Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

Django	1.10.5	»	1.11.3	PyPI | Changelog | Homepage
Pillow	2.9.0	»	4.2.1	PyPI | Changelog | Homepage

Changelogs

Django 1.10.5 -> 1.11.3

1.11.3

===========================

July 1, 2017

Django 1.11.3 fixes several bugs in 1.11.2.

Bugfixes

• Removed an incorrect deprecation warning about a missing renderer argument if a Widget.render() method accepts **kwargs (:ticket:28265).

• Fixed a regression causing Model.__init__() to crash if a field has an instance only descriptor (:ticket:28269).

• Fixed an incorrect DisallowedModelAdminLookup exception when using a nested reverse relation in list_filter (:ticket:28262).

• Fixed admin's FieldListFilter.get_queryset() crash on invalid input (:ticket:28202).

• Fixed invalid HTML for a required AdminFileWidget (:ticket:28278).

• Fixed model initialization to set the name of class-based model indexes for models that only inherit models.Model (:ticket:28282).

• Fixed crash in admin's inlines when a model has an inherited non-editable primary key (:ticket:27967).

• Fixed QuerySet.union(), intersection(), and difference() when combining with an EmptyQuerySet (:ticket:28293).

• Prevented Paginator’s unordered object list warning from evaluating a QuerySet (:ticket:28284).

• Fixed the value of redirect_field_name in LoginView’s template context. It's now an empty string (as it is for the original function-based login() view) if the corresponding parameter isn't sent in a request (in particular, when the login page is accessed directly) (:ticket:28229).

• Prevented attribute values in the django/forms/widgets/attrs.html template from being localized so that numeric attributes (e.g. max and min) of NumberInput work correctly (:ticket:28303).

• Removed casting of the option value to a string in the template context of the CheckboxSelectMultiple, NullBooleanSelect, RadioSelect, SelectMultiple, and Select widgets (:ticket:28176). In Django 1.11.1, casting was added in Python to avoid localization of numeric values in Django templates, but this made some use cases more difficult. Casting is now done in the template using the |stringformat:'s' filter.

• Prevented a primary key alteration from adding a foreign key constraint if db_constraint=False (:ticket:28298).

• Fixed UnboundLocalError crash in RenameField with nonexistent field (:ticket:28350).

• Fixed a regression preventing a model field's limit_choices_to from being evaluated when a ModelForm is instantiated (:ticket:28345).

===========================

1.11.2

===========================

June 1, 2017

Django 1.11.2 adds a minor feature and fixes several bugs in 1.11.1. Also, the latest string translations from Transifex are incorporated.

Minor feature

The new LiveServerTestCase.port attribute reallows the use case of binding to a specific port following the :ref:bind to port zero <liveservertestcase-port-zero-change> change in Django 1.11.

Bugfixes

• Added detection for GDAL 2.1 and 2.0, and removed detection for unsupported versions 1.7 and 1.8 (:ticket:28181).

• Changed contrib.gis to raise ImproperlyConfigured rather than GDALException if gdal isn't installed, to allow third-party apps to catch that exception (:ticket:28178).

• Fixed django.utils.http.is_safe_url() crash on invalid IPv6 URLs (:ticket:28142).

• Fixed regression causing pickling of model fields to crash (:ticket:28188).

• Fixed django.contrib.auth.authenticate() when multiple authentication backends don't accept a positional request argument (:ticket:28207).

• Fixed introspection of index field ordering on PostgreSQL (:ticket:28197).

• Fixed a regression where Model._state.adding wasn't set correctly on multi-table inheritance parent models after saving a child model (:ticket:28210).

• Allowed DjangoJSONEncoder to serialize django.utils.deprecation.CallableBool (:ticket:28230).

• Relaxed the validation added in Django 1.11 of the fields in the defaults argument of QuerySet.get_or_create() and update_or_create() to reallow settable model properties (:ticket:28222).

• Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if the InvalidPage message contains non-ASCII (:ticket:28204).

• Prevented Subquery from adding an unnecessary CAST which resulted in invalid SQL (:ticket:28199).

• Corrected detection of GDAL 2.1 on Windows (:ticket:28181).

• Made date-based generic views return a 404 rather than crash when given an out of range date (:ticket:28209).

• Fixed a regression where file_move_safe() crashed when moving files to a CIFS mount (:ticket:28170).

• Moved the ImageField file extension validation added in Django 1.11 from the model field to the form field to reallow the use case of storing images without an extension (:ticket:28242).

===========================

1.11.1

===========================

May 6, 2017

Django 1.11.1 adds a minor feature and fixes several bugs in 1.11.

Allowed disabling server-side cursors on PostgreSQL

The change in Django 1.11 to make :meth:.QuerySet.iterator() use server-side cursors on PostgreSQL prevents running Django with pgBouncer in transaction pooling mode. To reallow that, use the :setting:DISABLE_SERVER_SIDE_CURSORS <DATABASE-DISABLE_SERVER_SIDE_CURSORS> setting in :setting:DATABASES.

See :ref:transaction-pooling-server-side-cursors for more discussion.

Bugfixes

• Made migrations respect Index’s name argument. If you created a named index with Django 1.11, makemigrations will create a migration to recreate the index with the correct name (:ticket:28051).

• Fixed a crash when using a __icontains lookup on a ArrayField (:ticket:28038).

• Fixed a crash when using a two-tuple in EmailMessage’s attachments argument (:ticket:28042).

• Fixed QuerySet.filter() crash when it references the name of a OneToOneField primary key (:ticket:28047).

• Fixed empty POST data table appearing instead of "No POST data" in HTML debug page (:ticket:28079).

• Restored BoundField\s without any choices evaluating to True (:ticket:28058).

• Prevented SessionBase.cycle_key() from losing session data if _session_cache isn't populated (:ticket:28066).

• Fixed layout of ReadOnlyPasswordHashWidget (used in the admin's user change page) (:ticket:28097).

• Allowed prefetch calls on managers with custom ModelIterable subclasses (:ticket:28096).

• Fixed change password link in the contrib.auth admin for el, es_MX, and pt translations (:ticket:28100).

• Restored the output of the class attribute in the <ul> of widgets that use the multiple_input.html template. This fixes ModelAdmin.radio_fields with admin.HORIZONTAL (:ticket:28059).

• Fixed crash in BaseGeometryWidget.subwidgets() (:ticket:28039).

• Fixed exception reraising in ORM query execution when cursor.execute() fails and the subsequent cursor.close() also fails (:ticket:28091).

• Fixed a regression where CheckboxSelectMultiple, NullBooleanSelect, RadioSelect, SelectMultiple, and Select localized option values (:ticket:28075).

• Corrected the stack level of unordered queryset pagination warnings (:ticket:28109).

• Fixed a regression causing incorrect queries for __in subquery lookups when models use ForeignKey.to_field (:ticket:28101).

• Fixed crash when overriding the template of django.views.static.directory_index() (:ticket:28122).

• Fixed a regression in formset min_num validation with unchanged forms that have initial data (:ticket:28130).

• Prepared for cx_Oracle 6.0 support (:ticket:28138).

