Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

rdflib	3.4.0	»	4.2.1	PyPI | Changelog | Repo
pytz	2016.7	»	2016.10	PyPI | Homepage | Docs
pytz	2016.7	»	2016.10	PyPI | Homepage | Docs
PyPOM	1.0	»	1.1.1	PyPI | Changelog | Repo
Jinja2	2.8.1	»	2.9.4	PyPI | Changelog | Homepage
Jinja2	2.8.1	»	2.9.4	PyPI | Changelog | Homepage
flake8	3.0.4	»	3.2.1	PyPI | Repo
dennis	0.7	»	0.8	PyPI | Changelog | Repo
kombu	3.0.35	»	4.0.2	PyPI | Docs
billiard	3.3.0.23	»	3.5.0.2	PyPI | Changelog | Repo
psutil	4.4.2	»	5.0.1	PyPI | Changelog | Repo | Docs
flake8-mutable	1.0.5	»	1.1.0	PyPI | Repo
oauthlib	0.4.0	»	2.0.1	PyPI | Changelog | Repo
celery	3.1.23	»	4.0.2	PyPI | Changelog | Homepage | Docs
m2crypto	0.24.0	»	0.25.1	PyPI | Repo
cffi	1.8.3	»	1.9.1	PyPI | Docs
bleach	1.4.3	»	1.5.0	PyPI | Changelog | Repo | Docs
pytest-selenium	1.3.1	»	1.7.0	PyPI | Changelog | Repo
SQLAlchemy	0.7.5	»	1.1.4	PyPI | Homepage
django-session-csrf	0.6	»	0.7.1	PyPI | Repo
click	6.6	»	6.7	PyPI | Changelog | Repo
elasticsearch	1.1.1	»	5.1.0	PyPI | Changelog | Repo
polib	1.0.7	»	1.0.8	PyPI | Changelog | Repo
python-memcached	1.53	»	1.58	PyPI | Homepage
elasticsearch-dsl	0.0.11	»	5.1.0	PyPI | Changelog | Repo
pycodestyle	2.0.0	»	2.2.0	PyPI | Changelog | Docs
amo-validator	1.10.47	»	1.10.49	PyPI | Repo
idna	2.1	»	2.2	PyPI | Changelog | Repo
django-post-request-task	0.0.3	»	0.1.1	PyPI | Repo
python-gflags	2.0	»	3.1.0	PyPI | Repo
cryptography	1.5.3	»	1.7.1	PyPI | Changelog | Repo
django-tables2	1.1.2	»	1.2.9	PyPI | Changelog | Repo
setuptools	28.6.1	»	33.1.0	PyPI | Changelog | Repo
djangorestframework-jwt	1.7.2	»	1.9.0	PyPI | Repo
pytest	3.0.3	»	3.0.5	PyPI | Changelog | Homepage
pytest	3.0.2	»	3.0.5	PyPI | Changelog | Homepage
html5lib	0.9999999	»	0.999999999	PyPI | Changelog | Repo
pycparser	2.16	»	2.17	PyPI | Changelog | Repo
email-reply-parser	0.3.0	»	0.5.9	PyPI | Repo
raven	5.31.0	»	5.32.0	PyPI | Changelog | Repo
newrelic	2.72.1.53	»	2.78.0.57	PyPI | Homepage
mccabe	0.5.2	»	0.5.3	PyPI | Repo
fxapom	1.9.0	»	1.9.1	PyPI | Changelog | Repo
certifi	0.0.8	»	2016.9.26	PyPI | Homepage
Sphinx	1.4.8	»	1.5.1	PyPI | Changelog | Homepage
django-environ	0.4.0	»	0.4.1	PyPI | Repo
django-multidb-router	0.5.1	»	0.6	PyPI | Changelog | Repo
python-dateutil	1.5	»	2.6.0	PyPI | Changelog | Docs
urllib3	1.16	»	1.19.1	PyPI | Changelog | Docs
djangorestframework	3.3.3	»	3.5.3	PyPI | Changelog | Homepage
GitPython	0.1.7	»	2.1.1	PyPI | Repo | Docs
amqp	1.4.9	»	2.1.4	PyPI | Changelog | Repo
selenium	3.0.0b2	»	3.0.2	PyPI | Changelog | Repo
pytest-django	2.9.1	»	3.1.2	PyPI | Changelog | Docs
pyflakes	1.3.0	»	1.5.0	PyPI | Changelog | Repo
google-api-python-client	1.2	»	1.6.1	PyPI | Changelog | Repo
py	1.4.31	»	1.4.32	PyPI | Changelog | Docs
django-extensions	1.6.7	»	1.7.5	PyPI | Changelog | Repo | Docs
cssselect	1.0.0	»	1.0.1	PyPI | Changelog | Repo | Docs
docutils	0.12	»	0.13.1	PyPI | Homepage
Django	1.8.17	»	1.10.5	PyPI | Changelog | Homepage
requests	2.11.1	»	2.12.4	PyPI | Changelog | Homepage
ipaddress	1.0.17	»	1.0.18	PyPI | Repo
lxml	3.6.0	»	3.7.2	PyPI | Changelog | Homepage
django-filter	0.7	»	1.0.1	PyPI | Changelog | Repo
simplejson	3.8.2	»	3.10.0	PyPI | Changelog | Repo

Changelogs

rdflib 3.4.0 -> 4.2.1

4.2.1

========================

This is a bug-fix release.

Minor enhancements:

• Added a Networkx connector
  471,
  507
• Added a graph_tool connector
  473
• Added a graphs method to the Dataset object
  504,
  495
• Batch commits for SPARQLUpdateStore
  486

Bug fixes:

• Fixed bnode collision bug
  506,
  496,
  494
• fix util.from_n3() parsing Literals with datatypes and Namespace support
  503,
  502
• make Identifier.__hash__ stable wrt. multi processes
  501,
  500
• fix handling URLInputSource without content-type
  499,
  498
• no relative import in algebra when run as a script
  497
• Duplicate option in armstrong theme.conf removed
  491
• Variable.__repr__ returns a python representation string, not n3
  488
• fixed broken example
  482
• trig output fixes
  480
• set PYTHONPATH to make rdfpipe tests use the right rdflib version
  477
• fix RDF/XML problem with unqualified use of rdf:about
  470,
  468
• AuditableStore improvements
  469,
  463
• added asserts for graph.set([s,p,o]) so s and p aren't None
  467
• threading.RLock instances are context managers
  465
• SPARQLStore does not transform Literal('') into Literal('None') anymore
  459,
  457
• slight performance increase for graph.all_nodes()
  458

Testing improvements:

• travis: migrate to docker container infrastructure
  508
• test for narrow python builds (chars > 0xFFFF) (related to
  453,
  454
  )
  456,
  509
• dropped testing py3.2
  448
• Running a local fuseki server on travis and making it failsafe
  476,
  475,
  474,
  466,
  460
• exclude def main(): functions from test coverage analysis
  472

4.2.0

========================

This is a new minor version of RDFLib including a handful of new features:

• Supporting N-Triples 1.1 syntax using UTF-8 encoding
  447,
  449,
  400
• Graph comparison now really works using RGDA1 (RDF Graph Digest Algorithm 1)
  441
  385
• More graceful degradation than simple crashing for unicode chars > 0xFFFF on
  narrow python builds. Parsing such characters will now work, but issue a
  UnicodeWarning. If you run python -W all you will already see a warning on
  import rdflib will show a warning (ImportWarning).
  453,
  454
• URLInputSource now supports json-ld
  425
• SPARQLStore is now graph aware
  401,
  402
• SPARQLStore now uses SPARQLWrapper for updates
  397
• Certain logging output is immediately shown in interactive mode
  414
• Python 3.4 fully supported
  418

Minor enhancements & bugs fixed:

• Fixed double invocation of 2to3
  437
• PyRDFa parser missing brackets
  434
• Correctly handle \uXXXX and \UXXXXXXXX escapes in n3 files
  426
• Logging cleanups and keeping it on stderr
  420
  414
  413
• n3: allow base URI to have a trailing ''
  407
  379
• microdata: add file:// to base if it's a filename so rdflib can parse its own
  output
  406
  403
• TSV Results parse skips empty bindings in result
  390
• fixed accidental test run due to name
  389
• Bad boolean list serialization to Turtle & fixed ambiguity between
  Literal(False) and None
  387
  382
• Current version number & PyPI link in README.md
  383

4.1.2

========================

This is a bug-fix release.

• Fixed unicode/str bug in py3 for rdfpipe
  375

4.1.1

========================

This is a bug-fix release.

This will be the last RDFLib release to support python 2.5.

• The RDF/XML Parser was made stricter, now raises exceptions for
  illegal repeated node-elements.
  363

• The SPARQLUpdateStore now supports non-ascii unicode in update
  statements
  356

• Fixed a bug in the NTriple/NQuad parser wrt. to unicode escape sequences
  352

• HTML5Lib is no longer pinned to 0.95
  355

• RDF/XML Serializer now uses parseType=Literal for well-formed XML literals

• A bug in the manchester OWL syntax was fixed
  355

4.1

======================

This is a new minor version RDFLib, which includes a handful of new features:

• A TriG parser was added (we already had a serializer) - it is
  up-to-date wrt. to the newest spec from: http://www.w3.org/TR/trig/

• The Turtle parser was made up to date wrt. to the latest Turtle spec.

• Many more tests have been added - RDFLib now has over 2000
  (passing!) tests. This is mainly thanks to the NT, Turtle, TriG,
  NQuads and SPARQL test-suites from W3C. This also included many
  fixes to the nt and nquad parsers.

• ConjunctiveGraph and Dataset now support directly adding/removing
  quads with add/addN/remove methods.

• rdfpipe command now supports datasets, and reading/writing context
  sensitive formats.

• Optional graph-tracking was added to the Store interface, allowing
  empty graphs to be tracked for Datasets. The DataSet class also saw
  a general clean-up, see: 309

• After long deprecation, BackwardCompatibleGraph was removed.

Minor enhancements/bugs fixed:

• Many code samples in the documentation were fixed thanks to PuckCh

• The new IOMemory store was optimised a bit

• SPARQL(Update)Store has been made more generic.

• MD5 sums were never reinitialized in rdflib.compare

• Correct default value for empty prefix in N3
  312

• Fixed tests when running in a non UTF-8 locale
  344

• Prefix in the original turtle have an impact on SPARQL query
  resolution
  313

• Duplicate BNode IDs from N3 Parser
  305

• Use QNames for TriG graph names
  330

• \uXXXX escapes in Turtle/N3 were fixed
  335

• A way to limit the number of triples retrieved from the
  SPARQLStore was added
  346

• Dots in localnames in Turtle
  345
  336

• BNode as Graph's public ID
  300

• Introduced ordering of QuotedGraphs
  291

4.0.1

========================

Following RDFLib tradition, some bugs snuck into the 4.0 release.
This is a bug-fixing release:

• the new URI validation caused lots of problems, but is
  nescessary to avoid ''RDF injection'' vulnerabilities. In the
  spirit of ''be liberal in what you accept, but conservative in
  what you produce", we moved validation to serialisation time.

• the rdflib.tools package was missing from the
  setup.py script, and was therefore not included in the
  PYPI tarballs.

• RDF parser choked on empty namespace URI
  288

• Parsing from sys.stdin was broken
  285

• The new IO store had problems with concurrent modifications if
  several graphs used the same store
  286

• Moved HTML5Lib dependency to the recently released 1.0b1 which
  support python3

4.0

======================

This release includes several major changes:

• The new SPARQL 1.1 engine (rdflib-sparql) has been included in
  the core distribution. SPARQL 1.1 queries and updates should
  work out of the box.

• SPARQL paths are exposed as operators on URIRefs, these can
  then be be used with graph.triples and friends:

 List names of friends of Bob:
g.triples(( bob, FOAF.knows/FOAF.name , None ))

All super-classes:

g.triples(( cls, RDFS.subClassOf * '+', None ))

 * a new ```graph.update``` method will apply SPARQL update statements

• Several RDF 1.1 features are available:
• A new DataSet class
• XMLLiteral and HTMLLiterals
• BNode (de)skolemization is supported through BNode.skolemize,
  URIRef.de_skolemize, Graph.skolemize and Graph.de_skolemize

• Handled of Literal equality was split into lexical comparison
  (for normal == operator) and value space (using new Node.eq
  methods). This introduces some slight backwards incomaptible
  changes, but was necessary, as the old version had
  inconsisten hash and equality methods that could lead the
  literals not working correctly in dicts/sets.
  The new way is more in line with how SPARQL 1.1 works.
  For the full details, see:

https://github.com/RDFLib/rdflib/wiki/Literal-reworking

• Iterating over QueryResults will generate ResultRow objects,
  these allow access to variable bindings as attributes or as a
  dict. I.e.

for row in graph.query('select ... ') :
   print row.age, row["name"]

• "Slicing" of Graphs and Resources as syntactic sugar:
  (271)

graph[bob : FOAF.knows/FOAF.name]
          -> generator over the names of Bobs friends

• The SPARQLStore and SPARQLUpdateStore are now included
  in the RDFLib core

• The documentation has been given a major overhaul, and examples
  for most features have been added.

Minor Changes:

• String operations on URIRefs return new URIRefs: (258)

>>> URIRef('http://example.org/')+'test
rdflib.term.URIRef('http://example.org/test')

• Parser/Serializer plugins are also found by mime-type, not just
  by plugin name: (277)
• Namespace is no longer a subclass of URIRef
• URIRefs and Literal language tags are validated on construction,
  avoiding some "RDF-injection" issues (266)
• A new memory store needs much less memory when loading large
  graphs (268)
• Turtle/N3 serializer now supports the base keyword correctly (248)
• py2exe support was fixed (257)
• Several bugs in the TriG serializer were fixed
• Several bugs in the NQuads parser were fixed

PyPOM 1.0 -> 1.1.1

1.1.1

• Fixed packaging of pypom.interfaces

1.1.0

• Added support for Splinter

• Thanks to davidemoro <https://github.com/davidemoro>_ for the PR

Jinja2 2.8.1 -> 2.9.4

2.9.4

---

(bugfix release, released on January 10th 2017)

• Solved some warnings for string literals. (646)
• Increment the bytecode cache version which was not done due to an
  oversight before.
• Corrected bad code generation and scoping for filtered loops. (649)
• Resolved an issue where top-level output silencing after known extend
  blocks could generate invalid code when blocks where contained in if
  statements. (651)
• Made the truncate.leeway default configurable to improve compatibility
  with older templates.

