agconti / cookiecutter-django-rest

Build best practiced apis fast with Python3
http://agconti.github.io/cookiecutter-django-rest/
MIT License
1.55k stars 189 forks source link

Scheduled daily dependency update on Monday #2349

Closed pyup-bot closed 3 months ago

pyup-bot commented 3 months ago

Update pytz from 2023.3 to 2024.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/pytz - Homepage: http://pythonhosted.org/pytz - Docs: https://pythonhosted.org/pytz/

Update Django from 4.2.1 to 5.0.7.

Changelog ### 5.0.7 ``` ========================== *July 9, 2024* Django 5.0.7 fixes two security issues with severity "moderate", two security issues with severity "low", and one bug in 5.0.6. CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` =========================================================================================== :tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential denial-of-service attack via certain inputs with a very large number of brackets. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords ================================================================================================ The :meth:`~django.contrib.auth.backends.ModelBackend.authenticate()` method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. CVE-2024-39330: Potential directory-traversal via ``Storage.save()`` ==================================================================== Derived classes of the :class:`~django.core.files.storage.Storage` base class which override :meth:`generate_filename() <django.core.files.storage.Storage.generate_filename()>` without replicating the file path validations existing in the parent class, allowed for potential directory-traversal via certain inputs when calling :meth:`save() <django.core.files.storage.Storage.save()>`. Built-in ``Storage`` sub-classes were not affected by this vulnerability. CVE-2024-39614: Potential denial-of-service vulnerability in ``get_supported_language_variant()`` ================================================================================================= :meth:`~django.utils.translation.get_supported_language_variant` was subject to a potential denial-of-service attack when used with very long strings containing specific characters. To mitigate this vulnerability, the language code provided to :meth:`~django.utils.translation.get_supported_language_variant` is now parsed up to a maximum length of 500 characters. When the language code is over 500 characters, a :exc:`ValueError` will now be raised if ``strict`` is ``True``, or if there is no generic variant and ``strict`` is ``False``. Bugfixes ======== * Fixed a bug in Django 5.0 that caused a crash of ``Model.full_clean()`` on unsaved model instances with a ``GeneratedField`` and certain defined :attr:`Meta.constraints <django.db.models.Options.constraints>` (:ticket:`35560`). ========================== ``` ### 5.0.6 ``` ========================== *May 7, 2024* Django 5.0.6 fixes a packaging error in 5.0.5. ========================== ``` ### 5.0.5 ``` ========================== *May 6, 2024* Django 5.0.5 fixes several bugs in 5.0.4. Bugfixes ======== * Fixed a bug in Django 5.0 that caused a crash of ``Model.save()`` when creating an instance of a model with a ``GeneratedField`` and providing a primary key (:ticket:`35350`). * Fixed a compatibility issue encountered in Python 3.11.9+ and 3.12.3+ when validating email max line lengths with content decoded using the ``surrogateescape`` error handling scheme (:ticket:`35361`). * Fixed a bug in Django 5.0 that caused a crash when applying migrations including alterations to ``GeneratedField`` such as setting ``db_index=True`` on SQLite (:ticket:`35373`). * Allowed importing ``aprefetch_related_objects`` from ``django.db.models`` (:ticket:`35392`). * Fixed a bug in Django 5.0 that caused a migration crash when a ``GeneratedField`` was added before any of the referenced fields from its ``expression`` definition (:ticket:`35359`). * Fixed a bug in Django 5.0 that caused a migration crash when altering a ``GeneratedField`` referencing a renamed field (:ticket:`35422`). * Fixed a bug in Django 5.0 where the ``querysets`` argument of ``GenericPrefetch`` was not required (:ticket:`35426`). ========================== ``` ### 5.0.4 ``` ========================== *April 3, 2024* Django 5.0.4 fixes several bugs in 5.0.3. Bugfixes ======== * Fixed a bug in Django 5.0 that caused a crash of ``Model.full_clean()`` on fields with expressions in ``db_default``. As a consequence, ``Model.full_clean()`` no longer validates for empty values in fields with ``db_default`` (:ticket:`35223`). * Fixed a regression in Django 5.0 where the ``AdminFileWidget`` could be rendered with two ``id`` attributes on the "Clear" checkbox (:ticket:`35273`). * Fixed a bug in Django 5.0 that caused a migration crash on PostgreSQL 15+ when adding a partial ``UniqueConstraint`` with ``nulls_distinct`` (:ticket:`35329`). * Fixed a crash in Django 5.0 when performing queries involving table aliases and lookups on a ``GeneratedField`` of the aliased table (:ticket:`35344`). * Fixed a bug in Django 5.0 that caused a migration crash when adding a ``GeneratedField`` relying on the ``__contains`` or ``__icontains`` lookups or using a ``Value`` containing a ``"%"`` (:ticket:`35336`). ========================== ``` ### 5.0.3 ``` ========================== *March 4, 2024* Django 5.0.3 fixes a security issue with severity "moderate" and several bugs in 5.0.2. CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` ========================================================================================================= ``django.utils.text.Truncator.words()`` method (with ``html=True``) and :tfilter:`truncatewords_html` template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to :cve:`2019-14232` and :cve:`2023-43665`). Bugfixes ======== * Fixed a regression in Django 5.0.2 where ``intcomma`` template filter could return a leading comma for string representation of floats (:ticket:`35172`). * Fixed a bug in Django 5.0 that caused a crash of ``Signal.asend()`` and ``asend_robust()`` when all receivers were asynchronous functions (:ticket:`35174`). * Fixed a regression in Django 5.0.1 where :meth:`.ModelAdmin.lookup_allowed` would prevent filtering against foreign keys using lookups like ``__isnull`` when the field was not included in :attr:`.ModelAdmin.list_filter` (:ticket:`35173`). * Fixed a regression in Django 5.0 that caused a crash of ``sensitive_variables`` and ``sensitive_post_parameters`` decorators on functions loaded from ``.pyc`` files (:ticket:`35187`). * Fixed a regression in Django 5.0 that caused a crash when reloading a test database and a base queryset for a base manager used ``prefetch_related()`` (:ticket:`35238`). * Fixed a bug in Django 5.0 where facet filters in the admin would crash on a ``SimpleListFilter`` using a queryset without primary keys (:ticket:`35198`). ========================== ``` ### 5.0.2 ``` ========================== *February 6, 2024* Django 5.0.2 fixes a security issue with severity "moderate" and several bugs in 5.0.1. Also, the latest string translations from Transifex are incorporated. CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter =========================================================================== The ``intcomma`` template filter was subject to a potential denial-of-service attack when used with very long strings. Bugfixes ======== * Reallowed, following a regression in Django 5.0.1, filtering against local foreign keys not included in :attr:`.ModelAdmin.list_filter` (:ticket:`35087`). * Fixed a regression in Django 5.0 where links in the admin had an incorrect color (:ticket:`35121`). * Fixed a bug in Django 5.0 that caused a crash of ``Model.full_clean()`` on models with a ``GeneratedField`` (:ticket:`35127`). * Fixed a regression in Django 5.0 that caused a crash of ``FilteredRelation()`` with querysets as right-hand sides (:ticket:`35135`). ``FilteredRelation()`` now raises a ``ValueError`` on querysets as right-hand sides. * Fixed a regression in Django 5.0 that caused a crash of the ``dumpdata`` management command when a base