Colander

================

- Drop support for Python 2.7, 3.4, 3.5, 3.6.

- Add support for Python 3.10, 3.11.

- **[breaking]** If a ``bytes`` object is serialized by a ``String`` schema
node with the ``encoding`` parameter specified, it will be passed through
directly to ``str`` first, causing it to come out with a ``b''`` prefix. In
order to serialize it properly, it should be decoded to a string first.
Previously, when the ``encoding`` parameter was specified it would be decoded
and re-encoded, effectively passing it through untouched, despite not being a
string type.

- Add a new ``colander.DataURL`` validator.
See https://github.com/Pylons/colander/pull/348

- Add IDN support to ``colander.url``.
See https://github.com/Pylons/colander/pull/352

- ``colander.All`` now supports ``colander.Invalid.msg`` being ``None`` or a
list, otherwise ``colander.Invalid.asdict`` crashes with
``TypeError: sequence item 1: expected str instance, NoneType found``.
See https://github.com/Pylons/colander/pull/333 and
https://github.com/Pylons/colander/issues/194

- Fixed an issue with ``colander.Mapping`` and ``colander.Sequence``
where a ``default`` value of ``drop`` caused missing values to be dropped
during deserialization. (Only ``missing`` values should affect
deserialization, and only ``default`` values should affect serialization.)
Added many new test cases for ``MappingSchema`` and ``SequenceSchema``.
See https://github.com/Pylons/colander/pull/264

- Remove the dependency on ``setuptools`` for resolving pkg_resources-style
importable paths in ``colander.GlobalObject``.

- Refresh localization files with Babel 2.11.

==================

- Add support for Python 3.9.

- Fix handling of ``insert_before`` on deferred nodes so that it inserts the
new node before the specified node instead of always appending to the end of
``node.children`` after binding.

==================

- Fix the broken wheels in 1.8.1 and 1.8.0 to include the locale data. **sigh**

==================

- Fix the broken wheels in 1.8.0 to include the locale data.

==================

- Drop support for Python 3.4.

- Add support for Python 3.7 and 3.8.

- Fix deserializer on ``Date`` and ``DateTime`` fields to correctly catch
``ValueError`` and ``TypeError`` exception, which can arise when using custom
formats on the field. Instead of allowing these exceptions to propagate,
replace then with an ``Invalid`` exception instead.
See https://github.com/Pylons/colander/pull/338

==================

- The URL validator regex has been updated to no longer be vulnerable to a
catastrophic backtracking that would have led to an infinite loop. See
https://github.com/Pylons/colander/pull/323 and
https://github.com/Pylons/colander/issues/290. With thanks to Przemek
(https://github.com/p-m-k).

This does change the behaviour of the URL validator and it no longer supports
``file://`` URI scheme (https://tools.ietf.org/html/rfc8089). Users that
wish to validate ``file://`` URI's should change their validator to use
``colander.file_uri`` instead.

It has also dropped support for alternate schemes outside of http/ftp (and
their secure equivelants). Please let us know if we need to relax this
requirement.

CVE-ID: CVE-2017-18361

- The Email validator has been updated to use the same regular expression that
is used by the WhatWG HTML specification, thereby increasing the email
addresses that will validate correctly from web forms submitted. See
https://github.com/Pylons/colander/pull/324 and
https://github.com/Pylons/colander/issues/283

- Number once again will allow you to serialize None to colander.null, this
reverts an accidental revert. See
https://github.com/Pylons/colander/issues/204#issuecomment-459556100

- Integer SchemaType now supports an optional ``strict`` mode that will
validate that the number is an integer, rather than silently accepting floats
and truncating. See https://github.com/Pylons/colander/pull/322 and
https://github.com/Pylons/colander/issues/292