Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

Flask	0.10.1	»	0.12.2	PyPI | Changelog | Repo
httplib2	0.9.2	»	0.10.3	PyPI | Changelog | Repo
Jinja2	2.8	»	2.9.6	PyPI | Changelog | Homepage
MarkupSafe	0.23	»	1.0	PyPI | Changelog | Repo
requests	2.12.4	»	2.18.3	PyPI | Changelog | Homepage
Werkzeug	0.11.4	»	0.12.2	PyPI | Changelog | Homepage

Changelogs

Flask 0.10.1 -> 0.12.2

0.12.2

---

Released on May 16 2017

• Fix a bug in safe_join on Windows.

0.12.1

---

Bugfix release, released on March 31st 2017

• Prevent flask run from showing a NoAppException when an ImportError occurs
  within the imported application module.
• Fix encoding behavior of app.config.from_pyfile for Python 3. Fix
  2118.
• Use the SERVER_NAME config if it is present as default values for
  app.run. 2109, 2152
• Call ctx.auto_pop with the exception object instead of None, in the
  event that a BaseException such as KeyboardInterrupt is raised in a
  request handler.

0.12

---

Released on December 21st 2016, codename Punsch.

• the cli command now responds to --version.
• Mimetype guessing and ETag generation for file-like objects in send_file
  has been removed, as per issue 104. See pull request 1849.
• Mimetype guessing in send_file now fails loudly and doesn't fall back to
  application/octet-stream. See pull request 1988.
• Make flask.safe_join able to join multiple paths like os.path.join
  (pull request 1730).
• Revert a behavior change that made the dev server crash instead of returning
  a Internal Server Error (pull request 2006).
• Correctly invoke response handlers for both regular request dispatching as
  well as error handlers.
• Disable logger propagation by default for the app logger.
• Add support for range requests in send_file.
• app.test_client includes preset default environment, which can now be
  directly set, instead of per client.get.

0.11.2

---

Bugfix release, unreleased

• Fix crash when running under PyPy3, see pull request 1814.

0.11.1

---

Bugfix release, released on June 7th 2016.

• Fixed a bug that prevented FLASK_APP=foobar/__init__.py from working. See
  pull request 1872.

0.11

---

Released on May 29th 2016, codename Absinthe.

• Added support to serializing top-level arrays to :func:flask.jsonify. This
  introduces a security risk in ancient browsers. See
  :ref:json-security for details.
• Added before_render_template signal.
• Added **kwargs to :meth:flask.Test.test_client to support passing
  additional keyword arguments to the constructor of
  :attr:flask.Flask.test_client_class.
• Added SESSION_REFRESH_EACH_REQUEST config key that controls the
  set-cookie behavior. If set to True a permanent session will be
  refreshed each request and get their lifetime extended, if set to
  False it will only be modified if the session actually modifies.
  Non permanent sessions are not affected by this and will always
  expire if the browser window closes.
• Made Flask support custom JSON mimetypes for incoming data.
• Added support for returning tuples in the form (response, headers)
  from a view function.
• Added :meth:flask.Config.from_json.
• Added :attr:flask.Flask.config_class.
• Added :meth:flask.Config.get_namespace.
• Templates are no longer automatically reloaded outside of debug mode. This
  can be configured with the new TEMPLATES_AUTO_RELOAD config key.
• Added a workaround for a limitation in Python 3.3's namespace loader.
• Added support for explicit root paths when using Python 3.3's namespace
  packages.
• Added :command:flask and the flask.cli module to start the local
  debug server through the click CLI system. This is recommended over the old
  flask.run() method as it works faster and more reliable due to a
  different design and also replaces Flask-Script.
• Error handlers that match specific classes are now checked first,
  thereby allowing catching exceptions that are subclasses of HTTP
  exceptions (in werkzeug.exceptions). This makes it possible
  for an extension author to create exceptions that will by default
  result in the HTTP error of their choosing, but may be caught with
  a custom error handler if desired.
• Added :meth:flask.Config.from_mapping.
• Flask will now log by default even if debug is disabled. The log format is
  now hardcoded but the default log handling can be disabled through the
  LOGGER_HANDLER_POLICY configuration key.
• Removed deprecated module functionality.
• Added the EXPLAIN_TEMPLATE_LOADING config flag which when enabled will
  instruct Flask to explain how it locates templates. This should help
  users debug when the wrong templates are loaded.
• Enforce blueprint handling in the order they were registered for template
  loading.
• Ported test suite to py.test.
• Deprecated request.json in favour of request.get_json().
• Add "pretty" and "compressed" separators definitions in jsonify() method.
  Reduces JSON response size when JSONIFY_PRETTYPRINT_REGULAR=False by removing
  unnecessary white space included by default after separators.
• JSON responses are now terminated with a newline character, because it is a
  convention that UNIX text files end with a newline and some clients don't
  deal well when this newline is missing. See
  Add JSONIFY_END_WITH_NEWLINE config variable pallets/flask#1262 -- this came up originally as a
  part of https://github.com/kennethreitz/httpbin/issues/168
• The automatically provided OPTIONS method is now correctly disabled if
  the user registered an overriding rule with the lowercase-version
  options (issue 1288).
• flask.json.jsonify now supports the datetime.date type (pull request
  1326).
• Don't leak exception info of already catched exceptions to context teardown
  handlers (pull request 1393).
• Allow custom Jinja environment subclasses (pull request 1422).
• flask.g now has pop() and setdefault methods.
• Turn on autoescape for flask.templating.render_template_string by default
  (pull request 1515).
• flask.ext is now deprecated (pull request 1484).
• send_from_directory now raises BadRequest if the filename is invalid on
  the server OS (pull request 1763).
• Added the JSONIFY_MIMETYPE configuration variable (pull request 1728).
• Exceptions during teardown handling will no longer leave bad application
  contexts lingering around.

