Release notes
*Sourced from [djangorestframework's releases](https://github.com/encode/django-rest-framework/releases).*
> ## Version 3.9.1
> Change Notes:
> https://www.django-rest-framework.org/community/release-notes/#39x-series
>
> ## Verision 3.9.0
> Release announcement:
> https://www.django-rest-framework.org/community/3.9-announcement/
>
> Change Notes:
> https://www.django-rest-framework.org/community/release-notes/#39x-series
>
> ## Version 3.8.2
> Point release for 3.8.x series
>
> * Fix `read_only` + `default` `unique_together` validation. [#5922](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5922)
> * authtoken.views import coreapi from rest_framework.compat, not directly. [#5921](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5921)
> * Docs: Add missing argument 'detail' to Route [#5920](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5920)
>
> ## Version 3.8.1
> * Use old `url_name` behavior in route decorators [#5915](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5915)
>
> For `list_route` and `detail_route` maintain the old behavior of `url_name`,
> basing it on the `url_path` instead of the function name.
>
>
> ## Version 3.8
> * [Release Announcement](http://www.django-rest-framework.org/topics/3.8-announcement/)
> * [3.8.0 Milestone](https://github.com/encode/django-rest-framework/milestone/61?closed=1)
>
> * **Breaking Change**: Alter `read_only` plus `default` behaviour. [#5886](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5886)
>
> `read_only` fields will now **always** be excluded from writable fields.
>
> Previously `read_only` fields with a `default` value would use the `default` for create and update operations.
>
> In order to maintain the old behaviour you may need to pass the value of `read_only` fields when calling `save()` in
> the view:
>
> def perform_create(self, serializer):
> serializer.save(owner=self.request.user)
>
> Alternatively you may override `save()` or `create()` or `update()` on the serialiser as appropriate.
> * Correct allow_null behaviour when required=False [#5888](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5888)
>
> Without an explicit `default`, `allow_null` implies a default of `null` for outgoing serialisation. Previously such
> fields were being skipped when read-only or otherwise not required.
>
> **Possible backwards compatibility break** if you were relying on such fields being excluded from the outgoing
> representation. In order to restore the old behaviour you can override `data` to exclude the field when `None`.
>
> ... (truncated)
Commits
- [`453196e`](https://github.com/encode/django-rest-framework/commit/453196e9c3a581bac3bf68eb8c9cdd7d28d2dcd6) Version 3.9.1 ([#6405](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6405))
- [`4bb9a3c`](https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8) Fix XSS caused by disabled autoescaping in the default DRF Browsable API view...
- [`e3bd4b9`](https://github.com/encode/django-rest-framework/commit/e3bd4b90488bab756694ce271a9615460783f987) Fix [#1811](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/1811): take limit_choices_to into account with FK ([#6371](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6371))
- [`9c408b2`](https://github.com/encode/django-rest-framework/commit/9c408b296b65ea14173de69139218afc97e158b3) Remove reference to deprecated drf-openapi package ([#6398](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6398))
- [`e0ae975`](https://github.com/encode/django-rest-framework/commit/e0ae975e5c543c16f0330cc4acda9387d25fee74) Fix a badly formatted title in docs ([#6089](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6089))
- [`c052a86`](https://github.com/encode/django-rest-framework/commit/c052a86c7b8ebc8159582dafaea3f6cf4a8c40f5) compat: (py2) urlparse = urllib.parse (py3) ([#6262](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6262))
- [`a49d744`](https://github.com/encode/django-rest-framework/commit/a49d744d5ee84ae2e89abde30ceddd2463e1f676) Fix OpenAPI links ([#6382](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6382))
- [`0860ef9`](https://github.com/encode/django-rest-framework/commit/0860ef9eeebf77e1780b0d86b3fdf01f5aaa5cc3) Update quickstart to Django 2.0 routing syntax ([#6385](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6385))
- [`587058e`](https://github.com/encode/django-rest-framework/commit/587058e3c25aac4d871828a3ef19637eb9e8ddbd) Allow run_validators() to handle non-dict types. ([#6365](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6365))
- [`0cf18c4`](https://github.com/encode/django-rest-framework/commit/0cf18c41631a1e2ee6013a58c7b9bbdb9d8bd8e4) Use Default Version in URLPathVersioning if 'version' Didn't Specified by Cli...
