Skip to content
This repository has been archived by the owner on Feb 17, 2019. It is now read-only.

Update flask-wtf to 0.14.2 #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update flask-wtf to 0.14.2 #27

wants to merge 1 commit into from

Conversation

pyup-bot
Copy link
Contributor

This PR updates Flask-WTF from 0.9.5 to 0.14.2.

Changelog

0.14.2

--------------

Released 2017-01-10

- Fix bug where ``FlaskForm`` assumed ``meta`` argument was not ``None`` if it
was passed. (`278`_)

.. _278: https://github.com/lepture/flask-wtf/issues/278

0.14.1

--------------

Released 2017-01-10

- Fix bug where the file validators would incorrectly identify an empty file as
valid data. (`276`_, `277`_)

 - ``FileField`` is no longer deprecated. The data is checked during
   processing and only set if it's a valid file.
 - ``has_file`` *is* deprecated; it's now equivalent to ``bool(field.data)``.
 - ``FileRequired`` and ``FileAllowed`` work with both the Flask-WTF and
   WTForms ``FileField`` classes.
 - The ``Optional`` validator now works with ``FileField``.

.. _276: https://github.com/lepture/flask-wtf/issues/276
.. _277: https://github.com/lepture/flask-wtf/pull/277

0.14

------------

Released 2017-01-06

- Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
ourselves. (`264`_)

 - All tokens are URL safe, removing the ``url_safe`` parameter from
   ``generate_csrf``. (`206`_)
 - All tokens store a timestamp, which is checked in ``validate_csrf``. The
   ``time_limit`` parameter of ``generate_csrf`` is removed.

- Remove the ``app`` attribute from ``CsrfProtect``, use ``current_app``.
(`264`_)
- ``CsrfProtect`` protects the ``DELETE`` method by default. (`264`_)
- The same CSRF token is generated for the lifetime of a request. It is exposed
as ``g.csrf_token`` for use during testing. (`227`_, `264`_)
- ``CsrfProtect.error_handler`` is deprecated. (`264`_)

 - Handlers that return a response work in addition to those that raise an
   error. The behavior was not clear in previous docs.
 - (`200`_, `209`_, `243`_, `252`_)

- Use ``Form.Meta`` instead of deprecated ``SecureForm`` for CSRF (and
everything else). (`216`_, `271`_)

 - ``csrf_enabled`` parameter is still recognized but deprecated. All other
   attributes and methods from ``SecureForm`` are removed. (`271`_)

- Provide ``WTF_CSRF_FIELD_NAME`` to configure the name of the CSRF token.
(`271`_)
- ``validate_csrf`` raises ``wtforms.ValidationError`` with specific messages
instead of returning ``True`` or ``False``. This breaks anything that was
calling the method directly. (`239`_, `271`_)

 - CSRF errors are logged as well as raised. (`239`_)

- ``CsrfProtect`` is renamed to ``CSRFProtect``. A deprecation warning is issued
when using the old name. ``CsrfError`` is renamed to ``CSRFError`` without
deprecation. (`271`_)
- ``FileField`` is deprecated because it no longer provides functionality over
the provided validators. Use ``wtforms.FileField`` directly. (`272`_)

.. _`200`: https://github.com/lepture/flask-wtf/issues/200
.. _`209`: https://github.com/lepture/flask-wtf/pull/209
.. _`216`: https://github.com/lepture/flask-wtf/issues/216
.. _`227`: https://github.com/lepture/flask-wtf/issues/227
.. _`239`: https://github.com/lepture/flask-wtf/issues/239
.. _`243`: https://github.com/lepture/flask-wtf/pull/243
.. _`252`: https://github.com/lepture/flask-wtf/pull/252
.. _`264`: https://github.com/lepture/flask-wtf/pull/264
.. _`271`: https://github.com/lepture/flask-wtf/pull/271
.. _`272`: https://github.com/lepture/flask-wtf/pull/272

0.13.1

--------------

Released 2016/10/6

- Deprecation warning for ``Form`` is shown during ``__init__`` instead of immediately when subclassing. (`262`_)
- Don't use ``pkg_resources`` to get version, for compatibility with GAE. (`261`_)

.. _`261`: https://github.com/lepture/flask-wtf/issues/261
.. _`262`: https://github.com/lepture/flask-wtf/issues/262

0.13

------------

Released 2016/09/29

- ``Form`` is renamed to ``FlaskForm`` in order to avoid name collision with WTForms's base class.  Using ``Form`` will show a deprecation warning. (`250`_)
- ``hidden_tag`` no longer wraps the hidden inputs in a hidden div.  This is valid HTML5 and any modern HTML parser will behave correctly. (`217`_, `193`_)
- ``flask_wtf.html5`` is deprecated.  Import directly from ``wtforms.fields.html5``. (`251`_)
- ``is_submitted`` is true for ``PATCH`` and ``DELETE`` in addition to ``POST`` and ``PUT``. (`187`_)
- ``generate_csrf`` takes a ``token_key`` parameter to specify the key stored in the session. (`206`_)
- ``generate_csrf`` takes a ``url_safe`` parameter to allow the token to be used in URLs. (`206`_)
- ``form.data`` can be accessed multiple times without raising an exception. (`248`_)
- File extension with multiple parts (``.tar.gz``) can be used in the ``FileAllowed`` validator. (`201`_)

.. _`187`: https://github.com/lepture/flask-wtf/pull/187
.. _`193`: https://github.com/lepture/flask-wtf/issues/193
.. _`201`: https://github.com/lepture/flask-wtf/issues/201
.. _`206`: https://github.com/lepture/flask-wtf/pull/206
.. _`217`: https://github.com/lepture/flask-wtf/issues/217
.. _`248`: https://github.com/lepture/flask-wtf/pull/248
.. _`250`: https://github.com/lepture/flask-wtf/pull/250
.. _`251`: https://github.com/lepture/flask-wtf/pull/251

0.12

------------

Released 2015/07/09

- Abstract protect_csrf() into a separate method
- Update reCAPTCHA configuration
- Fix reCAPTCHA error handle

0.11

------------

Released 2015/01/21

- Use the new reCAPTCHA API via `164`_.

.. _`164`: https://github.com/lepture/flask-wtf/pull/164

0.10.3

--------------

Released 2014/11/16

- Add configuration: WTF_CSRF_HEADERS via `159`_.
- Support customize hidden tags via `150`_.
- And many more bug fixes

.. _`150`: https://github.com/lepture/flask-wtf/pull/150
.. _`159`: https://github.com/lepture/flask-wtf/pull/159

0.10.2

--------------

Released 2014/09/03

- Update translation for reCaptcha via `146`_.

.. _`146`: https://github.com/lepture/flask-wtf/pull/146

0.10.1

--------------

Released 2014/08/26

- Update RECAPTCHA API SERVER URL via `145`_.
- Update requirement Werkzeug>=0.9.5
- Fix CsrfProtect exempt for blueprints via `143`_.

.. _`145`: https://github.com/lepture/flask-wtf/pull/145
.. _`143`: https://github.com/lepture/flask-wtf/pull/143

0.10.0

--------------

Released 2014/07/16

- Add configuration: WTF_CSRF_METHODS
- Support WTForms 2.0 now
- Fix csrf validation without time limit (time_limit=False)
- CSRF exempt supports blueprint `111`_.

.. _`111`: https://github.com/lepture/flask-wtf/issues/111
Links

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pyup-bot