2.9.3

---

(bugfix release, released on January 8th 2017)

• Restored the use of blocks in macros to the extend that was possible
  before. On Python 3 it would render a generator repr instead of
  the block contents. (645)
• Set a consistent behavior for assigning of variables in inner scopes
  when the variable is also read from an outer scope. This now sets the
  intended behavior in all situations however it does not restore the
  old behavior where limited assignments to outer scopes was possible.
  For more information and a discussion see 641
• Resolved an issue where block scoped would not take advantage of the
  new scoping rules. In some more exotic cases a variable overriden in a
  local scope would not make it into a block.
• Change the code generation of the with statement to be in line with the
  new scoping rules. This resolves some unlikely bugs in edge cases. This
  also introduces a new internal With node that can be used by extensions.

2.9.2

---

(bugfix release, released on January 8th 2017)

• Fixed a regression that caused for loops to not be able to use the same
  variable for the target as well as source iterator. (640)
• Add support for a previously unknown behavior of macros. It used to be
  possible in some circumstances to explicitly provide a caller argument
  to macros. While badly buggy and unintended it turns out that this is a
  common case that gets copy pasted around. To not completely break backwards
  compatibility with the most common cases it's now possible to provide an
  explicit keyword argument for caller if it's given an explicit default.
  (642)

2.9.1

---

(bugfix release, released on January 7th 2017)

• Resolved a regression with call block scoping for macros. Nested caller
  blocks that used the same identifiers as outer macros could refer to the
  wrong variable incorrectly.

2.9

---

(codename Derivation, released on January 7th 2017)

• Change cache key definition in environment. This fixes a performance
  regression introduced in 2.8.
• Added support for generator_stop on supported Python versions
  (Python 3.5 and later)
• Corrected a long standing issue with operator precedence of math operations
  not being what was expected.
• Added support for Python 3.6 async iterators through a new async mode.
• Added policies for filter defaults and similar things.
• urlize now sets "rel noopener" by default.
• Support attribute fallback for old-style classes in 2.x.
• Support toplevel set statements in extend situations.
• Restored behavior of Cycler for Python 3 users.
• Subtraction now follows the same behavior as other operators on undefined
  values.
• map and friends will now give better error messages if you forgot to
  quote the parameter.
• Depend on MarkupSafe 0.23 or higher.
• Improved the truncate filter to support better truncation in case
  the string is barely truncated at all.
• Change the logic for macro autoescaping to be based on the runtime
  autoescaping information at call time instead of macro define time.
• Ported a modified version of the tojson filter from Flask to Jinja2
  and hooked it up with the new policy framework.
• Block sets are now marked safe by default.
• On Python 2 the asciification of ASCII strings can now be disabled with
  the compiler.ascii_str policy.
• Tests now no longer accept an arbitrary expression as first argument but
  a restricted one. This means that you can now properly use multiple
  tests in one expression without extra parentheses. In particular you can
  now write foo is divisibleby 2 or foo is divisibleby 3
  as you would expect.
• Greatly changed the scoping system to be more consistent with what template
  designers and developers expect. There is now no more magic difference
  between the different include and import constructs. Context is now always
  propagated the same way. The only remaining differences is the defaults
  for with context and without context.
• The with and autoescape tags are now built-in.
• Added the new select_autoescape function which helps configuring better
  autoescaping easier.

2.8.2

---

(bugfix release, unreleased)

• Fixed a runtime error in the sandbox when attributes of async generators
  were accessed.

Jinja2 2.8.1 -> 2.9.4

2.9.4

---

(bugfix release, released on January 10th 2017)

• Solved some warnings for string literals. (646)
• Increment the bytecode cache version which was not done due to an
  oversight before.
• Corrected bad code generation and scoping for filtered loops. (649)
• Resolved an issue where top-level output silencing after known extend
  blocks could generate invalid code when blocks where contained in if
  statements. (651)
• Made the truncate.leeway default configurable to improve compatibility
  with older templates.

2.9.3

---

(bugfix release, released on January 8th 2017)

• Restored the use of blocks in macros to the extend that was possible
  before. On Python 3 it would render a generator repr instead of
  the block contents. (645)
• Set a consistent behavior for assigning of variables in inner scopes
  when the variable is also read from an outer scope. This now sets the
  intended behavior in all situations however it does not restore the
  old behavior where limited assignments to outer scopes was possible.
  For more information and a discussion see 641
• Resolved an issue where block scoped would not take advantage of the
  new scoping rules. In some more exotic cases a variable overriden in a
  local scope would not make it into a block.
• Change the code generation of the with statement to be in line with the
  new scoping rules. This resolves some unlikely bugs in edge cases. This
  also introduces a new internal With node that can be used by extensions.

2.9.2

---

(bugfix release, released on January 8th 2017)

• Fixed a regression that caused for loops to not be able to use the same
  variable for the target as well as source iterator. (640)
• Add support for a previously unknown behavior of macros. It used to be
  possible in some circumstances to explicitly provide a caller argument
  to macros. While badly buggy and unintended it turns out that this is a
  common case that gets copy pasted around. To not completely break backwards
  compatibility with the most common cases it's now possible to provide an
  explicit keyword argument for caller if it's given an explicit default.
  (642)

2.9.1

---

(bugfix release, released on January 7th 2017)

• Resolved a regression with call block scoping for macros. Nested caller
  blocks that used the same identifiers as outer macros could refer to the
  wrong variable incorrectly.

