Update django

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Django (source, changelog)	==4.1.2 -> ==4.2.14
django-appconf (source)	==1.0.5 -> ==1.0.6
django-cors-headers (changelog)	==3.13.0 -> ==3.14.0
django-debug-toolbar (changelog)	==3.7.0 -> ==3.8.1
django-environ (source, changelog)	==0.9.0 -> ==0.11.2
django-extensions (changelog)	==3.2.1 -> ==3.2.3
django-mptt	==0.14.0 -> ==0.16.0
django-oauth-toolkit	==2.2.0 -> ==2.4.0
django-silk	==5.0.1 -> ==5.1.0
django-tree-queries	==0.11.0 -> ==0.19.0

---

Release Notes

django/django (Django)

v4.2.14

Compare Source

v4.2.13

Compare Source

v4.2.12

Compare Source

v4.2.11

Compare Source

v4.2.10

Compare Source

v4.2.9

Compare Source

v4.2.8

Compare Source

v4.2.7

Compare Source

v4.2.6

Compare Source

v4.2.5

Compare Source

v4.2.4

Compare Source

v4.2.3

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2

Compare Source

v4.1.13

Compare Source

v4.1.12

Compare Source

v4.1.11

Compare Source

v4.1.10

Compare Source

v4.1.9

Compare Source

v4.1.8

Compare Source

v4.1.7

Compare Source

v4.1.6

Compare Source

v4.1.5

Compare Source

v4.1.4

Compare Source

v4.1.3

Compare Source

django-compressor/django-appconf (django-appconf)

v1.0.6

Compare Source

adamchainz/django-cors-headers (django-cors-headers)

v3.14.0

Compare Source

• Support Django 4.2.

• Switch from urlparse() to urlsplit() for URL parsing, reducing the middleware runtime up to 5%.
  This changes the type passed to origin_found_in_white_lists(), so if you have subclassed the middleware to override this method, you should check it is compatible (it most likely is).

  Thanks to Thibaut Decombe in PR #&#8203;793 <https://github.com/adamchainz/django-cors-headers/pull/793>__.

jazzband/django-debug-toolbar (django-debug-toolbar)

v3.8.1

Compare Source

Note: 3.8.0 was not released, use 3.8.1

What's Changed

• fix: Simplify logic for Panel.enabled property by @​adamantike in https://github.com/jazzband/django-debug-toolbar/pull/1676
• Auto-update History panel with JavaScript fetch requests. by @​tim-schilling in https://github.com/jazzband/django-debug-toolbar/pull/1685
• Improve the template_source view coverage a bit by @​matthiask in https://github.com/jazzband/django-debug-toolbar/pull/1688
• Support rerendering the toolbar on HTMX boosted pages. by @​tim-schilling in https://github.com/jazzband/django-debug-toolbar/pull/1686
• Include panel scripts in content when RENDER_PANELS=True by @​matthiask in https://github.com/jazzband/django-debug-toolbar/pull/1689
• Fixed #​1693 -- Run tests on python 3.11 by @​pauloxnet in https://github.com/jazzband/django-debug-toolbar/pull/1694
• Add divide by zero protection in timer.js by @​SmailBestybay in https://github.com/jazzband/django-debug-toolbar/pull/1687
• Fixed #​1695 - Run test on Python 3.11 for Django 4.1 by @​pauloxnet in https://github.com/jazzband/django-debug-toolbar/pull/1696
• Create one-time mouseup listener for each mousedown by @​scuml in https://github.com/jazzband/django-debug-toolbar/pull/1697
• Update package metadata by @​ofek in https://github.com/jazzband/django-debug-toolbar/pull/1690
• Validate and format pyproject.toml by @​hugovk in https://github.com/jazzband/django-debug-toolbar/pull/1700
• Drop Rob's email address in project config. by @​tim-schilling in https://github.com/jazzband/django-debug-toolbar/pull/1699
• Fix highlighting on history panel by @​scuml in https://github.com/jazzband/django-debug-toolbar/pull/1698
• Allow Language Selection on the Toolbar by @​leandrodesouzadev in https://github.com/jazzband/django-debug-toolbar/pull/1703
• Attach handlers to djDebug instead of document by @​scuml in https://github.com/jazzband/django-debug-toolbar/pull/1702
• Formalize support for Python 3.11. by @​tim-schilling in https://github.com/jazzband/django-debug-toolbar/pull/1713

