mirage ~ ♪ extended django admin or manage.py command.

Overview

Mirage

Build Status Updates Python 3 PyPI version PyPI GitHub release PyPI

mirage ~ ♪ extended django admin or manage.py command.

⬇️ Installation

Installing Mirage with Pipenv is recommended.

pipenv install -d mirage-django-lts

If you don't use pipenv, you can install it with pip.

pip install mirage-django-lts

You can build this package manually.

make before_node
make build_all

🖥 Usage

Usage:
    mg [action] option <--sub-option> 
   
    

    mg [action]:[subaction] option <--sub-option> 
    
     



[Create Project]

new                                         Create a new Django project.
new:react                                   Create a new Django API project with React.js front-end.
new:ng                                      Create a new Django API project with Angular.
                         --nebular          Create a new Angular project with Nebular.
                         --material         Create a new Angular project with Material theme.

[Utilities]

b             app         
     
              Backup exsiting app.
browser                   
      
                    Launch browser set as default by system.
conf                      
       
         Generate miragefile or reconfig mirage. f Create a new Python source file with copyrights doc string. [Console] c Launch Django Python shell. c:db Launch databse shell. [Database] db:migrate Make migrations and apply migrations. db:merge Discard & recreate migrations. db:reset Reset all database. ( Only debugging SQLite is supported. ) [Generator] g app 
        
          Create multiple Django apps at once. g model 
         
           Create Django model class. g module 
          
            Create a new Python module with __init__.py [Heroku] heroku configure Configure setting files for deploing to heroku. [Management] m test Run test of Django application. m superuser Create super user for Django admin. m 
           
             Run manage.py command. [Server] s Launch debugging server. [Help] h Show usage of Mirage. v Print version information. ? update Check update. ? system Check platform and Python version. 
           
          
         
        
       
      
     
    
   

Detail documentation is now under construction.

More usage is here.

🤪 Author

  • Shota Shimazu

© License

Copyright © 2017-2018 Shota Shimazu All Rights Reserved.
This software is released under the Apache License, see LICENSE for detail.

Comments
  • Bump stringstream from 0.0.5 to 0.0.6

    Bump stringstream from 0.0.5 to 0.0.6

    Bumps stringstream from 0.0.5 to 0.0.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 4
  • Bump sshpk from 1.13.1 to 1.16.1

    Bump sshpk from 1.13.1 to 1.16.1

    Bumps sshpk from 1.13.1 to 1.16.1.

    Release notes

    Sourced from sshpk's releases.

    v1.16.1

    • Fixes for #60 (correctly encoding certificates with expiry dates >=2050), #62 (accepting PKCS#8 EC private keys with missing public key parts)

    v1.16.0

    • Add support for SPKI fingerprints, PuTTY PPK format (public-key only for now), PKCS#8 PBKDF2 encrypted private keys
    • Fix for #48

    v1.15.2

    • New API for accessing x509 extensions in certificates
    • Fixes for #52, #50

    v1.14.1

    • Remove all remaining usage of jodid25519 (abandoned dep)
    • Add support for DNSSEC key format
    • Add support for Ed25519 keys in PEM format (according to draft-curdle-pkix)
    • Fixes for X.509 encoding issues (asn.1 NULLs in RSA certs, cert string type mangling)
    • Performance issues parsing long SSH public keys
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 4
  • Bump fstream from 1.0.11 to 1.0.12

    Bump fstream from 1.0.11 to 1.0.12

    Bumps fstream from 1.0.11 to 1.0.12.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 4
  • Bump is-my-json-valid from 2.17.1 to 2.20.0

    Bump is-my-json-valid from 2.17.1 to 2.20.0

    Bumps is-my-json-valid from 2.17.1 to 2.20.0.

    Commits
    Maintainer changes

    This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 4
  • Bump tar from 2.2.1 to 2.2.2

    Bump tar from 2.2.1 to 2.2.2

    Bumps tar from 2.2.1 to 2.2.2.

    Commits
    • 523c5c7 2.2.2
    • 7ecef07 Bump fstream to fix hardlink overwriting vulnerability
    • 9fc84b9 Use {} for hardlink tracking instead of []
    • 15e59f1 Only track previously seen hardlinks
    • 4f85851 Ignore potentially unsafe files
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 4
  • Bump lodash from 4.17.5 to 4.17.15

    Bump lodash from 4.17.5 to 4.17.15

    Bumps lodash from 4.17.5 to 4.17.15.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 4
  • Bump lodash.mergewith from 4.6.1 to 4.6.2

    Bump lodash.mergewith from 4.6.1 to 4.6.2

    Bumps lodash.mergewith from 4.6.1 to 4.6.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    dependencies javascript 
    opened by dependabot[bot] 4
  • Bump django from 3.2.7 to 3.2.12

    Bump django from 3.2.7 to 3.2.12

    Bumps django from 3.2.7 to 3.2.12.

    Commits
    • fdf209e [3.2.x] Bumped version for 3.2.12 release.
    • d161335 [3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
    • 1a1e827 [3.2.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
    • a7e89fe [3.2.x] Added stub release notes for 3.2.12 and 2.2.27.
    • 027f4c4 [3.2.x] Added CVE-2021-45115, CVE-2021-45116, and CVE-2021-45452 to security ...
    • 0a9a46a [3.2.x] Post-release version bump.
    • 6e499a2 [3.2.x] Bumped version for 3.2.11 release.
    • 8d2f7cf [3.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage sub...
    • c7fe895 [3.2.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dic...
    • a8b32fe [3.2.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilari...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 1
  • Bump django from 3.2.3 to 3.2.4

    Bump django from 3.2.3 to 3.2.4

    Bumps django from 3.2.3 to 3.2.4.

    Commits
    • 843c34b [3.2.x] Bumped version for 3.2.4 release.
    • 9f75e2e [3.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
    • dfaba12 [3.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs'...
    • aed1409 [3.2.x] Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.
    • bf08609 [3.2.x] Fixed typo in docs/internals/contributing/writing-code/coding-style.txt.
    • 94675a7 [3.2.x] Fixed #32793 -- Fixed loss of precision for temporal operations with ...
    • b2ff165 [3.2.x] Fixed typo in MiddlewareMixin deprecation note.
    • 246a31a [3.2.x] Fixed #32783 -- Fixed crash of autoreloader when main module does...
    • 4ba4c07 [3.2.x] Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.
    • c0d506f [3.2.x] Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for ...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 1
  • Update django to 3.2.2

    Update django to 3.2.2

    This PR updates django from 3.1.4 to 3.2.2.

    Changelog

    3.2.2

    ==========================
    
    *May 6, 2021*
    
    Django 3.2.2 fixes a security issue and a bug in 3.2.1.
    
    CVE-2021-32052: Header injection possibility since ``URLValidator`` accepted newlines in input on Python 3.9.5+
    ===============================================================================================================
    
    On Python 3.9.5+, :class:`~django.core.validators.URLValidator` didn&#39;t prohibit
    newlines and tabs. If you used values with newlines in HTTP response, you could
    suffer from header injection attacks. Django itself wasn&#39;t vulnerable because
    :class:`~django.http.HttpResponse` prohibits newlines in HTTP headers.
    
    Moreover, the ``URLField`` form field which uses ``URLValidator`` silently
    removes newlines and tabs on Python 3.9.5+, so the possibility of newlines
    entering your data only existed if you are using this validator outside of the
    form fields.
    
    This issue was introduced by the :bpo:`43882` fix.
    
    Bugfixes
    ========
    
    * Prevented, following a regression in Django 3.2.1, :djadmin:`makemigrations`
    from generating infinite migrations for a model with ``Meta.ordering``
    contained ``OrderBy`` expressions (:ticket:`32714`).
    
    
    ==========================
    

    3.2.1

    ==========================
    
    *May 4, 2021*
    
    Django 3.2.1 fixes a security issue and several bugs in 3.2.
    
    CVE-2021-31542: Potential directory-traversal via uploaded files
    ================================================================
    
    ``MultiPartParser``, ``UploadedFile``, and ``FieldFile`` allowed
    directory-traversal via uploaded files with suitably crafted file names.
    
    In order to mitigate this risk, stricter basename and path sanitation is now
    applied. Specifically, empty file names and paths with dot segments will be
    rejected.
    
    Bugfixes
    ========
    
    * Corrected detection of GDAL 3.2 on Windows (:ticket:`32544`).
    
    * Fixed a bug in Django 3.2 where subclasses of ``BigAutoField`` and
    ``SmallAutoField`` were not allowed for the :setting:`DEFAULT_AUTO_FIELD`
    setting (:ticket:`32620`).
    
    * Fixed a regression in Django 3.2 that caused a crash of
    ``QuerySet.values()/values_list()`` after ``QuerySet.union()``,
    ``intersection()``, and ``difference()`` when it was ordered by an
    unannotated field (:ticket:`32627`).
    
    * Restored, following a regression in Django 3.2, displaying an exception
    message on the technical 404 debug page (:ticket:`32637`).
    
    * Fixed a bug in Django 3.2 where a system check would crash on a reverse
    one-to-one relationships in ``CheckConstraint.check`` or
    ``UniqueConstraint.condition`` (:ticket:`32635`).
    
    * Fixed a regression in Django 3.2 that caused a crash of
    :attr:`.ModelAdmin.search_fields` when searching against phrases with
    unbalanced quotes (:ticket:`32649`).
    
    * Fixed a bug in Django 3.2 where variable lookup errors were logged rendering
    the sitemap template if alternates were not defined (:ticket:`32648`).
    
    * Fixed a regression in Django 3.2 that caused a crash when combining ``Q()``
    objects which contains boolean expressions (:ticket:`32548`).
    
    * Fixed a regression in Django 3.2 that caused a crash of ``QuerySet.update()``
    on a queryset ordered by inherited or joined fields on MySQL and MariaDB
    (:ticket:`32645`).
    
    * Fixed a regression in Django 3.2 that caused a crash when decoding a cookie
    value, used by ``django.contrib.messages.storage.cookie.CookieStorage``, in
    the pre-Django 3.2 format (:ticket:`32643`).
    
    * Fixed a regression in Django 3.2 that stopped the shift-key modifier
    selecting multiple rows in the admin changelist (:ticket:`32647`).
    
    * Fixed a bug in Django 3.2 where a system check would crash on the
    :setting:`STATICFILES_DIRS` setting with a list of 2-tuples of
    ``(prefix, path)`` (:ticket:`32665`).
    
    * Fixed a long standing bug involving queryset bitwise combination when used
    with subqueries that began manifesting in Django 3.2, due to a separate fix
    using ``Exists`` to ``exclude()`` multi-valued relationships
    (:ticket:`32650`).
    
    * Fixed a bug in Django 3.2 where variable lookup errors were logged when
    rendering some admin templates (:ticket:`32681`).
    
    * Fixed a bug in Django 3.2 where an admin changelist would crash when deleting
    objects filtered against multi-valued relationships (:ticket:`32682`). The
    admin changelist now uses ``Exists()`` instead ``QuerySet.distinct()``
    because calling ``delete()`` after ``distinct()`` is not allowed in Django
    3.2 to address a data loss possibility.
    
    * Fixed a regression in Django 3.2 where the calling process environment would
    not be passed to the ``dbshell`` command on PostgreSQL (:ticket:`32687`).
    
    * Fixed a performance regression in Django 3.2 when building complex filters
    with subqueries (:ticket:`32632`). As a side-effect the private API to check
    ``django.db.sql.query.Query`` equality is removed.
    
    
    ========================
    

    3.2

    ========================
    
    *April 6, 2021*
    
    Welcome to Django 3.2!
    
    These release notes cover the :ref:`new features &lt;whats-new-3.2&gt;`, as well as
    some :ref:`backwards incompatible changes &lt;backwards-incompatible-3.2&gt;` you&#39;ll
    want to be aware of when upgrading from Django 3.1 or earlier. We&#39;ve
    :ref:`begun the deprecation process for some features
    &lt;deprecated-features-3.2&gt;`.
    
    See the :doc:`/howto/upgrade-version` guide if you&#39;re updating an existing
    project.
    
    Django 3.2 is designated as a :term:`long-term support release
    &lt;Long-term support release&gt;`. It will receive security updates for at least
    three years after its release. Support for the previous LTS, Django 2.2, will
    end in April 2022.
    
    Python compatibility
    ====================
    
    Django 3.2 supports Python 3.6, 3.7, 3.8, and 3.9. We **highly recommend** and
    only officially support the latest release of each series.
    
    .. _whats-new-3.2:
    
    What&#39;s new in Django 3.2
    ========================
    
    Automatic :class:`~django.apps.AppConfig` discovery
    ---------------------------------------------------
    
    Most pluggable applications define an :class:`~django.apps.AppConfig` subclass
    in an ``apps.py`` submodule. Many define a ``default_app_config`` variable
    pointing to this class in their ``__init__.py``.
    
    When the ``apps.py`` submodule exists and defines a single
    :class:`~django.apps.AppConfig` subclass, Django now uses that configuration
    automatically, so you can remove ``default_app_config``.
    
    ``default_app_config`` made it possible to declare only the application&#39;s path
    in :setting:`INSTALLED_APPS` (e.g. ``&#39;django.contrib.admin&#39;``) rather than the
    app config&#39;s path (e.g. ``&#39;django.contrib.admin.apps.AdminConfig&#39;``). It was
    introduced for backwards-compatibility with the former style, with the intent
    to switch the ecosystem to the latter, but the switch didn&#39;t happen.
    
    With automatic ``AppConfig`` discovery, ``default_app_config`` is no longer
    needed. As a consequence, it&#39;s deprecated.
    
    See :ref:`configuring-applications-ref` for full details.
    
    Customizing type of auto-created primary keys
    ---------------------------------------------
    
    When defining a model, if no field in a model is defined with
    :attr:`primary_key=True &lt;django.db.models.Field.primary_key&gt;` an implicit
    primary key is added. The type of this implicit primary key can now be
    controlled via the :setting:`DEFAULT_AUTO_FIELD` setting and
    :attr:`AppConfig.default_auto_field &lt;django.apps.AppConfig.default_auto_field&gt;`
    attribute. No more needing to override primary keys in all models.
    
    Maintaining the historical behavior, the default value for
    :setting:`DEFAULT_AUTO_FIELD` is :class:`~django.db.models.AutoField`. Starting
    with 3.2 new projects are generated with :setting:`DEFAULT_AUTO_FIELD` set to
    :class:`~django.db.models.BigAutoField`. Also, new apps are generated with
    :attr:`AppConfig.default_auto_field &lt;django.apps.AppConfig.default_auto_field&gt;`
    set to :class:`~django.db.models.BigAutoField`. In a future Django release the
    default value of :setting:`DEFAULT_AUTO_FIELD` will be changed to
    :class:`~django.db.models.BigAutoField`.
    
    To avoid unwanted migrations in the future, either explicitly set
    :setting:`DEFAULT_AUTO_FIELD` to :class:`~django.db.models.AutoField`::
    
     DEFAULT_AUTO_FIELD = &#39;django.db.models.AutoField&#39;
    
    or configure it on a per-app basis::
    
     from django.apps import AppConfig
    
     class MyAppConfig(AppConfig):
         default_auto_field = &#39;django.db.models.AutoField&#39;
         name = &#39;my_app&#39;
    
    or on a per-model basis::
    
     from django.db import models
    
     class MyModel(models.Model):
         id = models.AutoField(primary_key=True)
    
    In anticipation of the changing default, a system check will provide a warning
    if you do not have an explicit setting for :setting:`DEFAULT_AUTO_FIELD`.
    
    When changing the value of :setting:`DEFAULT_AUTO_FIELD`, migrations for the
    primary key of existing auto-created through tables cannot be generated
    currently. See the :setting:`DEFAULT_AUTO_FIELD` docs for details on migrating
    such tables.
    
    .. _new_functional_indexes:
    
    Functional indexes
    ------------------
    
    The new :attr:`*expressions &lt;django.db.models.Index.expressions&gt;` positional
    argument of :class:`Index() &lt;django.db.models.Index&gt;` enables creating
    functional indexes on expressions and database functions. For example::
    
     from django.db import models
     from django.db.models import F, Index, Value
     from django.db.models.functions import Lower, Upper
    
    
     class MyModel(models.Model):
         first_name = models.CharField(max_length=255)
         last_name = models.CharField(max_length=255)
         height = models.IntegerField()
         weight = models.IntegerField()
    
         class Meta:
             indexes = [
                 Index(
                     Lower(&#39;first_name&#39;),
                     Upper(&#39;last_name&#39;).desc(),
                     name=&#39;first_last_name_idx&#39;,
                 ),
                 Index(
                     F(&#39;height&#39;) / (F(&#39;weight&#39;) + Value(5)),
                     name=&#39;calc_idx&#39;,
                 ),
             ]
    
    Functional indexes are added to models using the
    :attr:`Meta.indexes &lt;django.db.models.Options.indexes&gt;` option.
    
    ``pymemcache`` support
    ----------------------
    
    The new ``django.core.cache.backends.memcached.PyMemcacheCache`` cache backend
    allows using the pymemcache_ library for memcached. ``pymemcache`` 3.4.0 or
    higher is required. For more details, see the :doc:`documentation on caching in
    Django &lt;/topics/cache&gt;`.
    
    .. _pymemcache: https://pypi.org/project/pymemcache/
    
    New decorators for the admin site
    ---------------------------------
    
    The new :func:`~django.contrib.admin.display` decorator allows for easily
    adding options to custom display functions that can be used with
    :attr:`~django.contrib.admin.ModelAdmin.list_display` or
    :attr:`~django.contrib.admin.ModelAdmin.readonly_fields`.
    
    Likewise, the new :func:`~django.contrib.admin.action` decorator allows for
    easily adding options to action functions that can be used with
    :attr:`~django.contrib.admin.ModelAdmin.actions`.
    
    Using the ``display`` decorator has the advantage that it is now
    possible to use the ``property`` decorator when needing to specify attributes
    on the custom method. Prior to this it was necessary to use the ``property()``
    function instead after assigning the required attributes to the method.
    
    Using decorators has the advantage that these options are more discoverable as
    they can be suggested by completion utilities in code editors. They are merely
    a convenience and still set the same attributes on the functions under the
    hood.
    
    Minor features
    --------------
    
    :mod:`django.contrib.admin`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * :attr:`.ModelAdmin.search_fields` now allows searching against quoted phrases
    with spaces.
    
    * Read-only related fields are now rendered as navigable links if target models
    are registered in the admin.
    
    * The admin now supports theming, and includes a dark theme that is enabled
    according to browser settings. See :ref:`admin-theming` for more details.
    
    * :attr:`.ModelAdmin.autocomplete_fields` now respects
    :attr:`ForeignKey.to_field &lt;django.db.models.ForeignKey.to_field&gt;` and
    :attr:`ForeignKey.limit_choices_to
    &lt;django.db.models.ForeignKey.limit_choices_to&gt;` when searching a related
    model.
    
    * The admin now installs a final catch-all view that redirects unauthenticated
    users to the login page, regardless of whether the URL is otherwise valid.
    This protects against a potential model enumeration privacy issue.
    
    Although not recommended, you may set the new
    :attr:`.AdminSite.final_catch_all_view` to ``False`` to disable the
    catch-all view.
    
    :mod:`django.contrib.auth`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The default iteration count for the PBKDF2 password hasher is increased from
    216,000 to 260,000.
    
    * The default variant for the Argon2 password hasher is changed to Argon2id.
    ``memory_cost`` and ``parallelism`` are increased to 102,400 and 8
    respectively to match the ``argon2-cffi`` defaults.
    
    Increasing the ``memory_cost`` pushes the required memory from 512 KB to 100
    MB. This is still rather conservative but can lead to problems in memory
    constrained environments. If this is the case, the existing hasher can be
    subclassed to override the defaults.
    
    * The default salt entropy for the Argon2, MD5, PBKDF2, SHA-1 password hashers
    is increased from 71 to 128 bits.
    
    :mod:`django.contrib.contenttypes`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new ``absolute_max`` argument for
    :func:`~django.contrib.contenttypes.forms.generic_inlineformset_factory`
    allows customizing the maximum number of forms that can be instantiated when
    supplying ``POST`` data. See :ref:`formsets-absolute-max` for more details.
    
    * The new ``can_delete_extra`` argument for
    :func:`~django.contrib.contenttypes.forms.generic_inlineformset_factory`
    allows removal of the option to delete extra forms. See
    :attr:`~.BaseFormSet.can_delete_extra` for more information.
    
    :mod:`django.contrib.gis`
    ~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The :meth:`.GDALRaster.transform` method now supports
    :class:`~django.contrib.gis.gdal.SpatialReference`.
    
    * The :class:`~django.contrib.gis.gdal.DataSource` class now supports
    :class:`pathlib.Path`.
    
    * The :class:`~django.contrib.gis.utils.LayerMapping` class now supports
    :class:`pathlib.Path`.
    
    :mod:`django.contrib.postgres`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new :attr:`.ExclusionConstraint.include` attribute allows creating
    covering exclusion constraints on PostgreSQL 12+.
    
    * The new :attr:`.ExclusionConstraint.opclasses` attribute allows setting
    PostgreSQL operator classes.
    
    * The new :attr:`.JSONBAgg.ordering` attribute determines the ordering of the
    aggregated elements.
    
    * The new :attr:`.JSONBAgg.distinct` attribute determines if aggregated values
    will be distinct.
    
    * The :class:`~django.contrib.postgres.operations.CreateExtension` operation
    now checks that the extension already exists in the database and skips the
    migration if so.
    
    * The new :class:`~django.contrib.postgres.operations.CreateCollation` and
    :class:`~django.contrib.postgres.operations.RemoveCollation` operations
    allow creating and dropping collations on PostgreSQL. See
    :ref:`manage-postgresql-collations` for more details.
    
    * Lookups for :class:`~django.contrib.postgres.fields.ArrayField` now allow
    (non-nested) arrays containing expressions as right-hand sides.
    
    * The new :class:`OpClass() &lt;django.contrib.postgres.indexes.OpClass&gt;`
    expression allows creating functional indexes on expressions with a custom
    operator class. See :ref:`new_functional_indexes` for more details.
    
    :mod:`django.contrib.sitemaps`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new :class:`~django.contrib.sitemaps.Sitemap` attributes
    :attr:`~django.contrib.sitemaps.Sitemap.alternates`,
    :attr:`~django.contrib.sitemaps.Sitemap.languages` and
    :attr:`~django.contrib.sitemaps.Sitemap.x_default` allow
    generating sitemap *alternates* to localized versions of your pages.
    
    :mod:`django.contrib.syndication`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new ``item_comments`` hook allows specifying a comments URL per feed
    item.
    
    Database backends
    ~~~~~~~~~~~~~~~~~
    
    * Third-party database backends can now skip or mark as expected failures
    tests in Django&#39;s test suite using the new
    ``DatabaseFeatures.django_test_skips`` and
    ``django_test_expected_failures`` attributes.
    
    Decorators
    ~~~~~~~~~~
    
    * The new :func:`~django.views.decorators.common.no_append_slash` decorator
    allows individual views to be excluded from :setting:`APPEND_SLASH` URL
    normalization.
    
    Error Reporting
    ~~~~~~~~~~~~~~~
    
    * Custom :class:`~django.views.debug.ExceptionReporter` subclasses can now
    define the :attr:`~django.views.debug.ExceptionReporter.html_template_path`
    and :attr:`~django.views.debug.ExceptionReporter.text_template_path`
    properties to override the templates used to render exception reports.
    
    File Uploads
    ~~~~~~~~~~~~
    
    * The new :meth:`FileUploadHandler.upload_interrupted()
    &lt;django.core.files.uploadhandler.FileUploadHandler.upload_interrupted&gt;`
    callback allows handling interrupted uploads.
    
    Forms
    ~~~~~
    
    * The new ``absolute_max`` argument for :func:`.formset_factory`,
    :func:`.inlineformset_factory`, and :func:`.modelformset_factory` allows
    customizing the maximum number of forms that can be instantiated when
    supplying ``POST`` data. See :ref:`formsets-absolute-max` for more details.
    
    * The new ``can_delete_extra`` argument for :func:`.formset_factory`,
    :func:`.inlineformset_factory`, and :func:`.modelformset_factory` allows
    removal of the option to delete extra forms. See
    :attr:`~.BaseFormSet.can_delete_extra` for more information.
    
    * :class:`~django.forms.formsets.BaseFormSet` now reports a user facing error,
    rather than raising an exception, when the management form is missing or has
    been tampered with. To customize this error message, pass the
    ``error_messages`` argument with the key ``&#39;missing_management_form&#39;`` when
    instantiating the formset.
    
    Generic Views
    ~~~~~~~~~~~~~
    
    * The ``week_format`` attributes of
    :class:`~django.views.generic.dates.WeekMixin` and
    :class:`~django.views.generic.dates.WeekArchiveView` now support the
    ``&#39;%V&#39;`` ISO 8601 week format.
    
    Management Commands
    ~~~~~~~~~~~~~~~~~~~
    
    * :djadmin:`loaddata` now supports fixtures stored in XZ archives (``.xz``) and
    LZMA archives (``.lzma``).
    
    * :djadmin:`dumpdata` now can compress data in the ``bz2``, ``gz``, ``lzma``,
    or ``xz`` formats.
    
    * :djadmin:`makemigrations` can now be called without an active database
    connection. In that case, check for a consistent migration history is
    skipped.
    
    * :attr:`.BaseCommand.requires_system_checks` now supports specifying a list of
    tags. System checks registered in the chosen tags will be checked for errors
    prior to executing the command. In previous versions, either all or none
    of the system checks were performed.
    
    * Support for colored terminal output on Windows is updated. Various modern
    terminal environments are automatically detected, and the options for
    enabling support in other cases are improved. See :ref:`syntax-coloring` for
    more details.
    
    Migrations
    ~~~~~~~~~~
    
    * The new ``Operation.migration_name_fragment`` property allows providing a
    filename fragment that will be used to name a migration containing only that
    operation.
    
    * Migrations now support serialization of pure and concrete path objects from
    :mod:`pathlib`, and :class:`os.PathLike` instances.
    
    Models
    ~~~~~~
    
    * The new ``no_key`` parameter for :meth:`.QuerySet.select_for_update()`,
    supported on PostgreSQL, allows acquiring weaker locks that don&#39;t block the
    creation of rows that reference locked rows through a foreign key.
    
    * :class:`When() &lt;django.db.models.expressions.When&gt;` expression now allows
    using the ``condition`` argument with ``lookups``.
    
    * The new :attr:`.Index.include` and :attr:`.UniqueConstraint.include`
    attributes allow creating covering indexes and covering unique constraints on
    PostgreSQL 11+.
    
    * The new :attr:`.UniqueConstraint.opclasses` attribute allows setting
    PostgreSQL operator classes.
    
    * The :meth:`.QuerySet.update` method now respects the ``order_by()`` clause on
    MySQL and MariaDB.
    
    * :class:`FilteredRelation() &lt;django.db.models.FilteredRelation&gt;` now supports
    nested relations.
    