• Updated the contrib.postgres SplitArrayWidget to use template-based widget rendering (:ticket:28040).

• Fixed crash in BaseGeometryWidget.get_context() when overriding existing attrs (:ticket:28105).

• Prevented AddIndex and RemoveIndex from mutating model state (:ticket:28043).

• Prevented migrations from dropping database indexes from Meta.indexes when changing Field.db_index to False (:ticket:28052).

• Fixed a regression in choice ordering in form fields with grouped and non-grouped options (:ticket:28157).

• Fixed crash in BaseInlineFormSet._construct_form() when using save_as_new (:ticket:28159).

• Fixed a regression where Model._state.db wasn't set correctly on multi-table inheritance parent models after saving a child model (:ticket:28166).

• Corrected the return type of ArrayField(CITextField()) values retrieved from the database (:ticket:28161).

• Fixed QuerySet.prefetch_related() crash when fetching relations in nested Prefetch objects (:ticket:27554).

• Prevented hiding GDAL errors if it's not installed when using contrib.gis (:ticket:28160). (It's a required dependency as of Django 1.11.)

• Fixed a regression causing __in lookups on a foreign key to fail when using the foreign key's parent model as the lookup value (:ticket:28175).

=========================

1.11

=========================

April 4, 2017

Welcome to Django 1.11!

These release notes cover the :ref:new features <whats-new-1.11>, as well as some :ref:backwards incompatible changes <backwards-incompatible-1.11> you'll want to be aware of when upgrading from Django 1.10 or older versions. We've :ref:begun the deprecation process for some features <deprecated-features-1.11>.

See the :doc:/howto/upgrade-version guide if you're updating an existing project.

Django 1.11 is designated as a :term:long-term support release. It will receive security updates for at least three years after its release. Support for the previous LTS, Django 1.8, will end in April 2018.

Python compatibility

Django 1.11 requires Python 2.7, 3.4, 3.5, or 3.6. Django 1.11 is the first release to support Python 3.6. We highly recommend and only officially support the latest release of each series.

The Django 1.11.x series is the last to support Python 2. The next major release, Django 2.0, will only support Python 3.5+.

Deprecating warnings are no longer loud by default

Unlike older versions of Django, Django's own deprecation warnings are no longer displayed by default. This is consistent with Python's default behavior.

This change allows third-party apps to support both Django 1.11 LTS and Django 1.8 LTS without having to add code to avoid deprecation warnings.

Following the release of Django 2.0, we suggest that third-party app authors drop support for all versions of Django prior to 1.11. At that time, you should be able run your package's tests using python -Wd so that deprecation warnings do appear. After making the deprecation warning fixes, your app should be compatible with Django 2.0.

.. _whats-new-1.11:

What's new in Django 1.11

Class-based model indexes

The new :mod:django.db.models.indexes module contains classes which ease creating database indexes. Indexes are added to models using the :attr:Meta.indexes <django.db.models.Options.indexes> option.

The :class:~django.db.models.Index class creates a b-tree index, as if you used :attr:~django.db.models.Field.db_index on the model field or :attr:~django.db.models.Options.index_together on the model Meta class. It can be subclassed to support different index types, such as :class:~django.contrib.postgres.indexes.GinIndex. It also allows defining the order (ASC/DESC) for the columns of the index.

Template-based widget rendering

To ease customizing widgets, form widget rendering is now done using the template system rather than in Python. See :doc:/ref/forms/renderers.

You may need to adjust any custom widgets that you've written for a few :ref:backwards incompatible changes <template-widget-incompatibilities-1-11>.

Subquery expressions

The new :class:~django.db.models.Subquery and :class:~django.db.models.Exists database expressions allow creating explicit subqueries. Subqueries may refer to fields from the outer queryset using the :class:~django.db.models.OuterRef class.

Minor features

:mod:django.contrib.admin

* :attr:`.ModelAdmin.date_hierarchy` can now reference fields across relations.

* The new :meth:`ModelAdmin.get_exclude()
 <django.contrib.admin.ModelAdmin.get_exclude>` hook allows specifying the
 exclude fields based on the request or model instance.

* The ``popup_response.html`` template can now be overridden per app, per
 model, or by setting the :attr:`.ModelAdmin.popup_response_template`
 attribute.

:mod:`django.contrib.auth`

• The default iteration count for the PBKDF2 password hasher is increased by 20%.

• The :class:~django.contrib.auth.views.LoginView and :class:~django.contrib.auth.views.LogoutView class-based views supersede the deprecated login() and logout() function-based views.

• The :class:~django.contrib.auth.views.PasswordChangeView, :class:~django.contrib.auth.views.PasswordChangeDoneView, :class:~django.contrib.auth.views.PasswordResetView, :class:~django.contrib.auth.views.PasswordResetDoneView, :class:~django.contrib.auth.views.PasswordResetConfirmView, and :class:~django.contrib.auth.views.PasswordResetCompleteView class-based views supersede the deprecated password_change(), password_change_done(), password_reset(), password_reset_done(), password_reset_confirm(), and password_reset_complete() function-based views.

• The new post_reset_login attribute for :class:~django.contrib.auth.views.PasswordResetConfirmView allows automatically logging in a user after a successful password reset. If you have multiple AUTHENTICATION_BACKENDS configured, use the post_reset_login_backend attribute to choose which one to use.

• To avoid the possibility of leaking a password reset token via the HTTP Referer header (for example, if the reset page includes a reference to CSS or JavaScript hosted on another domain), the :class:~django.contrib.auth.views.PasswordResetConfirmView (but not the deprecated password_reset_confirm() function-based view) stores the token in a session and redirects to itself to present the password change form to the user without the token in the URL.

• :func:~django.contrib.auth.update_session_auth_hash now rotates the session key to allow a password change to invalidate stolen session cookies.

• The new success_url_allowed_hosts attribute for :class:~django.contrib.auth.views.LoginView and :class:~django.contrib.auth.views.LogoutView allows specifying a set of hosts that are safe for redirecting after login and logout.

• Added password validators help_text to :class:~django.contrib.auth.forms.UserCreationForm.

• The HttpRequest is now passed to :func:~django.contrib.auth.authenticate which in turn passes it to the authentication backend if it accepts a request argument.

• The :func:~django.contrib.auth.signals.user_login_failed signal now receives a request argument.

• :class:~django.contrib.auth.forms.PasswordResetForm supports custom user models that use an email field named something other than 'email'. Set :attr:CustomUser.EMAIL_FIELD <django.contrib.auth.models.CustomUser.EMAIL_FIELD> to the name of the field.

• :func:~django.contrib.auth.get_user_model can now be called at import time, even in modules that define models.

:mod:django.contrib.contenttypes

* When stale content types are detected in the
 :djadmin:`remove_stale_contenttypes` command, there's now a list of related
 objects such as ``auth.Permission``\s that will also be deleted. Previously,
 only the content types were listed (and this prompt was after ``migrate``
 rather than in a separate command).

:mod:`django.contrib.gis`

• The new :meth:.GEOSGeometry.from_gml and :meth:.OGRGeometry.from_gml methods allow creating geometries from GML.

