Scheduled daily dependency update on thursday

[pyup-bot]

Update Flask from 0.11.1 to 1.0.2.

Changelog

1.0.2

-------------

Released on May 2nd 2018

-   Fix more backwards compatibility issues with merging slashes between
 a blueprint prefix and route. (`2748`_)
-   Fix error with ``flask routes`` command when there are no routes.
 (`2751`_)

.. _2748: https://github.com/pallets/flask/pull/2748
.. _2751: https://github.com/pallets/flask/issues/2751

1.0.1

-------------

Released on April 29th 2018

-   Fix registering partials (with no ``__name__``) as view functions.
 (`2730`_)
-   Don't treat lists returned from view functions the same as tuples.
 Only tuples are interpreted as response data. (`2736`_)
-   Extra slashes between a blueprint's ``url_prefix`` and a route URL
 are merged. This fixes some backwards compatibility issues with the
 change in 1.0. (`2731`_, `2742`_)
-   Only trap ``BadRequestKeyError`` errors in debug mode, not all
 ``BadRequest`` errors. This allows ``abort(400)`` to continue
 working as expected. (`2735`_)
-   The ``FLASK_SKIP_DOTENV`` environment variable can be set to ``1``
 to skip automatically loading dotenv files. (`2722`_)

.. _2722: https://github.com/pallets/flask/issues/2722
.. _2730: https://github.com/pallets/flask/pull/2730
.. _2731: https://github.com/pallets/flask/issues/2731
.. _2735: https://github.com/pallets/flask/issues/2735
.. _2736: https://github.com/pallets/flask/issues/2736
.. _2742: https://github.com/pallets/flask/issues/2742

1.0

-----------

Released on April 26th 2018

-   **Python 2.6 and 3.3 are no longer supported.** (`pallets/meta24`_)
-   Bump minimum dependency versions to the latest stable versions:
 Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1.
 (`2586`_)
-   Skip :meth:`app.run <Flask.run>` when a Flask application is run
 from the command line. This avoids some behavior that was confusing
 to debug.
-   Change the default for :data:`JSONIFY_PRETTYPRINT_REGULAR` to
 ``False``. :func:`~json.jsonify` returns a compact format by
 default, and an indented format in debug mode. (`2193`_)
-   :meth:`Flask.__init__ <Flask>` accepts the ``host_matching``
 argument and sets it on :attr:`~Flask.url_map`. (`1559`_)
-   :meth:`Flask.__init__ <Flask>` accepts the ``static_host`` argument
 and passes it as the ``host`` argument when defining the static
 route. (`1559`_)
-   :func:`send_file` supports Unicode in ``attachment_filename``.
 (`2223`_)
-   Pass ``_scheme`` argument from :func:`url_for` to
 :meth:`~Flask.handle_url_build_error`. (`2017`_)
-   :meth:`~Flask.add_url_rule` accepts the
 ``provide_automatic_options`` argument to disable adding the
 ``OPTIONS`` method. (`1489`_)
-   :class:`~views.MethodView` subclasses inherit method handlers from
 base classes. (`1936`_)
-   Errors caused while opening the session at the beginning of the
 request are handled by the app's error handlers. (`2254`_)
-   Blueprints gained :attr:`~Blueprint.json_encoder` and
 :attr:`~Blueprint.json_decoder` attributes to override the app's
 encoder and decoder. (`1898`_)
-   :meth:`Flask.make_response` raises ``TypeError`` instead of
 ``ValueError`` for bad response types. The error messages have been
 improved to describe why the type is invalid. (`2256`_)
-   Add ``routes`` CLI command to output routes registered on the
 application. (`2259`_)
-   Show warning when session cookie domain is a bare hostname or an IP
 address, as these may not behave properly in some browsers, such as
 Chrome. (`2282`_)
-   Allow IP address as exact session cookie domain. (`2282`_)
-   ``SESSION_COOKIE_DOMAIN`` is set if it is detected through
 ``SERVER_NAME``. (`2282`_)
-   Auto-detect zero-argument app factory called ``create_app`` or
 ``make_app`` from ``FLASK_APP``. (`2297`_)
-   Factory functions are not required to take a ``script_info``
 parameter to work with the ``flask`` command. If they take a single
 parameter or a parameter named ``script_info``, the
 :class:`~cli.ScriptInfo` object will be passed. (`2319`_)
-   ``FLASK_APP`` can be set to an app factory, with arguments if
 needed, for example ``FLASK_APP=myproject.app:create_app('dev')``.
 (`2326`_)
-   ``FLASK_APP`` can point to local packages that are not installed in
 editable mode, although ``pip install -e`` is still preferred.
 (`2414`_)
-   The :class:`~views.View` class attribute
 :attr:`~views.View.provide_automatic_options` is set in
 :meth:`~views.View.as_view`, to be detected by
 :meth:`~Flask.add_url_rule`. (`2316`_)
-   Error handling will try handlers registered for ``blueprint, code``,
 ``app, code``, ``blueprint, exception``, ``app, exception``.
 (`2314`_)
-   ``Cookie`` is added to the response's ``Vary`` header if the session
 is accessed at all during the request (and not deleted). (`2288`_)
-   :meth:`~Flask.test_request_context` accepts ``subdomain`` and
 ``url_scheme`` arguments for use when building the base URL.
 (`1621`_)
-   Set :data:`APPLICATION_ROOT` to ``'/'`` by default. This was already
 the implicit default when it was set to ``None``.
-   :data:`TRAP_BAD_REQUEST_ERRORS` is enabled by default in debug mode.
 ``BadRequestKeyError`` has a message with the bad key in debug mode
 instead of the generic bad request message. (`2348`_)
-   Allow registering new tags with
 :class:`~json.tag.TaggedJSONSerializer` to support storing other
 types in the session cookie. (`2352`_)
-   Only open the session if the request has not been pushed onto the
 context stack yet. This allows :func:`~stream_with_context`
 generators to access the same session that the containing view uses.
 (`2354`_)
-   Add ``json`` keyword argument for the test client request methods.
 This will dump the given object as JSON and set the appropriate
 content type. (`2358`_)
-   Extract JSON handling to a mixin applied to both the
 :class:`Request` and :class:`Response` classes. This adds the
 :meth:`~Response.is_json` and :meth:`~Response.get_json` methods to
 the response to make testing JSON response much easier. (`2358`_)
-   Removed error handler caching because it caused unexpected results
 for some exception inheritance hierarchies. Register handlers
 explicitly for each exception if you want to avoid traversing the
 MRO. (`2362`_)
-   Fix incorrect JSON encoding of aware, non-UTC datetimes. (`2374`_)
-   Template auto reloading will honor debug mode even even if
 :attr:`~Flask.jinja_env` was already accessed. (`2373`_)
-   The following old deprecated code was removed. (`2385`_)

