django blog - complete customization and ready to use with one click installer

MicroPyramid

Last update: Sep 18, 2022

Related tags

Overview

django-blog-it

https://travis-ci.org/MicroPyramid/django-blog-it.svg?branch=master

https://coveralls.io/repos/github/MicroPyramid/django-blog-it/badge.svg?branch=master

Simple blog package developed with Django.

Features:

Dynamic blog articles
Blog pages
Contact us page (configurable)
google analytics
SEO compliant

Installation

Install django-blog-it using the following command:

pip install django-blog-it


        (or)

git clone git://github.com/micropyramid/django-blog-it.git

cd django-blog-it

python setup.py install

Add app name in settings.py:

INSTALLED_APPS = [
   '..................',
   'simple_pagination',
   'django_blog_it.django_blog_it',
   '..................'
]

Include the django_blog_it urls in your urls.py:

from django.conf.urls import include

urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'', include('django_blog_it.urls')),
]

After installing/cloning this, add the following settings in the virtual env/bin/activate file to start discussions on blog articles

You can create your disqus account at https://disqus.com/profile/login/

# Disquss details

DISQUSSHORTNAME="Your Disquss Short Name"

export DISQUSSHORTNAME

# google api key for short url

API_KEY="google api key"

export API_KEY

# google captcha

GOOGLE_CAPTCHA_SITE_KEY="Site key"

export GOOGLE_CAPTCHA_SITE_KEY

GOOGLE_CAPTCHA_SECRET_KEY="Secret key"

export GOOGLE_CAPTCHA_SECRET_KEY

# Google Analytics Account

GOOGLE_ANALYTICS_ID="UA-123456789"

export GOOGLE_ANALYTICS_ID

# Google Login

GP_CLIENT_ID="google client id"

export GP_CLIENT_ID

GP_CLIENT_SECRET="secret key"

export GP_CLIENT_SECRET

# Facebook Login

FB_APP_ID="facebook app id"

export FB_APP_ID

FB_SECRET="023df180c6d868e76a02aec17134c843"

export FB_SECRET

# Default E-mail

DEFAULT_EMAIL="[email protected]"

export DEFAULT_EMAIL

If you cloned the package from git use virtualenv to install requirements:
```
pip install -r requirements.txt
```

You can try it by hosting on your own or deploy to Heroku with a button click.

Deploy To Heroku:

Visit our Django web development page Here

We welcome your feedback and support, raise github ticket if you want to report a bug. Need new features? Contact us here

Comments

Bump django from 1.11.21 to 1.11.23 in /sandbox
Bumps django from 1.11.21 to 1.11.23.

Commits

9748977 [1.11.x] Bumped version for 1.11.23 release.

869b34e [1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django....

ed682a2 [1.11.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and inde...

52479ac [1.11.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ...

42a66e9 [1.11.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ...

693046e [1.11.x] Added stub release notes for security releases.

6d054b5 [1.11.x] Added CVE-2019-12781 to the security release archive.

7c849b9 [1.11.x] Post-release version bump.

480380c [1.11.x] Bumped version for 1.11.22 release.

32124fc [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_S...

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
add post access to all users

Hi,

I have added the blog to my app but currently, the access to add blog is by the admin only. How do I make sure that anyone i.e all users can add blogs but the admin has the access to flag it for deletion?

thanks

opened by yatharthsharma 2
Bump pillow from 7.0.0 to 9.0.1 in /sandbox
Bumps pillow from 7.0.0 to 9.0.1.

Release notes

Sourced from pillow's releases.

9.0.1

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html

Changes

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@radarhere, @hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

9.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

Changes

Restrict builtins for ImageMath.eval() #5923 [@radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [@radarhere]

Fixed ImagePath.Path array handling #5920 [@radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [@radarhere]

Removed redundant part of condition #5915 [@radarhere]

Explicitly enable strip chopping for large uncompressed TIFFs #5517 [@kmilos]

Use the Windows method to get TCL functions on Cygwin #5807 [@DWesl]

Changed error type to allow for incremental WebP parsing #5404 [@radarhere]

Improved I;16 operations on big endian #5901 [@radarhere]

Ensure that BMP pixel data offset does not ignore palette #5899 [@radarhere]

Limit quantized palette to number of colors #5879 [@radarhere]

Use latin1 encoding to decode bytes #5870 [@radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [@radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [@radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [@radarhere]

Added rounding when converting P and PA #5824 [@radarhere]

Improved putdata() documentation and data handling #5910 [@radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [@radarhere]

Image.NONE is only used for resampling and dithers #5908 [@radarhere]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [@radarhere]

Add Tidelift alignment action and badge #5763 [@aclark4life]

Replaced further direct invocations of setup.py #5906 [@radarhere]

Added ImageShow support for xdg-open #5897 [@m-shinder]

Fixed typo #5902 [@radarhere]

Switched from deprecated "setup.py install" to "pip install ." #5896 [@radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [@cmbruns]

Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK #5872 [@radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [@radarhere]

WebP: Fix memory leak during decoding on failure #5798 [@ilai-deutel]

Do not prematurely return in ImageFile when saving to stdout #5665 [@infmagic2047]

Added support for top right and bottom right TGA orientations #5829 [@radarhere]

Corrected ICNS file length in header #5845 [@radarhere]

Block tile TIFF tags when saving #5839 [@radarhere]

Added line width argument to ImageDraw polygon #5694 [@radarhere]

Do not redeclare class each time when converting to NumPy #5844 [@radarhere]

Only prevent repeated polygon pixels when drawing with transparency #5835 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.0.1 (2022-02-03)

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [radarhere, hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

9.0.0 (2022-01-02)

Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

Improved I;16 operations on big endian #5901 [radarhere]

Limit quantized palette to number of colors #5879 [radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

Added rounding when converting P and PA #5824 [radarhere]

Improved putdata() documentation and data handling #5910 [radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

... (truncated)

Commits

6deac9e 9.0.1 version bump

c04d812 Update CHANGES.rst [ci skip]

4fabec3 Added release notes for 9.0.1

02affaa Added delay after opening image with xdg-open

ca0b585 Updated formatting

427221e In show_file, use os.remove to remove temporary images

c930be0 Restrict builtins within lambdas for ImageMath.eval

75b69dd Dont need to pin for GHA

cd938a7 Autolink CWE numbers with sphinx-issues

2e9c461 Add CVE IDs

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump django from 2.2.10 to 2.2.27 in /sandbox
Bumps django from 2.2.10 to 2.2.27.

Commits

e541f2d [2.2.x] Bumped version for 2.2.27 release.

c477b76 [2.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.

c27a7eb [2.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.

4cafd3a [2.2.x] Added stub release notes 2.2.27.

77d0fe5 [2.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security ...

e085d46 [2.2.x] Post-release version bump.

44e7cca 2.2.x] Bumped version for 2.2.26 release.

4cb35b3 [2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage sub...

c9f648c [2.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dic...

2135637 [2.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilari...

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pillow from 7.0.0 to 9.0.0 in /sandbox
Bumps pillow from 7.0.0 to 9.0.0.

Release notes

Sourced from pillow's releases.

9.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

Changes

Restrict builtins for ImageMath.eval() #5923 [@radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [@radarhere]

Fixed ImagePath.Path array handling #5920 [@radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [@radarhere]

Removed redundant part of condition #5915 [@radarhere]

Explicitly enable strip chopping for large uncompressed TIFFs #5517 [@kmilos]

Use the Windows method to get TCL functions on Cygwin #5807 [@DWesl]

Changed error type to allow for incremental WebP parsing #5404 [@radarhere]

Improved I;16 operations on big endian #5901 [@radarhere]

Ensure that BMP pixel data offset does not ignore palette #5899 [@radarhere]

Limit quantized palette to number of colors #5879 [@radarhere]

Use latin1 encoding to decode bytes #5870 [@radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [@radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [@radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [@radarhere]

Added rounding when converting P and PA #5824 [@radarhere]

Improved putdata() documentation and data handling #5910 [@radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [@radarhere]

Image.NONE is only used for resampling and dithers #5908 [@radarhere]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [@radarhere]

Add Tidelift alignment action and badge #5763 [@aclark4life]

Replaced further direct invocations of setup.py #5906 [@radarhere]

Added ImageShow support for xdg-open #5897 [@m-shinder]

Fixed typo #5902 [@radarhere]

Switched from deprecated "setup.py install" to "pip install ." #5896 [@radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [@cmbruns]

Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK #5872 [@radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [@radarhere]

WebP: Fix memory leak during decoding on failure #5798 [@ilai-deutel]

Do not prematurely return in ImageFile when saving to stdout #5665 [@infmagic2047]

Added support for top right and bottom right TGA orientations #5829 [@radarhere]

Corrected ICNS file length in header #5845 [@radarhere]

Block tile TIFF tags when saving #5839 [@radarhere]

Added line width argument to ImageDraw polygon #5694 [@radarhere]

Do not redeclare class each time when converting to NumPy #5844 [@radarhere]

Only prevent repeated polygon pixels when drawing with transparency #5835 [@radarhere]

Fix pushes_fd method signature #5833 [@hoodmane]

Add support for pickling TrueType fonts #5826 [@hugovk]

Only prefer command line tools SDK on macOS over default MacOSX SDK #5828 [@radarhere]

Fix compilation on 64-bit Termux #5793 [@landfillbaby]

Replace 'setup.py sdist' with '-m build --sdist' #5785 [@hugovk]

Use declarative package configuration #5784 [@hugovk]

Use title for display in ImageShow #5788 [@radarhere]

Fix for PyQt6 #5775 [@hugovk]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.0.0 (2022-01-02)

Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

Improved I;16 operations on big endian #5901 [radarhere]

Limit quantized palette to number of colors #5879 [radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

Added rounding when converting P and PA #5824 [radarhere]

Improved putdata() documentation and data handling #5910 [radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

Added ImageShow support for xdg-open #5897 [m-shinder, radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [cmbruns, radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [radarhere]

... (truncated)

Commits

82541b6 9.0.0 version bump

cae5ac4 Merge pull request #5924 from radarhere/cves

ed4cf78 CVEs TBD

d7f60d1 Merge pull request #5923 from radarhere/imagemath_eval

8531b01 Restrict builtins for ImageMath.eval

1efb1d9 Merge pull request #5922 from radarhere/releasenotes

f6c7871 Added release notes for #5919, #5920 and #5921

032d2dc Update CHANGES.rst [ci skip]

baae9ec Merge pull request #5921 from radarhere/jpeg_eoi

1059eb5 If appended EOI did not work, do not keep trying

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pillow from 7.0.0 to 8.3.2 in /sandbox
Bumps pillow from 7.0.0 to 8.3.2.

Release notes

Sourced from pillow's releases.

8.3.2

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

Security

CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

Fix 6-byte OOB read in FliDecode [wiredfool]

Python 3.10 wheels

Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

Fixed regressions

Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

Updates for ImagePalette channel order #5599 [radarhere]

Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html

Changes

Catch OSError when checking if fp is sys.stdout #5585 [@radarhere]

Handle removing orientation from alternate types of EXIF data #5584 [@radarhere]

Make Image.array take optional dtype argument #5572 [@t-vi]

8.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html

Changes

Use snprintf instead of sprintf #5567 [@radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [@kmilos]

Allow ICNS save on all operating systems #4526 [@newpanjing]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [@gofr]

Do not use background or transparency index for new color #5564 [@radarhere]

Simplified code #5315 [@radarhere]

Replaced xml.etree.ElementTree #5565 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

8.3.2 (2021-09-02)

CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

Fix 6-byte OOB read in FliDecode [wiredfool]

Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

Updates for ImagePalette channel order #5599 [radarhere]

Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1 (2021-07-06)

Catch OSError when checking if fp is sys.stdout #5585 [radarhere]

Handle removing orientation from alternate types of EXIF data #5584 [radarhere]

Make Image.array take optional dtype argument #5572 [t-vi, radarhere]

8.3.0 (2021-07-01)

Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]

Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [gofr, radarhere]

Replaced xml.etree.ElementTree #5565 [radarhere]

... (truncated)

Commits

8013f13 8.3.2 version bump

23c7ca8 Update CHANGES.rst

8450366 Update release notes

a0afe89 Update test case

9e08eb8 Raise ValueError if color specifier is too long

bd5cf7d FLI tests for Oss-fuzz crash.