• Added support for the :lookup:dwithin lookup on SpatiaLite.

• The :class:~django.contrib.gis.db.models.functions.Area function, :class:~django.contrib.gis.db.models.functions.Distance function, and distance lookups now work with geodetic coordinates on SpatiaLite.

• The OpenLayers-based form widgets now use OpenLayers.js from https://cdnjs.cloudflare.com which is more suitable for production use than the the old http://openlayers.org source. They are also updated to use OpenLayers 3.

• PostGIS migrations can now change field dimensions.

• Added the ability to pass the size, shape, and offset parameter when creating :class:~django.contrib.gis.gdal.GDALRaster objects.

• Added SpatiaLite support for the :class:~django.contrib.gis.db.models.functions.IsValid function, :class:~django.contrib.gis.db.models.functions.MakeValid function, and :lookup:isvalid lookup.

• Added Oracle support for the :class:~django.contrib.gis.db.models.functions.AsGML function, :class:~django.contrib.gis.db.models.functions.BoundingCircle function, :class:~django.contrib.gis.db.models.functions.IsValid function, and :lookup:isvalid lookup.

:mod:django.contrib.postgres

* The new ``distinct`` argument for
 :class:`~django.contrib.postgres.aggregates.StringAgg` determines if
 concatenated values will be distinct.

* The new :class:`~django.contrib.postgres.indexes.GinIndex` and
 :class:`~django.contrib.postgres.indexes.BrinIndex` classes allow
 creating ``GIN`` and ``BRIN`` indexes in the database.

* :class:`~django.contrib.postgres.fields.JSONField` accepts a new ``encoder``
 parameter to specify a custom class to encode data types not supported by the
 standard encoder.

* The new :class:`~django.contrib.postgres.fields.CIText` mixin and
 :class:`~django.contrib.postgres.operations.CITextExtension` migration
 operation allow using PostgreSQL's ``citext`` extension for case-insensitive
 lookups. Three fields are provided: :class:`.CICharField`,
 :class:`.CIEmailField`, and :class:`.CITextField`.

* The new :class:`~django.contrib.postgres.aggregates.JSONBAgg` allows
 aggregating values as a JSON array.

* The :class:`~django.contrib.postgres.fields.HStoreField` (model field) and
 :class:`~django.contrib.postgres.forms.HStoreField` (form field) allow
 storing null values.

Cache

• Memcached backends now pass the contents of :setting:OPTIONS <CACHES-OPTIONS> as keyword arguments to the client constructors, allowing for more advanced control of client behavior. See the :ref:cache arguments <cache_arguments> documentation for examples.

• Memcached backends now allow defining multiple servers as a comma-delimited string in :setting:LOCATION <CACHES-LOCATION>, for convenience with third-party services that use such strings in environment variables.

CSRF

* Added the :setting:`CSRF_USE_SESSIONS` setting to allow storing the CSRF
 token in the user's session rather than in a cookie.

Database backends

• Added the skip_locked argument to :meth:.QuerySet.select_for_update() on PostgreSQL 9.5+ and Oracle to execute queries with FOR UPDATE SKIP LOCKED.

• Added the :setting:TEST['TEMPLATE'] <TEST_TEMPLATE> setting to let PostgreSQL users specify a template for creating the test database.

• :meth:.QuerySet.iterator() now uses :ref:server-side cursors <psycopg2:server-side-cursors> on PostgreSQL. This feature transfers some of the worker memory load (used to hold query results) to the database and might increase database memory usage.

• Added MySQL support for the 'isolation_level' option in :setting:OPTIONS to allow specifying the :ref:transaction isolation level <mysql-isolation-level>. To avoid possible data loss, it's recommended to switch from MySQL's default level, repeatable read, to read committed.

• Added support for cx_Oracle 5.3.

Email

* Added the :setting:`EMAIL_USE_LOCALTIME` setting to allow sending SMTP date
 headers in the local time zone rather than in UTC.

* ``EmailMessage.attach()`` and ``attach_file()`` now fall back to MIME type
 ``application/octet-stream`` when binary content that can't be decoded as
 UTF-8 is specified for a ``text/*`` attachment.

File Storage

• To make it wrappable by :class:io.TextIOWrapper, :class:~django.core.files.File now has the readable(), writable(), and seekable() methods.

Forms

* The new :attr:`CharField.empty_value <django.forms.CharField.empty_value>`
 attribute allows specifying the Python value to use to represent "empty".

* The new :meth:`Form.get_initial_for_field()
 <django.forms.Form.get_initial_for_field>` method returns initial data for a
 form field.

Internationalization

• Number formatting and the :setting:NUMBER_GROUPING setting support non-uniform digit grouping.

Management Commands

* The new :option:`loaddata --exclude` option allows excluding models and apps
 while loading data from fixtures.

* The new :option:`diffsettings --default` option allows specifying a settings
 module other than Django's default settings to compare against.

* ``app_label``\s arguments now limit the :option:`showmigrations --plan`
 output.

Migrations

• Added support for serialization of uuid.UUID objects.

Models

* Added support for callable values in the ``defaults`` argument of
 :meth:`QuerySet.update_or_create()
 <django.db.models.query.QuerySet.update_or_create>` and
 :meth:`~django.db.models.query.QuerySet.get_or_create`.

* :class:`~django.db.models.ImageField` now has a default
 :data:`~django.core.validators.validate_image_file_extension` validator.
 (This validator moved to the form field in :doc:`Django 1.11.2 <1.11.2>`.)

* Added support for time truncation to
 :class:`~django.db.models.functions.datetime.Trunc` functions.

* Added the :class:`~django.db.models.functions.datetime.ExtractWeek` function
 to extract the week from :class:`~django.db.models.DateField` and
 :class:`~django.db.models.DateTimeField` and exposed it through the
 :lookup:`week` lookup.

* Added the :class:`~django.db.models.functions.datetime.TruncTime` function
 to truncate :class:`~django.db.models.DateTimeField` to its time component
 and exposed it through the :lookup:`time` lookup.

* Added support for expressions in :meth:`.QuerySet.values` and
 :meth:`~.QuerySet.values_list`.

* Added support for query expressions on lookups that take multiple arguments,
 such as ``range``.

* You can now use the ``unique=True`` option with
 :class:`~django.db.models.FileField`.

* Added the ``nulls_first`` and ``nulls_last`` parameters to
 :class:`Expression.asc() <django.db.models.Expression.asc>` and
 :meth:`~django.db.models.Expression.desc` to control
 the ordering of null values.

* The new ``F`` expression ``bitleftshift()`` and ``bitrightshift()`` methods
 allow :ref:`bitwise shift operations <using-f-expressions-in-filters>`.

* Added :meth:`.QuerySet.union`, :meth:`~.QuerySet.intersection`, and
 :meth:`~.QuerySet.difference`.

Requests and Responses

• Added :meth:QueryDict.fromkeys() <django.http.QueryDict.fromkeys>.

• :class:~django.middleware.common.CommonMiddleware now sets the Content-Length response header for non-streaming responses.

• Added the :setting:SECURE_HSTS_PRELOAD setting to allow appending the preload directive to the Strict-Transport-Security header.

• :class:~django.middleware.http.ConditionalGetMiddleware now adds the ETag header to responses.

Serialization

* The new ``django.core.serializers.base.Serializer.stream_class`` attribute
 allows subclasses to customize the default stream.

* The encoder used by the :ref:`JSON serializer <serialization-formats-json>`
 can now be customized by passing a ``cls`` keyword argument to the
 ``serializers.serialize()`` function.

* :class:`~django.core.serializers.json.DjangoJSONEncoder` now serializes
 :class:`~datetime.timedelta` objects (used by
 :class:`~django.db.models.DurationField`).

Templates

• :meth:~django.utils.safestring.mark_safe can now be used as a decorator.

• The :class:~django.template.backends.jinja2.Jinja2 template backend now supports context processors by setting the 'context_processors' option in :setting:OPTIONS <TEMPLATES-OPTIONS>.

• The :ttag:regroup tag now returns namedtuple\s instead of dictionaries so you can unpack the group object directly in a loop, e.g. {% for grouper, list in regrouped %}.

• Added a :ttag:resetcycle template tag to allow resetting the sequence of the :ttag:cycle template tag.

• You can now specify specific directories for a particular :class:filesystem.Loader <django.template.loaders.filesystem.Loader>.

Tests

* Added :meth:`.DiscoverRunner.get_test_runner_kwargs` to allow customizing the
 keyword arguments passed to the test runner.

* Added the :option:`test --debug-mode` option to help troubleshoot test
 failures by setting the :setting:`DEBUG` setting to ``True``.

* The new :func:`django.test.utils.setup_databases` (moved from
 ``django.test.runner``) and :func:`~django.test.utils.teardown_databases`
 functions make it easier to build custom test runners.

* Added support for :meth:`python:unittest.TestCase.subTest`’s when using the
 :option:`test --parallel` option.

* ``DiscoverRunner`` now runs the system checks at the start of a test run.
 Override the :meth:`.DiscoverRunner.run_checks` method if you want to disable
 that.

Validators

• Added :class:~django.core.validators.FileExtensionValidator to validate file extensions and :data:~django.core.validators.validate_image_file_extension to validate image files.

.. _backwards-incompatible-1.11:

Backwards incompatible changes in 1.11

:mod:django.contrib.gis

• To simplify the codebase and because it's easier to install than when contrib.gis was first released, :ref:gdalbuild is now a required dependency for GeoDjango. In older versions, it's only required for SQLite.

• contrib.gis.maps is removed as it interfaces with a retired version of the Google Maps API and seems to be unmaintained. If you're using it, let us know <https://code.djangoproject.com/ticket/14284>_.

• The GEOSGeometry equality operator now also compares SRID.

• The OpenLayers-based form widgets now use OpenLayers 3, and the gis/openlayers.html and gis/openlayers-osm.html templates have been updated. Check your project if you subclass these widgets or extend the templates. Also, the new widgets work a bit differently than the old ones. Instead of using a toolbar in the widget, you click to draw, click and drag to move the map, and click and drag a point/vertex/corner to move it.

• Support for SpatiaLite < 4.0 is dropped.

• Support for GDAL 1.7 and 1.8 is dropped.

• The widgets in contrib.gis.forms.widgets and the admin's OpenLayersWidget use the :doc:form rendering API </ref/forms/renderers> rather than loader.render_to_string(). If you're using a custom widget template, you'll need to be sure your form renderer can locate it. For example, you could use the :class:~django.forms.renderers.TemplatesSetting renderer.

:mod:django.contrib.staticfiles

• collectstatic may now fail during post-processing when using a hashed static files storage if a reference loop exists (e.g. 'foo.css' references 'bar.css' which itself references 'foo.css') or if the chain of files referencing other files is too deep to resolve in several passes. In the latter case, increase the number of passes using :attr:.ManifestStaticFilesStorage.max_post_process_passes.

• When using ManifestStaticFilesStorage, static files not found in the manifest at runtime now raise a ValueError instead of returning an unchanged path. You can revert to the old behavior by setting :attr:.ManifestStaticFilesStorage.manifest_strict to False.

Database backend API

This section describes changes that may be needed in third-party database backends.

• The DatabaseOperations.time_trunc_sql() method is added to support TimeField truncation. It accepts a lookup_type and field_name arguments and returns the appropriate SQL to truncate the given time field field_name to a time object with only the given specificity. The lookup_type argument can be either 'hour', 'minute', or 'second'.

• The DatabaseOperations.datetime_cast_time_sql() method is added to support the :lookup:time lookup. It accepts a field_name and tzname arguments and returns the SQL necessary to cast a datetime value to time value.

• To enable FOR UPDATE SKIP LOCKED support, set DatabaseFeatures.has_select_for_update_skip_locked = True.

• The new DatabaseFeatures.supports_index_column_ordering attribute specifies if a database allows defining ordering for columns in indexes. The default value is True and the DatabaseIntrospection.get_constraints() method should include an 'orders' key in each of the returned dictionaries with a list of 'ASC' and/or 'DESC' values corresponding to the the ordering of each column in the index.

• :djadmin:inspectdb no longer calls DatabaseIntrospection.get_indexes() which is deprecated. Custom database backends should ensure all types of indexes are returned by DatabaseIntrospection.get_constraints().

• Renamed the ignores_quoted_identifier_case feature to ignores_table_name_case to more accurately reflect how it is used.

• The name keyword argument is added to the DatabaseWrapper.create_cursor(self, name=None) method to allow usage of server-side cursors on backends that support it.

Dropped support for PostgreSQL 9.2 and PostGIS 2.0

Upstream support for PostgreSQL 9.2 ends in September 2017. As a consequence, Django 1.11 sets PostgreSQL 9.3 as the minimum version it officially supports.

Support for PostGIS 2.0 is also removed as PostgreSQL 9.2 is the last version to support it.

Also, the minimum supported version of psycopg2 is increased from 2.4.5 to 2.5.4.

.. _liveservertestcase-port-zero-change:

LiveServerTestCase binds to port zero

Rather than taking a port range and iterating to find a free port, LiveServerTestCase binds to port zero and relies on the operating system to assign a free port. The DJANGO_LIVE_TEST_SERVER_ADDRESS environment variable is no longer used, and as it's also no longer used, the manage.py test --liveserver option is removed.

If you need to bind LiveServerTestCase to a specific port, use the port attribute added in Django 1.11.2.

Protection against insecure redirects in :mod:django.contrib.auth and i18n views

LoginView, LogoutView (and the deprecated function-based equivalents), and :func:~django.views.i18n.set_language protect users from being redirected to non-HTTPS next URLs when the app is running over HTTPS.

QuerySet.get_or_create() and update_or_create() validate arguments

To prevent typos from passing silently, :meth:~django.db.models.query.QuerySet.get_or_create and :meth:~django.db.models.query.QuerySet.update_or_create check that their arguments are model fields. This should be backwards-incompatible only in the fact that it might expose a bug in your project.

pytz is a required dependency and support for settings.TIME_ZONE = None is removed

To simplify Django's timezone handling, pytz is now a required dependency. It's automatically installed along with Django.

