Scheduled monthly dependency update for December

[pyup-bot]

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

wheel	0.29.0	»	0.30.0	PyPI | Changelog | Repo
django-crispy-forms	1.6.1	»	1.7.0	PyPI | Changelog | Repo
django-atom	0.15.3	»	0.16.2	PyPI | Changelog | Repo
Pillow	4.2.1	»	4.3.0	PyPI | Changelog | Homepage
mysqlclient	1.3.11	»	1.3.12	PyPI | Changelog | Repo
pytz	2017.2	»	2017.3	PyPI | Homepage | Docs
django-import-export	0.5.1	»	0.6.0	PyPI | Changelog | Repo
coverage	4.4.1	»	4.4.2	PyPI | Changelog | Repo
Sphinx	1.6.3	»	1.6.5	PyPI | Changelog | Homepage
django-extensions	1.9.0	»	1.9.7	PyPI | Changelog | Repo | Docs
django-debug-toolbar	1.8	»	1.9.1	PyPI | Changelog | Repo
django	1.10.7	»	1.10.8	PyPI | Changelog | Homepage
django-anymail	0.11.1	»	1.2	PyPI | Changelog | Repo
raven	6.1.0	»	6.3.0	PyPI | Changelog | Repo
flake8	3.4.1	»	3.5.0	PyPI | Changelog | Repo
django-test-plus	1.0.18	»	1.0.20	PyPI | Changelog | Repo

Changelogs

wheel 0.29.0 -> 0.30.0

0.30.0

======

• Added py-limited-api {cp32|cp33|cp34|...} flag to produce cpNN.abi3.{arch}
  tags on CPython 3.
• Documented the license_file metadata key
• Improved Python, abi tagging for wheel convert. Thanks Ales Erjavec.
• Fixed > being prepended to lines starting with "From" in the long description
• Added support for specifying a build number (as per PEP 427).
  Thanks Ian Cordasco.
• Made the order of files in generated ZIP files deterministic.
  Thanks Matthias Bach.
• Made the order of requirements in metadata deterministic. Thanks Chris Lamb.
• Fixed wheel install clobbering existing files
• Improved the error message when trying to verify an unsigned wheel file
• Removed support for Python 2.6, 3.2 and 3.3.

django-crispy-forms 1.6.1 -> 1.7.0

1.7.0

• Fixes compatibility with Django 2.0
• Various other fixes.

See 1.7 Milestone
for full issue list.

django-atom 0.15.3 -> 0.16.2

0.16.1

• Fix redirect_unauthenticated_users support in atom.ext.guardian.views

0.16.0

• Add atom.ext.guardian.views.RaisePermissionRequiredMixin
• Add atom.ext.guardian.views.AttrPermissionRequiredMixin

Pillow 4.2.1 -> 4.3.0

4.3.0

---

• Fix warning on pointer cast in isblock 2775, 2778
  [cgohlke]

• Doc: Added macOS High Sierra tested Pillow version 2777
  [radarhere]

• Use correct Windows handle type on 64 bit in imagingcms 2774
  [cgohlke]

• 64 Bit Windows fix for block storage 2773
  [cgohlke]

• Fix "expression result unused" warning 2764
  [radarhere]

• Add 16bit Read/Write and RLE read support to SgiImageFile 2769
  [jbltx, wiredfool]

• Block & array hybrid storage 2738
  [homm]

• Common seek frame position check 1849
  [radarhere]

• Doc: Add note about aspect ratio to Image thumbnail script 2281
  [wilsonge]

• Fix ValueError: invalid version number '1.0.0rc1' in scipy release candidate 2771
  [cgohlke]

• Unfreeze requirements.txt 2766
  [hugovk]

• Test: ResourceWarning tests 2756
  [hugovk]

• Use n_frames to determine is_animated if possible 2315
  [radarhere]

• Doc: Corrected parameters in documentation 2768
  [radarhere]

• Avoid unnecessary Image operations 1891
  [radarhere]

• Added register_extensions method 1860
  [radarhere]

• Fix TIFF support for I;16S, I;16BS, and I;32BS rawmodes 2748
  [wiredfool]

• Fixed doc syntax in ImageDraw 2752
  [radarhere]

• Fixed support for building on Windows/msys2. Added Appveyor CI coverage for python3 on msys2 2476
  [wiredfool]

• Fix ValueError in Exif/Tiff IFD 2719
  [wiredfool]

• Use pathlib2 for Path objects on Python < 3.4 2291
  [asergi]

• Export only required properties in unsafe_ptrs 2740
  [homm]

• Alpha composite fixes 2709
  [homm]

• Faster Transpose operations, added 'Transverse' option 2730
  [homm]

• Deprecate ImageOps undocumented functions gaussian_blur, gblur, unsharp_mask, usm and box_blur in favor of ImageFilter implementations 2735
  [homm]

• Dependencies: Updated freetype to 2.8.1 2741
  [radarhere]

• Bug: Player skipped first image 2742
  [radarhere]

• Faster filter operations for Kernel, Gaussian, and Unsharp Mask filters 2679
  [homm]

• EPS: Add showpage to force rendering of some EPS images 2636
  [kaplun]

• DOC: Fix type of palette parameter in Image.quantize. 2703
  [kkopachev]

• DOC: Fix Ico docs to match code 2712
  [hugovk]

• Added file pointer save to SpiderImagePlugin 2647
  [radarhere]

• Add targa version 2 footer 2713
  [jhultgre]

• Removed redundant lines 2714
  [radarhere]

• Travis CI: Use default pypy/pypy3 2721
  [hugovk]

• Fix for SystemError when rendering an empty string, added in 4.2.0 2706
  [wiredfool]

• Fix for memory leaks in font handling added in 4.2.0 2634
  [wiredfool]

• Tests: cleanup, more tests. Fixed WMF save handler 2689
  [radarhere]

• Removed debugging interface for Image.core.grabclipboard 2708
  [radarhere]

• Doc syntax fix 2710
  [radarhere]

• Faster packing and unpacking for RGB, LA, and related storage modes 2693
  [homm]

• Use RGBX rawmode for RGB JPEG images where possible 1989
  [homm]

• Remove palettes from non-palette modes in _new 2702
  [wiredfool]

• Delete transparency info when convert'ing RGB/L to RGBA 2633
  [olt]

• Code tweaks to ease type annotations 2687
  [neiljp]

• Fixed incorrect use of 's' to byteslike object 2691
  [wiredfool]

• Fix JPEG subsampling labels for subsampling=2 2698
  [homm]

• Region of interest (box) for resampling 2254
  [homm]

• Basic support for Termux (android) in setup.py 2684
  [wiredfool]

• Bug: Fix Image.fromarray for numpy.bool type. 2683
  [wiredfool]

• CI: Add Fedora 24 and 26 to Docker tests
  [wiredfool]

• JPEG: Fix ZeroDivisionError when EXIF contains invalid DPI (0/0). 2667
  [vytisb]

• Depends: Updated openjpeg to 2.2.0 2669
  [radarhere]

• Depends: Updated Tk Tcl to 8.6.7 2668
  [radarhere]

• Depends: Updated libimagequant to 2.10.2 2660
  [radarhere]

• Test: Added test for ImImagePlugin tell() 2675
  [radarhere]

• Test: Additional tests for SGIImagePlugin 2659
  [radarhere]

• New Image.getchannel method 2661
  [homm]

• Remove unused im.copy2 and core.copy methods 2657
  [homm]

• Fast Image.merge() 2677
  [homm]

• Fast Image.split() 2676
  [homm]

• Fast image allocation 2655
  [homm]

• Storage cleanup 2654
  [homm]

• FLI: Use frame count from FLI header 2674
  [radarhere]

• Test: Test animated FLI file 2650
  [hugovk]

• Bug: Fixed uninitialized memory in bc5 decoding 2648
  [ifeherva]

• Moved SgiImagePlugin save error to before the start of write operations 2646
  [radarhere]

• Move createfontdatachunk.py so isn't installed globally 2645
  [hugovk]

• Bug: Fix unexpected keyword argument 'align' 2641
  [hugovk]

• Add newlines to error message for clarity 2640
  [hugovk]

• Docs: Updated redirected URL 2637
  [radarhere]

• Bug: Fix JPEG DPI when EXIF is invalid 2632
  [wiredfool]

• Bug: Fix for font getsize on empty string 2624
  [radarhere]

• Docs: Improved ImageDraw documentation 2626
  [radarhere]

• Docs: Corrected alpha_composite args documentation 2627
  [radarhere]

• Docs: added the description of the filename attribute to images.rst 2621
  [dasdachs]

• Dependencies: Updated libimagequant to 2.10.1 2616
  [radarhere]

• PDF: Renamed parameter to not shadow built-in dict 2612
  [kijeong]

mysqlclient 1.3.11 -> 1.3.12

1.3.12

======================

Fix tuple argument again (201)

InterfaceError is raised when Connection.query() is called for closed connection (202)

======================

django-import-export 0.5.1 -> 0.6.0

0.6.0

---

• Refactor import_row call by using keyword arguments (585)

• Added {{ block.super }} call in block bodyclass in admin/base_site.html (582)

• Add support for the Django DurationField with DurationWidget (575)

• GitHub bmihelac -> django-import-export Account Update (574)

• Add intersphinx links to documentation (572)

• Add Resource.get_import_fields() (569)

• Fixed readme mistake (568)

• Bugfix/fix m2m widget clean (515)

• Allow injection of context data for template rendered by import_action() and export_action() (544)

• Bugfix/fix exception in generate_log_entries() (543)

• Process import dataset and result in separate methods (542)

• Bugfix/fix error in converting exceptions to strings (526)

• Fix admin integration tests for the new "Import finished..." message, update Czech translations to 100% coverage. (596)

• Make import form type easier to override (604)

• Add saves_null_values attribute to Field to control whether null values are saved on the object (611)

• Add Bulgarian translations (656)

• Add django 1.11 to TravisCI (621)

• Make Signals code example format correctly in documentation (553)

• Add Django as requirement to setup.py (634)

• Update import of reverse for django 2.x (620)

• Add Django-version classifiers to setup.py’s CLASSIFIERS (616)

• Some fixes for Django 2.0 (672)

• Strip whitespace when looking up ManyToMany fields (668)

• Fix all ResourceWarnings during tests in Python 3.x (637)

• Remove downloads count badge from README since shields.io no longer supports it for PyPi (677)

• Add coveralls support and README badge (678)

coverage 4.4.1 -> 4.4.2

4.4.2

---

• Support for Python 3.7. In some cases, class and module docstrings are no
  longer counted in statement totals, which could slightly change your total
  results.

• Specifying both --source and --include no longer silently ignores the
  include setting, instead it displays a warning. Thanks, Loïc Dachary. Closes
  issue 265_ and issue 101_.

• Fixed a race condition when saving data and multiple threads are tracing
  (issue 581_). It could produce a "dictionary changed size during iteration"
  RuntimeError. I believe this mostly but not entirely fixes the race
  condition. A true fix would likely be too expensive. Thanks, Peter Baughman
  for the debugging, and Olivier Grisel for the fix with tests.

• Configuration values which are file paths will now apply tilde-expansion,
  closing issue 589_.

• Now secondary config files like tox.ini and setup.cfg can be specified
  explicitly, and prefixed sections like [coverage:run] will be read. Fixes
  issue 588_.

• Be more flexible about the command name displayed by help, fixing
  issue 600_. Thanks, Ben Finney.

.. _issue 101: https://bitbucket.org/ned/coveragepy/issues/101/settings-under-report-affect-running
.. _issue 581: https://bitbucket.org/ned/coveragepy/issues/581/race-condition-when-saving-data-under
.. _issue 588: https://bitbucket.org/ned/coveragepy/issues/588/using-rcfile-path-to-toxini-uses-run
.. _issue 589: https://bitbucket.org/ned/coveragepy/issues/589/allow-expansion-in-coveragerc
.. _issue 600: https://bitbucket.org/ned/coveragepy/issues/600/get-program-name-from-command-line-when

.. _changes_441:

Sphinx 1.6.3 -> 1.6.5

1.6.5

=====================================

Features added

• 4107: Make searchtools.js compatible with pre-Sphinx1.5 templates
• 4112: Don't override the smart_quotes setting if it was already set
• 4125: Display reference texts of original and translated passages on
  i18n warning message
• 4147: Include the exception when logging PO/MO file read/write