0.10.2

---

(bugfix release, release date to be announced)

• Fixed broken test_appcontext_signals() test case.
• Raise an :exc:AttributeError in :func:flask.helpers.find_package with a
  useful message explaining why it is raised when a PEP 302 import hook is used
  without an is_package() method.
• Fixed an issue causing exceptions raised before entering a request or app
  context to be passed to teardown handlers.
• Fixed an issue with query parameters getting removed from requests in
  the test client when absolute URLs were requested.
• Made before_first_request into a decorator as intended.
• Fixed an etags bug when sending a file streams with a name.
• Fixed send_from_directory not expanding to the application root path
  correctly.
• Changed logic of before first request handlers to flip the flag after
  invoking. This will allow some uses that are potentially dangerous but
  should probably be permitted.
• Fixed Python 3 bug when a handler from app.url_build_error_handlers
  reraises the BuildError.

httplib2 0.9.2 -> 0.10.3

0.10.3

Fix certificate validation on Python<=2.7.8 without ssl.CertificateError
httplib2/httplib2#45

0.10.2

Just a reupload of 0.10.1, which was broken for Python3
because wheel distribution doesn't play well with our 2/3 split code base.
httplib2/httplib2#43

0.10.1

This is the first release by new httplib2 team. See post by Joe
https://bitworking.org/news/2016/03/an_update_on_httplib2

Remove VeriSign Class 3 CA from trusted certs
https://googleonlinesecurity.blogspot.com/2015/12/proactive-measures-in-digital.html

Add IdenTrust DST Root CA X3
httplib2/httplib2#26

Support for specifying the SSL protocol version (Python v2)
https://github.com/jcgregorio/httplib2/issues/329

On App Engine use urlfetch's default deadline if None is passed.

Fix TypeError on AppEngine “init() got an unexpected keyword argument 'ssl_version’”
httplib2/httplib2#12

Send SNI data for SSL connections on Python 2.7.9+
Verify the server hostname if certificate validation is enabled
httplib2/httplib2#13

Add proxy_headers argument to ProxyInfo constructor
httplib2/httplib2#21

Make disable_ssl_certificate_validation work with Python 3.5.
httplib2/httplib2#15

Fix socket error handling
httplib2/httplib2@eb74685
httplib2/httplib2@e7f6e62

Jinja2 2.8 -> 2.9.6

2.9.6

---

(bugfix release, released on April 3rd 2017)

• Fixed custom context behavior in fast resolve mode (675)

2.9.5

---

(bugfix release, released on January 28th 2017)

• Restored the original repr of the internal _GroupTuple because this
  caused issues with ansible and it was an unintended change. (654)
• Added back support for custom contexts that override the old resolve
  method since it was hard for people to spot that this could cause a
  regression.
• Correctly use the buffer for the else block of for loops. This caused
  invalid syntax errors to be caused on 2.x and completely wrong behavior
  on Python 3 (669)
• Resolve an issue where the {% extends %} tag could not be used with
  async environments. (668)
• Reduce memory footprint slightly by reducing our unicode database dump
  we use for identifier matching on Python 3 (666)
• Fixed autoescaping not working for macros in async compilation mode. (671)

2.9.4

---

(bugfix release, released on January 10th 2017)

• Solved some warnings for string literals. (646)
• Increment the bytecode cache version which was not done due to an
  oversight before.
• Corrected bad code generation and scoping for filtered loops. (649)
• Resolved an issue where top-level output silencing after known extend
  blocks could generate invalid code when blocks where contained in if
  statements. (651)
• Made the truncate.leeway default configurable to improve compatibility
  with older templates.

2.9.3

---

(bugfix release, released on January 8th 2017)

• Restored the use of blocks in macros to the extend that was possible
  before. On Python 3 it would render a generator repr instead of
  the block contents. (645)
• Set a consistent behavior for assigning of variables in inner scopes
  when the variable is also read from an outer scope. This now sets the
  intended behavior in all situations however it does not restore the
  old behavior where limited assignments to outer scopes was possible.
  For more information and a discussion see 641
• Resolved an issue where block scoped would not take advantage of the
  new scoping rules. In some more exotic cases a variable overriden in a
  local scope would not make it into a block.
• Change the code generation of the with statement to be in line with the
  new scoping rules. This resolves some unlikely bugs in edge cases. This
  also introduces a new internal With node that can be used by extensions.

2.9.2

---

(bugfix release, released on January 8th 2017)

• Fixed a regression that caused for loops to not be able to use the same
  variable for the target as well as source iterator. (640)
• Add support for a previously unknown behavior of macros. It used to be
  possible in some circumstances to explicitly provide a caller argument
  to macros. While badly buggy and unintended it turns out that this is a
  common case that gets copy pasted around. To not completely break backwards
  compatibility with the most common cases it's now possible to provide an
  explicit keyword argument for caller if it's given an explicit default.
  (642)

2.9.1

---

(bugfix release, released on January 7th 2017)

• Resolved a regression with call block scoping for macros. Nested caller
  blocks that used the same identifiers as outer macros could refer to the
  wrong variable incorrectly.

2.9

---

(codename Derivation, released on January 7th 2017)

• Change cache key definition in environment. This fixes a performance
  regression introduced in 2.8.
• Added support for generator_stop on supported Python versions
  (Python 3.5 and later)
• Corrected a long standing issue with operator precedence of math operations
  not being what was expected.
• Added support for Python 3.6 async iterators through a new async mode.
• Added policies for filter defaults and similar things.
• urlize now sets "rel noopener" by default.
• Support attribute fallback for old-style classes in 2.x.
• Support toplevel set statements in extend situations.
• Restored behavior of Cycler for Python 3 users.
• Subtraction now follows the same behavior as other operators on undefined
  values.
• map and friends will now give better error messages if you forgot to
  quote the parameter.
• Depend on MarkupSafe 0.23 or higher.
• Improved the truncate filter to support better truncation in case
  the string is barely truncated at all.
• Change the logic for macro autoescaping to be based on the runtime
  autoescaping information at call time instead of macro define time.
• Ported a modified version of the tojson filter from Flask to Jinja2
  and hooked it up with the new policy framework.
• Block sets are now marked safe by default.
• On Python 2 the asciification of ASCII strings can now be disabled with
  the compiler.ascii_str policy.
• Tests now no longer accept an arbitrary expression as first argument but
  a restricted one. This means that you can now properly use multiple
  tests in one expression without extra parentheses. In particular you can
  now write foo is divisibleby 2 or foo is divisibleby 3
  as you would expect.
• Greatly changed the scoping system to be more consistent with what template
  designers and developers expect. There is now no more magic difference
  between the different include and import constructs. Context is now always
  propagated the same way. The only remaining differences is the defaults
  for with context and without context.
• The with and autoescape tags are now built-in.
• Added the new select_autoescape function which helps configuring better
  autoescaping easier.

2.8.2

---

(bugfix release, unreleased)

• Fixed a runtime error in the sandbox when attributes of async generators
  were accessed.

2.8.1

---

(bugfix release, released on December 29th 2016)

• Fixed the for_qs flag for urlencode.
• Fixed regression when applying int to non-string values.
• SECURITY: if the sandbox mode is used format expressions are now sandboxed
  with the same rules as in Jinja. This solves various information leakage
  problems that can occur with format strings.

MarkupSafe 0.23 -> 1.0

1.0

---

• Fixed custom types not invoking __unicode__ when used
  with format().
• Added __version__ module attribute
• Improve unescape code to leave lone ampersands alone.

requests 2.12.4 -> 2.18.3

2.18.3

+++++++++++++++++++

Improvements

• Running $ python -m requests.help now includes the installed version of idna.

Bugfixes

• Fixed issue where Requests would raise ConnectionError instead of
  SSLError when encoutering SSL problems when using urllib3 v1.22.

2.18.2

+++++++++++++++++++

Bugfixes

• requests.help no longer fails on Python 2.6 due to the absence of
  ssl.OPENSSL_VERSION_NUMBER.

Dependencies

• We now support urllib3 v1.22.

2.18.1

+++++++++++++++++++

Bugfixes

• Fix an error in the packaging whereby the *.whl contained incorrect data that
  regressed the fix in v2.17.3.

2.18.0

+++++++++++++++++++

Improvements

• Response is now a context manager, so can be used directly in a with statement
  without first having to be wrapped by contextlib.closing().

Bugfixes

• Resolve installation failure if multiprocessing is not available
• Resolve tests crash if multiprocessing is not able to determine the number of CPU cores
• Resolve error swallowing in utils set_environ generator

2.17.3

+++++++++++++++++++

Improvements

• Improved packages namespace identity support, for monkeypatching libraries.

2.17.2

+++++++++++++++++++

Improvements

• Improved packages namespace identity support, for monkeypatching libraries.

2.17.1

+++++++++++++++++++

Improvements

• Improved packages namespace identity support, for monkeypatching libraries.

2.17.0

+++++++++++++++++++

Improvements

• Removal of the 301 redirect cache. This improves thread-safety.

2.16.5

+++++++++++++++++++

• Improvements to $ python -m requests.help.

2.16.4

+++++++++++++++++++

• Introduction of the $ python -m requests.help command, for debugging with maintainers!

2.16.3

+++++++++++++++++++

• Further restored the requests.packages namespace for compatibility reasons.

2.16.2

+++++++++++++++++++

• Further restored the requests.packages namespace for compatibility reasons.

No code modification (noted below) should be neccessary any longer.

2.16.1

+++++++++++++++++++

• Restored the requests.packages namespace for compatibility reasons.
• Bugfix for urllib3 version parsing.

Note: code that was written to import against the requests.packages
namespace previously will have to import code that rests at this module-level
now.

For example::

from requests.packages.urllib3.poolmanager import PoolManager

Will need to be re-written to be::

from requests.packages import urllib3
urllib3.poolmanager.PoolManager

Or, even better::

from urllib3.poolmanager import PoolManager

2.16.0

+++++++++++++++++++

• Unvendor ALL the things!

2.15.1

+++++++++++++++++++

• Everyone makes mistakes.

2.15.0

+++++++++++++++++++

Improvements

• Introduction of the Response.next property, for getting the next
  PreparedResponse from a redirect chain (when allow_redirects=False).
• Internal refactoring of __version__ module.

Bugfixes

• Restored once-optional parameter for requests.utils.get_environ_proxies().

2.14.2

+++++++++++++++++++

Bugfixes

• Changed a less-than to an equal-to and an or in the dependency markers to
  widen compatibility with older setuptools releases.

2.14.1

+++++++++++++++++++

Bugfixes

• Changed the dependency markers to widen compatibility with older pip
  releases.

2.14.0

+++++++++++++++++++

Improvements

• It is now possible to pass no_proxy as a key to the proxies
  dictionary to provide handling similar to the NO_PROXY environment
  variable.
• When users provide invalid paths to certificate bundle files or directories
  Requests now raises IOError, rather than failing at the time of the HTTPS
  request with a fairly inscrutable certificate validation error.
• The behavior of SessionRedirectMixin was slightly altered.
  resolve_redirects will now detect a redirect by calling
  get_redirect_target(response) instead of directly
  querying Response.is_redirect and Response.headers['location'].
  Advanced users will be able to process malformed redirects more easily.
• Changed the internal calculation of elapsed request time to have higher
  resolution on Windows.
• Added win_inet_pton as conditional dependency for the [socks] extra
  on Windows with Python 2.7.
• Changed the proxy bypass implementation on Windows: the proxy bypass
  check doesn't use forward and reverse DNS requests anymore
• URLs with schemes that begin with http but are not http or https
  no longer have their host parts forced to lowercase.

Bugfixes

• Much improved handling of non-ASCII Location header values in redirects.
  Fewer UnicodeDecodeErrors are encountered on Python 2, and Python 3 now
  correctly understands that Latin-1 is unlikely to be the correct encoding.
• If an attempt to seek file to find out its length fails, we now
  appropriately handle that by aborting our content-length calculations.
• Restricted HTTPDigestAuth to only respond to auth challenges made on 4XX
  responses, rather than to all auth challenges.
• Fixed some code that was firing DeprecationWarning on Python 3.6.
• The dismayed person emoticon (/o\\) no longer has a big head. I'm sure
  this is what you were all worrying about most.

Miscellaneous

• Updated bundled urllib3 to v1.21.1.
• Updated bundled chardet to v3.0.2.
• Updated bundled idna to v2.5.
• Updated bundled certifi to 2017.4.17.

2.13.0

+++++++++++++++++++

Features

• Only load the idna library when we've determined we need it. This will
  save some memory for users.

Miscellaneous

• Updated bundled urllib3 to 1.20.
• Updated bundled idna to 2.2.

2.12.5

+++++++++++++++++++

Bugfixes

• Fixed an issue with JSON encoding detection, specifically detecting
  big-endian UTF-32 with BOM.

Werkzeug 0.11.4 -> 0.12.2

0.12.2

---

Released on May 16 2017

• Fix regression: Pull request 892 prevented Werkzeug from correctly
  logging the IP of a remote client behind a reverse proxy, even when using
  ProxyFix.
• Fix a bug in safe_join on Windows.

0.12.1

---

Released on March 15th 2017

• Fix crash of reloader (used on debug mode) on Windows.
  (OSError: [WinError 10038]). See pull request 1081
• Partially revert change to class hierarchy of Headers. See 1084.

0.12

---

Released on March 10th 2017

• Spit out big deprecation warnings for werkzeug.script
• Use inspect.getfullargspec internally when available as
  inspect.getargspec is gone in 3.6
• Added support for status code 451 and 423
• Improved the build error suggestions. In particular only if
  someone stringifies the error will the suggestions be calculated.
• Added support for uWSGI's caching backend.
• Fix a bug where iterating over a FileStorage would result in an infinite
  loop.
• Datastructures now inherit from the relevant baseclasses from the
  collections module in the stdlib. See 794.
• Add support for recognizing NetBSD, OpenBSD, FreeBSD, DragonFlyBSD platforms
  in the user agent string.
• Recognize SeaMonkey browser name and version correctly
• Recognize Baiduspider, and bingbot user agents
• If LocalProxy's wrapped object is a function, refer to it with wrapped
  attribute.
• The defaults of generate_password_hash have been changed to more secure
  ones, see pull request 753.
• Add support for encoding in options header parsing, see pull request
  933.
• test.Client now properly handles Location headers with relative URLs, see
  pull request 879.
• When HTTPException is raised, it now prints the description, for easier
  debugging.
• Werkzeug's dict-like datastructures now have view-methods under Python 2,
  see pull request 968.
• Fix a bug in MultiPartParser when no stream_factory was provided
  during initialization, see pull request 973.
• Disable autocorrect and spellchecker in the debugger middleware's Python
  prompt, see pull request 994.
• Don't redirect to slash route when method doesn't match, see pull request
  907.
• Fix a bug when using SharedDataMiddleware with frozen packages, see pull
  request 959.
• Range header parsing function fixed for invalid values 974.
• Add support for byte Range Requests, see pull request 978.
• Use modern cryptographic defaults in the dev servers 1004.
• the post() method of the test client now accept file object through the data
  parameter.
• Color run_simple's terminal output based on HTTP codes 1013.
• Fix self-XSS in debugger console, see 1031.
• Fix IPython 5.x shell support, see 1033.

