pyup-bot
commented
11 months ago Closing this in favor of #562
Closed pyup-bot closed 11 months ago
pyup-bot
commented
11 months ago Closing this in favor of #562
Update pytz from 2022.7.1 to 2023.3.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/pytz - Homepage: http://pythonhosted.org/pytz - Docs: https://pythonhosted.org/pytz/Update django from 4.1.9 to 4.2.4.
Changelog
### 4.2.4 ``` ========================== *August 1, 2023* Django 4.2.4 fixes several bugs in 4.2.3. Bugfixes ======== * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing window functions (:ticket:`34717`). * Fixed a regression in Django 4.2 that caused a crash when grouping by a reference in a subquery (:ticket:`34748`). * Fixed a regression in Django 4.2 that caused aggregation over query that uses explicit grouping by multi-valued annotations to group against the wrong columns (:ticket:`34750`). ========================== ``` ### 4.2.3 ``` ========================== *July 3, 2023* Django 4.2.3 fixes a security issue with severity "moderate" and several bugs in 4.2.2. CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator`` =================================================================================================================== ``EmailValidator`` and ``URLValidator`` were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs. Bugfixes ======== * Fixed a regression in Django 4.2 that caused incorrect alignment of timezone warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`). * Fixed a regression in Django 4.2 that caused incorrect highlighting of rows in the admin changelist view when ``ModelAdmin.list_editable`` contained a ``BooleanField`` (:ticket:`34638`). ========================== ``` ### 4.2.2 ``` ========================== *June 5, 2023* Django 4.2.2 fixes several bugs in 4.2.1. Bugfixes ======== * Fixed a regression in Django 4.2 that caused an unnecessary ``DBMS_LOB.SUBSTR()`` wrapping in the ``__isnull`` and ``__exact=None`` lookups for ``TextField()``/``BinaryField()`` on Oracle (:ticket:`34544`). * Restored, following a regression in Django 4.2, ``get_prep_value()`` call in ``JSONField`` subclasses (:ticket:`34539`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.defer()`` when passing a ``ManyToManyField`` or ``GenericForeignKey`` reference. While doing so is a no-op, it was allowed in older version (:ticket:`34570`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.only()`` when passing a reverse ``OneToOneField`` reference (:ticket:`34612`). * Fixed a bug in Django 4.2 where :option:`makemigrations --update` didn't respect the ``--name`` option (:ticket:`34568`). * Fixed a performance regression in Django 4.2 when compiling queries without ordering (:ticket:`34580`). * Fixed a regression in Django 4.2 where nonexistent stylesheet was linked on a “Congratulations!” page (:ticket:`34588`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with expressions referencing other aggregates (:ticket:`34551`). * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.aggregate()`` with aggregates referencing subqueries (:ticket:`34551`). * Fixed a regression in Django 4.2 that caused a crash of querysets on SQLite when filtering on ``DecimalField`` against values outside of the defined range (:ticket:`34590`). * Fixed a regression in Django 4.2 that caused a serialization crash on a ``ManyToManyField`` without a natural key when its ``Manager``’s base ``QuerySet`` used ``select_related()`` (:ticket:`34620`). ========================== ``` ### 4.2.1 ``` ========================== *May 3, 2023* Django 4.2.1 fixes a security issue with severity "low" and several bugs in 4.2. CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field ================================================================================================= Uploading multiple files using one form field has never been supported by :class:`.forms.FileField` or :class:`.forms.ImageField` as only the last uploaded file was validated. Unfortunately, :ref:`uploading_multiple_files` topic suggested otherwise. In order to avoid the vulnerability, :class:`~django.forms.ClearableFileInput` and :class:`~django.forms.FileInput` form widgets now raise ``ValueError`` when the ``multiple`` HTML attribute is set on them. To prevent the exception and keep the old behavior, set ``allow_multiple_selected`` to ``True``. For more details on using the new attribute and handling of multiple files through a single field, see :ref:`uploading_multiple_files`. Bugfixes ======== * Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.defer()`` when deferring fields by attribute names (:ticket:`34458`). * Fixed a regression in Django 4.2 that caused a crash of :class:`~django.contrib.postgres.search.SearchVector` function with ``%`` characters (:ticket:`34459`). * Fixed a regression in Django 4.2 that caused aggregation over query that uses explicit grouping to group against the wrong columns (:ticket:`34464`). * Reallowed, following a regression in Django 4.2, setting the ``"cursor_factory"`` option in :setting:`OPTIONS` on PostgreSQL (:ticket:`34466`). * Enforced UTF-8 client encoding on PostgreSQL, following a regression in Django 4.2 (:ticket:`34470`). * Fixed a regression in Django 4.2 where ``i18n_patterns()`` didn't respect the ``prefix_default_language`` argument when a fallback language of the default language was used (:ticket:`34455`). * Fixed a regression in Django 4.2 where translated URLs of the default language from ``i18n_patterns()`` with ``prefix_default_language`` set to ``False`` raised 404 errors for a request with a different language (:ticket:`34515`). * Fixed a regression in Django 4.2 where creating copies and deep copies of ``HttpRequest``, ``HttpResponse``, and their subclasses didn't always work correctly (:ticket:`34482`, :ticket:`34484`). * Fixed a regression in Django 4.2 where ``timesince`` and ``timeuntil`` template filters returned incorrect results for a datetime with a non-UTC timezone when a time difference is less than 1 day (:ticket:`34483`). * Fixed a regression in Django 4.2 that caused a crash of :class:`~django.contrib.postgres.search.SearchHeadline` function with ``psycopg`` 3 (:ticket:`34486`). * Fixed a regression in Django 4.2 that caused incorrect ``ClearableFileInput`` margins in the admin (:ticket:`34506`). * Fixed a regression in Django 4.2 where breadcrumbs didn't appear on admin site app index views (:ticket:`34512`). * Made squashing migrations reduce ``AddIndex``, ``RemoveIndex``, ``RenameIndex``, and ``CreateModel`` operations which allows removing a deprecated ``Meta.index_together`` option from historical migrations and use ``Meta.indexes`` instead (:ticket:`34525`). ======================== ``` ### 4.2 ``` ======================== *April 3, 2023* Welcome to Django 4.2! These release notes cover the :ref:`new features <whats-new-4.2>`, as well as some :ref:`backwards incompatible changes <backwards-incompatible-4.2>` you'll want to be aware of when upgrading from Django 4.1 or earlier. We've :ref:`begun the deprecation process for some features <deprecated-features-4.2>`. See the :doc:`/howto/upgrade-version` guide if you're updating an existing project. Django 4.2 is designated as a :term:`long-term support release <Long-term support release>`. It will receive security updates for at least three years after its release. Support for the previous LTS, Django 3.2, will end in April 2024. Python compatibility ==================== Django 4.2 supports Python 3.8, 3.9, 3.10, and 3.11. We **highly recommend** and only officially support the latest release of each series. .. _whats-new-4.2: What's new in Django 4.2 ======================== Psycopg 3 support ----------------- Django now supports `psycopg`_ version 3.1.8 or higher. To update your code, install the :pypi:`psycopg library <psycopg>`, you don't need to change the :setting:`ENGINE <DATABASE-ENGINE>` as ``django.db.backends.postgresql`` supports both libraries. Support for ``psycopg2`` is likely to be deprecated and removed at some point in the future. Be aware that ``psycopg`` 3 introduces some breaking changes over ``psycopg2``. As a consequence, you may need to make some changes to account for `differences from psycopg2`_. .. _psycopg: https://www.psycopg.org/psycopg3/ .. _differences from psycopg2: https://www.psycopg.org/psycopg3/docs/basic/from_pg2.html Comments on columns and tables ------------------------------ The new :attr:`Field.db_comment <django.db.models.Field.db_comment>` and :attr:`Meta.db_table_comment <django.db.models.Options.db_table_comment>` options allow creating comments on columns and tables, respectively. For example:: from django.db import models class Question(models.Model): text = models.TextField(db_comment="Poll question") pub_date = models.DateTimeField( db_comment="Date and time when the question was published", ) class Meta: db_table_comment = "Poll questions" class Answer(models.Model): question = models.ForeignKey( Question, on_delete=models.CASCADE, db_comment="Reference to a question", ) answer = models.TextField(db_comment="Question answer") class Meta: db_table_comment = "Question answers" Also, the new :class:`~django.db.migrations.operations.AlterModelTableComment` operation allows changing table comments defined in the :attr:`Meta.db_table_comment <django.db.models.Options.db_table_comment>`. Mitigation for the BREACH attack -------------------------------- :class:`~django.middleware.gzip.GZipMiddleware` now includes a mitigation for the BREACH attack. It will add up to 100 random bytes to gzip responses to make BREACH attacks harder. Read more about the mitigation technique in the `Heal The Breach (HTB) paper`_. .. _Heal The Breach (HTB) paper: https://ieeexplore.ieee.org/document/9754554 In-memory file storage ---------------------- The new :class:`django.core.files.storage.InMemoryStorage` class provides a non-persistent storage useful for speeding up tests by avoiding disk access. Custom file storages -------------------- The new :setting:`STORAGES` setting allows configuring multiple custom file storage backends. It also controls storage engines for managing :doc:`files </topics/files>` (the ``"default"`` key) and :doc:`static files </ref/contrib/staticfiles>` (the ``"staticfiles"`` key). The old ``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings are deprecated as of this release. Minor features -------------- :mod:`django.contrib.admin` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The light or dark color theme of the admin can now be toggled in the UI, as well as being set to follow the system setting. * The admin's font stack now prefers system UI fonts and no longer requires downloading fonts. Additionally, CSS variables are available to more easily override the default font families. * The :source:`admin/delete_confirmation.html <django/contrib/admin/templates/admin/delete_confirmation.html>` template now has some additional blocks and scripting hooks to ease customization. * The chosen options of :attr:`~django.contrib.admin.ModelAdmin.filter_horizontal` and :attr:`~django.contrib.admin.ModelAdmin.filter_vertical` widgets are now filterable. * The ``admin/base.html`` template now has a new block ``nav-breadcrumbs`` which contains the navigation landmark and the ``breadcrumbs`` block. * :attr:`.ModelAdmin.list_editable` now uses atomic transactions when making edits. * jQuery is upgraded from version 3.6.0 to 3.6.4. :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ * The default iteration count for the PBKDF2 password hasher is increased from 390,000 to 600,000. * :class:`~django.contrib.auth.forms.UserCreationForm` now saves many-to-many form fields for a custom user model. * The new :class:`~django.contrib.auth.forms.BaseUserCreationForm` is now the recommended base class for customizing the user creation form. :mod:`django.contrib.gis` ~~~~~~~~~~~~~~~~~~~~~~~~~ * The :doc:`GeoJSON serializer </ref/contrib/gis/serializers>` now outputs the ``id`` key for serialized features, which defaults to the primary key of objects. * The :class:`~django.contrib.gis.gdal.GDALRaster` class now supports :class:`pathlib.Path`. * The :class:`~django.contrib.gis.geoip2.GeoIP2` class now supports ``.mmdb`` files downloaded from DB-IP. * The OpenLayers template widget no longer includes inline CSS (which also removes the former ``map_css`` block) to better comply with a strict Content Security Policy. * :class:`~django.contrib.gis.forms.widgets.OpenLayersWidget` is now based on OpenLayers 7.2.2 (previously 4.6.5). * The new :lookup:`isempty` lookup and :class:`IsEmpty() <django.contrib.gis.db.models.functions.IsEmpty>` expression allow filtering empty geometries on PostGIS. * The new :class:`FromWKB() <django.contrib.gis.db.models.functions.FromWKB>` and :class:`FromWKT() <django.contrib.gis.db.models.functions.FromWKT>` functions allow creating geometries from Well-known binary (WKB) and Well-known text (WKT) representations. :mod:`django.contrib.postgres` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :lookup:`trigram_strict_word_similar` lookup, and the :class:`TrigramStrictWordSimilarity() <django.contrib.postgres.search.TrigramStrictWordSimilarity>` and :class:`TrigramStrictWordDistance() <django.contrib.postgres.search.TrigramStrictWordDistance>` expressions allow using trigram strict word similarity. * The :lookup:`arrayfield.overlap` lookup now supports ``QuerySet.values()`` and ``values_list()`` as a right-hand side. :mod:`django.contrib.sitemaps` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :meth:`.Sitemap.get_languages_for_item` method allows customizing the list of languages for which the item is displayed. :mod:`django.contrib.staticfiles` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * :class:`~django.contrib.staticfiles.storage.ManifestStaticFilesStorage` now has experimental support for replacing paths to JavaScript modules in ``import`` and ``export`` statements with their hashed counterparts. If you want to try it, subclass ``ManifestStaticFilesStorage`` and set the ``support_js_module_import_aggregation`` attribute to ``True``. * The new :attr:`.ManifestStaticFilesStorage.manifest_hash` attribute provides a hash over all files in the manifest and changes whenever one of the files changes. Database backends ~~~~~~~~~~~~~~~~~ * The new ``"assume_role"`` option is now supported in :setting:`OPTIONS` on PostgreSQL to allow specifying the :ref:`session role <database-role>`. * The new ``"server_side_binding"`` option is now supported in :setting:`OPTIONS` on PostgreSQL with ``psycopg`` 3.1.8+ to allow using :ref:`server-side binding cursors <database-server-side-parameters-binding>`. Error Reporting ~~~~~~~~~~~~~~~ * The debug page now shows :pep:`exception notes <678>` and :pep:`fine-grained error locations <657>` on Python 3.11+. * Session cookies are now treated as credentials and therefore hidden and replaced with stars (``**********``) in error reports. Forms ~~~~~ * :class:`~django.forms.ModelForm` now accepts the new ``Meta`` option ``formfield_callback`` to customize form fields. * :func:`~django.forms.models.modelform_factory` now respects the ``formfield_callback`` attribute of the ``form``’s ``Meta``. Internationalization ~~~~~~~~~~~~~~~~~~~~ * Added support and translations for the Central Kurdish (Sorani) language. Logging ~~~~~~~ * The :ref:`django-db-logger` logger now logs transaction management queries (``BEGIN``, ``COMMIT``, and ``ROLLBACK``) at the ``DEBUG`` level. Management Commands ~~~~~~~~~~~~~~~~~~~ * :djadmin:`makemessages` command now supports locales with private sub-tags such as ``nl_NL-x-informal``. * The new :option:`makemigrations --update` option merges model changes into the latest migration and optimizes the resulting operations. Migrations ~~~~~~~~~~ * Migrations now support serialization of ``enum.Flag`` objects. Models ~~~~~~ * ``QuerySet`` now extensively supports filtering against :ref:`window-functions` with the exception of disjunctive filter lookups against window functions when performing aggregation. * :meth:`~.QuerySet.prefetch_related` now supports :class:`~django.db.models.Prefetch` objects with sliced querysets. * :ref:`Registering lookups <lookup-registration-api>` on :class:`~django.db.models.Field` instances is now supported. * The new ``robust`` argument for :func:`~django.db.transaction.on_commit` allows performing actions that can fail after a database transaction is successfully committed. * The new :class:`KT() <django.db.models.fields.json.KT>` expression represents the text value of a key, index, or path transform of :class:`~django.db.models.JSONField`. * :class:`~django.db.models.functions.Now` now supports microsecond precision on MySQL and millisecond precision on SQLite. * :class:`F() <django.db.models.F>` expressions that output ``BooleanField`` can now be negated using ``~F()`` (inversion operator). * ``Model`` now provides asynchronous versions of some methods that use the database, using an ``a`` prefix: :meth:`~.Model.adelete`, :meth:`~.Model.arefresh_from_db`, and :meth:`~.Model.asave`. * Related managers now provide asynchronous versions of methods that change a set of related objects, using an ``a`` prefix: :meth:`~.RelatedManager.aadd`, :meth:`~.RelatedManager.aclear`, :meth:`~.RelatedManager.aremove`, and :meth:`~.RelatedManager.aset`. * :attr:`CharField.max_length <django.db.models.CharField.max_length>` is no longer required to be set on PostgreSQL, which supports unlimited ``VARCHAR`` columns. Requests and Responses ~~~~~~~~~~~~~~~~~~~~~~ * :class:`~django.http.StreamingHttpResponse` now supports async iterators when Django is served via ASGI. Tests ~~~~~ * The :option:`test --debug-sql` option now formats SQL queries with ``sqlparse``. * The :class:`~django.test.RequestFactory`, :class:`~django.test.AsyncRequestFactory`, :class:`~django.test.Client`, and :class:`~django.test.AsyncClient` classes now support the ``headers`` parameter, which accepts a dictionary of header names and values. This allows a more natural syntax for declaring headers. .. code-block:: python Before: self.client.get("/home/", HTTP_ACCEPT_LANGUAGE="fr") await self.async_client.get("/home/", ACCEPT_LANGUAGE="fr") After: self.client.get("/home/", headers={"accept-language": "fr"}) await self.async_client.get("/home/", headers={"accept-language": "fr"}) Utilities ~~~~~~~~~ * The new ``encoder`` parameter for :meth:`django.utils.html.json_script` function allows customizing a JSON encoder class. * The private internal vendored copy of ``urllib.parse.urlsplit()`` now strips ``'\r'``, ``'\n'``, and ``'\t'`` (see :cve:`2022-0391` and :bpo:`43882`). This is to protect projects that may be incorrectly using the internal ``url_has_allowed_host_and_scheme()`` function, instead of using one of the documented functions for handling URL redirects. The Django functions were not affected. * The new :func:`django.utils.http.content_disposition_header` function returns a ``Content-Disposition`` HTTP header value as specified by :rfc:`6266`. Validators ~~~~~~~~~~ * The list of common passwords used by ``CommonPasswordValidator`` is updated to the most recent version. .. _backwards-incompatible-4.2: Backwards incompatible changes in 4.2 ===================================== Database backend API -------------------- This section describes changes that may be needed in third-party database backends. * ``DatabaseFeatures.allows_group_by_pk`` is removed as it only remained to accommodate a MySQL extension that has been supplanted by proper functional dependency detection in MySQL 5.7.15. Note that ``DatabaseFeatures.allows_group_by_selected_pks`` is still supported and should be enabled if your backend supports functional dependency detection in ``GROUP BY`` clauses as specified by the ``SQL:1999`` standard. * :djadmin:`inspectdb` now uses ``display_size`` from ``DatabaseIntrospection.get_table_description()`` rather than ``internal_size`` for ``CharField``. Dropped support for MariaDB 10.3 -------------------------------- Upstream support for MariaDB 10.3 ends in May 2023. Django 4.2 supports MariaDB 10.4 and higher. Dropped support for MySQL 5.7 ----------------------------- Upstream support for MySQL 5.7 ends in October 2023. Django 4.2 supports MySQL 8 and higher. Dropped support for PostgreSQL 11 --------------------------------- Upstream support for PostgreSQL 11 ends in November 2023. Django 4.2 supports PostgreSQL 12 and higher. Setting ``update_fields`` in ``Model.save()`` may now be required ----------------------------------------------------------------- In order to avoid updating unnecessary columns, :meth:`.QuerySet.update_or_create` now passes ``update_fields`` to the :meth:`Model.save() <django.db.models.Model.save>` calls. As a consequence, any fields modified in the custom ``save()`` methods should be added to the ``update_fields`` keyword argument before calling ``super()``. See :ref:`overriding-model-methods` for more details. Miscellaneous ------------- * The undocumented ``django.http.multipartparser.parse_header()`` function is removed. Use ``django.utils.http.parse_header_parameters()`` instead. * :ttag:`{% blocktranslate asvar … %}<blocktranslate>` result is now marked as safe for (HTML) output purposes. * The ``autofocus`` HTML attribute in the admin search box is removed as it can be