Bump django-axes from 1.7.0 to 5.0.7

[dependabot-preview]

Bumps django-axes from 1.7.0 to 5.0.7.

Changelog

Sourced from django-axes's changelog.

5.0.7 (2019-06-14)

• Fix lockout message showing when lockout is disabled with the AXES_LOCK_OUT_AT_FAILURE setting. [mogzol]
• Add support for callable AXES_FAILURE_LIMIT setting. [bbayles]

5.0.6 (2019-05-25)

• Deprecate AXES_DISABLE_SUCCESS_ACCESS_LOG flag in favour of AXES_DISABLE_ACCESS_LOG which has mostly the same functionality. Update documentation to better reflect the behaviour of the flag. [aleksihakli]

5.0.5 (2019-05-19)

• Change the lockout response calculation to request flagging instead of exception throwing in the signal handler and middleware. Move request attribute calculation from middleware to handler layer. Deprecate axes.request.AxesHttpRequest object type definition. [aleksihakli]
• Deprecate the old version 4.x axes.backends.AxesModelBackend class. [aleksihakli]
• Improve documentation on attempt tracking, resets, Axes customization, project and component compatibility and integrations, and other things. [aleksihakli]

5.0.4 (2019-05-09)

• Fix regression with OAuth2 authentication backends not having remote IP addresses set and throwing an exception in cache key calculation. [aleksihakli]

5.0.3 (2019-05-08)

• Fix django.contrib.auth module login and logout functionality so that they work with the handlers without the an AxesHttpRequest to improve cross compatibility with other Django applications. [aleksihakli]
• Change IP address resolution to allow empty or missing addresses. [aleksihakli]
• Add error logging for missing request attributes in the handler layer so that users get better indicators of misconfigured applications. [aleksihakli]

5.0.2 (2019-05-07)

• Add AXES_ENABLED setting for disabling Axes with e.g. tests that use Django test client login, logout, and force_login methods, which do not supply the request argument to views, preventing Axes from functioning correctly in certain test setups. [aleksihakli]

5.0.1 (2019-05-03)

• Add changelog to documentation. [aleksihakli]

5.0 (2019-05-01)

• Deprecate Python 2.7, 3.4 and 3.5 support. [aleksihakli]
• Remove automatic decoration and monkey-patching of Django views and forms. Decorators are available for login function and method decoration as before. [aleksihakli]
• Use backend, middleware, and signal handlers for tracking login attempts and implementing user lockouts. [aleksihakli, jorlugaqui, joshua-s]
• Add AxesDatabaseHandler, AxesCacheHandler, and AxesDummyHandler handler backends for processing user login and logout events and failures. Handlers are configurable with the AXES_HANDLER setting. [aleksihakli, jorlugaqui, joshua-s]
• Improve management commands and separate commands for resetting all access attempts, attempts by IP, and attempts by username. New command names are axes_reset, axes_reset_ip and axes_reset_username. [aleksihakli]
• Add support for string import for AXES_USERNAME_CALLABLE that supports dotted paths in addition to the old callable type such as a function or a class method. [aleksihakli]
• Deprecate one argument call signature for AXES_USERNAME_CALLABLE. From now on, the callable needs to accept two arguments, the HttpRequest and credentials that are supplied to the Django authenticate method in authentication backends. [aleksihakli]

... (truncated)

Commits

• 9fa0e7f Version 5.0.7
• 9c7c5c1 Add documentation for updated AXES_FAILURE_LIMIT
• 4efbace Merge #452 into django-axes master
• 9a043a2 Add str import also
• dbc0c13 Allow callable failure limit
• 71708ef Stop showing lockout message when lockout is disabled
• 0ba52cd Update pytest from 4.6.1 to 4.6.2
• 7aae8e1 Add Django 2.2 to tox configuration
• 0cd9c10 Update pytest-django from 3.4.8 to 3.5.0
• 02f0b65 Update pytest from 4.6.0 to 4.6.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #1744.