    * The ``of`` argument of :meth:`.QuerySet.select_for_update()` is now allowed
    on MySQL 8.0.1+.
    
    * :class:`Value() &lt;django.db.models.Value&gt;` expression now
    automatically resolves its ``output_field`` to the appropriate
    :class:`Field &lt;django.db.models.Field&gt;` subclass based on the type of
    its provided ``value`` for :py:class:`bool`, :py:class:`bytes`,
    :py:class:`float`, :py:class:`int`, :py:class:`str`,
    :py:class:`datetime.date`, :py:class:`datetime.datetime`,
    :py:class:`datetime.time`, :py:class:`datetime.timedelta`,
    :py:class:`decimal.Decimal`, and :py:class:`uuid.UUID` instances. As a
    consequence, resolving an ``output_field`` for database functions and
    combined expressions may now crash with mixed types when using ``Value()``.
    You will need to explicitly set the ``output_field`` in such cases.
    
    * The new :meth:`.QuerySet.alias` method allows creating reusable aliases for
    expressions that don&#39;t need to be selected but are used for filtering,
    ordering, or as a part of complex expressions.
    
    * The new :class:`~django.db.models.functions.Collate` function allows
    filtering and ordering by specified database collations.
    
    * The ``field_name`` argument of :meth:`.QuerySet.in_bulk()` now accepts
    distinct fields if there&#39;s only one field specified in
    :meth:`.QuerySet.distinct`.
    
    * The new ``tzinfo`` parameter of the
    :class:`~django.db.models.functions.TruncDate` and
    :class:`~django.db.models.functions.TruncTime` database functions allows
    truncating datetimes in a specific timezone.
    
    * The new ``db_collation`` argument for
    :attr:`CharField &lt;django.db.models.CharField.db_collation&gt;` and
    :attr:`TextField &lt;django.db.models.TextField.db_collation&gt;` allows setting a
    database collation for the field.
    
    * Added the :class:`~django.db.models.functions.Random` database function.
    
    * :ref:`aggregation-functions`, :class:`F() &lt;django.db.models.F&gt;`,
    :class:`OuterRef() &lt;django.db.models.OuterRef&gt;`, and other expressions now
    allow using transforms. See :ref:`using-transforms-in-expressions` for
    details.
    
    * The new ``durable`` argument for :func:`~django.db.transaction.atomic`
    guarantees that changes made in the atomic block will be committed if the
    block exits without errors. A nested atomic block marked as durable will
    raise a ``RuntimeError``.
    
    * Added the :class:`~django.db.models.functions.JSONObject` database function.
    
    Pagination
    ~~~~~~~~~~
    
    * The new :meth:`django.core.paginator.Paginator.get_elided_page_range` method
    allows generating a page range with some of the values elided. If there are a
    large number of pages, this can be helpful for generating a reasonable number
    of page links in a template.
    
    Requests and Responses
    ~~~~~~~~~~~~~~~~~~~~~~
    
    * Response headers are now stored in :attr:`.HttpResponse.headers`. This can be
    used instead of the original dict-like interface of ``HttpResponse`` objects.
    Both interfaces will continue to be supported. See
    :ref:`setting-header-fields` for details.
    
    * The new ``headers`` parameter of :class:`~django.http.HttpResponse`,
    :class:`~django.template.response.SimpleTemplateResponse`, and
    :class:`~django.template.response.TemplateResponse` allows setting response
    :attr:`~django.http.HttpResponse.headers` on instantiation.
    
    Security
    ~~~~~~~~
    
    * The :setting:`SECRET_KEY` setting is now checked for a valid value upon first
    access, rather than when settings are first loaded. This enables running
    management commands that do not rely on the ``SECRET_KEY`` without needing to
    provide a value. As a consequence of this, calling
    :func:`~django.conf.settings.configure` without providing a valid
    ``SECRET_KEY``, and then going on to access ``settings.SECRET_KEY`` will now
    raise an :exc:`~django.core.exceptions.ImproperlyConfigured` exception.
    
    * The new ``Signer.sign_object()`` and ``Signer.unsign_object()`` methods allow
    signing complex data structures. See :ref:`signing-complex-data` for more
    details.
    
    Also, :func:`signing.dumps() &lt;django.core.signing.dumps&gt;` and
    :func:`~django.core.signing.loads` become shortcuts for
    :meth:`.TimestampSigner.sign_object` and
    :meth:`~.TimestampSigner.unsign_object`.
    
    Serialization
    ~~~~~~~~~~~~~
    
    * The new :ref:`JSONL &lt;serialization-formats-jsonl&gt;` serializer allows using
    the JSON Lines format with :djadmin:`dumpdata` and :djadmin:`loaddata`. This
    can be useful for populating large databases because data is loaded line by
    line into memory, rather than being loaded all at once.
    
    Signals
    ~~~~~~~
    
    * :meth:`Signal.send_robust() &lt;django.dispatch.Signal.send_robust&gt;` now logs
    exceptions.
    
    Templates
    ~~~~~~~~~
    
    * :tfilter:`floatformat` template filter now allows using the ``g`` suffix to
    force grouping by the :setting:`THOUSAND_SEPARATOR` for the active locale.
    
    * Templates cached with :ref:`Cached template loaders&lt;template-loaders&gt;` are
    now correctly reloaded in development.
    
    Tests
    ~~~~~
    
    * Objects assigned to class attributes in :meth:`.TestCase.setUpTestData` are
    now isolated for each test method. Such objects are now required to support
    creating deep copies with :py:func:`copy.deepcopy`. Assigning objects which
    don&#39;t support ``deepcopy()`` is deprecated and will be removed in Django 4.1.
    
    * :class:`~django.test.runner.DiscoverRunner` now enables
    :py:mod:`faulthandler` by default. This can be disabled by using the
    :option:`test --no-faulthandler` option.
    
    * :class:`~django.test.runner.DiscoverRunner` and the
    :djadmin:`test` management command can now track timings, including database
    setup and total run time. This can be enabled by using the :option:`test
    --timing` option.
    
    * :class:`~django.test.Client` now preserves the request query string when
    following 307 and 308 redirects.
    
    * The new :meth:`.TestCase.captureOnCommitCallbacks` method captures callback
    functions passed to :func:`transaction.on_commit()
    &lt;django.db.transaction.on_commit&gt;` in a list. This allows you to test such
    callbacks without using the slower :class:`.TransactionTestCase`.
    
    * :meth:`.TransactionTestCase.assertQuerysetEqual` now supports direct
    comparison against another queryset rather than being restricted to
    comparison against a list of string representations of objects when using the
    default value for the ``transform`` argument.
    
    Utilities
    ~~~~~~~~~
    
    * The new ``depth`` parameter of ``django.utils.timesince.timesince()`` and
    ``django.utils.timesince.timeuntil()`` functions allows specifying the number
    of adjacent time units to return.
    
    Validators
    ~~~~~~~~~~
    
    * Built-in validators now include the provided value in the ``params`` argument
    of a raised :exc:`~django.core.exceptions.ValidationError`. This allows
    custom error messages to use the ``%(value)s`` placeholder.
    
    * The :class:`.ValidationError` equality operator now ignores ``messages`` and
    ``params`` ordering.
    
    .. _backwards-incompatible-3.2:
    
    Backwards incompatible changes in 3.2
    =====================================
    
    Database backend API
    --------------------
    
    This section describes changes that may be needed in third-party database
    backends.
    
    * The new ``DatabaseFeatures.introspected_field_types`` property replaces these
    features:
    
    * ``can_introspect_autofield``
    * ``can_introspect_big_integer_field``
    * ``can_introspect_binary_field``
    * ``can_introspect_decimal_field``
    * ``can_introspect_duration_field``
    * ``can_introspect_ip_address_field``
    * ``can_introspect_positive_integer_field``
    * ``can_introspect_small_integer_field``
    * ``can_introspect_time_field``
    * ``introspected_big_auto_field_type``
    * ``introspected_small_auto_field_type``
    * ``introspected_boolean_field_type``
    
    * To enable support for covering indexes (:attr:`.Index.include`) and covering
    unique constraints (:attr:`.UniqueConstraint.include`), set
    ``DatabaseFeatures.supports_covering_indexes`` to ``True``.
    
    * Third-party database backends must implement support for column database
    collations on ``CharField``\s and ``TextField``\s or set
    ``DatabaseFeatures.supports_collation_on_charfield`` and
    ``DatabaseFeatures.supports_collation_on_textfield`` to ``False``. If
    non-deterministic collations are not supported, set
    ``supports_non_deterministic_collations`` to ``False``.
    
    * ``DatabaseOperations.random_function_sql()`` is removed in favor of the new
    :class:`~django.db.models.functions.Random` database function.
    
    * ``DatabaseOperations.date_trunc_sql()`` and
    ``DatabaseOperations.time_trunc_sql()`` now take the optional ``tzname``
    argument in order to truncate in a specific timezone.
    
    * ``DatabaseClient.runshell()`` now gets arguments and an optional dictionary
    with environment variables to the underlying command-line client from
    ``DatabaseClient.settings_to_cmd_args_env()`` method. Third-party database
    backends must implement ``DatabaseClient.settings_to_cmd_args_env()`` or
    override ``DatabaseClient.runshell()``.
    