2.9

---

(codename Derivation, released on January 7th 2017)

• Change cache key definition in environment. This fixes a performance
  regression introduced in 2.8.
• Added support for generator_stop on supported Python versions
  (Python 3.5 and later)
• Corrected a long standing issue with operator precedence of math operations
  not being what was expected.
• Added support for Python 3.6 async iterators through a new async mode.
• Added policies for filter defaults and similar things.
• urlize now sets "rel noopener" by default.
• Support attribute fallback for old-style classes in 2.x.
• Support toplevel set statements in extend situations.
• Restored behavior of Cycler for Python 3 users.
• Subtraction now follows the same behavior as other operators on undefined
  values.
• map and friends will now give better error messages if you forgot to
  quote the parameter.
• Depend on MarkupSafe 0.23 or higher.
• Improved the truncate filter to support better truncation in case
  the string is barely truncated at all.
• Change the logic for macro autoescaping to be based on the runtime
  autoescaping information at call time instead of macro define time.
• Ported a modified version of the tojson filter from Flask to Jinja2
  and hooked it up with the new policy framework.
• Block sets are now marked safe by default.
• On Python 2 the asciification of ASCII strings can now be disabled with
  the compiler.ascii_str policy.
• Tests now no longer accept an arbitrary expression as first argument but
  a restricted one. This means that you can now properly use multiple
  tests in one expression without extra parentheses. In particular you can
  now write foo is divisibleby 2 or foo is divisibleby 3
  as you would expect.
• Greatly changed the scoping system to be more consistent with what template
  designers and developers expect. There is now no more magic difference
  between the different include and import constructs. Context is now always
  propagated the same way. The only remaining differences is the defaults
  for with context and without context.
• The with and autoescape tags are now built-in.
• Added the new select_autoescape function which helps configuring better
  autoescaping easier.

2.8.2

---

(bugfix release, unreleased)

• Fixed a runtime error in the sandbox when attributes of async generators
  were accessed.

dennis 0.7 -> 0.8

0.8.0

================================

• b0705f4 Clean up pytest code and drop Python 2.6 bits
• d27790b Fix th' --varformat flag to alloww nay formats (83)
• 3bf0929 Switch travis sudo flag
• 990c842 Update requirements
• 0d00ad4 Add travis supparrt
• 528fcc1 Fix support for Python 3.5 (Thanks John Vandenberg!)
• 700490d Add Travis CI testing (88)
• a59a9bb Fix translation o' plurals (79)
• aca57f6 Fix false positive wit' InvalidVarsLintRule (78)
• 581f230 Add note about --check-headerr flag to recipes
• bce6308 Fix PythonBraceFormat regexp to handle spaces
• 7016ee4 Add .cache to .gitignore
• 05a4e14 Collapse th' whitespace in text in th' html transform
• 75fa600 Prepare fer 0.8 development
• 070808d Add additional dev-relat'd packages

billiard 3.3.0.23 -> 3.5.0.2

3.5.0.2

---

• max_memory_per_child was measured in kilobytes on Linux, but bytes on
  *BSD/MacOS, it's now always kilobytes.

• Windows: Adds support for max_memory_per_child, but requires the
  psutil package to be installed.

• Fixed bug in ForkingPickler.loadbuf, where it tried to pass
  a BytesIO instance directly to pickle.loads on Python 2.7.

3.5.0.1

---

• Connection: Properly handle EINTR (Issue 191).

• Fixed bug with missing CreateProcess for Windows on Python 2.7.

• Adds Process._counter for compatibility with Python <3.5.

3.5.0.0

---

• No longer supports Python 2.6

You need Python 2.7 or later to use this version of billiard.

• Merged changes from CPython 3.5

psutil 4.4.2 -> 5.0.1

5.0.1

=====

2016-12-21

Enhancements

• 939_: tar.gz distribution went from 1.8M to 258K.
• 811_: [Windows] provide a more meaningful error message if trying to use
  psutil on unsupported Windows XP.

Bug fixes

• 609_: [SunOS] psutil does not compile on Solaris 10.
• 936_: [Windows] fix compilation error on VS 2013 (patch by Max Bélanger).
• 940_: [Linux] cpu_percent() and cpu_times_percent() was calculated
  incorrectly as "iowait", "guest" and "guest_nice" times were not properly
  taken into account.
• 944_: [OpenBSD] psutil.pids() was omitting PID 0.

5.0.0

=====

2016-11-06

Enhncements

• 799_: new Process.oneshot() context manager making Process methods around
  +2x faster in general and from +2x to +6x faster on Windows.
• 943_: better error message in case of version conflict on import.

Bug fixes

• 932_: [NetBSD] net_connections() and Process.connections() may fail without
  raising an exception.
• 933_: [Windows] memory leak in cpu_stats() and WindowsService.description().

oauthlib 0.4.0 -> 2.0.1

2.0.1

---

• (FIX) Normalize handling of request.scopes list

2.0.0

---

• (New Feature) OpenID support.
• Documentation improvements and fixes.

