Portfolio and E-commerce site built on Python-Django and Stripe checkout

Overview

StripeMe

Introduction

Stripe Me is an e-commerce and portfolio website offering communication services, including web-development, graphic design and branding consultancy.

This is my final project of four Milestone Projects that make up the Full-Stack Web Development Diploma Training at Code Institute. Project main requirements are: to build a full-stack website with the use of HTML, CSS, JavaScript, Python, Django and a relational database; as well as the implementation of a checkout functionality, which has been achieved through the use of Stripe.

Stripe Me is therefore a Python-Django web application, backed by a PostgreSQL (and SQLite3) database, and deployed via the Heroku PaaS. This project uses the Stripe Checkout API (for educational purposes only: not currently taking real card payments) and is styled using the Bootstrap Grid System.

NOTE: If you would like to test the payment functionality of this project, please create an account and use the card number 4242 4242 4242 4242 with any address details, expiry date and CVC that you choose.

Click here to view the project live.

As you read this document, you will find my complete development process, from UX strategy to deployment. Thank you for reading! -- Kes Cardoso

Contents table

UX

Wireframe

Link to the wireframe on Figma

Color Palette

enter image description here

App Logo

Stripe Me Favicon enter image description here

User Stories

Click on the image to see it larger:

User and Their Goals

Since Covid-19 became a global pandemic, many people around the world began to live through lockdowns. Many began to work from home; others lost their jobs. With uncertainty becoming a norm, we can't know when, or if, our societies will return to normal and what consequences the pandemic will leave behind.

Overall, Covid-19 has normalized remote work, and a significant part of our global population is looking for online alternatives for their income: either by creating a new online entrepreneurial project, or by improving the one already in place, or by transferring their main activity from a physical, local organization to an online shop.

For many people, including artists, artisans, small business owners or independent contractors this technological transition can be challenging and expensive, specially during these troubling times.

Stripe Me provides easy and straightforward web-development, graphic design and digital marketing consultancy services for English-speaking users around the world (payments in US dollar). This project gears towards freelancers, entrepreneurs, and small to medium business alike, leveraging their online inception and profits during pandemic crisis.

Here, available services are already formatted and able to be personalized: they are presented with a starter model and options, and the user can customize their order in terms of color scheme, dimensions, and content. Consultancy sessions are also available for users who wish to have higher control and a more professionally involved approach to their digital business development. By setting up basic formats and options that can be personalized, Stripe Me keeps prices affordable and delivery time optimized, and is therefore a great digital services provider for the pandemic times.

User Avatar

  • Cross-cultural English-speaking men and women, affected or not by Covid-19;
  • Freelancers, entrepreneurs, small business owners looking for online alternatives for their jobs of entrepreneurial projects;
  • Travelers, digital nomads, independent culture and art contractors, without a business address and interested in building an online presence for their income activities.

User's Main challenges

Some main challenges regular people and non-technical professionals encounter are:

  • They find websites hard to understand and to build.
  • They don't have time to learn new technologies.
  • Their budget is limited due to current Covid-19 and the economic crisis.
  • They rely on free or limited website building services, but they miss the UX and development quality they desire.
  • They are not sure what they need in technological terms, and they appreciate guidance.
  • They need a personalized e-commerce project that still keeps features basic and affordable.
  • They feel intimidated by traditional digital agencies, and they prefer a more friendly, one-to-one approach.

Database Structure

Stripe Me is built on Django, and primarily uses the SQLite3 database during all development stages. Through the deployment to Heroku, the database was changed to a PostgreSQL database as that is provided by Heroku as an add-on for production.

The Django’s default user model for authorization is also in use, which allows the project to meet one of the main requirements of separating features by anonymous users, users in session and superusers.

The structure of the Checkout and Services apps are inspired by one of Code Institute's mini projects: Boutique Ado.

The main database structure models are documented below.

Profiles App

---->> UserProfile Model

Name Database Key Field Type Validation
User user OneToOneField 'User' on_delete=models.CASCADE
Phone number default_phone_number CharField max_length=20, null=True, blank=True
Address Line1 default_street_address1 CharField max_length=80, null=True, blank=True
Address Line2 default_street_address2 CharField max_length=80, null=True, blank=True
Postcode default_postcode CharField max_length=20, null=True, blank=True
Town/City default_town_or_city CharField max_length=40, null=True, blank=True
County default_county CharField max_length=80, null=True, blank=True
Country default_country CountryField blank_label='Country', null=True, blank=True

Checkout App

---->> Checkout Model

Name Database Key Field Type Validation
Order Number order_number CharField max_length=32, null=False, editable=False
User Profile user_profile ForeignKey 'UserProfile' on_delete=models.SET_NULL, null=True, blank=True, related_name='orders'
Full Name full_name CharField max_length=50, null=False, blank=False
Email email EmailField max_length=254, null=False, blank=False
Country country CountryField blank_label='Country*', null=False, blank=False
Postcode postcode CharField max_length=20, null=True, blank=True
Town/City town_or_city CharField max_length=40, null=False, blank=False
Phone number phone_number CharField max_length=20, null=False, blank=False
Street Address 1 street_address1 CharField max_length=80, null=False, blank=False
Street Address 2 street_address2 CharField max_length=80, null=False, blank=True
County county CharField max_length=80, null=True, blank=True
Date date DateTimeField auto_now_add=True
Total Price total_price DecimalField max_digits=10, decimal_places=2, null=False, default=0
Original Retreat original_retreat TextField null=False, blank=False, default=''
Stripe Pid stripe_pid CharField max_length=254, null=False, blank=False, default=''

