search

d120 / pyofahrt

Verwaltungssoftware für die Erstsemesterfahrt
GNU Affero General Public License v3.0
4 stars 1 forks source link

Update django to 1.11.6 #73

Closed pyup-bot closed 6 years ago

pyup-bot commented 6 years ago

There's a new version of Django available. You are currently using 1.11. I have updated it to 1.11.6

These links might come in handy: PyPI | Changelog | Homepage

Changelog

1.11.6

===========================

October 5, 2017

Django 1.11.6 fixes several bugs in 1.11.5.

Bugfixes

  • Made the CharField form field convert whitespace-only values to the empty_value when strip is enabled (:ticket:28555).

  • Fixed crash when using the name of a model's autogenerated primary key (id) in an Index's fields (:ticket:28597).

  • Fixed a regression in Django 1.9 where a custom view error handler such as handler404 that accesses csrf_token could cause CSRF verification failures on other pages (:ticket:28488).

===========================

1.11.5

===========================

September 5, 2017

Django 1.11.5 fixes a security issue and several bugs in 1.11.4.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG = True (which makes this page accessible) in your production settings.

Bugfixes

  • Fixed GEOS version parsing if the version has a commit hash at the end (new in GEOS 3.6.2) (:ticket:28441).

  • Added compatibility for cx_Oracle 6 (:ticket:28498).

  • Fixed select widget rendering when option values are tuples (:ticket:28502).

  • Django 1.11 inadvertently changed the sequence and trigger naming scheme on Oracle. This causes errors on INSERTs for some tables if 'use_returning_into': False is in the OPTIONS part of DATABASES. The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily requires an update to Oracle tables created with Django 1.11.[1-4]. Use the upgrade script in :ticket:28451 comment 8 to update sequence and trigger names to use the pre-1.11 naming scheme.

  • Added POST request support to LogoutView, for equivalence with the function-based logout() view (:ticket:28513).

  • Omitted pages_per_range from BrinIndex.deconstruct() if it's None (:ticket:25809).

  • Fixed a regression where SelectDateWidget localized the years in the select box (:ticket:28530).

  • Fixed a regression in 1.11.4 where runserver crashed with non-Unicode system encodings on Python 2 + Windows (:ticket:28487).

  • Fixed a regression in Django 1.10 where changes to a ManyToManyField weren't logged in the admin change history (:ticket:27998) and prevented ManyToManyField initial data in model forms from being affected by subsequent model changes (:ticket:28543).

  • Fixed non-deterministic results or an AssertionError crash in some queries with multiple joins (:ticket:26522).

  • Fixed a regression in contrib.auth's login() and logout() views where they ignored positional arguments (:ticket:28550).

===========================

1.11.4

===========================

August 1, 2017

Django 1.11.4 fixes several bugs in 1.11.3.

Bugfixes

  • Fixed a regression in 1.11.3 on Python 2 where non-ASCII format values for date/time widgets results in an empty value in the widget's HTML (:ticket:28355).

  • Fixed QuerySet.union() and difference() when combining with a queryset raising EmptyResultSet (:ticket:28378).

  • Fixed a regression in pickling of LazyObject on Python 2 when the wrapped object doesn't have __reduce__() (:ticket:28389).

  • Fixed crash in runserver's autoreload with Python 2 on Windows with non-str environment variables (:ticket:28174).

  • Corrected Field.has_changed() to return False for disabled form fields: BooleanField, MultipleChoiceField, MultiValueField, FileField, ModelChoiceField, and ModelMultipleChoiceField.

  • Fixed QuerySet.count() for union(), difference(), and intersection() queries. (:ticket:28399).

  • Fixed ClearableFileInput rendering as a subwidget of MultiWidget (:ticket:28414). Custom clearable_file_input.html widget templates will need to adapt for the fact that context values checkbox_name, checkbox_id, is_initial, input_text, initial_text, and clear_checkbox_label are now attributes of widget rather than appearing in the top-level context.

  • Fixed queryset crash when using a GenericRelation to a proxy model (:ticket:28418).

===========================

1.11.3

===========================

July 1, 2017

Django 1.11.3 fixes several bugs in 1.11.2.

Bugfixes

  • Removed an incorrect deprecation warning about a missing renderer argument if a Widget.render() method accepts **kwargs (:ticket:28265).

  • Fixed a regression causing Model.__init__() to crash if a field has an instance only descriptor (:ticket:28269).

  • Fixed an incorrect DisallowedModelAdminLookup exception when using a nested reverse relation in list_filter (:ticket:28262).

  • Fixed admin's FieldListFilter.get_queryset() crash on invalid input (:ticket:28202).

  • Fixed invalid HTML for a required AdminFileWidget (:ticket:28278).

  • Fixed model initialization to set the name of class-based model indexes for models that only inherit models.Model (:ticket:28282).

  • Fixed crash in admin's inlines when a model has an inherited non-editable primary key (:ticket:27967).

  • Fixed QuerySet.union(), intersection(), and difference() when combining with an EmptyQuerySet (:ticket:28293).

  • Prevented Paginator’s unordered object list warning from evaluating a QuerySet (:ticket:28284).

  • Fixed the value of redirect_field_name in LoginView’s template context. It's now an empty string (as it is for the original function-based login() view) if the corresponding parameter isn't sent in a request (in particular, when the login page is accessed directly) (:ticket:28229).

  • Prevented attribute values in the django/forms/widgets/attrs.html template from being localized so that numeric attributes (e.g. max and min) of NumberInput work correctly (:ticket:28303).

  • Removed casting of the option value to a string in the template context of the CheckboxSelectMultiple, NullBooleanSelect, RadioSelect, SelectMultiple, and Select widgets (:ticket:28176). In Django 1.11.1, casting was added in Python to avoid localization of numeric values in Django templates, but this made some use cases more difficult. Casting is now done in the template using the |stringformat:'s' filter.

  • Prevented a primary key alteration from adding a foreign key constraint if db_constraint=False (:ticket:28298).

  • Fixed UnboundLocalError crash in RenameField with nonexistent field (:ticket:28350).

  • Fixed a regression preventing a model field's limit_choices_to from being evaluated when a ModelForm is instantiated (:ticket:28345).

===========================

1.11.2

===========================

June 1, 2017

Django 1.11.2 adds a minor feature and fixes several bugs in 1.11.1. Also, the latest string translations from Transifex are incorporated.

Minor feature

The new LiveServerTestCase.port attribute reallows the use case of binding to a specific port following the :ref:bind to port zero <liveservertestcase-port-zero-change> change in Django 1.11.

Bugfixes

  • Added detection for GDAL 2.1 and 2.0, and removed detection for unsupported versions 1.7 and 1.8 (:ticket:28181).

  • Changed contrib.gis to raise ImproperlyConfigured rather than GDALException if gdal isn't installed, to allow third-party apps to catch that exception (:ticket:28178).

  • Fixed django.utils.http.is_safe_url() crash on invalid IPv6 URLs (:ticket:28142).

  • Fixed regression causing pickling of model fields to crash (:ticket:28188).

  • Fixed django.contrib.auth.authenticate() when multiple authentication backends don't accept a positional request argument (:ticket:28207).

  • Fixed introspection of index field ordering on PostgreSQL (:ticket:28197).

  • Fixed a regression where Model._state.adding wasn't set correctly on multi-table inheritance parent models after saving a child model (:ticket:28210).

  • Allowed DjangoJSONEncoder to serialize django.utils.deprecation.CallableBool (:ticket:28230).

  • Relaxed the validation added in Django 1.11 of the fields in the defaults argument of QuerySet.get_or_create() and update_or_create() to reallow settable model properties (:ticket:28222).

  • Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if the InvalidPage message contains non-ASCII (:ticket:28204).

  • Prevented Subquery from adding an unnecessary CAST which resulted in invalid SQL (:ticket:28199).

  • Corrected detection of GDAL 2.1 on Windows (:ticket:28181).

  • Made date-based generic views return a 404 rather than crash when given an out of range date (:ticket:28209).

  • Fixed a regression where file_move_safe() crashed when moving files to a CIFS mount (:ticket:28170).