    * Third-party database backends must implement support for functional indexes
    (:attr:`.Index.expressions`) or set
    ``DatabaseFeatures.supports_expression_indexes`` to ``False``. If ``COLLATE``
    is not a part of the ``CREATE INDEX`` statement, set
    ``DatabaseFeatures.collate_as_index_expression`` to ``True``.
    
    :mod:`django.contrib.admin`
    ---------------------------
    
    * Pagination links in the admin are now 1-indexed instead of 0-indexed, i.e.
    the query string for the first page is ``?p=1`` instead of ``?p=0``.
    
    * The new admin catch-all view will break URL patterns routed after the admin
    URLs and matching the admin URL prefix. You can either adjust your URL
    ordering or, if necessary, set :attr:`AdminSite.final_catch_all_view
    &lt;django.contrib.admin.AdminSite.final_catch_all_view&gt;` to ``False``,
    disabling the catch-all view. See :ref:`whats-new-3.2` for more details.
    
    * Minified JavaScript files are no longer included with the admin. If you
    require these files to be minified, consider using a third party app or
    external build tool. The minified vendored JavaScript files packaged with the
    admin (e.g. :ref:`jquery.min.js &lt;contrib-admin-jquery&gt;`) are still included.
    
    * :attr:`.ModelAdmin.prepopulated_fields` no longer strips English stop words,
    such as ``&#39;a&#39;`` or ``&#39;an&#39;``.
    
    :mod:`django.contrib.gis`
    -------------------------
    
    * Support for PostGIS 2.2 is removed.
    
    * The Oracle backend now clones polygons (and geometry collections containing
    polygons) before reorienting them and saving them to the database. They are
    no longer mutated in place. You might notice this if you use the polygons
    after a model is saved.
    
    Dropped support for PostgreSQL 9.5
    ----------------------------------
    
    Upstream support for PostgreSQL 9.5 ends in February 2021. Django 3.2 supports
    PostgreSQL 9.6 and higher.
    
    Dropped support for MySQL 5.6
    -----------------------------
    
    The end of upstream support for MySQL 5.6 is April 2021. Django 3.2 supports
    MySQL 5.7 and higher.
    
    Miscellaneous
    -------------
    
    * Django now supports non-``pytz`` time zones, such as Python 3.9+&#39;s
    :mod:`zoneinfo` module and its backport.
    
    * The undocumented ``SpatiaLiteOperations.proj4_version()`` method is renamed
    to ``proj_version()``.
    
    * :func:`~django.utils.text.slugify` now removes leading and trailing dashes
    and underscores.
    
    * The :tfilter:`intcomma` and :tfilter:`intword` template filters no longer
    depend on the :setting:`USE_L10N` setting.
    
    * Support for ``argon2-cffi`` &lt; 19.1.0 is removed.
    
    * The cache keys no longer includes the language when internationalization is
    disabled (``USE_I18N = False``) and localization is enabled
    (``USE_L10N = True``). After upgrading to Django 3.2 in such configurations,
    the first request to any previously cached value will be a cache miss.
    
    * ``ForeignKey.validate()`` now uses
    :attr:`~django.db.models.Model._base_manager` rather than
    :attr:`~django.db.models.Model._default_manager` to check that related
    instances exist.
    
    * When an application defines an :class:`~django.apps.AppConfig` subclass in
    an ``apps.py`` submodule, Django now uses this configuration automatically,
    even if it isn&#39;t enabled with ``default_app_config``. Set ``default = False``
    in the :class:`~django.apps.AppConfig` subclass if you need to prevent this
    behavior. See :ref:`whats-new-3.2` for more details.
    
    * Instantiating an abstract model now raises ``TypeError``.
    
    * Keyword arguments to :func:`~django.test.utils.setup_databases` are now
    keyword-only.
    
    * The undocumented ``django.utils.http.limited_parse_qsl()`` function is
    removed. Please use :func:`urllib.parse.parse_qsl` instead.
    
    * ``django.test.utils.TestContextDecorator`` now uses
    :py:meth:`~unittest.TestCase.addCleanup` so that cleanups registered in the
    :py:meth:`~unittest.TestCase.setUp` method are called before
    ``TestContextDecorator.disable()``.
    
    * ``SessionMiddleware`` now raises a
    :exc:`~django.contrib.sessions.exceptions.SessionInterrupted` exception
    instead of :exc:`~django.core.exceptions.SuspiciousOperation` when a session
    is destroyed in a concurrent request.
    
    * The :class:`django.db.models.Field` equality operator now correctly
    distinguishes inherited field instances across models. Additionally, the
    ordering of such fields is now defined.
    
    * The undocumented ``django.core.files.locks.lock()`` function now returns
    ``False`` if the file cannot be locked, instead of raising
    :exc:`BlockingIOError`.
    
    * The password reset mechanism now invalidates tokens when the user email is
    changed.
    
    * :djadmin:`makemessages` command no longer processes invalid locales specified
    using :option:`makemessages --locale` option, when they contain hyphens
    (``&#39;-&#39;``).
    
    * The ``django.contrib.auth.forms.ReadOnlyPasswordHashField`` form field is now
    :attr:`~django.forms.Field.disabled` by default. Therefore
    ``UserChangeForm.clean_password()`` is no longer required to return the
    initial value.
    
    * The ``cache.get_many()``, ``get_or_set()``, ``has_key()``, ``incr()``,
    ``decr()``, ``incr_version()``, and ``decr_version()`` cache operations now
    correctly handle ``None`` stored in the cache, in the same way as any other
    value, instead of behaving as though the key didn&#39;t exist.
    
    Due to a ``python-memcached`` limitation, the previous behavior is kept for
    the deprecated ``MemcachedCache`` backend.
    
    * The minimum supported version of SQLite is increased from 3.8.3 to 3.9.0.
    
    * :class:`~django.contrib.messages.storage.cookie.CookieStorage` now stores
    messages in the :rfc:`6265` compliant format. Support for cookies that use
    the old format remains until Django 4.1.
    
    * The minimum supported version of ``asgiref`` is increased from 3.2.10 to
    3.3.2.
    
    .. _deprecated-features-3.2:
    
    Features deprecated in 3.2
    ==========================
    
    Miscellaneous
    -------------
    
    * Assigning objects which don&#39;t support creating deep copies with
    :py:func:`copy.deepcopy` to class attributes in
    :meth:`.TestCase.setUpTestData` is deprecated.
    
    * Using a boolean value in :attr:`.BaseCommand.requires_system_checks` is
    deprecated. Use ``&#39;__all__&#39;`` instead of ``True``, and ``[]`` (an empty list)
    instead of ``False``.
    
    * The ``whitelist`` argument and ``domain_whitelist`` attribute of
    :class:`~django.core.validators.EmailValidator` are deprecated. Use
    ``allowlist`` instead of ``whitelist``, and ``domain_allowlist`` instead of
    ``domain_whitelist``. You may need to rename ``whitelist`` in existing
    migrations.
    
    * The ``default_app_config`` application configuration variable is deprecated,
    due to the now automatic ``AppConfig`` discovery. See :ref:`whats-new-3.2`
    for more details.
    
    * Automatically calling ``repr()`` on a queryset in
    ``TransactionTestCase.assertQuerysetEqual()``, when compared to string
    values, is deprecated. If you need the previous behavior, explicitly set
    ``transform`` to ``repr``.
    
    * The ``django.core.cache.backends.memcached.MemcachedCache`` backend is
    deprecated as ``python-memcached`` has some problems and seems to be
    unmaintained. Use ``django.core.cache.backends.memcached.PyMemcacheCache``
    or ``django.core.cache.backends.memcached.PyLibMCCache`` instead.
    
    * The format of messages used by
    ``django.contrib.messages.storage.cookie.CookieStorage`` is different from
    the format generated by older versions of Django. Support for the old format
    remains until Django 4.1.
    
    
    ===========================
    

    3.1.10

    ===========================
    
    *May 6, 2021*
    
    Django 3.1.10 fixes a security issue in 3.1.9.
    
    CVE-2021-32052: Header injection possibility since ``URLValidator`` accepted newlines in input on Python 3.9.5+
    ===============================================================================================================
    
    On Python 3.9.5+, :class:`~django.core.validators.URLValidator` didn&#39;t prohibit
    newlines and tabs. If you used values with newlines in HTTP response, you could
    suffer from header injection attacks. Django itself wasn&#39;t vulnerable because
    :class:`~django.http.HttpResponse` prohibits newlines in HTTP headers.
    
    Moreover, the ``URLField`` form field which uses ``URLValidator`` silently
    removes newlines and tabs on Python 3.9.5+, so the possibility of newlines
    entering your data only existed if you are using this validator outside of the
    form fields.
    
    This issue was introduced by the :bpo:`43882` fix.
    
    
    ==========================
    

    3.1.9

    ==========================
    
    *May 4, 2021*
    
    Django 3.1.9 fixes a security issue in 3.1.8.
    
