- Add a
_depthand_categoryarguments to all of the venusian decorators. The_categoryargument can be used to affect which actions are registered when performing aconfig.scan(..., category=...)with a specific category. The_depthargument should be used when wrapping the decorator in your own. This change affectspyramid.view.view_config,pyramid.view.exception_view_config,pyramid.view.forbidden_view_config,pyramid.view.notfound_view_config,pyramid.events.subscriberandpyramid.response.response_adapterdecorators. See #3105 and #3122 - Fix the
pyramid.request.Requestclass name after usingset_propertyorconfig.add_request_methodsuch that thestr(request.__class__)would appear aspyramid.request.Requestinstead ofpyramid.util.Request. See #3129 - In
cherrypy_server_runner, prefer imports from thecherootpackage over the legacy imports from cherrypy.wsgiserver. See #3235 - Add a context manager
route_prefix_contextto thepyramid.config.Configuratorto allow for convenient setting of the route_prefix forincludeandadd_routecalls inside the context. See #3279 - Modify the builtin session implementations to support
SameSiteoptions on cookies and set the default to'Lax'. This affectspyramid.session.BaseCookieSessionFactory,pyramid.session.SignedCookieSessionFactory, andpyramid.session.UnencryptedCookieSessionFactoryConfig. See #3300 - Modify
pyramid.authentication.AuthTktAuthenticationPolicyandpyramid.csrf.CookieCSRFStoragePolicyto support the SameSite option on cookies and set the default to'Lax'. See #3319 - Added new
pyramid.httpexceptions.HTTPPermanentRedirectexception/response object for a HTTP 308 redirect. See #3302 - Within
pshell, allow the user-definedsetupfunction to be a generator, in which case it may wrap the command's lifecycle. See #3318 - Within
pshell, variables defined by the[pshell]settings are available within the user-definedsetupfunction. See #3318 - Add support for Python 3.7. Add testing on Python 3.8 with allowed failures. See #3333
- Set appropriate
codeandtitleattributes on theHTTPClientErrorandHTTPServerErrorexception classes. This prevents inadvertently returning a 520 error code. See #3280 - Replace
webob.acceptparse.MIMEAcceptfrom WebOb withwebob.acceptparse.create_accept_headerin the HTTP exception handling code. The oldMIMEAccepthas been deprecated. The new methods follow the RFC's more closely. See #3251 - Catch extra errors like
AttributeErrorwhen unpickling "trusted" session cookies with bad pickle data in them. This would occur when sharing a secret between projects that shouldn't actually share session cookies, like when reusing secrets between projects in development. See #3325
- On Python 3.4+ the
repoze.lrudependency is dropped. If you were using this package directly in your apps you should make sure that you are depending on it directly within your project. See #3140 - Remove the
permissionargument frompyramid.config.Configurator.add_route. This was an argument left over from a feature removed in Pyramid 1.5 and has had no effect since then. See #3299 - Modify the builtin session implementations to set
SameSite='Lax'on cookies. This affectspyramid.session.BaseCookieSessionFactory,pyramid.session.SignedCookieSessionFactory, andpyramid.session.UnencryptedCookieSessionFactoryConfig. See #3300 - Variables defined in the
[pshell]section of the settings will no longer override those set by thesetupfunction. See #3318
- Add support for alembic to the pyramid-cookiecutter-alchemy cookiecutter and update the wiki2 tutorial to explain how it works. See #3307 and Pylons/pyramid-cookiecutter-alchemy#7
- Bump Sphinx to >= 1.7.4 in setup.py to support
emphasize-linesin PDFs and to pave the way for xelatex support. See #3271, #667, and #2572