1.1.2

---

• (Fix) Query strings should be able to include colons.
• (Fix) Cast body to a string to ensure that we can perform a regex substitution on it.

1.1.1

---

• (Enhancement) Better sanitisation of Request objects repr.

1.1.0

---

• (Fix) '(', ')', '/' and '?' are now safe characters in url encoded strings.
• (Enhancement) Added support for specifying if refresh tokens should be created on authorization code grants.
• (Fix) OAuth2Token now handles None scopes correctly.
• (Fix) Request token is now available for OAuth 1.
• (Enhancement) OAuth2Token is declared with slots for smaller memory footprint.
• (Enhancement) RefreshTokenGrant now allows to set issue_new_refresh_tokens.
• Documentation improvements and fixes.

1.0.3

---

• (Fix) Changed the documented return type of the invalidate_request_token() method from the RSA key to None since nobody is using the return type.
• (Enhancement) Added a validator log that will store what the endpoint has computed for debugging and logging purposes (OAuth 1 only for now).

1.0.2

---

• (Fix) Allow client secret to be null for public applications that do not mandate it's specification in the query parameters.
• (Fix) Encode request body before hashing in order to prevent encoding errors in Python 3.

1.0.1

---

• (Fix) Added token_type_hint to the list of default Request parameters.

1.0.0

---

• (Breaking Change) Replace pycrypto with cryptography from https://cryptography.io
• (Breaking Change) Update jwt to 1.0.0 (which is backwards incompatible) no oauthlib api changes
  were made.
• (Breaking Change) Raise attribute error for non-existing attributes in the Request object.
• (Fix) Strip whitespace off of scope string.
• (Change) Don't require to return the state in the access token response.
• (Change) Hide password in logs.
• (Fix) Fix incorrect invocation of prepare_refresh_body in the OAuth2 client.
• (Fix) Handle empty/non-parsable query strings.
• (Fix) Check if an RSA key is actually needed before requiring it.
• (Change) Allow tuples for list_to_scope as well as sets and lists.
• (Change) Add code to determine if client authentication is required for OAuth2.
• (Fix) Fix error message on invalid Content-Type header for OAtuh1 signing.
• (Fix) Allow ! character in query strings.
• (Fix) OAuth1 now includes the body hash for requests that specify any content-type that isn't x-www-form-urlencoded.
• (Fix) Fixed error description in oauth1 endpoint.
• (Fix) Revocation endpoint for oauth2 will now return an empty string in the response body instead of 'None'.
• Increased test coverage.
• Performance improvements.
• Documentation improvements and fixes.

0.7.2

---

• (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1
  release. Doing a new clean release to address this. Please upgrade quickly
  and report any issues you are running into.

0.7.1

---

• (Quick fix) Add oauthlib.common.log object back in for libraries using it.

0.7.0

---

• (Change) OAuth2 clients will not raise a Warning on scope change if
  the environment variable OAUTHLIB_RELAX_TOKEN_SCOPE is set. The token
  will now be available as an attribute on the error, error.token.
  Token changes will now also be announced using blinker.
• (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook).
• (Fix) Logging is now tiered (per file) as opposed to logging all under oauthlib.
• (Fix) Error messages should now include a description in their message.
• (Fix/Feature) Optional support for jsonp callbacks after token revocation.
• (Feature) Client side preparation of OAuth 2 token revocation requests.
• (Feature) New OAuth2 client API methods for preparing full requests.
• (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs.
• (Fix/Feature) Refresh token grant now allow optional refresh tokens.
• (Fix) add missing state param to OAuth2 errors.
• (Fix) add_params_to_uri now properly parse fragment.
• (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1.
• (Fix/Security) OAuth2 logs will now strip client provided password, if present.
• Allow unescaped in urlencoded parameters.

0.6.3

---

Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when scrubbing for print.

0.6.2

---

• Numerous OAuth2 provider errors now suggest a status code of 401 instead
  of 400 (247.

• Added support for JSON web tokens with oauthlib.common.generate_signed_token.
  Install extra dependency with oauthlib[signedtoken] (237).

• OAuth2 scopes can be arbitrary objects with str defined (240).

• OAuth 1 Clients can now register custom signature methods (239).

• Exposed new method oauthlib.oauth2.is_secure_transport that checks whether
  the given URL is HTTPS. Checks using this method can be disabled by setting
  the environment variable OAUTHLIB_INSECURE_TRANSPORT (249).

• OAuth1 clients now has repr and will be printed with secrets scrubbed.

• OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument.

• urldecode will now raise a much more informative error message on
  incorrectly encoded strings.

• Plenty of typo and other doc fixes.

0.6.1

---

Draft revocation endpoint features and numerous fixes including:

• (OAuth 2 Provider) is_within_original_scope to check whether a refresh token
  is trying to aquire a new set of scopes that are a subset of the original scope.

• (OAuth 2 Provider) expires_in token lifetime can be set per request.

