Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update flask-wtf to 0.14 #395

Closed
wants to merge 1 commit into from

Conversation

pyup-bot
Copy link
Collaborator

There's a new version of Flask-WTF available.
You are currently using 0.13.1. I have updated it to 0.14

These links might come in handy: PyPI | Changelog | Repo | Docs

Changelog

0.14


Released 2017-01-06

  • Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
    ourselves. (264_)
  • All tokens are URL safe, removing the url_safe parameter from
    generate_csrf. (206_)
  • All tokens store a timestamp, which is checked in validate_csrf. The
    time_limit parameter of generate_csrf is removed.
  • Remove the app attribute from CsrfProtect, use current_app.
    (264_)
  • CsrfProtect protects the DELETE method by default. (264_)
  • The same CSRF token is generated for the lifetime of a request. It is exposed
    as request.csrf_token for use during testing. (227, 264)
  • CsrfProtect.error_handler is deprecated. (264_)
  • Handlers that return a response work in addition to those that raise an
    error. The behavior was not clear in previous docs.
  • (200, 209, 243, 252)
  • Use Form.Meta instead of deprecated SecureForm for CSRF (and
    everything else). (216, 271)
  • csrf_enabled parameter is still recognized but deprecated. All other
    attributes and methods from SecureForm are removed. (271_)
  • Provide WTF_CSRF_FIELD_NAME to configure the name of the CSRF token.
    (271_)
  • validate_csrf raises wtforms.ValidationError with specific messages
    instead of returning True or False. This breaks anything that was
    calling the method directly. (239, 271)
  • CSRF errors are logged as well as raised. (239_)
  • CsrfProtect is renamed to CSRFProtect. A deprecation warning is issued
    when using the old name. CsrfError is renamed to CSRFError without
    deprecation. (271_)
  • FileField is deprecated because it no longer provides functionality over
    the provided validators. Use wtforms.FileField directly. (272_)

.. _200: pallets-eco/flask-wtf#200
.. _209: pallets-eco/flask-wtf#209
.. _216: pallets-eco/flask-wtf#216
.. _227: pallets-eco/flask-wtf#227
.. _239: pallets-eco/flask-wtf#239
.. _243: pallets-eco/flask-wtf#243
.. _252: pallets-eco/flask-wtf#252
.. _264: pallets-eco/flask-wtf#264
.. _271: pallets-eco/flask-wtf#271
.. _272: pallets-eco/flask-wtf#272

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖

@ivan-c ivan-c closed this Jan 10, 2017
@ivan-c ivan-c deleted the pyup-update-flask-wtf-0.13.1-to-0.14 branch January 10, 2017 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants