rowid,repo,release,date,body_markdown,published_at,topics 107914493,https://github.com/simonw/datasette,https://github.com/simonw/datasette/releases/tag/0.46,2020-08-09,"**Warning:** This release contains a security fix related to authenticated writable canned queries. If you are using this feature you should upgrade as soon as possible. - **Security fix:** CSRF tokens were incorrectly included in read-only canned query forms, which could allow them to be leaked to a sophisticated attacker. See [issue 918](https://github.com/simonw/datasette/issues/918) for details. - Datasette now supports GraphQL via the new [datasette-graphql](https://github.com/simonw/datasette-graphql) plugin - see [GraphQL in Datasette with the new datasette-graphql plugin](https://simonwillison.net/2020/Aug/7/datasette-graphql/). - Principle git branch has been renamed from `master` to `main`. ([#849](https://github.com/simonw/datasette/issues/849)) - New debugging tool: `/-/allow-debug tool` ([demo here](https://latest.datasette.io/-/allow-debug)) helps test allow blocks against actors, as described in [Defining permissions with ""allow"" blocks](https://datasette.readthedocs.io/en/stable/authentication.html#authentication-permissions-allow). ([#908](https://github.com/simonw/datasette/issues/908)) - New logo for the documentation, and a new project tagline: ""An open source multi-tool for exploring and publishing data"". - Whitespace in column values is now respected on display, using `white-space: pre-wrap`. ([#896](https://github.com/simonw/datasette/issues/896)) - New `await request.post_body()` method for accessing the raw POST body, see [Request object](https://datasette.readthedocs.io/en/stable/internals.html#internals-request). ([#897](https://github.com/simonw/datasette/issues/897)) - Database file downloads now include a `content-length` HTTP header, enabling download progress bars. ([#905](https://github.com/simonw/datasette/issues/905)) - File downloads now also correctly set the suggested file name using a `content-disposition` HTTP header. ([#909](https://github.com/simonw/datasette/issues/909)) - `tests` are now excluded from the Datasette package properly - thanks, abeyerpath. ([#456](https://github.com/simonw/datasette/issues/456)) - The Datasette package published to PyPI now includes `sdist` as well as `bdist_wheel`. - Better titles for canned query pages. ([#887](https://github.com/simonw/datasette/issues/887)) - Now only loads Python files from a directory passed using the `--plugins-dir` option - thanks, Amjith Ramanujam. ([#890](https://github.com/simonw/datasette/pull/890)) - New documentation section on [Publishing to Vercel](https://datasette.readthedocs.io/en/stable/publish.html#publish-vercel).",2020-08-09T16:10:47Z,"[""asgi"", ""automatic-api"", ""csv"", ""datasets"", ""datasette"", ""datasette-io"", ""docker"", ""json"", ""python"", ""sql"", ""sqlite""]"