New Contributors

• @​adamantike made their first contribution in https://github.com/jazzband/django-debug-toolbar/pull/1676
• @​SmailBestybay made their first contribution in https://github.com/jazzband/django-debug-toolbar/pull/1687
• @​ofek made their first contribution in https://github.com/jazzband/django-debug-toolbar/pull/1690
• @​hugovk made their first contribution in https://github.com/jazzband/django-debug-toolbar/pull/1700
• @​leandrodesouzadev made their first contribution in https://github.com/jazzband/django-debug-toolbar/pull/1703

Full Changelog: jazzband/django-debug-toolbar@3.7...3.8.1

joke2k/django-environ (django-environ)

v0.11.2

Compare Source

Fixed
+++++

• Revert "Add variable expansion." feature
  due to #&#8203;490 <https://github.com/joke2k/django-environ/issues/490>_.

v0.11.1

Compare Source

Fixed
+++++

• Revert "Add interpolate argument to avoid resolving proxied values." feature
  due to #&#8203;485 <https://github.com/joke2k/django-environ/issues/485>_.

v0.11.0

Compare Source

Added
+++++

• Added support for Django 4.2
  #&#8203;456 <https://github.com/joke2k/django-environ/pull/456>_.
• Added support for secure Elasticsearch connections
  #&#8203;463 <https://github.com/joke2k/django-environ/pull/463>_.
• Added variable expansion
  #&#8203;468 <https://github.com/joke2k/django-environ/pull/468>_.
• Added capability to handle comments after #, after quoted values,
  like KEY= 'part1 # part2' # comment
#&#8203;475 <https://github.com/joke2k/django-environ/pull/475>_.
• Added support for interpolate parameter
  #&#8203;415 <https://github.com/joke2k/django-environ/pull/415>_.

Changed
+++++++

• Used mssql-django as engine for SQL Server
  #&#8203;446 <https://github.com/joke2k/django-environ/pull/446>_.
• Changed handling bool values, stripping whitespace around value
  #&#8203;475 <https://github.com/joke2k/django-environ/pull/475>_.
• Use importlib.util.find_spec to replace pkgutil.find_loader
#&#8203;482 <https://github.com/joke2k/django-environ/pull/482>_.

Removed
+++++++

• Removed support of Python 3.5.

v0.10.0

Compare Source

Added
+++++

• Use the core redis library by default if running Django >= 4.0
  #&#8203;356 <https://github.com/joke2k/django-environ/issues/356>_.
• Value of dict can now contain an equal sign
  #&#8203;241 <https://github.com/joke2k/django-environ/pull/241>_.
• Added support for Python 3.11.
• Added CONN_HEALTH_CHECKS to database base options
  #&#8203;413 <https://github.com/joke2k/django-environ/issues/413>_.
• Added encoding parameter to read_env with default value 'utf8'
  #&#8203;442 <https://github.com/joke2k/django-environ/pull/442>_.
• Added support for Django 4.1
  #&#8203;416 <https://github.com/joke2k/django-environ/issues/416>_.

Deprecated
++++++++++

• Support of Python < 3.6 is deprecated and will be removed
  in next major version.

Changed
+++++++

• Used UTF-8 as a encoding when open .env file.
• Provided access to DB_SCHEMES through cls rather than
  Env in db_url_config
#&#8203;414 <https://github.com/joke2k/django-environ/pull/414>_.
• Correct CI workflow to use supported Python versions/OS matrix
  #&#8203;441 <https://github.com/joke2k/django-environ/pull/441>_.
• Reworked trigger CI workflows strategy
  #&#8203;440 <https://github.com/joke2k/django-environ/pull/440>_.

Fixed
+++++

• Fixed logic of Env.get_value() to skip parsing only when
  default=None, not for all default values that coerce to False
#&#8203;404 <https://github.com/joke2k/django-environ/issues/404>_.
• Deleted duplicated include in docs/quickstart.rst
  #&#8203;439 <https://github.com/joke2k/django-environ/pull/439>_.