Support for settings.TIME_ZONE = None is removed as the behavior isn't commonly used and is questionably useful. If you want to automatically detect the timezone based on the system timezone, you can use tzlocal <https://pypi.python.org/pypi/tzlocal>_::

from tzlocal import get_localzone

TIME_ZONE = get_localzone().zone

This works similar to settings.TIME_ZONE = None except that it also sets os.environ['TZ']. Let us know <https://groups.google.com/d/topic/django-developers/OAV3FChfuPM/discussion>__ if there's a use case where you find you can't adapt your code to set a TIME_ZONE.

HTML changes in admin templates

<p class="help"> is replaced with a <div> tag to allow including lists inside help text.

Read-only fields are wrapped in <div class="readonly">...</div> instead of <p>...</p> to allow any kind of HTML as the field's content.

.. _template-widget-incompatibilities-1-11:

Changes due to the introduction of template-based widget rendering

Some undocumented classes in django.forms.widgets are removed:

• SubWidget
• RendererMixin, ChoiceFieldRenderer, RadioFieldRenderer, CheckboxFieldRenderer
• ChoiceInput, RadioChoiceInput, CheckboxChoiceInput

The undocumented Select.render_option() method is removed.

The Widget.format_output() method is removed. Use a custom widget template instead.

Some widget values, such as <select> options, are now localized if settings.USE_L10N=True. You could revert to the old behavior with custom widget templates that uses the :ttag:localize template tag to turn off localization.

django.template.backends.django.Template.render() prohibits non-dict context

For compatibility with multiple template engines, django.template.backends.django.Template.render() (returned from high-level template loader APIs such as loader.get_template()) must receive a dictionary of context rather than Context or RequestContext. If you were passing either of the two classes, pass a dictionary instead -- doing so is backwards-compatible with older versions of Django.

Model state changes in migration operations

To improve the speed of applying migrations, rendering of related models is delayed until an operation that needs them (e.g. RunPython). If you have a custom operation that works with model classes or model instances from the from_state argument in database_forwards() or database_backwards(), you must render model states using the clear_delayed_apps_cache() method as described in :ref:writing your own migration operation <writing-your-own-migration-operation>.

Miscellaneous

• If no items in the feed have a pubdate or updateddate attribute, :meth:SyndicationFeed.latest_post_date() <django.utils.feedgenerator.SyndicationFeed.latest_post_date> now returns the current UTC date/time, instead of a datetime without any timezone information.

• CSRF failures are logged to the django.security.csrf logger instead of django.request.

• :setting:ALLOWED_HOSTS validation is no longer disabled when running tests. If your application includes tests with custom host names, you must include those host names in :setting:ALLOWED_HOSTS. See :ref:topics-testing-advanced-multiple-hosts.

• Using a foreign key's id (e.g. 'field_id') in ModelAdmin.list_display displays the related object's ID. Remove the _id suffix if you want the old behavior of the string representation of the object.

• In model forms, :class:~django.db.models.CharField with null=True now saves NULL for blank values instead of empty strings.

• On Oracle, :meth:Model.validate_unique() <django.db.models.Model.validate_unique> no longer checks empty strings for uniqueness as the database interprets the value as NULL.

• If you subclass :class:.AbstractUser and override clean(), be sure it calls super(). :meth:.BaseUserManager.normalize_email is called in a new :meth:.AbstractUser.clean method so that normalization is applied in cases like model form validation.

• EmailField and URLField no longer accept the strip keyword argument. Remove it because it doesn't have an effect in older versions of Django as these fields always strip whitespace.

• The checked and selected attribute rendered by form widgets now uses HTML5 boolean syntax rather than XHTML's checked='checked' and selected='selected'.

• :meth:RelatedManager.add() <django.db.models.fields.related.RelatedManager.add>, :meth:~django.db.models.fields.related.RelatedManager.remove, :meth:~django.db.models.fields.related.RelatedManager.clear, and :meth:~django.db.models.fields.related.RelatedManager.set now clear the prefetch_related() cache.

• To prevent possible loss of saved settings, :func:~django.test.utils.setup_test_environment now raises an exception if called a second time before calling :func:~django.test.utils.teardown_test_environment.

• The undocumented DateTimeAwareJSONEncoder alias for :class:~django.core.serializers.json.DjangoJSONEncoder (renamed in Django 1.0) is removed.

• The :class:cached template loader <django.template.loaders.cached.Loader> is now enabled if :setting:DEBUG is False and :setting:OPTIONS['loaders'] <TEMPLATES-OPTIONS> isn't specified. This could be backwards-incompatible if you have some :ref:template tags that aren't thread safe <template_tag_thread_safety>.

• The prompt for stale content type deletion no longer occurs after running the migrate command. Use the new :djadmin:remove_stale_contenttypes command instead.

• The admin's widget for IntegerField uses type="number" rather than type="text".

• Conditional HTTP headers are now parsed and compared according to the :rfc:7232 Conditional Requests specification rather than the older :rfc:2616.

• :func:~django.utils.cache.patch_response_headers no longer adds a Last-Modified header. According to the :rfc:7234section-4.2.2, this header is useless alongside other caching headers that provide an explicit expiration time, e.g. Expires or Cache-Control. :class:~django.middleware.cache.UpdateCacheMiddleware and :func:~django.utils.cache.add_never_cache_headers call patch_response_headers() and therefore are also affected by this change.

• In the admin templates, <p class="help"> is replaced with a <div> tag to allow including lists inside help text.

• :class:~django.middleware.http.ConditionalGetMiddleware no longer sets the Date header as Web servers set that header. It also no longer sets the Content-Length header as this is now done by :class:~django.middleware.common.CommonMiddleware.

• :meth:~django.apps.AppConfig.get_model and :meth:~django.apps.AppConfig.get_models now raise :exc:~django.core.exceptions.AppRegistryNotReady if they're called before models of all applications have been loaded. Previously they only required the target application's models to be loaded and thus could return models without all their relations set up. If you need the old behavior of get_model(), set the require_ready argument to False.

• The unused BaseCommand.can_import_settings attribute is removed.

• The undocumented django.utils.functional.lazy_property is removed.

• For consistency with non-multipart requests, MultiPartParser.parse() now leaves request.POST immutable. If you're modifying that QueryDict, you must now first copy it, e.g. request.POST.copy().

• Support for cx_Oracle < 5.2 is removed.

• Support for IPython < 1.0 is removed from the shell command.

• The signature of private API Widget.build_attrs() changed from extra_attrs=None, **kwargs to base_attrs, extra_attrs=None.

• File-like objects (e.g., :class:~io.StringIO and :class:~io.BytesIO) uploaded to an :class:~django.db.models.ImageField using the test client now require a name attribute with a value that passes the :data:~django.core.validators.validate_image_file_extension validator. See the note in :meth:.Client.post.

