coveralls
commented
5 years ago Pull Request Test Coverage Report for Build 1141
- 0 of 0 changed or added relevant lines in 0 files are covered.
- No unchanged relevant lines lost coverage.
- Overall coverage remained the same at 99.275%
| Totals | |
|---|---|
| Change from base Build 1127: | 0.0% |
| Covered Lines: | 2191 |
| Relevant Lines: | 2207 |
This PR updates django from 2.2.1 to 2.2.2.
Changelog
### 2.2.2 ``` ========================== *June 3, 2019* Django 2.2.2 fixes security issues and several bugs in 2.2.1. CVE-2019-12308: AdminURLFieldWidget XSS --------------------------------------- The clickable "Current URL" link generated by ``AdminURLFieldWidget`` displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. ``AdminURLFieldWidget`` now validates the provided value using :class:`~django.core.validators.URLValidator` before displaying the clickable link. You may customise the validator by passing a ``validator_class`` kwarg to ``AdminURLFieldWidget.__init__()``, e.g. when using :attr:`~django.contrib.admin.ModelAdmin.formfield_overrides`. Patched bundled jQuery for CVE-2019-11358: Prototype pollution -------------------------------------------------------------- jQuery before 3.4.0, mishandles ``jQuery.extend(true, {}, ...)`` because of ``Object.prototype`` pollution. If an unsanitized source object contained an enumerable ``__proto__`` property, it could extend the native ``Object.prototype``. The bundled version of jQuery used by the Django admin has been patched to allow for the ``select2`` library's use of ``jQuery.extend()``. Bugfixes ======== * Fixed a regression in Django 2.2 that stopped Show/Hide toggles working on dynamically added admin inlines (:ticket:`30459`). * Fixed a regression in Django 2.2 where deprecation message crashes if ``Meta.ordering`` contains an expression (:ticket:`30463`). * Fixed a regression in Django 2.2.1 where :class:`~django.contrib.postgres.search.SearchVector` generates SQL with a redundant ``Coalesce`` call (:ticket:`30488`). * Fixed a regression in Django 2.2 where auto-reloader doesn't detect changes in ``manage.py`` file when using ``StatReloader`` (:ticket:`30479`). * Fixed crash of :class:`~django.contrib.postgres.aggregates.ArrayAgg` and :class:`~django.contrib.postgres.aggregates.StringAgg` with ``ordering`` argument when used in a ``Subquery`` (:ticket:`30315`). * Fixed a regression in Django 2.2 that caused a crash of auto-reloader when an exception with custom signature is raised (:ticket:`30516`). * Fixed a regression in Django 2.2.1 where auto-reloader unnecessarily reloads translation files multiple times when using ``StatReloader`` (:ticket:`30523`). ========================== ```Links
- PyPI: https://pypi.org/project/django - Changelog: https://pyup.io/changelogs/django/ - Homepage: https://www.djangoproject.com/