkzeug.script. Use Click_ instead. (1090_)
  • response.age is parsed as a timedelta. Previously, it was
    incorrectly treated as a datetime. The header value is an integer
    number of seconds, not a date string. (414_)
  • Fix a bug in TypeConversionDict where errors are not propagated
    when using the converter. (1102_)
  • Authorization.qop is a string instead of a set, to comply with
    RFC 2617. (984_)
  • An exception is raised when an encoded cookie is larger than, by
    default, 4093 bytes. Browsers may silently ignore cookies larger than
    this. BaseResponse has a new attribute max_cookie_size and
    dump_cookie has a new argument max_size to configure this.
    (780, 1109)
  • Fix a TypeError in werkzeug.contrib.lint.GuardedIterator.close.
  • BaseResponse.calculate_content_length now correctly works for
    Unicode responses on Python 3. It first encodes using
    iter_encoded. (705_)
  • Secure cookie contrib works with string secret key on Python 3.
  • Shared data middleware accepts a list instead of a dict of static
    locations to preserve lookup order. (1197_)
  • HTTP header values without encoding can contain single quotes.
  • The built-in dev server supports receiving requests with chunked
    transfer encoding. (1198_)

.. _Click:
.. _pallets/meta24: pallets/meta#24
.. _414: pallets/werkzeug#414
.. _705: pallets/werkzeug#705
.. _780: pallets/werkzeug#780
.. _984: pallets/werkzeug#984
.. _1088: pallets/werkzeug#1088
.. _1090: pallets/werkzeug#1090
.. _1102: pallets/werkzeug#1102
.. _1109: pallets/werkzeug#1109
.. _1116: pallets/werkzeug#1116
.. _1197: pallets/werkzeug#1197
.. _1198: pallets/werkzeug#1198
.. _1205: pallets/werkzeug#1205
.. _1208: pallets/werkzeug#1208

factory-boy 2.9.2 -> 2.10.0



  • :issue:443: Don't crash when calling :meth:factory.Iterator.reset() on a brand new iterator.


  • :issue:397: Allow a :class:factory.Maybe to contain a :class:~factory.PostGenerationDeclaration.
    This also applies to :class:factory.Trait, since they use a :class:factory.Maybe declaration internally.

django-debug-toolbar 1.8 -> 1.9.1


This version is compatible with Django 2.0 and requires Django 1.8 or


  • The profiling panel now escapes reported data resulting in valid HTML.
  • Many minor cleanups and bugfixes.

ipdb 0.10.3 -> 0.11


  • Simplify loading IPython and getting information from it.
    Drop support for python 2.6
    Drop support for IPython < 5.0.0

pytest-sugar 0.9.0 -> 0.9.1



  • Fix incompatibility with pytest 3.4 (thanks nicoddemus)

django 1.10.7 -> 1.10.8



September 5, 2017

Django 1.10.8 fixes a security issue in 1.10.7.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed
a cross-site scripting attack. This vulnerability shouldn't affect most
production sites since you shouldn't run with DEBUG = True (which makes
this page accessible) in your production settings.


Collectfast 0.5.2 -> 0.6.0


  • support for AWS_IS_GZIPPED
  • use of public API on storage
  • support for django 1.11 and 2.0

django-anymail 0.11.1 -> 1.4


Security fix

This fixes a low severity security issue affecting Anymail v0.2–v1.3.

Django error reporting includes the value of your Anymail WEBHOOK_AUTHORIZATION setting. In a properly-configured deployment, this should not be cause for concern. But if you have somehow exposed your Django error reports (e.g., by mis-deploying with DEBUG=True or by sending error reports through insecure channels), anyone who gains access to those reports could discover your webhook shared secret. An attacker could use this to post fabricated or malicious Anymail tracking/inbound events to your app, if you are using those Anymail features.

The fix renames Anymail's webhook shared secret setting so that Django's error reporting mechanism will sanitize it.

If you are using Anymail's event tracking and/or inbound webhooks, you should upgrade to this release and change "WEBHOOK_AUTHORIZATION" to "WEBHOOK_SECRET" in the ANYMAIL section of your You may also want to rotate the shared secret value, particularly if you have ever exposed your Django error reports to untrusted individuals.

If you are only using Anymail's EmailBackends for sending email and have not set up Anymail's webhooks, this issue does not affect you.

The old WEBHOOK_AUTHORIZATION setting is still allowed in this release, but will issue a system-check warning when running most Django management commands. It will be removed completely in a near-future release, as a breaking change.

Thanks to Charlie DeTar (yourcelf) for responsibly reporting this security issue through private channels.


Security fix

v1.3 includes the v1.2.1 security fix released at the same time. Please review the v1.2.1 release notes, below, if you are using Anymail's tracking webhooks.

New features

  • Inbound handling: Add normalized inbound message event, signal, and webhooks for all supported ESPs. (See new Receiving mail docs.) This hasn't been through much real-world testing yet; bug reports and feedback are very welcome.
  • API network timeouts: For Requests-based backends (all but SparkPost), use a default timeout of 30 seconds for all ESP API calls, to avoid stalling forever on a bad connection. Add a REQUESTS_TIMEOUT Anymail setting to override. (See 80.)
  • Test backend improvements: Generate unique tracking message_id when using the test backend; add console backend for use in development. (See 85.)


Security fix

This release fixes a moderate severity security issue affecting Anymail v0.2–v1.2:
Prevent timing attack on WEBHOOK_AUTHORIZATION secret (CVE-2018-6596)

If you are using Anymail's tracking webhooks, you should upgrade to this release, and you may want to rotate to a new WEBHOOK_AUTHORIZATION shared secret (see docs). You should definitely change your webhook auth if your logs indicate attempted exploit.

