Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Werkzeug for openSUSE:Factory
checked in at 2023-06-22 23:24:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Werkzeug (Old)
and /work/SRC/openSUSE:Factory/.python-Werkzeug.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Werkzeug"
Thu Jun 22 23:24:46 2023 rev:42 rq:1093788 version:2.3.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-Werkzeug/python-Werkzeug.changes
2023-04-22 22:03:16.250224590 +0200
+++
/work/SRC/openSUSE:Factory/.python-Werkzeug.new.15902/python-Werkzeug.changes
2023-06-22 23:24:50.461682999 +0200
@@ -1,0 +2,151 @@
+Mon Jun 19 06:24:50 UTC 2023 - Antonio Larrosa <[email protected]>
+
+- Update to 2.3.6:
+ * FileStorage.content_length does not fail if the form data did not provide
+ a value.
+- Update to 2.3.5:
+ * Python 3.12 compatibility.
+ * Fix handling of invalid base64 values in Authorization.from_header.
+ * The debugger escapes the exception message in the page title.
+ * When binding routing.Map, a long IDNA server_name with a port does not
+ fail encoding.
+ * iri_to_uri shows a deprecation warning instead of an error when passing
+ bytes.
+ * When parsing numbers in HTTP request headers such as Content-Length, only
+ ASCII digits are accepted rather than any format that Pythonâs int and
+ float accept.
+- Update to 2.3.4:
+ * Authorization.from_header and WWWAuthenticate.from_header detects tokens
+ that end with base64 padding (=).
+ * Remove usage of warnings.catch_warnings.
+ * Remove max_form_parts restriction from standard form data parsing and only
+ use if for multipart content.
+ * Response will avoid converting the Location header in some cases to
+ preserve invalid URL schemes like itms-services.
+- Update to 2.3.3:
+ * Fix parsing of large multipart bodies. Remove invalid leading newline, and
+ restore parsing speed.
+ * The cookie Path attribute is set to / by default again, to prevent clients
+ from falling back to RFC 6265âs default-path behavior.
+- Update to 2.3.2:
+ * Parse the cookie Expires attribute correctly in the test client.
+ * max_content_length can only be enforced on streaming requests if the
+ server sets wsgi.input_terminated.
+- Update to 2.3.1:
+ * Percent-encode plus (+) when building URLs and in test requests.
+ * Cookie values donât quote characters defined in RFC 6265.
+ * Include pyi files for datastructures type annotations.
+ * Authorization and WWWAuthenticate objects can be compared for equality.
+- Update to 2.3.0:
+ * Drop support for Python 3.7.
+ * Remove previously deprecated code.
+ * Passing bytes where strings are expected is deprecated, as well as the
+ charset and errors parameters in many places. Anywhere that was annotated,
+ documented, or tested to accept bytes shows a warning. Removing this
+ artifact of the transition from Python 2 to 3 removes a significant amount
+ of overhead in instance checks and encoding cycles. In general, always
+ work with UTF-8, the modern HTML, URL, and HTTP standards all strongly
+ recommend this.
+ * Deprecate the werkzeug.urls module, except for the uri_to_iri and
+ iri_to_uri functions. Use the urllib.parse library instead.
+ * Update which characters are considered safe when using percent encoding
+ in URLs, based on the WhatWG URL Standard.
+ * Update which characters are considered safe when using percent encoding
+ for Unicode filenames in downloads.
+ * Deprecate the safe_conversion parameter of iri_to_uri. The Location header
+ is converted to IRI using the same process as everywhere else.
+ * Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter.
+ * Use modern packaging metadata with pyproject.toml instead of setup.cfg.
+ * Request.get_json() will raise a 415 Unsupported Media Type error if the
+ Content-Type header is not application/json, instead of a generic 400.
+ * A URL converterâs part_isolating defaults to False if its regex contains
+ a /.
+ * A custom converterâs regex can have capturing groups without breaking
+ the router.
+ * The reloader can pick up arguments to python like -X dev, and does not
+ require heuristics to determine how to reload the command. Only available
+ on Python >= 3.10.
+ * The Watchdog reloader ignores file opened events. Bump the minimum version
+ of Watchdog to 2.3.0.
+ * When using a Unix socket for the development server, the path can start
+ with a dot.
+ * Increase default work factor for PBKDF2 to 600,000 iterations.
+ * parse_options_header is 2-3 times faster. It conforms to RFC 9110, some
+ invalid parts that were previously accepted are now ignored.
+ * The is_filename parameter to unquote_header_value is deprecated.
+ * Deprecate the extra_chars parameter and passing bytes to
+ quote_header_value, the allow_token parameter to dump_header, and the cls
+ parameter and passing bytes to parse_dict_header.
+ * Improve parse_accept_header implementation. Parse according to RFC 9110.
+ Discard items with invalid q values.
+ * quote_header_value quotes the empty string.
+ * dump_options_header skips None values rather than using a bare key.
+ * dump_header and dump_options_header will not quote a value if the key ends
+ with an asterisk *.
+ * parse_dict_header will decode values with charsets.
+ * Refactor the Authorization and WWWAuthenticate header data structures.
+ + Both classes have type, parameters, and token attributes. The token
+ attribute supports auth schemes that use a single opaque token rather
+ than key=value parameters, such as Bearer.
+ + Neither class is a dict anymore, although they still implement getting,
+ setting, and deleting auth[key] and auth.key syntax, as well as
+ auth.get(key) and key in auth.
+ + Both classes have a from_header class method. parse_authorization_header
+ and parse_www_authenticate_header are deprecated.