confusing for screen readers. * The :option:`makemigrations --check` option no longer creates missing migration files. * The ``alias`` argument for :meth:`.Expression.get_group_by_cols` is removed. * The minimum supported version of ``sqlparse`` is increased from 0.2.2 to 0.3.1. * The undocumented ``negated`` parameter of the :class:`~django.db.models.Exists` expression is removed. * The ``is_summary`` argument of the undocumented ``Query.add_annotation()`` method is removed. * The minimum supported version of SQLite is increased from 3.9.0 to 3.21.0. * The minimum supported version of ``asgiref`` is increased from 3.5.2 to 3.6.0. * :class:`~django.contrib.auth.forms.UserCreationForm` now rejects usernames that differ only in case. If you need the previous behavior, use :class:`~django.contrib.auth.forms.BaseUserCreationForm` instead. * The minimum supported version of ``mysqlclient`` is increased from 1.4.0 to 1.4.3. * The minimum supported version of ``argon2-cffi`` is increased from 19.1.0 to 19.2.0. * The minimum supported version of ``Pillow`` is increased from 6.2.0 to 6.2.1. * The minimum supported version of ``jinja2`` is increased from 2.9.2 to 2.11.0. * The minimum supported version of :pypi:`redis-py <redis>` is increased from 3.0.0 to 3.4.0. * Manually instantiated ``WSGIRequest`` objects must be provided a file-like object for ``wsgi.input``. Previously, Django was more lax than the expected behavior as specified by the WSGI specification. * Support for ``PROJ`` < 5 is removed. * :class:`~django.core.mail.backends.smtp.EmailBackend` now verifies a :py:attr:`hostname <ssl.SSLContext.check_hostname>` and :py:attr:`certificates <ssl.SSLContext.verify_mode>`. If you need the previous behavior that is less restrictive and not recommended, subclass ``EmailBackend`` and override the ``ssl_context`` property. .. _deprecated-features-4.2: Features deprecated in 4.2 ========================== ``index_together`` option is deprecated in favor of ``indexes`` --------------------------------------------------------------- The :attr:`Meta.index_together <django.db.models.Options.index_together>` option is deprecated in favor of the :attr:`~django.db.models.Options.indexes` option. Migrating existing ``index_together`` should be handled as a migration. For example:: class Author(models.Model): rank = models.IntegerField() name = models.CharField(max_length=30) class Meta: index_together = [["rank", "name"]] Should become:: class Author(models.Model): rank = models.IntegerField() name = models.CharField(max_length=30) class Meta: indexes = [models.Index(fields=["rank", "name"])] Running the :djadmin:`makemigrations` command will generate a migration containing a :class:`~django.db.migrations.operations.RenameIndex` operation which will rename the existing index. Next, consider squashing migrations to remove ``index_together`` from historical migrations. The ``AlterIndexTogether`` migration operation is now officially supported only for pre-Django 4.2 migration files. For backward compatibility reasons, it's still part of the public API, and there's no plan to deprecate or remove it, but it should not be used for new migrations. Use :class:`~django.db.migrations.operations.AddIndex` and :class:`~django.db.migrations.operations.RemoveIndex` operations instead. Passing encoded JSON string literals to ``JSONField`` is deprecated ------------------------------------------------------------------- ``JSONField`` and its associated lookups and aggregates used to allow passing JSON encoded string literals which caused ambiguity on whether string literals were already encoded from database backend's perspective. During the deprecation period string literals will be attempted to be JSON decoded and a warning will be emitted on success that points at passing non-encoded forms instead. Code that use to pass JSON encoded string literals:: Document.objects.bulk_create( Document(data=Value("null")), Document(data=Value("[]")), Document(data=Value('"foo-bar"')), ) Document.objects.annotate( JSONBAgg("field", default=Value("[]")), ) Should become:: Document.objects.bulk_create( Document(data=Value(None, JSONField())), Document(data=[]), Document(data="foo-bar"), ) Document.objects.annotate( JSONBAgg("field", default=[]), ) From Django 5.1+ string literals will be implicitly interpreted as JSON string literals. Miscellaneous ------------- * The ``BaseUserManager.make_random_password()`` method is deprecated. See `recipes and best practices <https://docs.python.org/3/library/secrets.html#recipes-and-best-practices>`_ for using Python's :py:mod:`secrets` module to generate passwords. * The ``length_is`` template filter is deprecated in favor of :tfilter:`length` and the ``==`` operator within an :ttag:`{% if %}<if>` tag. For example .. code-block:: html+django {% if value|length == 4 %}…{% endif %} {% if value|length == 4 %}True{% else %}False{% endif %} instead of: .. code-block:: html+django {% if value|length_is:4 %}…{% endif %} {{ value|length_is:4 }} * ``django.contrib.auth.hashers.SHA1PasswordHasher``, ``django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher``, and ``django.contrib.auth.hashers.UnsaltedMD5PasswordHasher`` are deprecated. * ``django.contrib.postgres.fields.CICharField`` is deprecated in favor of ``CharField(db_collation="…")`` with a case-insensitive non-deterministic collation. * ``django.contrib.postgres.fields.CIEmailField`` is deprecated in favor of ``EmailField(db_collation="…")`` with a case-insensitive non-deterministic collation. * ``django.contrib.postgres.fields.CITextField`` is deprecated in favor of ``TextField(db_collation="…")`` with a case-insensitive non-deterministic collation. * ``django.contrib.postgres.fields.CIText`` mixin is deprecated. * The ``map_height`` and ``map_width`` attributes of ``BaseGeometryWidget`` are deprecated, use CSS to size map widgets instead. * ``SimpleTestCase.assertFormsetError()`` is deprecated in favor of ``assertFormSetError()``. * ``TransactionTestCase.assertQuerysetEqual()`` is deprecated in favor of ``assertQuerySetEqual()``. * Passing positional arguments to ``Signer`` and ``TimestampSigner`` is deprecated in favor of keyword-only arguments. * The ``DEFAULT_FILE_STORAGE`` setting is deprecated in favor of ``STORAGES["default"]``. * The ``STATICFILES_STORAGE`` setting is deprecated in favor of ``STORAGES["staticfiles"]``. * The ``django.core.files.storage.get_storage_class()`` function is deprecated. =========================== ``` ### 4.1.10 ``` =========================== *July 3, 2023* Django 4.1.10 fixes a security issue with severity "moderate" in 4.1.9. CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator`` =================================================================================================================== ``EmailValidator`` and ``URLValidator`` were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs. ========================== ```Links
- PyPI: https://pypi.org/project/django - Changelog: https://data.safetycli.com/changelogs/django/ - Homepage: https://www.djangoproject.com/Update django-environ from 0.9.0 to 0.11.1.
