Bump wagtail from 2.7.2 to 2.9

[dependabot-preview]

Bumps wagtail from 2.7.2 to 2.9.

Release notes

Sourced from wagtail's releases.

2.9

• Removed support for Django 2.1
• Added data exports in XLSX and CSV format for reports, ModelAdmin and form submissions (Jacob Topp-Mugglestone)
• Added support for creating custom reports (Jacob Topp-Mugglestone)
• Skip page validation when unpublishing a page (Samir Shah)
• Added MultipleChoiceBlock block type for StreamField (James O'Toole)
• ChoiceBlock now accepts a widget keyword argument (James O'Toole)
• Reduced contrast of rich text toolbar (Jack Paine)
• Support the rel attribute on custom ModelAdmin buttons (Andy Chosak)
• Server-side page slug generation now respects WAGTAIL_ALLOW_UNICODE_SLUGS (Arkadiusz Michał Ryś)
• Wagtail admin no longer depends on SiteMiddleware, avoiding incompatibility with Django sites framework and redundant database queries (aritas1, timmysmalls, Matt Westcott)
• Tag field autocompletion now handles custom tag models (Matt Westcott)
• wagtail_serve URL route can now be omitted for headless sites (Storm Heg)
• Allow free tagging to be disabled on custom tag models (Matt Westcott)
• Allow disabling page preview by setting preview_modes to an empty list (Casper Timmers)
• Add Vidyard to oEmbed provider list (Steve Lyall)
• Optimise compiling media definitions for complex StreamBlocks (pimarc)
• FieldPanel now accepts a 'heading' argument (Jacob Topp-Mugglestone)
• Replaced deprecated ugettext / ungettext calls with gettext / ngettext (Mohamed Feddad)
• ListBlocks now call child block bulk_to_python if defined (Andy Chosak)
• Site settings are now identifiable/cachable by request as well as site (Andy Babic)
• Added select_related attribute to site settings to enable more efficient fetching of foreign key values (Andy Babic)
• Add caching of image renditions (Tom Dyson, Tim Kamanin)
• Add documentation for reporting security issues and internationalisation (Matt Westcott)
• Fields on a custom image model can now be defined as required blank=False (Matt Westcott)
• Fix: CVE-2020-11037 - avoid potential timing attack on password-protected private pages (Thibaud Colas)
• Fix: Added ARIA alert role to live search forms in the admin (Casper Timmers)
• Fix: Reorder login form elements to match expected tab order (Kjartan Sverrisson)
• Fix: Re-add 'Close Explorer' button on mobile viewports (Sævar Öfjörð Magnússon)
• Fix: Add a more descriptive label to Password reset link for screen reader users (Casper Timmers, Martin Coote)
• Fix: Improve Wagtail logo contrast by adding a background (Brian Edelman, Simon Evans, Ben Enright)
• Fix: Prevent duplicate notification messages on page locking (Jacob Topp-Mugglestone)
• Fix: Fix InlinePanel item non field errors not visible (Storm Heg)
• Fix: {% image ... as var %} now clears the context variable when passed None as an image (Maylon Pedroso)
• Fix: refresh_index method on Elasticsearch no longer fails (Lars van de Kerkhof)
• Fix: Document tags no longer fail to update when replacing the document file at the same time (Matt Westcott)
• Fix: Prevent error from very tall / wide images being resized to 0 pixels (Fidel Ramos)
• Fix: Remove excess margin when editing snippets (Quadric)
• Fix: Added scope attribute to table headers in TableBlock output (Quadric)
• Fix: Prevent KeyError when accessing a StreamField on a deferred queryset (Paulo Alvarado)
• Fix: Hide empty 'view live' links (Karran Besen)
• Fix: Mark up a few strings for translation (Luiz Boaretto)
• Fix: Invalid focal_point attribute on image edit view (Michał (Quadric) Sieradzki)
• Fix: No longer expose the .delete() method on the default Page.objects manager (Nick Smith)
• Fix: exclude_fields_in_copy on Page models will now work for for modelcluster parental / many to many relations (LB (Ben Johnston))
• Fix: Response header (content disposition) now correctly handles filenames with non-ascii characters when using a storage backend (Rich Brennan)
• Fix: Improved accessibility fixes for main, header and footer elements in the admin page layout (Mitchel Cabuloy)
• Fix: Prevent version number from obscuring long settings menus (Naomi Morduch Toubman)
• Fix: Admin views using TemplateResponse now respect the user's language setting (Jacob Topp-Mugglestone)
• Fix: Fixed incorrect language code for Japanese in language setting dropdown (Tomonori Tanabe)

... (truncated)

Changelog

Sourced from wagtail's changelog.