94a0cf1 Fix 6-byte OOB read in FliDecode

cece64f Add 8.3.2 (2021-09-02) [CI skip]

e422386 Add release notes for Pillow 8.3.2

08dcbb8 Pillow 8.3.2 supports Python 3.10 [ci skip]

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump django from 2.2.10 to 2.2.24 in /sandbox
Bumps django from 2.2.10 to 2.2.24.

Commits

2da029d [2.2.x] Bumped version for 2.2.24 release.

f27c38a [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.

053cc95 [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs'...

6229d87 [2.2.x] Confirmed release date for Django 2.2.24.

f163ad5 [2.2.x] Added stub release notes and date for Django 2.2.24.

bed1755 [2.2.x] Changed IRC references to Libera.Chat.

63f0d7a [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fi...

5fe4970 [2.2.x] Post-release version bump.

61f814f [2.2.x] Bumped version for 2.2.23 release.

b8ecb06 [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump django from 2.2.10 to 2.2.22 in /sandbox
Bumps django from 2.2.10 to 2.2.22.

Commits

df9fd46 [2.2.x] Bumped version for 2.2.22 release.

d9594c4 [2.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs fro...

1637003 [2.2.x] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.

bcafd9b [2.2.x] Added CVE-2021-31542 to security archive.

3931dc7 [2.2.x] Post-release version bump.

ff1385a [2.2.x] Bumped version for 2.2.21 release.

04ac162 [2.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file...

7f1b088 [2.2.x] Added CVE-2021-28658 to security archive.

e95fbb6 [2.2.x] Post-release version bump.

ad9fa56 [2.2.x] Bumped version for 2.2.20 release.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pillow from 7.0.0 to 8.2.0 in /sandbox
Bumps pillow from 7.0.0 to 8.2.0.

Release notes

Sourced from pillow's releases.

8.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html

Changes

Security fixes for 8.2.0 #5377 [@hugovk]

Move getxmp() to JpegImageFile #5376 [@radarhere]

Added getxmp() method #5144 [@UrielMaD]

Compile LibTIFF with CMake on Windows #5359 [@nulano]

Add ImageShow support for GraphicsMagick #5349 [@latosha-maltba]

Tiff crash fixes in TiffDecode.c #5372 [@wiredfool]

Remove redundant check (addition to #5364) #5366 [@kkopachev]

Do not load transparent pixels from subsequent GIF frames #5333 [@radarhere]

Use LZW encoding when saving GIF images #5291 [@raygard]

Set all transparent colors to be equal in quantize() #5282 [@radarhere]

Allow PixelAccess to use Python int when parsing x and y #5206 [@radarhere]

Removed Image._MODEINFO #5316 [@radarhere]

Add preserve_tone option to autocontrast #5350 [@elejke]

Only import numpy when necessary #5323 [@radarhere]

Fixed linear_gradient and radial_gradient I and F modes #5274 [@radarhere]

Add support for reading TIFFs with PlanarConfiguration=2 #5364 [@wiredfool]

More OSS-Fuzz support #5328 [@wiredfool]

Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [@nulano]

Use quantization method attributes #5353 [@radarhere]

Dynamically link FriBiDi instead of Raqm #5062 [@nulano]

Removed build_distance_tables return value #5363 [@radarhere]

Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [@radarhere]

Use duration from info dictionary when saving WebP #5338 [@radarhere]

Improved efficiency when creating GIF disposal images #5326 [@radarhere]

Stop flattening EXIF IFD into getexif() #4947 [@radarhere]

Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images #5343 [@radarhere]

Save ICC profile from TIFF encoderinfo #5321 [@radarhere]

Moved RGB fix inside ImageQt class #5268 [@radarhere]

Fix -Wformat error in TiffDecode #5305 [@lukegb]

Allow alpha_composite destination to be negative #5313 [@radarhere]

Ensure file is closed if it is opened by ImageQt.ImageQt #5260 [@radarhere]

Added ImageDraw rounded_rectangle method #5208 [@radarhere]

Added IPythonViewer #5289 [@radarhere]

Only draw each rectangle outline pixel once #5183 [@radarhere]

Use mmap instead of built-in Win32 mapper #5224 [@radarhere]

Handle PCX images with an odd stride #5214 [@radarhere]

Only read different sizes for "Large Thumbnail" MPO frames #5168 [@radarhere]

Dependencies

Updated harfbuzz to 2.8.0 #5334 [@radarhere]

Deprecations

... (truncated)

Changelog

Sourced from pillow's changelog.

8.2.0 (2021-04-01)

Added getxmp() method #5144 [UrielMaD, radarhere]

Add ImageShow support for GraphicsMagick #5349 [latosha-maltba, radarhere]

Do not load transparent pixels from subsequent GIF frames #5333 [zewt, radarhere]

Use LZW encoding when saving GIF images #5291 [raygard]

Set all transparent colors to be equal in quantize() #5282 [radarhere]

Allow PixelAccess to use Python int when parsing x and y #5206 [radarhere]

Removed Image._MODEINFO #5316 [radarhere]

Add preserve_tone option to autocontrast #5350 [elejke, radarhere]

Fixed linear_gradient and radial_gradient I and F modes #5274 [radarhere]

Add support for reading TIFFs with PlanarConfiguration=2 #5364 [kkopachev, wiredfool, nulano]

Deprecated categories #5351 [radarhere]

Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [nulano]

Dynamically link FriBiDi instead of Raqm #5062 [nulano]

Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [radarhere]

Use duration from info dictionary when saving WebP #5338 [radarhere]

Stop flattening EXIF IFD into getexif() #4947 [radarhere, kkopachev]

... (truncated)

Commits

e0e353c 8.2.0 version bump

ee635be Merge pull request #5377 from hugovk/security-and-release-notes

694c84f Fix typo [ci skip]

8febdad Review, typos and lint

fea4196 Reorder, roughly alphabetic

496245a Fix BLP DOS -- CVE-2021-28678

22e9bee Fix DOS in PSDImagePlugin -- CVE-2021-28675

ba65f0b Fix Memory DOS in ImageFont

bb6c11f Fix FLI DOS -- CVE-2021-28676

5a5e6db Fix EPS DOS on _open -- CVE-2021-28677

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump django from 2.2.10 to 2.2.21 in /sandbox
Bumps django from 2.2.10 to 2.2.21.

Commits

ff1385a [2.2.x] Bumped version for 2.2.21 release.

04ac162 [2.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file...

7f1b088 [2.2.x] Added CVE-2021-28658 to security archive.

e95fbb6 [2.2.x] Post-release version bump.

ad9fa56 [2.2.x] Bumped version for 2.2.20 release.

4036d62 [2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploa...

6e58828 [2.2.x] Added CVE-2021-23336 to security archive.

1fb4628 [2.2.x] Post-release version bump.

21a5547 [2.2.x] Bumped version for 2.2.19 release.

fd6b6af [2.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.ht...

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump django from 2.2.10 to 2.2.20 in /sandbox
Bumps django from 2.2.10 to 2.2.20.

Commits

ad9fa56 [2.2.x] Bumped version for 2.2.20 release.

4036d62 [2.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploa...

6e58828 [2.2.x] Added CVE-2021-23336 to security archive.

1fb4628 [2.2.x] Post-release version bump.

21a5547 [2.2.x] Bumped version for 2.2.19 release.

fd6b6af [2.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.ht...

226d831 [2.2.x] Added documentation extlink for bugs.python.org.

34010d8 [2.2.x] Added CVE-2021-3281 to security archive.

