pypi datasette 0.57

Warning: This release fixes a reflected cross-site scripting security hole with the ?_trace=1 feature. You should upgrade to this version, or to Datasette 0.56.1, as soon as possible. (#1360)

In addition to the security fix, this release includes ?_col= and ?_nocol= options for controlling which columns are displayed for a table, ?_facet_size= for increasing the number of facet results returned, re-display of your SQL query should an error occur and numerous bug fixes.

New features

  • If an error occurs while executing a user-provided SQL query, that query is now re-displayed in an editable form along with the error message. (#619)
  • New ?_col= and ?_nocol= parameters to show and hide columns in a table, plus an interface for hiding and showing columns in the column cog menu. (#615)
  • A new ?_facet_size= parameter for customizing the number of facet results returned on a table or view page. (#1332)
  • ?_facet_size=max sets that to the maximum, which defaults to 1,000 and is controlled by the the max_returned_rows setting. If facet results are truncated the ... at the bottom of the facet list now links to this parameter. (#1337)
  • ?_nofacet=1 option to disable all facet calculations on a page, used as a performance optimization for CSV exports and ?_shape=array/object. (#1349, #263)
  • ?_nocount=1 option to disable full query result counts. (#1353)
  • ?_trace=1 debugging option is now controlled by the new trace_debug setting, which is turned off by default. (#1359)

Bug fixes and other improvements

  • Custom pages now work correctly when combined with the base_url setting. (#1238)
  • Fixed intermittent error displaying the index page when the user did not have permission to access one of the tables. Thanks, Guy Freeman. (#1305)
  • Columns with the name "Link" are no longer incorrectly displayed in bold. (#1308)
  • Fixed error caused by tables with a single quote in their names. (#1257)
  • Updated dependencies: pytest-asyncio, Black, jinja2, aiofiles, click, and itsdangerous.
  • The official Datasette Docker image now supports apt-get install. (#1320)
  • The Heroku runtime used by datasette publish heroku is now python-3.8.10.
latest releases: 0.59, 0.59a2, 0.59a1...
4 months ago