Removed
+++++++

• Removed deprecated Env.unicode().
• Removed environ.register_schemes calls and do not modify global
  urllib.parse.urlparse's uses_* variables as this no longer needed
  #&#8203;246 <https://github.com/joke2k/django-environ/pull/246>_.

django-extensions/django-extensions (django-extensions)

v3.2.3

Compare Source

What's Changed

• Fix error with lack of PosixPath support by @​giff-h in https://github.com/django-extensions/django-extensions/pull/1785
• Import pkg_resources directly by @​foarsitter in https://github.com/django-extensions/django-extensions/pull/1782
• Add REMOTE_USER to werkzeug environment by @​confuzeus in https://github.com/django-extensions/django-extensions/pull/1769
• runserver_plus template reloading by @​foarsitter in https://github.com/django-extensions/django-extensions/pull/1775
• Add Python 3.11 support by @​foarsitter in https://github.com/django-extensions/django-extensions/pull/1786
• Run tests againts Django 4.2 and add trove classifier by @​michael-k in https://github.com/django-extensions/django-extensions/pull/1812
• fix: test_should_highlight_bash_syntax_without_name to include whites… by @​foarsitter in https://github.com/django-extensions/django-extensions/pull/1797
• runserver_plus autoreload on template change by @​foarsitter in https://github.com/django-extensions/django-extensions/pull/1796
• Add support for psycopg3 by @​Apreche in https://github.com/django-extensions/django-extensions/pull/1814
• Fixed drop test database command with psycopg 3 by @​jannh in https://github.com/django-extensions/django-extensions/pull/1818
• Fixed reset_db with psycopg3 (same patch like for drop_test_database) by @​jannh in https://github.com/django-extensions/django-extensions/pull/1821
• Cleanup http: links by @​Crocmagnon in https://github.com/django-extensions/django-extensions/pull/1798

New Contributors

• @​giff-h made their first contribution in https://github.com/django-extensions/django-extensions/pull/1785
• @​foarsitter made their first contribution in https://github.com/django-extensions/django-extensions/pull/1782
• @​confuzeus made their first contribution in https://github.com/django-extensions/django-extensions/pull/1769
• @​Apreche made their first contribution in https://github.com/django-extensions/django-extensions/pull/1814
• @​Crocmagnon made their first contribution in https://github.com/django-extensions/django-extensions/pull/1798

Full Changelog: django-extensions/django-extensions@3.2.1...3.2.3

jazzband/django-oauth-toolkit (django-oauth-toolkit)

v2.4.0

Compare Source

WARNING

Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before
performing a MAJOR upgrade to 2.x.

These issues both result in {"error": "invalid_client"}:

1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

If you are going to revert migration 0006 make note that previously hashed client_secret cannot be reverted!

Added

• #​1304 Add OAuth2ExtraTokenMiddleware for adding access token to request.
  See Setup a provider in the Tutorial.
• #​1273 Performance improvement: Add caching of loading of OIDC private key.
• #​1285 Add post_logout_redirect_uris field in the Application Registration form
• #​1311,#​1334 (Security) Add option to disable client_secret hashing to allow verifying JWTs' signatures when using
  HS256 keys.
  This means your client secret will be stored in cleartext but is the only way to successfully use HS256 signed JWT's.
• #​1350 Support Python 3.12 and Django 5.0
• #​1367 Add code_challenge_methods_supported property to auto discovery information, per RFC 8414 section 2
• #​1328 Adds the ability to define how to store a user profile.

Fixed

• #​1292 Interpret EXP in AccessToken always as UTC instead of (possibly) local timezone.
  Use setting AUTHENTICATION_SERVER_EXP_TIME_ZONE to enable different time zone in case the remote
  authentication server does not provide EXP in UTC.
• #​1323 Fix instructions in documentation
  on how to create a code challenge and code verifier
• #​1284 Fix a 500 error when trying to logout with no id_token_hint even if the browser session already expired.
• #​1296 Added reverse function in migration 0006_alter_application_client_secret. Note that reversing this migration cannot undo a hashed client_secret.
• #​1345 Fix encapsulation for Redirect URI scheme validation. Deprecates RedirectURIValidator in favor of AllowedURIValidator.
• #​1357 Move import of setting_changed signal from test to django core modules.
• #​1361 Fix prompt=none redirects to login screen
• #​1380 Fix AttributeError in OAuth2ExtraTokenMiddleware when a custom AccessToken model is used.
• #​1288 Fix #​1276 which attempted to resolve #​1092 for requests that don't have a client_secret per RFC 6749 4.1.1
• #​1337 Gracefully handle expired or deleted refresh tokens, in validate_user.
• Various documentation improvements: #​1410, #​1408, #​1405, #​1399, #​1401, #​1396, #​1375, #​1162, #​1315, #​1307