 -   ``flask.ext`` - import extensions directly by their name instead
     of through the ``flask.ext`` namespace. For example,
     ``import flask.ext.sqlalchemy`` becomes
     ``import flask_sqlalchemy``.
 -   ``Flask.init_jinja_globals`` - extend
     :meth:`Flask.create_jinja_environment` instead.
 -   ``Flask.error_handlers`` - tracked by
     :attr:`Flask.error_handler_spec`, use :meth:`Flask.errorhandler`
     to register handlers.
 -   ``Flask.request_globals_class`` - use
     :attr:`Flask.app_ctx_globals_class` instead.
 -   ``Flask.static_path`` - use :attr:`Flask.static_url_path`
     instead.
 -   ``Request.module`` - use :attr:`Request.blueprint` instead.

-   The :attr:`Request.json` property is no longer deprecated.
 (`1421`_)
-   Support passing a :class:`~werkzeug.test.EnvironBuilder` or
 ``dict`` to :meth:`test_client.open <werkzeug.test.Client.open>`.
 (`2412`_)
-   The ``flask`` command and :meth:`Flask.run` will load environment
 variables from ``.env`` and ``.flaskenv`` files if python-dotenv is
 installed. (`2416`_)
-   When passing a full URL to the test client, the scheme in the URL is
 used instead of :data:`PREFERRED_URL_SCHEME`. (`2430`_)
-   :attr:`Flask.logger` has been simplified. ``LOGGER_NAME`` and
 ``LOGGER_HANDLER_POLICY`` config was removed. The logger is always
 named ``flask.app``. The level is only set on first access, it
 doesn't check :attr:`Flask.debug` each time. Only one format is
 used, not different ones depending on :attr:`Flask.debug`. No
 handlers are removed, and a handler is only added if no handlers are
 already configured. (`2436`_)
-   Blueprint view function names may not contain dots. (`2450`_)
-   Fix a ``ValueError`` caused by invalid ``Range`` requests in some
 cases. (`2526`_)
-   The development server uses threads by default. (`2529`_)
-   Loading config files with ``silent=True`` will ignore
 :data:`~errno.ENOTDIR` errors. (`2581`_)
-   Pass ``--cert`` and ``--key`` options to ``flask run`` to run the
 development server over HTTPS. (`2606`_)
-   Added :data:`SESSION_COOKIE_SAMESITE` to control the ``SameSite``
 attribute on the session cookie. (`2607`_)
-   Added :meth:`~flask.Flask.test_cli_runner` to create a Click runner
 that can invoke Flask CLI commands for testing. (`2636`_)
-   Subdomain matching is disabled by default and setting
 :data:`SERVER_NAME` does not implicily enable it. It can be enabled
 by passing ``subdomain_matching=True`` to the ``Flask`` constructor.
 (`2635`_)
-   A single trailing slash is stripped from the blueprint
 ``url_prefix`` when it is registered with the app. (`2629`_)
-   :meth:`Request.get_json` doesn't cache the
 result if parsing fails when ``silent`` is true. (`2651`_)
-   :func:`Request.get_json` no longer accepts arbitrary encodings.
 Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but
 Flask will autodetect UTF-8, -16, or -32. (`2691`_)
-   Added :data:`MAX_COOKIE_SIZE` and :attr:`Response.max_cookie_size`
 to control when Werkzeug warns about large cookies that browsers may
 ignore. (`2693`_)
-   Updated documentation theme to make docs look better in small
 windows. (`2709`_)
-   Rewrote the tutorial docs and example project to take a more
 structured approach to help new users avoid common pitfalls.
 (`2676`_)

