SECURITY: Added a MaxValueValidator to the form field for
NumberFilter. This prevents a potential DoS attack if numbers with very
large exponents were subsequently converted to integers.
The default limit value for the validator is 1e50.
The new NumberFilter.get_max_validator() allows customising the used
validator, and may return None to disable the validation entirely.
Added testing against Django 3.1 and Python 3.9.
In addition tests against Django main development branch are now required to
pass.
Update supported Python and Django versions: minimal Python is now 3.7,
minimum Django is now 3.2.
Added testing for Python 3.10 and Django 4.1.
Removed outdated deprecated warnings for code removed in version 2.1.
The code base is now formatted with Black.
Version 21.1 (2021-9-24)
This is a maintenance release updating CI testing for the latest
non-end-of-life versions of Python and Django, and updating package metadata
accordingly.
With this release django-filter is switching to a two-part CalVer
versioning scheme, such as 21.1. The first number is the year. The second
is the release number within that year.
On an on-going basis, Django-Filter aims to support all current Django
versions, the matching current Python versions, and the latest version of
Django REST Framework.
Please see:
Status of supported Python branches <https://devguide.python.org/#status-of-python-branches>_
List of supported Django versions <https://www.djangoproject.com/download/#support-versions>_
Support for Python and Django versions will be dropped when they reach
end-of-life. Support for Python versions will dropped when they reach
end-of-life, even when still supported by a current version of Django.
Other breaking changes are rare. Where required, every effort will be made to
apply a "Year plus two" deprecation period. For example, a change initially
introduced in 23.x would offer a fallback where feasible and finally be
removed in 25.1. Where fallbacks are not feasible, breaking changes without
deprecation will be called out in the release notes.
Beyond that change, there are few changes. Some small bugfixes, improvements to
localisation, and documentation tweaks. Thanks to all who were involved.
Version 2.4.0 (2020-9-27)
SECURITY: Added a MaxValueValidator to the form field for
... (truncated)
Commits
2c81768 Updated isort config to use black profile.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps django-filter from 2.2.0 to 22.1.
Release notes
Sourced from django-filter's releases.
Changelog
Sourced from django-filter's changelog.
... (truncated)
Commits
2c81768Updated isort config to use black profile.6d02135Renamed branch in GHA workflow.9f188ffAdded Black usage to change notes.f4866a9Applied Black.ab35490Updated version and change notes for 22.1 release.f532ca1Removed duplicate Python version specifier.e2f560fInstall package when building docs.057eaeeAdded RTD config.b972fc7Updated change notes.cd994e0Updated copyright in docs.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)