pyup-bot
commented
2 months ago Closing this in favor of #2320
Closed pyup-bot closed 2 months ago
pyup-bot
commented
2 months ago Closing this in favor of #2320
Update pytz from 2023.3 to 2024.1.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/pytz - Homepage: http://pythonhosted.org/pytz - Docs: https://pythonhosted.org/pytz/Update Django from 4.2.1 to 5.0.6.
Changelog
### 5.0.6 ``` ========================== *May 7, 2024* Django 5.0.6 fixes a packaging error in 5.0.5. ========================== ``` ### 5.0.5 ``` ========================== *May 6, 2024* Django 5.0.5 fixes several bugs in 5.0.4. Bugfixes ======== * Fixed a bug in Django 5.0 that caused a crash of ``Model.save()`` when creating an instance of a model with a ``GeneratedField`` and providing a primary key (:ticket:`35350`). * Fixed a compatibility issue encountered in Python 3.11.9+ and 3.12.3+ when validating email max line lengths with content decoded using the ``surrogateescape`` error handling scheme (:ticket:`35361`). * Fixed a bug in Django 5.0 that caused a crash when applying migrations including alterations to ``GeneratedField`` such as setting ``db_index=True`` on SQLite (:ticket:`35373`). * Allowed importing ``aprefetch_related_objects`` from ``django.db.models`` (:ticket:`35392`). * Fixed a bug in Django 5.0 that caused a migration crash when a ``GeneratedField`` was added before any of the referenced fields from its ``expression`` definition (:ticket:`35359`). * Fixed a bug in Django 5.0 that caused a migration crash when altering a ``GeneratedField`` referencing a renamed field (:ticket:`35422`). * Fixed a bug in Django 5.0 where the ``querysets`` argument of ``GenericPrefetch`` was not required (:ticket:`35426`). ========================== ``` ### 5.0.4 ``` ========================== *April 3, 2024* Django 5.0.4 fixes several bugs in 5.0.3. Bugfixes ======== * Fixed a bug in Django 5.0 that caused a crash of ``Model.full_clean()`` on fields with expressions in ``db_default``. As a consequence, ``Model.full_clean()`` no longer validates for empty values in fields with ``db_default`` (:ticket:`35223`). * Fixed a regression in Django 5.0 where the ``AdminFileWidget`` could be rendered with two ``id`` attributes on the "Clear" checkbox (:ticket:`35273`). * Fixed a bug in Django 5.0 that caused a migration crash on PostgreSQL 15+ when adding a partial ``UniqueConstraint`` with ``nulls_distinct`` (:ticket:`35329`). * Fixed a crash in Django 5.0 when performing queries involving table aliases and lookups on a ``GeneratedField`` of the aliased table (:ticket:`35344`). * Fixed a bug in Django 5.0 that caused a migration crash when adding a ``GeneratedField`` relying on the ``__contains`` or ``__icontains`` lookups or using a ``Value`` containing a ``"%"`` (:ticket:`35336`). ========================== ``` ### 5.0.3 ``` ========================== *March 4, 2024* Django 5.0.3 fixes a security issue with severity "moderate" and several bugs in 5.0.2. CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` ========================================================================================================= ``django.utils.text.Truncator.words()`` method (with ``html=True``) and :tfilter:`truncatewords_html` template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to :cve:`2019-14232` and :cve:`2023-43665`). Bugfixes ======== * Fixed a regression in Django 5.0.2 where ``intcomma`` template filter could return a leading comma for string representation of floats (:ticket:`35172`). * Fixed a bug in Django 5.0 that caused a crash of ``Signal.asend()`` and ``asend_robust()`` when all receivers were asynchronous functions (:ticket:`35174`). * Fixed a regression in Django 5.0.1 where :meth:`.ModelAdmin.lookup_allowed` would prevent filtering against foreign keys using lookups like ``__isnull`` when the field was not included in :attr:`.ModelAdmin.list_filter` (:ticket:`35173`). * Fixed a regression in Django 5.0 that caused a crash of ``sensitive_variables`` and ``sensitive_post_parameters`` decorators on functions loaded from ``.pyc`` files (:ticket:`35187`). * Fixed a regression in Django 5.0 that caused a crash when reloading a test database and a base queryset for a base manager used ``prefetch_related()`` (:ticket:`35238`). * Fixed a bug in Django 5.0 where facet filters in the admin would crash on a ``SimpleListFilter`` using a queryset without primary keys (:ticket:`35198`). ========================== ``` ### 5.0.2 ``` ========================== *February 6, 2024* Django 5.0.2 fixes a security issue with severity "moderate" and several bugs in 5.0.1. Also, the latest string translations from Transifex are incorporated. CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter =========================================================================== The ``intcomma`` template filter was subject to a potential denial-of-service attack when used with very long strings. Bugfixes ======== * Reallowed, following a regression in Django 5.0.1, filtering against local foreign keys not included in :attr:`.ModelAdmin.list_filter` (:ticket:`35087`). * Fixed a regression in Django 5.0 where links in the admin had an incorrect color (:ticket:`35121`). * Fixed a bug in Django 5.0 that caused a crash of ``Model.full_clean()`` on models with a ``GeneratedField`` (:ticket:`35127`). * Fixed a regression in Django 5.0 that caused a crash of ``FilteredRelation()`` with querysets as right-hand sides (:ticket:`35135`). ``FilteredRelation()`` now raises a ``ValueError`` on querysets as right-hand sides. * Fixed a regression in Django 5.0 that caused a crash of the ``dumpdata`` management command when a base queryset used ``prefetch_related()`` (:ticket:`35159`). * Fixed a regression in Django 5.0 that caused the ``request_finished`` signal to sometimes not be fired when running Django through an ASGI server, resulting in potential resource leaks (:ticket:`35059`). * Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a ``BinaryField``, ``TextField``, ``JSONField``, or ``GeometryField`` with a ``db_default`` (:ticket:`35162`). * Fixed a bug in Django 5.0 that caused a migration crash on models with a literal ``db_default`` of a complex type such as ``dict`` instance of a ``JSONField``. Running ``makemigrations`` might generate no-op ``AlterField`` operations for fields using ``db_default`` (:ticket:`35149`). ========================== ``` ### 5.0.1 ``` ========================== *January 2, 2024* Django 5.0.1 fixes several bugs in 5.0. Bugfixes ======== * Reallowed, following a regression in Django 5.0, using a foreign key to a model with a primary key that is not ``AutoField`` in :attr:`.ModelAdmin.list_filter` (:ticket:`35020`). * Fixed a long standing bug in handling the ``RETURNING INTO`` clause that caused a crash when creating a model instance with a ``GeneratedField`` which ``output_field`` had backend-specific converters (:ticket:`35024`). * Fixed a regression in Django 5.0 that caused a crash of ``Model.save()`` for models with both ``GeneratedField`` and ``ForeignKey`` fields (:ticket:`35019`). * Fixed a bug in Django 5.0 that caused a migration crash on Oracle < 23c when adding a ``GeneratedField`` with ``output_field=BooleanField`` (:ticket:`35018`). * Fixed a regression in Django 5.0 where admin fields on the same line could overflow the page and become non-interactive (:ticket:`35012`). * Added