---->> OrderLineItem Model

Name Database Key Field Type Validation
Order order ForeignKey 'Order' null=False, blank=False, on_delete=models.CASCADE, related_name='lineitems'
Service service ForeignKey 'Service' null=False, blank=False, on_delete=models.CASCADE
User Message service_user_message CharField max_length=250, null=True, blank=True
Quantity quantity IntegerField null=False, blank=False, default=0
Lineitem Total lineitem_total DecimalField max_digits=6, decimal_places=2, null=False, blank=False, editable=False

Services App

---->> Services Model

Name Database Key Field Type Validation
Category category ForeignKey 'Category' null=True, blank=True, on_delete=models.SET_NULL
Sku sku CharField max_length=254, null=True, blank=True
Name name CharField max_length=254
Description description TextField max_length=700
Image URL image_url URLField max_length=300, null=True, blank=True
Image image ImageField null=True, blank=True
Price price DecimalField max_digits=6, decimal_places=2
Rating rating DecimalField max_digits=6, decimal_places=2, null=True, blank=True
Sizes (Dimensions) has_sizes BooleanField default=False, null=True, blank=True
Colors (Color Scheme) has_colors BooleanField default=False, null=True, blank=True
Message has_user_message BooleanField default=False, null=True, blank=True

---->> Category Model

Name Database Key Field Type Validation
Name name CharField max_length=254
Friendly Name friendly_name Charfield max_length=254, null=True, blank=True

Designs App

---->> Designs Model

Name Database Key Field Type Validation
Category category ForeignKey 'Category' null=True, blank=True, on_delete=models.SET_NULL
Name name CharField max_length=254
Image URL image_url URLField max_length=300, null=True, blank=True
Image image ImageField null=True, blank=True

---->> Category Model

Name Database Key Field Type Validation
Name name CharField max_length=254
Friendly Name friendly_name Charfield max_length=254, null=True, blank=True

Webdevs App

---->> Webdevs Model

Name Database Key Field Type Validation
Category category ForeignKey 'Category' null=True, blank=True, on_delete=models.SET_NULL
Name name CharField max_length=254
Description description TextField max_length=254
Image URL image_url URLField max_length=300, null=True, blank=True
Image image ImageField null=True, blank=True

---->> Category Model

Name Database Key Field Type Validation
Name name CharField max_length=254
Friendly Name friendly_name Charfield max_length=254, null=True, blank=True

Features

Existing Features

  1. Hero Image and Call to Action: at site opening, the user begins by seeing the hero image of a workspace with a black button inviting to work together and check available services.

  2. Navbar and Menu: the top main navbar contains the logo, search box, and links to access user profile and shopping bag. Just under the main nav, the menu contains links for easy access to services and portfolio pages, in lists by category, price, rating, and name.

    • The Search box is dynamically connected to the database.
    • These elements are consistent in design and are responsive throughout the website. However, the contents of the menu changes depending on if a user is logged in or not.
    • The menu bar for users logged-in features a 'Sign Out' link where the 'Sign Up' link usually is. When a user in session chooses to sign out, a toast message confirms this action, and they are redirected back to the home page.
    • Users with items added to their Bag notice an additional 'Checkout' link in their navbar, allowing them direct access to go straight to check out.
    • The authentication pages (Sign In, Sign Up & Sign Out) were built with Django, and therefore include all Django's built-in features (including requesting an email for forgotten passwords.)
  3. Toasts: All toast messages appear under the menu bar with the same fonts as used consistently in the theme.

    • Depending on the type of message, the toast color changes to reflect this message.
    • Across all 'Service' pages (Webdev, Design & Consultancy), toast messages appear to confirm the contents of a user's Bag when they add new service items. This message also includes the 'Go To Checkout' button: to prompt users to check their bag content or proceed to checkout.
  4. Sign In / Sign Up: These pages feature the consistent white overlay as a background, to maintain simplicity and design cleanliness.

    • On the top-left side, the user will find the respective Sign In or Sign Up forms, prompting them to access the parts of the website that require authentication.
    • Regular registered users can check and edit their profile details and check their order history (they can't currently enter their full name)
    • Admin with superuser privileges can add, edit and delete services from the database.
  5. Sign Out: The content in this page displays a box that either prompts and verifies that a user wishes to leave the site, with a 'Sign Out' button. Once signed out, users are redirected back to the Home page.

  6. Discount Notification: it is a notification system on the home page, as well as on the checkout toast and bag page, to inform or remind users that they can get 10% off when total purchase is $500 or more.

  7. Checkout Overlay: A blue overlay with a spinner gif appears after checkout is initiated and while the transaction is being processed and until the checkout success page has fully loaded.

  8. Service Pages (All Services, Webdev, Design, Consultancy): Although different pages, Webdev, Design and Consultancy pages follow the same structure and are built upon the generic 'All Services' template to avoid repetitive code.

    • Each page follows a Bootstrap responsive grid system, using the cards class.
    • As the user scrolls down the page, they find cards for each service belonging to that category or to all services if the page is all services.
    • Each card contains the service title, image, price, category and rating information; by clicking on the service image the user is redirected to the service details page.
    • Services page include a filtering dropdown box, as well as a top category badges selection to facilitate finding the desired service page and details.
    • Users can add the service to their bag from the service details page.
  9. Service Details Pages: Users access these pages by clicking on service image of the respective card.

    • This page features the service image, title, description about it, customization options and the price.
    • From this page users can add the service to their Bag.
    • Service Option Fields: on each service detail page, there are boolean fields with color scheme, dimensions and user message options to be entered by the user. These are used to send information to the owner about desired user's customizations for that respective service (the fields color and dimensions are not dynamic and currently in development).
  10. Profile Page: The content of the page changes depending on if the user is logged in or not, if they have items in their Bag and if they have previous orders. Users who have items in their retreat see an overview of what they have selected and see a link to prompt them to go to the My Retreat page to make changes.

    • Users can view and update their contact and billing details.
    • If users have purchased services in the past, a table with their order history appears with a link (order number, in blue) to direct them to the initial 'booking success' page for that purchase.
  11. Bag: This page is similar to a shopping cart on e-commerce sites.

    • The user can see each item in their bag.
    • All information about service customization that a user has selected is included on this page, including price, quantity, subtotal and a thumbnail image.
    • A 'checkout' button prompts the user to confirm the order through payment.
  12. Checkout: When a user has added items to their retreat, the 'Checkout' link appears in the dropdown navigation menu.

    • Users can add their details to an input form and can select whether to save the information to their profile for future reservations.
    • An order summary also includes the name, price, quantity and thumbnail link of each item in their bag.
    • Below these features, a user can either select the 'Keep Shopping' link or confirm the reservation with the 'Secure Checkout' button.
  13. Checkout Success: This page is accessed by completing the checkout process. However, it can also be accessed through the 'Profile' page when clicking on more information about a previous order. In this case, an alert message confirms that the user is viewing a previous order and that the confirmation email was sent during payment.

  14. Back to Top Button: Long pages feature a 'scroll to top' arrow that becomes visible when the user has scrolled down the page.

Features Left to Implement

  1. Colors and Dimensions: Currently the service details page include the dropdown fields for color scheme and project dimensions, but they are not dynamically functional (only the user message text field is fully functional and connected to the checkout model).

    • The color scheme option is available for webdev and design services, and when these services are selected the order summary and history returns in development
    • The dimension's option is only available for design services. When design services are selected the order summary and history returns in development
    • When color scheme is not available for a service (consultancy sessions), and the service is selected the order summary and history returns N/A
    • When dimensions are not available for a service (webdev and consultancy sessions), and the service is selected the order summary and history returns N/A.
    • The message option is available for all services. When a service is selected and the user specifies a message in the text field, the exact text will appear in the order summary and history; if the user does not enter a message in the text field, the order summary and history will return None;

    After spending many days trying to find a plausible way to connect all boolean fields simultaneously, I have decided to only include them on the HTML template with if statements accordingly, as this feature at this point, requires me to restructure the bag and checkout dictionary logic and connect it to the Stripe API in a new way, which at the moment is beyond the capacity required for the scope of this project. However, this would be the first feature that I would consider working on to develop this project further.

  2. Portfolio Admin: Currently the webdevs and designs portfolio are managed from the back end (from within the app in the fixture and models files). My goal was to install admin fields so both portfolios would be manageable from the Django admin with superuser privileges (following the example used in the service app). However, to respect the timeline and deadline of this project, this feature has been left for later implementation.

  3. Full Name: Currently, users cannot enter their full name in their details session; their name has to be entered at each new order. The implementation of this feature is beyond the scope of this project and planned to be developed in the future.

Technologies Used

Testing

Defensive Design

  • I used a 'mobile first' approach to developing this project, and consistenly used Google Chrome's Dev Tools to view the view the output of my code on different screen sizes.
  • During debugging, my approach often included using print statements to check where an issue was coming from.

Validators and Formatters

  • I used the built-in formatter feature in Gitpod to clean my HTML Code, as well as passed my code through the W3C Markup Validation Service
  • I checked the CSS code with the W3C Markup Validation Service.
  • I used the Gitpod built in Flake8 input to check and format the Python code stored within each app.

Compatibility tests

Using different browsers

I manually tested this project on the following web browsers, checking that all aspects worked as planned:

  • Google Chrome
  • Mozilla Firefox
  • Apple Safari

Using different devices

I tested this project on the following devices:

  • Apple MacBook Pro 15"
  • Apple iPhone 6
  • Apple iPad Air

Deployment

Local Deployment

This project was developed using Gitpod as the chosen IDE and GitHub as a remote repository. The Project's source files were regularly pushed to the GitHub StripeMe Repository via the master branch. To reproduce this project within a local deployement, use the following steps and requirements:

  1. Have the following installed in your IDE of choice:

    • Git (for version control)
    • pip (package installer for Python; pip3 was used at the time of production: October 2020)
    • Python3 (the programming language used to produce the backend logic of this project)
  2. Create an account with Stripe, necessary for payment features in the project.

