Bump wagtail from 2.7 to 2.11.8

[dependabot[bot]]

Bumps wagtail from 2.7 to 2.11.8.

Release notes

Sourced from wagtail's releases.

2.11.8

CVE-2021-32681 - fix improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks (Karen Tracey, Matt Westcott)

2.11.7

CVE-2021-29434 - fix improper validation of URLs ('Cross-site Scripting') in rich text fields (Kevin Breen, Matt Westcott)

2.11.6

• Fix: Un-pin django-treebeard following upstream fix for migration issue (Matt Westcott)
• Fix: Prevent crash when copying an alias page (Karl Hobley)
• Fix: Prevent errors on page editing after changing LANGUAGE_CODE (Matt Westcott)
• Fix: Correctly handle model inheritance and ClusterableModel on copy_for_translation (Karl Hobley)

2.11.5

• Pin django-treebeard to <4.5 to prevent migration conflicts (Matt Westcott)

2.11.4

• Fix: Prevent delete button showing on collection / workflow edit views when delete permission is absent (Helder Correia)
• Fix: Ensure aliases are published when the source page is published (Karl Hobley)
• Fix: Make page privacy rules apply to aliases (Karl Hobley)

2.11.3

• Fix: Updated project template migrations to ensure that initial homepage creation runs before addition of locale field (Dan Braghis)
• Fix: Restore ability to use translatable strings in LANGUAGES / WAGTAIL_CONTENT_LANGUAGES settings (Andreas Morgenstern)
• Fix: Allow locale / translation_of API filters to be used in combination with search (Matt Westcott)
• Fix: Prevent error on create_log_entries_from_revisions when checking publish state on a revision that cannot be restored (Kristin Riebe)

2.11.2

• Add custom finder to support Instagram oEmbed API (Luis Nell)
• Add custom finder to support Facebook oEmbed API (Cynthia Kiser)
• Fix: Improve performance of permission check on translations for edit page (Karl Hobley)
• Fix: Gracefully handle missing Locale records on Locale.get_active and .localized (Matt Westcott)
• Fix: Handle get_supported_language_variant returning a language variant not in LANGUAGES (Matt Westcott)
• Fix: Reinstate missing icon on settings edit view (Jérôme Lebleu)
• Fix: Avoid performance and pagination logic issues with a large number of languages (Karl Hobley)
• Fix: Allow deleting the default locale (Matt Westcott)

2.11.1

• Fix: Ensure that cached wagtail_site_root_paths structures from older Wagtail versions are invalidated (Sævar Öfjörð Magnússon)
• Fix: Avoid circular import between wagtail.admin.auth and custom user models (Matt Westcott)
• Fix: Prevent error on resolving page URLs when a locale outside of WAGTAIL_CONTENT_LANGUAGES is active (Matt Westcott)

2.11

• Add support for multi-lingual content (Karl Hobley)
• Add support for aliased pages (Karl Hobley)
• Add support for hierarchical/nested Collections (Robert Rollins)
• Extend treebeard's fix_tree method with the ability to non-destructively fix path issues and add a --full option to apply path fixes (Matt Westcott)
• Add before_edit_snippet, before_create_snippet and before_delete_snippet hooks and documentation (Karl Hobley. Sponsored by the Mozilla Foundation)
• Add register_snippet_listing_buttons and construct_snippet_listing_buttons hooks and documentation (Karl Hobley. Sponsored by the Mozilla Foundation)
• Add wagtail --version to available Wagtail CLI commands (Kalob Taulien)
• Add hooks.register_temporarily utility function for testing hooks (Karl Hobley. Sponsored by the Mozilla Foundation)

... (truncated)

Changelog

Sourced from wagtail's changelog.

2.11.8 (17.06.2021)

 * Fix: CVE-2021-32681 - fix improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks (Karen Tracey, Matt Westcott)
2.11.7 (19.04.2021)

• Fix: CVE-2021-29434 - fix improper validation of URLs ('Cross-site Scripting') in rich text fields (Kevin Breen, Matt Westcott)

2.11.6 (05.03.2021)

 * Fix: Un-pin django-treebeard following upstream fix for migration issue (Matt Westcott)
 * Fix: Prevent crash when copying an alias page (Karl Hobley)
 * Fix: Prevent errors on page editing after changing LANGUAGE_CODE (Matt Westcott)
 * Fix: Correctly handle model inheritance and `ClusterableModel` on `copy_for_translation` (Karl Hobley)
2.11.5 (18.02.2021)

• Fix: Pin django-treebeard to <4.5 to prevent migration conflicts (Matt Westcott)

2.11.4 (16.02.2021)

 * Fix: Prevent delete button showing on collection / workflow edit views when delete permission is absent (Helder Correia)
 * Fix: Ensure aliases are published when the source page is published (Karl Hobley)
 * Fix: Make page privacy rules apply to aliases (Karl Hobley)
2.11.3 (10.12.2020)

• Fix: Updated project template migrations to ensure that initial homepage creation runs before addition of locale field (Dan Braghis)
• Fix: Restore ability to use translatable strings in LANGUAGES / WAGTAIL_CONTENT_LANGUAGES settings (Andreas Morgenstern)
• Fix: Allow locale / translation_of API filters to be used in combination with search (Matt Westcott)
• Fix: Prevent error on create_log_entries_from_revisions when checking publish state on a revision that cannot be restored (Kristin Riebe)

2.11.2 (17.11.2020)

 * Add custom finder to support Instagram oEmbed API (Luis Nell)
 * Add custom finder to support Facebook oEmbed API (Cynthia Kiser)
 * Fix: Improve performance of permission check on translations for edit page (Karl Hobley)
</tr></table> 

... (truncated)

Commits

• b6f835d Version bump to 2.11.8
• 863e6fc Release note for CVE-2021-32681 in Wagtail 2.11.8
• 084a9c1 Apply correct HTML escaping to jinja2 include_block tag
• e24f10c Apply correct HTML escaping to include_block tag output
• 904b548 Version bump to 2.11.7
• d2d4e6e Release note for CVE-2021-29434 in 2.11.7
• cbbeae0 Add Kevin Breen to contributors
• 5c7a609 Disallow links with unrecognised protocols in contentstate
• 4ddfb48 Fill in release date for 2.11.6
• a67d129 Version bump to 2.11.6
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PARINetwork/pari/network/alerts).