compatibility for ``oracledb`` 2.0.0 (:ticket:`35054`). * Fixed a regression in Django 5.0 where querysets referenced incorrect field names from ``FilteredRelation()`` (:ticket:`35050`). * Fixed a regression in Django 5.0 that caused a system check crash when ``ModelAdmin.filter_horizontal`` or ``filter_vertical`` contained a reverse many-to-many relation with ``related_name`` (:ticket:`35056`). ======================== ``` ### 5.0 ``` ======================== *December 4, 2023* Welcome to Django 5.0! These release notes cover the :ref:`new features <whats-new-5.0>`, as well as some :ref:`backwards incompatible changes <backwards-incompatible-5.0>` you'll want to be aware of when upgrading from Django 4.2 or earlier. We've :ref:`begun the deprecation process for some features <deprecated-features-5.0>`. See the :doc:`/howto/upgrade-version` guide if you're updating an existing project. Python compatibility ==================== Django 5.0 supports Python 3.10, 3.11, and 3.12. We **highly recommend** and only officially support the latest release of each series. The Django 4.2.x series is the last to support Python 3.8 and 3.9. Third-party library support for older version of Django ======================================================= Following the release of Django 5.0, we suggest that third-party app authors drop support for all versions of Django prior to 4.2. At that time, you should be able to run your package's tests using ``python -Wd`` so that deprecation warnings appear. After making the deprecation warning fixes, your app should be compatible with Django 5.0. .. _whats-new-5.0: What's new in Django 5.0 ======================== Facet filters in the admin -------------------------- Facet counts are now shown for applied filters in the admin changelist when toggled on via the UI. This behavior can be changed via the new :attr:`.ModelAdmin.show_facets` attribute. For more information see :ref:`facet-filters`. Simplified templates for form field rendering --------------------------------------------- Django 5.0 introduces the concept of a field group, and field group templates. This simplifies rendering of the related elements of a Django form field such as its label, widget, help text, and errors. For example, the template below: .. code-block:: html+django <form> ... <div> {{ form.name.label_tag }} {% if form.name.help_text %} <div class="helptext" id="{{ form.name.auto_id }}_helptext"> {{ form.name.help_text|safe }} </div> {% endif %} {{ form.name.errors }} {{ form.name }} <div class="row"> <div class="col"> {{ form.email.label_tag }} {% if form.email.help_text %} <div class="helptext" id="{{ form.email.auto_id }}_helptext"> {{ form.email.help_text|safe }} </div> {% endif %} {{ form.email.errors }} {{ form.email }} </div> <div class="col"> {{ form.password.label_tag }} {% if form.password.help_text %} <div class="helptext" id="{{ form.password.auto_id }}_helptext"> {{ form.password.help_text|safe }} </div> {% endif %} {{ form.password.errors }} {{ form.password }} </div> </div> </div> ... </form> Can now be simplified to: .. code-block:: html+django <form> ... <div> {{ form.name.as_field_group }} <div class="row"> <div class="col">{{ form.email.as_field_group }}</div> <div class="col">{{ form.password.as_field_group }}</div> </div> </div> ... </form> :meth:`~django.forms.BoundField.as_field_group` renders fields with the ``"django/forms/field.html"`` template by default and can be customized on a per-project, per-field, or per-request basis. See :ref:`reusable-field-group-templates`. Database-computed default values -------------------------------- The new :attr:`Field.db_default <django.db.models.Field.db_default>` parameter sets a database-computed default value. For example:: from django.db import models from django.db.models.functions import Now, Pi class MyModel(models.Model): age = models.IntegerField(db_default=18) created = models.DateTimeField(db_default=Now()) circumference = models.FloatField(db_default=2 * Pi()) Database generated model field ------------------------------ The new :class:`~django.db.models.GeneratedField` allows creation of database generated columns. This field can be used on all supported database backends to create a field that is always computed from other fields. For example:: from django.db import models from django.db.models import F class Square(models.Model): side = models.IntegerField() area = models.GeneratedField( expression=F("side") * F("side"), output_field=models.BigIntegerField(), db_persist=True, ) More options for declaring field choices ---------------------------------------- :attr:`.Field.choices` *(for model fields)* and :attr:`.ChoiceField.choices` *(for form fields)* allow for more flexibility when declaring their values. In previous versions of Django, ``choices`` should either be a list of 2-tuples, or an :ref:`field-choices-enum-types` subclass, but the latter required accessing the ``.choices`` attribute to provide the values in the expected form:: from django.db import models Medal = models.TextChoices("Medal", "GOLD SILVER BRONZE") SPORT_CHOICES = [ ("Martial Arts", [("judo", "Judo"), ("karate", "Karate")]), ("Racket", [("badminton", "Badminton"), ("tennis", "Tennis")]), ("unknown", "Unknown"), ] class Winner(models.Model): name = models.CharField(...) medal = models.CharField(..., choices=Medal.choices) sport = models.CharField(..., choices=SPORT_CHOICES) Django 5.0 adds support for accepting a mapping or a callable instead of an iterable, and also no longer requires ``.choices`` to be used directly to expand :ref:`enumeration types <field-choices-enum-types>`:: from django.db import models Medal = models.TextChoices("Medal", "GOLD SILVER BRONZE") SPORT_CHOICES = { Using a mapping instead of a list of 2-tuples. "Martial Arts": {"judo": "Judo", "karate": "Karate"}, "Racket": {"badminton": "Badminton", "tennis": "Tennis"}, "unknown": "Unknown", } def get_scores(): return [(i, str(i)) for i in range(10)] class Winner(models.Model): name = models.CharField(...) medal = models.CharField(..., choices=Medal) Using `.choices` not required. sport = models.CharField(..., choices=SPORT_CHOICES) score = models.IntegerField(choices=get_scores) A callable is allowed. Under the hood the provided ``choices`` are normalized into a list of 2-tuples as the canonical form whenever the ``choices`` value is updated. For more information, please check the :ref:`model field reference on choices <field-choices>`. Minor features -------------- :mod:`django.contrib.admin` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :meth:`.AdminSite.get_log_entries` method allows customizing the queryset for the site's listed log entries. * The ``django.contrib.admin.AllValuesFieldListFilter``, ``ChoicesFieldListFilter``, ``RelatedFieldListFilter``, and ``RelatedOnlyFieldListFilter`` admin filters now handle multi-valued query parameters. * ``XRegExp`` is upgraded from version 3.2.0 to 5.1.1. * The new :meth:`.AdminSite.get_model_admin` method returns an admin class for the given model class. * Properties in :attr:`.ModelAdmin.list_display` now support ``boolean`` attribute. * jQuery is upgraded from version 3.6.4 to 3.7.1. :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ * The default iteration count for the PBKDF2 password hasher is increased from 600,000 to 720,000. * The new asynchronous functions are now provided, using