  3. Use an email provider (I used Gmail for this project) and sign in and navigate to the Google Account Security page.

  4. Create two-step authentication by creating an App password for your Django app.

  5. Use the same email values to set up your email username and password in the steps below:

    • Scroll to the top of this repository and click on the "clone or download button".
    • Decide whether you want to clone the project using HTTPS or an SSH key and do the following:
    • HTTPS: click on the checklist icon to the right of the URL to copy it
    • SSH key: first click on 'Use SSH' then click on the same icon as above
  6. Return to your IDE and open a new Terminal window.

  7. Change the current working directory to the location where you want the cloned directory.

  8. Enter the following command and press 'Enter' to create your local clone:

git clone https://github.com/kescardoso/stripeme.git
  1. Install the required dependencies with the following command:
pip3 install -r requirements.txt
  1. Create an env.py file and add the following, complete with your own values:
import os
os.environ['AWS_ACCESS_KEY_ID'] = '
   
    '
os.environ['AWS_SECRET_ACCESS_KEY'] = '
    
     '
os.environ['DATABASE_URL'] = '
     
      '
os.environ['EMAIL_HOST_PASS'] = '
      
       '
os.environ['EMAIL_HOST_USER'] = '
       
        ' os.environ['SECRET_KEY'] = '
        
         ' os.environ['STRIPE_PUBLIC_KEY'] = '
         
          ' os.environ['STRIPE_SECRET_KEY'] = '
          
           ' os.environ['STRIPE_WH_SECRET'] = '
           
            ' os.environ['DEVELOPMENT'] = 'True' os.environ['USE_AWS'] = 'True' 
           
          
         
        
       
      
     
    
   
  1. Add your env.py file to .gitignore to make sure your database information is not viewable to others and to keep your values safe.
  2. To set up the Django SQLite3 tables required for this project, use the following commands:
python3 manage.py makemigrations
python3 manage.py migrate
  1. With this complete, create a superuser for your project with the following command and follow the instructions in the Terminal (note: this will be necessary to add data to your locally deployed version):
python3 manage.py createsuperuser
  1. Your cloned version is now ready to run locally with the following command:
python3 manage.py runserver
  1. Once you run your project locally, add '/admin' to the locally deployed project's URL.
  2. Add the service categories and service items to the database. This information can be copied from each individual service's page of the deployed version of the project found here: StripeMe

Heroku Deployment

To deploy this project to Heroku, use the following steps as a continuitation from local deployment outlined above:

  1. Create a AWS S3 Bucket, as this will be necessary to store static files and media for deployment.
  2. Create an account and sign in to Heroku.
  3. Inside the Heroku Dashboard, create a new app with a unique name and set the region to the closest to you, eg. 'Europe'.
  4. To use the Postgres database for deployment, select 'Heroku Postgres' as a free add-on.
  5. With the app created, go to the 'Settings' tab, click on the 'Reveal Config Variables' button, and input the following values:
Key Value
AWS_ACCESS_KEY_ID your AWS bucket ID
AWS_SECRET_ACCESS_KEY your AWS secret key
DATABASE_URL your Heroku Postgres database url
EMAIL_HOST_PASS your password to use your gmail account for emails
EMAIL_HOST_USER your email address
SECRET_KEY secret key used for your Django project
STRIPE_PUBLIC_KEY obtained through your Stripe account
STRIPE_SECRET_KEY obtained through your Stripe account
STRIPE_WH_SECRET obtained through your Stripe account
USE_AWS True
  1. In Gitpod, create a requirements.txt file with the following command:
pip3 freeze --local > requirements.txt
  1. Create a Procfile with the following content within (making sure that 'Procfile' was written with a capitalized 'P'):
echo web: gunicorn stripe_me.wsgi:application > Procfile
  1. As with local deployment, set up the Postgres database with the following commands:
python3 manage.py makemigrations
python3 manage.py migrate
  1. Follow steps 11 to 13 from local deployment outlined above.
  2. Commit these changes with the following:
git add .
" ">
git commit -m "
    
     "

    
  1. With these files committed, log in to Heroku from the terminal using this command and enter your details when prompt:
heroku login -i
  1. Once logged in, link your Heroku app created above as the remote repository with this command:
heroku git:remote -a 
   

   
  1. Complete the deployment by pushing the projekt to Heroku:
git push heroku master
  1. This completes the process of deploying the project to Heroku. Once deployed, continue to push all changes made to the project to Heroku with the final command listed above

Credits

Media

All stock-free images were retrieved from Unsplash and used with permission:

Acknowledgements

Gratitude to the following people for their help, support and inspiration:

  • My mentor Seun Owonikoko for her patience and gentleness, for staying available and supportive through my unique process and special circumstances. I've learned a great deal working with her and am glad we are now connected.
  • To Code Institute, their team and staff, to the student services and advisors for their unconditional support and tough love, to the amazing tutors for their great didactics and good humor and ongoing 24hour support. My training experience couldn't have been more rewarding and uplifting. Thank you, from the bottom of my heart.
  • To my family and friends for continually motivating me through struggles and challenges. I am grateful I am never alone and always supported.
  • And to my cat Jasper, for always accompanying me and staying right by my side in the early dawn and late night, during my coding sprints and nuit blanches, and for teaching me about balance, gentleness and unconditional friendship.

Thank you!

NOTE: This project was created for educational purposes only.

Comments
  • Bump pillow from 8.3.2 to 9.0.1

    Bump pillow from 8.3.2 to 9.0.1

    Bumps pillow from 8.3.2 to 9.0.1.

    Release notes

    Sourced from pillow's releases.

    9.0.1

    https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html

    Changes

    • In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@​radarhere, @​hugovk]
    • Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

    9.0.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.0.1 (2022-02-03)

    • In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [radarhere, hugovk]

    • Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

    9.0.0 (2022-01-02)

    • Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

    • Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

    • Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

    • Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

    • Improved I;16 operations on big endian #5901 [radarhere]

    • Limit quantized palette to number of colors #5879 [radarhere]

    • Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

    • When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

    • Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

    • Added rounding when converting P and PA #5824 [radarhere]

    • Improved putdata() documentation and data handling #5910 [radarhere]

    • Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

    • Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

    ... (truncated)

    Commits
    • 6deac9e 9.0.1 version bump
    • c04d812 Update CHANGES.rst [ci skip]
    • 4fabec3 Added release notes for 9.0.1
    • 02affaa Added delay after opening image with xdg-open
    • ca0b585 Updated formatting
    • 427221e In show_file, use os.remove to remove temporary images
    • c930be0 Restrict builtins within lambdas for ImageMath.eval
    • 75b69dd Dont need to pin for GHA
    • cd938a7 Autolink CWE numbers with sphinx-issues
    • 2e9c461 Add CVE IDs
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump pillow from 8.3.2 to 9.0.0

    Bump pillow from 8.3.2 to 9.0.0

    Bumps pillow from 8.3.2 to 9.0.0.

    Release notes

    Sourced from pillow's releases.

    9.0.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.0.0 (2022-01-02)

    • Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

    • Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

    • Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

    • Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

    • Improved I;16 operations on big endian #5901 [radarhere]

    • Limit quantized palette to number of colors #5879 [radarhere]

    • Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

    • When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

    • Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

    • Added rounding when converting P and PA #5824 [radarhere]

    • Improved putdata() documentation and data handling #5910 [radarhere]

    • Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

    • Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

    • Added ImageShow support for xdg-open #5897 [m-shinder, radarhere]

    • Support 16-bit grayscale ImageQt conversion #5856 [cmbruns, radarhere]

    • Convert subsequent GIF frames to RGB or RGBA #5857 [radarhere]

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump django from 3.1 to 3.1.10

    Bump django from 3.1 to 3.1.10

    Bumps django from 3.1 to 3.1.10.

    Commits
    • a2407cd [3.1.x] Bumped version for 3.1.10 release.
    • afb23f5 [3.1.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs fro...
    • fdbf4a7 [3.1.x] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.
    • 48b39a8 [3.1.x] Added CVE-2021-31542 to security archive.
    • 8012441 [3.1.x] Post-release version bump.
    • 8284fd6 [3.1.x] Bumped version for 3.1.9 release.
    • 25d84d6 [3.1.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file...
    • 6b0c7e6 [3.1.x] Added CVE-2021-28658 to security archive.
    • 5b9ca81 [3.1.x] Post-release version bump.
    • c4928c9 [3.1.x] Bumped version for 3.1.8 release.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump pillow from 7.2.0 to 8.2.0

    Bump pillow from 7.2.0 to 8.2.0

    Bumps pillow from 7.2.0 to 8.2.0.

    Release notes

    Sourced from pillow's releases.

    8.2.0

    https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html

    Changes

    Dependencies

    Deprecations

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    8.2.0 (2021-04-01)

    • Added getxmp() method #5144 [UrielMaD, radarhere]

    • Add ImageShow support for GraphicsMagick #5349 [latosha-maltba, radarhere]

    • Do not load transparent pixels from subsequent GIF frames #5333 [zewt, radarhere]

    • Use LZW encoding when saving GIF images #5291 [raygard]

    • Set all transparent colors to be equal in quantize() #5282 [radarhere]

    • Allow PixelAccess to use Python int when parsing x and y #5206 [radarhere]

    • Removed Image._MODEINFO #5316 [radarhere]

    • Add preserve_tone option to autocontrast #5350 [elejke, radarhere]

    • Fixed linear_gradient and radial_gradient I and F modes #5274 [radarhere]

    • Add support for reading TIFFs with PlanarConfiguration=2 #5364 [kkopachev, wiredfool, nulano]

    • Deprecated categories #5351 [radarhere]

    • Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [nulano]

    • Dynamically link FriBiDi instead of Raqm #5062 [nulano]

    • Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [radarhere]

    • Use duration from info dictionary when saving WebP #5338 [radarhere]

    • Stop flattening EXIF IFD into getexif() #4947 [radarhere, kkopachev]

    ... (truncated)

    Commits
    • e0e353c 8.2.0 version bump
    • ee635be Merge pull request #5377 from hugovk/security-and-release-notes
    • 694c84f Fix typo [ci skip]
    • 8febdad Review, typos and lint
    • fea4196 Reorder, roughly alphabetic
    • 496245a Fix BLP DOS -- CVE-2021-28678
    • 22e9bee Fix DOS in PSDImagePlugin -- CVE-2021-28675
    • ba65f0b Fix Memory DOS in ImageFont
    • bb6c11f Fix FLI DOS -- CVE-2021-28676
    • 5a5e6db Fix EPS DOS on _open -- CVE-2021-28677
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump django from 3.1 to 3.1.9

    Bump django from 3.1 to 3.1.9

    Bumps django from 3.1 to 3.1.9.

    Commits
    • 8284fd6 [3.1.x] Bumped version for 3.1.9 release.
    • 25d84d6 [3.1.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file...
    • 6b0c7e6 [3.1.x] Added CVE-2021-28658 to security archive.
    • 5b9ca81 [3.1.x] Post-release version bump.
    • c4928c9 [3.1.x] Bumped version for 3.1.8 release.
    • cca0d98 [3.1.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploa...
    • 6eb01cb [3.1.x] Fixed #32576 -- Corrected dumpdata docs for passing model names to th...
    • 11d241d [3.1.x] Refs #25735 -- Added tags/exclude_tags arguments to DiscoverRunner docs.
    • 4a10c31 [3.1.x] Added parallel argument to DiscoverRunner docs.
    • c528c71 [3.1.x] Corrected DiscoverRunner.build_suite() signature.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump django from 3.1 to 3.1.8

    Bump django from 3.1 to 3.1.8

    Bumps django from 3.1 to 3.1.8.

    Commits
    • c4928c9 [3.1.x] Bumped version for 3.1.8 release.
    • cca0d98 [3.1.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploa...
    • 6eb01cb [3.1.x] Fixed #32576 -- Corrected dumpdata docs for passing model names to th...
    • 11d241d [3.1.x] Refs #25735 -- Added tags/exclude_tags arguments to DiscoverRunner docs.
    • 4a10c31 [3.1.x] Added parallel argument to DiscoverRunner docs.
    • c528c71 [3.1.x] Corrected DiscoverRunner.build_suite() signature.
    • 95ee8fe [3.1.x] Fixed #32560 -- Fixed test runner with --pdb and --buffer on fail/error.
    • b58b214 [3.1.x] Fixed typo in docs/topics/testing/advanced.txt.
    • 0415ac5 [3.1.x] Fixed #32536 -- Added links to BaseDetailView/BaseListView.get() meth...
    • 7c662b7 [3.1.x] Fixed typo in docs/ref/checks.txt.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump pillow from 7.2.0 to 8.1.1

    Bump pillow from 7.2.0 to 8.1.1

    Bumps pillow from 7.2.0 to 8.1.1.

    Release notes

    Sourced from pillow's releases.

    8.1.1

    https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html

    8.1.0

    https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html

    Changes

    Dependencies

    Deprecations

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    8.1.1 (2021-03-01)

    • Use more specific regex chars to prevent ReDoS. CVE-2021-25292 [hugovk]

    • Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 [wiredfool]

    • Fix negative size read in TiffDecode.c. CVE-2021-25290 [wiredfool]

    • Fix OOB read in SgiRleDecode.c. CVE-2021-25293 [wiredfool]

    • Incorrect error code checking in TiffDecode.c. CVE-2021-25289 [wiredfool]

    • PyModule_AddObject fix for Python 3.10 #5194 [radarhere]

    8.1.0 (2021-01-02)

    • Fix TIFF OOB Write error. CVE-2020-35654 #5175 [wiredfool]

    • Fix for Read Overflow in PCX Decoding. CVE-2020-35653 #5174 [wiredfool, radarhere]

    • Fix for SGI Decode buffer overrun. CVE-2020-35655 #5173 [wiredfool, radarhere]

    • Fix OOB Read when saving GIF of xsize=1 #5149 [wiredfool]

    • Makefile updates #5159 [wiredfool, radarhere]

    • Add support for PySide6 #5161 [hugovk]

    • Use disposal settings from previous frame in APNG #5126 [radarhere]

    • Added exception explaining that repr_png saves to PNG #5139 [radarhere]

    • Use previous disposal method in GIF load_end #5125 [radarhere]

    ... (truncated)

    Commits
    • 741d874 8.1.1 version bump
    • 179cd1c Added 8.1.1 release notes to index
    • 7d29665 Update CHANGES.rst [ci skip]
    • d25036f Credits
    • 973a4c3 Release notes for 8.1.1
    • 521dab9 Use more specific regex chars to prevent ReDoS
    • 8b8076b Fix for CVE-2021-25291
    • e25be1e Fix negative size read in TiffDecode.c
    • f891baa Fix OOB read in SgiRleDecode.c
    • cbfdde7 Incorrect error code checking in TiffDecode.c
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump django from 3.1 to 3.1.6

    Bump django from 3.1 to 3.1.6

    Bumps django from 3.1 to 3.1.6.

