search

bcgov / nr-gwells

Groundwater Wells and Aquifers
Apache License 2.0
0 stars 0 forks source link

chore(deps): update dependency django-cors-headers to v4 - abandoned #62

Open renovate[bot] opened 2 weeks ago

renovate[bot] commented 2 weeks ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
django-cors-headers (changelog) ==2.2.0 -> ==4.4.0 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

adamchainz/django-cors-headers (django-cors-headers) ### [`v4.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#440-2024-06-19) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.1...4.4.0) - Support Django 5.1. ### [`v4.3.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#431-2023-11-14) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.3.0...4.3.1) - Fixed ASGI compatibility on Python 3.12. Thanks to Adrian Capitanu for the report in `Issue #​908 `\__ and Rooyal in `PR #​911 `\__. ### [`v4.3.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#430-2023-10-11) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.2.0...4.3.0) - Avoid adding the `access-control-allow-credentials` header to unallowed responses. Thanks to Adam Romanek in `PR #​888 `\__. - Support Django 5.0. ### [`v4.2.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#420-2023-07-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.1.0...4.2.0) - Drop Python 3.7 support. ### [`v4.1.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#410-2023-06-14) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/4.0.0...4.1.0) - Support Python 3.12. ### [`v4.0.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#400-2023-05-12) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.14.0...4.0.0) - Add `CORS_ALLOW_PRIVATE_NETWORK` setting, which enables support for the Local Network Access draft specification. Thanks to Issac Kelly in `PR #​745 `\__ and jjurgens0 in `PR #​833 `\__. - Remove three headers from the default "accept list": `accept-encoding`, `dnt`, and `origin`. These are `Forbidden header names `\__, which means requests JavaScript can never set them. Consequently, allowing them via CORS has no effect. Thanks to jub0bs for the report in `Issue #​842 `\__. - Drop the `CORS_REPLACE_HTTPS_REFERER` setting and `CorsPostCsrfMiddleware`. Since Django 1.9, the `CSRF_TRUSTED_ORIGINS` setting has been the preferred solution to making CSRF checks pass for CORS requests. The removed setting and middleware only existed as a workaround for Django versions before 1.9. - Add async support to the middleware, reducing overhead on async views. ### [`v3.14.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3140-2023-02-25) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.13.0...3.14.0) - Support Django 4.2. - Switch from `urlparse()` to `urlsplit()` for URL parsing, reducing the middleware runtime up to 5%. This changes the type passed to `origin_found_in_white_lists()`, so if you have subclassed the middleware to override this method, you should check it is compatible (it most likely is). Thanks to Thibaut Decombe in `PR #​793 `\__. ### [`v3.13.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3130-2022-06-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.12.0...3.13.0) - Support Python 3.11. - Support Django 4.1. ### [`v3.12.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3120-2022-05-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.11.0...3.12.0) - Drop support for Django 2.2, 3.0, and 3.1. ### [`v3.11.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3110-2022-01-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.10.1...3.11.0) - Drop Python 3.6 support. ### [`v3.10.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3101-2021-12-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.10.0...3.10.1) - Prevent a crash when an invalid `Origin` header is sent. Thanks to minusf for the report in `Issue #​701 `\__. ### [`v3.10.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#3100-2021-10-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.9.0...3.10.0) - Support Python 3.10. ### [`v3.9.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#390-2021-09-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.8.0...3.9.0) - Support Django 4.0. ### [`v3.8.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#380-2021-08-15) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.7.0...3.8.0) - Add type hints. - Stop distributing tests to reduce package size. Tests are not intended to be run outside of the tox setup in the repository. Repackagers can use GitHub's tarballs per tag. ### [`v3.7.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#370-2021-01-25) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.6.0...3.7.0) - Support Django 3.2. ### [`v3.6.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#360-2020-12-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.5.0...3.6.0) - Drop Python 3.5 support. - Support Python 3.9. ### [`v3.5.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#350-2020-08-25) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.4.0...3.5.0) - Following Django’s example in `Ticket #​31670 `\__ for replacing the term “whitelist”, plus an aim to make the setting names more comprehensible, the following settings have been renamed: - `CORS_ORIGIN_WHITELIST` -> `CORS_ALLOWED_ORIGINS` - `CORS_ORIGIN_REGEX_WHITELIST` -> `CORS_ALLOWED_ORIGIN_REGEXES` - `CORS_ORIGIN_ALLOW_ALL` -> `CORS_ALLOW_ALL_ORIGINS` The old names will continue to work as aliases, with the new ones taking precedence. ### [`v3.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#340-2020-06-19) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.3.0...3.4.0) - Drop Django 2.0 and 2.1 support. ### [`v3.3.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#330-2020-05-18) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.2.1...3.3.0) - Drop Django 1.11 support. Only Django 2.0+ is supported now. - Drop the `providing_args` argument from `Signal` to prevent a deprecation warning on Django 3.1. ### [`v3.2.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#321-2020-01-04) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.2.0...3.2.1) - Update LICENSE file to Unix line endings, fixing issues with license checker `pip-licenses` (`Issue #​477 `\__). ### [`v3.2.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#320-2019-11-15) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.1.1...3.2.0) - Converted setuptools metadata to configuration file. This meant removing the `__version__` attribute from the package. If you want to inspect the installed version, use `importlib.metadata.version("django-cors-headers")` (`docs `\__ / `backport `\__). - Support Python 3.8. ### [`v3.1.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#311-2019-09-30) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.1.0...3.1.1) - Support the value `file://` for origins, which is accidentally sent by some versions of Chrome on Android. ### [`v3.1.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#310-2019-08-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.0.2...3.1.0) - Drop Python 2 support, only Python 3.5-3.7 is supported now. - Fix all links for move from `github.com/ottoyiu/django-cors-headers` to `github.com/adamchainz/django-cors-headers`. ### [`v3.0.2`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#302-2019-05-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.0.1...3.0.2) - Add a hint to the `corsheaders.E013` check to make it more obvious how to resolve it. ### [`v3.0.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#301-2019-05-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/3.0.0...3.0.1) - Allow 'null' in `CORS_ORIGIN_WHITELIST` check. ### [`v3.0.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#300-2019-05-10) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.3...3.0.0) - `CORS_ORIGIN_WHITELIST` now requires URI schemes, and optionally ports. This is part of the CORS specification (`Section 3.2 `\_) that was not implemented in this library, except from with the `CORS_ORIGIN_REGEX_WHITELIST` setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure `http://` Origins to a secure `https://` site. You will need to update your whitelist to include schemes, for example from this: .. code-block:: python CORS_ORIGIN_WHITELIST = ["example.com"] ...to this: .. code-block:: python CORS_ORIGIN_WHITELIST = ["https://example.com"] - Removed the `CORS_MODEL` setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you *are* using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for `check_request_enabled` that reads from your model. Note you'll need to handle the move to include schemes for Origins. ### [`v2.5.3`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#253-2019-04-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.2...2.5.3) - Tested on Django 2.2. No changes were needed for compatibility. - Tested on Python 3.7. No changes were needed for compatibility. ### [`v2.5.2`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#252-2019-03-15) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.1...2.5.2) - Improve inclusion of tests in `sdist` to ignore `.pyc` files. ### [`v2.5.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#251-2019-03-13) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.5.0...2.5.1) - Include test infrastructure in `sdist` to allow consumers to use it. ### [`v2.5.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#250-2019-03-05) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.4.1...2.5.0) - Drop Django 1.8, 1.9, and 1.10 support. Only Django 1.11+ is supported now. ### [`v2.4.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#241-2019-02-28) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.4.0...2.4.1) - Fix `DeprecationWarning` from importing `collections.abc.Sequence` on Python 3.7. ### [`v2.4.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#240-2018-07-18) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.3.0...2.4.0) - Always add 'Origin' to the 'Vary' header for responses to enabled URL's, to prevent caching of responses intended for one origin being served for another. ### [`v2.3.0`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#230-2018-06-27) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.2.1...2.3.0) - Match `CORS_URLS_REGEX` to `request.path_info` instead of `request.path`, so the patterns can work without knowing the site's path prefix at configuration time. ### [`v2.2.1`](https://redirect.github.com/adamchainz/django-cors-headers/blob/HEAD/CHANGELOG.rst#221-2018-06-27) [Compare Source](https://redirect.github.com/adamchainz/django-cors-headers/compare/2.2.0...2.2.1) - Add `Content-Length` header to CORS preflight requests. This fixes issues with some HTTP proxies and servers, e.g. AWS Elastic Beanstalk.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

renovate[bot] commented 1 week ago

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.