queryset used ``prefetch_related()`` (:ticket:`35159`). * Fixed a regression in Django 5.0 that caused the ``request_finished`` signal to sometimes not be fired when running Django through an ASGI server, resulting in potential resource leaks (:ticket:`35059`). * Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a ``BinaryField``, ``TextField``, ``JSONField``, or ``GeometryField`` with a ``db_default`` (:ticket:`35162`). * Fixed a bug in Django 5.0 that caused a migration crash on models with a literal ``db_default`` of a complex type such as ``dict`` instance of a ``JSONField``. Running ``makemigrations`` might generate no-op ``AlterField`` operations for fields using ``db_default`` (:ticket:`35149`). ========================== ``` ### 5.0.1 ``` ========================== *January 2, 2024* Django 5.0.1 fixes several bugs in 5.0. Bugfixes ======== * Reallowed, following a regression in Django 5.0, using a foreign key to a model with a primary key that is not ``AutoField`` in :attr:`.ModelAdmin.list_filter` (:ticket:`35020`). * Fixed a long standing bug in handling the ``RETURNING INTO`` clause that caused a crash when creating a model instance with a ``GeneratedField`` which ``output_field`` had backend-specific converters (:ticket:`35024`). * Fixed a regression in Django 5.0 that caused a crash of ``Model.save()`` for models with both ``GeneratedField`` and ``ForeignKey`` fields (:ticket:`35019`). * Fixed a bug in Django 5.0 that caused a migration crash on Oracle < 23c when adding a ``GeneratedField`` with ``output_field=BooleanField`` (:ticket:`35018`). * Fixed a regression in Django 5.0 where admin fields on the same line could overflow the page and become non-interactive (:ticket:`35012`). * Added compatibility for ``oracledb`` 2.0.0 (:ticket:`35054`). * Fixed a regression in Django 5.0 where querysets referenced incorrect field names from ``FilteredRelation()`` (:ticket:`35050`). * Fixed a regression in Django 5.0 that caused a system check crash when ``ModelAdmin.filter_horizontal`` or ``filter_vertical`` contained a reverse many-to-many relation with ``related_name`` (:ticket:`35056`). ======================== ``` ### 5.0 ``` ======================== *December 4, 2023* Welcome to Django 5.0! These release notes cover the :ref:`new features <whats-new-5.0>`, as well as some :ref:`backwards incompatible changes <backwards-incompatible-5.0>` you'll want to be aware of when upgrading from Django 4.2 or earlier. We've :ref:`begun the deprecation process for some features <deprecated-features-5.0>`. See the :doc:`/howto/upgrade-version` guide if you're updating an existing project. Python compatibility ==================== Django 5.0 supports Python 3.10, 3.11, and 3.12. We **highly recommend** and only officially support the latest release of each series. The Django 4.2.x series is the last to support Python 3.8 and 3.9. Third-party library support for older version of Django ======================================================= Following the release of Django 5.0, we suggest that third-party app authors drop support for all versions of Django prior to 4.2. At that time, you should be able to run your package's tests using ``python -Wd`` so that deprecation warnings appear. After making the deprecation warning fixes, your app should be compatible with Django 5.0. .. _whats-new-5.0: What's new in Django 5.0 ======================== Facet filters in the admin -------------------------- Facet counts are now shown for applied filters in the admin changelist when toggled on via the UI. This behavior can be changed via the new :attr:`.ModelAdmin.show_facets` attribute. For more information see :ref:`facet-filters`. Simplified templates for form field rendering --------------------------------------------- Django 5.0 introduces the concept of a field group, and field group templates. This simplifies rendering of the related elements of a Django form field such as its label, widget, help text, and errors. For example, the template below: .. code-block:: html+django <form> ... <div> {{ form.name.label_tag }} {% if form.name.help_text %} <div class="helptext" id="{{ form.name.auto_id }}_helptext"> {{ form.name.help_text|safe }} </div> {% endif %} {{ form.name.errors }} {{ form.name }} <div class="row"> <div class="col"> {{ form.email.label_tag }} {% if form.email.help_text %} <div class="helptext" id="{{ form.email.auto_id }}_helptext"> {{ form.email.help_text|safe }} </div> {% endif %} {{ form.email.errors }} {{ form.email }} </div> <div class="col"> {{ form.password.label_tag }} {% if form.password.help_text %} <div class="helptext" id="{{ form.password.auto_id }}_helptext"> {{ form.password.help_text|safe }} </div> {% endif %} {{ form.password.errors }} {{ form.password }} </div> </div> </div> ... </form> Can now be simplified to: .. code-block:: html+django <form> ... <div> {{ form.name.as_field_group }} <div class="row"> <div class="col">{{ form.email.as_field_group }}</div> <div class="col">{{ form.password.as_field_group }}</div> </div> </div> ... </form> :meth:`~django.forms.BoundField.as_field_group` renders fields with the ``"django/forms/field.html"`` template by default and can be customized on a per-project, per-field, or per-request basis. See :ref:`reusable-field-group-templates`. Database-computed default values -------------------------------- The new :attr:`Field.db_default <django.db.models.Field.db_default>` parameter sets a database-computed default value. For example:: from django.db import models from django.db.models.functions import Now, Pi class MyModel(models.Model): age = models.IntegerField(db_default=18) created = models.DateTimeField(db_default=Now()) circumference = models.FloatField(db_default=2 * Pi()) Database generated model field ------------------------------ The new :class:`~django.db.models.GeneratedField` allows creation of database generated columns. This field can be used on all supported database backends to create a field that is always computed from other fields. For example:: from django.db import models from django.db.models import F class Square(models.Model): side = models.IntegerField() area = models.GeneratedField( expression=F("side") * F("side"), output_field=models.BigIntegerField(), db_persist=True, ) More options for declaring field choices ---------------------------------------- :attr:`.Field.choices` *(for model fields)* and :attr:`.ChoiceField.choices` *(for form fields)* allow for more flexibility when declaring their values. In previous versions of Django, ``choices`` should either be a list of 2-tuples, or an :ref:`field-choices-enum-types` subclass, but the latter required accessing the ``.choices`` attribute to provide the values in the expected form:: from django.db import models Medal = models.TextChoices("Medal", "GOLD SILVER BRONZE") SPORT_CHOICES = [ ("Martial Arts", [("judo", "Judo"), ("karate", "Karate")]), ("Racket", [("badminton", "Badminton"), ("tennis", "Tennis")]), ("unknown", "Unknown"), ] class Winner(models.Model): name = models.CharField(...) medal = models.CharField(..., choices=Medal.choices) sport = models.CharField(..., choices=SPORT_CHOICES) Django 5.0 adds support for accepting a mapping or a callable instead of an iterable, and also no longer requires ``.choices`` to be used directly to expand :ref:`enumeration types <field-choices-enum-types>`:: from django.db import models Medal = models.TextChoices("Medal", "GOLD SILVER BRONZE") SPORT_CHOICES = { Using a mapping instead of a list of 2-tuples. "Martial Arts": {"judo": "Judo", "karate": "Karate"}, "Racket": {"badminton": "Badminton", "tennis": "Tennis"}, "unknown": "Unknown", } def get_scores(): return [(i, str(i)) for i in range(10)] class Winner(models.Model): name = models.CharField(...) medal = models.CharField(..., choices=Medal) Using `.choices` not required. sport = models.CharField(..., choices=SPORT_CHOICES) score = models.IntegerField(choices=get_scores) A callable is allowed. Under the hood the provided ``choices`` are normalized into a list of 2-tuples as the canonical form whenever the ``choices`` value is updated. For more information, please check the :ref:`model field reference on choices <field-choices>`. Minor features -------------- :mod:`django.contrib.admin` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :meth:`.AdminSite.get_log_entries` method allows customizing the queryset for the site's listed log entries. * The ``django.contrib.admin.AllValuesFieldListFilter``, ``ChoicesFieldListFilter``, ``RelatedFieldListFilter``, and ``RelatedOnlyFieldListFilter`` admin filters now handle multi-valued query parameters. * ``XRegExp`` is upgraded from version 3.2.0 to 5.1.1. * The new :meth:`.AdminSite.get_model_admin` method returns an admin class for the given model class. * Properties in :attr:`.ModelAdmin.list_display` now support ``boolean`` attribute. * jQuery is upgraded from version 3.6.4 to 3.7.1. :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ * The default iteration count for the PBKDF2 password hasher is increased from 600,000 to 720,000. * The new asynchronous functions are now provided, using an ``a`` prefix: :func:`django.contrib.auth.aauthenticate`, :func:`~.django.contrib.auth.aget_user`, :func:`~.django.contrib.auth.alogin`, :func:`~.django.contrib.auth.alogout`, and :func:`~.django.contrib.auth.aupdate_session_auth_hash`. * ``AuthenticationMiddleware`` now adds an :meth:`.HttpRequest.auser` asynchronous method that returns the currently logged-in user. * The new :func:`django.contrib.auth.hashers.acheck_password` asynchronous function and :meth:`.AbstractBaseUser.acheck_password` method allow asynchronous checking of user passwords. :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * :meth:`.QuerySet.prefetch_related` now supports prefetching :class:`~django.contrib.contenttypes.fields.GenericForeignKey` with non-homogeneous set of results. :mod:`django.contrib.gis` ~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :class:`ClosestPoint() <django.contrib.gis.db.models.functions.ClosestPoint>` function returns a 2-dimensional point on the geometry that is closest to another geometry. * :ref:`GIS aggregates <gis-aggregation-functions>` now support the ``filter`` argument. * Support for GDAL 3.7 and GEOS 3.12 is added. * The new :meth:`.GEOSGeometry.equals_identical` method allows point-wise equivalence checking of geometries. :mod:`django.contrib.messages` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :meth:`.MessagesTestMixin.assertMessages` assertion method allows testing :mod:`~django.contrib.messages` added to a :class:`response <django.http.HttpResponse>`. :mod:`django.contrib.postgres` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :attr:`~.ExclusionConstraint.violation_error_code` attribute of :class:`~django.contrib.postgres.constraints.ExclusionConstraint` allows customizing the ``code`` of ``ValidationError`` raised during :ref:`model validation <validating-objects>`. Asynchronous views ~~~~~~~~~~~~~~~~~~ * Under ASGI, ``http.disconnect`` events are now handled. This allows views to perform any necessary cleanup if a client disconnects before the response is generated. See :ref:`async-handling-disconnect` for more details. Decorators ~~~~~~~~~~ * The following decorators now support wrapping asynchronous view functions: * :func:`~django.views.decorators.cache.cache_control` * :func:`~django.views.decorators.cache.never_cache` * :func:`~django.views.decorators.common.no_append_slash` * :func:`~django.views.decorators.csrf.csrf_exempt` * :func:`~django.views.decorators.csrf.csrf_protect` * :func:`~django.views.decorators.csrf.ensure_csrf_cookie` * :func:`~django.views.decorators.csrf.requires_csrf_token` * :func:`~django.views.decorators.debug.sensitive_variables` * :func:`~django.views.decorators.debug.sensitive_post_parameters` * :func:`~django.views.decorators.gzip.gzip_page` * :func:`~django.views.decorators.http.condition` * ``conditional_page()`` * :func:`~django.views.decorators.http.etag` * :func:`~django.views.decorators.http.last_modified` * :func:`~django.views.decorators.http.require_http_methods` * :func:`~django.views.decorators.http.require_GET` * :func:`~django.views.decorators.http.require_POST` * :func:`~django.views.decorators.http.require_safe` * :func:`~django.views.decorators.vary.vary_on_cookie` * :func:`~django.views.decorators.vary.vary_on_headers` * ``xframe_options_deny()`` * ``xframe_options_sameorigin()`` * ``xframe_options_exempt()`` Error Reporting ~~~~~~~~~~~~~~~ * :func:`~django.views.decorators.debug.sensitive_variables` and :func:`~django.views.decorators.debug.sensitive_post_parameters` can now be used with asynchronous functions. File Storage ~~~~~~~~~~~~ * :meth:`.File.open` now passes all positional (``*args``) and keyword arguments (``**kwargs``) to Python's built-in :func:`python:open`. Forms ~~~~~ * The new :attr:`~django.forms.URLField.assume_scheme` argument for :class:`~django.forms.URLField` allows specifying a default URL scheme. * In order to improve accessibility, the following changes are made: * Form fields now include the ``aria-describedby`` HTML attribute to enable screen readers to associate form fields with their help text. * Invalid form fields now include the ``aria-invalid="true"`` HTML attribute. Internationalization ~~~~~~~~~~~~~~~~~~~~ * Support and translations for the Uyghur language are now available. Migrations ~~~~~~~~~~ * Serialization of functions decorated with :func:`functools.cache` or :func:`functools.lru_cache` is now supported without the need to write a custom serializer. Models ~~~~~~ * The new ``create_defaults`` argument of :meth:`.QuerySet.update_or_create` and :meth:`.QuerySet.aupdate_or_create` methods allows specifying a different field values for the create operation. * The new ``violation_error_code`` attribute of :class:`~django.db.models.BaseConstraint`, :class:`~django.db.models.CheckConstraint`, and :class:`~django.db.models.UniqueConstraint` allows customizing the ``code`` of ``ValidationError`` raised during :ref:`model validation <validating-objects>`. * The :ref:`force_insert <ref-models-force-insert>` argument of :meth:`.Model.save` now allows specifying a tuple of parent classes that must be forced to be inserted. * :meth:`.QuerySet.bulk_create` and :meth:`.QuerySet.abulk_create` methods now set the primary key on each model instance when the ``update_conflicts`` parameter is enabled (if the database supports it). * The new :attr:`.UniqueConstraint.nulls_distinct` attribute allows customizing the treatment of ``NULL`` values on PostgreSQL 15+. * The new :func:`~django.shortcuts.aget_object_or_404` and :func:`~django.shortcuts.aget_list_or_404` asynchronous shortcuts allow asynchronous getting objects. * The new :func:`~django.db.models.aprefetch_related_objects` function allows asynchronous prefetching of model instances. * :meth:`.QuerySet.aiterator` now supports previous calls to ``prefetch_related()``. * On MariaDB 10.7+, ``UUIDField`` is now created as ``UUID`` column rather than ``CHAR(32)`` column. See the migration guide above for more details on :ref:`migrating-uuidfield`. * Django now supports `oracledb`_ version 1.3.2 or higher. Support for ``cx_Oracle`` is deprecated as of this release and will be removed in Django 6.0. Pagination ~~~~~~~~~~ * The new :attr:`django.core.paginator.Paginator.error_messages` argument allows customizing the error messages raised by :meth:`.Paginator.page`. Signals ~~~~~~~ * The new :meth:`.Signal.asend` and :meth:`.Signal.asend_robust` methods allow asynchronous signal dispatch. Signal receivers may be synchronous or asynchronous, and will be automatically adapted to the correct calling style. Templates ~~~~~~~~~ * The new :tfilter:`escapeseq` template filter applies :tfilter:`escape` to each element of a sequence. Tests ~~~~~ * :class:`~django.test.Client` and :class:`~django.test.AsyncClient` now provide asynchronous methods, using an ``a`` prefix: :meth:`~django.test.Client.asession`, :meth:`~django.test.Client.alogin`, :meth:`~django.test.Client.aforce_login`, and :meth:`~django.test.Client.alogout`. * :class:`~django.test.AsyncClient` now supports the ``follow`` parameter. * :class:`~django.test.runner.DiscoverRunner` now allows showing the duration of the slowest tests using the :option:`test --durations` option (available on Python 3.12+). Validators ~~~~~~~~~~ * The new ``offset`` argument of :class:`~django.core.validators.StepValueValidator` allows specifying an offset for valid values. .. _backwards-incompatible-5.0: Backwards incompatible changes in 5.0 ===================================== Database backend API -------------------- This section describes changes that may be needed in third-party database backends. * ``DatabaseFeatures.supports_expression_defaults`` should be set to ``False`` if the database doesn't support using database functions as defaults. * ``DatabaseFeatures.supports_default_keyword_in_insert`` should be set to ``False`` if the database doesn't support the ``DEFAULT`` keyword in ``INSERT`` queries. * ``DatabaseFeatures.supports_default_keyword_in_bulk_insert`` should be set to ``False`` if the database doesn't support the ``DEFAULT`` keyword in bulk ``INSERT`` queries. :mod:`django.contrib.gis` ------------------------- * Support for GDAL 2.2 and 2.3 is removed. * Support for GEOS 3.6 and 3.7 is removed. :mod:`django.contrib.sitemaps` ------------------------------ * The ``django.contrib.sitemaps.ping_google()`` function and the ``ping_google`` management command are removed as the Google Sitemaps ping endpoint is deprecated and will be removed in January 2024. * The ``django.contrib.sitemaps.SitemapNotFound`` exception class is removed. Dropped support for MySQL < 8.0.11 ---------------------------------- Support for pre-releases of MySQL 8.0.x series is removed. Django 5.0 supports MySQL 8.0.11 and higher. Using ``create_defaults__exact`` may now be required with ``QuerySet.update_or_create()`` ----------------------------------------------------------------------------------------- :meth:`.QuerySet.update_or_create` now supports the parameter ``create_defaults``. As a consequence, any models that have a field named ``create_defaults`` that are used with an ``update_or_create()`` should specify the field in the lookup with ``create_defaults__exact``. .. _migrating-uuidfield: Migrating existing ``UUIDField`` on MariaDB 10.7+ ------------------------------------------------- On MariaDB 10.7+, ``UUIDField`` is now created as ``UUID`` column rather than ``CHAR(32)`` column. As a consequence, any ``UUIDField`` created in Django < 5.0 should be replaced with a ``UUIDField`` subclass backed by ``CHAR(32)``:: class Char32UUIDField(models.UUIDField): def db_type(self, connection): return "char(32)" def get_db_prep_value(self, value, connection, prepared=False): value = super().get_db_prep_value(value, connection, prepared) if value is not None: value = value.hex return value For example:: class MyModel(models.Model): uuid = models.UUIDField(primary_key=True, default=uuid.uuid4) Should become:: class Char32UUIDField(models.UUIDField): ... class MyModel(models.Model): uuid = Char32UUIDField(primary_key=True, default=uuid.uuid4) Running the :djadmin:`makemigrations` command will generate a migration containing a no-op ``AlterField`` operation. Miscellaneous ------------- * The ``instance`` argument of the undocumented ``BaseModelFormSet.save_existing()`` method is renamed to ``obj``. * The undocumented ``django.contrib.admin.helpers.checkbox`` is removed. * Integer fields are now validated as 64-bit integers on SQLite to match the behavior of ``sqlite3``. * The undocumented ``Query.annotation_select_mask`` attribute is changed from a set of strings to an ordered list of strings. * ``ImageField.update_dimension_fields()`` is no longer called on the ``post_init`` signal if ``width_field`` and ``height_field`` are not set. * :class:`~django.db.models.functions.Now` database function now uses ``LOCALTIMESTAMP`` instead of ``CURRENT_TIMESTAMP`` on Oracle. * :attr:`.AdminSite.site_header` is now rendered in a ``<div>`` tag instead of ``<h1>``. Screen reader users rely on heading elements for navigation within a page. Having two ``<h1>`` elements was confusing and the site header wasn't helpful as it is repeated on all pages. * In order to improve accessibility, the admin's main content area and header content area are now rendered in a ``<main>`` and ``<header>`` tag instead of ``<div>``. * On databases without native support for the SQL ``XOR`` operator, ``^`` as the exclusive or (``XOR``) operator now returns rows that are matched by an odd number of operands rather than exactly one operand. This is consistent with the behavior of MySQL, MariaDB, and Python. * The minimum supported version of ``asgiref`` is increased from 3.6.0 to 3.7.0. * The minimum supported version of ``selenium`` is increased from 3.8.0 to 4.8.0. * The ``AlreadyRegistered`` and ``NotRegistered`` exceptions are moved from ``django.contrib.admin.sites`` to ``django.contrib.admin.exceptions``. * The minimum supported version of SQLite is increased from 3.21.0 to 3.27.0. * Support for ``cx_Oracle`` < 8.3 is removed. * Executing SQL queries before the app registry has been fully populated now raises :exc:`RuntimeWarning`. * :exc:`~django.core.exceptions.BadRequest` is raised for non-UTF-8 encoded requests with the :mimetype:`application/x-www-form-urlencoded` content type. See :rfc:`1866` for more details. * The minimum supported version of ``colorama`` is increased to 0.4.6. * The minimum supported version of ``docutils`` is increased to 0.19. * Filtering querysets against overflowing integer values now always returns an empty queryset. As a consequence, you may need to use ``ExpressionWrapper()`` to :ref:`explicitly wrap <using-f-with-annotations>` arithmetic against integer fields in such cases. .. _deprecated-features-5.0: Features deprecated in 5.0 ========================== Miscellaneous ------------- * The ``DjangoDivFormRenderer`` and ``Jinja2DivFormRenderer`` transitional form renderers are deprecated. * Passing positional arguments ``name`` and ``violation_error_message`` to :class:`~django.db.models.BaseConstraint` is deprecated in favor of keyword-only arguments. * ``request`` is added to the signature of :meth:`.ModelAdmin.lookup_allowed`. Support for ``ModelAdmin`` subclasses that do not accept this argument is deprecated. * The ``get_joining_columns()`` method of ``ForeignObject`` and ``ForeignObjectRel`` is deprecated. Starting with Django 6.0, ``django.db.models.sql.datastructures.Join`` will no longer fallback to ``get_joining_columns()``. Subclasses should implement ``get_joining_fields()`` instead. * The ``ForeignObject.get_reverse_joining_columns()`` method is deprecated. * The default scheme for ``forms.URLField`` will change from ``"http"`` to ``"https"`` in Django 6.0. Set :setting:`FORMS_URLFIELD_ASSUME_HTTPS` transitional setting to ``True`` to opt into assuming ``"https"`` during the Django 5.x release cycle. * ``FORMS_URLFIELD_ASSUME_HTTPS`` transitional setting is deprecated. * Support for calling ``format_html()`` without passing args or kwargs will be removed. * Support for ``cx_Oracle`` is deprecated in favor of `oracledb`_ 1.3.2+ Python driver. * ``DatabaseOperations.field_cast_sql()`` is deprecated in favor of ``DatabaseOperations.lookup_cast()``. Starting with Django 6.0, ``BuiltinLookup.process_lhs()`` will no longer call ``field_cast_sql()``. Third-party database backends should implement ``lookup_cast()`` instead. * The ``django.db.models.enums.ChoicesMeta`` metaclass is renamed to ``ChoicesType``. * The ``Prefetch.get_current_queryset()`` method is deprecated. * The ``get_prefetch_queryset()`` method of related managers and descriptors is deprecated. Starting with Django 6.0, ``get_prefetcher()`` and ``prefetch_related_objects()`` will no longer fallback to ``get_prefetch_queryset()``. Subclasses should implement ``get_prefetch_querysets()`` instead. .. _`oracledb`: https://oracle.github.io/python-oracledb/ Features removed in 5.0 ======================= These features have reached the end of their deprecation cycle and are removed in Django 5.0. See :ref:`deprecated-features-4.0` for details on these changes, including how to remove usage of these features. * The ``SERIALIZE`` test setting is removed. * The undocumented ``django.utils.baseconv`` module is removed. * The undocumented ``django.utils.datetime_safe`` module