- Additional commits viewable in [compare view](https://github.com/encode/django-rest-framework/compare/3.7.3...3.9.1)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
Bumps djangorestframework from 3.7.3 to 3.9.1.
Release notes
*Sourced from [djangorestframework's releases](https://github.com/encode/django-rest-framework/releases).* > ## Version 3.9.1 > Change Notes: > https://www.django-rest-framework.org/community/release-notes/#39x-series > > ## Verision 3.9.0 > Release announcement: > https://www.django-rest-framework.org/community/3.9-announcement/ > > Change Notes: > https://www.django-rest-framework.org/community/release-notes/#39x-series > > ## Version 3.8.2 > Point release for 3.8.x series > > * Fix `read_only` + `default` `unique_together` validation. [#5922](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5922) > * authtoken.views import coreapi from rest_framework.compat, not directly. [#5921](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5921) > * Docs: Add missing argument 'detail' to Route [#5920](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5920) > > ## Version 3.8.1 > * Use old `url_name` behavior in route decorators [#5915](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5915) > > For `list_route` and `detail_route` maintain the old behavior of `url_name`, > basing it on the `url_path` instead of the function name. > > > ## Version 3.8 > * [Release Announcement](http://www.django-rest-framework.org/topics/3.8-announcement/) > * [3.8.0 Milestone](https://github.com/encode/django-rest-framework/milestone/61?closed=1) > > * **Breaking Change**: Alter `read_only` plus `default` behaviour. [#5886](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5886) > > `read_only` fields will now **always** be excluded from writable fields. > > Previously `read_only` fields with a `default` value would use the `default` for create and update operations. > > In order to maintain the old behaviour you may need to pass the value of `read_only` fields when calling `save()` in > the view: > > def perform_create(self, serializer): > serializer.save(owner=self.request.user) > > Alternatively you may override `save()` or `create()` or `update()` on the serialiser as appropriate. > * Correct allow_null behaviour when required=False [#5888](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5888) > > Without an explicit `default`, `allow_null` implies a default of `null` for outgoing serialisation. Previously such > fields were being skipped when read-only or otherwise not required. > > **Possible backwards compatibility break** if you were relying on such fields being excluded from the outgoing > representation. In order to restore the old behaviour you can override `data` to exclude the field when `None`. > > ... (truncated)Commits
- [`453196e`](https://github.com/encode/django-rest-framework/commit/453196e9c3a581bac3bf68eb8c9cdd7d28d2dcd6) Version 3.9.1 ([#6405](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6405)) - [`4bb9a3c`](https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8) Fix XSS caused by disabled autoescaping in the default DRF Browsable API view... - [`e3bd4b9`](https://github.com/encode/django-rest-framework/commit/e3bd4b90488bab756694ce271a9615460783f987) Fix [#1811](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/1811): take limit_choices_to into account with FK ([#6371](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6371)) - [`9c408b2`](https://github.com/encode/django-rest-framework/commit/9c408b296b65ea14173de69139218afc97e158b3) Remove reference to deprecated drf-openapi package ([#6398](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6398)) - [`e0ae975`](https://github.com/encode/django-rest-framework/commit/e0ae975e5c543c16f0330cc4acda9387d25fee74) Fix a badly formatted title in docs ([#6089](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6089)) - [`c052a86`](https://github.com/encode/django-rest-framework/commit/c052a86c7b8ebc8159582dafaea3f6cf4a8c40f5) compat: (py2) urlparse = urllib.parse (py3) ([#6262](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6262)) - [`a49d744`](https://github.com/encode/django-rest-framework/commit/a49d744d5ee84ae2e89abde30ceddd2463e1f676) Fix OpenAPI links ([#6382](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6382)) - [`0860ef9`](https://github.com/encode/django-rest-framework/commit/0860ef9eeebf77e1780b0d86b3fdf01f5aaa5cc3) Update quickstart to Django 2.0 routing syntax ([#6385](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6385)) - [`587058e`](https://github.com/encode/django-rest-framework/commit/587058e3c25aac4d871828a3ef19637eb9e8ddbd) Allow run_validators() to handle non-dict types. ([#6365](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6365)) - [`0cf18c4`](https://github.com/encode/django-rest-framework/commit/0cf18c41631a1e2ee6013a58c7b9bbdb9d8bd8e4) Use Default Version in URLPathVersioning if 'version' Didn't Specified by Cli... - Additional commits viewable in [compare view](https://github.com/encode/django-rest-framework/compare/3.7.3...3.9.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language