merge upstream

4 files changed, 36 insertions, 14 deletions

diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py
index afb685f93..bc0b05a08 100644
--- a/src/pyramid/config/views.py
+++ b/src/pyramid/config/views.py
@@ -2045,6 +2045,8 @@ class ViewsConfiguratorMixin(object):
         :class:`~pyramid.interfaces.ICacheBuster` interface.
         Default: ``False``.
 
+        .. versionadded:: 1.6
+
         """
         spec = self._make_spec(path)
         info = self._get_static_info()
diff --git a/src/pyramid/session.py b/src/pyramid/session.py
index 70ac4f55f..10e1ea313 100644
--- a/src/pyramid/session.py
+++ b/src/pyramid/session.py
@@ -44,14 +44,25 @@ def manage_changed(wrapped):
 
 
 class PickleSerializer(object):
-    """ A serializer that uses the pickle protocol to dump Python
-    data to bytes.
+    """
+    .. deprecated:: 2.0
+
+    .. warning::
+
+        In :app:`Pyramid` 2.0 the default ``serializer`` option changed to
+        use :class:`pyramid.session.JSONSerializer`, and ``PickleSerializer``
+        has been been removed from active Pyramid code.
+
+        Pyramid will require JSON-serializable objects in :app:`Pyramid` 2.0.
+
+        Please see :ref:`pickle_session_deprecation`.
 
-    This is the default serializer used by Pyramid.
+    A serializer that uses the pickle protocol to dump Python data to bytes.
+
+    This was the default serializer used by Pyramid, but has been deprecated.
 
     ``protocol`` may be specified to control the version of pickle used.
     Defaults to :attr:`pickle.HIGHEST_PROTOCOL`.
-
     """
 
     def __init__(self, protocol=pickle.HIGHEST_PROTOCOL):
@@ -61,8 +72,9 @@ class PickleSerializer(object):
         """Accept bytes and return a Python object."""
         try:
             return pickle.loads(bstruct)
-        # at least ValueError, AttributeError, ImportError but more to be safe
         except Exception:
+            # this block should catch at least:
+            # ValueError, AttributeError, ImportError; but more to be safe
             raise ValueError
 
     def dumps(self, appstruct):
@@ -70,6 +82,14 @@ class PickleSerializer(object):
         return pickle.dumps(appstruct, self.protocol)
 
 
+deprecated(
+    'PickleSerializer',
+    'pyramid.session.PickleSerializer is deprecated as of Pyramid 2.0 for '
+    'security concerns. Use pyramid.session.JSONSerializer or reference the '
+    'narrative documentation for information on building a migration tool.',
+)
+
+
 JSONSerializer = JSONSerializer  # api
 
 
@@ -438,10 +458,10 @@ def SignedCookieSessionFactory(
 
     .. warning::
 
-       In :app:`Pyramid` 2.0 the default ``serializer`` option changed to
-       use :class:`pyramid.session.JSONSerializer`. See
-       :ref:`pickle_session_deprecation` for more information about why this
-       change was made.
+        In :app:`Pyramid` 2.0 the default ``serializer`` option changed to
+        use :class:`pyramid.session.JSONSerializer`. See
+        :ref:`pickle_session_deprecation` for more information about why this
+        change was made.
 
     .. versionadded: 1.5a3
 
diff --git a/src/pyramid/threadlocal.py b/src/pyramid/threadlocal.py
index 7eca5b0f0..24bc0ec33 100644
--- a/src/pyramid/threadlocal.py
+++ b/src/pyramid/threadlocal.py
@@ -55,7 +55,7 @@ def get_current_request():
 
 
 def get_current_registry(
-    context=None
+    context=None,
 ):  # context required by getSiteManager API
     """
     Return the currently active :term:`application registry` or the
diff --git a/src/pyramid/traversal.py b/src/pyramid/traversal.py
index 9ed5754b7..811c0881b 100644
--- a/src/pyramid/traversal.py
+++ b/src/pyramid/traversal.py
@@ -708,8 +708,8 @@ class ResourceTreeTraverser(object):
 
 
 ModelGraphTraverser = (
-    ResourceTreeTraverser
-)  # b/w compat, not API, used in wild
+    ResourceTreeTraverser  # b/w compat, not API, used in wild
+)
 
 
 @implementer(IResourceURL)
@@ -744,8 +744,8 @@ class ResourceURL(object):
         self.physical_path = physical_path  # IResourceURL attr
         self.virtual_path_tuple = virtual_path_tuple  # IResourceURL attr (1.5)
         self.physical_path_tuple = (
-            physical_path_tuple
-        )  # IResourceURL attr (1.5)
+            physical_path_tuple  # IResourceURL attr (1.5)
+        )
 
 
 @lru_cache(1000)