is removed. * The default value of the ``USE_TZ`` setting is changed from ``False`` to ``True``. * The default sitemap protocol for sitemaps built outside the context of a request is changed from ``'http'`` to ``'https'``. * The ``extra_tests`` argument for ``DiscoverRunner.build_suite()`` and ``DiscoverRunner.run_tests()`` is removed. * The ``django.contrib.postgres.aggregates.ArrayAgg``, ``JSONBAgg``, and ``StringAgg`` aggregates no longer return ``[]``, ``[]``, and ``''``, respectively, when there are no rows. * The ``USE_L10N`` setting is removed. * The ``USE_DEPRECATED_PYTZ`` transitional setting is removed. * Support for ``pytz`` timezones is removed. * The ``is_dst`` argument is removed from: * ``QuerySet.datetimes()`` * ``django.utils.timezone.make_aware()`` * ``django.db.models.functions.Trunc()`` * ``django.db.models.functions.TruncSecond()`` * ``django.db.models.functions.TruncMinute()`` * ``django.db.models.functions.TruncHour()`` * ``django.db.models.functions.TruncDay()`` * ``django.db.models.functions.TruncWeek()`` * ``django.db.models.functions.TruncMonth()`` * ``django.db.models.functions.TruncQuarter()`` * ``django.db.models.functions.TruncYear()`` * The ``django.contrib.gis.admin.GeoModelAdmin`` and ``OSMGeoAdmin`` classes are removed. * The undocumented ``BaseForm._html_output()`` method is removed. * The ability to return a ``str``, rather than a ``SafeString``, when rendering an ``ErrorDict`` and ``ErrorList`` is removed. See :ref:`deprecated-features-4.1` for details on these changes, including how to remove usage of these features. * The ``SitemapIndexItem.__str__()`` method is removed. * The ``CSRF_COOKIE_MASKED`` transitional setting is removed. * The ``name`` argument of ``django.utils.functional.cached_property()`` is removed. * The ``opclasses`` argument of ``django.contrib.postgres.constraints.ExclusionConstraint`` is removed. * The undocumented ability to pass ``errors=None`` to ``SimpleTestCase.assertFormError()`` and ``assertFormsetError()`` is removed. * ``django.contrib.sessions.serializers.PickleSerializer`` is removed. * The usage of ``QuerySet.iterator()`` on a queryset that prefetches related objects without providing the ``chunk_size`` argument is no longer allowed. * Passing unsaved model instances to related filters is no longer allowed. * ``created=True`` is required in the signature of ``RemoteUserBackend.configure_user()`` subclasses. * Support for logging out via ``GET`` requests in the ``django.contrib.auth.views.LogoutView`` and ``django.contrib.auth.views.logout_then_login()`` is removed. * The ``django.utils.timezone.utc`` alias to ``datetime.timezone.utc`` is removed. * Passing a response object and a form/formset name to ``SimpleTestCase.assertFormError()`` and ``assertFormSetError()`` is no longer allowed. * The ``django.contrib.gis.admin.OpenLayersWidget`` is removed. + The ``django.contrib.auth.hashers.CryptPasswordHasher`` is removed. * The ``"django/forms/default.html"`` and ``"django/forms/formsets/default.html"`` templates are removed. * The default form and formset rendering style is changed to the div-based. * Passing ``nulls_first=False`` or ``nulls_last=False`` to ``Expression.asc()`` and ``Expression.desc()`` methods, and the ``OrderBy`` expression is no longer allowed. =========================== ``` ### 4.2.14 ``` =========================== *July 9, 2024* Django 4.2.14 fixes two security issues with severity "moderate" and two security issues with severity "low" in 4.2.13. CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` =========================================================================================== :tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential denial-of-service attack via certain inputs with a very large number of brackets. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords ================================================================================================ The :meth:`~django.contrib.auth.backends.ModelBackend.authenticate()` method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. CVE-2024-39330: Potential directory-traversal via ``Storage.save()`` ==================================================================== Derived classes of the :class:`~django.core.files.storage.Storage` base class which override :meth:`generate_filename() <django.core.files.storage.Storage.generate_filename()>` without replicating the file path validations existing in the parent class, allowed for potential directory-traversal via certain inputs when calling :meth:`save() <django.core.files.storage.Storage.save()>`. Built-in ``Storage`` sub-classes were not affected by this vulnerability. CVE-2024-39614: Potential denial-of-service vulnerability in ``get_supported_language_variant()`` ================================================================================================= :meth:`~django.utils.translation.get_supported_language_variant` was subject to a potential denial-of-service attack when used with very long strings containing specific characters. To mitigate this vulnerability, the language code provided to :meth:`~django.utils.translation.get_supported_language_variant` is now parsed up to a maximum length of 500 characters. When the language code is over 500 characters, a :exc:`ValueError` will now be raised if ``strict`` is ``True``, or if there is no generic variant and ``strict`` is ``False``. =========================== ``` ### 4.2.13 ``` =========================== *May 7, 2024* Django 4.2.13 fixes a packaging error in 4.2.12. =========================== ``` ### 4.2.12 ``` =========================== *May 6, 2024* Django 4.2.12 fixes a compatibility issue with Python 3.11.9+ and 3.12.3+. Bugfixes ======== * Fixed a crash in Django 4.2 when validating email max line lengths with content decoded using the ``surrogateescape`` error handling scheme (:ticket:`35361`). =========================== ``` ### 4.2.11 ``` =========================== *March 4, 2024* Django 4.2.11 fixes a security issue with severity "moderate" and a regression in 4.2.10. CVE-2024-27351: Potential regular expression denial-of-service in ``django.utils.text.Truncator.words()`` ========================================================================================================= ``django.utils.text.Truncator.words()`` method (with ``html=True``) and :tfilter:`truncatewords_html` template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to :cve:`2019-14232` and :cve:`2023-43665`). Bugfixes ======== * Fixed a regression in Django 4.2.10 where ``intcomma`` template filter could return a leading comma for string representation of floats (:ticket:`35172`). =========================== ``` ### 4.2.10 ``` =========================== *February 6, 2024* Django 4.2.10 fixes a security issue with severity "moderate" in 4.2.9. CVE-2024-24680: Potential denial-of-service in ``intcomma`` template filter =========================================================================== The ``intcomma`` template filter was subject to a potential denial-of-service attack when used with very long strings. ========================== ``` ### 4.2.9 ``` ========================== *January 2, 2024* Django 4.2.9 fixes a bug in 4.2.8. Bugfixes ======== * Fixed a regression in Django 4.2.8 where admin fields on the same line could overflow the page and become non-interactive (:ticket:`35012`). ========================== ``` ### 4.2.8 ``` ========================== *December 4, 2023* Django 4.2.8 fixes several bugs in 4.2.7 and adds compatibility with Python 3.12. Bugfixes ======== * Fixed a regression in Django 4.2 that caused :option:`makemigrations --check` to stop displaying pending migrations (:ticket:`34457`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing other aggregates or window functions through conditional expressions (:ticket:`34975`). * Fixed a regression in Django 4.2 that caused a crash when annotating a ``QuerySet`` with a ``Window`` expressions composed of a ``partition_by`` clause mixing field types and aggregation expressions (:ticket:`34987`). * Fixed a regression in Django 4.2 where the admin's change list page had misaligned pagination links and inputs when using ``list_editable`` (:ticket:`34991`). * Fixed a regression in Django 4.2 where checkboxes in the admin would be centered on narrower screen widths (:ticket:`34994`). * Fixed a regression in Django 4.2 that caused a crash of querysets with aggregations on MariaDB when the ``ONLY_FULL_GROUP_BY`` SQL mode was enabled (:ticket:`34992`). * Fixed a regression in Django 4.2 where the admin's read-only password widget and some help texts were incorrectly aligned at tablet widths (:ticket:`34982`). * Fixed a regression in Django 4.2 that caused a migration crash on SQLite when altering unsupported ``Meta.db_table_comment`` (:ticket:`35006`). ========================== ``` ### 4.2.7 ``` ========================== *November 1, 2023* Django 4.2.7 fixes a security issue with severity "moderate" and several bugs in 4.2.6. CVE-2023-46695: Potential denial of service vulnerability in ``UsernameField`` on Windows ========================================================================================= The :func:`NFKC normalization <python:unicodedata.normalize>` is slow on Windows. As a consequence, ``django.contrib.auth.forms.UsernameField`` was subject to a potential denial of service attack via certain inputs with a very large number of Unicode characters. In order to avoid the vulnerability, invalid values longer than ``UsernameField.max_length`` are no longer normalized, since they cannot pass validation anyway. Bugfixes ======== * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing expressions containing subqueries (:ticket:`34798`). * Restored, following a regression in Django 4.2, creating ``varchar/text_pattern_ops`` indexes on ``CharField`` and ``TextField`` with deterministic collations on PostgreSQL (:ticket:`34932`). ========================== ``` ### 4.2.6 ``` ========================== *October 4, 2023* Django 4.2.6 fixes a security issue with severity "moderate" and several bugs in 4.2.5. CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator`` ================================================================================ Following the fix for :cve:`2019-14232`, the regular expressions used in the implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods (with ``html=True``) were revised and improved. However, these regular expressions still exhibited linear backtracking complexity, so when given a very long, potentially malformed HTML input, the evaluation would still be slow, leading to a potential denial of service vulnerability. The ``chars()`` and ``words()`` methods are used to implement the :tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template filters, which were thus also vulnerable. The input processed by ``Truncator``, when operating in HTML mode, has been limited to the first five million characters in order to avoid potential performance and memory issues. Bugfixes ======== * Fixed a regression in Django 4.2.5 where overriding the deprecated ``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings in tests caused the main ``STORAGES`` to mutate (:ticket:`34821`). * Fixed a regression in Django 4.2 that caused unnecessary casting of string based fields (``CharField``, ``EmailField``, ``TextField``, ``CICharField``, ``CIEmailField``, and ``CITextField``) used with the ``__isnull`` lookup on PostgreSQL. As a consequence, indexes using an ``__isnull`` expression or condition created before Django 4.2 wouldn't be used by the query planner, leading to a performance regression (:ticket:`34840`). You may need to recreate such indexes created in your database with Django 4.2 to 4.2.5, as they contain unnecessary ``::text`` casting. Find candidate indexes with this query: .. code-block:: sql SELECT indexname, indexdef FROM pg_indexes WHERE indexdef LIKE '%::text IS %NULL'; ========================== ``` ### 4.2.5 ``` ========================== *September 4, 2023* Django 4.2.5 fixes a security issue with severity "moderate" and several bugs in 4.2.4. CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` =================================================================================================== ``django.utils.encoding.uri_to_iri()`` was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. Bugfixes ======== * Fixed a regression in Django 4.2 that caused an incorrect validation of ``CheckConstraints`` on ``__isnull`` lookups against ``JSONField`` (:ticket:`34754`). * Fixed a bug in Django 4.2 where the deprecated ``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings were not synced with ``STORAGES`` (:ticket:`34773`). * Fixed a regression in Django 4.2.2 that caused an unnecessary selection of a non-nullable ``ManyToManyField`` without a natural key during serialization (:ticket:`34779`). * Fixed a regression in Django 4.2 that caused a crash of a queryset when filtering against deeply nested ``OuterRef()`` annotations (:ticket:`34803`). ========================== ``` ### 4.2.4 ``` ========================== *August 1, 2023* Django 4.2.4 fixes several bugs in 4.2.3. Bugfixes ======== * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing window functions (:ticket:`34717`). * Fixed a regression in Django 4.2 that caused a crash when grouping by a reference in a subquery (:ticket:`34748`). * Fixed a regression in Django 4.2 that caused aggregation over query that uses explicit grouping by multi-valued annotations to group against the wrong columns (:ticket:`34750`). ========================== ``` ### 4.2.3 ``` ========================== *July 3, 2023* Django 4.2.3 fixes a security issue with severity "moderate" and several bugs in 4.2.2. CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator`` =================================================================================================================== ``EmailValidator`` and ``URLValidator`` were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs. Bugfixes ======== * Fixed a regression in Django 4.2 that caused incorrect alignment of timezone warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`). * Fixed a regression in Django 4.2 that caused incorrect highlighting of rows in the admin changelist view when ``ModelAdmin.list_editable`` contained a ``BooleanField`` (:ticket:`34638`). ========================== ``` ### 4.2.2 ``` ========================== *June 5, 2023* Django 4.2.2 fixes several bugs in 4.2.1. Bugfixes ======== * Fixed a regression in Django 4.2 that caused an unnecessary ``DBMS_LOB.SUBSTR()`` wrapping in the ``__isnull`` and ``__exact=None`` lookups for ``TextField()``/``BinaryField()`` on Oracle (:ticket:`34544`). * Restored, following a regression in Django 4.2, ``get_prep_value()`` call in ``JSONField`` subclasses (:ticket:`34539`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.defer()`` when passing a ``ManyToManyField`` or ``GenericForeignKey`` reference. While doing so is a no-op, it was allowed in older version (:ticket:`34570`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.only()`` when passing a reverse ``OneToOneField`` reference (:ticket:`34612`). * Fixed a bug in Django 4.2 where :option:`makemigrations --update` didn't respect the ``--name`` option (:ticket:`34568`). * Fixed a performance regression in Django 4.2 when compiling queries without ordering (:ticket:`34580`). * Fixed a regression in Django 4.2 where nonexistent stylesheet was linked on a “Congratulations!” page (:ticket:`34588`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with expressions referencing other aggregates (:ticket:`34551`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing subqueries (:ticket:`34551`). * Fixed a regression in Django 4.2 that caused a crash of querysets on SQLite when filtering on ``DecimalField`` against values outside of the defined range (:ticket:`34590`). * Fixed a regression in Django 4.2 that caused a serialization crash on a ``ManyToManyField`` without a natural key when its ``Manager``’s base ``QuerySet`` used ``select_related()`` (:ticket:`34620`). ========================== ```
Links - PyPI: https://pypi.org/project/django - Changelog: https://data.safetycli.com/changelogs/django/ - Homepage: https://www.djangoproject.com/

Update django-configurations from 2.4.1 to 2.5.1.

Changelog ### 2.5.1 ``` What's Changed * Fix 375 -- Add Django 5.0 classifier by pauloxnet in https://github.com/jazzband/django-configurations/pull/376 * Add support for Python 3.12 by pauloxnet in https://github.com/jazzband/django-configurations/pull/370 **Full Changelog**: https://github.com/jazzband/django-configurations/compare/2.5...2.5.1 ``` ### 2.5 ``` **Full Changelog**: https://github.com/jazzband/django-configurations/compare/2.4.2...2.5 ``` ### 2.4.2 ``` - Replace `imp` (due for removal in Python 3.12) with `importlib` by gump + jbkkd ```
Links - PyPI: https://pypi.org/project/django-configurations - Changelog: https://data.safetycli.com/changelogs/django-configurations/ - Docs: https://django-configurations.readthedocs.io/

Update gunicorn from 20.1.0 to 22.0.0.

Changelog ### 21.2.0 ``` =================== - fix thread worker: revert change considering connection as idle . *** NOTE *** This is fixing the bad file description error. ``` ### 21.0.1 ``` =================== - fix documentation build ``` ### 21.0.0 ``` =================== - support python 3.11 - fix gevent and eventlet workers - fix threads support (gththread): improve performance and unblock requests - SSL: now use SSLContext object - HTTP parser: miscellaneous fixes - remove unnecessary setuid calls - fix testing - improve logging - miscellaneous fixes to core engine *** RELEASE NOTE *** We made this release major to start our new release cycle. More info will be provided on our discussion forum. ```
Links - PyPI: https://pypi.org/project/gunicorn - Changelog: https://data.safetycli.com/changelogs/gunicorn/

