Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-Werkzeug

Daniel Garcia's avatar Daniel Garcia (dgarcia) committed (revision 92) 
- Update to 3.0.3:
  * Only allow ``localhost``, ``.localhost``, ``127.0.0.1``, or the
    specified hostname when running the dev server, to make debugger
    requests. Additional hosts can be added by using the debugger
    middleware directly. The debugger UI makes requests using the
    full URL rather than only the path.  :ghsa:`2g68-c3qc-8985`
    (CVE-2024-34069, bsc#1223979)
  * Make reloader more robust when ``""`` is in ``sys.path``.
    :pr:`2823`
  * Better TLS cert format with ``adhoc`` dev certs. :pr:`2891`
  * Inform Python < 3.12 how to handle ``itms-services`` URIs
    correctly, rather than using an overly-broad workaround in
    Werkzeug that caused some redirect URIs to be passed on without
    encoding. :issue:`2828`
  * Type annotation for ``Rule.endpoint`` and other uses of
    ``endpoint`` is ``Any``. :issue:`2836`
- Update to 3.0.2:
  * Ensure setting ``merge_slashes`` to ``False`` results in
    ``NotFound`` for repeated-slash requests against single slash
    routes. :issue:`2834`
  * Fix handling of ``TypeError`` in ``TypeConversionDict.get()`` to
    match ``ValueError``. :issue:`2843`
  * Fix ``response_wrapper`` type check in test client. :issue:`2831`
  * Make the return type of ``MultiPartParser.parse`` more precise.
    :issue:`2840`
  * Raise an error if converter arguments cannot be parsed.
    :issue:`2822`
buildservice-autocommit accepted request 1120656 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 91) 
baserev update by copy to link target
Steve Kowalik's avatar Steve Kowalik (StevenK) committed (revision 90) 
- Update to 3.0.1:
  * Fix slow multipart parsing for large parts potentially enabling DoS
    attacks. (CVE-2023-46136, bsc#1216581)
  * Remove previously deprecated code.
  * Deprecate the ``__version__`` attribute. Use feature detection, or
    ``importlib.metadata.version("werkzeug")``, instead.
  * ``generate_password_hash`` uses scrypt by default.
  * Add the ``"werkzeug.profiler"`` item to the  WSGI ``environ`` dictionary
    passed to `ProfilerMiddleware`'s `filename_format` function. It contains
    the ``elapsed`` and ``time`` values for the profiled request.
  * Explicitly marked the PathConverter as non path isolating.
buildservice-autocommit accepted request 1113325 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 89) 
baserev update by copy to link target
Steve Kowalik's avatar Steve Kowalik (StevenK) committed (revision 88) 
- Update to 2.3.7:
  * Use ``flit_core`` instead of ``setuptools`` as build backend.
  * Fix parsing of multipart bodies.
    Adjust index of last newline in data start.
  * ``_plain_int`` and ``_plain_float`` strip whitespace before type
    enforcement.
  * Fix empty file streaming when testing.
  * Clearer error message when URL rule does not start with slash.
  * ``Accept`` ``q`` value can be a float without a decimal part.
- Drop captialisation again.
buildservice-autocommit accepted request 1110948 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 87) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 86) 
  * drops 0001-limit-the-maximum-number-of-multipart-form-parts.patch 
    in older dists
buildservice-autocommit accepted request 1093788 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 85) 
baserev update by copy to link target
Matej Cepl's avatar Matej Cepl (mcepl) committed (revision 84) 
Update changelog
Matej Cepl's avatar Matej Cepl (mcepl) committed (revision 83) 
Remove unnecessary setup.py
Matej Cepl's avatar Matej Cepl (mcepl) committed (revision 82) 
WIP
Matej Cepl's avatar Matej Cepl (mcepl) accepted request 1093739 from Antonio Larrosa's avatar Antonio Larrosa (alarrosa) (revision 81) 
- Update to 2.3.6:
  * FileStorage.content_length does not fail if the form data did not provide
    a value.
- Update to 2.3.5:
  * Python 3.12 compatibility.
  * Fix handling of invalid base64 values in Authorization.from_header.
  * The debugger escapes the exception message in the page title.
  * When binding routing.Map, a long IDNA server_name with a port does not
    fail encoding.
  * iri_to_uri shows a deprecation warning instead of an error when passing
    bytes.
  * When parsing numbers in HTTP request headers such as Content-Length, only
    ASCII digits are accepted rather than any format that Python’s int and
    float accept.
- Update to 2.3.4:
  * Authorization.from_header and WWWAuthenticate.from_header detects tokens
    that end with base64 padding (=).
  * Remove usage of warnings.catch_warnings.
  * Remove max_form_parts restriction from standard form data parsing and only
    use if for multipart content.
  * Response will avoid converting the Location header in some cases to
    preserve invalid URL schemes like itms-services.
- Update to 2.3.3:
  * Fix parsing of large multipart bodies. Remove invalid leading newline, and
    restore parsing speed.
  * The cookie Path attribute is set to / by default again, to prevent clients
    from falling back to RFC 6265’s default-path behavior.
- Update to 2.3.2:
  * Parse the cookie Expires attribute correctly in the test client.
  * max_content_length can only be enforced on streaming requests if the
buildservice-autocommit accepted request 1082016 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 80) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 1081318 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 79) 
SR for python stack proposal
buildservice-autocommit accepted request 1071237 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 78) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 77)
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 76) 
- update to 2.2.3 (bsc#1208283, CVE-2023-25577):
  * Ensure that URL rules using path converters will redirect
    with strict slashes when the trailing slash is missing.
  * Type signature for ``get_json`` specifies that return type
    is not optional when ``silent=False``.
  * ``parse_content_range_header`` returns ``None`` for a value
    like ``bytes */-1`` where the length is invalid, instead of
    raising an ``AssertionError``.
  * Address remaining ``ResourceWarning`` related to the socket
    used by ``run_simple``.
  * Remove ``prepare_socket``, which now happens when
    creating the server.
  * Update pre-existing headers for ``multipart/form-data``
    requests with the test client.
  * Fix handling of header extended parameters such that they
    are no longer quoted.
  * ``LimitedStream.read`` works correctly when wrapping a
    stream that may not return the requested size in one 
    ``read`` call.
  * A cookie header that starts with ``=`` is treated as an
    empty key and discarded, rather than stripping the leading ``==``.
  * Specify a maximum number of multipart parts, default 1000,
    after which a ``RequestEntityTooLarge`` exception is
    raised on parsing.  This mitigates a DoS attack where a
    larger number of form/file parts would result in disproportionate
    resource use.
buildservice-autocommit accepted request 1003681 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 75) 
baserev update by copy to link target
Matej Cepl's avatar Matej Cepl (mcepl) accepted request 1003613 from Benjamin Greiner's avatar Benjamin Greiner (bnavigator) (revision 74) 
Superseding because there was a (incomplete) direct commit to
the devel project in between


- Clean some unused python2 python36 code from specfile
- Move MarkupSafe to runtime requirement. Versioned. This is
  checked in multibuild test flavor as build requirement.
Markéta Machová's avatar Markéta Machová (mcalabkova) committed (revision 73) 
clean up
Displaying revisions 1 - 20 of 92
openSUSE Build Service is sponsored by
Places