06ae7e0 [2.2.x] Post-release version bump.

fc0c8cf [2.2.x] Bumped version for 2.2.18 release.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pillow from 7.0.0 to 9.3.0 in /sandbox
Bumps pillow from 7.0.0 to 9.3.0.

Release notes

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

Initialize libtiff buffer when saving #6699 [@radarhere]

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@wiredfool]

Inline fname2char to fix memory leak #6329 [@nulano]

Fix memory leaks related to text features #6330 [@nulano]

Use double quotes for version check on old CPython on Windows #6695 [@hugovk]

GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@nulano]

Remove backup implementation of Round for Windows platforms #6693 [@cgohlke]

Upload fribidi.dll to GitHub Actions #6532 [@nulano]

Fixed set_variation_by_name offset #6445 [@radarhere]

Windows build improvements #6562 [@nulano]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [@cgohlke]

Only use ASCII characters in C source file #6691 [@cgohlke]

Release Python GIL when converting images using matrix operations #6418 [@hmaarrfk]

Added ExifTags enums #6630 [@radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [@radarhere]

Added support for reading BMP images with RLE4 compression #6674 [@npjg]

Decode JPEG compressed BLP1 data in original mode #6678 [@radarhere]

pylint warnings #6659 [@marksmayo]

Added GPS TIFF tag info #6661 [@radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [@radarhere]

Do not attempt normalization if mode is already normal #6644 [@radarhere]

Fixed seeking to an L frame in a GIF #6576 [@radarhere]

Consider all frames when selecting mode for PNG save_all #6610 [@radarhere]

Don't reassign crc on ChunkStream close #6627 [@radarhere]

Raise a warning if NumPy failed to raise an error during conversion #6594 [@radarhere]

Only read a maximum of 100 bytes at a time in IMT header #6623 [@radarhere]

Show all frames in ImageShow #6611 [@radarhere]

Allow FLI palette chunk to not be first #6626 [@radarhere]

If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@radarhere]

Round box position to integer when pasting embedded color #6517 [@radarhere]

Removed EXIF prefix when saving WebP #6582 [@radarhere]

Pad IM palette to 768 bytes when saving #6579 [@radarhere]

Added DDS BC6H reading #6449 [@ShadelessFox]

Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@JayWiz]

Raise an error when allocating translucent color to RGB palette #6654 [@jsbueno]

Moved mode check outside of loops #6650 [@radarhere]

Added reading of TIFF child images #6569 [@radarhere]

Improved ImageOps palette handling #6596 [@PososikTeam]

Defer parsing of palette into colors #6567 [@radarhere]

Apply transparency to P images in ImageTk.PhotoImage #6559 [@radarhere]

Use rounding in ImageOps contain() and pad() #6522 [@bibinhashley]

Fixed GIF remapping to palette with duplicate entries #6548 [@radarhere]

Allow remap_palette() to return an image with less than 256 palette entries #6543 [@radarhere]

Corrected BMP and TGA palette size when saving #6500 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

Initialize libtiff buffer when saving #6699 [radarhere]

Inline fname2char to fix memory leak #6329 [nulano]

Fix memory leaks related to text features #6330 [nulano]

Use double quotes for version check on old CPython on Windows #6695 [hugovk]

Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

Fixed set_variation_by_name offset #6445 [radarhere]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

Added ExifTags enums #6630 [radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

Added GPS TIFF tag info #6661 [radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

Commits

d594f4c Update CHANGES.rst [ci skip]

909dc64 9.3.0 version bump

1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer

2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec

744f455 Added release notes

0846bfa Add to release notes

799a6a0 Fix linting

00b25fd Hide UserWarning in logs

05b175e Tighter test case

13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump django from 2.2.10 to 2.2.28 in /sandbox
Bumps django from 2.2.10 to 2.2.28.

Commits

5c33000 [2.2.x] Bumped version for 2.2.28 release.

29a6c98 [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against...

2c09e68 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), a...

8352b98 [2.2.x] Added stub release notes for 2.2.28.

2801f29 [2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."

e03648f [2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.