Changelog
### 0.11.1 ``` --------------------------- Fixed +++++ - Revert "Add interpolate argument to avoid resolving proxied values." feature due to `485 <https://github.com/joke2k/django-environ/issues/485>`_. ``` ### 0.11.0 ``` --------------------------- Added +++++ - Added support for Django 4.2 `456 <https://github.com/joke2k/django-environ/pull/456>`_. - Added support for secure Elasticsearch connections `463 <https://github.com/joke2k/django-environ/pull/463>`_. - Added variable expansion `468 <https://github.com/joke2k/django-environ/pull/468>`_. - Added capability to handle comments after , after quoted values, like ``KEY= 'part1 part2' comment`` `475 <https://github.com/joke2k/django-environ/pull/475>`_. - Added support for ``interpolate`` parameter `415 <https://github.com/joke2k/django-environ/pull/415>`_. Changed +++++++ - Used ``mssql-django`` as engine for SQL Server `446 <https://github.com/joke2k/django-environ/pull/446>`_. - Changed handling bool values, stripping whitespace around value `475 <https://github.com/joke2k/django-environ/pull/475>`_. - Use ``importlib.util.find_spec`` to ``replace pkgutil.find_loader`` `482 <https://github.com/joke2k/django-environ/pull/482>`_. Removed +++++++ - Removed support of Python 3.5. ``` ### 0.10.0 ``` ------------------------- Added +++++ - Use the core redis library by default if running Django >= 4.0 `356 <https://github.com/joke2k/django-environ/issues/356>`_. - Value of dict can now contain an equal sign `241 <https://github.com/joke2k/django-environ/pull/241>`_. - Added support for Python 3.11. - Added ``CONN_HEALTH_CHECKS`` to database base options `413 <https://github.com/joke2k/django-environ/issues/413>`_. - Added ``encoding`` parameter to ``read_env`` with default value 'utf8' `442 <https://github.com/joke2k/django-environ/pull/442>`_. - Added support for Django 4.1 `416 <https://github.com/joke2k/django-environ/issues/416>`_. Deprecated ++++++++++ - Support of Python < 3.6 is deprecated and will be removed in next major version. Changed +++++++ - Used UTF-8 as a encoding when open ``.env`` file. - Provided access to ``DB_SCHEMES`` through ``cls`` rather than ``Env`` in ``db_url_config`` `414 <https://github.com/joke2k/django-environ/pull/414>`_. - Correct CI workflow to use supported Python versions/OS matrix `441 <https://github.com/joke2k/django-environ/pull/441>`_. - Reworked trigger CI workflows strategy `440 <https://github.com/joke2k/django-environ/pull/440>`_. Fixed +++++ - Fixed logic of ``Env.get_value()`` to skip parsing only when ``default=None``, not for all default values that coerce to ``False`` `404 <https://github.com/joke2k/django-environ/issues/404>`_. - Deleted duplicated include in docs/quickstart.rst `439 <https://github.com/joke2k/django-environ/pull/439>`_. Removed +++++++ - Removed deprecated ``Env.unicode()``. - Removed ``environ.register_schemes`` calls and do not modify global ``urllib.parse.urlparse``'s ``uses_*`` variables as this no longer needed `246 <https://github.com/joke2k/django-environ/pull/246>`_. ```Links
- PyPI: https://pypi.org/project/django-environ - Changelog: https://data.safetycli.com/changelogs/django-environ/ - Docs: https://django-environ.readthedocs.orgUpdate gunicorn from 20.1.0 to 21.2.0.
Changelog
### 21.2.0 ``` =================== - fix thread worker: revert change considering connection as idle . *** NOTE *** This is fixing the bad file description error. ``` ### 21.0.1 ``` =================== - fix documentation build ``` ### 21.0.0 ``` =================== - support python 3.11 - fix gevent and eventlet workers - fix threads support (gththread): improve performance and unblock requests - SSL: noaw use SSLContext object - HTTP parser: miscellaneous fixes - remove unecessary setuid calls - fix testing - improve logging - miscellaneous fixes to core engine *** RELEASE NOTE *** We made this release major to start our new release cycle. More info will be provided on our discussion forum. ```Links
- PyPI: https://pypi.org/project/gunicorn - Changelog: https://data.safetycli.com/changelogs/gunicorn/ - Homepage: https://gunicorn.orgUpdate newrelic from 8.7.0 to 9.0.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/newrelic - Homepage: https://docs.newrelic.com/docs/apm/agents/python-agent/Update argon2-cffi from 21.3 to 23.1.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/argon2-cffiUpdate whitenoise from 6.4.0 to 6.5.0.
Changelog
### 6.5.0 ``` ------------------ * Support Python 3.12. * Changed documentation site URL from ``https://whitenoise.evans.io/`` to ``https://whitenoise.readthedocs.io/``. ```Links
- PyPI: https://pypi.org/project/whitenoise - Changelog: https://data.safetycli.com/changelogs/whitenoise/ - Repo: https://github.com/evansd/whitenoiseUpdate psycopg2-binary from 2.9.5 to 2.9.7.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/psycopg2-binary - Homepage: https://psycopg.org/Update Markdown from 3.4.1 to 3.4.4.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/markdownUpdate django-filter from 22.1 to 23.2.
Changelog
### 23.2 ``` ------------------------ * Deprecated the schema generation methods of the DRF related ``DjangoFilterBackend``. These will be removed in version 25.1. You should use `drf-spectacular <https://drf-spectacular.readthedocs.io/en/latest/>`_ for generating OpenAPI schemas with DRF. * In addition, stopped testing against the (very old now) ``coreapi`` schema generation. These methods should continue to work if you're using them until v25.1, but ``coreapi`` is no longer maintained, and is raising warnings against the current versions of Python. To workaround this is not worth the effort at this point. * Updated Polish translations. ``` ### 23.1 ``` ------------------------ * Declared support for Django 4.2. * Various updated and new translations. Thanks to all who contributed, and Weblate for hosting. * Fixed QueryArrayWidget.value_from_datadict() to not mutate input data. (1540) ```Links
- PyPI: https://pypi.org/project/django-filter - Changelog: https://data.safetycli.com/changelogs/django-filter/ - Repo: https://github.com/carltongibson/django-filter/tree/mainUpdate django-cors-headers from 3.14.0 to 4.2.0.
Changelog
### 4.2.0 ``` ------------------ * Drop Python 3.7 support. ``` ### 4.1.0 ``` ------------------ * Support Python 3.12. ``` ### 4.0.0 ``` ------------------ * Add ``CORS_ALLOW_PRIVATE_NETWORK`` setting, which enables support for the Local Network Access draft specification. Thanks to Issac Kelly in `PR 745 <https://github.com/adamchainz/django-cors-headers/pull/745>`__ and jjurgens0 in `PR #833 <https://github.com/adamchainz/django-cors-headers/pull/833>`__. * Remove three headers from the default "accept list": ``accept-encoding``, ``dnt``, and ``origin``. These are `Forbidden header names <https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name>`__, which means requests JavaScript can never set them. Consequently, allowing them via CORS has no effect. Thanks to jub0bs for the report in `Issue 842 <https://github.com/adamchainz/django-cors-headers/issues/842>`__. * Drop the ``CORS_REPLACE_HTTPS_REFERER`` setting and ``CorsPostCsrfMiddleware``. Since Django 1.9, the ``CSRF_TRUSTED_ORIGINS`` setting has been the preferred solution to making CSRF checks pass for CORS requests. The removed setting and middleware only existed as a workaround for Django versions before 1.9. * Add async support to the middleware, reducing overhead on async views. ```Links
- PyPI: https://pypi.org/project/django-cors-headers - Changelog: https://data.safetycli.com/changelogs/django-cors-headers/ - Repo: https://github.com/adamchainz/django-cors-headersUpdate django-allauth from 0.54.0 to 0.55.2.
