Revisions of python-Werkzeug

buildservice-autocommit accepted request 1218824 from Daniel Garcia's avatar Daniel Garcia (dgarcia) (revision 97)
baserev update by copy to link target
Daniel Garcia's avatar Daniel Garcia (dgarcia) committed (revision 96)
- Update to 3.0.6 (bsc#1232449, CVE-2024-49767):
  * Fix how max_form_memory_size is applied when parsing large
    non-file fields. GHSA-q34m-jh98-gwm2
  * safe_join catches certain paths on Windows that were not caught by
    ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j
- 3.0.5:
  * The Watchdog reloader ignores file closed no write events. #2945
  * Logging works with client addresses containing an IPv6 scope.
    #2952
  * Ignore invalid authorization parameters. #2955
  * Improve type annotation fore SharedDataMiddleware. #2958
  * Compatibility with Python 3.13 when generating debugger pin and
    the current UID does not have an associated name. #2957
buildservice-autocommit accepted request 1196238 from Nico Krapp's avatar Nico Krapp (nkrapp) (revision 95)
baserev update by copy to link target
Nico Krapp's avatar Nico Krapp (nkrapp) accepted request 1196085 from John Paul Adrian Glaubitz's avatar John Paul Adrian Glaubitz (glaubitz) (revision 94)
- Update to 3.0.4
  * Restore behavior where parsing `multipart/x-www-form-urlencoded` data with
    invalid UTF-8 bytes in the body results in no form data parsed rather than a
    413 error. :issue:`2930`
  * Improve ``parse_options_header`` performance when parsing unterminated
    quoted string values. :issue:`2904`
  * Debugger pin auth is synchronized across threads/processes when tracking
    failed entries. :issue:`2916`
  * Dev server handles unexpected `SSLEOFError` due to issue in Python < 3.13.
    :issue:`2926`
  * Debugger pin auth works when the URL already contains a query string.
    :issue:`2918`
buildservice-autocommit accepted request 1172322 from Daniel Garcia's avatar Daniel Garcia (dgarcia) (revision 93)
baserev update by copy to link target
Daniel Garcia's avatar Daniel Garcia (dgarcia) committed (revision 92)
- Update to 3.0.3:
  * Only allow ``localhost``, ``.localhost``, ``127.0.0.1``, or the
    specified hostname when running the dev server, to make debugger
    requests. Additional hosts can be added by using the debugger
    middleware directly. The debugger UI makes requests using the
    full URL rather than only the path.  :ghsa:`2g68-c3qc-8985`
    (CVE-2024-34069, bsc#1223979)
  * Make reloader more robust when ``""`` is in ``sys.path``.
    :pr:`2823`
  * Better TLS cert format with ``adhoc`` dev certs. :pr:`2891`
  * Inform Python < 3.12 how to handle ``itms-services`` URIs
    correctly, rather than using an overly-broad workaround in
    Werkzeug that caused some redirect URIs to be passed on without
    encoding. :issue:`2828`
  * Type annotation for ``Rule.endpoint`` and other uses of
    ``endpoint`` is ``Any``. :issue:`2836`
- Update to 3.0.2:
  * Ensure setting ``merge_slashes`` to ``False`` results in
    ``NotFound`` for repeated-slash requests against single slash
    routes. :issue:`2834`
  * Fix handling of ``TypeError`` in ``TypeConversionDict.get()`` to
    match ``ValueError``. :issue:`2843`
  * Fix ``response_wrapper`` type check in test client. :issue:`2831`
  * Make the return type of ``MultiPartParser.parse`` more precise.
    :issue:`2840`
  * Raise an error if converter arguments cannot be parsed.
    :issue:`2822`
buildservice-autocommit accepted request 1120656 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 91)
baserev update by copy to link target
Steve Kowalik's avatar Steve Kowalik (StevenK) committed (revision 90)
- Update to 3.0.1:
  * Fix slow multipart parsing for large parts potentially enabling DoS
    attacks. (CVE-2023-46136, bsc#1216581)
  * Remove previously deprecated code.
  * Deprecate the ``__version__`` attribute. Use feature detection, or
    ``importlib.metadata.version("werkzeug")``, instead.
  * ``generate_password_hash`` uses scrypt by default.
  * Add the ``"werkzeug.profiler"`` item to the  WSGI ``environ`` dictionary
    passed to `ProfilerMiddleware`'s `filename_format` function. It contains
    the ``elapsed`` and ``time`` values for the profiled request.
  * Explicitly marked the PathConverter as non path isolating.
buildservice-autocommit accepted request 1113325 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 89)
baserev update by copy to link target
Steve Kowalik's avatar Steve Kowalik (StevenK) committed (revision 88)
- Update to 2.3.7:
  * Use ``flit_core`` instead of ``setuptools`` as build backend.
  * Fix parsing of multipart bodies.
    Adjust index of last newline in data start.
  * ``_plain_int`` and ``_plain_float`` strip whitespace before type
    enforcement.
  * Fix empty file streaming when testing.
  * Clearer error message when URL rule does not start with slash.
  * ``Accept`` ``q`` value can be a float without a decimal part.
- Drop captialisation again.
buildservice-autocommit accepted request 1110948 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 87)
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 86)
  * drops 0001-limit-the-maximum-number-of-multipart-form-parts.patch 
    in older dists
buildservice-autocommit accepted request 1093788 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 85)
baserev update by copy to link target
Matej Cepl's avatar Matej Cepl (mcepl) committed (revision 84)
Update changelog
Matej Cepl's avatar Matej Cepl (mcepl) committed (revision 83)
Remove unnecessary setup.py
Matej Cepl's avatar Matej Cepl (mcepl) committed (revision 82)
WIP
Matej Cepl's avatar Matej Cepl (mcepl) accepted request 1093739 from Antonio Larrosa's avatar Antonio Larrosa (alarrosa) (revision 81)
- Update to 2.3.6:
  * FileStorage.content_length does not fail if the form data did not provide
    a value.
- Update to 2.3.5:
  * Python 3.12 compatibility.
  * Fix handling of invalid base64 values in Authorization.from_header.
  * The debugger escapes the exception message in the page title.
  * When binding routing.Map, a long IDNA server_name with a port does not
    fail encoding.
  * iri_to_uri shows a deprecation warning instead of an error when passing
    bytes.
  * When parsing numbers in HTTP request headers such as Content-Length, only
    ASCII digits are accepted rather than any format that Python’s int and
    float accept.
- Update to 2.3.4:
  * Authorization.from_header and WWWAuthenticate.from_header detects tokens
    that end with base64 padding (=).
  * Remove usage of warnings.catch_warnings.
  * Remove max_form_parts restriction from standard form data parsing and only
    use if for multipart content.
  * Response will avoid converting the Location header in some cases to
    preserve invalid URL schemes like itms-services.
- Update to 2.3.3:
  * Fix parsing of large multipart bodies. Remove invalid leading newline, and
    restore parsing speed.
  * The cookie Path attribute is set to / by default again, to prevent clients
    from falling back to RFC 6265’s default-path behavior.
- Update to 2.3.2:
  * Parse the cookie Expires attribute correctly in the test client.
  * max_content_length can only be enforced on streaming requests if the
buildservice-autocommit accepted request 1082016 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 80)
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 1081318 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 79)
SR for python stack proposal
buildservice-autocommit accepted request 1071237 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 78)
baserev update by copy to link target
Displaying revisions 1 - 20 of 97
openSUSE Build Service is sponsored by