.. _pallets/meta24: https://github.com/pallets/meta/issues/24
.. _1421: https://github.com/pallets/flask/issues/1421
.. _1489: https://github.com/pallets/flask/pull/1489
.. _1559: https://github.com/pallets/flask/issues/1559
.. _1621: https://github.com/pallets/flask/pull/1621
.. _1898: https://github.com/pallets/flask/pull/1898
.. _1936: https://github.com/pallets/flask/pull/1936
.. _2017: https://github.com/pallets/flask/pull/2017
.. _2193: https://github.com/pallets/flask/pull/2193
.. _2223: https://github.com/pallets/flask/pull/2223
.. _2254: https://github.com/pallets/flask/pull/2254
.. _2256: https://github.com/pallets/flask/pull/2256
.. _2259: https://github.com/pallets/flask/pull/2259
.. _2282: https://github.com/pallets/flask/pull/2282
.. _2288: https://github.com/pallets/flask/pull/2288
.. _2297: https://github.com/pallets/flask/pull/2297
.. _2314: https://github.com/pallets/flask/pull/2314
.. _2316: https://github.com/pallets/flask/pull/2316
.. _2319: https://github.com/pallets/flask/pull/2319
.. _2326: https://github.com/pallets/flask/pull/2326
.. _2348: https://github.com/pallets/flask/pull/2348
.. _2352: https://github.com/pallets/flask/pull/2352
.. _2354: https://github.com/pallets/flask/pull/2354
.. _2358: https://github.com/pallets/flask/pull/2358
.. _2362: https://github.com/pallets/flask/pull/2362
.. _2374: https://github.com/pallets/flask/pull/2374
.. _2373: https://github.com/pallets/flask/pull/2373
.. _2385: https://github.com/pallets/flask/issues/2385
.. _2412: https://github.com/pallets/flask/pull/2412
.. _2414: https://github.com/pallets/flask/pull/2414
.. _2416: https://github.com/pallets/flask/pull/2416
.. _2430: https://github.com/pallets/flask/pull/2430
.. _2436: https://github.com/pallets/flask/pull/2436
.. _2450: https://github.com/pallets/flask/pull/2450
.. _2526: https://github.com/pallets/flask/issues/2526
.. _2529: https://github.com/pallets/flask/pull/2529
.. _2586: https://github.com/pallets/flask/issues/2586
.. _2581: https://github.com/pallets/flask/pull/2581
.. _2606: https://github.com/pallets/flask/pull/2606
.. _2607: https://github.com/pallets/flask/pull/2607
.. _2636: https://github.com/pallets/flask/pull/2636
.. _2635: https://github.com/pallets/flask/pull/2635
.. _2629: https://github.com/pallets/flask/pull/2629
.. _2651: https://github.com/pallets/flask/issues/2651
.. _2676: https://github.com/pallets/flask/pull/2676
.. _2691: https://github.com/pallets/flask/pull/2691
.. _2693: https://github.com/pallets/flask/pull/2693
.. _2709: https://github.com/pallets/flask/pull/2709

0.12.4

--------------

Released on April 29 2018

-   Repackage 0.12.3 to fix package layout issue. (`2728`_)

.. _2728: https://github.com/pallets/flask/issues/2728

0.12.3

--------------

Released on April 26th 2018

-   :func:`Request.get_json` no longer accepts arbitrary encodings.
 Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but
 Flask will autodetect UTF-8, -16, or -32. (`2692`_)
-   Fix a Python warning about imports when using ``python -m flask``.
 (`2666`_)
-   Fix a ``ValueError`` caused by invalid ``Range`` requests in some
 cases.

.. _2666: https://github.com/pallets/flask/issues/2666
.. _2692: https://github.com/pallets/flask/issues/2692

0.12.2

--------------

Released on May 16 2017

- Fix a bug in `safe_join` on Windows.