    CVE-2021-31542: Potential directory-traversal via uploaded files
    ================================================================
    
    ``MultiPartParser``, ``UploadedFile``, and ``FieldFile`` allowed
    directory-traversal via uploaded files with suitably crafted file names.
    
    In order to mitigate this risk, stricter basename and path sanitation is now
    applied. Specifically, empty file names and paths with dot segments will be
    rejected.
    
    
    ==========================
    

    3.1.8

    ==========================
    
    *April 6, 2021*
    
    Django 3.1.8 fixes a security issue with severity &quot;low&quot; and a bug in 3.1.7.
    
    CVE-2021-28658: Potential directory-traversal via uploaded files
    ================================================================
    
    ``MultiPartParser`` allowed directory-traversal via uploaded files with
    suitably crafted file names.
    
    Built-in upload handlers were not affected by this vulnerability.
    
    Bugfixes
    ========
    
    * Fixed a bug in Django 3.1 where the output was hidden on a test error or
    failure when using :option:`test --pdb` with the
    :option:`--buffer &lt;test --buffer&gt;` option (:ticket:`32560`).
    
    
    ==========================
    

    3.1.7

    ==========================
    
    *February 19, 2021*
    
    Django 3.1.7 fixes a security issue and a bug in 3.1.6.
    
    CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()``
    =================================================================================
    
    Django contains a copy of :func:`urllib.parse.parse_qsl` which was added to
    backport some security fixes. A further security fix has been issued recently
    such that ``parse_qsl()`` no longer allows using ``;`` as a query parameter
    separator by default. Django now includes this fix. See :bpo:`42967` for
    further details.
    
    Bugfixes
    ========
    
    * Fixed a regression in Django 3.1 that caused ``RuntimeError`` instead of
    connection errors when using only the ``&#39;postgres&#39;`` database
    (:ticket:`32403`).
    
    
    ==========================
    

    3.1.6

    ==========================
    
    *February 1, 2021*
    
    Django 3.1.6 fixes a security issue with severity &quot;low&quot; and a bug in 3.1.5.
    
    CVE-2021-3281: Potential directory-traversal via ``archive.extract()``
    ======================================================================
    
    The ``django.utils.archive.extract()`` function, used by
    :option:`startapp --template` and :option:`startproject --template`, allowed
    directory-traversal via an archive with absolute paths or relative paths with
    dot segments.
    
    Bugfixes
    ========
    
    * Fixed an admin layout issue in Django 3.1 where changelist filter controls 
    would become squashed (:ticket:`32391`).
    
    
    ==========================
    

    3.1.5

    ==========================
    
    *January 4, 2021*
    
    Django 3.1.5 fixes several bugs in 3.1.4.
    
    Bugfixes
    ========
    
    * Fixed ``__isnull=True`` lookup on key transforms for
    :class:`~django.db.models.JSONField` with Oracle and SQLite
    (:ticket:`32252`).
    
    * Fixed a bug in Django 3.1 that caused a crash when processing middlewares in
    an async context with a middleware that raises a ``MiddlewareNotUsed``
    exception (:ticket:`32299`).
    
    * Fixed a regression in Django 3.1 that caused the incorrect prefixing of
    ``STATIC_URL`` and ``MEDIA_URL`` settings, by the server-provided value of
    ``SCRIPT_NAME`` (or ``/`` if not set), when set to a URL specifying the
    protocol but without a top-level domain, e.g. ``http://myhost/``
    (:ticket:`32304`).
    
    
    ==========================
    
    Links
    • PyPI: https://pypi.org/project/django
    • Changelog: https://pyup.io/changelogs/django/
    • Homepage: https://www.djangoproject.com/
    opened by pyup-bot 1
  • Update django to 3.2.1

    Update django to 3.2.1

    This PR updates django from 3.1.4 to 3.2.1.

    Changelog

    3.2.1

    ==========================
    
    *May 4, 2021*
    
    Django 3.2.1 fixes a security issue and several bugs in 3.2.
    
    CVE-2021-31542: Potential directory-traversal via uploaded files
    ================================================================
    
    ``MultiPartParser``, ``UploadedFile``, and ``FieldFile`` allowed
    directory-traversal via uploaded files with suitably crafted file names.
    
    In order to mitigate this risk, stricter basename and path sanitation is now
    applied. Specifically, empty file names and paths with dot segments will be
    rejected.
    
    Bugfixes
    ========
    
    * Corrected detection of GDAL 3.2 on Windows (:ticket:`32544`).
    
    * Fixed a bug in Django 3.2 where subclasses of ``BigAutoField`` and
    ``SmallAutoField`` were not allowed for the :setting:`DEFAULT_AUTO_FIELD`
    setting (:ticket:`32620`).
    
    * Fixed a regression in Django 3.2 that caused a crash of
    ``QuerySet.values()/values_list()`` after ``QuerySet.union()``,
    ``intersection()``, and ``difference()`` when it was ordered by an
    unannotated field (:ticket:`32627`).
    
    * Restored, following a regression in Django 3.2, displaying an exception
    message on the technical 404 debug page (:ticket:`32637`).
    
    * Fixed a bug in Django 3.2 where a system check would crash on a reverse
    one-to-one relationships in ``CheckConstraint.check`` or
    ``UniqueConstraint.condition`` (:ticket:`32635`).
    
    * Fixed a regression in Django 3.2 that caused a crash of
    :attr:`.ModelAdmin.search_fields` when searching against phrases with
    unbalanced quotes (:ticket:`32649`).
    
    * Fixed a bug in Django 3.2 where variable lookup errors were logged rendering
    the sitemap template if alternates were not defined (:ticket:`32648`).
    
    * Fixed a regression in Django 3.2 that caused a crash when combining ``Q()``
    objects which contains boolean expressions (:ticket:`32548`).
    
    * Fixed a regression in Django 3.2 that caused a crash of ``QuerySet.update()``
    on a queryset ordered by inherited or joined fields on MySQL and MariaDB
    (:ticket:`32645`).
    
    * Fixed a regression in Django 3.2 that caused a crash when decoding a cookie
    value, used by ``django.contrib.messages.storage.cookie.CookieStorage``, in
    the pre-Django 3.2 format (:ticket:`32643`).
    
    * Fixed a regression in Django 3.2 that stopped the shift-key modifier
    selecting multiple rows in the admin changelist (:ticket:`32647`).
    
    * Fixed a bug in Django 3.2 where a system check would crash on the
    :setting:`STATICFILES_DIRS` setting with a list of 2-tuples of
    ``(prefix, path)`` (:ticket:`32665`).
    
    * Fixed a long standing bug involving queryset bitwise combination when used
    with subqueries that began manifesting in Django 3.2, due to a separate fix
    using ``Exists`` to ``exclude()`` multi-valued relationships
    (:ticket:`32650`).
    
    * Fixed a bug in Django 3.2 where variable lookup errors were logged when
    rendering some admin templates (:ticket:`32681`).
    
    * Fixed a bug in Django 3.2 where an admin changelist would crash when deleting
    objects filtered against multi-valued relationships (:ticket:`32682`). The
    admin changelist now uses ``Exists()`` instead ``QuerySet.distinct()``
    because calling ``delete()`` after ``distinct()`` is not allowed in Django
    3.2 to address a data loss possibility.
    
    * Fixed a regression in Django 3.2 where the calling process environment would
    not be passed to the ``dbshell`` command on PostgreSQL (:ticket:`32687`).
    
    * Fixed a performance regression in Django 3.2 when building complex filters
    with subqueries (:ticket:`32632`). As a side-effect the private API to check
    ``django.db.sql.query.Query`` equality is removed.
    
    
    ========================
    

    3.2

    ========================
    
    *April 6, 2021*
    
    Welcome to Django 3.2!
    
    These release notes cover the :ref:`new features &lt;whats-new-3.2&gt;`, as well as
    some :ref:`backwards incompatible changes &lt;backwards-incompatible-3.2&gt;` you&#39;ll
    want to be aware of when upgrading from Django 3.1 or earlier. We&#39;ve
    :ref:`begun the deprecation process for some features
    &lt;deprecated-features-3.2&gt;`.
    
    See the :doc:`/howto/upgrade-version` guide if you&#39;re updating an existing
    project.
    
    Django 3.2 is designated as a :term:`long-term support release
    &lt;Long-term support release&gt;`. It will receive security updates for at least
    three years after its release. Support for the previous LTS, Django 2.2, will
    end in April 2022.
    
    Python compatibility
    ====================
    
    Django 3.2 supports Python 3.6, 3.7, 3.8, and 3.9. We **highly recommend** and
    only officially support the latest release of each series.
    
    .. _whats-new-3.2:
    
    What&#39;s new in Django 3.2
    ========================
    
    Automatic :class:`~django.apps.AppConfig` discovery
    ---------------------------------------------------
    
    Most pluggable applications define an :class:`~django.apps.AppConfig` subclass
    in an ``apps.py`` submodule. Many define a ``default_app_config`` variable
    pointing to this class in their ``__init__.py``.
    
    When the ``apps.py`` submodule exists and defines a single
    :class:`~django.apps.AppConfig` subclass, Django now uses that configuration
    automatically, so you can remove ``default_app_config``.
    
