1.0a16

This release focuses on performance, in particular against large tables, and introduces some minor breaking changes for CSS styling in Datasette plugins.

• Removed the unit conversions feature and its dependency, Pint. This means Datasette is now compatible with the upcoming Python 3.13. (#2400, #2320)
• The datasette --pdb option now uses the ipdb debugger if it is installed. You can install it using datasette install ipdb. Thanks, Tiago Ilieve. (#2342)
• Fixed a confusing error that occurred if metadata.json contained nested objects. (#2403)
• Fixed a bug with ?_trace=1 where it returned a blank page if the response was larger than 256KB. (#2404)
• Tracing mechanism now also displays SQL queries that returned errors or ran out of time. datasette-pretty-traces 0.5 includes support for displaying this new type of trace. (#2405)
• Fixed a text spacing with table descriptions on the homepage. (#2399)
• Performance improvements for large tables:
  • Suggested facets now only consider the first 1000 rows. (#2406)
  • Improved performance of date facet suggestion against large tables. (#2407)
  • Row counts stop at 10,000 rows when listing tables. (#2398)
  • On table page the count stops at 10,000 rows too, with a "count all" button to execute the full count. (#2408)
• New .dicts() internal method on Results that returns a list of dictionaries representing the results from a SQL query: (#2414)

  rows  =  (await  db.execute("select * from t")).dicts()

• Default Datasette core CSS that styles inputs and buttons now requires a class of "core" on the element or a containing element, for example <form class="core">. (#2415)
• Similarly, default table styles now only apply to <table class="rows-and-columns">. (#2420)

1.0a15

• Datasette now defaults to hiding SQLite "shadow" tables, as seen in extensions such as SQLite FTS and sqlite-vec. Virtual tables that it makes sense to display, such as FTS core tables, are no longer hidden. Thanks, Alex Garcia. (#2296)
• Fixed bug where running Datasette with one or more -s/--setting options could over-ride settings that were present in datasette.yml. (#2389)
• The Datasette homepage is now duplicated at /-/, using the default index.html template. This ensures that the information on that page is still accessible even if the Datasette homepage has been customized using a custom index.html template, for example on sites like datasette.io. (#2393)
• Failed CSRF checks now display a more user-friendly error page. (#2390)
• Fixed a bug where the json1 extension was not correctly detected on the /-/versions page. Thanks, Seb Bacon. (#2326)
• Fixed a bug where the Datasette write API did not correctly accept Content-Type: application/json; charset=utf-8. (#2384)
• Fixed a bug where Datasette would fail to start if metadata.yml contained a queries block. (#2386)

1.0a14

This alpha introduces significant changes to Datasette's Metadata system, some of which represent breaking changes in advance of the full 1.0 release. The new Upgrade guide document provides detailed coverage of those breaking changes and how they affect plugin authors and Datasette API consumers.

• The /databasename?sql= interface and JSON API for executing arbitrary SQL queries can now be found at /databasename/-/query?sql=. Requests with a ?sql= parameter to the old endpoints will be redirected. Thanks, Alex Garcia. (#2360)
• Metadata about tables, databases, instances and columns is now stored in Datasette's internal database. Thanks, Alex Garcia. (#2341)
• Database write connections now execute using the IMMEDIATE isolation level for SQLite. This should help avoid a rare SQLITE_BUSY error that could occur when a transaction upgraded to a write mid-flight. (#2358)
• Fix for a bug where canned queries with named parameters could fail against SQLite 3.46. (#2353)
• Datasette now serves E-Tag headers for static files. Thanks, Agustin Bacigalup. (#2306)
• Dropdown menus now use a z-index that should avoid them being hidden by plugins. (#2311)
• Incorrect table and row names are no longer reflected back on the resulting 404 page. (#2359)
• Improved documentation for async usage of the track_event(datasette, event) hook. (#2319)
• Fixed some HTTPX deprecation warnings. (#2307)
• Datasette now serves a <html lange="en"> attribute. Thanks, Charles Nepote. (#2348)
• Datasette's automated tests now run against the maximum and minimum supported versions of SQLite: 3.25 (from September 2018) and 3.46 (from May 2024). Thanks, Alex Garcia. (#2352)
• Fixed an issue where clicking twice on the URL output by datasette --root produced a confusing error. (#2375)

0.64.8

• Security improvement: 404 pages used to reflect content from the URL path, which could be used to display misleading information to Datasette users. 404 errors no longer display additional information from the URL. (#2359)
• Backported a better fix for correctly extracting named parameters from canned query SQL against SQLite 3.46.0. (#2353)

0.64.7

• Fixed a bug where canned queries with named parameters threw an error when run against SQLite 3.46.0. (#2353)

1.0a13

Each of the key concepts in Datasette now has an actions menu, which plugins can use to add additional functionality targeting that entity.

