Subject: CVS commit: pkgsrc/www/py-flask-wtf
From: Klaus Klein
Date: 2017-02-20 16:27:12
Message id: 20170220152712.CFBB5FBE4@cvs.NetBSD.org

Log Message:
Update py-flask-wtf to 0.14.2.

Version 0.14.2
--------------

Released 2017-01-10

- Fix bug where ``FlaskForm`` assumed ``meta`` argument was not ``None`` if it
  was passed. (`#278`_)

.. _#278: https://github.com/lepture/flask-wtf/issues/278

Version 0.14.1
--------------

Released 2017-01-10

- Fix bug where the file validators would incorrectly identify an empty file as
  valid data. (`#276`_, `#277`_)

    - ``FileField`` is no longer deprecated. The data is checked during
      processing and only set if it's a valid file.
    - ``has_file`` *is* deprecated; it's now equivalent to ``bool(field.data)``.
    - ``FileRequired`` and ``FileAllowed`` work with both the Flask-WTF and
      WTForms ``FileField`` classes.
    - The ``Optional`` validator now works with ``FileField``.

.. _#276: https://github.com/lepture/flask-wtf/issues/276
.. _#277: https://github.com/lepture/flask-wtf/pull/277

Version 0.14
------------

Released 2017-01-06

- Use itsdangerous to sign CSRF tokens and check expiration instead of doing it
  ourselves. (`#264`_)

    - All tokens are URL safe, removing the ``url_safe`` parameter from
      ``generate_csrf``. (`#206`_)
    - All tokens store a timestamp, which is checked in ``validate_csrf``. The
      ``time_limit`` parameter of ``generate_csrf`` is removed.

- Remove the ``app`` attribute from ``CsrfProtect``, use ``current_app``.
  (`#264`_)
- ``CsrfProtect`` protects the ``DELETE`` method by default. (`#264`_)
- The same CSRF token is generated for the lifetime of a request. It is exposed
  as ``g.csrf_token`` for use during testing. (`#227`_, `#264`_)
- ``CsrfProtect.error_handler`` is deprecated. (`#264`_)

    - Handlers that return a response work in addition to those that raise an
      error. The behavior was not clear in previous docs.
    - (`#200`_, `#209`_, `#243`_, `#252`_)

- Use ``Form.Meta`` instead of deprecated ``SecureForm`` for CSRF (and
  everything else). (`#216`_, `#271`_)

    - ``csrf_enabled`` parameter is still recognized but deprecated. All other
      attributes and methods from ``SecureForm`` are removed. (`#271`_)

- Provide ``WTF_CSRF_FIELD_NAME`` to configure the name of the CSRF token.
  (`#271`_)
- ``validate_csrf`` raises ``wtforms.ValidationError`` with specific messages
  instead of returning ``True`` or ``False``. This breaks anything that was
  calling the method directly. (`#239`_, `#271`_)

    - CSRF errors are logged as well as raised. (`#239`_)

- ``CsrfProtect`` is renamed to ``CSRFProtect``. A deprecation warning is issued
  when using the old name. ``CsrfError`` is renamed to ``CSRFError`` without
  deprecation. (`#271`_)
- ``FileField`` is deprecated because it no longer provides functionality over
  the provided validators. Use ``wtforms.FileField`` directly. (`#272`_)

.. _`#200`: https://github.com/lepture/flask-wtf/issues/200
.. _`#209`: https://github.com/lepture/flask-wtf/pull/209
.. _`#216`: https://github.com/lepture/flask-wtf/issues/216
.. _`#227`: https://github.com/lepture/flask-wtf/issues/227
.. _`#239`: https://github.com/lepture/flask-wtf/issues/239
.. _`#243`: https://github.com/lepture/flask-wtf/pull/243
.. _`#252`: https://github.com/lepture/flask-wtf/pull/252
.. _`#264`: https://github.com/lepture/flask-wtf/pull/264
.. _`#271`: https://github.com/lepture/flask-wtf/pull/271
.. _`#272`: https://github.com/lepture/flask-wtf/pull/272

Version 0.13.1
--------------

Released 2016/10/6

- Deprecation warning for ``Form`` is shown during ``__init__`` instead of \ 
immediately when subclassing. (`#262`_)
- Don't use ``pkg_resources`` to get version, for compatibility with GAE. (`#261`_)

.. _`#261`: https://github.com/lepture/flask-wtf/issues/261
.. _`#262`: https://github.com/lepture/flask-wtf/issues/262

Version 0.13
------------

Released 2016/09/29

- ``Form`` is renamed to ``FlaskForm`` in order to avoid name collision with \ 
WTForms's base class.  Using ``Form`` will show a deprecation warning. (`#250`_)
- ``hidden_tag`` no longer wraps the hidden inputs in a hidden div.  This is \ 
valid HTML5 and any modern HTML parser will behave correctly. (`#217`_, `#193`_)
- ``flask_wtf.html5`` is deprecated.  Import directly from \ 
``wtforms.fields.html5``. (`#251`_)
- ``is_submitted`` is true for ``PATCH`` and ``DELETE`` in addition to ``POST`` \ 
and ``PUT``. (`#187`_)
- ``generate_csrf`` takes a ``token_key`` parameter to specify the key stored in \ 
the session. (`#206`_)
- ``generate_csrf`` takes a ``url_safe`` parameter to allow the token to be used \ 
in URLs. (`#206`_)
- ``form.data`` can be accessed multiple times without raising an exception. \ 
(`#248`_)
- File extension with multiple parts (``.tar.gz``) can be used in the \ 
``FileAllowed`` validator. (`#201`_)

.. _`#187`: https://github.com/lepture/flask-wtf/pull/187
.. _`#193`: https://github.com/lepture/flask-wtf/issues/193
.. _`#201`: https://github.com/lepture/flask-wtf/issues/201
.. _`#206`: https://github.com/lepture/flask-wtf/pull/206
.. _`#217`: https://github.com/lepture/flask-wtf/issues/217
.. _`#248`: https://github.com/lepture/flask-wtf/pull/248
.. _`#250`: https://github.com/lepture/flask-wtf/pull/250
.. _`#251`: https://github.com/lepture/flask-wtf/pull/251

Files:
RevisionActionfile
1.20modifypkgsrc/www/py-flask-wtf/Makefile
1.14modifypkgsrc/www/py-flask-wtf/distinfo