Scheduled weekly dependency update for week 39

[pyup-bot]

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

raven	6.1.0	»	6.2.1	PyPI | Changelog | Repo
boto3	1.4.4	»	1.4.7	PyPI | Changelog | Repo
django-storages	1.6.3	»	1.6.5	PyPI | Changelog | Repo
wheel	0.29.0	»	0.30.0	PyPI | Changelog | Repo
django	1.11.3	»	1.11.5	PyPI | Changelog | Homepage
django-environ	0.4.3	»	0.4.4	PyPI | Changelog | Repo
whitenoise	3.3.0	»	3.3.1	PyPI | Changelog | Homepage
psycopg2	2.7.1	»	2.7.3.1	PyPI | Changelog | Homepage
djangorestframework	3.6.3	»	3.6.4	PyPI | Changelog | Homepage
django-health-check	2.3.0	»	2.4.0	PyPI | Changelog | Repo
factory-boy	2.8.1	»	2.9.2	PyPI | Changelog | Repo
flake8	3.3.0	»	3.4.1	PyPI | Changelog | Repo

Changelogs

raven 6.1.0 -> 6.2.1

6.2.0

---

• [Core] get_frame_locals properly using max_var_size
• [Core] Fixed raven initialization when logging._srcfile is None
• [Core] Fixed import locking to avoid recursion
• [Django] Fixed several issues for Django 1.11 and Django 2.0
• [Django/DRF] Fixed issue with unavailable request data
• [Flask] Added app.logger instrumentation
• [Flask] Added signal on setup_logging
• [ZConfig] Added standalone ZConfig support
• [Celery] Fixed several issues related to Celery

boto3 1.4.4 -> 1.4.7

1.4.7

=====

• enhancement:botocore: Raised minor version dependency for botocore

1.4.6

=====

• enhancement:Logging: Switch log levels from INFO to DEBUG (1208 <https://github.com/boto/boto3/issues/1208>__)

1.4.5

=====

• enhancement:s3: Add a LifecycleConfiguration resource to resolve issues with the existing Lifecycle resource.

django-storages 1.6.3 -> 1.6.5

1.6.5

---

• Fix Django 1.11 regression with gzipped content being saved twice
  resulting in empty files (367, 371, 373_)
• Fix the mtime when gzipping content on S3Boto3Storage (374_)

.. _367: jschneier/django-storages#367
.. _371: jschneier/django-storages#371
.. _373: jschneier/django-storages#373
.. _374: jschneier/django-storages#374

1.6.4

---

• Files uploaded with GoogleCloudStorage will now set their appropriate mimetype (320_)
• Fix DropBoxStorage.url to work. (357_)
• Fix S3Boto3Storage when AWS_PRELOAD_METADATA = True (366_)
• Fix S3Boto3Storage uploading file-like objects without names (195, 368)
• S3Boto3Storage is now threadsafe - a separate session is created on a
  per-thread basis (268, 358)

.. _320: jschneier/django-storages#320
.. _357: jschneier/django-storages#357
.. _366: jschneier/django-storages#366
.. _195: jschneier/django-storages#195
.. _368: jschneier/django-storages#368
.. _268: jschneier/django-storages#268
.. _358: jschneier/django-storages#358

wheel 0.29.0 -> 0.30.0

0.30.0

======

• Added py-limited-api {cp32|cp33|cp34|...} flag to produce cpNN.abi3.{arch}
  tags on CPython 3.
• Documented the license_file metadata key
• Improved Python, abi tagging for wheel convert. Thanks Ales Erjavec.
• Fixed > being prepended to lines starting with "From" in the long description
• Added support for specifying a build number (as per PEP 427).
  Thanks Ian Cordasco.
• Made the order of files in generated ZIP files deterministic.
  Thanks Matthias Bach.
• Made the order of requirements in metadata deterministic. Thanks Chris Lamb.
• Fixed wheel install clobbering existing files
• Improved the error message when trying to verify an unsigned wheel file
• Removed support for Python 2.6, 3.2 and 3.3.

django 1.11.3 -> 1.11.5

1.11.5

===========================

September 5, 2017

Django 1.11.5 fixes a security issue and several bugs in 1.11.4.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed
a cross-site scripting attack. This vulnerability shouldn't affect most
production sites since you shouldn't run with DEBUG = True (which makes
this page accessible) in your production settings.

Bugfixes

• Fixed GEOS version parsing if the version has a commit hash at the end (new
  in GEOS 3.6.2) (:ticket:28441).

• Added compatibility for cx_Oracle 6 (:ticket:28498).

• Fixed select widget rendering when option values are tuples (:ticket:28502).

• Django 1.11 inadvertently changed the sequence and trigger naming scheme on
  Oracle. This causes errors on INSERTs for some tables if
  'use_returning_into': False is in the OPTIONS part of DATABASES.
  The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
  requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
  upgrade script in 🎫28451 comment 8 to update sequence and trigger
  names to use the pre-1.11 naming scheme.

• Added POST request support to LogoutView, for equivalence with the
  function-based logout() view (:ticket:28513).

• Omitted pages_per_range from BrinIndex.deconstruct() if it's None
  (:ticket:25809).

• Fixed a regression where SelectDateWidget localized the years in the
  select box (:ticket:28530).

• Fixed a regression in 1.11.4 where runserver crashed with non-Unicode
  system encodings on Python 2 + Windows (:ticket:28487).

• Fixed a regression in Django 1.10 where changes to a ManyToManyField
  weren't logged in the admin change history (:ticket:27998) and prevented
  ManyToManyField initial data in model forms from being affected by
  subsequent model changes (:ticket:28543).

• Fixed non-deterministic results or an AssertionError crash in some
  queries with multiple joins (:ticket:26522).

• Fixed a regression in contrib.auth's login() and logout() views
  where they ignored positional arguments (:ticket:28550).

===========================

1.11.4

===========================

August 1, 2017

Django 1.11.4 fixes several bugs in 1.11.3.

Bugfixes

• Fixed a regression in 1.11.3 on Python 2 where non-ASCII format values
  for date/time widgets results in an empty value in the widget's HTML
  (:ticket:28355).

• Fixed QuerySet.union() and difference() when combining with
  a queryset raising EmptyResultSet (:ticket:28378).

• Fixed a regression in pickling of LazyObject on Python 2 when the wrapped
  object doesn't have __reduce__() (:ticket:28389).

• Fixed crash in runserver's autoreload with Python 2 on Windows with
  non-str environment variables (:ticket:28174).

• Corrected Field.has_changed() to return False for disabled form
  fields: BooleanField, MultipleChoiceField, MultiValueField,
  FileField, ModelChoiceField, and ModelMultipleChoiceField.

• Fixed QuerySet.count() for union(), difference(), and
  intersection() queries. (:ticket:28399).

• Fixed ClearableFileInput rendering as a subwidget of MultiWidget
  (:ticket:28414). Custom clearable_file_input.html widget templates
  will need to adapt for the fact that context values
  checkbox_name, checkbox_id, is_initial, input_text,
  initial_text, and clear_checkbox_label are now attributes of
  widget rather than appearing in the top-level context.

• Fixed queryset crash when using a GenericRelation to a proxy model
  (:ticket:28418).

===========================

django-environ 0.4.3 -> 0.4.4

0.4.4

whitenoise 3.3.0 -> 3.3.1

3.3.1

---

• Fix issue with the immutable file test when running behind a CDN which rewrites
  paths (thanks lskillen).

psycopg2 2.7.1 -> 2.7.3.1

2.7.3.1

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Dropped libresolv from wheel package to avoid incompatibility with
  glibc 2.26 (wheels ticket 2)

2.7.3

^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Restored default :sql:timestamptz[] typecasting to Python !datetime.
  Regression introduced in Psycopg 2.7.2 (:ticket:578).

2.7.2

^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fixed inconsistent state in externally closed connections
  (:tickets:263, 311, 443). Was fixed in 2.6.2 but not included in
  2.7 by mistake.
• Fixed Python exceptions propagation in green callback (:ticket:410).
• Don't display the password in connection.dsn when the connection
  string is specified as an URI (:ticket:528).
• Return objects with timezone parsing "infinity" :sql:timestamptz
  (:ticket:536).
• Dropped dependency on VC9 runtime on Windows binary packages
  (:ticket:541).
• Fixed segfault in ~connection.lobject() when mode=\ !None
  (:ticket:544).
• Fixed ~connection.lobject() keyword argument lobject_factory
  (:ticket:545).
• Fixed ~psycopg2.extras.ReplicationCursor.consume_stream()
  keepalive_interval argument (:ticket:547).
• Maybe fixed random import error on Python 3.6 in multiprocess
  environment (:ticket:550).
• Fixed random !SystemError upon receiving abort signal (:ticket:551).
• Accept ~psycopg2.sql.Composable objects in
  ~psycopg2.extras.ReplicationCursor.start_replication_expert()
  (:ticket:554).
• Parse intervals returned as microseconds from Redshift (:ticket:558).
• Added ~psycopg2.extras.Json !prepare() method to consider connection
  params when adapting (:ticket:562).
• ~psycopg2.errorcodes map updated to PostgreSQL 10 beta 1.

djangorestframework 3.6.3 -> 3.6.4

3.6.4

Date: [21st August 2017][3.6.4-milestone]

