Log Message:
py-tornado: updated to 6.3.1

What's new in Tornado 6.3.1
===========================

Apr 21, 2023
------------

``tornado.web``
~~~~~~~~~~~~~~~

- `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments
  for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase
  arguments will be accepted.

What's new in Tornado 6.3.0
===========================

Apr 17, 2023
------------

Highlights
~~~~~~~~~~

- The new `.Application` setting ``xsrf_cookie_name`` can now be used to
  take advantage of the ``__Host`` cookie prefix for improved security.
  To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", \ 
"xsrf_cookie_kwargs":
  {"secure": True}}`` to your `.Application` settings. Note that this \ 
feature
  currently only works when HTTPS is used.
- `.WSGIContainer` now supports running the application in a \ 
``ThreadPoolExecutor`` so
  the event loop is no longer blocked.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2,
  are no longer deprecated.
- WebSockets are now much faster at receiving large messages split into many
  fragments.

General changes
~~~~~~~~~~~~~~~

- Python 3.7 is no longer supported; the minimum supported Python version is 3.8.
  Python 3.12 is now supported.
- To avoid spurious deprecation warnings, users of Python 3.10 should upgrade
  to at least version 3.10.9, and users of Python 3.11 should upgrade to at least
  version 3.11.1.
- Tornado submodules are now imported automatically on demand. This means it is
  now possible to use a single ``import tornado`` statement and refer to objects
  in submodules such as `tornado.web.RequestHandler`.

Deprecation notices
~~~~~~~~~~~~~~~~~~~

- In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING``
  and above regardless of the current logging configuration, unless the
  ``level`` argument is used.
- `.RequestHandler.get_secure_cookie` is now a deprecated alias for
  `.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie`
  is now a deprecated alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement
  is provided; `.RequestHandler.clear_cookie` should be used on individual
  cookies.
- Calling the `.IOLoop` constructor without a ``make_current`` argument, which was
  deprecated in Tornado 6.2, is no longer deprecated.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2,
  are no longer deprecated.
- `.AsyncTestCase.get_new_ioloop` is deprecated.

``tornado.auth``
~~~~~~~~~~~~~~~~

- New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden
  to get credentials from a source other than the `.Application` settings.

``tornado.gen``
~~~~~~~~~~~~~~~

- `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine.

``tornado.options``
~~~~~~~~~~~~~~~~~~~

- `~.OptionParser.parse_config_file` now recognizes single comma-separated \ 
strings (in addition to
  lists of strings) for options with ``multiple=True``.

``tornado.web``
~~~~~~~~~~~~~~~

- New `.Application` setting ``xsrf_cookie_name`` can be used to change the
  name of the XSRF cookie. This is most useful to take advantage of the
  ``__Host-`` cookie prefix.
- `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie`
  (and related methods and attributes) have been renamed to
  `~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`.
  This makes it more explicit what kind of security is provided, and avoids
  confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix.
  The old names remain supported as deprecated aliases.
- `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by
  `~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain
  arguments to be passed the same way in which it was set.
- `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments
  for the same reason as ``clear_cookie``. However, since the requirements
  for additional arguments mean that it cannot reliably clear all cookies,
  this method is now deprecated.

``tornado.websocket``
~~~~~~~~~~~~~~~~~~~~~

- It is now much faster (no longer quadratic) to receive large messages that
  have been split into many fragments.
- `.websocket_connect` now accepts a ``resolver`` parameter.

``tornado.wsgi``
~~~~~~~~~~~~~~~~

- `.WSGIContainer` now accepts an ``executor`` parameter which can be used
  to run the WSGI application on a thread pool.