Bump django-cors-headers from 2.4.0 to 3.0.1

[dependabot-preview[bot]]

Bumps django-cors-headers from 2.4.0 to 3.0.1.

Changelog

*Sourced from [django-cors-headers's changelog](https://github.com/ottoyiu/django-cors-headers/blob/master/HISTORY.rst).* > 3.0.1 (2019-05-13) > ================== > > - Allow 'null' in `CORS_ORIGIN_WHITELIST` check. > > 3.0.0 (2019-05-10) > ================== > > - `CORS_ORIGIN_WHITELIST` now requires URI schemes, and optionally ports. This is part of the CORS specification ([Section 3.2](https://tools.ietf.org/html/rfc6454#section-3.2)) that was not implemented in this library, except from with the `CORS_ORIGIN_REGEX_WHITELIST` setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure `http://` Origins to a secure `https://` site. > > You will need to update your whitelist to include schemes, for example from this: > > ``` {.sourceCode .python} > CORS_ORIGIN_WHITELIST = ['example.com'] > ``` > > ...to this: > > ``` {.sourceCode .python} > CORS_ORIGIN_WHITELIST = ['https://example.com'] > ``` > > - Removed the `CORS_MODEL` setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you *are* using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for `check_request_enabled` that reads from your model. Note you'll need to handle the move to include schemes for Origins. > > 2.5.3 (2019-04-28) > ================== > > - Tested on Django 2.2. No changes were needed for compatibility. > - Tested on Python 3.7. No changes were needed for compatibility. > > 2.5.2 (2019-03-15) > ================== > > - Improve inclusion of tests in `sdist` to ignore `.pyc` files. > > 2.5.1 (2019-03-13) > ================== > > - Include test infrastructure in `sdist` to allow consumers to use it. > > 2.5.0 (2019-03-05) > ================== > > - Drop Django 1.8, 1.9, and 1.10 support. Only Django 1.11+ is supported now. > > 2.4.1 (2019-02-28) > ================== > > - Fix `DeprecationWarning` from importing `collections.abc.Sequence` on Python 3.7.

Commits

- [`4fccdee`](https://github.com/ottoyiu/django-cors-headers/commit/4fccdeeed2e553b03cb3f352ae9880c83d3212bd) Version 3.0.1 - [`2fe8a25`](https://github.com/ottoyiu/django-cors-headers/commit/2fe8a2538cc9a1fa32eb2da72116137a673d7a77) Allow 'null' in CORS_ORIGIN_WHITELIST check ([#405](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/405)) ([#406](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/406)) - [`6ed773b`](https://github.com/ottoyiu/django-cors-headers/commit/6ed773b29868d3441514098909bd99de8be14c56) Tidy README ([#402](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/402)) - [`2781104`](https://github.com/ottoyiu/django-cors-headers/commit/27811043546f44c9b7ad5c558cc041fb97a8af5c) Added pypi badge ([#401](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/401)) - [`b7abe70`](https://github.com/ottoyiu/django-cors-headers/commit/b7abe709dfeb7f4d05daf28d1a09b3cdf4e5deec) Version 3.0.0 - [`3c69f76`](https://github.com/ottoyiu/django-cors-headers/commit/3c69f76159e6634ab526666db73ac5ea0d8899a3) Remove relative imports ([#398](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/398)) - [`ad6c097`](https://github.com/ottoyiu/django-cors-headers/commit/ad6c0979c0bbc06fc621cde73b724078aa47b5a3) Remove tests.testapp ([#399](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/399)) - [`f79eb51`](https://github.com/ottoyiu/django-cors-headers/commit/f79eb5172c352c5cd9fdafe113b65b95a36c6553) Require scheme in origins ([#397](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/397)) - [`a434525`](https://github.com/ottoyiu/django-cors-headers/commit/a43452505280d3f706aa821b287d341460d6fb61) Remove CORS_MODEL and associated code ([#396](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/396)) - [`3a1c92d`](https://github.com/ottoyiu/django-cors-headers/commit/3a1c92d3537db0d0187cedaae7174d1b883d65ac) Make Origin scheme-aware ([#388](https://github-redirect.dependabot.com/ottoyiu/django-cors-headers/issues/388)) - Additional commits viewable in [compare view](https://github.com/ottoyiu/django-cors-headers/compare/2.4.0...3.0.1)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #138.