0.12.1

--------------

Bugfix release, released on March 31st 2017

- Prevent `flask run` from showing a NoAppException when an ImportError occurs
within the imported application module.
- Fix encoding behavior of ``app.config.from_pyfile`` for Python 3. Fix
``2118``.
- Use the ``SERVER_NAME`` config if it is present as default values for
``app.run``. ``2109``, ``2152``
- Call `ctx.auto_pop` with the exception object instead of `None`, in the
event that a `BaseException` such as `KeyboardInterrupt` is raised in a
request handler.

0.12

------------

Released on December 21st 2016, codename Punsch.

- the cli command now responds to `--version`.
- Mimetype guessing and ETag generation for file-like objects in ``send_file``
has been removed, as per issue ``104``.  See pull request ``1849``.
- Mimetype guessing in ``send_file`` now fails loudly and doesn't fall back to
``application/octet-stream``. See pull request ``1988``.
- Make ``flask.safe_join`` able to join multiple paths like ``os.path.join``
(pull request ``1730``).
- Revert a behavior change that made the dev server crash instead of returning
a Internal Server Error (pull request ``2006``).
- Correctly invoke response handlers for both regular request dispatching as
well as error handlers.
- Disable logger propagation by default for the app logger.
- Add support for range requests in ``send_file``.
- ``app.test_client`` includes preset default environment, which can now be
directly set, instead of per ``client.get``.

0.11.2

--------------

Bugfix release, unreleased

- Fix crash when running under PyPy3, see pull request ``1814``.

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://pyup.io/changelogs/flask/
• Homepage: https://www.palletsprojects.com/p/flask/

Update pyOpenSSL from 16.2.0 to 18.0.0.

Changelog

18.0.0

-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.2.1.
- Support for Python 2.6 has been dropped.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``Connection.get_certificate`` to retrieve the local certificate.
`733 <https://github.com/pyca/pyopenssl/pull/733>`_
- ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default.
`753 <https://github.com/pyca/pyopenssl/pull/753>`_
- Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material.
`734 <https://github.com/pyca/pyopenssl/pull/734>`_


----

17.5.0

-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 2.1.4.


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with ``cacerts``.
`723 <https://github.com/pyca/pyopenssl/pull/723>`_
- Added ``Connection.export_keying_material`` for RFC 5705 compatible export of keying material.
`725 <https://github.com/pyca/pyopenssl/pull/725>`_

----

17.4.0

-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

*none*


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^


- Re-added a subset of the ``OpenSSL.rand`` module.
This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.
`708 <https://github.com/pyca/pyopenssl/pull/708>`_
- Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated.
`709 <https://github.com/pyca/pyopenssl/pull/709>`_

----

17.3.0

-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Dropped support for Python 3.3.
`677 <https://github.com/pyca/pyopenssl/pull/677>`_
- Removed the deprecated ``OpenSSL.rand`` module.
This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden.
``os.urandom()`` should be used instead.
`675 <https://github.com/pyca/pyopenssl/pull/675>`_


Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.tsafe``.
`673 <https://github.com/pyca/pyopenssl/pull/673>`_

Changes:
^^^^^^^^

- Fixed a memory leak in ``OpenSSL.crypto.CRL``.
`690 <https://github.com/pyca/pyopenssl/pull/690>`_
- Fixed a memory leak when verifying certificates with ``OpenSSL.crypto.X509StoreContext``.
`691 <https://github.com/pyca/pyopenssl/pull/691>`_


----

17.2.0

-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

*none*


Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
`658 <https://github.com/pyca/pyopenssl/pull/658>`_


Changes:
^^^^^^^^

- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x.
`665 <https://github.com/pyca/pyopenssl/pull/665>`_
- Fixed a crash with (EC)DSA signatures in some cases.
`670 <https://github.com/pyca/pyopenssl/pull/670>`_


----

17.1.0

-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Removed the deprecated ``OpenSSL.rand.egd()`` function.
Applications should prefer ``os.urandom()`` for random number generation.
`630 <https://github.com/pyca/pyopenssl/pull/630>`_
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
Callers must now always pass an explicit ``digest``.
`652 <https://github.com/pyca/pyopenssl/pull/652>`_
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
will no longer work. `612 <https://github.com/pyca/pyopenssl/pull/612>`_


Deprecations:
^^^^^^^^^^^^^


- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, ``NetscapeSPKIType``.
The names without the "Type"-suffix should be used instead.


