Releases: simonw/datasette
1.0a16
This release focuses on performance, in particular against large tables, and introduces some minor breaking changes for CSS styling in Datasette plugins.
- Removed the unit conversions feature and its dependency, Pint. This means Datasette is now compatible with the upcoming Python 3.13. (#2400, #2320)
- The
datasette --pdb
option now uses the ipdb debugger if it is installed. You can install it usingdatasette install ipdb
. Thanks, Tiago Ilieve. (#2342) - Fixed a confusing error that occurred if
metadata.json
contained nested objects. (#2403) - Fixed a bug with
?_trace=1
where it returned a blank page if the response was larger than 256KB. (#2404) - Tracing mechanism now also displays SQL queries that returned errors or ran out of time. datasette-pretty-traces 0.5 includes support for displaying this new type of trace. (#2405)
- Fixed a text spacing with table descriptions on the homepage. (#2399)
- Performance improvements for large tables:
- Suggested facets now only consider the first 1000 rows. (#2406)
- Improved performance of date facet suggestion against large tables. (#2407)
- Row counts stop at 10,000 rows when listing tables. (#2398)
- On table page the count stops at 10,000 rows too, with a "count all" button to execute the full count. (#2408)
- New
.dicts()
internal method on Results that returns a list of dictionaries representing the results from a SQL query: (#2414)rows = (await db.execute("select * from t")).dicts()
- Default Datasette core CSS that styles inputs and buttons now requires a class of
"core"
on the element or a containing element, for example<form class="core">
. (#2415) - Similarly, default table styles now only apply to
<table class="rows-and-columns">
. (#2420)
1.0a15
- Datasette now defaults to hiding SQLite "shadow" tables, as seen in extensions such as SQLite FTS and sqlite-vec. Virtual tables that it makes sense to display, such as FTS core tables, are no longer hidden. Thanks, Alex Garcia. (#2296)
- Fixed bug where running Datasette with one or more
-s/--setting
options could over-ride settings that were present indatasette.yml
. (#2389) - The Datasette homepage is now duplicated at
/-/
, using the defaultindex.html
template. This ensures that the information on that page is still accessible even if the Datasette homepage has been customized using a customindex.html
template, for example on sites like datasette.io. (#2393) - Failed CSRF checks now display a more user-friendly error page. (#2390)
- Fixed a bug where the
json1
extension was not correctly detected on the/-/versions
page. Thanks, Seb Bacon. (#2326) - Fixed a bug where the Datasette write API did not correctly accept
Content-Type: application/json; charset=utf-8
. (#2384) - Fixed a bug where Datasette would fail to start if
metadata.yml
contained aqueries
block. (#2386)
1.0a14
This alpha introduces significant changes to Datasette's Metadata system, some of which represent breaking changes in advance of the full 1.0 release. The new Upgrade guide document provides detailed coverage of those breaking changes and how they affect plugin authors and Datasette API consumers.
- The
/databasename?sql=
interface and JSON API for executing arbitrary SQL queries can now be found at/databasename/-/query?sql=
. Requests with a?sql=
parameter to the old endpoints will be redirected. Thanks, Alex Garcia. (#2360) - Metadata about tables, databases, instances and columns is now stored in Datasette's internal database. Thanks, Alex Garcia. (#2341)
- Database write connections now execute using the
IMMEDIATE
isolation level for SQLite. This should help avoid a rareSQLITE_BUSY
error that could occur when a transaction upgraded to a write mid-flight. (#2358) - Fix for a bug where canned queries with named parameters could fail against SQLite 3.46. (#2353)
- Datasette now serves
E-Tag
headers for static files. Thanks, Agustin Bacigalup. (#2306) - Dropdown menus now use a
z-index
that should avoid them being hidden by plugins. (#2311) - Incorrect table and row names are no longer reflected back on the resulting 404 page. (#2359)
- Improved documentation for async usage of the track_event(datasette, event) hook. (#2319)
- Fixed some HTTPX deprecation warnings. (#2307)
- Datasette now serves a
<html lange="en">
attribute. Thanks, Charles Nepote. (#2348) - Datasette's automated tests now run against the maximum and minimum supported versions of SQLite: 3.25 (from September 2018) and 3.46 (from May 2024). Thanks, Alex Garcia. (#2352)
- Fixed an issue where clicking twice on the URL output by
datasette --root
produced a confusing error. (#2375)
0.64.8
- Security improvement: 404 pages used to reflect content from the URL path, which could be used to display misleading information to Datasette users. 404 errors no longer display additional information from the URL. (#2359)
- Backported a better fix for correctly extracting named parameters from canned query SQL against SQLite 3.46.0. (#2353)
0.64.7
1.0a13
Each of the key concepts in Datasette now has an actions menu, which plugins can use to add additional functionality targeting that entity.
