Subject: CVS commit: pkgsrc/www/py-bottle
From: Adam Ciarcinski
Date: 2024-09-09 18:46:51
Message id: 20240909164651.F3B24FC74@cvs.NetBSD.org

Log Message:
py-bottle: updated to 0.13.1

Release 0.13
==============

.. warning:: This release contains breaking changers, please read the notes below

.. rubric:: Dropped support for Python versions that reached their end-of-life.

Bottle up to 0.12 supported an absurd range of Python versions (2.5 to 3.12) and
keeping support for Python versions as ancient as 2.5 required a ton of workarounds
and compromises, but served no real purpose. If you need support for older Python
versions, you can stay on bottle 0.12. The updated list of tested and supported \ 
python
releases is as follows:

 * Python 2 >= 2.7.3
 * Python 3 >= 3.8

Support for Python 2.5 was marked as deprecated since 0.12. We decided to go a \ 
step further
and also remove support for 2.6 and 3.1 to 3.7 even if it was never deprecated \ 
explicitly
in bottle. This means that this release is *not* backwards compatible in Python \ 
<2.7.3 or
<3.8 environments. Maintainers for distributions or systems that still use \ 
these old python
versions should not update to Bottle 0.13 and stick with 0.12 instead.

.. rubric:: Stabilized APIs

* The documented API of the :class:`ConfigDict` class is now considered stable \ 
and ready to use.

.. rubric:: Deprecated APIs

* The old route syntax (``/hello/:name``) is deprecated in favor of the more \ 
readable and flexible ``/hello/<name>`` syntax.
* :meth:`Bottle.mount` now recognizes Bottle instance and will warn about \ 
parameters that are not compatible with the new mounting behavior. The old \ 
behavior (mount applications as WSGI callable) still works and is used as a \ 
fallback automatically.
* The undocumented :func:`local_property` helper is now deprecated.
* The server adapter for google app engine is not useful anymore and marked as \ 
deprecated.
* Bottle uses pickle to store arbitrary objects into signed cookies. This is \ 
safe, as long as the signature key remains a secret. Unfortunately, people tend \ 
to push code with signature keys to github all the time, so we decided to remove \ 
pickle-support from bottle. Signed cookies will now issue a deprecation warning \ 
if the value is not a string, and support for non-string values will be removed \ 
in 0.14. The global :func:`cookie_encode`, :func:`cookie_decode` and \ 
:func:`is_cookie_encoded` are now also deprecated. If you are using this \ 
feature, think about using json to serialize your objects before storing them \ 
into cookies, or switch to a session system that stores data server-side instead \ 
of client-side.

.. rubric:: Removed APIs (deprecated since 0.12)

* Plugins with the old API (``api=1`` or no api attribute) will no longer work.
* Parameter order of :meth:`Bottle.mount` changed in 0.10. The old order will \ 
now result in an error instead of a warning.
* The :class:`ConfigDict` class was introduced in 0.11 and changed during 0.12. \ 
These changes are now final.

  * Attribute access and assignment was removed due to high overhead and limited \ 
usability.
  * Namespaced sub-instance creation was removed. \ 
``config["a"]["b"]`` has a high overhead and little benefit \ 
over ``config["a.b"]``.
  * :class:`ConfigDict` instances are no longer callable. This was a shortcut \ 
for :meth:`ConfigDict.update`.
  * :class:`ConfigDict` constructor no longer accepts any parameters. Use the \ 
`load_*` methods instead.

* Bottle 0.12 changed some aspects of the Simple Template Engine. These changes \ 
are now final and the old syntax will now longer work.

  * The magic ``{{rebase()}}`` call was replaced by a ``base`` variable. \ 
Example: ``{{base}}``
  * In STPL Templates, the ``rebase`` and ``include`` keywords were replaced \ 
with functions in 0.12.
  * PEP-263 encoding strings are no longer recognized. Templates are always utf-8.

* The 'geventSocketIO' server adapter was removed without notice. It did not \ 
work anyway.

.. rubric:: Changes

These changes might require special care when updating.

* Signed cookies now use a stronger HMAC algorithm by default. This will result \ 
in old cookies to appear invalid after the update. Pass an explicit \ 
``digestmod=hashlib.md5`` to :meth:`BaseRequest.get_cookie` and \ 
:meth:`BaseResponse.set_cookie` to get the old behavior.
* Bottle now ships with its own multipart form data parser (borrowed from \ 
`multipart <https://pypi.org/project/multipart/>`_) and no longer relies \ 
on ``cgi.FieldStorage``, which was removed in Python 3.13. This may change the \ 
way broken (non-standard) form submissions are parsed. The new parser is more \ 
strict and correct than ohe old one.

.. rubric:: Other Improvements

* :class:`Bottle` instances are now context managers. If used in a \ 
with-statement, the default application changes to the specific instance and the \ 
shortcuts for many instance methods can be used.
* Added support for ``PATCH`` requests and the :meth:`Bottle.patch` decorator.
* Added `aiohttp <http://aiohttp.readthedocs.io/en/stable/>`_ and `uvloop \ 
<https://github.com/MagicStack/uvloop>`_ server adapters.
* Added command-line arguments for config from json or ini files.
* :meth:`Bottle.mount` now recognizes instances of :class:`Bottle` and mounts \ 
them with significantly less overhead than other WSGI applications.
* The :attr:`BaseRequest.json` property now accepts ``application/json-rpc`` \ 
requests.
* :func:`static_file` gained support for ``ETag`` headers. It will generate \ 
ETags and recognizes ``If-None-Match`` headers.
* :func:`static_file` will now guess the mime type of ``*.gz`` and other \ 
compressed files correctly (e.g. ``application/gzip``) and NOT set the \ 
``Content-Encoding`` header.
* Jinja2 templates will produce better error messages than before.

Files:
RevisionActionfile
1.17modifypkgsrc/www/py-bottle/Makefile
1.5modifypkgsrc/www/py-bottle/PLIST
1.15modifypkgsrc/www/py-bottle/distinfo