• Ignore any invalidly formed query parameters for OrderingFilter. [5131][gh5131]
• Improve memory footprint when reading large JSON requests. [5147][gh5147]
• Fix schema generation for pagination. [5161][gh5161]
• Fix exception when HTML_CUTOFF is set to None. [5174][gh5174]
• Fix browsable API not supporting multipart/form-data correctly. [5176][gh5176]
• Fixed test_hyperlinked_related_lookup_url_encoded_exists. [5179][gh5179]
• Make sure max_length is in FileField kwargs. [5186][gh5186]
• Fix list_route & detail_route with kwargs contains curly bracket in url_path [5187][gh5187]
• Add Django manage command to create a DRF user Token. [5188][gh5188]
• Ensure API documentation templates do not check for user authentication [5162][gh5162]
• Fix special case where OneToOneField is also primary key. [5192][gh5192]
• Added aria-label and a new region for accessibility purposes in base.html [5196][gh5196]
• Quote nested API parameters in api.js. [5214][gh5214]
• Set ViewSet args/kwargs/request before dispatch. [5229][gh5229]
• Added unicode support to SlugField. [5231][gh5231]
• Fix HiddenField appears in Raw Data form initial content. [5259][gh5259]
• Raise validation error on invalid timezone parsing. [5261][gh5261]
• Fix SearchFilter to-many behavior/performance. [5264][gh5264]
• Simplified chained comparisons and minor code fixes. [5276][gh5276]
• RemoteUserAuthentication, docs, and tests. [5306][gh5306]
• Revert "Cached the field's root and context property" [5313][gh5313]
• Fix introspection of list field in schema. [5326][gh5326]
• Fix interactive docs for multiple nested and extra methods. [5334][gh5334]
• Fix/remove undefined template var "schema" [5346][gh5346]

factory-boy 2.8.1 -> 2.9.2

2.9.2

---

Bugfix:

• Fix declaration corruption bug when a factory defined foo__bar__baz=1 and a caller
  provided a foo__bar=x parameter at call time: this got merged into the factory's base
  declarations.

2.9.1

---

Bugfix:

• Fix packaging issues (see Tag formatter documentation zestsoftware/zest.releaser#212)
• Don't crash when debugging PostGenerationDeclaration

2.9.0

---

This version brings massive changes to the core engine, thus reducing the number of
corner cases and weird behaviourrs.

New:

• :issue:275: factory.fuzzy and factory.faker now use the same random seed.
• Add :class:factory.Maybe, which chooses among two possible declarations based
  on another field's value (powers the :class:~factory.Trait feature).
• :class:~factory.PostGenerationMethodCall only allows to pass one positional argument; use keyword arguments for
  extra parameters.

Deprecation:

• factory.fuzzy.get_random_state is deprecated, factory.random.get_random_state should be used instead.
• factory.fuzzy.set_random_state is deprecated, factory.random.set_random_state should be used instead.
• factory.fuzzy.reseed_random is deprecated, factory.random.reseed_random should be used instead.

flake8 3.3.0 -> 3.4.1

3.4.1

---

You can view the 3.4.1 milestone_ on GitLab for more details.

• Fix minor regression when users specify only a --select list with items
  in the enabled/extended select list. (See also GitLab354_)

.. all links
.. _3.4.1 milestone:
https://gitlab.com/pycqa/flake8/milestones/19

.. issue links
.. _GitLab354:
https://gitlab.com/pycqa/flake8/issues/354

.. merge request links

3.4.0

---

You can view the 3.4.0 milestone_ on GitLab for more details.

• Refine logic around --select and --ignore when combined with the
  default values for each. (See also GitLab318_)

• Handle spaces as an alternate separate for error codes, e.g.,
  --ignore 'E123 E234'. (See also GitLab329_)

• Filter out empty select and ignore codes, e.g., --ignore E123,,E234.
  (See also GitLab330_)

• Specify dependencies appropriately in setup.py (See also Gitlab341_)

• Fix bug in parsing --quiet and --verbose from config files.
  (See also GitLab!193_)

• Remove unused import of os in the git hook template (See also
  GitLab!194_)

.. all links
.. _3.4.0 milestone:
https://gitlab.com/pycqa/flake8/milestones/18

.. issue links
.. _GitLab318:
https://gitlab.com/pycqa/flake8/issues/318
.. _GitLab329:
https://gitlab.com/pycqa/flake8/issues/329
.. _GitLab330:
https://gitlab.com/pycqa/flake8/issues/330
.. _GitLab341:
https://gitlab.com/pycqa/flake8/issues/341

.. merge request links
.. _GitLab!193:
https://gitlab.com/pycqa/flake8/merge_requests/193
.. _GitLab!194:
https://gitlab.com/pycqa/flake8/merge_requests/194

That's it for now!

Happy merging! 🤖

[pyup-bot]

Closing this in favor of #90