Changes:
^^^^^^^^

- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()`` for converting X.509 certificate to and from pyca/cryptography objects.
`640 <https://github.com/pyca/pyopenssl/pull/640>`_
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``, ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()`` for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
`645 <https://github.com/pyca/pyopenssl/pull/645>`_
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``.
`620 <https://github.com/pyca/pyopenssl/pull/620>`_
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate the upcoming release of ``cryptography`` ``manylinux1`` wheels.
`633 <https://github.com/pyca/pyopenssl/pull/633>`_


----

17.0.0

-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

*none*


Deprecations:
^^^^^^^^^^^^^

*none*


Changes:
^^^^^^^^

- Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when verifying certificate chains.
`567 <https://github.com/pyca/pyopenssl/pull/567>`_
- Added a collection of functions for working with OCSP stapling.
None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided.
Users will need to write their own code to handle OCSP assertions.
We specifically added: ``Context.set_ocsp_server_callback()``, ``Context.set_ocsp_client_callback()``, and ``Connection.request_ocsp()``.
`580 <https://github.com/pyca/pyopenssl/pull/580>`_
- Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory it allocates when unnecessary.
This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation.
For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements.
`578 <https://github.com/pyca/pyopenssl/pull/578>`_
- Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``.
`575 <https://github.com/pyca/pyopenssl/pull/575>`_
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
`581 <https://github.com/pyca/pyopenssl/pull/581>`_


----

Links

• PyPI: https://pypi.org/project/pyopenssl
• Changelog: https://pyup.io/changelogs/pyopenssl/
• Homepage: https://pyopenssl.org/
• Docs: https://pythonhosted.org/pyOpenSSL/

Update Flask-Admin from 1.4.2 to 1.5.2.

Changelog

1.5.2

-----

* Fixed XSS vulnerability
* Fixed Peewee support
* Added detail view column formatters
* Updated Flask-Login example to work with the newer version of the library
* Various SQLAlchemy-related fixes
* Various Windows related fixes for the file admin

1.5.1

-----

* Dropped Python 2.6 support
* Fixed SQLAlchemy >= 1.2 compatibility
* Fixed Pewee 3.0 compatibility
* Fixed max year for a combo date inline editor
* Lots of small bug fixes

1.5.0

-----

* Fixed CSRF generation logic for multi-process deployments
* Added WTForms >= 3.0 support
* Flask-Admin would not recursively save inline models, allowing arbitrary nesting
* Added configuration properties that allow injection of additional CSS and JS dependencies into templates without overriding them
* SQLAlchemy backend
- Updated hybrid property detection using new SQLAlchemy APIs
- Added support for association proxies
- Added support for remote hybrid properties filters
- Added support for ARRAY column type
* Localization-related fixes 
* MongoEngine backend is now properly formats model labels
* Improved Google App Engine support:
- Added TextProperty, KeyProperty and SelectField support
- Added support for form_args, excluded_columns, page_size and after_model_update
* Fixed URL generation with localized named filters
* FileAdmin has Bootstrap 2 support now
* Geoalchemy fixes
- Use Google Places (by default) for place search
* Updated translations
* Bug fixes

Links

• PyPI: https://pypi.org/project/flask-admin
• Changelog: https://pyup.io/changelogs/flask-admin/
• Repo: https://github.com/flask-admin/flask-admin/
• Docs: https://pythonhosted.org/Flask-Admin/

Update requests from 2.11.1 to 2.20.0.

Changelog

2.20.0

-------------------

**Bugfixes**

-   Content-Type header parsing is now case-insensitive (e.g.
 charset=utf8 v Charset=utf8).
-   Fixed exception leak where certain redirect urls would raise
 uncaught urllib3 exceptions.
-   Requests removes Authorization header from requests redirected
 from https to http on the same hostname. (CVE-2018-18074)
-   `should_bypass_proxies` now handles URIs without hostnames (e.g.
 files).

**Dependencies**

- Requests now supports urllib3 v1.24.

**Deprecations**

- Requests has officially stopped support for Python 2.6.

2.19.1

-------------------

**Bugfixes**

-   Fixed issue where status\_codes.py's `init` function failed trying
 to append to a `__doc__` value of `None`.

2.19.0

-------------------

**Improvements**

-   Warn user about possible slowdown when using cryptography version
 < 1.3.4
-   Check for invalid host in proxy URL, before forwarding request to
 adapter.
-   Fragments are now properly maintained across redirects. (RFC7231
 7.1.2)
-   Removed use of cgi module to expedite library load time.
-   Added support for SHA-256 and SHA-512 digest auth algorithms.
-   Minor performance improvement to `Request.content`.
-   Migrate to using collections.abc for 3.7 compatibility.

**Bugfixes**

-   Parsing empty `Link` headers with `parse_header_links()` no longer
 return one bogus entry.
-   Fixed issue where loading the default certificate bundle from a zip
 archive would raise an `IOError`.
-   Fixed issue with unexpected `ImportError` on windows system which do
 not support `winreg` module.
-   DNS resolution in proxy bypass no longer includes the username and
 password in the request. This also fixes the issue of DNS queries
 failing on macOS.
-   Properly normalize adapter prefixes for url comparison.
-   Passing `None` as a file pointer to the `files` param no longer
 raises an exception.
-   Calling `copy` on a `RequestsCookieJar` will now preserve the cookie
 policy correctly.

**Dependencies**

-   We now support idna v2.7.
-   We now support urllib3 v1.23.

2.18.4

-------------------

**Improvements**

-   Error messages for invalid headers now include the header name for
 easier debugging

**Dependencies**

-   We now support idna v2.6.

2.18.3

-------------------

**Improvements**

-   Running `$ python -m requests.help` now includes the installed
 version of idna.

**Bugfixes**

-   Fixed issue where Requests would raise `ConnectionError` instead of
 `SSLError` when encountering SSL problems when using urllib3 v1.22.

2.18.2

-------------------

**Bugfixes**

-   `requests.help` no longer fails on Python 2.6 due to the absence of
 `ssl.OPENSSL_VERSION_NUMBER`.

**Dependencies**

-   We now support urllib3 v1.22.

2.18.1

-------------------

**Bugfixes**

-   Fix an error in the packaging whereby the `*.whl` contained
 incorrect data that regressed the fix in v2.17.3.

2.18.0

-------------------

**Improvements**

-   `Response` is now a context manager, so can be used directly in a
 `with` statement without first having to be wrapped by
 `contextlib.closing()`.

**Bugfixes**

-   Resolve installation failure if multiprocessing is not available
-   Resolve tests crash if multiprocessing is not able to determine the
 number of CPU cores
-   Resolve error swallowing in utils set\_environ generator

2.17.3

-------------------

**Improvements**

-   Improved `packages` namespace identity support, for monkeypatching
 libraries.

2.17.2

-------------------

**Improvements**

-   Improved `packages` namespace identity support, for monkeypatching
 libraries.

2.17.1

-------------------

**Improvements**

-   Improved `packages` namespace identity support, for monkeypatching
 libraries.

2.17.0

-------------------

**Improvements**

-   Removal of the 301 redirect cache. This improves thread-safety.

2.16.5

-------------------

-   Improvements to `$ python -m requests.help`.

2.16.4

-------------------

-   Introduction of the `$ python -m requests.help` command, for
 debugging with maintainers!

2.16.3

-------------------

-   Further restored the `requests.packages` namespace for compatibility
 reasons.

2.16.2

-------------------

-   Further restored the `requests.packages` namespace for compatibility
 reasons.

No code modification (noted below) should be necessary any longer.

2.16.1

-------------------

-   Restored the `requests.packages` namespace for compatibility
 reasons.
-   Bugfix for `urllib3` version parsing.

**Note**: code that was written to import against the
`requests.packages` namespace previously will have to import code that
rests at this module-level now.

For example:

 from requests.packages.urllib3.poolmanager import PoolManager

Will need to be re-written to be:

 from requests.packages import urllib3
 urllib3.poolmanager.PoolManager

Or, even better:

 from urllib3.poolmanager import PoolManager

2.16.0

-------------------

-   Unvendor ALL the things!

2.15.1

-------------------

-   Everyone makes mistakes.

2.15.0

-------------------

**Improvements**

-   Introduction of the `Response.next` property, for getting the next
 `PreparedResponse` from a redirect chain (when
 `allow_redirects=False`).
-   Internal refactoring of `__version__` module.

**Bugfixes**

-   Restored once-optional parameter for
 `requests.utils.get_environ_proxies()`.

2.14.2

-------------------

**Bugfixes**

-   Changed a less-than to an equal-to and an or in the dependency
 markers to widen compatibility with older setuptools releases.

2.14.1

-------------------

**Bugfixes**

-   Changed the dependency markers to widen compatibility with older pip
 releases.

2.14.0

-------------------

**Improvements**

-   It is now possible to pass `no_proxy` as a key to the `proxies`
 dictionary to provide handling similar to the `NO_PROXY` environment
 variable.
-   When users provide invalid paths to certificate bundle files or
 directories Requests now raises `IOError`, rather than failing at
 the time of the HTTPS request with a fairly inscrutable certificate
 validation error.
-   The behavior of `SessionRedirectMixin` was slightly altered.
 `resolve_redirects` will now detect a redirect by calling
 `get_redirect_target(response)` instead of directly querying
 `Response.is_redirect` and `Response.headers['location']`. Advanced
 users will be able to process malformed redirects more easily.
-   Changed the internal calculation of elapsed request time to have
 higher resolution on Windows.
-   Added `win_inet_pton` as conditional dependency for the `[socks]`
 extra on Windows with Python 2.7.
-   Changed the proxy bypass implementation on Windows: the proxy bypass
 check doesn't use forward and reverse DNS requests anymore
-   URLs with schemes that begin with `http` but are not `http` or
 `https` no longer have their host parts forced to lowercase.