• (OAuth 2 Provider) client_authentication_required method added to differentiate
  between public and confidential clients.

• (OAuth 2 Provider) rotate_refresh_token now indicates whether a new refresh
  token should be generated during token refresh or if old should be kept.

• (OAuth 2 Provider) returned JSON headers no longer include charset.

• (OAuth 2 Provider) validate_authorizatoin_request now also includes the
  internal request object in the returned dictionary. Note that this is
  not meant to be relied upon heavily and its interface might change.

• and many style and typo fixes.

0.6.0

---

OAuth 1 & 2 provider API refactor with breaking changes:

• All endpoint methods change contract to return 3 values instead of 4. The new
  signature is headers, body, status code where the initial redirect_uri
  has been relocated to its rightful place inside headers as Location.

• OAuth 1 Access Token Endpoint has a new required validator method
  invalidate_request_token.

• OAuth 1 Authorization Endpoint now returns a 200 response instead of 302 on
  oob callbacks.

0.5.1

---

OAuth 1 provider fix for incorrect token param in nonce validation.

0.5.0

---

OAuth 1 provider refactor. OAuth 2 refresh token validation fix.

0.4.2

---

OAuth 2 draft to RFC. Removed OAuth 2 framework decorators.

0.4.1

---

Documentation corrections and various small code fixes.

celery 3.1.23 -> 4.0.2

4.0.2

=====
:release-date: 2016-12-15 03:40 PM PST
:release-by: Ask Solem

• Requirements

• Now depends on :ref:Kombu 4.0.2 <kombu:version-4.0.2>.

• Tasks: Fixed problem with JSON serialization of group
  (keys must be string error, Issue 3688).

• Worker: Fixed JSON serialization issue when using inspect active
  and friends (Issue 3667).

• App: Fixed saferef errors when using signals (Issue 3670).

• Prefork: Fixed bug with pack requiring bytes argument
  on Python 2.7.5 and earlier (Issue 3674).

• Tasks: Saferepr did not handle unicode in bytestrings on Python 2
  (Issue 3676).

• Testing: Added new celery_worker_paremeters fixture.

Contributed by Michael Howitz.

• Tasks: Added new app argument to GroupResult.restore
  (Issue 3669).

This makes the restore method behave the same way as the GroupResult
constructor.

Contributed by Andreas Pelme.

• Tasks: Fixed type checking crash when task takes *args on Python 3
  (Issue 3678).

• Documentation and examples improvements by:

• BLAGA Razvan-Paul
• Michael Howitz
• :github_user:paradox41

.. _version-4.0.1:

4.0.1

=====
:release-date: 2016-12-08 05:22 PM PST
:release-by: Ask Solem

• [Security: CELERYSA-0003_] Insecure default configuration

The default :setting:accept_content setting was set to allow
deserialization of pickled messages in Celery 4.0.0.

The insecure default has been fixed in 4.0.1, and you can also
configure the 4.0.0 version to explicitly only allow json serialized
messages:

.. code-block:: python

   app.conf.accept_content = ['json']

.. _CELERYSA-0003:
https://github.com/celery/celery/tree/master/docs/sec/CELERYSA-0003.txt

• Tasks: Added new method to register class-based tasks (Issue 3615).

To register a class based task you should now call app.register_task:

.. code-block:: python

   from celery import Celery, Task

   app = Celery()

   class CustomTask(Task):

       def run(self):
           return 'hello'

   app.register_task(CustomTask())

• Tasks: Argument checking now supports keyword-only arguments on Python3
  (Issue 3658).

Contributed by :github_user:sww.

• Tasks: The task-sent event was not being sent even if
  configured to do so (Issue 3646).

• Worker: Fixed AMQP heartbeat support for eventlet/gevent pools
  (Issue 3649).

• App: app.conf.humanize() would not work if configuration
  not finalized (Issue 3652).

• Utils: saferepr attempted to show iterables as lists
  and mappings as dicts.

• Utils: saferepr did not handle unicode-errors
  when attempting to format bytes on Python 3 (Issue 3610).

• Utils: saferepr should now properly represent byte strings
  with non-ascii characters (Issue 3600).

• Results: Fixed bug in elasticsearch where _index method missed
  the body argument (Issue 3606).

Fix contributed by 何翔宇 (Sean Ho).

• Canvas: Fixed :exc:ValueError in chord with single task header
  (Issue 3608).

Fix contributed by Viktor Holmqvist.

• Task: Ensure class-based task has name prior to registration
  (Issue 3616).

Fix contributed by Rick Wargo.

• Beat: Fixed problem with strings in shelve (Issue 3644).

Fix contributed by Alli.

• Worker: Fixed :exc:KeyError in inspect stats when -O argument
  set to something other than fast or fair (Issue 3621).

• Task: Retried tasks were no longer sent to the original queue
  (Issue 3622).

• Worker: Python 3: Fixed None/int type comparison in
  :file:apps/worker.py (Issue 3631).

• Results: Redis has a new :setting:redis_socket_connect_timeout
  setting.

