Scheduled weekly dependency update for week 06

[pyup-bot]

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

boto3	1.5.19	»	1.5.26	PyPI | Changelog | Repo
django	2.0.1	»	2.0.2	PyPI | Changelog | Homepage
django-tables2	1.17.1	»	1.19.0	PyPI | Changelog | Repo
mammoth	1.4.3	»	1.4.4	PyPI | Changelog | Repo
importanize	0.6.2	»	0.6.3	PyPI | Changelog | Repo
coverage	4.4.2	»	4.5.1	PyPI | Changelog | Repo

Changelogs

boto3 1.5.19 -> 1.5.26

1.5.26

======

• api-change:lex-runtime: [botocore] Update lex-runtime client to latest version
• api-change:ec2: [botocore] Update ec2 client to latest version
• api-change:lex-models: [botocore] Update lex-models client to latest version

1.5.25

======

• api-change:ds: [botocore] Update ds client to latest version
• api-change:appstream: [botocore] Update appstream client to latest version
• api-change:medialive: [botocore] Update medialive client to latest version
• api-change:budgets: [botocore] Update budgets client to latest version
• api-change:gamelift: [botocore] Update gamelift client to latest version
• api-change:dynamodb: [botocore] Update dynamodb client to latest version
• api-change:dms: [botocore] Update dms client to latest version
• api-change:mediastore: [botocore] Update mediastore client to latest version

1.5.24

======

• api-change:servicediscovery: [botocore] Update servicediscovery client to latest version
• api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
• api-change:ssm: [botocore] Update ssm client to latest version
• api-change:glue: [botocore] Update glue client to latest version

1.5.23

======

• api-change:cloud9: [botocore] Update cloud9 client to latest version
• api-change:acm: [botocore] Update acm client to latest version
• api-change:kinesis: [botocore] Update kinesis client to latest version
• api-change:opsworks: [botocore] Update opsworks client to latest version

1.5.22

======

• api-change:mturk: [botocore] Update mturk client to latest version
• api-change:medialive: [botocore] Update medialive client to latest version
• api-change:devicefarm: [botocore] Update devicefarm client to latest version

1.5.21

======

• api-change:lambda: [botocore] Update lambda client to latest version
• api-change:codebuild: [botocore] Update codebuild client to latest version
• api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
• bugfix:Presign: [botocore] Fix issue where some events were not fired during the presigning of a request thus not including a variety of customizations (1340 <https://github.com/boto/botocore/issues/1340>__)
• enhancement:Credentials: [botocore] Improved error message when the source profile for an assume role is misconfigured. Fixes aws/aws-cli2763 <https://github.com/aws/aws-cli/issues/2763>__
• api-change:guardduty: [botocore] Update guardduty client to latest version
• enhancment:Paginator: [botocore] Added paginators for a number of services where the result key is unambiguous.

1.5.20

======

• api-change:budgets: [botocore] Update budgets client to latest version

django 2.0.1 -> 2.0.2

2.0.2

==========================

February 1, 2018

Django 2.0.2 fixes a security issue and several bugs in 2.0.1.

CVE-2018-6188: Information leakage in AuthenticationForm

A regression in Django 1.11.8 made
:class:~django.contrib.auth.forms.AuthenticationForm run its
confirm_login_allowed() method even if an incorrect password is entered.
This can leak information about a user, depending on what messages
confirm_login_allowed() raises. If confirm_login_allowed() isn't
overridden, an attacker enter an arbitrary username and see if that user has
been set to is_active=False. If confirm_login_allowed() is overridden,
more sensitive details could be leaked.

This issue is fixed with the caveat that AuthenticationForm can no longer
raise the "This account is inactive." error if the authentication backend
rejects inactive users (the default authentication backend, ModelBackend,
has done that since Django 1.10). This issue will be revisited for Django 2.1
as a fix to address the caveat will likely be too invasive for inclusion in
older versions.

Bugfixes

• Fixed hidden content at the bottom of the "The install worked successfully!"
  page for some languages (:ticket:28885).

• Fixed incorrect foreign key nullification if a model has two foreign keys to
  the same model and a target model is deleted (:ticket:29016).

• Fixed regression in the use of QuerySet.values_list(..., flat=True)
  followed by annotate() (:ticket:29067).

• Fixed a regression where a queryset that annotates with geometry objects
  crashes (:ticket:29054).