- Plugin hook: view_actions() for actions that can be applied to a SQL view. (#2297)
- Plugin hook: homepage_actions() for actions that apply to the instance homepage. (#2298)
- Plugin hook: row_actions() for actions that apply to the row page. (#2299)
- Action menu items for all of the
*_actions()
plugin hooks can now return an optional"description"
key, which will be displayed in the menu below the action label. (#2294) - Plugin hooks documentation page is now organized with additional headings. (#2300)
- Improved the display of action buttons on pages that also display metadata. (#2286)
- The header and footer of the page now uses a subtle gradient effect, and options in the navigation menu are better visually defined. (#2302)
- Table names that start with an underscore now default to hidden. (#2104)
pragma_table_list
has been added to the allow-list of SQLite pragma functions supported by Datasette.select * from pragma_table_list()
is no longer blocked. (#2104)
1.0a12
- New query_actions() plugin hook, similar to table_actions() and database_actions(). Can be used to add a menu of actions to the canned query or arbitrary SQL query page. (#2283)
- New design for the button that opens the query, table and database actions menu. (#2281)
- "does not contain" table filter for finding rows that do not contain a string. (#2287)
- Fixed a bug in the makeColumnActions(columnDetails) JavaScript plugin mechanism where the column action menu was not fully reset in between each interaction. (#2289)
1.0a11
- The
"replace": true
argument to the/db/table/-/insert
API now requires the actor to have theupdate-row
permission. (#2279) - Fixed some UI bugs in the interactive permissions debugging tool. (#2278)
- The column action menu now aligns better with the cog icon, and positions itself taking into account the width of the browser window. (#2263)
1.0a10
The only changes in this alpha correspond to the way Datasette handles database transactions. (#2277)
- The database.execute_write_fn() method has a new
transaction=True
parameter. This defaults toTrue
which means all functions executed using this method are now automatically wrapped in a transaction - previously the functions needed to roll transaction handling on their own, and many did not. - Pass
transaction=False
toexecute_write_fn()
if you want to manually handle transactions in your function. - Several internal Datasette features, including parts of the JSON write API, had been failing to wrap their operations in a transaction. This has been fixed by the new
transaction=True
default.
1.0a9
This alpha release adds basic alter table support to the Datasette Write API and fixes a permissions bug relating to the /upsert
API endpoint.
Alter table support for create, insert, upsert and update
The JSON write API can now be used to apply simple alter table schema changes, provided the acting actor has the new alter-table permission. (#2101)
The only alter operation supported so far is adding new columns to an existing table.
- The /db/-/create API now adds new columns during large operations to create a table based on incoming example
"rows"
, in the case where one of the later rows includes columns that were not present in the earlier batches. This requires thecreate-table
but not thealter-table
permission. - When
/db/-/create
is called with rows in a situation where the table may have been already created, an"alter": true
key can be included to indicate that any missing columns from the new rows should be added to the table. This requires thealter-table
permission. - /db/table/-/insert and /db/table/-/upsert and /db/table/row-pks/-/update all now also accept
"alter": true
, depending on thealter-table
permission.
Operations that alter a table now fire the new alter-table event.
Permissions fix for the upsert API
The /database/table/-/upsert API had a minor permissions bug, only affecting Datasette instances that had configured the insert-row
and update-row
permissions to apply to a specific table rather than the database or instance as a whole. Full details in issue #2262.
To avoid similar mistakes in the future the datasette.permission_allowed() method now specifies default=
as a keyword-only argument.
Permission checks now consider opinions from every plugin
The datasette.permission_allowed() method previously consulted every plugin that implemented the permission_allowed() plugin hook and obeyed the opinion of the last plugin to return a value. (#2275)
Datasette now consults every plugin and checks to see if any of them returned False
(the veto rule), and if none of them did, it then checks to see if any of them returned True
.
This is explained at length in the new documentation covering How permissions are resolved.
Other changes
- The new DATASETTE_TRACE_PLUGINS=1 environment variable turns on detailed trace output for every executed plugin hook, useful for debugging and understanding how the plugin system works at a low level. (#2274)
- Datasette on Python 3.9 or above marks its non-cryptographic uses of the MD5 hash function as
usedforsecurity=False
, for compatibility with FIPS systems. (#2270) - SQL relating to Datasette's internal database now executes inside a transaction, avoiding a potential database locked error. (#2273)
- The
/-/threads
debug page now identifies the database in the name associated with each dedicated write thread. (#2265) - The
/db/-/create
API now fires ainsert-rows
event if rows were inserted after the table was created. (#2260)