search

ModelChimp / modelchimp

Experiment tracking for machine and deep learning projects
https://www.modelchimp.com/
BSD 2-Clause "Simplified" License
126 stars 12 forks source link

Update django-cors-headers to 4.3.1 #1252

Open pyup-bot opened 8 months ago

pyup-bot commented 8 months ago

This PR updates django-cors-headers from 3.0.2 to 4.3.1.

Changelog ### 4.3.1 ``` ------------------ * Fixed ASGI compatibility on Python 3.12. Thanks to Adrian Capitanu for the report in `Issue 908 <https://github.com/adamchainz/django-cors-headers/issues/908>`__ and Rooyal in `PR #911 <https://github.com/adamchainz/django-cors-headers/pull/911>`__. ``` ### 4.3.0 ``` ------------------ * Avoid adding the ``access-control-allow-credentials`` header to unallowed responses. Thanks to Adam Romanek in `PR 888 <https://github.com/adamchainz/django-cors-headers/pull/888>`__. * Support Django 5.0. ``` ### 4.2.0 ``` ------------------ * Drop Python 3.7 support. ``` ### 4.1.0 ``` ------------------ * Support Python 3.12. ``` ### 4.0.0 ``` ------------------ * Add ``CORS_ALLOW_PRIVATE_NETWORK`` setting, which enables support for the Local Network Access draft specification. Thanks to Issac Kelly in `PR 745 <https://github.com/adamchainz/django-cors-headers/pull/745>`__ and jjurgens0 in `PR #833 <https://github.com/adamchainz/django-cors-headers/pull/833>`__. * Remove three headers from the default "accept list": ``accept-encoding``, ``dnt``, and ``origin``. These are `Forbidden header names <https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name>`__, which means requests JavaScript can never set them. Consequently, allowing them via CORS has no effect. Thanks to jub0bs for the report in `Issue 842 <https://github.com/adamchainz/django-cors-headers/issues/842>`__. * Drop the ``CORS_REPLACE_HTTPS_REFERER`` setting and ``CorsPostCsrfMiddleware``. Since Django 1.9, the ``CSRF_TRUSTED_ORIGINS`` setting has been the preferred solution to making CSRF checks pass for CORS requests. The removed setting and middleware only existed as a workaround for Django versions before 1.9. * Add async support to the middleware, reducing overhead on async views. ``` ### 3.14.0 ``` ------------------- * Support Django 4.2. * Switch from ``urlparse()`` to ``urlsplit()`` for URL parsing, reducing the middleware runtime up to 5%. This changes the type passed to ``origin_found_in_white_lists()``, so if you have subclassed the middleware to override this method, you should check it is compatible (it most likely is). Thanks to Thibaut Decombe in `PR 793 <https://github.com/adamchainz/django-cors-headers/pull/793>`__. ``` ### 3.13.0 ``` ------------------- * Support Python 3.11. * Support Django 4.1. ``` ### 3.12.0 ``` ------------------- * Drop support for Django 2.2, 3.0, and 3.1. ``` ### 3.11.0 ``` ------------------- * Drop Python 3.6 support. ``` ### 3.10.1 ``` ------------------- * Prevent a crash when an invalid ``Origin`` header is sent. Thanks to minusf for the report in `Issue 701 <https://github.com/adamchainz/django-cors-headers/issues/701>`__. ``` ### 3.10.0 ``` ------------------- * Support Python 3.10. ``` ### 3.9.0 ``` ------------------ * Support Django 4.0. ``` ### 3.8.0 ``` ------------------ * Add type hints. * Stop distributing tests to reduce package size. Tests are not intended to be run outside of the tox setup in the repository. Repackagers can use GitHub's tarballs per tag. ``` ### 3.7.0 ``` ------------------ * Support Django 3.2. ``` ### 3.6.0 ``` ------------------ * Drop Python 3.5 support. * Support Python 3.9. ``` ### 3.5.0 ``` ------------------ * Following Django’s example in `Ticket 31670 <https://code.djangoproject.com/ticket/31670>`__ for replacing the term “whitelist”, plus an aim to make the setting names more comprehensible, the following settings have been renamed: * ``CORS_ORIGIN_WHITELIST`` -> ``CORS_ALLOWED_ORIGINS`` * ``CORS_ORIGIN_REGEX_WHITELIST`` -> ``CORS_ALLOWED_ORIGIN_REGEXES`` * ``CORS_ORIGIN_ALLOW_ALL`` -> ``CORS_ALLOW_ALL_ORIGINS`` The old names will continue to work as aliases, with the new ones taking precedence. ``` ### 3.4.0 ``` ------------------ * Add Django 3.1 support. ``` ### 3.3.0 ``` ------------------ * Drop Django 1.11 support. Only Django 2.0+ is supported now. * Drop the ``providing_args`` argument from ``Signal`` to prevent a deprecation warning on Django 3.1. ``` ### 3.2.1 ``` ------------------ * Update LICENSE file to Unix line endings, fixing issues with license checker ``pip-licenses`` (`Issue 477 <https://github.com/adamchainz/django-cors-headers/issues/477>`__). ``` ### 3.2.0 ``` ------------------ * Converted setuptools metadata to configuration file. This meant removing the ``__version__`` attribute from the package. If you want to inspect the installed version, use ``importlib.metadata.version("django-cors-headers")`` (`docs <https://docs.python.org/3.8/library/importlib.metadata.html#distribution-versions>`__ / `backport <https://pypi.org/project/importlib-metadata/>`__). * Support Python 3.8. ``` ### 3.1.1 ``` ------------------ * Support the value `file://` for origins, which is accidentally sent by some versions of Chrome on Android. ``` ### 3.1.0 ``` ------------------ * Drop Python 2 support, only Python 3.5-3.7 is supported now. * Fix all links for move from ``github.com/ottoyiu/django-cors-headers`` to ``github.com/adamchainz/django-cors-headers``. ```
Links - PyPI: https://pypi.org/project/django-cors-headers - Changelog: https://data.safetycli.com/changelogs/django-cors-headers/