• Results: Redis result backend passed the socket_connect_timeout
  argument to UNIX socket based connections by mistake, causing a crash.

• Worker: Fixed missing logo in worker splash screen when running on
  Python 3.x (Issue 3627).

Fix contributed by Brian Luan.

• Deps: Fixed celery[redis] bundle installation (Issue 3643).

Fix contributed by Rémi Marenco.

• Deps: Bundle celery[sqs] now also requires :pypi:pycurl
  (Issue 3619).

• Worker: Hard time limits were no longer being respected (Issue 3618).

• Worker: Soft time limit log showed Trues instead of the number
  of seconds.

• App: registry_cls argument no longer had any effect (Issue 3613).

• Worker: Event producer now uses connection_for_Write (Issue 3525).

• Results: Redis/memcache backends now uses :setting:result_expires
  to expire chord counter (Issue 3573).

Contributed by Tayfun Sen.

• Django: Fixed command for upgrading settings with Django (Issue 3563).

Fix contributed by François Voron.

• Testing: Added a celery_parameters test fixture to be able to use
  customized Celery init parameters. (3626)

Contributed by Steffen Allner.

• Documentation improvements contributed by

• :github_user:csfeathers
• Moussa Taifi
• Yuhannaa
• Laurent Peuch
• Christian
• Bruno Alla
• Steven Johns
• :github_user:tnir
• GDR!

.. _version-4.0.0:

4.0.0

=====
:release-date: 2016-11-04 02:00 P.M PDT
:release-by: Ask Solem

See :ref:whatsnew-4.0 (in :file:docs/whatsnew-4.0.rst).

.. _version-4.0.0rc7:

4.0.0rc7

========
:release-date: 2016-11-02 01:30 P.M PDT

Important notes

• Database result backend related setting names changed from
  sqlalchemy_* -> database_*.

The sqlalchemy_ named settings won't work at all in this
version so you need to rename them. This is a last minute change,
and as they were not supported in 3.1 we will not be providing
aliases.

• chain(A, B, C) now works the same way as A | B | C.

This means calling chain() might not actually return a chain,
it can return a group or any other type depending on how the
workflow can be optimized.

bleach 1.4.3 -> 1.5.0

1.5

---

Backwards incompatible changes

• clean: The list of ALLOWED_PROTOCOLS now defaults to http, https and
  mailto. Previously it was a long list of protocols something like ed2k, ftp,
  http, https, irc, mailto, news, gopher, nntp, telnet, webcal, xmpp, callto,
  feed, urn, aim, rsync, tag, ssh, sftp, rtsp, afs, data. 149

Changes

• clean: Added protocols to arguments list to let you override the list of
  allowed protocols. Thank you, Andreas Malecki! 149
• linkify: Fix a bug involving periods at the end of an email address. Thank you,
  Lorenz Schori! 219
• linkify: Fix linkification of non-ascii ports. Thank you Alexandre, Macabies!
  207
• linkify: Fix linkify inappropriately removing node tails when dropping nodes.
  132
• Fixed a test that failed periodically. 161
• Switched from nose to py.test. 204
• Add test matrix for all supported Python and html5lib versions. 230
• Limit to html5lib >=0.999,!=0.9999,!=0.99999,<0.99999999 because 0.9999
  and 0.99999 are busted.
• Add support for python setup.py test. 97

pytest-selenium 1.3.1 -> 1.7.0

1.7.0

• Introduced a firefox_options fixture.
• Switched to Firefox options for speciying binary and profile.

1.6.0

• Added support for CrossBrowserTesting <https://crossbrowsertesting.com/>_.

1.5.1

• Fix issues with Internet Explorer driver.

1.5.0

• Replaced driver fixtures with generic driver_class fixture.
• Introduced a driver_kwargs fixture.

1.4.0

• Added support for Safari.

click 6.6 -> 6.7

6.7

---

(bugfix release; released on January 6th 2017)

• Make click.progressbar work with codecs.open files. See 637.
• Fix bug in bash completion with nested subcommands. See 639.
• Fix test runner not saving caller env correctly. See 644.
• Fix handling of SIGPIPE. See 626
• Deal with broken Windows environments such as Google App Engine's. See 711.

elasticsearch 1.1.1 -> 5.1.0

5.1.0

---

5.0.1

---

Fixed performance regression in scan helper

5.0

• when using SSL certificate validation is now on by default. Install
  certifi or supply root certificate bundle.
• elasticsearch.trace logger now also logs failed requests, signature of
  internal logging method log_request_fail has changed, all custom
  connection classes need to be updated
• added headers arg to connections to support custom http headers
• passing in a keyword parameter with None as value will cause that param
  to be ignored

5.0.0

---

2.4.0

---

• ping now ignores all TransportError exceptions and just returns
  False
• expose scroll_id on ScanError
• increase default size for scan helper to 1000

Internal:

• changed Transport.perform_request to just return the body, not status as well.

2.3.0

---

• added client_key argument to configure client certificates
• debug loggin

[EnTeQuAk]

Closing this branch to let pyup do it's thing dependency by dependency.