    ``default_app_config`` made it possible to declare only the application&#39;s path
    in :setting:`INSTALLED_APPS` (e.g. ``&#39;django.contrib.admin&#39;``) rather than the
    app config&#39;s path (e.g. ``&#39;django.contrib.admin.apps.AdminConfig&#39;``). It was
    introduced for backwards-compatibility with the former style, with the intent
    to switch the ecosystem to the latter, but the switch didn&#39;t happen.
    
    With automatic ``AppConfig`` discovery, ``default_app_config`` is no longer
    needed. As a consequence, it&#39;s deprecated.
    
    See :ref:`configuring-applications-ref` for full details.
    
    Customizing type of auto-created primary keys
    ---------------------------------------------
    
    When defining a model, if no field in a model is defined with
    :attr:`primary_key=True &lt;django.db.models.Field.primary_key&gt;` an implicit
    primary key is added. The type of this implicit primary key can now be
    controlled via the :setting:`DEFAULT_AUTO_FIELD` setting and
    :attr:`AppConfig.default_auto_field &lt;django.apps.AppConfig.default_auto_field&gt;`
    attribute. No more needing to override primary keys in all models.
    
    Maintaining the historical behavior, the default value for
    :setting:`DEFAULT_AUTO_FIELD` is :class:`~django.db.models.AutoField`. Starting
    with 3.2 new projects are generated with :setting:`DEFAULT_AUTO_FIELD` set to
    :class:`~django.db.models.BigAutoField`. Also, new apps are generated with
    :attr:`AppConfig.default_auto_field &lt;django.apps.AppConfig.default_auto_field&gt;`
    set to :class:`~django.db.models.BigAutoField`. In a future Django release the
    default value of :setting:`DEFAULT_AUTO_FIELD` will be changed to
    :class:`~django.db.models.BigAutoField`.
    
    To avoid unwanted migrations in the future, either explicitly set
    :setting:`DEFAULT_AUTO_FIELD` to :class:`~django.db.models.AutoField`::
    
     DEFAULT_AUTO_FIELD = &#39;django.db.models.AutoField&#39;
    
    or configure it on a per-app basis::
    
     from django.apps import AppConfig
    
     class MyAppConfig(AppConfig):
         default_auto_field = &#39;django.db.models.AutoField&#39;
         name = &#39;my_app&#39;
    
    or on a per-model basis::
    
     from django.db import models
    
     class MyModel(models.Model):
         id = models.AutoField(primary_key=True)
    
    In anticipation of the changing default, a system check will provide a warning
    if you do not have an explicit setting for :setting:`DEFAULT_AUTO_FIELD`.
    
    When changing the value of :setting:`DEFAULT_AUTO_FIELD`, migrations for the
    primary key of existing auto-created through tables cannot be generated
    currently. See the :setting:`DEFAULT_AUTO_FIELD` docs for details on migrating
    such tables.
    
    .. _new_functional_indexes:
    
    Functional indexes
    ------------------
    
    The new :attr:`*expressions &lt;django.db.models.Index.expressions&gt;` positional
    argument of :class:`Index() &lt;django.db.models.Index&gt;` enables creating
    functional indexes on expressions and database functions. For example::
    
     from django.db import models
     from django.db.models import F, Index, Value
     from django.db.models.functions import Lower, Upper
    
    
     class MyModel(models.Model):
         first_name = models.CharField(max_length=255)
         last_name = models.CharField(max_length=255)
         height = models.IntegerField()
         weight = models.IntegerField()
    
         class Meta:
             indexes = [
                 Index(
                     Lower(&#39;first_name&#39;),
                     Upper(&#39;last_name&#39;).desc(),
                     name=&#39;first_last_name_idx&#39;,
                 ),
                 Index(
                     F(&#39;height&#39;) / (F(&#39;weight&#39;) + Value(5)),
                     name=&#39;calc_idx&#39;,
                 ),
             ]
    
    Functional indexes are added to models using the
    :attr:`Meta.indexes &lt;django.db.models.Options.indexes&gt;` option.
    
    ``pymemcache`` support
    ----------------------
    
    The new ``django.core.cache.backends.memcached.PyMemcacheCache`` cache backend
    allows using the pymemcache_ library for memcached. ``pymemcache`` 3.4.0 or
    higher is required. For more details, see the :doc:`documentation on caching in
    Django &lt;/topics/cache&gt;`.
    
    .. _pymemcache: https://pypi.org/project/pymemcache/
    
    New decorators for the admin site
    ---------------------------------
    
    The new :func:`~django.contrib.admin.display` decorator allows for easily
    adding options to custom display functions that can be used with
    :attr:`~django.contrib.admin.ModelAdmin.list_display` or
    :attr:`~django.contrib.admin.ModelAdmin.readonly_fields`.
    
    Likewise, the new :func:`~django.contrib.admin.action` decorator allows for
    easily adding options to action functions that can be used with
    :attr:`~django.contrib.admin.ModelAdmin.actions`.
    
    Using the ``display`` decorator has the advantage that it is now
    possible to use the ``property`` decorator when needing to specify attributes
    on the custom method. Prior to this it was necessary to use the ``property()``
    function instead after assigning the required attributes to the method.
    
    Using decorators has the advantage that these options are more discoverable as
    they can be suggested by completion utilities in code editors. They are merely
    a convenience and still set the same attributes on the functions under the
    hood.
    
    Minor features
    --------------
    
    :mod:`django.contrib.admin`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * :attr:`.ModelAdmin.search_fields` now allows searching against quoted phrases
    with spaces.
    
    * Read-only related fields are now rendered as navigable links if target models
    are registered in the admin.
    
    * The admin now supports theming, and includes a dark theme that is enabled
    according to browser settings. See :ref:`admin-theming` for more details.
    
    * :attr:`.ModelAdmin.autocomplete_fields` now respects
    :attr:`ForeignKey.to_field &lt;django.db.models.ForeignKey.to_field&gt;` and
    :attr:`ForeignKey.limit_choices_to
    &lt;django.db.models.ForeignKey.limit_choices_to&gt;` when searching a related
    model.
    
    * The admin now installs a final catch-all view that redirects unauthenticated
    users to the login page, regardless of whether the URL is otherwise valid.
    This protects against a potential model enumeration privacy issue.
    
    Although not recommended, you may set the new
    :attr:`.AdminSite.final_catch_all_view` to ``False`` to disable the
    catch-all view.
    
    :mod:`django.contrib.auth`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The default iteration count for the PBKDF2 password hasher is increased from
    216,000 to 260,000.
    
    * The default variant for the Argon2 password hasher is changed to Argon2id.
    ``memory_cost`` and ``parallelism`` are increased to 102,400 and 8
    respectively to match the ``argon2-cffi`` defaults.
    
    Increasing the ``memory_cost`` pushes the required memory from 512 KB to 100
    MB. This is still rather conservative but can lead to problems in memory
    constrained environments. If this is the case, the existing hasher can be
    subclassed to override the defaults.
    
    * The default salt entropy for the Argon2, MD5, PBKDF2, SHA-1 password hashers
    is increased from 71 to 128 bits.
    
    :mod:`django.contrib.contenttypes`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new ``absolute_max`` argument for
    :func:`~django.contrib.contenttypes.forms.generic_inlineformset_factory`
    allows customizing the maximum number of forms that can be instantiated when
    supplying ``POST`` data. See :ref:`formsets-absolute-max` for more details.
    
    * The new ``can_delete_extra`` argument for
    :func:`~django.contrib.contenttypes.forms.generic_inlineformset_factory`
    allows removal of the option to delete extra forms. See
    :attr:`~.BaseFormSet.can_delete_extra` for more information.
    
    :mod:`django.contrib.gis`
    ~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The :meth:`.GDALRaster.transform` method now supports
    :class:`~django.contrib.gis.gdal.SpatialReference`.
    
    * The :class:`~django.contrib.gis.gdal.DataSource` class now supports
    :class:`pathlib.Path`.
    
    * The :class:`~django.contrib.gis.utils.LayerMapping` class now supports
    :class:`pathlib.Path`.
    
    :mod:`django.contrib.postgres`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new :attr:`.ExclusionConstraint.include` attribute allows creating
    covering exclusion constraints on PostgreSQL 12+.
    
    * The new :attr:`.ExclusionConstraint.opclasses` attribute allows setting
    PostgreSQL operator classes.
    
    * The new :attr:`.JSONBAgg.ordering` attribute determines the ordering of the
    aggregated elements.
    
    * The new :attr:`.JSONBAgg.distinct` attribute determines if aggregated values
    will be distinct.
    
    * The :class:`~django.contrib.postgres.operations.CreateExtension` operation
    now checks that the extension already exists in the database and skips the
    migration if so.
    
    * The new :class:`~django.contrib.postgres.operations.CreateCollation` and
    :class:`~django.contrib.postgres.operations.RemoveCollation` operations
    allow creating and dropping collations on PostgreSQL. See
    :ref:`manage-postgresql-collations` for more details.
    
    * Lookups for :class:`~django.contrib.postgres.fields.ArrayField` now allow
    (non-nested) arrays containing expressions as right-hand sides.
    