• Fixed a regression where contrib.auth.authenticate() crashes if an
  authentication backend doesn't accept request and a later one does
  (:ticket:29071).

• Fixed a regression where makemigrations crashes if a migrations directory
  doesn't have an __init__.py file (:ticket:29091).

• Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields
  (:ticket:29094).

==========================

django-tables2 1.17.1 -> 1.19.0

1.19.0

• BoundColumn.attrs does not evaluate current_value as bool 536 by pachewise (fixes 534)
• Allow more flexible access to cell values (especially useful for django templates) (fixes 485)

1.18.0

• Follow relations when detecting column type for fields in Table.Meta.fields (fixes 498)
• Renamed Table.Meta.template to template_name (with deprecation warning for the former) 542 (fixes 520)
• Added Czech translation 533 by OndraRehounek
• Added table_factory 532 by ZuluPro

mammoth 1.4.3 -> 1.4.4

1.4.4

• Parse paragraph indents.

• Read part paths using relationships. This improves support for documents
  created by Word Online.

importanize 0.6.2 -> 0.6.3

0.6.3

• Fixed (again) importanize hanging when provided relative file path when finding sub-configurations.

coverage 4.4.2 -> 4.5.1

4.5.1

---

• Now that 4.5 properly separated the [run] omit and [report] omit
  settings, an old bug has become apparent. If you specified a package name
  for [run] source, then omit patterns weren't matched inside that package.
  This bug (issue 638_) is now fixed.

• On Python 3.7, reporting about a decorated function with no body other than a
  docstring would crash coverage.py with an IndexError (issue 640_). This is
  now fixed.

• Configurer plugins are now reported in the output of --debug=sys.

.. _issue 638: https://bitbucket.org/ned/coveragepy/issues/638/run-omit-is-ignored-since-45
.. _issue 640: https://bitbucket.org/ned/coveragepy/issues/640/indexerror-reporting-on-an-empty-decorated

.. _changes_45:

4.5

---

• A new kind of plugin is supported: configurators are invoked at start-up to
  allow more complex configuration than the .coveragerc file can easily do.
  See :ref:api_plugin for details. This solves the complex configuration
  problem described in issue 563_.

• The fail_under option can now be a float. Note that you must specify the
  [report] precision configuration option for the fractional part to be
  used. Thanks to Lars Hupfeldt Nielsen for help with the implementation.
  Fixes issue 631_.

• The include and omit options can be specified for both the [run]
  and [report] phases of execution. 4.4.2 introduced some incorrect
  interactions between those phases, where the options for one were confused
  for the other. This is now corrected, fixing issue 621_ and issue 622_.
  Thanks to Daniel Hahler for seeing more clearly than I could.

• The coverage combine command used to always overwrite the data file, even
  when no data had been read from apparently combinable files. Now, an error
  is raised if we thought there were files to combine, but in fact none of them
  could be used. Fixes issue 629_.

• The coverage combine command could get confused about path separators
  when combining data collected on Windows with data collected on Linux, as
  described in issue 618_. This is now fixed: the result path always uses
  the path separator specified in the [paths] result.

• On Windows, the HTML report could fail when source trees are deeply nested,
  due to attempting to create HTML filenames longer than the 250-character
  maximum. Now filenames will never get much larger than 200 characters,
  fixing issue 627_. Thanks to Alex Sandro for helping with the fix.

.. _issue 563: https://bitbucket.org/ned/coveragepy/issues/563/platform-specific-configuration
.. _issue 618: https://bitbucket.org/ned/coveragepy/issues/618/problem-when-combining-windows-generated
.. _issue 621: https://bitbucket.org/ned/coveragepy/issues/621/include-ignored-warning-when-using
.. _issue 622: https://bitbucket.org/ned/coveragepy/issues/622/report-omit-overwrites-run-omit
.. _issue 627: https://bitbucket.org/ned/coveragepy/issues/627/failure-generating-html-reports-when-the
.. _issue 629: https://bitbucket.org/ned/coveragepy/issues/629/multiple-use-of-combine-leads-to-empty
.. _issue 631: https://bitbucket.org/ned/coveragepy/issues/631/precise-coverage-percentage-value

.. _changes_442:

That's it for now!

Happy merging! 🤖

[coveralls]

Coverage remained the same at 88.299% when pulling 16016aa on pyup/scheduled-update-2018-02-12 into 749b84b on master.