Removed

• #​1350 Remove support for Python 3.7 and Django 2.2

v2.3.0

Compare Source

WARNING

Issues caused by Release 2.0.0 breaking changes continue to be logged. Please make sure to carefully read these release notes before
performing a MAJOR upgrade to 2.x.

These issues both result in {"error": "invalid_client"}:

1. The application client secret is now hashed upon save. You must copy it before it is saved. Using the hashed value will fail.

2. PKCE_REQUIRED is now True by default. You should use PKCE with your client or set PKCE_REQUIRED=False if you are unable to fix the client.

Added

• Add Japanese(日本語) Language Support
• #​1244 implement OIDC RP-Initiated Logout
• #​1092 Allow Authorization Code flow without a client_secret per RFC 6749 2.3.1
• #​1264 Support Django 4.2.

Changed

• #​1222 Remove expired ID tokens alongside access tokens in cleartokens management command
• #​1267, #​1253, #​1251, #​1250, #​1224, #​1212, #​1211 Various documentation improvements

jazzband/django-silk (django-silk)

v5.1.0

Compare Source

:release-by: Albert Wang (@​albertyw)
Full Changelog

Upgrading:

This release includes Fix deprecation warning for get_storage_class #​669
which deprecates SILKY_STORAGE_CLASS. Users should instead use the Django
STORAGES configuration. See README
and Django documentation
for more information.

Also, for python 3.12, the cProfile stdlib library cannot be enabled multiple times concurrently.
Silk will therefore skip profiling if another profile is already enabled.

Features/Enhancements:

• Allow option to delete profiles (#​652) @​viralj

Fixes:

• Gracefully error out when there are concurrent profilers (#​692) @​albertyw
• Always disable cProfile as part of cleanup (#​699) @​albertyw
• Fix when Session, Authentication or Message middlewares are not present (#​667) @​mgaligniana

Maintenance and Cleanup:

• Fix deprecation warning for get_storage_class (#​669) @​albertyw
• Support Django 4.2 (#​685) @​albertyw
• Support python 3.12 (#​683) @​albertyw
• Support Django 5 (#​686) @​albertyw
• Remove deprecated datetime.timezone.utc (#​687) @​albertyw
• Derive version from importlib (#​697) @​robinchow

Dependencies:

• Update python dependencies (#​693) @​albertyw

v5.0.4

Compare Source

:release-by: Albert Wang (@​albertyw)
Full Changelog

Features/Enhancements:

• Handle case-insensitive sensitive headers (#​674) @​shtimn
• Add a "pagetitle" block to Silky templates (#​661) @​vsajip
• Allow to generate more informative profile file name (#​638) @​k4rl85

Maintenance and Cleanup:

• Remove unsupported versions of Django and Python (#​668) @​albertyw
• Outsource all inline scripts and styles (#​635) @​sgelis
• Remove support for looking up headers on django <3.2 (#​643) @​albertyw

Dependencies:

• Update python dependencies (#​677) @​albertyw

v5.0.3

Compare Source

:release-by: Albert Wang (@​albertyw)
Full Changelog

Fixes:

• #​46 Retain ordering, view style and limit (#​614)
• #​157 prevent encoding errors in params (#​617)
• #​594 Silk fails on constraint check queries (#​618) (Fixes compatibility with Django 4.1)

Features/Enhancements:

• #​132 Add action on sql query list (#​611)
• traceback only when needed (#​387)

Dependencies:

• #​625 Drop dependency to jinja2

v5.0.2

Compare Source

:release-by: Albert Wang (@​albertyw)
Full Changelog

Fixes:

• Multipart forms and RawPostDataException (#​592)
• Decrease unnecessary database hits (#​587) (#​588)

Features/Enhancements:

• Remove unneeded pytz package (#​603)
• Use contextlib in test_profile_parser (#​590)
• Add support for storages, that don't implement full filesystem path (#​596)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.