PARINetwork / pari

Django/Wagtail based PARI webapp
http://ruralindiaonline.org
BSD 3-Clause "New" or "Revised" License
37 stars 11 forks source link

Bump wagtail from 2.7 to 2.11.8 #431

Open dependabot[bot] opened 3 years ago

dependabot[bot] commented 3 years ago

Bumps wagtail from 2.7 to 2.11.8.

Release notes

Sourced from wagtail's releases.

2.11.8

CVE-2021-32681 - fix improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks (Karen Tracey, Matt Westcott)

2.11.7

CVE-2021-29434 - fix improper validation of URLs ('Cross-site Scripting') in rich text fields (Kevin Breen, Matt Westcott)

2.11.6

  • Fix: Un-pin django-treebeard following upstream fix for migration issue (Matt Westcott)
  • Fix: Prevent crash when copying an alias page (Karl Hobley)
  • Fix: Prevent errors on page editing after changing LANGUAGE_CODE (Matt Westcott)
  • Fix: Correctly handle model inheritance and ClusterableModel on copy_for_translation (Karl Hobley)

2.11.5

  • Pin django-treebeard to <4.5 to prevent migration conflicts (Matt Westcott)

2.11.4

  • Fix: Prevent delete button showing on collection / workflow edit views when delete permission is absent (Helder Correia)
  • Fix: Ensure aliases are published when the source page is published (Karl Hobley)
  • Fix: Make page privacy rules apply to aliases (Karl Hobley)

2.11.3

  • Fix: Updated project template migrations to ensure that initial homepage creation runs before addition of locale field (Dan Braghis)
  • Fix: Restore ability to use translatable strings in LANGUAGES / WAGTAIL_CONTENT_LANGUAGES settings (Andreas Morgenstern)
  • Fix: Allow locale / translation_of API filters to be used in combination with search (Matt Westcott)
  • Fix: Prevent error on create_log_entries_from_revisions when checking publish state on a revision that cannot be restored (Kristin Riebe)

2.11.2

  • Add custom finder to support Instagram oEmbed API (Luis Nell)
  • Add custom finder to support Facebook oEmbed API (Cynthia Kiser)
  • Fix: Improve performance of permission check on translations for edit page (Karl Hobley)
  • Fix: Gracefully handle missing Locale records on Locale.get_active and .localized (Matt Westcott)
  • Fix: Handle get_supported_language_variant returning a language variant not in LANGUAGES (Matt Westcott)
  • Fix: Reinstate missing icon on settings edit view (Jérôme Lebleu)
  • Fix: Avoid performance and pagination logic issues with a large number of languages (Karl Hobley)
  • Fix: Allow deleting the default locale (Matt Westcott)

2.11.1

  • Fix: Ensure that cached wagtail_site_root_paths structures from older Wagtail versions are invalidated (Sævar Öfjörð Magnússon)
  • Fix: Avoid circular import between wagtail.admin.auth and custom user models (Matt Westcott)
  • Fix: Prevent error on resolving page URLs when a locale outside of WAGTAIL_CONTENT_LANGUAGES is active (Matt Westcott)

2.11

  • Add support for multi-lingual content (Karl Hobley)
  • Add support for aliased pages (Karl Hobley)
  • Add support for hierarchical/nested Collections (Robert Rollins)
  • Extend treebeard's fix_tree method with the ability to non-destructively fix path issues and add a --full option to apply path fixes (Matt Westcott)
  • Add before_edit_snippet, before_create_snippet and before_delete_snippet hooks and documentation (Karl Hobley. Sponsored by the Mozilla Foundation)
  • Add register_snippet_listing_buttons and construct_snippet_listing_buttons hooks and documentation (Karl Hobley. Sponsored by the Mozilla Foundation)
  • Add wagtail --version to available Wagtail CLI commands (Kalob Taulien)
  • Add hooks.register_temporarily utility function for testing hooks (Karl Hobley. Sponsored by the Mozilla Foundation)

... (truncated)

Changelog

Sourced from wagtail's changelog.

2.11.8 (17.06.2021)


 * Fix: CVE-2021-32681 - fix improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks (Karen Tracey, Matt Westcott)

2.11.7 (19.04.2021)

  • Fix: CVE-2021-29434 - fix improper validation of URLs ('Cross-site Scripting') in rich text fields (Kevin Breen, Matt Westcott)

2.11.6 (05.03.2021)


 * Fix: Un-pin django-treebeard following upstream fix for migration issue (Matt Westcott)
 * Fix: Prevent crash when copying an alias page (Karl Hobley)
 * Fix: Prevent errors on page editing after changing LANGUAGE_CODE (Matt Westcott)
 * Fix: Correctly handle model inheritance and `ClusterableModel` on `copy_for_translation` (Karl Hobley)

2.11.5 (18.02.2021)

  • Fix: Pin django-treebeard to <4.5 to prevent migration conflicts (Matt Westcott)

2.11.4 (16.02.2021)


 * Fix: Prevent delete button showing on collection / workflow edit views when delete permission is absent (Helder Correia)
 * Fix: Ensure aliases are published when the source page is published (Karl Hobley)
 * Fix: Make page privacy rules apply to aliases (Karl Hobley)

2.11.3 (10.12.2020)

  • Fix: Updated project template migrations to ensure that initial homepage creation runs before addition of locale field (Dan Braghis)
  • Fix: Restore ability to use translatable strings in LANGUAGES / WAGTAIL_CONTENT_LANGUAGES settings (Andreas Morgenstern)
  • Fix: Allow locale / translation_of API filters to be used in combination with search (Matt Westcott)
  • Fix: Prevent error on create_log_entries_from_revisions when checking publish state on a revision that cannot be restored (Kristin Riebe)

2.11.2 (17.11.2020)


 * Add custom finder to support Instagram oEmbed API (Luis Nell)
 * Add custom finder to support Facebook oEmbed API (Cynthia Kiser)
 * Fix: Improve performance of permission check on translations for edit page (Karl Hobley)
</tr></table> 

... (truncated)

Commits
  • b6f835d Version bump to 2.11.8
  • 863e6fc Release note for CVE-2021-32681 in Wagtail 2.11.8
  • 084a9c1 Apply correct HTML escaping to jinja2 include_block tag
  • e24f10c Apply correct HTML escaping to include_block tag output
  • 904b548 Version bump to 2.11.7
  • d2d4e6e Release note for CVE-2021-29434 in 2.11.7
  • cbbeae0 Add Kevin Breen to contributors
  • 5c7a609 Disallow links with unrecognised protocols in contentstate
  • 4ddfb48 Fill in release date for 2.11.6
  • a67d129 Version bump to 2.11.6
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PARINetwork/pari/network/alerts).