search

openwisp / openwisp-utils

Python and Django utilities shared between different openwisp modules
https://openwisp.io/docs/dev/utils/
BSD 3-Clause "New" or "Revised" License
74 stars 72 forks source link

[deps] Update djangorestframework requirement from ~=3.14.0 to >=3.14,<3.16 #392

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 4 months ago

Blockers

Updates the requirements on djangorestframework to permit the latest version.

Commits
  • c7a7eae Version 3.15.2 (#9439)
  • 3b41f01 Fix potential XSS vulnerability in break_long_headers template filter (#9435)
  • fe92f0d Add __hash__ method for permissions.OperandHolder class (#9417)
  • fbdab09 docs: Correct some evaluation results and a httpie option in Tutorial1 (#9421)
  • 36d5c0e tests: Check urlpatterns after cleanups (#9400)
  • 9d4ed05 Don't use Windows line endings
  • b34bde4 Fix typo in setup.cfg setting
  • ab681f2 Update requirements in docs
  • 2237724 bump pygments (security hygiene)
  • d58b8da Update deprecation hints
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
coveralls commented 4 months ago

Coverage Status

coverage: 96.18%. remained the same when pulling 54c41502ae521c684b7cd51881f124720e942f6e on dependabot/pip/djangorestframework-gte-3.14-and-lt-3.16 into 1951fadbe2a7e14350f876d1c9efcaed27c33a50 on master.

pandafy commented 3 months ago

@dependabot rebase

dependabot[bot] commented 3 months ago

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

pandafy commented 3 months ago

@dependabot recreate

pandafy commented 3 months ago

We cannot upgrade djangorestframework package because 3.15.2 dropped support for Django 3.2 https://github.com/encode/django-rest-framework/issues/9450

nemesifier commented 3 months ago

Merging, let's test it with the other modules and see how it goes.