chore(deps): update dependency djangorestframework to v3.11.2

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
djangorestframework (source, changelog)	minor	==3.6.4 -> ==3.11.2

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Medium	6.1	CVE-2020-25626
Medium	6.1	WS-2019-0037

---

Release Notes

encode/django-rest-framework (djangorestframework)

v3.11.2

Compare Source

v3.11.1

Compare Source

v3.11.0

Compare Source

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

v3.9.4

Compare Source

v3.9.3: Version 3.9.3

Compare Source

This is the last Django REST Framework release that will support Python 2.
Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10.

• Adjusted the compat check for django-guardian to allow the last guardian
  version (v1.4.9) compatible with Python 2. #​6613

v3.9.2: Version 3.9.2

Compare Source

See Release Notes for details.

v3.9.1: Version 3.9.1

Compare Source

Change Notes:
https://www.django-rest-framework.org/community/release-notes/#​39x-series

v3.9.0: Verision 3.9.0

Compare Source

Release announcement:
https://www.django-rest-framework.org/community/3.9-announcement/

Change Notes:
https://www.django-rest-framework.org/community/release-notes/#​39x-series

v3.8.2: Version 3.8.2

Compare Source

Point release for 3.8.x series

• Fix read_only + default unique_together validation. #​5922
• authtoken.views import coreapi from rest_framework.compat, not directly. #​5921
• Docs: Add missing argument 'detail' to Route #​5920

v3.8.1: Version 3.8.1

Compare Source

• Use old url_name behavior in route decorators #​5915

  For list_route and detail_route maintain the old behavior of url_name,
  basing it on the url_path instead of the function name.

v3.8.0: Version 3.8

Compare Source

• Release Announcement

• 3.8.0 Milestone

• Breaking Change: Alter read_only plus default behaviour. #​5886

  read_only fields will now always be excluded from writable fields.

  Previously read_only fields with a default value would use the default for create and update operations.

  In order to maintain the old behaviour you may need to pass the value of read_only fields when calling save() in
  the view:

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)
  

  Alternatively you may override save() or create() or update() on the serialiser as appropriate.

• Correct allow_null behaviour when required=False #​5888

  Without an explicit default, allow_null implies a default of null for outgoing serialisation. Previously such
  fields were being skipped when read-only or otherwise not required.

  Possible backwards compatibility break if you were relying on such fields being excluded from the outgoing
  representation. In order to restore the old behaviour you can override data to exclude the field when None.

  For example:

    @​property
    def data(self):
        """
        Drop `maybe_none` field if None.
        """
        data = super().data()
        if 'maybe_none' in data and data['maybe_none'] is None:
            del data['maybe_none']
        return data
  

• Refactor dynamic route generation and improve viewset action introspectibility. #​5705

  ViewSets have been provided with new attributes and methods that allow
  it to introspect its set of actions and the details of the current action.

  • Merged list_route and detail_route into a single action decorator.
  • Get all extra actions on a ViewSet with .get_extra_actions().
  • Extra actions now set the url_name and url_path on the decorated method.
  • Enable action url reversing through .reverse_action() method (added in 3.7.4)
  • Example reverse call: self.reverse_action(self.custom_action.url_name)
  • Add detail initkwarg to indicate if the current action is operating on a
    collection or a single instance.

  Additional changes:

  • Deprecated list_route & detail_route in favor of action decorator with detail boolean.
  • Deprecated dynamic list/detail route variants in favor of DynamicRoute with detail boolean.
  • Refactored the router's dynamic route generation.

• Fix formatting of the 3.7.4 release note #​5704

• Docs: Update DRF Writable Nested Serializers references #​5711

• Docs: Fixed typo in auth URLs example. #​5713

• Improve composite field child errors #​5655

• Disable HTML inputs for dict/list fields #​5702

• Fix typo in HostNameVersioning doc #​5709

• Use rsplit to get module and classname for imports #​5712

• Formalize URLPatternsTestCase #​5703

• Add exception translation test #​5700

• Test staticfiles #​5701

• Add drf-yasg to documentation and schema 3rd party packages #​5720

• Remove unused compat._resolve_model() #​5733

• Drop compat workaround for unsupported Python 3.2 #​5734

• Prefer iter(dict) over iter(dict.keys()) #​5736

• Pass python_requires argument to setuptools #​5739

• Remove unused links from docs #​5735

• Prefer https protocol for links in docs when available #​5729

• Add HStoreField, postgres fields tests #​5654

• Always fully qualify ValidationError in docs #​5751

• Remove unreachable code from ManualSchema #​5766

• Allowed customising API documentation code samples #​5752

• Updated docs to use pip show #​5757

• Load 'static' instead of 'staticfiles' in templates #​5773

• Fixed a typo in fields docs #​5783

• Refer to "NamespaceVersioning" instead of "NamespacedVersioning" in the documentation #​5754

• ErrorDetail: add __eq__/__ne__ and __repr__ #​5787

• Replace background-attachment: fixed in docs #​5777

• Make 404 & 403 responses consistent with exceptions.APIException output #​5763

• Small fix to API documentation: schemas #​5796

• Fix schema generation for PrimaryKeyRelatedField #​5764

• Represent serializer DictField as an Object in schema #​5765

• Added docs example reimplementing ObtainAuthToken #​5802

• Add schema to the ObtainAuthToken view #​5676

• Fix request formdata handling #​5800

• Fix authtoken views imports #​5818

• Update pytest, isort #​5815 #​5817 #​5894

• Fixed active timezone handling for non ISO8601 datetimes. #​5833

• Made TemplateHTMLRenderer render IntegerField inputs when value is 0. #​5834

• Corrected endpoint in tutorial instructions #​5835

• Add Django Rest Framework Role Filters to Third party packages #​5809

• Use single copy of static assets. Update jQuery #​5823

• Changes ternary conditionals to be PEP308 compliant #​5827

• Added links to 'A Todo List API with React' and 'Blog API' tutorials #​5837

• Fix comment typo in ModelSerializer #​5844

• Add admin to installed apps to avoid test failures. #​5870

• Fixed schema for UUIDField in SimpleMetadata. #​5872

• Corrected docs on router include with namespaces. #​5843

• Test using model objects for dotted source default #​5880

• Allow traversing nullable related fields #​5849

• Added: Tutorial: Django REST with React (Django 2.0) #​5891

• Add LimitOffsetPagination.get_count to allow method override #​5846

• Don't show hidden fields in metadata #​5854

• Enable OrderingFilter to handle an empty tuple (or list) for the 'ordering' field. #​5899

• Added generic 500 and 400 JSON error handlers. #​5904

v3.7.7: Version 3.7.7

Compare Source

Point release for 3.7.x

Note: 3.7.5-3.7.7 fixed packaging issues introduced by changes in 3.7.4. That's it. Use 3.7.7.

v3.7.6

Compare Source

v3.7.5

Compare Source

v3.7.4: Version 3.7.4

Compare Source

Point Release for 3.7.x series.

• Schema: Extract method for manual_fields processing #​5633

  Allows for easier customisation of manual_fields processing, for example
  to provide per-method manual fields. AutoSchema adds get_manual_fields,
  as the intended override point, and a utility method update_fields, to
  handle by-name field replacement from a list, which, in general, you are not
  expected to override.

  Note: AutoSchema.__init__ now ensures manual_fields is a list.
  Previously may have been stored internally as None.

• Remove ulrparse compatability shim; use six instead #​5579

• Drop compat wrapper for TimeDelta.total_seconds() #​5577

• Clean up all whitespace throughout project #​5578

• Compat cleanup #​5581

• Add pygments CSS block in browsable API views #​5584 #​5587

• Remove set_rollback() from compat #​5591

• Fix request body/POST access #​5590

• Rename test to reference correct issue #​5610

• Documentation Fixes #​5611 #​5612

• Remove references to unsupported Django versions in docs and code #​5602

• Test Serializer exclude for declared fields #​5599

• Fixed schema generation for filter backends #​5613

• Minor cleanup for ModelSerializer tests #​5598

• Reimplement request attribute access w/ __getattr__ #​5617

• Fixed SchemaJSRenderer renders invalid Javascript #​5607

• Make Django 2.0 support official/explicit #​5619

• Perform type check on passed request argument #​5618

• Fix AttributeError hiding on request authenticators #​5600

• Update test requirements #​5626

• Docs: Serializer._declared_fields enable modifying fields on a serializer #​5629

• Fix packaging #​5624

• Fix readme rendering for PyPI, add readme build to CI #​5625

• Update tutorial #​5622

• Non-required fields with allow_null=True should not imply a default value #​5639

• Docs: Add allow_null serialization output note #​5641

• Update to use the Django 2.0 release in tox.ini #​5645

• Fix Serializer.data for Browsable API rendering when provided invalid data #​5646

• Docs: Note AutoSchema limitations on bare APIView #​5649

• Add .basename and .reverse_action() to ViewSet #​5648

• Docs: Fix typos in serializers documentation #​5652

• Fix override_settings compat #​5668

• Add DEFAULT_SCHEMA_CLASS setting #​5658

• Add docs note re generated BooleanField being required=False #​5665

• Add 'dist' build #​5656

• Fix typo in docstring #​5678

• Docs: Add UNAUTHENTICATED_USER = None note #​5679

• Update OPTIONS example from “Documenting Your API” #​5680

• Docs: Add note on object permissions for FBVs #​5681

• Docs: Add example to to_representation docs #​5682

• Add link to Classy DRF in docs #​5683

• Document ViewSet.action #​5685

• Fix schema docs typo #​5687

• Fix URL pattern parsing in schema generation #​5689

• Add example using source=‘*’ to custom field docs. #​5688

• Fix format_suffix_patterns behavior with Django 2 path() routes #​5691

See 3.7.4 Milestone

v3.7.3: Version 3.7.3

Compare Source

• Fix AppRegistryNotReady error importing contrib.auth views #​5567

v3.7.2: Version 3.7.2

Compare Source

Point release for 3.7.x

• Fixed Django 2.1 compatibility due to removal of django.contrib.auth.login()/logout() views. #​5510
• Add missing import for TextLexer. #​5512
• Adding examples and documentation for caching #​5514
• Include date and date-time format for schema generation #​5511
• Use triple backticks for markdown code blocks #​5513
• Interactive docs - make bottom sidebar items sticky #​5516
• Clarify pagination system check #​5524
• Stop JSONBoundField mangling invalid JSON #​5527
• Have JSONField render as textarea in Browsable API #​5530
• Schema: Exclude OPTIONS/HEAD for ViewSet actions #​5532
• Fix ordering for dotted sources #​5533
• Fix: Fields with allow_null=True should imply a default serialization value #​5518
• Ensure Location header is strictly a 'str', not subclass. #​5544
• Add import to example in api-guide/parsers #​5547
• Catch OverflowError for "out of range" datetimes #​5546
• Add djangorestframework-rapidjson to third party packages #​5549
• Increase test coverage for drf_create_token command #​5550
• Add trove classifier for Python 3.6 support. #​5555
• Add pip cache support to the Travis CI configuration #​5556
• Rename [wheel] section to [bdist_wheel] as the former is legacy #​5557
• Fix invalid escape sequence deprecation warnings #​5560
• Add interactive docs error template #​5548
• Add rounding parameter to DecimalField #​5562
• Fix all BytesWarning caught during tests #​5561
• Use dict and set literals instead of calls to dict() and set() #​5559
• Change ImageField validation pattern, use validators from DjangoImageField #​5539
• Fix processing unicode symbols in query_string by Python 2 #​5552

See 3.7.2 Milestone

v3.7.1: Version 3.7.1

Compare Source

• Fix Interactive documentation always uses false for boolean fields in requests #​5492
• Improve compatibility with Django 2.0 alpha. #​5500 #​5503
• Improved handling of schema naming collisions #​5486
• Added additional docs and tests around providing a default value for dotted source fields #​5489

3.7.1 Milestone

v3.7.0: Version 3.7.0

Compare Source

Headline feature is the ability to add per-view customisation to schema generation.

• Release Announcement: http://www.django-rest-framework.org/topics/3.7-announcement/
• 3.7.0 Milestone: https://github.com/encode/django-rest-framework/milestone/49?closed=1

---

• If you want to rebase/retry this PR, check this box