  • Moved the ImageField file extension validation added in Django 1.11 from the model field to the form field to reallow the use case of storing images without an extension (:ticket:28242).

===========================

1.11.1

===========================

May 6, 2017

Django 1.11.1 adds a minor feature and fixes several bugs in 1.11.

Allowed disabling server-side cursors on PostgreSQL

The change in Django 1.11 to make :meth:.QuerySet.iterator() use server-side cursors on PostgreSQL prevents running Django with pgBouncer in transaction pooling mode. To reallow that, use the :setting:DISABLE_SERVER_SIDE_CURSORS <DATABASE-DISABLE_SERVER_SIDE_CURSORS> setting in :setting:DATABASES.

See :ref:transaction-pooling-server-side-cursors for more discussion.

Bugfixes

  • Made migrations respect Index’s name argument. If you created a named index with Django 1.11, makemigrations will create a migration to recreate the index with the correct name (:ticket:28051).

  • Fixed a crash when using a __icontains lookup on a ArrayField (:ticket:28038).

  • Fixed a crash when using a two-tuple in EmailMessage’s attachments argument (:ticket:28042).

  • Fixed QuerySet.filter() crash when it references the name of a OneToOneField primary key (:ticket:28047).

  • Fixed empty POST data table appearing instead of "No POST data" in HTML debug page (:ticket:28079).

  • Restored BoundField\s without any choices evaluating to True (:ticket:28058).

  • Prevented SessionBase.cycle_key() from losing session data if _session_cache isn't populated (:ticket:28066).

  • Fixed layout of ReadOnlyPasswordHashWidget (used in the admin's user change page) (:ticket:28097).

  • Allowed prefetch calls on managers with custom ModelIterable subclasses (:ticket:28096).

  • Fixed change password link in the contrib.auth admin for el, es_MX, and pt translations (:ticket:28100).

  • Restored the output of the class attribute in the <ul> of widgets that use the multiple_input.html template. This fixes ModelAdmin.radio_fields with admin.HORIZONTAL (:ticket:28059).

  • Fixed crash in BaseGeometryWidget.subwidgets() (:ticket:28039).

  • Fixed exception reraising in ORM query execution when cursor.execute() fails and the subsequent cursor.close() also fails (:ticket:28091).

  • Fixed a regression where CheckboxSelectMultiple, NullBooleanSelect, RadioSelect, SelectMultiple, and Select localized option values (:ticket:28075).

  • Corrected the stack level of unordered queryset pagination warnings (:ticket:28109).

  • Fixed a regression causing incorrect queries for __in subquery lookups when models use ForeignKey.to_field (:ticket:28101).

  • Fixed crash when overriding the template of django.views.static.directory_index() (:ticket:28122).

  • Fixed a regression in formset min_num validation with unchanged forms that have initial data (:ticket:28130).

  • Prepared for cx_Oracle 6.0 support (:ticket:28138).

  • Updated the contrib.postgres SplitArrayWidget to use template-based widget rendering (:ticket:28040).

  • Fixed crash in BaseGeometryWidget.get_context() when overriding existing attrs (:ticket:28105).

  • Prevented AddIndex and RemoveIndex from mutating model state (:ticket:28043).

  • Prevented migrations from dropping database indexes from Meta.indexes when changing Field.db_index to False (:ticket:28052).

  • Fixed a regression in choice ordering in form fields with grouped and non-grouped options (:ticket:28157).

  • Fixed crash in BaseInlineFormSet._construct_form() when using save_as_new (:ticket:28159).

  • Fixed a regression where Model._state.db wasn't set correctly on multi-table inheritance parent models after saving a child model (:ticket:28166).

  • Corrected the return type of ArrayField(CITextField()) values retrieved from the database (:ticket:28161).

  • Fixed QuerySet.prefetch_related() crash when fetching relations in nested Prefetch objects (:ticket:27554).

  • Prevented hiding GDAL errors if it's not installed when using contrib.gis (:ticket:28160). (It's a required dependency as of Django 1.11.)

  • Fixed a regression causing __in lookups on a foreign key to fail when using the foreign key's parent model as the lookup value (:ticket:28175).

=========================

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