**Bugfixes**

-   Much improved handling of non-ASCII `Location` header values in
 redirects. Fewer `UnicodeDecodeErrors` are encountered on Python 2,
 and Python 3 now correctly understands that Latin-1 is unlikely to
 be the correct encoding.
-   If an attempt to `seek` file to find out its length fails, we now
 appropriately handle that by aborting our content-length
 calculations.
-   Restricted `HTTPDigestAuth` to only respond to auth challenges made
 on 4XX responses, rather than to all auth challenges.
-   Fixed some code that was firing `DeprecationWarning` on Python 3.6.
-   The dismayed person emoticon (`/o\\`) no longer has a big head. I'm
 sure this is what you were all worrying about most.

**Miscellaneous**

-   Updated bundled urllib3 to v1.21.1.
-   Updated bundled chardet to v3.0.2.
-   Updated bundled idna to v2.5.
-   Updated bundled certifi to 2017.4.17.

2.13.0

-------------------

**Features**

-   Only load the `idna` library when we've determined we need it. This
 will save some memory for users.

**Miscellaneous**

-   Updated bundled urllib3 to 1.20.
-   Updated bundled idna to 2.2.

2.12.5

-------------------

**Bugfixes**

-   Fixed an issue with JSON encoding detection, specifically detecting
 big-endian UTF-32 with BOM.

2.12.4

-------------------

**Bugfixes**

-   Fixed regression from 2.12.2 where non-string types were rejected in
 the basic auth parameters. While support for this behaviour has been
 readded, the behaviour is deprecated and will be removed in the
 future.

2.12.3

-------------------

**Bugfixes**

-   Fixed regression from v2.12.1 for URLs with schemes that begin with
 "http". These URLs have historically been processed as though they
 were HTTP-schemed URLs, and so have had parameters added. This was
 removed in v2.12.2 in an overzealous attempt to resolve problems
 with IDNA-encoding those URLs. This change was reverted: the other
 fixes for IDNA-encoding have been judged to be sufficient to return
 to the behaviour Requests had before v2.12.0.

2.12.2

-------------------

**Bugfixes**

-   Fixed several issues with IDNA-encoding URLs that are technically
 invalid but which are widely accepted. Requests will now attempt to
 IDNA-encode a URL if it can but, if it fails, and the host contains
 only ASCII characters, it will be passed through optimistically.
 This will allow users to opt-in to using IDNA2003 themselves if they
 want to, and will also allow technically invalid but still common
 hostnames.
-   Fixed an issue where URLs with leading whitespace would raise
 `InvalidSchema` errors.
-   Fixed an issue where some URLs without the HTTP or HTTPS schemes
 would still have HTTP URL preparation applied to them.
-   Fixed an issue where Unicode strings could not be used in basic
 auth.
-   Fixed an issue encountered by some Requests plugins where
 constructing a Response object would cause `Response.content` to
 raise an `AttributeError`.

2.12.1

-------------------

**Bugfixes**

-   Updated setuptools 'security' extra for the new PyOpenSSL backend in
 urllib3.

**Miscellaneous**

-   Updated bundled urllib3 to 1.19.1.

2.12.0

-------------------

**Improvements**

-   Updated support for internationalized domain names from IDNA2003 to
 IDNA2008. This updated support is required for several forms of IDNs
 and is mandatory for .de domains.
-   Much improved heuristics for guessing content lengths: Requests will
 no longer read an entire `StringIO` into memory.
-   Much improved logic for recalculating `Content-Length` headers for
 `PreparedRequest` objects.
-   Improved tolerance for file-like objects that have no `tell` method
 but do have a `seek` method.
-   Anything that is a subclass of `Mapping` is now treated like a
 dictionary by the `data=` keyword argument.
-   Requests now tolerates empty passwords in proxy credentials, rather
 than stripping the credentials.
-   If a request is made with a file-like object as the body and that
 request is redirected with a 307 or 308 status code, Requests will
 now attempt to rewind the body object so it can be replayed.

**Bugfixes**

-   When calling `response.close`, the call to `close` will be
 propagated through to non-urllib3 backends.
-   Fixed issue where the `ALL_PROXY` environment variable would be
 preferred over scheme-specific variables like `HTTP_PROXY`.
-   Fixed issue where non-UTF8 reason phrases got severely mangled by
 falling back to decoding using ISO 8859-1 instead.
-   Fixed a bug where Requests would not correctly correlate cookies set
 when using custom Host headers if those Host headers did not use the
 native string type for the platform.

**Miscellaneous**

-   Updated bundled urllib3 to 1.19.
-   Updated bundled certifi certs to 2016.09.26.

Links

• PyPI: https://pypi.org/project/requests
• Changelog: https://pyup.io/changelogs/requests/
• Homepage: http://python-requests.org

Update cryptography from 2.0.2 to 2.3.1.