an ``a`` prefix: :func:`django.contrib.auth.aauthenticate`, :func:`~.django.contrib.auth.aget_user`, :func:`~.django.contrib.auth.alogin`, :func:`~.django.contrib.auth.alogout`, and :func:`~.django.contrib.auth.aupdate_session_auth_hash`. * ``AuthenticationMiddleware`` now adds an :meth:`.HttpRequest.auser` asynchronous method that returns the currently logged-in user. * The new :func:`django.contrib.auth.hashers.acheck_password` asynchronous function and :meth:`.AbstractBaseUser.acheck_password` method allow asynchronous checking of user passwords. :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * :meth:`.QuerySet.prefetch_related` now supports prefetching :class:`~django.contrib.contenttypes.fields.GenericForeignKey` with non-homogeneous set of results. :mod:`django.contrib.gis` ~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :class:`ClosestPoint() <django.contrib.gis.db.models.functions.ClosestPoint>` function returns a 2-dimensional point on the geometry that is closest to another geometry. * :ref:`GIS aggregates <gis-aggregation-functions>` now support the ``filter`` argument. * Support for GDAL 3.7 and GEOS 3.12 is added. * The new :meth:`.GEOSGeometry.equals_identical` method allows point-wise equivalence checking of geometries. :mod:`django.contrib.messages` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :meth:`.MessagesTestMixin.assertMessages` assertion method allows testing :mod:`~django.contrib.messages` added to a :class:`response <django.http.HttpResponse>`. :mod:`django.contrib.postgres` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :attr:`~.ExclusionConstraint.violation_error_code` attribute of :class:`~django.contrib.postgres.constraints.ExclusionConstraint` allows customizing the ``code`` of ``ValidationError`` raised during :ref:`model validation <validating-objects>`. Asynchronous views ~~~~~~~~~~~~~~~~~~ * Under ASGI, ``http.disconnect`` events are now handled. This allows views to perform any necessary cleanup if a client disconnects before the response is generated. See :ref:`async-handling-disconnect` for more details. Decorators ~~~~~~~~~~ * The following decorators now support wrapping asynchronous view functions: * :func:`~django.views.decorators.cache.cache_control` * :func:`~django.views.decorators.cache.never_cache` * :func:`~django.views.decorators.common.no_append_slash` * :func:`~django.views.decorators.csrf.csrf_exempt` * :func:`~django.views.decorators.csrf.csrf_protect` * :func:`~django.views.decorators.csrf.ensure_csrf_cookie` * :func:`~django.views.decorators.csrf.requires_csrf_token` * :func:`~django.views.decorators.debug.sensitive_variables` * :func:`~django.views.decorators.debug.sensitive_post_parameters` * :func:`~django.views.decorators.gzip.gzip_page` * :func:`~django.views.decorators.http.condition` * ``conditional_page()`` * :func:`~django.views.decorators.http.etag` * :func:`~django.views.decorators.http.last_modified` * :func:`~django.views.decorators.http.require_http_methods` * :func:`~django.views.decorators.http.require_GET` * :func:`~django.views.decorators.http.require_POST` * :func:`~django.views.decorators.http.require_safe` * :func:`~django.views.decorators.vary.vary_on_cookie` * :func:`~django.views.decorators.vary.vary_on_headers` * ``xframe_options_deny()`` * ``xframe_options_sameorigin()`` * ``xframe_options_exempt()`` Error Reporting ~~~~~~~~~~~~~~~ * :func:`~django.views.decorators.debug.sensitive_variables` and :func:`~django.views.decorators.debug.sensitive_post_parameters` can now be used with asynchronous functions. File Storage ~~~~~~~~~~~~ * :meth:`.File.open` now passes all positional (``*args``) and keyword arguments (``**kwargs``) to Python's built-in :func:`python:open`. Forms ~~~~~ * The new :attr:`~django.forms.URLField.assume_scheme` argument for :class:`~django.forms.URLField` allows specifying a default URL scheme. * In order to improve accessibility, the following changes are made: * Form fields now include the ``aria-describedby`` HTML attribute to enable screen readers to associate form fields with their help text. * Invalid form fields now include the ``aria-invalid="true"`` HTML attribute. Internationalization ~~~~~~~~~~~~~~~~~~~~ * Support and translations for the Uyghur language are now available. Migrations ~~~~~~~~~~ * Serialization of functions decorated with :func:`functools.cache` or :func:`functools.lru_cache` is now supported without the need to write a custom serializer. Models ~~~~~~ * The new ``create_defaults`` argument of :meth:`.QuerySet.update_or_create` and :meth:`.QuerySet.aupdate_or_create` methods allows specifying a different field values for the create operation. * The new ``violation_error_code`` attribute of :class:`~django.db.models.BaseConstraint`, :class:`~django.db.models.CheckConstraint`, and :class:`~django.db.models.UniqueConstraint` allows customizing the ``code`` of ``ValidationError`` raised during :ref:`model validation <validating-objects>`. * The :ref:`force_insert <ref-models-force-insert>` argument of :meth:`.Model.save` now allows specifying a tuple of parent classes that must be forced to be inserted. * :meth:`.QuerySet.bulk_create` and :meth:`.QuerySet.abulk_create` methods now set the primary key on each model instance when the ``update_conflicts`` parameter is enabled (if the database supports it). * The new :attr:`.UniqueConstraint.nulls_distinct` attribute allows customizing the treatment of ``NULL`` values on PostgreSQL 15+. * The new :func:`~django.shortcuts.aget_object_or_404` and :func:`~django.shortcuts.aget_list_or_404` asynchronous shortcuts allow asynchronous getting objects. * The new :func:`~django.db.models.aprefetch_related_objects` function allows asynchronous prefetching of model instances. * :meth:`.QuerySet.aiterator` now supports previous calls to ``prefetch_related()``. * On MariaDB 10.7+, ``UUIDField`` is now created as ``UUID`` column rather than ``CHAR(32)`` column. See the migration guide above for more details on :ref:`migrating-uuidfield`. * Django now supports `oracledb`_ version 1.3.2 or higher. Support for ``cx_Oracle`` is deprecated as of this release and will be removed in Django 6.0. Pagination ~~~~~~~~~~ * The new :attr:`django.core.paginator.Paginator.error_messages` argument allows customizing the error messages raised by :meth:`.Paginator.page`. Signals ~~~~~~~ * The new :meth:`.Signal.asend` and :meth:`.Signal.asend_robust` methods allow asynchronous signal dispatch. Signal receivers may be synchronous or asynchronous, and will be automatically adapted to the correct calling style. Templates ~~~~~~~~~ * The new :tfilter:`escapeseq` template filter applies :tfilter:`escape` to each element of a sequence. Tests ~~~~~ * :class:`~django.test.Client` and :class:`~django.test.AsyncClient` now provide asynchronous methods, using an ``a`` prefix: :meth:`~django.test.Client.asession`, :meth:`~django.test.Client.alogin`, :meth:`~django.test.Client.aforce_login`, and :meth:`~django.test.Client.alogout`. * :class:`~django.test.AsyncClient` now supports the ``follow`` parameter. * :class:`~django.test.runner.DiscoverRunner` now allows showing the duration of the slowest tests using the :option:`test --durations` option (available on Python 3.12+). Validators ~~~~~~~~~~ * The new ``offset`` argument of :class:`~django.core.validators.StepValueValidator` allows specifying an offset for