(If you are only sending email using an Anymail EmailBackend, and have not set up Anymail's event tracking webhooks, this issue does not affect you.)

More information

Anymail's webhook validation was vulnerable to a timing attack. A remote attacker could use this to obtain your WEBHOOK_AUTHORIZATION shared secret, potentially allowing them to post fabricated or malicious email tracking events to your app.

There have not been any reports of attempted exploit. (The vulnerability was discovered through code review.) Attempts would be visible in HTTP logs as a very large number of 400 responses on Anymail's webhook urls (by default "/anymail/esp_name/tracking/"), and in Python error monitoring as a very large number of AnymailWebhookValidationFailure exceptions.


New features

  • Postmark: Support new click webhook in normalized tracking events


Bug fixes

  • Mailgun: Support metadata in opened/clicked/unsubscribed tracking webhooks, and fix potential problems if metadata keys collided with Mailgun event parameter names. (See 76, 77)

Other changes

  • Internal: Rework Anymail's ParsedEmail class and rename to EmailAddress to align it with similar functionality in the Python 3.6 email package, in preparation for future inbound support. ParsedEmail was not documented for use outside Anymail's internals (so this change does not bump the semver major version), but if you were using it in an undocumented way you will need to update your code.


It's official: Anymail is no longer "pre-1.0." The API has been stable for many months, and there's no reason not to use Anymail in production.

Breaking changes

  • There are no new breaking changes in the 1.0 release, but a breaking change introduced several months ago in v0.8 is now strictly enforced. If you still have an EMAIL_BACKEND setting that looks like "anymail.backends.espname.EspNameBackend", you'll need to change it to just "anymail.backends.espname.EmailBackend". (Earlier versions had issued a DeprecationWarning. See the v0.8 release notes.)

New features and other changes


Breaking changes

  • All backends: The old EspNameBackend names that were deprecated in v0.8 have been removed. Attempting to use the old names will now fail, rather than issue a DeprecationWarning. See the v0.8 release notes.

New features

  • Anymail's Test EmailBackend is now documented (and cleaned up)

raven 6.1.0 -> 6.6.0


  • [Core] Add trimming to breadcrumbs.
  • [Core] Improve host message at startup.
  • [Core] Update pytest to work on other environments


  • [Core] Fixed missing deprecation on processors.SanitizePasswordsProcessor
  • [Core] Improve exception handling in Serializer.transform
  • [Core] Fixed celery.register_logger_signal ignoring subclasses
  • [Core] Fixed sanitizer skipping byte instances
  • [Lambda] Fixed AttributeError when requestContext not present


  • [Core] Support for defining sanitized_keys on the client (pr/990)
  • [Django] Support for Django 2.0 Urlresolver
  • [Docs] Several fixes and improvements


  • [Core] Changed default timeout on http calls to 5 seconds
  • [Core] Fixed relative paths for traces generated on Windows
  • [Django] Fixed import issues for Django projects < 1.7
  • [Django] Fixed django management command data option
  • [Django/DRF] Added application/octet-stream to non-cacheable types in middleware
  • [Django] Added parsing X-Forwarded-For for user.ip_address
  • [Flask] Added request.remote_addr as fallback for ip addresses
  • [Lambda] Added initial AWS Lambda support with contrib.awslambda.LambdaClient


  • [Core] Fixed requirements in


  • [Core] get_frame_locals properly using max_var_size
  • [Core] Fixed raven initialization when logging._srcfile is None
  • [Core] Fixed import locking to avoid recursion
  • [Django] Fixed several issues for Django 1.11 and Django 2.0
  • [Django/DRF] Fixed issue with unavailable request data
  • [Flask] Added app.logger instrumentation
  • [Flask] Added signal on setup_logging
  • [ZConfig] Added standalone ZConfig support
  • [Celery] Fixed several issues related to Celery

flake8 3.4.1 -> 3.5.0


You can view the 3.5.0 milestone_ on GitLab for more details.

New Dependency Information

  • Allow for PyFlakes 1.6.0 (See also GitLab359_)
  • Start using new PyCodestyle checks for bare excepts and ambiguous identifier
    (See also GitLab361_)


  • Print out information about configuring VCS hooks (See also GitLab335_)
  • Allow users to develop plugins "local" to a repository without using
    setuptools. See our documentation on local plugins for more information.
    (See also GitLab357_)

Bugs Fixed

  • Catch and helpfully report UnicodeDecodeError\ s when parsing
    configuration files. (See also GitLab358_)

.. all links
.. _3.5.0 milestone:

.. issue links
.. _GitLab335:
.. _GitLab357:
.. _GitLab358:
.. _GitLab359:
.. _GitLab361:

.. merge request links

django-test-plus 1.0.18 -> 1.0.22


  • Fix bug where we did not pass data dictionary to RequestFactory.get() properly


  • Add response_204 method


  • The Halloween Release!
  • Fixes to CI to ensure we really test Django 2.0


  • Django 2.0 support
  • Dropped support for Python 3.3
  • Dropped support for Django < 1.8
  • Added APITestCase for better DRF testing

That's it for now!

Happy merging! 🤖

pyup-bot added some commits Mar 1, 2018


This comment has been minimized.

Copy link

commented Mar 1, 2018

Coverage Status

Coverage remained the same at 57.961% when pulling 02ac2b6 on pyup-scheduled-update-2018-03-01 into fefbabf on master.


This comment has been minimized.

Copy link
Contributor Author

commented Apr 1, 2018

Closing this in favor of #17

@pyup-bot pyup-bot closed this Apr 1, 2018

@mik-laj mik-laj deleted the pyup-scheduled-update-2018-03-01 branch Apr 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.