Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump django-filter from 2.2.0 to 21.1 #853

Closed
wants to merge 1 commit into from
Closed

Bump django-filter from 2.2.0 to 21.1 #853

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Sep 27, 2021

Bumps django-filter from 2.2.0 to 21.1.

Release notes

Sourced from django-filter's releases.

21.1

No release notes provided.

Version 2.4.0

  • SECURITY: Added a MaxValueValidator to the form field for NumberFilter. This prevents a potential DoS attack if numbers with very large exponents were subsequently converted to integers.

    The default limit value for the validator is 1e50.

    The new NumberFilter.get_max_validator() allows customising the used validator, and may return None to disable the validation entirely.

  • Added testing against Django 3.1 and Python 3.9.

    In addition tests against Django main development branch are now required to pass.

Version 2.3.0

https://github.com/carltongibson/django-filter/blob/master/CHANGES.rst#version-230-2020-6-5

Changelog

Sourced from django-filter's changelog.

Version 21.1 (2021-9-24)

This is a maintenance release updating CI testing for the latest non-end-of-life versions of Python and Django, and updating package metadata accordingly.

With this release django-filter is switching to a two-part CalVer versioning scheme, such as 21.1. The first number is the year. The second is the release number within that year.

On an on-going basis, Django-Filter aims to support all current Django versions, the matching current Python versions, and the latest version of Django REST Framework.

Please see:

  • Status of supported Python branches <https://devguide.python.org/#status-of-python-branches>_
  • List of supported Django versions <https://www.djangoproject.com/download/#support-versions>_

Support for Python and Django versions will be dropped when they reach end-of-life. Support for Python versions will dropped when they reach end-of-life, even when still supported by a current version of Django.

Other breaking changes are rare. Where required, every effort will be made to apply a "Year plus two" deprecation period. For example, a change initially introduced in 23.x would offer a fallback where feasible and finally be removed in 25.1. Where fallbacks are not feasible, breaking changes without deprecation will be called out in the release notes.

Beyond that change, there are few changes. Some small bugfixes, improvements to localisation, and documentation tweaks. Thanks to all who were involved.

Version 2.4.0 (2020-9-27)

  • SECURITY: Added a MaxValueValidator to the form field for NumberFilter. This prevents a potential DoS attack if numbers with very large exponents were subsequently converted to integers.

    The default limit value for the validator is 1e50.

    The new NumberFilter.get_max_validator() allows customising the used validator, and may return None to disable the validation entirely.

  • Added testing against Django 3.1 and Python 3.9.

    In addition tests against Django main development branch are now required to pass.

... (truncated)

Commits
  • 54d143f Update change notes for 21.1 release.
  • e748084 Bumped version for 21.1 release.
  • 16c4737 Removed explicit supported Python/Django version numbers from docs.
  • edcf5f3 Update README for use of CalVer.
  • 59f6431 Added Trove classifier for Django 4.0.
  • 22da0e1 Added Django 4.0 to test matrix.
  • afa4e43 Adjusted tests for Django 4.0.
  • 5a16562 Removed remaining separate mock library usages.
  • 43fd440 Fixed typo in tips.txt (#1437)
  • 512310f Updated Gettext plural forms to match Django (#1392)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump django-filter from 2.2.0 to 21.1
c6742ea 
Bumps [django-filter](https://github.com/carltongibson/django-filter) from 2.2.0 to 21.1.
- [Release notes](https://github.com/carltongibson/django-filter/releases)
- [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst)
- [Commits](carltongibson/django-filter@2.2.0...21.1)

---
updated-dependencies:
- dependency-name: django-filter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 27, 2021
@dependabot dependabot bot mentioned this pull request Sep 27, 2021
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jun 20, 2022

Superseded by #930.

@dependabot dependabot bot closed this Jun 20, 2022
@dependabot dependabot bot deleted the dependabot/pip/django-filter-21.1 branch June 20, 2022 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants