build(deps): update django-rest-framework for CSP

`django-rest-framework` has recieved several patches for CSP compatibility, but unfortunately these are not included in the latest release (3.14.0) and a new release cannot be expected for a while. As such, we must replace the semantically versioned PyPI reference with a reference to the latest commit on the master branch of the package's Git Repository that contains the changes that we need (do not use `master` since it could change in unexpected and incompatible ways). Included in this change is the use of `inflection` for the OpenAPI spec's `operationIds`, an unfortunate dependency added by encode/django-rest-framework#8017 and later made less obtrusive by encode/django-rest-framework#8781. Any usage of the schema generator must be done in an environment that includes this package. Additionally, this new approach makes the generated `operationId` that was `listPersons` into `listPeople`. Thankfully, this is immaterial. Fixes: freelawproject#3020
cweider · Aug 23, 2023 · 737e916 · 737e916
1 parent 24ac949
commit 737e916
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -45,7 +45,7 @@ django-mathfilters = "*"
 django-pghistory = "^2.7.0"
 django-ratelimit = "^4.0.0"
 django-storages = "^1.13.2"
-djangorestframework = "^3.14.0"
+djangorestframework = {git = "https://github.com/encode/django-rest-framework.git", rev = "cc3c89a11c7ee9cf7cfd732e0a329c318ace71b2"}
 djangorestframework-xml = "^2.0.0"
 drf-dynamic-fields = "*"
 feedparser = "^6.0.8"
@@ -112,6 +112,7 @@ psycopg2 = "^2.9.6"
 juriscraper = "^2.5.51"
 httpx = {extras = ["http2"], version = "^0.24.1"}
 django-model-utils = "^4.3.1"
+inflection = "^0.5.1"  # necessary for DRF schema generation - remove after drf-spectacular
 
 
 [tool.poetry.group.dev.dependencies]