• Plugin hook: view_actions() for actions that can be applied to a SQL view. (#2297)
• Plugin hook: homepage_actions() for actions that apply to the instance homepage. (#2298)
• Plugin hook: row_actions() for actions that apply to the row page. (#2299)
• Action menu items for all of the *_actions() plugin hooks can now return an optional "description" key, which will be displayed in the menu below the action label. (#2294)
• Plugin hooks documentation page is now organized with additional headings. (#2300)
• Improved the display of action buttons on pages that also display metadata. (#2286)
• The header and footer of the page now uses a subtle gradient effect, and options in the navigation menu are better visually defined. (#2302)
• Table names that start with an underscore now default to hidden. (#2104)
• pragma_table_list has been added to the allow-list of SQLite pragma functions supported by Datasette. select * from pragma_table_list() is no longer blocked. (#2104)

1.0a12

• New query_actions() plugin hook, similar to table_actions() and database_actions(). Can be used to add a menu of actions to the canned query or arbitrary SQL query page. (#2283)
• New design for the button that opens the query, table and database actions menu. (#2281)
• "does not contain" table filter for finding rows that do not contain a string. (#2287)
• Fixed a bug in the makeColumnActions(columnDetails) JavaScript plugin mechanism where the column action menu was not fully reset in between each interaction. (#2289)

1.0a11

• The "replace": true argument to the /db/table/-/insert API now requires the actor to have the update-row permission. (#2279)
• Fixed some UI bugs in the interactive permissions debugging tool. (#2278)
• The column action menu now aligns better with the cog icon, and positions itself taking into account the width of the browser window. (#2263)

1.0a10

The only changes in this alpha correspond to the way Datasette handles database transactions. (#2277)

• The database.execute_write_fn() method has a new transaction=True parameter. This defaults to True which means all functions executed using this method are now automatically wrapped in a transaction - previously the functions needed to roll transaction handling on their own, and many did not.
• Pass transaction=False to execute_write_fn() if you want to manually handle transactions in your function.
• Several internal Datasette features, including parts of the JSON write API, had been failing to wrap their operations in a transaction. This has been fixed by the new transaction=True default.

1.0a9

This alpha release adds basic alter table support to the Datasette Write API and fixes a permissions bug relating to the /upsert API endpoint.

Alter table support for create, insert, upsert and update

The JSON write API can now be used to apply simple alter table schema changes, provided the acting actor has the new alter-table permission. (#2101)

The only alter operation supported so far is adding new columns to an existing table.

• The /db/-/create API now adds new columns during large operations to create a table based on incoming example "rows", in the case where one of the later rows includes columns that were not present in the earlier batches. This requires the create-table but not the alter-table permission.
• When /db/-/create is called with rows in a situation where the table may have been already created, an "alter": true key can be included to indicate that any missing columns from the new rows should be added to the table. This requires the alter-table permission.
• /db/table/-/insert and /db/table/-/upsert and /db/table/row-pks/-/update all now also accept "alter": true, depending on the alter-table permission.

Operations that alter a table now fire the new alter-table event.

Permissions fix for the upsert API

The /database/table/-/upsert API had a minor permissions bug, only affecting Datasette instances that had configured the insert-row and update-row permissions to apply to a specific table rather than the database or instance as a whole. Full details in issue #2262.

To avoid similar mistakes in the future the datasette.permission_allowed() method now specifies default= as a keyword-only argument.

Permission checks now consider opinions from every plugin

The datasette.permission_allowed() method previously consulted every plugin that implemented the permission_allowed() plugin hook and obeyed the opinion of the last plugin to return a value. (#2275)

Datasette now consults every plugin and checks to see if any of them returned False (the veto rule), and if none of them did, it then checks to see if any of them returned True.

This is explained at length in the new documentation covering How permissions are resolved.

Other changes

• The new DATASETTE_TRACE_PLUGINS=1 environment variable turns on detailed trace output for every executed plugin hook, useful for debugging and understanding how the plugin system works at a low level. (#2274)
• Datasette on Python 3.9 or above marks its non-cryptographic uses of the MD5 hash function as usedforsecurity=False, for compatibility with FIPS systems. (#2270)
• SQL relating to Datasette's internal database now executes inside a transaction, avoiding a potential database locked error. (#2273)
• The /-/threads debug page now identifies the database in the name associated with each dedicated write thread. (#2265)
• The /db/-/create API now fires a insert-rows event if rows were inserted after the table was created. (#2260)