pypi datasette 0.46

Warning: This release contains a security fix related to authenticated writable canned queries. If you are using this feature you should upgrade as soon as possible.

  • Security fix: CSRF tokens were incorrectly included in read-only canned query forms, which could allow them to be leaked to a sophisticated attacker. See issue 918 for details.
  • Datasette now supports GraphQL via the new datasette-graphql plugin - see GraphQL in Datasette with the new datasette-graphql plugin.
  • Principle git branch has been renamed from master to main. (#849)
  • New debugging tool: /-/allow-debug tool (demo here) helps test allow blocks against actors, as described in Defining permissions with "allow" blocks. (#908)
  • New logo for the documentation, and a new project tagline: "An open source multi-tool for exploring and publishing data".
  • Whitespace in column values is now respected on display, using white-space: pre-wrap. (#896)
  • New await request.post_body() method for accessing the raw POST body, see Request object. (#897)
  • Database file downloads now include a content-length HTTP header, enabling download progress bars. (#905)
  • File downloads now also correctly set the suggested file name using a content-disposition HTTP header. (#909)
  • tests are now excluded from the Datasette package properly - thanks, abeyerpath. (#456)
  • The Datasette package published to PyPI now includes sdist as well as bdist_wheel.
  • Better titles for canned query pages. (#887)
  • Now only loads Python files from a directory passed using the --plugins-dir option - thanks, Amjith Ramanujam. (#890)
  • New documentation section on Publishing to Vercel.
latest releases: 0.59, 0.59a2, 0.59a1...
14 months ago