Changelog
### 0.55.2 ``` ******************* Fixes ----- - Email confirmation: An attribute error could occur when following invalid email confirmation links. ``` ### 0.55.1 ``` ******************* Fixes ----- - SAML: the lookup of the app (``SocialApp``) was working correctly for apps configured via the settings, but failed when the app was configured via the Django admin. - Keycloak: fixed reversal of the callback URL, which was reversed using ``"openid_connect_callback"`` instead of ``"keycloak_callback"``. Although the resulting URL is the same, it results in a ``NoReverseMatch`` error when ``allauth.socialaccount.providers.openid_connect`` is not present in ``INSTALLED_APPS``. ``` ### 0.55.0 ``` ******************* Note worthy changes ------------------- - Introduced a new setting ``ACCOUNT_PASSWORD_RESET_TOKEN_GENERATOR`` that allows you to specify the token generator for password resets. - Dropped support for Django 2.x and 3.0. - Officially support Django 4.2. - New providers: Miro, Questrade - It is now possible to manage OpenID Connect providers via the Django admin. Simply add a `SocialApp` for each OpenID Connect provider. - There is now a new flow for changing the email address. When enabled (``ACCOUNT_CHANGE_EMAIL``), users are limited to having exactly one email address that they can change by adding a temporary second email address that, when verified, replaces the current email address. - Changed spelling from "e-mail" to "email". Both are correct, however, the trend over the years has been towards the simpler and more streamlined form "email". - Added support for SAML 2.0. Thanks to `Dskrpt <https://dskrpt.de>`_ for sponsoring the development of this feature! - Fixed Twitter OAuth2 authentication by using basic auth and adding scope `tweet.read`. - Added (optional) support for authentication by email for social logins (see ``SOCIALACCOUNT_EMAIL_AUTHENTICATION``). Security notice --------------- - Even with account enumeration prevention in place, it was possible for a user to infer whether or not a given account exists based by trying to add secondary email addresses . This has been fixed -- see the note on backwards incompatible changes. Backwards incompatible changes ------------------------------ - Data model changes: when ``ACCOUNT_UNIQUE_EMAIL=True`` (the default), there was a unique constraint on set on the ``email`` field of the ``EmailAddress`` model. This constraint has been relaxed, now there is a unique constraint on the combination of ``email`` and ``verified=True``. Migrations are in place to automatically transition, but if you have a lot of accounts, you may need to take special care using ``CREATE INDEX CONCURRENTLY``. - The method ``allauth.utils.email_address_exists()`` has been removed. - The Mozilla Persona provider has been removed. The project was shut down on November 30th 2016. - A large internal refactor has been performed to be able to add support for providers oferring one or more subproviders. This refactor has the following impact: - The provider registry methods ``get_list()``, ``by_id()`` have been removed. The registry now only providers access to the provider classes, not the instances. - ``provider.get_app()`` has been removed -- use ``provider.app`` instead. - ``SocialApp.objects.get_current()`` has been removed. - The ``SocialApp`` model now has additional fields ``provider_id``, and ``settings``. - The OpenID Connect provider ``SOCIALACCOUNT_PROVIDERS`` settings structure changed. Instead of the OpenID Connect specific ``SERVERS`` construct, it now uses the regular ``APPS`` approach. Please refer to the OpenID Connect provider documentation for details. - The Telegram provider settings structure, it now requires to app. Please refer to the Telegram provider documentation for details. - The Facebook provider loaded the Facebook connect ``sdk.js`` regardless of the value of the ``METHOD`` setting. To prevent tracking, now it only loads the Javascript if ``METHOD`` is explicitly set to ``"js_sdk"``. ```Links
- PyPI: https://pypi.org/project/django-allauth - Changelog: https://data.safetycli.com/changelogs/django-allauth/ - Homepage: https://www.intenct.nl/projects/django-allauth/Update dj-rest-auth from 2.2.8 to 4.0.1.
Changelog
### 4.0.1 ``` What's Changed * Bump django-allauth (506) by jeloagnasin in https://github.com/iMerica/dj-rest-auth/pull/508 New Contributors * jeloagnasin made their first contribution in https://github.com/iMerica/dj-rest-auth/pull/508 **Full Changelog**: https://github.com/iMerica/dj-rest-auth/compare/4.0.0...4.0.1 ``` ### 4.0.0 ``` What's Changed * add id (indonesian) translations by kiraware in https://github.com/iMerica/dj-rest-auth/pull/483 * Fix crash on bad auth code by c-w in https://github.com/iMerica/dj-rest-auth/pull/469 * Allow customizing password reset confirm URL by c-w in https://github.com/iMerica/dj-rest-auth/pull/487 * fix a typo in installation.rst by yappkahowe in https://github.com/iMerica/dj-rest-auth/pull/348 * Fix Google login with auth code flow by c-w in https://github.com/iMerica/dj-rest-auth/pull/488 * Small fix for id in `django.po` by kiraware in https://github.com/iMerica/dj-rest-auth/pull/493 * Actualize and fill missing french translations by atiberghien in https://github.com/iMerica/dj-rest-auth/pull/496 * Modify JWT Serializer Field Names by Dresdn in https://github.com/iMerica/dj-rest-auth/pull/501 * Support custom verification status based on email by c-w in https://github.com/iMerica/dj-rest-auth/pull/504 New Contributors * yappkahowe made their first contribution in https://github.com/iMerica/dj-rest-auth/pull/348 * atiberghien made their first contribution in https://github.com/iMerica/dj-rest-auth/pull/496 **Full Changelog**: https://github.com/iMerica/dj-rest-auth/compare/3.0.0...4.0.0 ``` ### 3.0.0 ``` What's Changed * Fix messy setting (Operation Clean Config Project) by kiraware in https://github.com/iMerica/dj-rest-auth/pull/477 New Contributors * kiraware made their first contribution in https://github.com/iMerica/dj-rest-auth/pull/477 **Full Changelog**: https://github.com/iMerica/dj-rest-auth/compare/2.2.8...3.0.0 ```Links
- PyPI: https://pypi.org/project/dj-rest-auth - Changelog: https://data.safetycli.com/changelogs/dj-rest-auth/ - Repo: http://github.com/iMerica/dj-rest-authUpdate djangorestframework-simplejwt from 5.2.2 to 5.3.0.