valid values. .. _backwards-incompatible-5.0: Backwards incompatible changes in 5.0 ===================================== Database backend API -------------------- This section describes changes that may be needed in third-party database backends. * ``DatabaseFeatures.supports_expression_defaults`` should be set to ``False`` if the database doesn't support using database functions as defaults. * ``DatabaseFeatures.supports_default_keyword_in_insert`` should be set to ``False`` if the database doesn't support the ``DEFAULT`` keyword in ``INSERT`` queries. * ``DatabaseFeatures.supports_default_keyword_in_bulk_insert`` should be set to ``False`` if the database doesn't support the ``DEFAULT`` keyword in bulk ``INSERT`` queries. :mod:`django.contrib.gis` ------------------------- * Support for GDAL 2.2 and 2.3 is removed. * Support for GEOS 3.6 and 3.7 is removed. :mod:`django.contrib.sitemaps` ------------------------------ * The ``django.contrib.sitemaps.ping_google()`` function and the ``ping_google`` management command are removed as the Google Sitemaps ping endpoint is deprecated and will be removed in January 2024. * The ``django.contrib.sitemaps.SitemapNotFound`` exception class is removed. Dropped support for MySQL < 8.0.11 ---------------------------------- Support for pre-releases of MySQL 8.0.x series is removed. Django 5.0 supports MySQL 8.0.11 and higher. Using ``create_defaults__exact`` may now be required with ``QuerySet.update_or_create()`` ----------------------------------------------------------------------------------------- :meth:`.QuerySet.update_or_create` now supports the parameter ``create_defaults``. As a consequence, any models that have a field named ``create_defaults`` that are used with an ``update_or_create()`` should specify the field in the lookup with ``create_defaults__exact``. .. _migrating-uuidfield: Migrating existing ``UUIDField`` on MariaDB 10.7+ ------------------------------------------------- On MariaDB 10.7+, ``UUIDField`` is now created as ``UUID`` column rather than ``CHAR(32)`` column. As a consequence, any ``UUIDField`` created in Django < 5.0 should be replaced with a ``UUIDField`` subclass backed by ``CHAR(32)``:: class Char32UUIDField(models.UUIDField): def db_type(self, connection): return "char(32)" def get_db_prep_value(self, value, connection, prepared=False): value = super().get_db_prep_value(value, connection, prepared) if value is not None: value = value.hex return value For example:: class MyModel(models.Model): uuid = models.UUIDField(primary_key=True, default=uuid.uuid4) Should become:: class Char32UUIDField(models.UUIDField): ... class MyModel(models.Model): uuid = Char32UUIDField(primary_key=True, default=uuid.uuid4) Running the :djadmin:`makemigrations` command will generate a migration containing a no-op ``AlterField`` operation. Miscellaneous ------------- * The ``instance`` argument of the undocumented ``BaseModelFormSet.save_existing()`` method is renamed to ``obj``. * The undocumented ``django.contrib.admin.helpers.checkbox`` is removed. * Integer fields are now validated as 64-bit integers on SQLite to match the behavior of ``sqlite3``. * The undocumented ``Query.annotation_select_mask`` attribute is changed from a set of strings to an ordered list of strings. * ``ImageField.update_dimension_fields()`` is no longer called on the ``post_init`` signal if ``width_field`` and ``height_field`` are not set. * :class:`~django.db.models.functions.Now` database function now uses ``LOCALTIMESTAMP`` instead of ``CURRENT_TIMESTAMP`` on Oracle. * :attr:`.AdminSite.site_header` is now rendered in a ``<div>`` tag instead of ``<h1>``. Screen reader users rely on heading elements for navigation within a page. Having two ``<h1>`` elements was confusing and the site header wasn't helpful as it is repeated on all pages. * In order to improve accessibility, the admin's main content area and header content area are now rendered in a ``<main>`` and ``<header>`` tag instead of ``<div>``. * On databases without native support for the SQL ``XOR`` operator, ``^`` as the exclusive or (``XOR``) operator now returns rows that are matched by an odd number of operands rather than exactly one operand. This is consistent with the behavior of MySQL, MariaDB, and Python. * The minimum supported version of ``asgiref`` is increased from 3.6.0 to 3.7.0. * The minimum supported version of ``selenium`` is increased from 3.8.0 to 4.8.0. * The ``AlreadyRegistered`` and ``NotRegistered`` exceptions are moved from ``django.contrib.admin.sites`` to ``django.contrib.admin.exceptions``. * The minimum supported version of SQLite is increased from 3.21.0 to 3.27.0. * Support for ``cx_Oracle`` < 8.3 is removed. * Executing SQL queries before the app registry has been fully populated now raises :exc:`RuntimeWarning`. * :exc:`~django.core.exceptions.BadRequest` is raised for non-UTF-8 encoded requests with the :mimetype:`application/x-www-form-urlencoded` content type. See :rfc:`1866` for more details. * The minimum supported version of ``colorama`` is increased to 0.4.6. * The minimum supported version of ``docutils`` is increased to 0.19. * Filtering querysets against overflowing integer values now always returns an empty queryset. As a consequence, you may need to use ``ExpressionWrapper()`` to :ref:`explicitly wrap <using-f-with-annotations>` arithmetic against integer fields in such cases. .. _deprecated-features-5.0: Features deprecated in 5.0 ========================== Miscellaneous ------------- * The ``DjangoDivFormRenderer`` and ``Jinja2DivFormRenderer`` transitional form renderers are deprecated. * Passing positional arguments ``name`` and ``violation_error_message`` to :class:`~django.db.models.BaseConstraint` is deprecated in favor of keyword-only arguments. * ``request`` is added to the signature of :meth:`.ModelAdmin.lookup_allowed`. Support for ``ModelAdmin`` subclasses that do not accept this argument is deprecated. * The ``get_joining_columns()`` method of ``ForeignObject`` and ``ForeignObjectRel`` is deprecated. Starting with Django 6.0, ``django.db.models.sql.datastructures.Join`` will no longer fallback to ``get_joining_columns()``. Subclasses should implement ``get_joining_fields()`` instead. * The ``ForeignObject.get_reverse_joining_columns()`` method is deprecated. * The default scheme for ``forms.URLField`` will change from ``"http"`` to ``"https"`` in Django 6.0. Set :setting:`FORMS_URLFIELD_ASSUME_HTTPS` transitional setting to ``True`` to opt into assuming ``"https"`` during the Django 5.x release cycle. * ``FORMS_URLFIELD_ASSUME_HTTPS`` transitional setting is deprecated. * Support for calling ``format_html()`` without passing args or kwargs will be removed. * Support for ``cx_Oracle`` is deprecated in favor of `oracledb`_ 1.3.2+ Python driver. * ``DatabaseOperations.field_cast_sql()`` is deprecated in favor of ``DatabaseOperations.lookup_cast()``. Starting with Django 6.0, ``BuiltinLookup.process_lhs()`` will no longer call ``field_cast_sql()``. Third-party database backends should implement ``lookup_cast()`` instead. * The ``django.db.models.enums.ChoicesMeta`` metaclass is renamed to ``ChoicesType``. * The ``Prefetch.get_current_queryset()`` method is deprecated. * The ``get_prefetch_queryset()`` method of related managers and descriptors is deprecated. Starting with Django 6.0, ``get_prefetcher()`` and ``prefetch_related_objects()`` will no longer fallback to ``get_prefetch_queryset()``. Subclasses should implement ``get_prefetch_querysets()`` instead. .. _`oracledb`: https://oracle.github.io/python-oracledb/ Features removed in 5.0 ======================= These features have reached the end of their deprecation cycle and are removed in Django 5.0. See :ref:`deprecated-features-4.0` for details on these changes, including how to remove usage of these features. * The ``SERIALIZE`` test setting is removed. * The undocumented ``django.utils.baseconv`` module is removed. * The undocumented ``django.utils.datetime_safe`` module is removed. * The default value of the ``USE_TZ`` setting is changed from ``False`` to ``True``. * The default sitemap protocol for sitemaps built outside the context of a request is changed from ``'http'`` to ``'https'``. * The ``extra_tests`` argument for ``DiscoverRunner.build_suite()`` and ``DiscoverRunner.run_tests()`` is removed. * The ``django.contrib.postgres.aggregates.ArrayAgg``, ``JSONBAgg``, and ``StringAgg`` aggregates no longer return ``[]``, ``[]``, and ``''``, respectively, when there are no rows. * The ``USE_L10N`` setting is removed. * The ``USE_DEPRECATED_PYTZ`` transitional setting is removed. * Support for ``pytz`` timezones is removed. * The ``is_dst`` argument is removed from: * ``QuerySet.datetimes()`` * ``django.utils.timezone.make_aware()`` * ``django.db.models.functions.Trunc()`` * ``django.db.models.functions.TruncSecond()`` * ``django.db.models.functions.TruncMinute()`` * ``django.db.models.functions.TruncHour()`` * ``django.db.models.functions.TruncDay()`` * ``django.db.models.functions.TruncWeek()`` * ``django.db.models.functions.TruncMonth()`` * ``django.db.models.functions.TruncQuarter()`` * ``django.db.models.functions.TruncYear()`` * The ``django.contrib.gis.admin.GeoModelAdmin`` and ``OSMGeoAdmin`` classes are removed. * The undocumented ``BaseForm._html_output()`` method is removed. * The ability to return a ``str``, rather than a ``SafeString``, when rendering an ``ErrorDict`` and ``ErrorList`` is removed. See :ref:`deprecated-features-4.1` for details on these changes, including how to remove usage of these features. * The ``SitemapIndexItem.__str__()`` method is removed. * The ``CSRF_COOKIE_MASKED`` transitional setting is removed. * The ``name`` argument of ``django.utils.functional.cached_property()`` is removed. * The ``opclasses`` argument of ``django.contrib.postgres.constraints.ExclusionConstraint`` is removed. * The undocumented ability to pass ``errors=None`` to ``SimpleTestCase.assertFormError()`` and ``assertFormsetError()`` is removed. * ``django.contrib.sessions.serializers.PickleSerializer`` is removed. * The usage of ``QuerySet.iterator()`` on a queryset that prefetches related objects without providing the ``chunk_size`` argument is no longer allowed. * Passing unsaved model instances to related filters is no longer allowed. * ``created=True`` is required in the signature of ``RemoteUserBackend.configure_user()`` subclasses. * Support for logging out via ``GET`` requests in the ``django.contrib.auth.views.LogoutView`` and ``django.contrib.auth.views.logout_then_login()`` is removed. * The ``django.utils.timezone.utc`` alias to ``datetime.timezone.utc`` is removed. * Passing a response object and a form/formset name to ``SimpleTestCase.assertFormError()`` and ``assertFormSetError()`` is no longer allowed. * The ``django.contrib.gis.admin.OpenLayersWidget`` is removed. + The ``django.contrib.auth.hashers.CryptPasswordHasher`` is removed. * The ``"django/forms/default.html"`` and ``"django/forms/formsets/default.html"`` templates are removed. * The default form and formset rendering style is changed to the div-based. * Passing ``nulls_first=False`` or ``nulls_last=False`` to ``Expression.asc()`` and ``Expression.desc()`` methods, and the ``OrderBy`` expression is no longer allowed. =========================== ``` ### 4.2.13 ``` =========================== *May 7, 2024* Django 4.2.13 fixes a packaging error in 4.2.12. =========================== ``` ### 4.2.12 ``` =========================== *May 6, 2024* Django 4.2.12 fixes a compatibility issue with Python 3.11.9+ and 3.12.3+. Bugfixes ======== * Fixed a crash in Django 4.2 when validating email max line lengths with content decoded using the ``surrogateescape`` error handling scheme (:ticket:`35361`). =========================== ``` ### 4.2.11 ``` =========================== *March 4, 2024* Django 4.2.11 fixes a security issue with severity "moderate" and a regression in 4.2.10. CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` ========================================================================================================= ``django.utils.text.Truncator.words()`` method (with ``html=True``) and :tfilter:`truncatewords_html` template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to :cve:`2019-14232` and :cve:`2023-43665`). Bugfixes ======== * Fixed a regression in Django 4.2.10 where ``intcomma`` template filter could return a leading comma for string representation of floats (:ticket:`35172`). =========================== ``` ### 4.2.10 ``` =========================== *February 6, 2024* Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9. CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter =========================================================================== The ``intcomma`` template filter was subject to a potential denial-of-service attack when used with very long strings. ========================== ``` ### 4.2.9 ``` ========================== *January 2, 2024* Django 4.2.9 fixes a bug in 4.2.8. Bugfixes ======== * Fixed a regression in Django 4.2.8 where admin fields on the same line could overflow the page and become non-interactive (:ticket:`35012`). ========================== ``` ### 4.2.8 ``` ========================== *December 4, 2023* Django 4.2.8 fixes several bugs in 4.2.7 and adds compatibility with Python 3.12. Bugfixes ======== * Fixed a regression in Django 4.2 that caused :option:`makemigrations --check` to stop displaying pending migrations (:ticket:`34457`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing other aggregates or window functions through conditional expressions (:ticket:`34975`). * Fixed a regression in Django 4.2 that caused a crash when annotating a ``QuerySet`` with a ``Window`` expressions composed of a ``partition_by`` clause mixing field types and aggregation expressions (:ticket:`34987`). * Fixed a regression in Django 4.2 where the admin's change list page had misaligned pagination links and inputs when using ``list_editable`` (:ticket:`34991`). * Fixed a regression in Django 4.2 where checkboxes in the admin would be centered on narrower screen widths (:ticket:`34994`). * Fixed a regression in Django 4.2 that caused a crash of querysets with aggregations on MariaDB when the ``ONLY_FULL_GROUP_BY`` SQL mode was enabled (:ticket:`34992`). * Fixed a regression in Django 4.2 where the admin's read-only password widget and some help texts were incorrectly aligned at tablet widths (:ticket:`34982`). * Fixed a regression in Django 4.2 that caused a migration crash on SQLite when altering unsupported ``Meta.db_table_comment`` (:ticket:`35006`). ========================== ``` ### 4.2.7 ``` ========================== *November 1, 2023* Django 4.2.7 fixes a security issue with severity "moderate" and several bugs in 4.2.6. CVE-2023-46695: Potential denial of service vulnerability in ``UsernameField`` on Windows ========================================================================================= The :func:`NFKC normalization <python:unicodedata.normalize>` is slow on Windows. As a consequence, ``django.contrib.auth.forms.UsernameField`` was subject to a potential denial of service attack via certain inputs with a very large number of Unicode characters. In order to avoid the vulnerability, invalid values longer than ``UsernameField.max_length`` are no longer normalized, since they cannot pass validation anyway. Bugfixes ======== * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing expressions containing subqueries (:ticket:`34798`). * Restored, following a regression in Django 4.2, creating ``varchar/text_pattern_ops`` indexes on ``CharField`` and ``TextField`` with deterministic collations on PostgreSQL (:ticket:`34932`). ========================== ``` ### 4.2.6 ``` ========================== *October 4, 2023* Django 4.2.6 fixes a security issue with severity "moderate" and several bugs in 4.2.5. CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator`` ================================================================================ Following the fix for :cve:`2019-14232`, the regular expressions used in the implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods (with ``html=True``) were revised and improved. However, these regular expressions still exhibited linear backtracking complexity, so when given a very long, potentially malformed HTML input, the evaluation would still be slow, leading to a potential denial of service vulnerability. The ``chars()`` and ``words()`` methods are used to implement the :tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template filters, which were thus also vulnerable. The input processed by ``Truncator``, when operating in HTML mode, has been limited to the first five million characters in order to avoid potential performance and memory issues. Bugfixes ======== * Fixed a regression in Django 4.2.5 where overriding the deprecated ``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings in tests caused the main ``STORAGES`` to mutate (:ticket:`34821`). * Fixed a regression in Django 4.2 that caused unnecessary casting of string based fields (``CharField``, ``EmailField``, ``TextField``, ``CICharField``, ``CIEmailField``, and ``CITextField``) used with the ``__isnull`` lookup on PostgreSQL. As a consequence, indexes using an ``__isnull`` expression or condition created before Django 4.2 wouldn't be used by the query planner, leading to a performance regression (:ticket:`34840`). You may need to recreate such indexes created in your database with Django 4.2 to 4.2.5, as they contain unnecessary ``::text`` casting. Find candidate indexes with this query: .. code-block:: sql SELECT indexname, indexdef FROM pg_indexes WHERE indexdef LIKE '%::text IS %NULL'; ========================== ``` ### 4.2.5 ``` ========================== *September 4, 2023* Django 4.2.5 fixes a security issue with severity "moderate" and several bugs in 4.2.4. CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` =================================================================================================== ``django.utils.encoding.uri_to_iri()`` was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. Bugfixes ======== * Fixed a regression in Django 4.2 that caused an incorrect validation of ``CheckConstraints`` on ``__isnull`` lookups against ``JSONField`` (:ticket:`34754`). * Fixed a bug in Django 4.2 where the deprecated ``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings were not synced with ``STORAGES`` (:ticket:`34773`). * Fixed a regression in Django 4.2.2 that caused an unnecessary selection of a non-nullable ``ManyToManyField`` without a natural key during serialization (:ticket:`34779`). * Fixed a regression in Django 4.2 that caused a crash of a queryset when filtering against deeply nested ``OuterRef()`` annotations (:ticket:`34803`). ========================== ``` ### 4.2.4 ``` ========================== *August 1, 2023* Django 4.2.4 fixes several bugs in 4.2.3. Bugfixes ======== * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing window functions (:ticket:`34717`). * Fixed a regression in Django 4.2 that caused a crash when grouping by a reference in a subquery (:ticket:`34748`). * Fixed a regression in Django 4.2 that caused aggregation over query that uses explicit grouping by multi-valued annotations to group against the wrong columns (:ticket:`34750`). ========================== ``` ### 4.2.3 ``` ========================== *July 3, 2023* Django 4.2.3 fixes a security issue with severity "moderate" and several bugs in 4.2.2. CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator`` =================================================================================================================== ``EmailValidator`` and ``URLValidator`` were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs. Bugfixes ======== * Fixed a regression in Django 4.2 that caused incorrect alignment of timezone warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`). * Fixed a regression in Django 4.2 that caused incorrect highlighting of rows in the admin changelist view when ``ModelAdmin.list_editable`` contained a ``BooleanField`` (:ticket:`34638`). ========================== ``` ### 4.2.2 ``` ========================== *June 5, 2023* Django 4.2.2 fixes several bugs in 4.2.1. Bugfixes ======== * Fixed a regression in Django 4.2 that caused an unnecessary ``DBMS_LOB.SUBSTR()`` wrapping in the ``__isnull`` and ``__exact=None`` lookups for ``TextField()``/``BinaryField()`` on Oracle (:ticket:`34544`). * Restored, following a regression in Django 4.2, ``get_prep_value()`` call in ``JSONField`` subclasses (:ticket:`34539`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.defer()`` when passing a ``ManyToManyField`` or ``GenericForeignKey`` reference. While doing so is a no-op, it was allowed in older version (:ticket:`34570`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.only()`` when passing a reverse ``OneToOneField`` reference (:ticket:`34612`). * Fixed a bug in Django 4.2 where :option:`makemigrations --update` didn't respect the ``--name`` option (:ticket:`34568`). * Fixed a performance regression in Django 4.2 when compiling queries without ordering (:ticket:`34580`). * Fixed a regression in Django 4.2 where nonexistent stylesheet was linked on a “Congratulations!” page (:ticket:`34588`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with expressions referencing other aggregates (:ticket:`34551`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing subqueries (:ticket:`34551`). * Fixed a regression in Django 4.2 that caused a crash of querysets on SQLite when filtering on ``DecimalField`` against values outside of the defined range (:ticket:`34590`). * Fixed a regression in Django 4.2 that caused a serialization crash on a ``ManyToManyField`` without a natural key when its ``Manager``’s base ``QuerySet`` used ``select_related()`` (:ticket:`34620`). ========================== ```Links
- PyPI: https://pypi.org/project/django - Changelog: https://data.safetycli.com/changelogs/django/ - Homepage: https://www.djangoproject.com/Update django-configurations from 2.4.1 to 2.5.1.
