Bump datasette from 0.45 to 0.46

[dependabot]

Bumps datasette from 0.45 to 0.46.

Release notes

Sourced from datasette's releases.

0.46

Warning: This release contains a security fix related to authenticated writable canned queries. If you are using this feature you should upgrade as soon as possible.

• Security fix: CSRF tokens were incorrectly included in read-only canned query forms, which could allow them to be leaked to a sophisticated attacker. See issue 918 for details.
• Datasette now supports GraphQL via the new datasette-graphql plugin - see GraphQL in Datasette with the new datasette-graphql plugin.
• Principle git branch has been renamed from master to main. (#849)
• New debugging tool: /-/allow-debug tool (demo here) helps test allow blocks against actors, as described in Defining permissions with "allow" blocks. (#908)
• New logo for the documentation, and a new project tagline: "An open source multi-tool for exploring and publishing data".
• Whitespace in column values is now respected on display, using white-space: pre-wrap. (#896)
• New await request.post_body() method for accessing the raw POST body, see Request object. (#897)
• Database file downloads now include a content-length HTTP header, enabling download progress bars. (#905)
• File downloads now also correctly set the suggested file name using a content-disposition HTTP header. (#909)
• tests are now excluded from the Datasette package properly - thanks, abeyerpath. (#456)
• The Datasette package published to PyPI now includes sdist as well as bdist_wheel.
• Better titles for canned query pages. (#887)
• Now only loads Python files from a directory passed using the --plugins-dir option - thanks, Amjith Ramanujam. (#890)
• New documentation section on Publishing to Vercel.

Changelog

Sourced from datasette's changelog.

0.46 (2020-08-09)

.. warning:: This release contains a security fix related to authenticated writable canned queries. If you are using this feature you should upgrade as soon as possible.

• Security fix: CSRF tokens were incorrectly included in read-only canned query forms, which could allow them to be leaked to a sophisticated attacker. See issue 918 <https://github.com/simonw/datasette/issues/918>__ for details.
• Datasette now supports GraphQL via the new datasette-graphql <https://github.com/simonw/datasette-graphql>__ plugin - see GraphQL in Datasette with the new datasette-graphql plugin <https://simonwillison.net/2020/Aug/7/datasette-graphql/>__.
• Principle git branch has been renamed from master to main. ([#849](https://github.com/simonw/datasette/issues/849) <https://github.com/simonw/datasette/issues/849>__)
• New debugging tool: /-/allow-debug tool (demo here <https://latest.datasette.io/-/allow-debug>) helps test allow blocks against actors, as described in :ref:authentication_permissions_allow. ([#908](https://github.com/simonw/datasette/issues/908) <https://github.com/simonw/datasette/issues/908>)
• New logo for the documentation, and a new project tagline: "An open source multi-tool for exploring and publishing data".
• Whitespace in column values is now respected on display, using white-space: pre-wrap. ([#896](https://github.com/simonw/datasette/issues/896) <https://github.com/simonw/datasette/issues/896>__)
• New await request.post_body() method for accessing the raw POST body, see :ref:internals_request. ([#897](https://github.com/simonw/datasette/issues/897) <https://github.com/simonw/datasette/issues/897>__)
• Database file downloads now include a content-length HTTP header, enabling download progress bars. ([#905](https://github.com/simonw/datasette/issues/905) <https://github.com/simonw/datasette/issues/905>__)
• File downloads now also correctly set the suggested file name using a content-disposition HTTP header. ([#909](https://github.com/simonw/datasette/issues/909) <https://github.com/simonw/datasette/issues/909>__)
• tests are now excluded from the Datasette package properly - thanks, abeyerpath. ([#456](https://github.com/simonw/datasette/issues/456) <https://github.com/simonw/datasette/issues/456>__)
• The Datasette package published to PyPI now includes sdist as well as bdist_wheel.
• Better titles for canned query pages. ([#887](https://github.com/simonw/datasette/issues/887) <https://github.com/simonw/datasette/issues/887>__)
• Now only loads Python files from a directory passed using the --plugins-dir option - thanks, Amjith Ramanujam. ([#890](https://github.com/simonw/datasette/issues/890) <https://github.com/simonw/datasette/pull/890>__)
• New documentation section on :ref:publish_vercel.

.. _v0_45:

Commits

• b597aa0 Fixed link in release notes, refs #918
• f25391d Release 0.46
• 6d29210 Updated docs on what happens when a release goes out
• 7f10f0f Fix for security issue #918
• de90b75 Fixed incorrect link reference
• 6023900 Package as sdist as well as bdist_wheel
• dc86ce7 Added datasette-graphql
• daf1b50 datasette-graphql in news
• 7ca8c05 Calculate coverage on pushes to main
• 84c162d Deploy latest on pushes to main
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

A newer version of datasette exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.