    Commits
    • 3235a7b [3.1.x] Bumped version for 3.1.6 release.
    • 02e6592 [3.1.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archiv...
    • 03a8678 [3.1.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
    • a271d8c [3.1.x] Modernized custom manager example
    • 82e1294 [3.1.x] Fixed #32391 -- Used CSS flex properties for changelist filter.
    • b920945 [3.1.x] Fixed #32388 -- Clarified QuerySet.bulk_update() caveat about duplica...
    • fa203f1 [3.1.x] Fixed #32348, Refs #29087 -- Corrected tutorial for updated deleting ...
    • 18adc89 [3.1.x] Refs #32372 -- Updated manager name in related objects reference docs.
    • cc5ee23 [3.1.x] Fixed #32372 -- Made examples in related objects reference docs consi...
    • 2a74248 [3.1.x] Fixed #32371 -- Doc'd jquery.init.js dependency for admin widgets.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump pillow from 7.2.0 to 8.3.2

    Bump pillow from 7.2.0 to 8.3.2

    Bumps pillow from 7.2.0 to 8.3.2.

    Release notes

    Sourced from pillow's releases.

    8.3.2

    https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

    Security

    • CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

    • Fix 6-byte OOB read in FliDecode [wiredfool]

    Python 3.10 wheels

    • Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

    Fixed regressions

    • Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

    • Updates for ImagePalette channel order #5599 [radarhere]

    • Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

    8.3.1

    https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html

    Changes

    8.3.0

    https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    8.3.2 (2021-09-02)

    • CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

    • Fix 6-byte OOB read in FliDecode [wiredfool]

    • Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

    • Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

    • Updates for ImagePalette channel order #5599 [radarhere]

    • Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

    8.3.1 (2021-07-06)

    • Catch OSError when checking if fp is sys.stdout #5585 [radarhere]

    • Handle removing orientation from alternate types of EXIF data #5584 [radarhere]

    • Make Image.array take optional dtype argument #5572 [t-vi, radarhere]

    8.3.0 (2021-07-01)

    • Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]

    • Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]

    • Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk]

    • De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [gofr, radarhere]

    • Replaced xml.etree.ElementTree #5565 [radarhere]

    ... (truncated)

    Commits
    • 8013f13 8.3.2 version bump
    • 23c7ca8 Update CHANGES.rst
    • 8450366 Update release notes
    • a0afe89 Update test case
    • 9e08eb8 Raise ValueError if color specifier is too long
    • bd5cf7d FLI tests for Oss-fuzz crash.
    • 94a0cf1 Fix 6-byte OOB read in FliDecode
    • cece64f Add 8.3.2 (2021-09-02) [CI skip]
    • e422386 Add release notes for Pillow 8.3.2
    • 08dcbb8 Pillow 8.3.2 supports Python 3.10 [ci skip]
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump django from 3.1 to 3.1.12

    Bump django from 3.1 to 3.1.12

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


    Bumps django from 3.1 to 3.1.12.

    Commits
    • 625d3c1 [3.1.x] Bumped version for 3.1.12 release.
    • 203d4ab [3.1.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
    • 20c67a0 [3.1.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs'...
    • aa8781c [3.1.x] Confirmed release date for Django 3.1.12, and 2.2.24.
    • a4eb07a [3.1.x] Fixed typo in MiddlewareMixin deprecation note.
    • c7fdc79 [3.1.x] Added stub release notes and date for Django 3.1.12 and 2.2.24.
    • 024e969 [3.1.x] Changed IRC references to Libera.Chat.
    • c53a76b [3.1.x] Post-release version bump.
    • 6efdf1b [3.1.x] Bumped version for 3.1.11 release.
    • b7d4a6f [3.1.x] Fixed #32718 -- Relaxed file name validation in FileField.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump pillow from 8.3.2 to 9.3.0

    Bump pillow from 8.3.2 to 9.3.0

    Bumps pillow from 8.3.2 to 9.3.0.

    Release notes

    Sourced from pillow's releases.

    9.3.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.3.0 (2022-10-29)

    • Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

    • Initialize libtiff buffer when saving #6699 [radarhere]

    • Inline fname2char to fix memory leak #6329 [nulano]

    • Fix memory leaks related to text features #6330 [nulano]

    • Use double quotes for version check on old CPython on Windows #6695 [hugovk]

    • Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

    • Fixed set_variation_by_name offset #6445 [radarhere]

    • Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

    • Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

    • Added ExifTags enums #6630 [radarhere]

    • Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

    • Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

    • Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

    • Added GPS TIFF tag info #6661 [radarhere]

    • Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

    • Do not attempt normalization if mode is already normal #6644 [radarhere]

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump django from 3.1.12 to 3.1.13

    Bump django from 3.1.12 to 3.1.13

    Bumps django from 3.1.12 to 3.1.13.

    Commits
    • 43873b9 [3.1.x] Bumped version for 3.1.13 release.
    • 0bd57a8 [3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by().
    • 8dc1cc0 [3.1.x] Added stub release notes for 3.1.13.
    • 1471ec4 [3.1.x] Fixed docs header underlines in security archive.
    • 6022181 [3.1.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive.
    • 064c0c5 [3.1.x] Post-release version bump.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Owner
yoga + ux . currently obsessed with squarespace and cryptocoins.
null
An eBay-like e-commerce auction site that will allow users to post auction listings, place bids on listings, comment on those listings, and add listings to a watchlist.

e-commerce-auction-site This repository is my solution to Commerce project of CS50’s Web Programming with Python and JavaScript course by Harvard. ??

null 3 Sep 3, 2022
Django_E-commerce - an open-source ecommerce platform built on the Django Web Framework.

Django E-commerce Django-ecommerce is an open-source ecommerce platform built on the Django Web Framework. Demo Homepage Cartpage Orderpage Features I

Biswajit Paloi 6 Nov 6, 2022
Re-write of floppshop e-commerce site

Floppshop V2 Python: 3.9.5 FastAPI: 0.68 Tortoise-orm: 0.17.8 pytest: 5.2 PostgreSQL: 13.4 Setup Srak jak nie wiesz jak Clone repository $ git clone

jakub-figat 3 Nov 30, 2022
Fully functional ecommerce website with user and guest checkout capabilities and Paypal payment integration.

ecommerce_website Fully functional ecommerce website with user and guest checkout capabilities and Paypal payment integration. pip install django pyth

null 2 Jan 5, 2022
Storefront - An E-commerce StoreFront Application Built With Python

An E-commerce StoreFront Application A very robust storefront project. This is a

Fachii Felix Zasha 1 Apr 4, 2022
Domain-driven e-commerce for Django

Domain-driven e-commerce for Django Oscar is an e-commerce framework for Django designed for building domain-driven sites. It is structured such that

Oscar 5.6k Dec 30, 2022
A Django e-commerce website

BRIKKHO.com E-commerce website created with Django Run It: Clone the project or download as zip: $ git clone https://github.com/FahadulShadhin/brikkho

Shadhin 1 Dec 17, 2021
A web application to search for input products across several supermarkets' e-commerce to return price, detail of products running on Python.

Price Checker A web application to search for input products across several supermarkets' e-commerce to return price, detail of products. Requirements

null 3 Jun 28, 2022
E-Commerce Platform

Shuup Shuup is an Open Source E-Commerce Platform based on Django and Python. https://shuup.com/ Copyright Copyright (c) 2012-2021 by Shuup Commerce I

Shuup 2k Dec 30, 2022
Ecommerce app using Django, Rest API and ElasticSearch

e-commerce-app Ecommerce app using Django, Rest API, Docker and ElasticSearch Sort pipfile pipfile-sort Runserver with Werkzeug (django-extensions) .

Nhat Tai NGUYEN 1 Jan 31, 2022
A Django based shop system

django-SHOP Django-SHOP aims to be a the easy, fun and fast e-commerce counterpart to django-CMS. Here you can find the full documentation for django-

Awesto 2.9k Jan 2, 2023
A Django app to accept payments from various payment processors via Pluggable backends.

Django-Merchant Django-Merchant is a django application that enables you to use multiple payment processors from a single API. Gateways Following gate

Agiliq 997 Dec 24, 2022
Python money class with optional CLDR-backed locale-aware formatting and an extensible currency exchange solution.

Python Money Money class with optional CLDR-backed locale-aware formatting and an extensible currency exchange solution. This is version 1.4.0-dev. De

Carlos Palol 214 Dec 22, 2022
An Unofficial Alipay API for Python

An Unofficial Alipay API for Python Overview An Unofficial Alipay API for Python, It Contain these API: Generate direct payment url Generate partner t

Eric Lo 321 Dec 24, 2022
Currency Conversion in Python

CurrencyConversion connect to an API to do currency conversions, save as json text or screen output exchangeratesAPI.py -h Exchange Rates via 'api.cur

soup-works 1 Jan 29, 2022
Foreign exchange rates, Bitcoin price index and currency conversion using ratesapi.io

forex-python Forex Python is a Free Foreign exchange rates and currency conversion. Note: Install latest forex-python==1.1 to avoid RatesNotAvailableE

MicroPyramid 540 Jan 5, 2023
Display money format and its filthy currencies, for all money lovers out there.

Python Currencies Display money format and its filthy currencies, for all money lovers out there. Installation currencies is available on PyPi http://

Alireza Savand 64 Dec 28, 2022
PVE with tcaledger app for payments and simulation of payment requests

tcaledger PVE with tcaledger app for payments and simulation of payment requests. The purpose of this API is to empower users to accept cryptocurrenci

null 3 Jan 29, 2022
Drf-stripe-subscription - An out-of-box Django REST framework solution for payment and subscription management using Stripe

Drf-stripe-subscription - An out-of-box Django REST framework solution for payment and subscription management using Stripe

Oscar Y Chen 68 Jan 7, 2023
Scan Site - Tools For Scanning Any Site and Get Site Information

Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

NumeX 5 Mar 19, 2022