Bump wagtail from 3.0.3 to 4.2.2

[dependabot]

Bumps wagtail from 3.0.3 to 4.2.2.

Release notes

Sourced from wagtail's releases.

4.2.2

• Fix: CVE-2023-28836 - Stored XSS attack via ModelAdmin views (Thibaud Colas)
• Fix: CVE-2023-28837 - Denial-of-service via memory exhaustion when uploading large files (Jake Howard)
• Fix: Fix radio and checkbox elements shrinking when using a long label (Sage Abdullah)
• Fix: Fix select elements expanding beyond their container when using a long option label (Sage Abdullah)
• Fix: Fix timezone handling of TemplateResponses for users with a custom timezone (Stefan Hammer, Sage Abdullah)
• Fix: Ensure TableBlock initialisation correctly runs after load and its width is aligned with the parent panel (Dan Braghis)
• Fix: Ensure that the JavaScript media files are loaded by default in Snippet index listings for date fields (Sage Abdullah)
• Fix: Fix server-side caching of the icons sprite (Thibaud Colas)
• Fix: Avoid showing scrollbars in the block picker unless necessary (Babitha Kumari)
• Fix: Always show Add buttons, guide lines, Move up/down, Duplicate, Delete; in StreamField and Inline Panel (Thibaud Colas)
• Fix: Ensure datetimepicker widget overlay shows over modals & drop-downs (LB (Ben) Johnston)
• Docs: Fix module path for MultipleChooserPanel in panel reference docs
• Maintenance: Render large image renditions to disk (Jake Howard)

4.2.1

• Fix: Support creating StructValue copies (Tidiane Dia)
• Fix: Fix image uploads on storage backends that require file pointer to be at the start of the file (Matt Westcott)
• Fix: Fix "Edit this page" missing from userbar (Satvik Vashisht)
• Fix: Prevent audit log report from failing on missing models (Andy Chosak)
• Fix: Fix page/snippet cannot proceed a GroupApprovalTask if it's locked by someone outside of the group (Sage Abdullah)
• Fix: Add missing log information for wagtail.schedule.cancel (Stefan Hammer)
• Fix: Fix timezone activation leaking into subsequent requests in require_admin_access() (Stefan Hammer)
• Fix: Fix dialog component's message to have rounded corners at the top side (Sam)
• Fix: Prevent matches from unrelated models from leaking into SQLite FTS searches (Matt Westcott)
• Fix: Prevent duplicate addition of StreamField blocks with the new block picker (Deepam Priyadarshi)
• Docs: Clarify ClusterableModel requirements for using relations with RevisionMixin-enabled models (Sage Abdullah)
• Maintenance: Update Algolia DocSearch to use new application and correct versioning setup (Thibaud Colas)

4.2

• Added StreamField data migration helpers (Sandil Ranasinghe, Jacob Topp-Mugglestone, Joshua Munn, Karl Hobley)
• Added ability to lock snippet models with LockableMixin (Sage Abdullah)
• Added ability to submit snippets for moderation with WorkflowMixin (Sage Abdullah)
• Create {% fullpageurl %} tag for getting the absolute URL of a page (Jake Howard)
• Added MultipleChooserPanel, a variant of InlinePanel with improved editor experience when inserting multiple linked objects (Matt Westcott)
• Test assertion util WagtailPageTestCase.assertCanCreate now supports the kwarg publish=True to determine whether to publish the page (Harry Percival, Akua Dokua Asiedu, Matt Westcott)
• Ensure that the rebuild_references_index command can run without console output if called with --verbosity 0 (Omerzahid Ali, Aman Pandey)
• Add full support for secondary buttons with icons in the Wagtail design system - button bicolor button--icon button-secondary including the button-small variant (Seremba Patrick)
• Add purge_embeds management command to delete all the cached embed objects in the database (Aman Pandey)
• Make it possible to resize the page editor’s side panels (Sage Abdullah)
• Add ability to include form_fields as an APIField on FormPage (Sævar Öfjörð Magnússon, Suyash Singh, LB (Ben) Johnston)
• Ensure that images listings are more consistently aligned when there are fewer images uploaded (Theresa Okoro)
• Add more informative validation error messages for non-unique slugs within the admin interface and for programmatic page creation (Benjamin Bach)
• Always show the page editor title field’s border when the field is empty (Thibaud Colas)
• Snippet models extending DraftStateMixin now automatically define a "Publish" permission type (Sage Abdullah)
• Users now remain on the edit page after saving a snippet as draft (Sage Abdullah)
• Base project template now populates the meta description tag from the search description field (Aman Pandey)
• Added support for azure-mgmt-cdn version >= 10 and azure-mgmt-frontdoor version >= 1 in the frontend cache invalidator (Sylvain Fankhauser)
• Add a system check to warn when a django-storages backend is configured to allow overwriting (Rishabh jain)
• Update admin focus outline color to have higher contrast against white backgrounds (Thibaud Colas)

... (truncated)

Changelog

Sourced from wagtail's changelog.

4.2.2 (03.04.2023)

 * Fix: CVE-2023-28836 - Stored XSS attack via ModelAdmin views (Thibaud Colas)
 * Fix: CVE-2023-28837 - Denial-of-service via memory exhaustion when uploading large files (Jake Howard)
 * Fix: Fix radio and checkbox elements shrinking when using a long label (Sage Abdullah)
 * Fix: Fix select elements expanding beyond their container when using a long option label (Sage Abdullah)
 * Fix: Fix timezone handling of `TemplateResponse`s for users with a custom timezone (Stefan Hammer, Sage Abdullah)
 * Fix: Ensure TableBlock initialisation correctly runs after load and its width is aligned with the parent panel (Dan Braghis)
 * Fix: Ensure that the JavaScript media files are loaded by default in Snippet index listings for date fields (Sage Abdullah)
 * Fix: Fix server-side caching of the icons sprite (Thibaud Colas)
 * Fix: Avoid showing scrollbars in the block picker unless necessary (Babitha Kumari)
 * Fix: Always show Add buttons, guide lines, Move up/down, Duplicate, Delete; in StreamField and Inline Panel (Thibaud Colas)
 * Fix: Ensure datetimepicker widget overlay shows over modals & drop-downs (LB (Ben) Johnston)
 * Docs: Fix module path for `MultipleChooserPanel` in panel reference docs
 * Maintenance: Render large image renditions to disk (Jake Howard)
4.2.1 (13.03.2023)

• Fix: Support creating StructValue copies (Tidiane Dia)
• Fix: Fix image uploads on storage backends that require file pointer to be at the start of the file (Matt Westcott)
• Fix: Fix "Edit this page" missing from userbar (Satvik Vashisht)
• Fix: Prevent audit log report from failing on missing models (Andy Chosak)
• Fix: Fix page/snippet cannot proceed a GroupApprovalTask if it's locked by someone outside of the group (Sage Abdullah)
• Fix: Add missing log information for wagtail.schedule.cancel (Stefan Hammer)
• Fix: Fix timezone activation leaking into subsequent requests in require_admin_access() (Stefan Hammer)
• Fix: Fix dialog component's message to have rounded corners at the top side (Sam)
• Fix: Prevent matches from unrelated models from leaking into SQLite FTS searches (Matt Westcott)
• Fix: Prevent duplicate addition of StreamField blocks with the new block picker (Deepam Priyadarshi)
• Docs: Clarify ClusterableModel requirements for using relations with RevisionMixin-enabled models (Sage Abdullah)
• Maintenance: Update Algolia DocSearch to use new application and correct versioning setup (Thibaud Colas)

4.2 (06.02.2023)

 * Added StreamField data migration helpers (Sandil Ranasinghe, Jacob Topp-Mugglestone, Joshua Munn, Karl Hobley)
 * Added ability to lock snippet models with `LockableMixin` (Sage Abdullah)
 * Added ability to submit snippets for moderation with `WorkflowMixin` (Sage Abdullah)
 * Create `{% fullpageurl %}` tag for getting the absolute URL of a page (Jake Howard)
 * Added `MultipleChooserPanel`, a variant of `InlinePanel` with improved editor experience when inserting multiple linked objects (Matt Westcott)
 * Test assertion util `WagtailPageTestCase.assertCanCreate` now supports the kwarg `publish=True` to determine whether to publish the page (Harry Percival, Akua Dokua Asiedu, Matt Westcott)
 * Ensure that the `rebuild_references_index` command can run without console output if called with `--verbosity 0` (Omerzahid Ali, Aman Pandey)
 * Add full support for secondary buttons with icons in the Wagtail design system - `button bicolor button--icon button-secondary` including the `button-small` variant (Seremba Patrick)
 * Add `purge_embeds` management command to delete all the cached embed objects in the database (Aman Pandey)
 * Make it possible to resize the page editor’s side panels (Sage Abdullah)
 * Add ability to include `form_fields` as an APIField on `FormPage` (Sævar Öfjörð Magnússon, Suyash Singh, LB (Ben) Johnston)
 * Ensure that images listings are more consistently aligned when there are fewer images uploaded (Theresa Okoro)
</tr></table> 

... (truncated)

Commits

• 43c1753 Version bump to 4.2.2
• ca75fbc Fill in release date for 4.1.4
• 0ec321e Fill in release date for 4.2.2
• add3c78 Release note for CVE-2023-28837 in 4.1.4
• 203e4ab Release note for CVE-2023-28837 in 4.2.2
• 25bf34b Don't load temporary uploaded files into memory
• b337c97 Don't load images / documents into memory when calculating their hash
• 65a626f Release note for CVE-2023-28836 in 4.1.4
• b533ec1 Release note for CVE-2023-28836 in 4.2.2
• ff806ab Change ModelAdmin InspectView to escape any HTML from document titles
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #1455.