0.11.16

---

• werkzeug.serving: set CONTENT_TYPE / CONTENT_LENGTH if only they're provided by the client
• werkzeug.serving: Fix crash of reloader when using python -m werkzeug.serving.

0.11.15

---

Released on December 30th 2016.

• Bugfix for the bugfix in the previous release.

0.11.14

---

Released on December 30th 2016.

• Check if platform can fork before importing ForkingMixIn, raise exception
  when creating ForkingWSGIServer on such a platform, see PR 999.

0.11.13

---

Released on December 26th 2016.

• Correct fix for the reloader issuer on certain Windows installations.

0.11.12

---

Released on December 26th 2016.

• Fix more bugs in multidicts regarding empty lists. See 1000.
• Add some docstrings to some EnvironBuilder properties that were previously
  unintentionally missing.
• Added a workaround for the reloader on windows.

0.11.11

---

Released on August 31st 2016.

• Fix JSONRequestMixin for Python3. See 731
• Fix broken string handling in test client when passing integers. See 852
• Fix a bug in parse_options_header where an invalid content type
  starting with comma or semi-colon would result in an invalid return value,
  see issue 995.
• Fix a bug in multidicts when passing empty lists as values, see issue
  979.
• Fix a security issue that allows XSS on the Werkzeug debugger. See 1001.

0.11.10

---

Released on May 24th 2016.

• Fixed a bug that occurs when running on Python 2.6 and using a broken locale.
  See pull request 912.
• Fixed a crash when running the debugger on Google App Engine. See issue 925.
• Fixed an issue with multipart parsing that could cause memory exhaustion.

0.11.9

---

Released on April 24th 2016.

• Corrected an issue that caused the debugger not to use the
  machine GUID on POSIX systems.
• Corrected a Unicode error on Python 3 for the debugger's
  PIN usage.
• Corrected the timestamp verification in the pin debug code.
  Without this fix the pin was remembered for too long.

0.11.8

---

Released on April 15th 2016.

• fixed a problem with the machine GUID detection code on OS X
  on Python 3.

0.11.7

---

Released on April 14th 2016.

• fixed a regression on Python 3 for the debugger.

0.11.6

---

Released on April 14th 2016.

• werkzeug.serving: Still show the client address on bad requests.
• improved the PIN based protection for the debugger to make it harder to
  brute force via trying cookies. Please keep in mind that the debugger
  is not intended for running on production environments
• increased the pin timeout to a week to make it less annoying for people
  which should decrease the chance that users disable the pin check
  entirely.
• werkzeug.serving: Fix broken HTTP_HOST when path starts with double slash.

0.11.5

---

Released on March 22nd 2016.

• werkzeug.serving: Fix crash when attempting SSL connection to HTTP server.

Once you have closed this pull request, I'll create separate pull requests for every update as soon as I find them.

That's it for now!

Happy merging! 🤖

[GitCop]

There were the following issues with your Pull Request

• Commit: 8eb700c

• Commits must be in the following format: %{type}(%{scope}): %{description}

• Commit: dbb4efd

• Commits must be in the following format: %{type}(%{scope}): %{description}

• Commit: 6107ed6

• Commits must be in the following format: %{type}(%{scope}): %{description}

• Commit: 344e365

• Commits must be in the following format: %{type}(%{scope}): %{description}

• Commit: 628cb67

• Commits must be in the following format: %{type}(%{scope}): %{description}

• Commit: bd1fea8

• Commits must be in the following format: %{type}(%{scope}): %{description}

Guidelines are available at https://github.com/thekevjames/you-should-read

---

This message was auto-generated by https://gitcop.com