Changelog

2.3

~~~~~~~~~~~~~~~~

* **SECURITY ISSUE:**
:meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`
allowed tag truncation by default which can allow tag forgery in some cases.
The method now enforces the ``min_tag_length`` provided to the
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor.
*CVE-2018-10903*
* Added support for Python 3.7.
* Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the
authenticated timestamp of a :doc:`Fernet </fernet>` token.
* Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated.
We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
``cryptography`` release.
* Fixed multiple issues preventing ``cryptography`` from compiling against
LibreSSL 2.7.x.
* Added
:class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number`
for quick serial number searches in CRLs.
* The :class:`~cryptography.x509.RelativeDistinguishedName` class now
preserves the order of attributes. Duplicate attributes now raise an error
instead of silently discarding duplicates.
* :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if
the wrapped key is an invalid length, instead of ``ValueError``.

.. _v2-2-2:

2.2.2

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0h.

.. _v2-2-1:

2.2.1

~~~~~~~~~~~~~~~~~~

* Reverted a change to ``GeneralNames`` which prohibited having zero elements,
due to breakages.
* Fixed a bug in
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was
zero.


.. _v2-2:

2.2

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for Python 2.6 has been dropped.
* Resolved a bug in ``HKDF`` that incorrectly constrained output size.
* Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
support inter-operating with systems like German smart meters.
* Added token rotation support to :doc:`Fernet </fernet>` with
:meth:`~cryptography.fernet.MultiFernet.rotate`.
* Fixed a memory leak in
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for AES key wrapping with padding via
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding`
and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
.
* Allow loading DSA keys with 224 bit ``q``.

.. _v2-1-4:

2.1.4

~~~~~~~~~~~~~~~~~~

* Added ``X509_up_ref`` for an upcoming ``pyOpenSSL`` release.

.. _v2-1-3:

2.1.3

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0g.

.. _v2-1-2:

2.1.2

~~~~~~~~~~~~~~~~~~

* Corrected a bug with the ``manylinux1`` wheels where OpenSSL's stack was
marked executable.

.. _v2-1-1:

2.1.1

~~~~~~~~~~~~~~~~~~

* Fixed support for install with the system ``pip`` on Ubuntu 16.04.

.. _v2-1:

2.1

~~~~~~~~~~~~~~~~

* **FINAL DEPRECATION** Python 2.6 support is deprecated, and will be removed
in the next release of ``cryptography``.
* **BACKWARDS INCOMPATIBLE:** ``Whirlpool``, ``RIPEMD160``, and
``UnsupportedExtension`` have been removed in accordance with our
:doc:`/api-stability` policy.
* **BACKWARDS INCOMPATIBLE:**
:attr:`DNSName.value <cryptography.x509.DNSName.value>`,
:attr:`RFC822Name.value <cryptography.x509.RFC822Name.value>`, and
:attr:`UniformResourceIdentifier.value
<cryptography.x509.UniformResourceIdentifier.value>`
will now return an :term:`A-label` string when parsing a certificate
containing an internationalized domain name (IDN) or if the caller passed
a :term:`U-label` to the constructor. See below for additional deprecations
related to this change.
* Installing ``cryptography`` now requires ``pip`` 6 or newer.
* Deprecated passing :term:`U-label` strings to the
:class:`~cryptography.x509.DNSName`,
:class:`~cryptography.x509.UniformResourceIdentifier`, and
:class:`~cryptography.x509.RFC822Name` constructors. Instead, users should
pass values as :term:`A-label` strings with ``idna`` encoding if necessary.
This change will not affect anyone who is not processing internationalized
domains.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`. In
most cases users should choose
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
rather than using this unauthenticated form.
* Added :meth:`~cryptography.x509.CertificateRevocationList.is_signature_valid`
to :class:`~cryptography.x509.CertificateRevocationList`.
* Support :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and
:class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` with
:class:`~cryptography.hazmat.primitives.hmac.HMAC`.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.modes.XTS` mode for
AES.
* Added support for using labels with
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using
OpenSSL 1.0.2 or greater.
* Improved compatibility with NSS when issuing certificates from an issuer
that has a subject with non-``UTF8String`` string types.
* Add support for the :class:`~cryptography.x509.DeltaCRLIndicator` extension.
* Add support for the :class:`~cryptography.x509.TLSFeature`
extension. This is commonly used for enabling ``OCSP Must-Staple`` in
certificates.
* Add support for the :class:`~cryptography.x509.FreshestCRL` extension.

.. _v2-0-3:

2.0.3

~~~~~~~~~~~~~~~~~~

* Fixed an issue with weak linking symbols when compiling on macOS
versions older than 10.12.


.. _v2-0-2:

Links

• PyPI: https://pypi.org/project/cryptography
• Changelog: https://pyup.io/changelogs/cryptography/
• Repo: https://github.com/pyca/cryptography

[pyup-bot]

Closing this in favor of #610