Changelog
### 2.5.1 ``` What's Changed * Fix 375 -- Add Django 5.0 classifier by pauloxnet in https://github.com/jazzband/django-configurations/pull/376 * Add support for Python 3.12 by pauloxnet in https://github.com/jazzband/django-configurations/pull/370 **Full Changelog**: https://github.com/jazzband/django-configurations/compare/2.5...2.5.1 ``` ### 2.5 ``` **Full Changelog**: https://github.com/jazzband/django-configurations/compare/2.4.2...2.5 ``` ### 2.4.2 ``` - Replace `imp` (due for removal in Python 3.12) with `importlib` by gump + jbkkd ```Links
- PyPI: https://pypi.org/project/django-configurations - Changelog: https://data.safetycli.com/changelogs/django-configurations/ - Docs: https://django-configurations.readthedocs.io/Update gunicorn from 20.1.0 to 22.0.0.
Changelog
### 21.2.0 ``` =================== - fix thread worker: revert change considering connection as idle . *** NOTE *** This is fixing the bad file description error. ``` ### 21.0.1 ``` =================== - fix documentation build ``` ### 21.0.0 ``` =================== - support python 3.11 - fix gevent and eventlet workers - fix threads support (gththread): improve performance and unblock requests - SSL: now use SSLContext object - HTTP parser: miscellaneous fixes - remove unnecessary setuid calls - fix testing - improve logging - miscellaneous fixes to core engine *** RELEASE NOTE *** We made this release major to start our new release cycle. More info will be provided on our discussion forum. ```Links
- PyPI: https://pypi.org/project/gunicorn - Changelog: https://data.safetycli.com/changelogs/gunicorn/Update newrelic from 8.8.0 to 9.11.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/newrelic - Homepage: https://docs.newrelic.com/docs/apm/agents/python-agent/Update psycopg2-binary from 2.9.6 to 2.9.9.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/psycopg2-binary - Homepage: https://psycopg.org/Update dj-database-url from 2.0.0 to 2.2.0.
Changelog
### 2.1.0 ``` * Add value to int parsing when deconstructing url string. ```Links
- PyPI: https://pypi.org/project/dj-database-url - Changelog: https://data.safetycli.com/changelogs/dj-database-url/ - Repo: https://github.com/jazzband/dj-database-urlUpdate django-model-utils from 4.3.1 to 4.5.1.
Changelog
### 4.4.0 ``` ------------------ - Add support for `Python 3.11` (GH-545) - Add support for `Python 3.12` (GH-545) - Drop support for `Python 3.7` (GH-545) - Add support for `Django 4.2` - Add support for `Django 5.0` - Remove ``SaveSignalHandlingModel``. This model used a modified copy of the internal Django method `Model.save_base()` and had not been updated for upstream bug fixes changes since its addition. - Add Swedish translation - Use proper column name instead of attname (GH-573) - Fix ValueError when calling prefetch_related for tracked ForeignKey fields ```Links
- PyPI: https://pypi.org/project/django-model-utils - Changelog: https://data.safetycli.com/changelogs/django-model-utils/ - Repo: https://github.com/jazzband/django-model-utilsUpdate djangorestframework from 3.14.0 to 3.15.2.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/djangorestframework - Changelog: https://data.safetycli.com/changelogs/djangorestframework/ - Homepage: https://www.django-rest-framework.org/Update Markdown from 3.4.3 to 3.6.
Changelog
### 3.5.2 ``` Fixed * Fix type annotations for `convertFile` - it accepts only bytes-based buffers. Also remove legacy checks from Python 2 (1400) * Remove legacy import needed only in Python 2 (1403) * Fix typo that left the attribute `AdmonitionProcessor.content_indent` unset (1404) * Fix edge-case crash in `InlineProcessor` with `AtomicString` (1406). * Fix edge-case crash in `codehilite` with an empty `code` tag (1405). * Improve and expand type annotations in the code base (1401). * Fix handling of bogus comments (1425). ``` ### 3.5.1 ``` Fixed * Fix a performance problem with HTML extraction where large HTML input could trigger quadratic line counting behavior (1392). * Improve and expand type annotations in the code base (1394). ```Links
- PyPI: https://pypi.org/project/markdown - Changelog: https://data.safetycli.com/changelogs/markdown/Update django-filter from 23.2 to 24.2.
Changelog
### 24.2 ``` ------------------------- * Fixed a regression in v23.4 where callable choices were incorrectly evaluated at filter instantiation, on Django versions prior to 5.0. Thanks to Craig de Stigter for the report and reproduce. ``` ### 24.1 ``` ------------------------- * Updated supported Python and Django versions, and resolved upcoming Django deprecations. Required versions are now at least Python 3.8 and Django 4.2. Thanks to Michael Manganiello. * Allowed passing a FilterSet class to the filterset_factory(). Thanks to Birger Schacht. * Set empty default value of filterset data to MultiValueDict. Thanks to Shlomo Gordon. * Preserve list values passed to the data dict in CSV widgets. Thanks to Bryan Brancotte. * Updates French and Ukrainian localisations. Thanks to Weblate. ``` ### 23.5 ``` ------------------------- * Fixed OrderingFilter handling of empty values. (1628) Thanks to Matt Munns. ``` ### 23.4 ``` ------------------------- * Official support for Django 5.0 and Python 3.12. * Fix DeprecationWarning for pkgutil.find_loader. Thanks to `wmorrell`. * Adopted Furo theme for docs. ``` ### 23.3 ``` ------------------------ * Adds initial compatibility with Django 5.0, prior to Django 5.0a1. * Updates packaging to use pyproject.toml and Flit. ```Links
- PyPI: https://pypi.org/project/django-filter - Changelog: https://data.safetycli.com/changelogs/django-filter/Update ipython from 8.13.2 to 8.26.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/ipython - Changelog: https://data.safetycli.com/changelogs/ipython/Update mkdocs from 1.4.3 to 1.6.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/mkdocsUpdate flake8 from 6.0.0 to 7.1.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/flake8 - Repo: https://github.com/pycqa/flake8Update mock from 5.0.2 to 5.1.0.
