Update django to 1.11.21

[pyup-bot]

This PR updates Django from 1.11.20 to 1.11.21.

Changelog

1.11.21

============================

*June 3, 2019*

Django 1.11.21 fixes a security issue in 1.11.20.

CVE-2019-12308: AdminURLFieldWidget XSS
---------------------------------------

The clickable "Current URL" link generated by ``AdminURLFieldWidget`` displayed
the provided value without validating it as a safe URL. Thus, an unvalidated
value stored in the database, or a value provided as a URL query parameter
payload, could result in an clickable JavaScript link.

``AdminURLFieldWidget`` now validates the provided value using
:class:`~django.core.validators.URLValidator` before displaying the clickable
link. You may customise the validator by passing a ``validator_class`` kwarg to
``AdminURLFieldWidget.__init__()``, e.g. when using
:attr:`~django.contrib.admin.ModelAdmin.formfield_overrides`.


============================

Links

• PyPI: https://pypi.org/project/django
• Changelog: https://pyup.io/changelogs/django/
• Homepage: https://www.djangoproject.com/

[coveralls]

Coverage remained the same at 92.593% when pulling fad4eb5 on pyup-update-django-1.11.20-to-1.11.21 into 3c09739 on master.

[coveralls]

Coverage remained the same at 92.593% when pulling fad4eb5 on pyup-update-django-1.11.20-to-1.11.21 into 3c09739 on master.