Closed renovate[bot] closed 2 months ago
Because you closed this PR without merging, Renovate will ignore this update (>=3.15.2,<3.16
). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps
array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
>=3.11.2,<3.12
->>=3.15.2,<3.16
GitHub Vulnerability Alerts
CVE-2024-21520
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.
Release Notes
encode/django-rest-framework (djangorestframework)
### [`v3.15.2`](https://togithub.com/encode/django-rest-framework/compare/3.15.1...3.15.2) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.15.1...3.15.2) ### [`v3.15.1`](https://togithub.com/encode/django-rest-framework/compare/3.15.0...3.15.1) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.15.0...3.15.1) ### [`v3.15.0`](https://togithub.com/encode/django-rest-framework/compare/3.14.0...3.15.0) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.14.0...3.15.0) ### [`v3.14.0`](https://togithub.com/encode/django-rest-framework/releases/tag/3.14.0): Version 3.14.0 [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.13.1...3.14.0) - Django 2.2 is no longer supported. [#8662](https://togithub.com/encode/django-rest-framework/issues/8662) - Django 4.1 compatibility. [#8591](https://togithub.com/encode/django-rest-framework/issues/8591) - Add `--api-version` CLI option to `generateschema` management command. [#8663](https://togithub.com/encode/django-rest-framework/issues/8663) - Enforce `is_valid(raise_exception=False)` as a keyword-only argument. [#7952](https://togithub.com/encode/django-rest-framework/issues/7952) - Stop calling `set_context` on Validators. [#8589](https://togithub.com/encode/django-rest-framework/issues/8589) - Return `NotImplemented` from `ErrorDetails.__ne__`. [#8538](https://togithub.com/encode/django-rest-framework/issues/8538) - Don't evaluate `DateTimeField.default_timezone` when a custom timezone is set. [#8531](https://togithub.com/encode/django-rest-framework/issues/8531) - Make relative URLs clickable in Browseable API. [#8464](https://togithub.com/encode/django-rest-framework/issues/8464) - Support `ManyRelatedField` falling back to the default value when the attribute specified by dot notation doesn't exist. Matches `ManyRelatedField.get_attribute` to `Field.get_attribute`. [#7574](https://togithub.com/encode/django-rest-framework/issues/7574) - Make `schemas.openapi.get_reference` public. [#7515](https://togithub.com/encode/django-rest-framework/issues/7515) - Make `ReturnDict` support `dict` union operators on Python 3.9 and later. [#8302](https://togithub.com/encode/django-rest-framework/issues/8302) - Update throttling to check if `request.user` is set before checking if the user is authenticated. [#8370](https://togithub.com/encode/django-rest-framework/issues/8370) ### [`v3.13.1`](https://togithub.com/encode/django-rest-framework/releases/tag/3.13.1): Version 3.13.1 [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.13.0...3.13.1) - Revert schema naming changes with function based `@api_view`. [#8297](https://togithub.com/encode/django-rest-framework/issues/8297) ### [`v3.13.0`](https://togithub.com/encode/django-rest-framework/releases/tag/3.13.0): Version 3.13.0 [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.12.4...3.13.0) - Django 4.0 compatability. [#8178](https://togithub.com/encode/django-rest-framework/issues/8178) - Add `max_length` and `min_length` options to `ListSerializer`. [#8165](https://togithub.com/encode/django-rest-framework/issues/8165) - Add `get_request_serializer` and `get_response_serializer` hooks to `AutoSchema`. [#7424](https://togithub.com/encode/django-rest-framework/issues/7424) - Fix OpenAPI representation of null-able read only fields. [#8116](https://togithub.com/encode/django-rest-framework/issues/8116) - Respect `UNICODE_JSON` setting in API schema outputs. [#7991](https://togithub.com/encode/django-rest-framework/issues/7991) - Fix for `RemoteUserAuthentication`. [#7158](https://togithub.com/encode/django-rest-framework/issues/7158) - Make Field constructors keyword-only. [#7632](https://togithub.com/encode/django-rest-framework/issues/7632) ### [`v3.12.4`](https://togithub.com/encode/django-rest-framework/compare/3.12.3...3.12.4) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.12.3...3.12.4) ### [`v3.12.3`](https://togithub.com/encode/django-rest-framework/compare/3.12.2...3.12.3) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.12.2...3.12.3) ### [`v3.12.2`](https://togithub.com/encode/django-rest-framework/compare/3.12.1...3.12.2) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.12.1...3.12.2) ### [`v3.12.1`](https://togithub.com/encode/django-rest-framework/compare/3.12.0...3.12.1) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.12.0...3.12.1) ### [`v3.12.0`](https://togithub.com/encode/django-rest-framework/compare/3.11.2...3.12.0) [Compare Source](https://togithub.com/encode/django-rest-framework/compare/3.11.2...3.12.0)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
Thanks for the PR!
Deployments, as required, will be available below:
Please create PRs in draft mode. Mark as ready to enable:
After merge, new images are deployed in: