Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update flask-wtf to 0.14 #665

Closed
wants to merge 1 commit into from
Closed

Conversation

pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented Jan 6, 2017

There's a new version of Flask-WTF available.
You are currently using 0.12. I have updated it to 0.14

These links might come in handy: PyPI | Changelog | Repo | Docs

Changelog

0.14


Released 2017-01-06

  • Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
    ourselves. (264_)
  • All tokens are URL safe, removing the url_safe parameter from
    generate_csrf. (206_)
  • All tokens store a timestamp, which is checked in validate_csrf. The
    time_limit parameter of generate_csrf is removed.
  • Remove the app attribute from CsrfProtect, use current_app.
    (264_)
  • CsrfProtect protects the DELETE method by default. (264_)
  • The same CSRF token is generated for the lifetime of a request. It is exposed
    as request.csrf_token for use during testing. (227, 264)
  • CsrfProtect.error_handler is deprecated. (264_)
  • Handlers that return a response work in addition to those that raise an
    error. The behavior was not clear in previous docs.
  • (200, 209, 243, 252)
  • Use Form.Meta instead of deprecated SecureForm for CSRF (and
    everything else). (216, 271)
  • csrf_enabled parameter is still recognized but deprecated. All other
    attributes and methods from SecureForm are removed. (271_)
  • Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
    (271_)
  • validate_csrf raises wtforms.ValidationError with specific messages
    instead of returning True or False. This breaks anything that was
    calling the method directly. (239, 271)
  • CSRF errors are logged as well as raised. (239_)
  • CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
    when using the old name. CsrfError is renamed to CSRFError without
    deprecation. (271_)
  • FileField is deprecated because it no longer provides functionality over
    the provided validators. Use wtforms.FileField directly. (272_)

.. _200: pallets-eco/flask-wtf#200
.. _209: pallets-eco/flask-wtf#209
.. _216: pallets-eco/flask-wtf#216
.. _227: pallets-eco/flask-wtf#227
.. _239: pallets-eco/flask-wtf#239
.. _243: pallets-eco/flask-wtf#243
.. _252: pallets-eco/flask-wtf#252
.. _264: pallets-eco/flask-wtf#264
.. _271: pallets-eco/flask-wtf#271
.. _272: pallets-eco/flask-wtf#272

0.13.1


Released 2016/10/6

  • Deprecation warning for Form is shown during __init__ instead of immediately when subclassing. (262_)
  • Don't use pkg_resources to get version, for compatibility with GAE. (261_)

.. _261: pallets-eco/flask-wtf#261
.. _262: pallets-eco/flask-wtf#262

0.13


Released 2016/09/29

  • Form is renamed to FlaskForm in order to avoid name collision with WTForms's base class. Using Form will show a deprecation warning. (250_)
  • hidden_tag no longer wraps the hidden inputs in a hidden div. This is valid HTML5 and any modern HTML parser will behave correctly. (217, 193)
  • flask_wtf.html5 is deprecated. Import directly from wtforms.fields.html5. (251_)
  • is_submitted is true for PATCH and DELETE in addition to POST and PUT. (187_)
  • generate_csrf takes a token_key parameter to specify the key stored in the session. (206_)
  • generate_csrf takes a url_safe parameter to allow the token to be used in URLs. (206_)
  • form.data can be accessed multiple times without raising an exception. (248_)
  • File extension with multiple parts (.tar.gz) can be used in the FileAllowed validator. (201_)

.. _187: pallets-eco/flask-wtf#187
.. _193: pallets-eco/flask-wtf#193
.. _201: pallets-eco/flask-wtf#201
.. _206: pallets-eco/flask-wtf#206
.. _217: pallets-eco/flask-wtf#217
.. _248: pallets-eco/flask-wtf#248
.. _250: pallets-eco/flask-wtf#250
.. _251: pallets-eco/flask-wtf#251

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖

@pyup-bot pyup-bot added the update label Jan 6, 2017
@noirbizarre noirbizarre modified the milestone: 1.0 Jan 9, 2017
@pyup-bot
Copy link
Collaborator Author

Closing this in favor of #681

@pyup-bot pyup-bot closed this Jan 10, 2017
@noirbizarre noirbizarre deleted the pyup-update-flask-wtf-0.12-to-0.14 branch January 10, 2017 07:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants