chore(deps): update dependency django-cors-headers to v4 - abandoned

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
django-cors-headers (changelog)	`==2.2.0` -> `==4.4.0`

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

adamchainz/django-cors-headers (django-cors-headers)

### [`v4.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#440-2024-06-19) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.1...4.4.0) - Support Django 5.1. ### [`v4.3.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#431-2023-11-14) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.0...4.3.1) - Fixed ASGI compatibility on Python 3.12. Thanks to Adrian Capitanu for the report in `Issue #908 `\__ and Rooyal in `PR #911 `\__. ### [`v4.3.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#430-2023-10-11) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.2.0...4.3.0) - Avoid adding the `access-control-allow-credentials` header to unallowed responses. Thanks to Adam Romanek in `PR #888 `\__. - Support Django 5.0. ### [`v4.2.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#420-2023-07-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.1.0...4.2.0) - Drop Python 3.7 support. ### [`v4.1.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#410-2023-06-14) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.0.0...4.1.0) - Support Python 3.12. ### [`v4.0.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#400-2023-05-12) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.14.0...4.0.0) - Add `CORS_ALLOW_PRIVATE_NETWORK` setting, which enables support for the Local Network Access draft specification. Thanks to Issac Kelly in `PR #745 `\__ and jjurgens0 in `PR #833 `\__. - Remove three headers from the default "accept list": `accept-encoding`, `dnt`, and `origin`. These are `Forbidden header names `\__, which means requests JavaScript can never set them. Consequently, allowing them via CORS has no effect. Thanks to jub0bs for the report in `Issue #842 `\__. - Drop the `CORS_REPLACE_HTTPS_REFERER` setting and `CorsPostCsrfMiddleware`. Since Django 1.9, the `CSRF_TRUSTED_ORIGINS` setting has been the preferred solution to making CSRF checks pass for CORS requests. The removed setting and middleware only existed as a workaround for Django versions before 1.9. - Add async support to the middleware, reducing overhead on async views. ### [`v3.14.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3140-2023-02-25) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.13.0...3.14.0) - Support Django 4.2. - Switch from `urlparse()` to `urlsplit()` for URL parsing, reducing the middleware runtime up to 5%. This changes the type passed to `origin_found_in_white_lists()`, so if you have subclassed the middleware to override this method, you should check it is compatible (it most likely is). Thanks to Thibaut Decombe in `PR #793 `\__. ### [`v3.13.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3130-2022-06-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.12.0...3.13.0) - Support Python 3.11. - Support Django 4.1. ### [`v3.12.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3120-2022-05-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.11.0...3.12.0) - Drop support for Django 2.2, 3.0, and 3.1. ### [`v3.11.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3110-2022-01-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.10.1...3.11.0) - Drop Python 3.6 support. ### [`v3.10.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3101-2021-12-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.10.0...3.10.1) - Prevent a crash when an invalid `Origin` header is sent. Thanks to minusf for the report in `Issue #701 `\__. ### [`v3.10.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3100-2021-10-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.9.0...3.10.0) - Support Python 3.10. ### [`v3.9.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#390-2021-09-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.8.0...3.9.0) - Support Django 4.0. ### [`v3.8.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#380-2021-08-15) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.7.0...3.8.0) - Add type hints. - Stop distributing tests to reduce package size. Tests are not intended to be run outside of the tox setup in the repository. Repackagers can use GitHub's tarballs per tag. ### [`v3.7.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#370-2021-01-25) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.6.0...3.7.0) - Support Django 3.2. ### [`v3.6.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#360-2020-12-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.5.0...3.6.0) - Drop Python 3.5 support. - Support Python 3.9. ### [`v3.5.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#350-2020-08-25) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.4.0...3.5.0) - Following Django’s example in `Ticket #31670 `\__ for replacing the term “whitelist”, plus an aim to make the setting names more comprehensible, the following settings have been renamed: - `CORS_ORIGIN_WHITELIST` -> `CORS_ALLOWED_ORIGINS` - `CORS_ORIGIN_REGEX_WHITELIST` -> `CORS_ALLOWED_ORIGIN_REGEXES` - `CORS_ORIGIN_ALLOW_ALL` -> `CORS_ALLOW_ALL_ORIGINS` The old names will continue to work as aliases, with the new ones taking precedence. ### [`v3.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#340-2020-06-19) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.3.0...3.4.0) - Drop Django 2.0 and 2.1 support. ### [`v3.3.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#330-2020-05-18) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.2.1...3.3.0) - Drop Django 1.11 support. Only Django 2.0+ is supported now. - Drop the `providing_args` argument from `Signal` to prevent a deprecation warning on Django 3.1. ### [`v3.2.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#321-2020-01-04) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.2.0...3.2.1) - Update LICENSE file to Unix line endings, fixing issues with license checker `pip-licenses` (`Issue #477 `\__). ### [`v3.2.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#320-2019-11-15) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.1.1...3.2.0) - Converted setuptools metadata to configuration file. This meant removing the `__version__` attribute from the package. If you want to inspect the installed version, use `importlib.metadata.version("django-cors-headers")` (`docs `\__ / `backport `\__). - Support Python 3.8. ### [`v3.1.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#311-2019-09-30) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.1.0...3.1.1) - Support the value `file://` for origins, which is accidentally sent by some versions of Chrome on Android. ### [`v3.1.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#310-2019-08-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.0.2...3.1.0) - Drop Python 2 support, only Python 3.5-3.7 is supported now. - Fix all links for move from `github.com/ottoyiu/django-cors-headers` to `github.com/adamchainz/django-cors-headers`. ### [`v3.0.2`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#302-2019-05-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.0.1...3.0.2) - Add a hint to the `corsheaders.E013` check to make it more obvious how to resolve it. ### [`v3.0.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#301-2019-05-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.0.0...3.0.1) - Allow 'null' in `CORS_ORIGIN_WHITELIST` check. ### [`v3.0.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#300-2019-05-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.3...3.0.0) - `CORS_ORIGIN_WHITELIST` now requires URI schemes, and optionally ports. This is part of the CORS specification (`Section 3.2 `\_) that was not implemented in this library, except from with the `CORS_ORIGIN_REGEX_WHITELIST` setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure `http://` Origins to a secure `https://` site. You will need to update your whitelist to include schemes, for example from this: .. code-block:: python CORS_ORIGIN_WHITELIST = ["example.com"] ...to this: .. code-block:: python CORS_ORIGIN_WHITELIST = ["https://example.com"] - Removed the `CORS_MODEL` setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you *are* using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for `check_request_enabled` that reads from your model. Note you'll need to handle the move to include schemes for Origins. ### [`v2.5.3`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#253-2019-04-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.2...2.5.3) - Tested on Django 2.2. No changes were needed for compatibility. - Tested on Python 3.7. No changes were needed for compatibility. ### [`v2.5.2`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#252-2019-03-15) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.1...2.5.2) - Improve inclusion of tests in `sdist` to ignore `.pyc` files. ### [`v2.5.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#251-2019-03-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.0...2.5.1) - Include test infrastructure in `sdist` to allow consumers to use it. ### [`v2.5.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#250-2019-03-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.4.1...2.5.0) - Drop Django 1.8, 1.9, and 1.10 support. Only Django 1.11+ is supported now. ### [`v2.4.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#241-2019-02-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.4.0...2.4.1) - Fix `DeprecationWarning` from importing `collections.abc.Sequence` on Python 3.7. ### [`v2.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#240-2018-07-18) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.3.0...2.4.0) - Always add 'Origin' to the 'Vary' header for responses to enabled URL's, to prevent caching of responses intended for one origin being served for another. ### [`v2.3.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#230-2018-06-27) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.2.1...2.3.0) - Match `CORS_URLS_REGEX` to `request.path_info` instead of `request.path`, so the patterns can work without knowing the site's path prefix at configuration time. ### [`v2.2.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#221-2018-06-27) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.2.0...2.2.1) - Add `Content-Length` header to CORS preflight requests. This fixes issues with some HTTP proxies and servers, e.g. AWS Elastic Beanstalk.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

Analysis Workflow

After merge, new images are deployed in:

Merge Workflow

bcgov / nr-gwells

chore(deps): update dependency django-cors-headers to v4 - abandoned #62

Release Notes

Configuration

Autoclosing Skipped