+ + The methods WWWAuthenticate.set_basic and set_digest are deprecated.
+ Instead, an instance should be created and assigned to
+ response.www_authenticate.
+ + A list of instances can be assigned to response.www_authenticate to set
+ multiple header values. However, accessing the property only returns the
+ first instance.
+ * Refactor parse_cookie and dump_cookie.
+ + parse_cookie is up to 40% faster, dump_cookie is up to 60% faster.
+ + Passing bytes to parse_cookie and dump_cookie is deprecated. The
+ dump_cookie charset parameter is deprecated.
+ + dump_cookie allows domain values that do not include a dot ., and strips
+ off a leading dot.
+ + dump_cookie does not set path="/" unnecessarily by default.
+ * Refactor the test client cookie implementation.
+ + The cookie_jar attribute is deprecated. http.cookiejar is no longer used
+ for storage.
+ + Domain and path matching is used when sending cookies in requests. The
+ domain and path parameters default to localhost and /.
+ + Added a get_cookie method to inspect cookies.
+ + Cookies have decoded_key and decoded_value attributes to match what the
+ app sees rather than the encoded values a client would see.
+ + The first positional server_name parameter to set_cookie and
+ delete_cookie is deprecated. Use the domain parameter instead.
+ + Other parameters to delete_cookie besides domain, path, and value are
+ deprecated.
+ * If request.max_content_length is set, it is checked immediately when
+ accessing the stream, and while reading from the stream in general, rather
+ than only during form parsing.
+ * The development server, which must not be used in production, will exhaust
+ the request stream up to 10GB or 1000 reads. This allows clients to see a
+ 413 error if max_content_length is exceeded, instead of a âconnection
+ resetâ failure.
+ * The development server discards header keys that contain underscores _, as
+ they are ambiguous with dashes - in WSGI.
+ * secure_filename looks for more Windows reserved file names.
+ * Update type annotation for best_match to make default parameter clearer.
+ * Multipart parser handles empty fields correctly.
+ * The Map charset parameter and Request.url_charset property are deprecated.
+ Percent encoding in URLs must always represent UTF-8 bytes. Invalid bytes
+ are left percent encoded rather than replaced.
+ * The Request.charset, Request.encoding_errors, Response.charset, and
+ Client.charset attributes are deprecated. Request and response data must
+ always use UTF-8.
+ * Header values that have charset information only allow ASCII, UTF-8, and
+ ISO-8859-1.
+ * Update type annotation for ProfilerMiddleware stream parameter.
+ * Use postponed evaluation of annotations.
+ * The development server escapes ASCII control characters in decoded URLs
+ before logging the request to the terminal.
+ * The FormDataParser parse_functions attribute and get_parse_func method,
+ and the invalid application/x-url-encoded content type, are deprecated.
+ * generate_password_hash supports scrypt. Plain hash methods are deprecated,
+ only scrypt and pbkdf2 are supported.
+- Remove patch which was made obsolete by upstream:
+ * moved_root.patch
+
+-------------------------------------------------------------------
Old:
----
Werkzeug-2.2.3.tar.gz
moved_root.patch
New:
----
Werkzeug-2.3.6.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Werkzeug.spec ++++++
--- /var/tmp/diff_new_pack.ph8C9P/_old 2023-06-22 23:24:51.285680907 +0200
+++ /var/tmp/diff_new_pack.ph8C9P/_new 2023-06-22 23:24:51.289680897 +0200
@@ -27,19 +27,17 @@
%{?sle15_python_module_pythons}
Name: python-Werkzeug%{psuffix}
-Version: 2.2.3
+Version: 2.3.6
Release: 0
Summary: The Swiss Army knife of Python web development
License: BSD-3-Clause
Group: Development/Languages/Python
URL: https://werkzeug.palletsprojects.com
Source:
https://files.pythonhosted.org/packages/source/W/Werkzeug/Werkzeug-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM moved_root.patch bsc#[0-9]+ [email protected]
-# this patch makes things totally awesome
-Patch1: moved_root.patch
-BuildRequires: %{python_module base >= 3.7}
-BuildRequires: %{python_module setuptools_scm}
+BuildRequires: %{python_module base >= 3.8}
+BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
+BuildRequires: %{python_module wheel}
%if %{with test}
BuildRequires: %{python_module Werkzeug = %{version}}
BuildRequires: %{python_module cryptography}
@@ -50,12 +48,13 @@
BuildRequires: %{python_module pytest-xprocess}
BuildRequires: %{python_module requests}
BuildRequires: %{python_module sortedcontainers}
+BuildRequires: %{python_module watchdog >= 3.0.0}
%endif
BuildRequires: fdupes
BuildRequires: python-rpm-macros
-Requires: python-MarkupSafe >= 2.1.1
+Requires: python-MarkupSafe >= 2.1.2
Recommends: python-termcolor
-Recommends: python-watchdog
+Recommends: python-watchdog >= 3.0.0
Obsoletes: python-Werkzeug-doc < %{version}
Provides: python-Werkzeug-doc = %{version}
BuildArch: noarch
@@ -82,11 +81,11 @@
sed -i "1d"
examples/manage-{i18nurls,simplewiki,shorty,couchy,cupoftee,webpylike,plnt,coolmagic}.py
# Fix non-executable scripts
%build
-%python_build
+%pyproject_wheel
%install
%if ! %{with test}
-%python_install
+%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%endif
++++++ Werkzeug-2.2.3.tar.gz -> Werkzeug-2.3.6.tar.gz ++++++
++++ 22995 lines of diff (skipped)
