Skip to content

CHANGES.rst

Latest commit

 

History

History
135 lines (101 loc) · 5.48 KB

CHANGES.rst

File metadata and controls

135 lines (101 loc) · 5.48 KB

unreleased

Features

  • When a route matches but no view matches due to predicate mismatches, Pyramid now returns the correct HTTP status instead of always returning 404:

    • 405 Method Not Allowed (with Allow header) when all views failed because of request_method predicates.
    • 406 Not Acceptable when all views failed because of accept predicates.
    • 404 Not Found remains the default when mismatches are mixed or unrelated to method/accept.

  • Add support for Python 3.12, 3.13, and 3.14.

  • Added HTTP 418 error code via pyramid.httpexceptions.HTTPImATeapot. See #3667

  • Base coverage reports in tests on Python 3.14 instead of Python 3.8.

  • All scripts now pass a new option __script__ when loading the WSGI app. For example, pserve sets __script__ == 'pserve'. This works for pserve, pshell, prequest, proutes, ptweens, pviews, as well as when using pyramid.paster.bootstrap directly.

    When using plaster-pastedeploy to load an INI file, this option will manifest as a new value passed into the global_conf arg of your application factory, where you can use it as part of initializing your app.

    See #3735

  • Replace usage of md5 in the Pyramid view system with sha256. This is not a security-related feature and is considered an implementation detail that should not impact users.

    See #3745

  • Replace usage of pkg_resources in pyramid.path.DottedNameResolver. See #3748

  • Replace usage of pkg_resources in pdistreport and pshell CLI commands. See #3749

  • Constrain setuptools < 82 to remain compatible with required pkg_resources features. Work continues to fully remove pkg_resources from Pyramid code in future releases. See #3795

  • Remove internal usages of deprecated locale and datetime APIs to reduce deprecation warnings. See #3808

Bug Fixes

  • Fix issues where permissions may be checked on exception views. This is not supposed to happen in normal circumstances.

    This also prevents issues where a request.url fails to be decoded when logging info when pyramid.debug_authorization is enabled.

    See #3741

  • Applications raising pyramid.exceptions.BadCSRFToken and pyramid.exceptions.BadCSRFOrigin were returning invalid HTTP status lines with values like 400 Bad CSRF Origin instead of 400 Bad Request.

    See #3742

  • The methods LegacySessionCSRFStoragePolicy.check_csrf_token, SessionCSRFStoragePolicy.check_csrf_token and CookieCSRFStoragePolicy.check_csrf_token now use errors='backslashreplace' when encoding the supplied_token to "latin-1". Previously UnicodeEncodeError was raised when supplied_token could not be encoded to "latin-1". See #3800

Backward Incompatibilities

  • When all views for a matched route fail due to request_method predicates, Pyramid now raises HTTPMethodNotAllowed (405) instead of PredicateMismatch (a subclass of HTTPNotFound, 404). Similarly, accept predicate mismatches now raise HTTPNotAcceptable (406).

    HTTPMethodNotAllowed and HTTPNotAcceptable do not inherit from HTTPNotFound or PredicateMismatch. Code that catches HTTPNotFound or registers exception views for HTTPNotFound will no longer intercept these responses. Update exception handlers to also catch the new types if needed.

  • Drop support for Python 3.6, 3.7, 3.8, and 3.9.

  • Drop support for l*gettext() methods in the i18n module. These have been deprecated in Python's gettext module since 3.8, and removed in Python 3.11.

  • Add get_spec method to IPackageOverrides. See #3792

  • When using a cache buster with asset overrides, the cache buster will find the first existing file in the override stack, rather than taking the first override regardless of whether the file exists or not. See #3792

Deprecations

  • Deprecated the ability to use a non-existent package with pyramid.config.Configurator.add_static_view and pyramid.static.static_view. This can be fixed by choosing a path located within a real package as the root_dir for your static files. This is almost always either a misconfig or an attempt to define an alias location for use with pyramid.config.Configurator.override_asset. See #3752

Documentation Changes

  • Sync the SQLAlchemy Wiki tutorial with changes to the pyramid-cookiecutter-starter. Includes updates to use pyproject.toml to replace separate config files for pytest, coverage, and setuptools. Also upgrades patterns to support SQLAlchemy 2.0. See #3747
  • Sync the ZODB Wiki tutorial with changes to the pyramid-cookiecutter-starter. Includes updates to use pyproject.toml to replace separate config files for pytest, coverage, and setuptools. See #3751