2.9 (04.05.2020)

 * Removed support for Django 2.1
 * Added data exports in XLSX and CSV format for reports, ModelAdmin and form submissions (Jacob Topp-Mugglestone)
 * Added support for creating custom reports (Jacob Topp-Mugglestone)
 * Skip page validation when unpublishing a page (Samir Shah)
 * Added `MultipleChoiceBlock` block type for StreamField (James O'Toole)
 * ChoiceBlock now accepts a `widget` keyword argument (James O'Toole)
 * Reduced contrast of rich text toolbar (Jack Paine)
 * Support the rel attribute on custom ModelAdmin buttons (Andy Chosak)
 * Server-side page slug generation now respects `WAGTAIL_ALLOW_UNICODE_SLUGS` (Arkadiusz Michał Ryś)
 * Wagtail admin no longer depends on SiteMiddleware, avoiding incompatibility with Django sites framework and redundant database queries (aritas1, timmysmalls, Matt Westcott)
 * Tag field autocompletion now handles custom tag models (Matt Westcott)
 * `wagtail_serve` URL route can now be omitted for headless sites (Storm Heg)
 * Allow free tagging to be disabled on custom tag models (Matt Westcott)
 * Allow disabling page preview by setting `preview_modes` to an empty list (Casper Timmers)
 * Add Vidyard to oEmbed provider list (Steve Lyall)
 * Optimise compiling media definitions for complex StreamBlocks (pimarc)
 * FieldPanel now accepts a 'heading' argument (Jacob Topp-Mugglestone)
 * Replaced deprecated `ugettext` / `ungettext` calls with `gettext` / `ngettext` (Mohamed Feddad)
 * ListBlocks now call child block `bulk_to_python` if defined (Andy Chosak)
 * Site settings are now identifiable/cachable by request as well as site (Andy Babic)
 * Added `select_related` attribute to site settings to enable more efficient fetching of foreign key values (Andy Babic)
 * Add caching of image renditions (Tom Dyson, Tim Kamanin)
 * Add documentation for reporting security issues and internationalisation (Matt Westcott)
 * Fields on a custom image model can now be defined as required `blank=False` (Matt Westcott)
 * Fix: CVE-2020-11037 - avoid potential timing attack on password-protected private pages (Thibaud Colas)
 * Fix: Added ARIA alert role to live search forms in the admin (Casper Timmers)
 * Fix: Reorder login form elements to match expected tab order (Kjartan Sverrisson)
 * Fix: Re-add 'Close Explorer' button on mobile viewports (Sævar Öfjörð Magnússon)
 * Fix: Add a more descriptive label to Password reset link for screen reader users (Casper Timmers, Martin Coote)
 * Fix: Improve Wagtail logo contrast by adding a background (Brian Edelman, Simon Evans, Ben Enright)
 * Fix: Prevent duplicate notification messages on page locking (Jacob Topp-Mugglestone)
 * Fix: Fix InlinePanel item non field errors not visible (Storm Heg)
 * Fix: `{% image ... as var %}` now clears the context variable when passed None as an image (Maylon Pedroso)
 * Fix: `refresh_index` method on Elasticsearch no longer fails (Lars van de Kerkhof)
 * Fix: Document tags no longer fail to update when replacing the document file at the same time (Matt Westcott)
 * Fix: Prevent error from very tall / wide images being resized to 0 pixels (Fidel Ramos)
 * Fix: Remove excess margin when editing snippets (Quadric)
 * Fix: Added `scope` attribute to table headers in TableBlock output (Quadric)
 * Fix: Prevent KeyError when accessing a StreamField on a deferred queryset (Paulo Alvarado)
 * Fix: Hide empty 'view live' links (Karran Besen)
 * Fix: Mark up a few strings for translation (Luiz Boaretto)
 * Fix: Invalid focal_point attribute on image edit view (Michał (Quadric) Sieradzki)
 * Fix: No longer expose the `.delete()` method on the default Page.objects manager (Nick Smith)
 * Fix: `exclude_fields_in_copy` on Page models will now work for for modelcluster parental / many to many relations (LB (Ben Johnston))
 * Fix: Response header (content disposition) now correctly handles filenames with non-ascii characters when using a storage backend (Rich Brennan)
 * Fix: Improved accessibility fixes for `main`, `header` and `footer` elements in the admin page layout (Mitchel Cabuloy)
 * Fix: Prevent version number from obscuring long settings menus (Naomi Morduch Toubman)
</tr></table> ... (truncated)

Commits

• b76ab57 Release note for CVE-2020-11037 in 2.9
• ca89281 Release note for 2.8.2
• 0690aca Release note for 2.7.3
• ba9d424 Use constant_time_compare for view restriction password checks
• 5a4a1d7 Version bump to 2.9 final
• 255f3c7 Fill in release date for 2.9
• 9ce7216 Fetch new translations from Transifex
• dc3d124 Documentation: Adding Orderable superclass in code example in "Binding Pages ...
• b5f9f60 Version bump to 2.9rc1
• 61e4807 Return 403 error on preview endpoints when no preview_modes exist
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #424.