Update newrelic from 8.8.0 to 9.12.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/newrelic - Homepage: https://docs.newrelic.com/docs/apm/agents/python-agent/

Update psycopg2-binary from 2.9.6 to 2.9.9.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/psycopg2-binary - Homepage: https://psycopg.org/

Update dj-database-url from 2.0.0 to 2.2.0.

Changelog ### 2.1.0 ``` * Add value to int parsing when deconstructing url string. ```
Links - PyPI: https://pypi.org/project/dj-database-url - Changelog: https://data.safetycli.com/changelogs/dj-database-url/ - Repo: https://github.com/jazzband/dj-database-url

Update django-model-utils from 4.3.1 to 4.5.1.

Changelog ### 4.4.0 ``` ------------------ - Add support for `Python 3.11` (GH-545) - Add support for `Python 3.12` (GH-545) - Drop support for `Python 3.7` (GH-545) - Add support for `Django 4.2` - Add support for `Django 5.0` - Remove ``SaveSignalHandlingModel``. This model used a modified copy of the internal Django method `Model.save_base()` and had not been updated for upstream bug fixes changes since its addition. - Add Swedish translation - Use proper column name instead of attname (GH-573) - Fix ValueError when calling prefetch_related for tracked ForeignKey fields ```
Links - PyPI: https://pypi.org/project/django-model-utils - Changelog: https://data.safetycli.com/changelogs/django-model-utils/ - Repo: https://github.com/jazzband/django-model-utils

Update djangorestframework from 3.14.0 to 3.15.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/djangorestframework - Changelog: https://data.safetycli.com/changelogs/djangorestframework/ - Homepage: https://www.django-rest-framework.org/

Update Markdown from 3.4.3 to 3.6.

Changelog ### 3.5.2 ``` Fixed * Fix type annotations for `convertFile` - it accepts only bytes-based buffers. Also remove legacy checks from Python 2 (1400) * Remove legacy import needed only in Python 2 (1403) * Fix typo that left the attribute `AdmonitionProcessor.content_indent` unset (1404) * Fix edge-case crash in `InlineProcessor` with `AtomicString` (1406). * Fix edge-case crash in `codehilite` with an empty `code` tag (1405). * Improve and expand type annotations in the code base (1401). * Fix handling of bogus comments (1425). ``` ### 3.5.1 ``` Fixed * Fix a performance problem with HTML extraction where large HTML input could trigger quadratic line counting behavior (1392). * Improve and expand type annotations in the code base (1394). ```
Links - PyPI: https://pypi.org/project/markdown - Changelog: https://data.safetycli.com/changelogs/markdown/

Update django-filter from 23.2 to 24.3.

Changelog ### 24.3 ``` ------------------------- * Adds official support for Django 5.1. * Allow using dictionaries for grouped choices on Django 5.0+. Thanks to Sævar Öfjörð Magnússon. * Adds ``unknown_field_behavior`` FilterSet option to allowing warning and ignore behaviours for unknown field types during FilterSet generation. Thanks to Loes. ``` ### 24.2 ``` ------------------------- * Fixed a regression in v23.4 where callable choices were incorrectly evaluated at filter instantiation, on Django versions prior to 5.0. Thanks to Craig de Stigter for the report and reproduce. ``` ### 24.1 ``` ------------------------- * Updated supported Python and Django versions, and resolved upcoming Django deprecations. Required versions are now at least Python 3.8 and Django 4.2. Thanks to Michael Manganiello. * Allowed passing a FilterSet class to the filterset_factory(). Thanks to Birger Schacht. * Set empty default value of filterset data to MultiValueDict. Thanks to Shlomo Gordon. * Preserve list values passed to the data dict in CSV widgets. Thanks to Bryan Brancotte. * Updates French and Ukrainian localisations. Thanks to Weblate. ``` ### 23.5 ``` ------------------------- * Fixed OrderingFilter handling of empty values. (1628) Thanks to Matt Munns. ``` ### 23.4 ``` ------------------------- * Official support for Django 5.0 and Python 3.12. * Fix DeprecationWarning for pkgutil.find_loader. Thanks to `wmorrell`. * Adopted Furo theme for docs. ``` ### 23.3 ``` ------------------------ * Adds initial compatibility with Django 5.0, prior to Django 5.0a1. * Updates packaging to use pyproject.toml and Flit. ```
Links - PyPI: https://pypi.org/project/django-filter - Changelog: https://data.safetycli.com/changelogs/django-filter/

Update ipython from 8.13.2 to 8.26.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/ipython - Changelog: https://data.safetycli.com/changelogs/ipython/

Update mkdocs from 1.4.3 to 1.6.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/mkdocs

Update flake8 from 6.0.0 to 7.1.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/flake8 - Repo: https://github.com/pycqa/flake8

Update mock from 5.0.2 to 5.1.0.

Changelog ### 5.1.0 ``` ----- - bpo-44185: :func:`unittest.mock.mock_open` will call the :func:`close` method of the file handle mock when it is exiting from the context manager. Patch by Samet Yaslan. - gh-94924: :func:`unittest.mock.create_autospec` now properly returns coroutine functions compatible with :func:`inspect.iscoroutinefunction` - bpo-17013: Add ``ThreadingMock`` to :mod:`unittest.mock` that can be used to create Mock objects that can wait until they are called. Patch by Karthikeyan Singaravelan and Mario Corchero. - bpo-41768: :mod:`unittest.mock` speccing no longer calls class properties. Patch by Melanie Witt. ```
Links - PyPI: https://pypi.org/project/mock - Changelog: https://data.safetycli.com/changelogs/mock/ - Docs: http://mock.readthedocs.org/en/latest/

Update factory-boy from 3.2.1 to 3.3.0.

Changelog ### 3.3.0 ``` ------------------ *New:* - :issue:`366`: Add :class:`factory.django.Password` to generate Django :class:`~django.contrib.auth.models.User` passwords. - :issue:`304`: Add :attr:`~factory.alchemy.SQLAlchemyOptions.sqlalchemy_session_factory` to dynamically create sessions for use by the :class:`~factory.alchemy.SQLAlchemyModelFactory`. - Add support for Django 4.0 - Add support for Django 4.1 - Add support for Python 3.10 - Add support for Python 3.11 *Bugfix:* - Make :meth:`~factory.django.mute_signals` mute signals during post-generation. - :issue:`775`: Change the signature for :meth:`~factory.alchemy.SQLAlchemyModelFactory._save` and :meth:`~factory.alchemy.SQLAlchemyModelFactory._get_or_create` to avoid argument names clashes with a field named ``session``. *Deprecated:* - :class:`~factory.django.DjangoModelFactory` will stop issuing a second call to :meth:`~django.db.models.Model.save` on the created instance when :ref:`post-generation-hooks` return a value. To help with the transition, :class:`factory.django.DjangoModelFactory._after_postgeneration` raises a :class:`DeprecationWarning` when calling :meth:`~django.db.models.Model.save`. Inspect your :class:`~factory.django.DjangoModelFactory` subclasses: - If the :meth:`~django.db.models.Model.save` call is not needed after :class:`~factory.PostGeneration`, set :attr:`factory.django.DjangoOptions.skip_postgeneration_save` to ``True`` in the factory meta. - Otherwise, the instance has been modified by :class:`~factory.Pos
pyup-bot commented 3 months ago

Closing this in favor of #2350