9d13d8c [2.2.x] Fixed typo in release notes.

047ece3 [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.

2427b2f [2.2.x] Post-release version bump.

e541f2d [2.2.x] Bumped version for 2.2.27 release.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Working example

Does anyone have an example of this code in its working form?

I'm interested to download this Django micro pyramid blog but I am curious to see what it looks like, so I'm hoping someone can share a screenshot of the finished product.

opened by datatalking 3
Easy html and css overwriting

First of all, I do not have may experiences with package modification so please be patient.

I need to integrate the app in my project and to have a functional blog page. For this i need a integrated solution but that will use my base.html and design model.

To have possibility to create a new_base.html that will change all the blog-it pages. More details about CSS classes and how to change the design. At least to have the possibility to change the color pallet.

opened by hellyworld 0
Heroku deploy failing.

-----> Python app detected -----> Installing python-3.6.8 -----> Installing pip -----> Installing SQLite3 -----> Installing requirements with pip Collecting boto==2.40.0 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 1)) Downloading https://files.pythonhosted.org/packages/41/b4/f788bf1ed5f35f2dc29410f41a38688584d25babbfdf2528b09e00a77438/boto-2.40.0-py2.py3-none-any.whl (1.3MB) Collecting Django==1.11.21 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/a2/84/9f66e359ba8e63cf9b54f6815ed55188dda43cd1cc951a8bb95542dee956/Django-1.11.21-py2.py3-none-any.whl (6.9MB) Collecting django-simple-pagination==1.1.4 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/68/b8/2d27c49f1a500e67d05501c3b5aecf02800cfd6d534cd2e79fa6c631932e/django-simple-pagination-1.1.4.tar.gz Collecting django-storages==1.4.1 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 4)) Downloading https://files.pythonhosted.org/packages/14/94/0a90cd3e36a0db7a46126aad0c91a5365b0fbb94de378c198afae9740645/django_storages-1.4.1-py2.py3-none-any.whl (41kB) Collecting Pillow==4.3.0 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 5)) Downloading https://files.pythonhosted.org/packages/3c/5c/44a8f05da34cbb495e5330825c2204b9fa761357c87bc0bc1785b1d76e41/Pillow-4.3.0-cp36-cp36m-manylinux1_x86_64.whl (5.8MB) Collecting requests==2.20.0 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/f1/ca/10332a30cb25b627192b4ea272c351bce3ca1091e541245cccbace6051d8/requests-2.20.0-py2.py3-none-any.whl (60kB) Collecting gunicorn==19.6.0 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 7)) Downloading https://files.pythonhosted.org/packages/72/de/ec28a64885e0b390063379cca601b60b1f9e51367e0c76030ac8a5cddd5e/gunicorn-19.6.0-py2.py3-none-any.whl (114kB) Collecting whitenoise==3.1 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 8)) Downloading https://files.pythonhosted.org/packages/3f/6d/020ae7ab9b53e1969a6c2f7e985b9296c7e820305405249fdf18d271282c/whitenoise-3.1-py2.py3-none-any.whl Collecting dj-database-url==0.4.1 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 9)) Downloading https://files.pythonhosted.org/packages/39/9f/30f937db9f9e7a4e4e3205682af4c34c65d647ff9850897ddfbbf5dc6178/dj-database-url-0.4.1.tar.gz Collecting psycopg2==2.7.1 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 10)) Downloading https://files.pythonhosted.org/packages/90/bb/fd1a81e1a51b2df2d825e778fd58d508a4fc9ab360684348222bda3ff704/psycopg2-2.7.1-cp36-cp36m-manylinux1_x86_64.whl (2.7MB) Collecting microurl==0.1.1 (from -r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 11)) Downloading https://files.pythonhosted.org/packages/8b/79/d095ee579956afa6dd7d5bd7da6c2c0b014ab0db191e433f7684dab75675/microurl-0.1.1.tar.gz Collecting pytz (from Django==1.11.21->-r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/87/76/46d697698a143e05f77bec5a526bf4e56a0be61d63425b68f4ba553b51f2/pytz-2019.2-py2.py3-none-any.whl (508kB) Collecting olefile (from Pillow==4.3.0->-r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 5)) Downloading https://files.pythonhosted.org/packages/34/81/e1ac43c6b45b4c5f8d9352396a14144bba52c8fec72a80f425f6a4d653ad/olefile-0.46.zip (112kB) Collecting certifi>=2017.4.17 (from requests==2.20.0->-r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/69/1b/b853c7a9d4f6a6d00749e94eb6f3a041e342a885b87340b79c1ef73e3a78/certifi-2019.6.16-py2.py3-none-any.whl (157kB) Collecting idna<2.8,>=2.5 (from requests==2.20.0->-r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl (58kB) Collecting chardet<3.1.0,>=3.0.2 (from requests==2.20.0->-r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB) Collecting urllib3<1.25,>=1.21.1 (from requests==2.20.0->-r /tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/01/11/525b02e4acc0c747de8b6ccdab376331597c569c42ea66ab0a1dbd36eca2/urllib3-1.24.3-py2.py3-none-any.whl (118kB) Installing collected packages: boto, pytz, Django, django-simple-pagination, django-storages, olefile, Pillow, certifi, idna, chardet, urllib3, requests, gunicorn, whitenoise, dj-database-url, psycopg2, microurl Running setup.py install for django-simple-pagination: started Running setup.py install for django-simple-pagination: finished with status 'done' Running setup.py install for olefile: started Running setup.py install for olefile: finished with status 'done' Running setup.py install for dj-database-url: started Running setup.py install for dj-database-url: finished with status 'done' Running setup.py install for microurl: started Running setup.py install for microurl: finished with status 'done' Successfully installed Django-1.11.21 Pillow-4.3.0 boto-2.40.0 certifi-2019.6.16 chardet-3.0.4 dj-database-url-0.4.1 django-simple-pagination-1.1.4 django-storages-1.4.1 gunicorn-19.6.0 idna-2.7 microurl-0.1.1 olefile-0.46 psycopg2-2.7.1 pytz-2019.2 requests-2.20.0 urllib3-1.24.3 whitenoise-3.1 -----> $ python sandbox/manage.py collectstatic --noinput Traceback (most recent call last): File "sandbox/manage.py", line 10, in execute_from_command_line(sys.argv) File "/app/.heroku/python/lib/python3.6/site-packages/django/core/management/init.py", line 364, in execute_from_command_line utility.execute() File "/app/.heroku/python/lib/python3.6/site-packages/django/core/management/init.py", line 356, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/app/.heroku/python/lib/python3.6/site-packages/django/core/management/base.py", line 283, in run_from_argv self.execute(*args, **cmd_options) File "/app/.heroku/python/lib/python3.6/site-packages/django/core/management/base.py", line 330, in execute output = self.handle(*args, **options) File "/app/.heroku/python/lib/python3.6/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 199, in handle collected = self.collect() File "/app/.heroku/python/lib/python3.6/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 115, in collect for path, storage in finder.list(self.ignore_patterns): File "/app/.heroku/python/lib/python3.6/site-packages/django/contrib/staticfiles/finders.py", line 112, in list for path in utils.get_files(storage, ignore_patterns): File "/app/.heroku/python/lib/python3.6/site-packages/django/contrib/staticfiles/utils.py", line 28, in get_files directories, files = storage.listdir(location) File "/app/.heroku/python/lib/python3.6/site-packages/django/core/files/storage.py", line 397, in listdir for entry in os.listdir(path): FileNotFoundError: [Errno 2] No such file or directory: '/tmp/build_a3434d6dd43d5544a2406f6b655b3189/sandbox/static' ! Error while running '$ python sandbox/manage.py collectstatic --noinput'. See traceback above for details. You may need to update application code to resolve this error. Or, you can disable collectstatic for this application: $ heroku config:set DISABLE_COLLECTSTATIC=1 https://devcenter.heroku.com/articles/django-assets ! Push rejected, failed to compile Python app. ! Push failed

opened by vitorsilvadeus 2