Changelog
### 5.1.0 ``` ----- - bpo-44185: :func:`unittest.mock.mock_open` will call the :func:`close` method of the file handle mock when it is exiting from the context manager. Patch by Samet Yaslan. - gh-94924: :func:`unittest.mock.create_autospec` now properly returns coroutine functions compatible with :func:`inspect.iscoroutinefunction` - bpo-17013: Add ``ThreadingMock`` to :mod:`unittest.mock` that can be used to create Mock objects that can wait until they are called. Patch by Karthikeyan Singaravelan and Mario Corchero. - bpo-41768: :mod:`unittest.mock` speccing no longer calls class properties. Patch by Melanie Witt. ```Links
- PyPI: https://pypi.org/project/mock - Changelog: https://data.safetycli.com/changelogs/mock/ - Docs: http://mock.readthedocs.org/en/latest/Update factory-boy from 3.2.1 to 3.3.0.
Changelog
### 3.3.0 ``` ------------------ *New:* - :issue:`366`: Add :class:`factory.django.Password` to generate Django :class:`~django.contrib.auth.models.User` passwords. - :issue:`304`: Add :attr:`~factory.alchemy.SQLAlchemyOptions.sqlalchemy_session_factory` to dynamically create sessions for use by the :class:`~factory.alchemy.SQLAlchemyModelFactory`. - Add support for Django 4.0 - Add support for Django 4.1 - Add support for Python 3.10 - Add support for Python 3.11 *Bugfix:* - Make :meth:`~factory.django.mute_signals` mute signals during post-generation. - :issue:`775`: Change the signature for :meth:`~factory.alchemy.SQLAlchemyModelFactory._save` and :meth:`~factory.alchemy.SQLAlchemyModelFactory._get_or_create` to avoid argument names clashes with a field named ``session``. *Deprecated:* - :class:`~factory.django.DjangoModelFactory` will stop issuing a second call to :meth:`~django.db.models.Model.save` on the created instance when :ref:`post-generation-hooks` return a value. To help with the transition, :class:`factory.django.DjangoModelFactory._after_postgeneration` raises a :class:`DeprecationWarning` when calling :meth:`~django.db.models.Model.save`. Inspect your :class:`~factory.django.DjangoModelFactory` subclasses: - If the :meth:`~django.db.models.Model.save` call is not needed after :class:`~factory.PostGeneration`, set :attr:`factory.django.DjangoOptions.skip_postgeneration_save` to ``True`` in the factory meta. - Otherwise, the instance has been modified by :class:`~factory.PostGeneration` hooks and needs to be :meth:`~django.db.models.Model.save`\ d. Either: - call :meth:`django.db.models.Model.save` in the :class:`~factory.PostGeneration` hook that modifies the instance, or - override :class:`~factory.django.DjangoModelFactory._after_postgeneration` to :meth:`~django.db.models.Model.save` the instance. *Removed:* - Drop support for Django 2.2 - Drop support for Django 3.0 - Drop support for Django 3.1 - Drop support for Python 3.6 ```Links
- PyPI: https://pypi.org/project/factory-boy - Changelog: https://data.safetycli.com/changelogs/factory-boy/ - Repo: https://github.com/FactoryBoy/factory_boyUpdate coverage from 7.2.5 to 7.5.4.
Changelog
### 7.5.4 ``` -------------------------- - If you attempt to combine statement coverage data with branch coverage data, coverage.py used to fail with the message "Can't combine arc data with line data" or its reverse, "Can't combine line data with arc data." These messages used internal terminology, making it hard for people to understand the problem. They are now changed to mention "branch coverage data" and "statement coverage data." - Fixed a minor branch coverage problem with wildcard match/case cases using names or guard clauses. - Started testing on 3.13 free-threading (nogil) builds of Python. I'm not claiming full support yet. Closes `issue 1799`_. .. _issue 1799: https://github.com/nedbat/coveragepy/issues/1799 .. _changes_7-5-3: ``` ### 7.5.3 ``` -------------------------- - Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix. - Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing `issue 1791`_. Thanks to Daniel Diniz for helping to diagnose the problem. .. _issue 1791: https://github.com/nedbat/coveragepy/issues/1791 .. _changes_7-5-2: ``` ### 7.5.2 ``` -------------------------- - Fix: nested matches of exclude patterns could exclude too much code, as reported in `issue 1779`_. This is now fixed. - Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported. - In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`_. - Python 3.13.0b1 is supported. - Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam DeVoe <pull 1788_>`_. Closes `issue 1787`_. .. _pull 1776: https://github.com/nedbat/coveragepy/pull/1776 .. _issue 1779: https://github.com/nedbat/coveragepy/issues/1779 .. _issue 1787: https://github.com/nedbat/coveragepy/issues/1787 .. _pull 1788: https://github.com/nedbat/coveragepy/pull/1788 .. _changes_7-5-1: ``` ### 7.5.1 ``` -------------------------- - Fix: a pragma comment on the continuation lines of a multi-line statement now excludes the statement and its body, the same as if the pragma is on the first line. This closes `issue 754`_. The fix was contributed by `Daniel Diniz <pull 1773_>`_. - Fix: very complex source files like `this one <resolvent_lookup_>`_ could cause a maximum recursion error when creating an HTML report. This is now fixed, closing `issue 1774`_. - HTML report improvements: - Support files (JavaScript and CSS) referenced by the HTML report now have hashes added to their names to ensure updated files are used instead of stale cached copies. - Missing branch coverage explanations that said "the condition was never false" now read "the condition was always true" because it's easier to understand. - Column sort order is remembered better as you move between the index pages, fixing `issue 1766`_. Thanks, `Daniel Diniz <pull 1768_>`_. .. _resolvent_lookup: https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py .. _issue 754: https://github.com/nedbat/coveragepy/issues/754 .. _issue 1766: https://github.com/nedbat/coveragepy/issues/1766 .. _pull 1768: https://github.com/nedbat/coveragepy/pull/1768 .. _pull 1773: https://github.com/nedbat/coveragepy/pull/1773 .. _issue 1774: https://github.com/nedbat/coveragepy/issues/1774 .. _changes_7-5-0: ``` ### 7.5.0 ``` -------------------------- - Added initial support for