.. _deprecated-features-1.11:

Features deprecated in 1.11

models.permalink() decorator

Use :func:django.urls.reverse instead. For example::

from django.db import models

class MyModel(models.Model): ...

   models.permalink
   def url(self):
       return ('guitarist_detail', [self.slug])

becomes::

from django.db import models from django.urls import reverse

class MyModel(models.Model): ...

   def url(self):
       return reverse('guitarist_detail', args=[self.slug])

Miscellaneous

• contrib.auth’s login() and logout() function-based views are deprecated in favor of new class-based views :class:~django.contrib.auth.views.LoginView and :class:~django.contrib.auth.views.LogoutView.

• The unused extra_context parameter of contrib.auth.views.logout_then_login() is deprecated.

• contrib.auth’s password_change(), password_change_done(), password_reset(), password_reset_done(), password_reset_confirm(), and password_reset_complete() function-based views are deprecated in favor of new class-based views :class:~django.contrib.auth.views.PasswordChangeView, :class:~django.contrib.auth.views.PasswordChangeDoneView, :class:~django.contrib.auth.views.PasswordResetView, :class:~django.contrib.auth.views.PasswordResetDoneView, :class:~django.contrib.auth.views.PasswordResetConfirmView, and :class:~django.contrib.auth.views.PasswordResetCompleteView.

• django.test.runner.setup_databases() is moved to :func:django.test.utils.setup_databases. The old location is deprecated.

• django.utils.translation.string_concat() is deprecated in favor of :func:django.utils.text.format_lazy. string_concat(*strings) can be replaced by format_lazy('{}' * len(strings), *strings).

• For the PyLibMCCache cache backend, passing pylibmc behavior settings as top-level attributes of OPTIONS is deprecated. Set them under a behaviors key within OPTIONS instead.

• The host parameter of django.utils.http.is_safe_url() is deprecated in favor of the new allowed_hosts parameter.

• Silencing exceptions raised while rendering the :ttag:{% include %} <include> template tag is deprecated as the behavior is often more confusing than helpful. In Django 2.1, the exception will be raised.

• DatabaseIntrospection.get_indexes() is deprecated in favor of DatabaseIntrospection.get_constraints().

• :func:~django.contrib.auth.authenticate now passes a request argument to the authenticate() method of authentication backends. Support for methods that don't accept request as the first positional argument will be removed in Django 2.1.

• The USE_ETAGS setting is deprecated in favor of :class:~django.middleware.http.ConditionalGetMiddleware which now adds the ETag header to responses regardless of the setting. CommonMiddleware and django.utils.cache.patch_response_headers() will no longer set ETags when the deprecation ends.

• Model._meta.has_auto_field is deprecated in favor of checking if Model._meta.auto_field is not None.

• Using regular expression groups with iLmsu in url() is deprecated. The only group that's useful is (?i) for case-insensitive URLs, however, case-insensitive URLs aren't a good practice because they create multiple entries for search engines, for example. An alternative solution could be to create a :data:~django.conf.urls.handler404 that looks for uppercase characters in the URL and redirects to a lowercase equivalent.

• The renderer argument is added to the :meth:Widget.render() <django.forms.Widget.render> method. Methods that don't accept that argument will work through a deprecation period.

===========================

1.10.7

===========================

April 4, 2017

Django 1.10.7 fixes two security issues and a bug in 1.10.6.

CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

Django relies on user input in some cases (e.g. :func:django.contrib.auth.views.login and :doc:i18n </topics/i18n/index>) to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs (e.g. http:999999999) "safe" when they shouldn't be.

Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

CVE-2017-7234: Open redirect vulnerability in django.views.static.serve()

A maliciously crafted URL to a Django site using the :func:~django.views.static.serve view could redirect to any other domain. The view no longer does any redirects as they don't provide any known, useful functionality.

Note, however, that this view has always carried a warning that it is not hardened for production use and should be used only as a development aid.

Bugfixes

• Made admin's RelatedFieldWidgetWrapper use the wrapped widget's value_omitted_from_data() method (:ticket:27905).

• Fixed model form default fallback for SelectMultiple (:ticket:27993).

===========================

1.10.6

===========================

March 1, 2017

Django 1.10.6 fixes several bugs in 1.10.5.

Bugfixes

• Fixed ClearableFileInput’s "Clear" checkbox on model form fields where the model field has a default (:ticket:27805).

• Fixed RequestDataTooBig and TooManyFieldsSent exceptions crashing rather than generating a bad request response (:ticket:27820).

• Fixed a crash on Oracle and PostgreSQL when subtracting DurationField or IntegerField from DateField (:ticket:27828).

• Fixed query expression date subtraction accuracy on PostgreSQL for differences larger than a month (:ticket:27856).

• Fixed a GDALException raised by GDALClose on GDAL ≥ 2.0 (:ticket:27479).

===========================

Pillow 2.9.0 -> 4.2.1

4.2.1

---

• CI: Fix version specification and test on CI for PyPy/Windows 2608 [wiredfool]

4.2.0

---

• Doc: Clarified Image.save:append_images documentation 2604 [radarhere]

• CI: Amazon Linux and Centos6 docker images added to TravisCI 2585 [wiredfool]

• Image.alpha_composite added 2595 [wiredfool]

• Complex Text Support 2576 [ShamsaHamed, Fahad-Alsaidi, wiredfool]

• Added threshold parameter to ImageDraw.floodfill 2599 [nediamond]

• Added dBATCH parameter to ghostscript command 2588 [radarhere]

• JPEG: Adjust buffer size when icc_profile > MAXBLOCK 2596 [Darou]

• Specify Pillow Version in one place 2517 [wiredfool]

• CI: Change the owner of the TRAVIS_BUILD_DIR, fixing broken docker runs 2587 [wiredfool]

• Fix truncated PNG loading for some images, Fix memory leak on truncated PNG images. 2541, 2598 [homm]

• Add decompression bomb check to Image.crop 2410 [wiredfool]

• ImageFile: Ensure that the err_code variable is initialized in case of exception. 2363 [alexkiro]

• Tiff: Support append_images for saving multipage TIFFs 2406 [blochl]

• Doc: Clarify that draft is only implemented for JPEG and PCD 2409 [wiredfool]

• Test: MicImagePlugin 2447 [hugovk]

• Use round() instead of floor() to eliminate zero coefficients in resample 2558 [homm]

• Remove deprecated code 2549 [hugovk]

• Added append_images to PDF saving 2526 [radarhere]

• Remove unused function core image function new_array 2548 [hugovk]

• Remove unnecessary calls to dict.keys() 2551 [jdufresne]

• Add more ImageDraw.py tests and remove unused Draw.c code 2533 [hugovk]

• Test: More tests for ImageMorph 2554 [hugovk]

• Test: McIDAS area file 2552 [radarhere]

• Update Feature Detection 2520 [wiredfool]

• CI: Update pypy on TravisCI 2573 [hugovk]

• ImageMorph: Fix wrong expected size of MRLs read from disk 2561 [dov]

• Docs: Update install docs for FreeBSD 2546 [wiredfool]

• Build: Ignore OpenJpeg 1.5 on FreeBSD 2544 [melvyn-sopacua]

• Remove 'not yet implemented' methods from PIL 1.1.4 2538 [hugovk]

• Dependencies: Update FreeType to 2.8, LibTIFF to 4.0.8 and libimagequant to 2.9.1 2535 2537 2540 [radarhere]