Bugs fixed

• 4085: Failed PDF build from image in parsed-literal using :align: option
• 4100: Remove debug print from autodoc extension
• 3987: Changing theme from alabaster causes HTML build to fail
• 4096: C++, don't crash when using the wrong role type. Thanks to mitya57.
• 4070, 4111: crashes when the warning message contains format strings (again)
• 4108: Search word highlighting breaks SVG images
• 3692: Unable to build HTML if writing .buildinfo failed
• 4152: HTML writer crashes if a field list is placed on top of the document
• 4063: Sphinx crashes when labeling directive .. todolist::
• 4134: [doc] :file:docutils.conf is not documented explicitly
• 4169: Chinese language doesn't trigger Chinese search automatically
• 1020: ext.todo todolist not linking to the page in pdflatex
• 3965: New quickstart generates wrong SPHINXBUILD in Makefile
• 3739: :module: option is ignored at content of pyobjects
• 4149: Documentation: Help choosing :confval:latex_engine
• 4090: [doc] :confval:latex_additional_files with extra LaTeX macros should
  not use .tex extension
• Failed to convert reST parser error to warning (refs: 4132)

1.6.4

=====================================

Features added

• 3926: Add autodoc_warningiserror to suppress the behavior of -W
  option during importing target modules on autodoc

Bugs fixed

• 3924: docname lost after dynamically parsing RST in extension
• 3946: Typo in sphinx.sty (this was a bug with no effect in default context)
• :pep: and :rfc: does not supports default-role directive (refs: 3960)
• 3960: default_role = 'guilabel' not functioning
• Missing texinputs_win/Makefile to be used in latexpdf builder on windows.
• 4026: nature: Fix macOS Safari scrollbar color
• 3877: Fix for C++ multiline signatures.
• 4006: Fix crash on parallel build
• 3969: private instance attributes causes AttributeError
• 4041: C++, remove extra name linking in function pointers.
• 4038: C, add missing documentation of member role.
• 4044: An empty multicolumn cell causes extra row height in PDF output
• 4049: Fix typo in output of sphinx-build -h
• 4062: hashlib.sha1() must take bytes, not unicode on Python 3
• Avoid indent after index entries in latex (refs: 4066)
• 4070: crashes when the warning message contains format strings
• 4067: Return non-zero exit status when make subprocess fails
• 4055: graphviz: the :align: option does not work for SVG output
• 4055: graphviz: the :align: center option does not work for latex output
• 4051: warn() function for HTML theme outputs 'None' string

django-extensions 1.9.0 -> 1.9.7

1.9.7

---

This release add checking types with MyPy to the test suite. At this point
only a few lines of code are explicitly typed.

Changes:

• Improvement: shell_plus, Collision resolver implemented.
• Improvement: shell_plus, Skipping all models importing feature added.
• Improvement: runscript, Script execution directory policy feature added.

1.9.6

---

Fix boo-boo with release version in django_extensions/init.py

1.9.4

---

Changes:

• Fix missing test case

1.9.3

---

Changes:

• Tests: shell_plus, simple test for get_imported_objects

1.9.2

---

Changes:

• Fix: mail_debug, regression in mail_debug for older Pythons
• Fix: shell_plus, SyntaxError on exec(), python compatibility
• Fix: ForeignKeyAutocompleteAdminMixin, use text/plain

1.9.1

---

Changes:

• Fix: graph_models, fix json option
• Fix: runserver_plus, avoid duplicate messages logged to console
• Fix: mail_debug, python3 fix
• Improvement: sqldiff, basic support for array types in postgresql
• Improvement: runscript, handle import errors better
• Docs: updated documentation for model extensions

django-debug-toolbar 1.8 -> 1.9.1

1.9

---

This version is compatible with Django 2.0 and requires Django 1.8 or
later.

Bugfixes

• The profiling panel now escapes reported data resulting in valid HTML.
• Many minor cleanups and bugfixes.

django 1.10.7 -> 1.10.8

1.10.8

===========================

September 5, 2017

Django 1.10.8 fixes a security issue in 1.10.7.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed
a cross-site scripting attack. This vulnerability shouldn't affect most
production sites since you shouldn't run with DEBUG = True (which makes
this page accessible) in your production settings.

===========================

django-anymail 0.11.1 -> 1.2

1.2

New features

• Postmark: Support new click webhook in normalized tracking events

1.1

Bug fixes

• Mailgun: Support metadata in opened/clicked/unsubscribed tracking webhooks, and fix potential problems if metadata keys collided with Mailgun event parameter names. (See 76, 77)

Other changes

• Internal: Rework Anymail's ParsedEmail class and rename to EmailAddress to align it with similar functionality in the Python 3.6 email package, in preparation for future inbound support. ParsedEmail was not documented for use outside Anymail's internals (so this change does not bump the semver major version), but if you were using it in an undocumented way you will need to update your code.

1.0

It's official: Anymail is no longer "pre-1.0." The API has been stable for many months, and there's no reason not to use Anymail in production.

Breaking changes

• There are no new breaking changes in the 1.0 release, but a breaking change introduced several months ago in v0.8 is now strictly enforced. If you still have an EMAIL_BACKEND setting that looks like "anymail.backends.espname.EspNameBackend", you'll need to change it to just "anymail.backends.espname.EmailBackend". (Earlier versions had issued a DeprecationWarning. See the v0.8 release notes.)

New features and other changes

• Clean up and document Anymail's Test EmailBackend
• Add notes on handling transient ESP errors and improving batch send performance
• SendGrid: handle Python 2 long integers in metadata and extra headers

1.0.rc0

Breaking changes

• All backends: The old EspNameBackend names that were deprecated in v0.8 have been removed. Attempting to use the old names will now fail, rather than issue a DeprecationWarning. See the v0.8 release notes.

New features

• Anymail's Test EmailBackend is now documented (and cleaned up)

raven 6.1.0 -> 6.3.0

6.3.0

---

• [Core] Changed default timeout on http calls to 5 seconds
• [Core] Fixed relative paths for traces generated on Windows
• [Django] Fixed import issues for Django projects < 1.7
• [Django] Fixed django management command data option
• [Django/DRF] Added application/octet-stream to non-cacheable types in middleware
• [Django] Added parsing X-Forwarded-For for user.ip_address
• [Flask] Added request.remote_addr as fallback for ip addresses
• [Lambda] Added initial AWS Lambda support with contrib.awslambda.LambdaClient

6.2.1

---

• [Core] Fixed requirements in setup.py

6.2.0

---

• [Core] get_frame_locals properly using max_var_size
• [Core] Fixed raven initialization when logging._srcfile is None
• [Core] Fixed import locking to avoid recursion
• [Django] Fixed several issues for Django 1.11 and Django 2.0
• [Django/DRF] Fixed issue with unavailable request data
• [Flask] Added app.logger instrumentation
• [Flask] Added signal on setup_logging
• [ZConfig] Added standalone ZConfig support
• [Celery] Fixed several issues related to Celery

flake8 3.4.1 -> 3.5.0

3.5.0

---

You can view the 3.5.0 milestone_ on GitLab for more details.

New Dependency Information

• Allow for PyFlakes 1.6.0 (See also GitLab359_)

• Start using new PyCodestyle checks for bare excepts and ambiguous identifier
  (See also GitLab361_)

Features

• Print out information about configuring VCS hooks (See also GitLab335_)

• Allow users to develop plugins "local" to a repository without using
  setuptools. See our documentation on local plugins for more information.
  (See also GitLab357_)

Bugs Fixed

• Catch and helpfully report UnicodeDecodeError\ s when parsing
  configuration files. (See also GitLab358_)

.. all links
.. _3.5.0 milestone:
https://gitlab.com/pycqa/flake8/milestones/20

.. issue links
.. _GitLab335:
https://gitlab.com/pycqa/flake8/issues/335
.. _GitLab357:
https://gitlab.com/pycqa/flake8/issues/357
.. _GitLab358:
https://gitlab.com/pycqa/flake8/issues/358
.. _GitLab359:
https://gitlab.com/pycqa/flake8/issues/359
.. _GitLab361:
https://gitlab.com/pycqa/flake8/issues/361

.. merge request links

django-test-plus 1.0.18 -> 1.0.20

1.0.20

---

• The Halloween Release!
• Fixes to CI to ensure we really test Django 2.0

1.0.19

---

• Django 2.0 support
• Dropped support for Python 3.3
• Dropped support for Django < 1.8
• Added APITestCase for better DRF testing

That's it for now!

Happy merging! 🤖

[coveralls]

Coverage remained the same at 57.961% when pulling c438e8b on pyup-scheduled-update-12-01-2017 into fefbabf on master.

[coveralls]

Coverage remained the same at 57.961% when pulling c438e8b on pyup-scheduled-update-12-01-2017 into fefbabf on master.

[pyup-bot]

Closing this in favor of #14