Changelog
### 5.3.0 ``` Notable Changes: * Added support for Python 3.11 by joshuadavidthomas [636](https://github.com/jazzband/djangorestframework-simplejwt/pull/636) * Added support for Django 4.2 by johnthagen [711](https://github.com/jazzband/djangorestframework-simplejwt/pull/711) * Added support for DRF 3.14 by Andrew-Chen-Wang [623](https://github.com/jazzband/djangorestframework-simplejwt/pull/623) * Added Inlang to facilitate community translations by jannesblobel [662](https://github.com/jazzband/djangorestframework-simplejwt/pull/662) * Revoke access token if user password is changed by mahdirahimi1999 [719](https://github.com/jazzband/djangorestframework-simplejwt/pull/719) * Added type hints by abczzz13 [683](https://github.com/jazzband/djangorestframework-simplejwt/pull/683) * Improved testing by kiraware [688](https://github.com/jazzband/djangorestframework-simplejwt/pull/688) * Removed support for Django 2.2 by kiraware [688](https://github.com/jazzband/djangorestframework-simplejwt/pull/688) Documentation: * Added write_only=True to TokenBlacklistSerializer's refresh field for better doc generation by Yaser-Amiri [699](https://github.com/jazzband/djangorestframework-simplejwt/pull/699) * Updated docs on serializer customization by 2ykwang [668](https://github.com/jazzband/djangorestframework-simplejwt/pull/668) Translation Updates: * Updated translations for Persian (fa) language by mahdirahimi1999 [723](https://github.com/jazzband/djangorestframework-simplejwt/pull/723) and https://github.com/jazzband/djangorestframework-simplejwt/pull/708 * Updated translations for Indonesian (id) language by kiraware [685](https://github.com/jazzband/djangorestframework-simplejwt/pull/685) * Added Arabic language translations by iamjazzar [690](https://github.com/jazzband/djangorestframework-simplejwt/pull/690) * Added Hebrew language translations by elam91 [679](https://github.com/jazzband/djangorestframework-simplejwt/pull/679) * Added Slovenian language translations by banDeveloper [645](https://github.com/jazzband/djangorestframework-simplejwt/pull/645) ```Links
- PyPI: https://pypi.org/project/djangorestframework-simplejwt - Changelog: https://data.safetycli.com/changelogs/djangorestframework-simplejwt/ - Repo: https://github.com/jazzband/djangorestframework-simplejwtUpdate drf-yasg from 1.21.5 to 1.21.7.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/drf-yasg - Changelog: https://data.safetycli.com/changelogs/drf-yasg/ - Repo: https://github.com/axnsan12/drf-yasgUpdate pre-commit from 3.1.1 to 3.3.3.
Changelog
### 3.3.3 ``` ================== Fixes - Work around OS packagers setting `--install-dir` / `--bin-dir` in gem settings. - 2905 PR by jaysoffian. - 2799 issue by lmilbaum. ``` ### 3.3.2 ``` ================== Fixes - Work around `r` on windows sometimes double-un-quoting arguments. - 2885 PR by lorenzwalthert. - 2870 issue by lorenzwalthert. ``` ### 3.3.1 ``` ================== Fixes - Work around `git` partial clone bug for `autoupdate` on windows. - 2866 PR by asottile. - 2865 issue by adehad. ``` ### 3.3.0 ``` ================== Features - Upgrade ruby-build. - 2846 PR by jalessio. - Use blobless clone for faster autoupdate. - 2859 PR by asottile. - Add `-j` / `--jobs` argument to `autoupdate` for parallel execution. - 2863 PR by asottile. - issue by gaborbernat. ``` ### 3.2.2 ``` ================== Fixes - Fix support for swift >= 5.8. - 2836 PR by edelabar. - 2835 issue by kgrobelny-intive. ``` ### 3.2.1 ``` ================== Fixes - Fix `language_version` for `language: rust` without global `rustup`. - 2823 issue by daschuer. - 2827 PR by asottile. ``` ### 3.2.0 ``` ================== Features - Allow `pre-commit`, `pre-push`, and `pre-merge-commit` as `stages`. - 2732 issue by asottile. - 2808 PR by asottile. - Add `pre-rebase` hook support. - 2582 issue by BrutalSimplicity. - 2725 PR by mgaligniana. Fixes - Remove bulky cargo cache from `language: rust` installs. - 2820 PR by asottile. ```Links
- PyPI: https://pypi.org/project/pre-commit - Changelog: https://data.safetycli.com/changelogs/pre-commit/ - Repo: https://github.com/pre-commit/pre-commitUpdate flake8 from 6.0.0 to 6.1.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/flake8 - Repo: https://github.com/pycqa/flake8Update black from 23.1.0 to 23.7.0.
Changelog
### 23.7.0 ``` Highlights - Runtime support for Python 3.7 has been removed. Formatting 3.7 code will still be supported until further notice (3765) Stable style - Fix a bug where an illegal trailing comma was added to return type annotations using PEP 604 unions (3735) - Fix several bugs and crashes where comments in stub files were removed or mishandled under some circumstances (3745) - Fix a crash with multi-line magic comments like `type: ignore` within parentheses (3740) - Fix error in AST validation when _Black_ removes trailing whitespace in a type comment (3773) Preview style - Implicitly concatenated strings used as function args are no longer wrapped inside parentheses (3640) - Remove blank lines between a class definition and its docstring (3692) Configuration - The `--workers` argument to _Black_ can now be specified via the `BLACK_NUM_WORKERS` environment variable (3743) - `.pytest_cache`, `.ruff_cache` and `.vscode` are now excluded by default (3691) - Fix _Black_ not honouring `pyproject.toml` settings when running `--stdin-filename` and the `pyproject.toml` found isn't in the current working directory (3719) - _Black_ will now error if `exclude` and `extend-exclude` have invalid data types in `pyproject.toml`, instead of silently doing the wrong thing (3764) Packaging - Upgrade mypyc from 0.991 to 1.3 (3697) - Remove patching of Click that mitigated errors on Python 3.6 with `LANG=C` (3768) Parser - Add support for the new PEP 695 syntax in Python 3.12 (3703) Performance - Speed up _Black_ significantly when the cache is full (3751) - Avoid importing `IPython` in a case where we wouldn't need it (3748) Output - Use aware UTC datetimes internally, avoids deprecation warning on Python 3.12 (3728) - Change verbose logging to exactly mirror _Black_'s logic for source discovery (3749) _Blackd_ - The `blackd` argument parser now shows the default values for options in their help text (3712) Integrations - Black is now tested with [`PYTHONWARNDEFAULTENCODING = 1`](https://docs.python.org/3/library/io.html#io-encoding-warning) (3763) - Update GitHub Action to display black output in the job summary (3688) Documentation - Add a CITATION.cff file to the root of the repository, containing metadata on how to cite this software (3723) - Update the _classes_ and _exceptions_ documentation in Developer reference to match the latest code base (3755) ``` ### 23.3.0 ``` Highlights This release fixes a longstanding confusing behavior in Black's GitHub action, where the version of the action did not determine the version of Black being run (issue 3382). In addition, there is a small bug fix around imports and a number of improvements to the preview style. Please try out the [preview style](https://black.readthedocs.io/en/stable/the_black_code_style/future_style.html#preview-style) with `black --preview` and tell us your feedback. All changes in the preview style are expected to become part of Black's stable style in January 2024. Stable style - Import lines with ` fmt: skip` and ` fmt: off` no longer have an extra blank line added when they are right after another import line (3610) Preview style - Add trailing commas to collection literals even if there's a comment after the last entry (3393) - `async def`, `async for`, and `async with` statements are now formatted consistently compared to their non-async version. (3609) - `with` statements that contain two context managers will be consistently wrapped in parentheses (3589) - Let string splitters respect [East Asian Width](https://www.unicode.org/reports/tr11/) (3445) - Now long string literals can be split after East Asian commas and periods (`、` U+3001 IDEOGRAPHIC COMMA, `。` U+3002 IDEOGRAPHIC FULL STOP, & `,` U+FF0C FULLWIDTH COMMA) besides before spaces (3445) - For stubs, enforce one blank line after a nested class with a body other than just `...` (3564) - Improve handling of multiline strings by changing line split behavior (1879) Parser - Added support for formatting files with invalid type comments (3594) Integrations - Update GitHub Action to use the version of Black equivalent to action's version if version input is not specified (3543) - Fix missing Python binary path in autoload script for vim (3508) Documentation - Document that only the most recent release is supported for security issues; vulnerabilities should be reported through Tidelift (3612) ```Links
- PyPI: https://pypi.org/project/black - Changelog: https://data.safetycli.com/changelogs/black/Update mypy from 1.0.1 to 1.5.1.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/mypy - Homepage: https://www.mypy-lang.org/Update django-stubs from 1.15.0 to 4.2.3.