• Raise TypeError and not also UnboundLocalError in ImageFile.Parser() 2525 [joshblum]

• Test: Use Codecov for coverage 2528 [hugovk]

• Use PNG for Image.show() 2527 [HinTak, wiredfool]

• Remove WITH_DEBUG compilation flag 2522 [wiredfool]

• Fix return value on parameter parse error in _webp.c 2521 [adw1n]

• Set executable flag on scripts with shebang line 2295 [radarhere]

• Flake8 2460 [radarhere]

• Doc: Release Process Changes 2516 [wiredfool]

• CI: Added region for s3 deployment on appveyor 2515 [wiredfool]

• Doc: Updated references to point to existing files 2507 [radarhere]

• Return copy on Image crop if crop dimensions match the image 2471 [radarhere]

• Test: Optimize CI speed 2464, 2466 [hugovk]

4.1.1

---

• Undef PySlice_GetIndicesEx, see https://bugs.python.org/issue29943 2493 [cgohlke]

• Fix for file with DPI in EXIF but not metadata, and XResolution is an int rather than tuple 2484 [hugovk]

• Docs: Removed broken download counter badge 2487 [hugovk]

• Docs: Fixed rst syntax error 2477 [thebjorn]

4.1.0

---

• Close files after loading if possible 2330 [homm, wiredfool]

• Fix Image Access to be reloadable when embedding the Python interpreter 2296 [wiredfool, cgohlke]

• Fetch DPI from EXIF if not specified in JPEG header 2449, 2472 [hugovk]

• Removed winbuild checksum verification 2468 [radarhere]

• Git: Set ContainerIO test file as binary 2469 [cgohlke]

• Remove superfluous import of FixTk 2455 [cgohlke)

• Fix import of tkinter/Tkinter 2456 [cgohlke)

• Pure Python Decoders, including Python decoder to fix for MSP images 1938 [wiredfool, hugovk]

• Reorganized GifImagePlugin, fixes 2314. 2374 [radarhere, wiredfool]

• Doc: Reordered operating systems in Compatibility Matrix 2436 [radarhere]

• Test: Additional tests for BurfStub, Eps, Container, GribStub, IPTC, Wmf, XVThumb, ImageDraw, ImageMorph ImageShow 2425 [radarhere]

• Health fixes 2437 [radarhere]

• Test: Correctness tests ContainerIO, XVThumbImagePlugin, BufrStubImagePlugin, GribStubImagePlugin, FitsStubImagePlugin, Hdf5StubImagePlugin, PixarImageFile, PsdImageFile 2443, 2442, 2441, 2440, 2431, 2430, 2428, 2427 [hugovk]

• Remove unused imports 1822 [radarhere]

• Replaced KeyError catch with dictionary get method 2424 [radarhere]

• Test: Removed unrunnable code in test_image_toqimage 2415 [hugovk]

• Removed use of spaces in TIFF kwargs names, deprecated in 2.7 1390 [radarhere]

• Removed deprecated ImageDraw setink, setfill, setfont methods 2220 [jdufresne]

• Send unwanted subprocess output to /dev/null 2253 [jdufresne]

• Fix division by zero when creating 0x0 image from numpy array 2419 [hugovk]

• Test: Added matrix convert tests 2381 [hugovk]

• Replaced broken URL to partners.adobe.com 2413 [radarhere]

• Removed unused private functions in setup.py and build_dep.py 2414 [radarhere]

• Test: Fixed Qt tests for QT5 and saving 1 bit PNG 2394 [wiredfool]

• Test: docker builds for Arch and Debian Stretch 2394 [wiredfool]

• Updated libwebp to 0.6.0 on appveyor 2395 [radarhere]

• More explicit error message when saving to a file with invalid extension 2399 [ces42]

• Docs: Update some http urls to https 2403 [hugovk]

• Preserve aux/alpha channels when performing Imagecms transforms 2355 [gunjambi]

• Test linear and radial gradient effects 2382 [hugovk]

• Test ImageDraw.Outline and and ImageDraw.Shape 2389 [hugovk]

• Added PySide to ImageQt documentation 2392 [radarhere]

• BUG: Empty image mode no longer causes a crash 2380 [evalapply]

• Exclude .travis and contents from manifest 2386 [radarhere]

• Remove 'MIT-like' from license 2145 [wiredfool]

• Tests: Add tests for several Image operations 2379 [radarhere]

• PNG: Moved iCCP chunk before PLTE chunk when saving as PNG, restricted chunks known value/ordering 2347 [radarhere]

• Default to inch-interpretation for missing ResolutionUnit in TiffImagePlugin 2365 [lambdafu]

• Bug: Fixed segfault when using ImagingTk on pypy Issue 2376, 2359. [wiredfool]

• Bug: Fixed Integer overflow using ImagingTk on 32 bit platforms 2359 [wiredfool, QuLogic]

• Tests: Added docker images for testing alternate platforms. See also https://github.com/python-pillow/docker-images. 2368 [wiredfool]

• Removed PIL 1.0 era TK readme that concerns Windows 95/NT 2360 [wiredfool]

• Prevent nose -v printing docstrings 2369 [hugovk]

• Replaced absolute PIL imports with relative imports 2349 [radarhere]

• Added context managers for file handling 2307 [radarhere]

• Expose registered file extensions in Image 2343 [iggomez, radarhere]

• Make mode descriptor cache initialization thread-safe. 2351 [gunjambi]

• Updated Windows test dependencies: Freetype 2.7.1, zlib 1.2.11 2331, 2332, 2357 [radarhere]

• Followed upstream pngquant packaging reorg to libimagquant 2354 [radarhere]

• Fix invalid string escapes 2352 [hugovk]

• Add test for crop operation with no argument 2333 [radarhere]

4.0.0

---

• Refactor out postprocessing hack to load_end in PcdImageFile [wiredfool]

• Add center and translate option to Image.rotate. 2328 [lambdafu]

• Test: Relax WMF test condition, fixes 2323 [wiredfool]

• Allow 0 size images, Fixes 2259, Reverts to pre-3.4 behavior. [wiredfool]

• SGI: Save uncompressed SGI/BW/RGB/RGBA files 2325 [jbltx]

• Depends: Updated pngquant to 2.8.2 2319 [radarhere]

• Test: Added correctness tests for opening SGI images 2324 [wiredfool]

• Allow passing a list or tuple of individual frame durations when saving a GIF 2298 [Xdynix]

• Unified different GIF optimize conditions 2196 [radarhere]

• Build: Refactor dependency installation 2305 [hugovk]

• Test: Add python 3.6 to travis, tox 2304 [hugovk]

• Test: Fix coveralls coverage for Python+C 2300 [hugovk]

• Remove executable bit and shebang from OleFileIO.py 2308 [jwilk, radarhere]

• PyPy: Buffer interface workaround 2294 [wiredfool]

• Test: Switch to Ubuntu Trusty 14.04 on Travis CI 2294

• Remove vendored version of olefile Python package in favor of upstream 2199 [jdufresne]

• Updated comments to use print as a function 2234 [radarhere]

