chore(deps): update dependency djangorestframework to v3.15.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
djangorestframework (source, changelog)	3.13.1 → 3.15.2

GitHub Vulnerability Alerts

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.

---

Release Notes

encode/django-rest-framework (djangorestframework)

v3.15.2

Compare Source

What's Changed

• Add @​api_view example to caching documentation by @​BradWells in #​9131
• Update docstring by @​jthevos in #​9340
• Apply black formatting to caching markdown by @​jthevos in #​9341
• Update renderers documentation example by @​mgaligniana in #​9362
• Removing live examples of tutorial code that are no longer hosted by @​TGoddessana in #​9363
• Docs: Remove an unnecessary step from quickstart.md by @​gogowitsch in #​9387
• Documentation: Add Python 3.12 to the requirements by @​Szaroslav in #​9382
• Tweak README.md links. by @​tomchristie in #​9375
• Revert "Ensure CursorPagination respects nulls in the ordering field" by @​max-muoto in #​9381
• use warnings rather than logging a warning for DecimalField warnings by @​terencehonles in #​9367
• 2024042 docs by @​peterthomassen in #​9392
• Cleanup by @​peterthomassen in #​9393
• tests: Check urlpatterns after cleanups by @​stanislavlevin in #​9400
• docs: Correct some evaluation results and a httpie option in Tutorial1 by @​wkwkhautbois in #​9421
• Add __hash__ method for permissions.OperandHolder class by @​vanya909 in #​9417
• Fix potential XSS vulnerability in break_long_headers template filter by @​ch4n3-yoon in #​9435
• Version 3.15.2. by @​tomchristie in #​9439

New Contributors

• @​BradWells made their first contribution in #​9131
• @​jthevos made their first contribution in #​9340
• @​gogowitsch made their first contribution in #​9387
• @​Szaroslav made their first contribution in #​9382
• @​wkwkhautbois made their first contribution in #​9421
• @​ch4n3-yoon made their first contribution in #​9435

Full Changelog: encode/django-rest-framework@3.15.1...3.15.2

v3.15.1: Version 3.15.1

Compare Source

What's Changed

• Update the message to be consistent with the Django `HttpResponseBa… by @​maycuatroi in #​9287
• Make inflection package truly optional by @​browniebroke in #​9303
• Fix broken links in release notes for 3.15 by @​browniebroke in #​9305
• TokenAdmin.autocomplete_fields Breaks Some Use Cases, Revert by @​alexdlaird in #​9301
• Add drf-sendables to third-party-packages.md by @​amikrop in #​9261
• Revert "feat: Add some changes to ValidationError to support django style vad…" by @​auvipy in #​9326
• Revert "Re-prefetch related objects after updating" by @​auvipy in #​9327
• Revert #​8863 by @​tomchristie in #​9330
• Revert #​8009 by @​tomchristie in #​9332
• Revert #​9030 by @​tomchristie in #​9333
• Revert "Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespaces" by @​auvipy in #​9335
• SearchFilter.get_search_terms returns list. by @​tomchristie in #​9338
• Version 3.15.1 by @​tomchristie in #​9339

New Contributors

• @​maycuatroi made their first contribution in #​9287
• @​alexdlaird made their first contribution in #​9301

Full Changelog: encode/django-rest-framework@3.15.0...3.15.1

v3.15.0

Compare Source

v3.14.0: Version 3.14.0

Compare Source

• Django 2.2 is no longer supported. #​8662
• Django 4.1 compatibility. #​8591
• Add --api-version CLI option to generateschema management command. #​8663
• Enforce is_valid(raise_exception=False) as a keyword-only argument. #​7952
• Stop calling set_context on Validators. #​8589
• Return NotImplemented from ErrorDetails.__ne__. #​8538
• Don't evaluate DateTimeField.default_timezone when a custom timezone is set. #​8531
• Make relative URLs clickable in Browseable API. #​8464
• Support ManyRelatedField falling back to the default value when the attribute specified by dot notation doesn't exist. Matches ManyRelatedField.get_attribute to Field.get_attribute. #​7574
• Make schemas.openapi.get_reference public. #​7515
• Make ReturnDict support dict union operators on Python 3.9 and later. #​8302
• Update throttling to check if request.user is set before checking if the user is authenticated. #​8370

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
elucidate-frontend	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 6, 2024 10:43am