search

CodingForEverybody / rocketman

The source code for Wagtail for Beginners Course (rocketman.learnwagtail.com)
https://rocketman.learnwagtail.com/
38 stars 35 forks source link

Bump wagtail from 2.8 to 2.9.3 #8

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 4 years ago

Bumps wagtail from 2.8 to 2.9.3.

Release notes

Sourced from wagtail's releases.

2.9.3

CVE-2020-15118 - prevent HTML injection through form field help text (Timothy Bautista, Matt Westcott)

2.9.2

  • Fix: Prevent startup failure when wagtail.contrib.sitemaps is in INSTALLED_APPS (Matt Westcott)

2.9.1

  • Fix: Fix incorrect method name in SiteMiddleware deprecation warning (LB (Ben Johnston))
  • Fix: wagtail.contrib.sitemaps no longer depends on SiteMiddleware (Matt Westcott)
  • Fix: Purge image renditions cache when renditions are deleted (Pascal Widdershoven, Matt Westcott)

2.9

  • Removed support for Django 2.1
  • Added data exports in XLSX and CSV format for reports, ModelAdmin and form submissions (Jacob Topp-Mugglestone)
  • Added support for creating custom reports (Jacob Topp-Mugglestone)
  • Skip page validation when unpublishing a page (Samir Shah)
  • Added MultipleChoiceBlock block type for StreamField (James O'Toole)
  • ChoiceBlock now accepts a widget keyword argument (James O'Toole)
  • Reduced contrast of rich text toolbar (Jack Paine)
  • Support the rel attribute on custom ModelAdmin buttons (Andy Chosak)
  • Server-side page slug generation now respects WAGTAIL_ALLOW_UNICODE_SLUGS (Arkadiusz Michał Ryś)
  • Wagtail admin no longer depends on SiteMiddleware, avoiding incompatibility with Django sites framework and redundant database queries (aritas1, timmysmalls, Matt Westcott)
  • Tag field autocompletion now handles custom tag models (Matt Westcott)
  • wagtail_serve URL route can now be omitted for headless sites (Storm Heg)
  • Allow free tagging to be disabled on custom tag models (Matt Westcott)
  • Allow disabling page preview by setting preview_modes to an empty list (Casper Timmers)
  • Add Vidyard to oEmbed provider list (Steve Lyall)
  • Optimise compiling media definitions for complex StreamBlocks (pimarc)
  • FieldPanel now accepts a 'heading' argument (Jacob Topp-Mugglestone)
  • Replaced deprecated ugettext / ungettext calls with gettext / ngettext (Mohamed Feddad)
  • ListBlocks now call child block bulk_to_python if defined (Andy Chosak)
  • Site settings are now identifiable/cachable by request as well as site (Andy Babic)
  • Added select_related attribute to site settings to enable more efficient fetching of foreign key values (Andy Babic)
  • Add caching of image renditions (Tom Dyson, Tim Kamanin)
  • Add documentation for reporting security issues and internationalisation (Matt Westcott)
  • Fields on a custom image model can now be defined as required blank=False (Matt Westcott)
  • Fix: CVE-2020-11037 - avoid potential timing attack on password-protected private pages (Thibaud Colas)
  • Fix: Added ARIA alert role to live search forms in the admin (Casper Timmers)
  • Fix: Reorder login form elements to match expected tab order (Kjartan Sverrisson)
  • Fix: Re-add 'Close Explorer' button on mobile viewports (Sævar Öfjörð Magnússon)
  • Fix: Add a more descriptive label to Password reset link for screen reader users (Casper Timmers, Martin Coote)
  • Fix: Improve Wagtail logo contrast by adding a background (Brian Edelman, Simon Evans, Ben Enright)
  • Fix: Prevent duplicate notification messages on page locking (Jacob Topp-Mugglestone)
  • Fix: Fix InlinePanel item non field errors not visible (Storm Heg)
  • Fix: {% image ... as var %} now clears the context variable when passed None as an image (Maylon Pedroso)
  • Fix: refresh_index method on Elasticsearch no longer fails (Lars van de Kerkhof)
  • Fix: Document tags no longer fail to update when replacing the document file at the same time (Matt Westcott)
  • Fix: Prevent error from very tall / wide images being resized to 0 pixels (Fidel Ramos)
  • Fix: Remove excess margin when editing snippets (Quadric)
  • Fix: Added scope attribute to table headers in TableBlock output (Quadric)
Changelog

Sourced from wagtail's changelog.

2.9.3 (20.07.2020)


 * Fix: CVE-2020-15118 - prevent HTML injection through form field help text (Timothy Bautista, Matt Westcott)

2.9.2 (03.07.2020)

  • Fix: Prevent startup failure when wagtail.contrib.sitemaps is in INSTALLED_APPS (Matt Westcott)

2.9.1 (30.06.2020)


 * Fix: Fix incorrect method name in SiteMiddleware deprecation warning (LB (Ben Johnston))
 * Fix: `wagtail.contrib.sitemaps` no longer depends on SiteMiddleware (Matt Westcott)
 * Fix: Purge image renditions cache when renditions are deleted (Pascal Widdershoven, Matt Westcott)

2.9 (04.05.2020)



 * Removed support for Django 2.1
 * Added data exports in XLSX and CSV format for reports, ModelAdmin and form submissions (Jacob Topp-Mugglestone)
 * Added support for creating custom reports (Jacob Topp-Mugglestone)
 * Skip page validation when unpublishing a page (Samir Shah)
 * Added `MultipleChoiceBlock` block type for StreamField (James O'Toole)
 * ChoiceBlock now accepts a `widget` keyword argument (James O'Toole)
 * Reduced contrast of rich text toolbar (Jack Paine)
 * Support the rel attribute on custom ModelAdmin buttons (Andy Chosak)
 * Server-side page slug generation now respects `WAGTAIL_ALLOW_UNICODE_SLUGS` (Arkadiusz Michał Ryś)
 * Wagtail admin no longer depends on SiteMiddleware, avoiding incompatibility with Django sites framework and redundant database queries (aritas1, timmysmalls, Matt Westcott)
 * Tag field autocompletion now handles custom tag models (Matt Westcott)
 * `wagtail_serve` URL route can now be omitted for headless sites (Storm Heg)
 * Allow free tagging to be disabled on custom tag models (Matt Westcott)
 * Allow disabling page preview by setting `preview_modes` to an empty list (Casper Timmers)
 * Add Vidyard to oEmbed provider list (Steve Lyall)
 * Optimise compiling media definitions for complex StreamBlocks (pimarc)
 * FieldPanel now accepts a 'heading' argument (Jacob Topp-Mugglestone)
 * Replaced deprecated `ugettext` / `ungettext` calls with `gettext` / `ngettext` (Mohamed Feddad)
 * ListBlocks now call child block `bulk_to_python` if defined (Andy Chosak)
 * Site settings are now identifiable/cachable by request as well as site (Andy Babic)
 * Added `select_related` attribute to site settings to enable more efficient fetching of foreign key values (Andy Babic)
 * Add caching of image renditions (Tom Dyson, Tim Kamanin)
 * Add documentation for reporting security issues and internationalisation (Matt Westcott)
 * Fields on a custom image model can now be defined as required `blank=False` (Matt Westcott)
 * Fix: CVE-2020-11037 - avoid potential timing attack on password-protected private pages (Thibaud Colas)
 * Fix: Added ARIA alert role to live search forms in the admin (Casper Timmers)
 * Fix: Reorder login form elements to match expected tab order (Kjartan Sverrisson)
</tr></table> ... (truncated)
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/wagtail/wagtail/commit/3e712af457d508ecc9b7cec8cbf84cfc0a8e815c"><code>3e712af</code></a> add link to 2.9.3 release notes / fix version number in form builder settings...</li>
<li><a href="https://github.com/wagtail/wagtail/commit/d300faf30455200cdc8ce1ee2785cb5ebeeb54d0"><code>d300faf</code></a> add missing import</li>
<li><a href="https://github.com/wagtail/wagtail/commit/9d35c76c4fd782f3cd346341c70b58fd265fd5e8"><code>9d35c76</code></a> clarify note about nightly build on init.py</li>
<li><a href="https://github.com/wagtail/wagtail/commit/4bf5f24d2de3b004e02ea7c52d019ac1ff9c52b4"><code>4bf5f24</code></a> Version bump to 2.9.3</li>
<li><a href="https://github.com/wagtail/wagtail/commit/539f02000e1e94a2b3d29ba90b1b1d759f13da44"><code>539f020</code></a> Release note for 2.9.3</li>
<li><a href="https://github.com/wagtail/wagtail/commit/5408b991ce0c65849d537912b9ada6c4e6527628"><code>5408b99</code></a> Release note for 2.7.4</li>
<li><a href="https://github.com/wagtail/wagtail/commit/4271e099753ab96bfa66cf4f359a7e798f354196"><code>4271e09</code></a> Add test to confirm that labels are escaped</li>
<li><a href="https://github.com/wagtail/wagtail/commit/2fdd1a09573a966a44e21da63acfaf5983c1c6ab"><code>2fdd1a0</code></a> Add warning about WAGTAILFORMS_HELP_TEXT_ALLOW_HTML</li>
<li><a href="https://github.com/wagtail/wagtail/commit/e00478ddadf88c9fcd9bd5f433c1c2b5141f489e"><code>e00478d</code></a> Escape help text in form builder forms by default</li>
<li><a href="https://github.com/wagtail/wagtail/commit/c2241ad6895a97ad3f09989c497c2069e4e0cd25"><code>c2241ad</code></a> Version bump to 2.9.2</li>
<li>Additional commits viewable in <a href="https://github.com/wagtail/wagtail/compare/v2.8...v2.9.3">compare view</a></li>
</ul>
</details>

<br />



[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wagtail&package-manager=pip&previous-version=2.8&new-version=2.9.3)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CodingForEverybody/rocketman/network/alerts).
dependabot[bot] commented 3 years ago

Superseded by #17.