• Set executable flag on selftest.py, setup.py and added shebang line 2282, 2277 [radarhere, homm]

• Test: Increase epsilon for FreeType 2.7 as rendering is slightly different. 2286 [hugovk]

• Test: Faster assert_image_similar 2279 [homm]

• Removed depreciated internal "stretch" method 2276 [homm]

• Removed the handles_eof flag in decode.c 2223 [wiredfool]

• Tiff: Fix for writing Tiff to BytesIO using libtiff 2263 [wiredfool]

• Doc: Design docs 2269 [wiredfool]

• Test: Move tests requiring libtiff to test_file_libtiff 2273 [wiredfool]

• Update Maxblock heuristic 2275 [wiredfool]

• Fix for 2-bit palette corruption 2274 [pdknsk, wiredfool]

• Tiff: Update info.icc_profile when using libtiff reader. 2193 [lambdafu]

• Test: Fix bug in test_ifd_rational_save when libtiff is not available 2270 [ChristopherHogan]

• ICO: Only save relevant sizes 2267 [hugovk]

• ICO: Allow saving .ico files of 256x256 instead of 255x255 2265 [hugovk]

• Fix TIFFImagePlugin ICC color profile saving. 2087 [cskau]

• Doc: Improved description of ImageOps.deform resample parameter 2256 [radarhere]

• EMF: support negative bounding box coordinates 2249 [glexey]

• Close file if opened in WalImageFile 2216 [radarhere]

• Use Image._new() instead of _makeself() 2248 [homm]

• SunImagePlugin fixes 2241 [wiredfool]

• Use minimal scale for jpeg drafts 2240 [homm]

• Updated dependency scripts to use FreeType 2.7, OpenJpeg 2.1.2, WebP 0.5.2 and Tcl/Tk 8.6.6 2235, 2236, 2237, 2290, 2302 [radarhere]

• Fix "invalid escape sequence" bytestring warnings in Python 3.6 2186 [timgraham]

• Removed support for Python 2.6 and Python 3.2 2192 [jdufresne]

• Setup: Raise custom exceptions when required/requested dependencies are not found 2213 [wiredfool]

• Use a context manager in FontFile.save() to ensure file is always closed 2226 [jdufresne]

• Fixed bug in saving to fp-objects in Python >= 3.4 2227 [radarhere]

• Use a context manager in ImageFont._load_pilfont() to ensure file is always closed 2232 [jdufresne]

• Use generator expressions instead of list comprehension 2225 [jdufresne]

• Close file after reading in ImagePalette.load() 2215 [jdufresne]

• Changed behaviour of default box argument for paste method to match docs 2211 [radarhere]

• Add support for another BMP bitfield 2221 [jmerdich]

• Added missing top-level test main 2222 [radarhere]

• Replaced range(len()) 2197 [radarhere]

• Fix for ImageQt Segfault, fixes 1370 2182 [wiredfool]

• Setup: Close file in setup.py after finished reading 2208 [jdufresne]

• Setup: optionally use pkg-config (when present) to detect dependencies 2074 [garbas]

• Search for tkinter first in builtins 2210 [matthew-brett]

• Tests: Replace try/except/fail pattern with TestCase.assertRaises() 2200 [jdufresne]

• Tests: Remove unused, open files at top level of tests 2188 [jdufresne]

• Replace type() equality checks with isinstance 2184 [jdufresne]

• Doc: Move ICO out of the list of read-only file formats 2180 [alexwlchan]

• Doc: Fix formatting, too-short title underlines and malformed table 2175 [hugovk]

• Fix BytesWarnings 2172 [jdufresne]

• Use Integer division to eliminate deprecation warning. 2168 [mastermatt]

• Doc: Update compatibility matrix [daavve, wiredfool]

3.4.2

---

• Fix Resample coefficient calculation 2162 [homm]

3.4.1

---

• Allow lists as arguments for Image.new() 2149 [homm]

• Fix fix for map.c overflow 2151 (also in 3.3.3) [wiredfool]

3.4.0

---

• Removed Image.core.open_ppm, added negative image size checks in Image.py. 2146 [wiredfool]

• Windows build: fetch dependencies from pillow-depends 2095 [hugovk]

• Add TIFF save_all writer. 2140 [lambdafu, vashek]

• Move libtiff fd duplication to _load_libtiff 2141 [sekrause]

• Speed up GIF save optimization step, fixes 2093. 2133 [wiredfool]

• Fix for ImageCms Segfault, Issue 2037. 2131 [wiredfool]

• Make Image.crop an immediate operation, not lazy. 2138 [wiredfool]

• Skip empty values in ImageFileDirectory 2024 [homm]

• Force reloading palette when using mmap in ImageFile. 2139 [lambdafu]

• Fix "invalid escape sequence" warning in Python 3.6 2136 [timgraham]

• Update documentation about drafts 2137 [radarhere]

• Converted documentation parameter format, comments to docstrings 2021 [radarhere]

• Fixed typos 2128 2142 [radarhere]

• Renamed references to OS X to macOS 2125 2130 [radarhere]

• Use truth value when checking for progressive and optimize option on save 2115, 2129 [radarhere]

• Convert DPI to ints when saving as JPEG 2102 [radarhere]

• Added append_images parameter to GIF saving 2103 [radarhere]

• Speedup paste with masks up to 80% 2015 [homm]

• Rewrite DDS decoders in C, add DXT3 and BC7 decoders 2068 [Mischanix]

• Fix PyArg_ParseTuple format in getink() 2070 [arjennienhuis]

• Fix saving originally missing TIFF tags. 2111 [anntzer]

• Allow pathlib.Path in Image.open on Python 2.7 2110 [patricksnape]

• Use modern base64 interface over deprecated 2121 [hugovk]

• ImageColor.getrgb hexadecimal RGBA 2114 [homm]

• Test fix for bigendian machines 2092 [wiredfool]

• Resampling lookups, trailing empty coefficients, precision 2008 [homm]

• Add (un)packing between RGBA and BGRa 2057 [arjennienhuis]

• Added return for J2k (and fpx) Load to return a pixel access object 2061 [wiredfool]

• Skip failing numpy tests on Pypy <= 5.3.1 2090 [arjennienhuis]

• Show warning when trying to save RGBA image as JPEG 2010 [homm]

• Respect pixel centers during transform 2022 [homm]

• TOC for supported file formats 2056 [polarize]

• Fix conversion of bit images to numpy arrays Fixes 350, 2058 [matthew-brett]

• Add ImageOps.scale to ex

[codecov[bot]]

Codecov Report

Merging #46 into develop will decrease coverage by 0.17%. The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop      #46      +/-   ##
===========================================
- Coverage    91.76%   91.58%   -0.18%     
===========================================
  Files           84       82       -2     
  Lines         3520     3447      -73     
  Branches       190      182       -8     
===========================================
- Hits          3230     3157      -73     
- Misses         260      261       +1     
+ Partials        30       29       -1

Impacted Files	Coverage Δ
src/shop/models.py	86.09% <0%> (ø)	:arrow_up:
src/wallet/__init__.py
src/wallet/api.py

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8de6973...f2f1614. Read the comment docs.