Changelog
### 4.2.3 ``` New Contributors * JoeHitchen made their first contribution in https://github.com/typeddjango/django-stubs/pull/1600 **Full Changelog**: https://github.com/typeddjango/django-stubs/compare/4.2.2...4.2.3 ``` ### 4.2.2 ``` New Contributors * namper made their first contribution in https://github.com/typeddjango/django-stubs/pull/1521 * filbasi made their first contribution in https://github.com/typeddjango/django-stubs/pull/1544 * GabDug made their first contribution in https://github.com/typeddjango/django-stubs/pull/1567 * rvanlaar made their first contribution in https://github.com/typeddjango/django-stubs/pull/1562 **Full Changelog**: https://github.com/typeddjango/django-stubs/compare/4.2.1...4.2.2 ``` ### 4.2.1 ``` New Contributors * Kostia-K made their first contribution in https://github.com/typeddjango/django-stubs/pull/1465 * andrlik made their first contribution in https://github.com/typeddjango/django-stubs/pull/1492 * AkaZecik made their first contribution in https://github.com/typeddjango/django-stubs/pull/1497 * asottile made their first contribution in https://github.com/typeddjango/django-stubs/pull/1503 * Alexerson made their first contribution in https://github.com/typeddjango/django-stubs/pull/1488 * dlesbre made their first contribution in https://github.com/typeddjango/django-stubs/pull/1516 **Full Changelog**: https://github.com/typeddjango/django-stubs/compare/4.2.0...4.2.1 ``` ### 4.2.0 ``` Deferred for next release * Added `decorators.AsyncGetResponseCallable` Protocol, but is not yet used anywhere by RyanWalker277 in https://github.com/typeddjango/django-stubs/pull/1425 * Added `BaseModelMeta` for typing Model inner Meta class by intgr in https://github.com/typeddjango/django-stubs/pull/1375 * Rename `BaseModelMeta` to `TypedModelMeta` and document it by intgr in https://github.com/typeddjango/django-stubs/pull/1456 New Contributors * realsuayip made their first contribution in https://github.com/typeddjango/django-stubs/pull/1418 * monosans made their first contribution in https://github.com/typeddjango/django-stubs/pull/1424 * karamanolev made their first contribution in https://github.com/typeddjango/django-stubs/pull/1438 * Kircheneer made their first contribution in https://github.com/typeddjango/django-stubs/pull/1436 * kjagiello made their first contribution in https://github.com/typeddjango/django-stubs/pull/1449 * alexmv made their first contribution in https://github.com/typeddjango/django-stubs/pull/1448 * bigfootjon made their first contribution in https://github.com/typeddjango/django-stubs/pull/1443 **Full Changelog**: https://github.com/typeddjango/django-stubs/compare/1.16.0...4.2.0 ``` ### 1.16.0 ``` New Contributors * pheki made their first contribution in https://github.com/typeddjango/django-stubs/pull/1373 * LincolnPuzey made their first contribution in https://github.com/typeddjango/django-stubs/pull/1379 * lklivingstone made their first contribution in https://github.com/typeddjango/django-stubs/pull/1385 * OvervCW made their first contribution in https://github.com/typeddjango/django-stubs/pull/1388 **Full Changelog**: https://github.com/typeddjango/django-stubs/compare/1.15.0...1.16.0 django-stubs-ext0.8.0 What's Changed * Make `BaseConnectionHandler` generic in monkeypatching by adambirds in https://github.com/typeddjango/django-stubs/pull/1349 * Introduce `QuerySetAny` type for QuerySet isinstance checks by PIG208 in https://github.com/typeddjango/django-stubs/pull/1199 * Remove unintentional re-exports by intgr in https://github.com/typeddjango/django-stubs/pull/1309 Housekeeping * Prepare django-stubs-ext 0.8.0 release by intgr in https://github.com/typeddjango/django-stubs/pull/1395 ```Links
- PyPI: https://pypi.org/project/django-stubs - Changelog: https://data.safetycli.com/changelogs/django-stubs/ - Repo: https://github.com/typeddjango/django-stubsUpdate pytest from 7.2.1 to 7.4.0.
Changelog
### 7.4.0 ``` ========================= Features -------- - `10901 <https://github.com/pytest-dev/pytest/issues/10901>`_: Added :func:`ExceptionInfo.from_exception() <pytest.ExceptionInfo.from_exception>`, a simpler way to create an :class:`~pytest.ExceptionInfo` from an exception. This can replace :func:`ExceptionInfo.from_exc_info() <pytest.ExceptionInfo.from_exc_info()>` for most uses. Improvements ------------ - `10872 <https://github.com/pytest-dev/pytest/issues/10872>`_: Update test log report annotation to named tuple and fixed inconsistency in docs for :hook:`pytest_report_teststatus` hook. - `10907 <https://github.com/pytest-dev/pytest/issues/10907>`_: When an exception traceback to be displayed is completely filtered out (by mechanisms such as ``__tracebackhide__``, internal frames, and similar), now only the exception string and the following message are shown: "All traceback entries are hidden. Pass `--full-trace` to see hidden and internal frames.". Previously, the last frame of the traceback was shown, even though it was hidden. - `10940 <https://github.com/pytest-dev/pytest/issues/10940>`_: Improved verbose output (``-vv``) of ``skip`` and ``xfail`` reasons by performing text wrapping while leaving a clear margin for progress output. Added ``TerminalReporter.wrap_write()`` as a helper for that. - `10991 <https://github.com/pytest-dev/pytest/issues/10991>`_: Added handling of ``%f`` directive to print microseconds in log format options, such as ``log-date-format``. - `11005 <https://github.com/pytest-dev/pytest/issues/11005>`_: Added the underlying exception to the cache provider's path creation and write warning messages. - `11013 <https://github.com/pytest-dev/pytest/issues/11013>`_: Added warning when :confval:`testpaths` is set, but paths are not found by glob. In this case, pytest will fall back to searching from the current directory. - `11043 <https://github.com/pytest-dev/pytest/issues/11043>`_: When `--confcutdir` is not specified, and there is no config file present, the conftest cutoff directory (`--confcutdir`) is now set to the :ref:`rootdir <rootdir>`. Previously in such cases, `conftest.py` files would be probed all the way to the root directory of the filesystem. If you are badly affected by this change, consider adding an empty config file to your desired cutoff directory, or explicitly set `--confcutdir`. - `11081 <https://github.com/pytest-dev/pytest/issues/11081>`_: The :confval:`