    * The new :class:`OpClass() &lt;django.contrib.postgres.indexes.OpClass&gt;`
    expression allows creating functional indexes on expressions with a custom
    operator class. See :ref:`new_functional_indexes` for more details.
    
    :mod:`django.contrib.sitemaps`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new :class:`~django.contrib.sitemaps.Sitemap` attributes
    :attr:`~django.contrib.sitemaps.Sitemap.alternates`,
    :attr:`~django.contrib.sitemaps.Sitemap.languages` and
    :attr:`~django.contrib.sitemaps.Sitemap.x_default` allow
    generating sitemap *alternates* to localized versions of your pages.
    
    :mod:`django.contrib.syndication`
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    * The new ``item_comments`` hook allows specifying a comments URL per feed
    item.
    
    Database backends
    ~~~~~~~~~~~~~~~~~
    
    * Third-party database backends can now skip or mark as expected failures
    tests in Django&#39;s test suite using the new
    ``DatabaseFeatures.django_test_skips`` and
    ``django_test_expected_failures`` attributes.
    
    Decorators
    ~~~~~~~~~~
    
    * The new :func:`~django.views.decorators.common.no_append_slash` decorator
    allows individual views to be excluded from :setting:`APPEND_SLASH` URL
    normalization.
    
    Error Reporting
    ~~~~~~~~~~~~~~~
    
    * Custom :class:`~django.views.debug.ExceptionReporter` subclasses can now
    define the :attr:`~django.views.debug.ExceptionReporter.html_template_path`
    and :attr:`~django.views.debug.ExceptionReporter.text_template_path`
    properties to override the templates used to render exception reports.
    
    File Uploads
    ~~~~~~~~~~~~
    
    * The new :meth:`FileUploadHandler.upload_interrupted()
    &lt;django.core.files.uploadhandler.FileUploadHandler.upload_interrupted&gt;`
    callback allows handling interrupted uploads.
    
    Forms
    ~~~~~
    
    * The new ``absolute_max`` argument for :func:`.formset_factory`,
    :func:`.inlineformset_factory`, and :func:`.modelformset_factory` allows
    customizing the maximum number of forms that can be instantiated when
    supplying ``POST`` data. See :ref:`formsets-absolute-max` for more details.
    
    * The new ``can_delete_extra`` argument for :func:`.formset_factory`,
    :func:`.inlineformset_factory`, and :func:`.modelformset_factory` allows
    removal of the option to delete extra forms. See
    :attr:`~.BaseFormSet.can_delete_extra` for more information.
    
    * :class:`~django.forms.formsets.BaseFormSet` now reports a user facing error,
    rather than raising an exception, when the management form is missing or has
    been tampered with. To customize this error message, pass the
    ``error_messages`` argument with the key ``&#39;missing_management_form&#39;`` when
    instantiating the formset.
    
    Generic Views
    ~~~~~~~~~~~~~
    
    * The ``week_format`` attributes of
    :class:`~django.views.generic.dates.WeekMixin` and
    :class:`~django.views.generic.dates.WeekArchiveView` now support the
    ``&#39;%V&#39;`` ISO 8601 week format.
    
    Management Commands
    ~~~~~~~~~~~~~~~~~~~
    
    * :djadmin:`loaddata` now supports fixtures stored in XZ archives (``.xz``) and
    LZMA archives (``.lzma``).
    
    * :djadmin:`dumpdata` now can compress data in the ``bz2``, ``gz``, ``lzma``,
    or ``xz`` formats.
    
    * :djadmin:`makemigrations` can now be called without an active database
    connection. In that case, check for a consistent migration history is
    skipped.
    
    * :attr:`.BaseCommand.requires_system_checks` now supports specifying a list of
    tags. System checks registered in the chosen tags will be checked for errors
    prior to executing the command. In previous versions, either all or none
    of the system checks were performed.
    
    * Support for colored terminal output on Windows is updated. Various modern
    terminal environments are automatically detected, and the options for
    enabling support in other cases are improved. See :ref:`syntax-coloring` for
    more details.
    
    Migrations
    ~~~~~~~~~~
    
    * The new ``Operation.migration_name_fragment`` property allows providing a
    filename fragment that will be used to name a migration containing only that
    operation.
    
    * Migrations now support serialization of pure and concrete path objects from
    :mod:`pathlib`, and :class:`os.PathLike` instances.
    
    Models
    ~~~~~~
    
    * The new ``no_key`` parameter for :meth:`.QuerySet.select_for_update()`,
    supported on PostgreSQL, allows acquiring weaker locks that don&#39;t block the
    creation of rows that reference locked rows through a foreign key.
    
    * :class:`When() &lt;django.db.models.expressions.When&gt;` expression now allows
    using the ``condition`` argument with ``lookups``.
    
    * The new :attr:`.Index.include` and :attr:`.UniqueConstraint.include`
    attributes allow creating covering indexes and covering unique constraints on
    PostgreSQL 11+.
    
    * The new :attr:`.UniqueConstraint.opclasses` attribute allows setting
    PostgreSQL operator classes.
    
    * The :meth:`.QuerySet.update` method now respects the ``order_by()`` clause on
    MySQL and MariaDB.
    
    * :class:`FilteredRelation() &lt;django.db.models.FilteredRelation&gt;` now supports
    nested relations.
    
    * The ``of`` argument of :meth:`.QuerySet.select_for_update()` is now allowed
    on MySQL 8.0.1+.
    
    * :class:`Value() &lt;django.db.models.Value&gt;` expression now
    automatically resolves its ``output_field`` to the appropriate
    :class:`Field &lt;django.db.models.Field&gt;` subclass based on the type of
    its provided ``value`` for :py:class:`bool`, :py:class:`bytes`,
    :py:class:`float`, :py:class:`int`, :py:class:`str`,
    :py:class:`datetime.date`, :py:class:`datetime.datetime`,
    :py:class:`datetime.time`, :py:class:`datetime.timedelta`,
    :py:class:`decimal.Decimal`, and :py:class:`uuid.UUID` instances. As a
    consequence, resolving an ``output_field`` for database functions and
    combined expressions may now crash with mixed types when using ``Value()``.
    You will need to explicitly set the ``output_field`` in such cases.
    
    * The new :meth:`.QuerySet.alias` method allows creating reusable aliases for
    expressions that don&#39;t need to be selected but are used for filtering,
    ordering, or as a part of complex expressions.
    
    * The new :class:`~django.db.models.functions.Collate` function allows
    filtering and ordering by specified database collations.
    
    * The ``field_name`` argument of :meth:`.QuerySet.in_bulk()` now accepts
    distinct fields if there&#39;s only one field specified in
    :meth:`.QuerySet.distinct`.
    
    * The new ``tzinfo`` parameter of the
    :class:`~django.db.models.functions.TruncDate` and
    :class:`~django.db.models.functions.TruncTime` database functions allows
    truncating datetimes in a specific timezone.
    
    * The new ``db_collation`` argument for
    :attr:`CharField &lt;django.db.models.CharField.db_collation&gt;` and
    :attr:`TextField &lt;django.db.models.TextField.db_collation&gt;` allows setting a
    database collation for the field.
    
    * Added the :class:`~django.db.models.functions.Random` database function.
    
    * :ref:`aggregation-functions`, :class:`F() &lt;django.db.models.F&gt;`,
    :class:`OuterRef() &lt;django.db.models.OuterRef&gt;`, and other expressions now
    allow using transforms. See :ref:`using-transforms-in-expressions` for
    details.
    
    * The new ``durable`` argument for :func:`~django.db.transaction.atomic`
    guarantees that changes made in the atomic block will be committed if the
    block exits without errors. A nested atomic block marked as durable will
    raise a ``RuntimeError``.
    
    * Added the :class:`~django.db.models.functions.JSONObject` database function.
    
    Pagination
    ~~~~~~~~~~
    
    * The new :meth:`django.core.paginator.Paginator.get_elided_page_range` method
    allows generating a page range with some of the values elided. If there are a
    large number of pages, this can be helpful for generating a reasonable number
    of page links in a template.
    
    Requests and Responses
    ~~~~~~~~~~~~~~~~~~~~~~
    
    * Response headers are now stored in :attr:`.HttpResponse.headers`. This can be
    used instead of the original dict-like interface of ``HttpResponse`` objects.
    Both interfaces will continue to be supported. See
    :ref:`setting-header-fields` for details.
    
    * The new ``headers`` parameter of :class:`~django.http.HttpResponse`,
    :class:`~django.template.response.SimpleTemplateResponse`, and
    :class:`~django.template.response.TemplateResponse` allows setting response
    :attr:`~django.http.HttpResponse.headers` on instantiation.
    
    Security
    ~~~~~~~~
    
    * The :setting:`SECRET_KEY` setting is now checked for a valid value upon first
    access, rather than when settings are first loaded. This enables running
    management commands that do not rely on the ``SECRET_KEY`` without needing to
    provide a value. As a consequence of this, calling
    :func:`~django.conf.settings.configure` without providing a valid
    ``SECRET_KEY``, and then going on to access ``settings.SECRET_KEY`` will now
    raise an :exc:`~django.core.exceptions.ImproperlyConfigured` exception.
    
    * The new ``Signer.sign_object()`` and ``Signer.unsign_object()`` methods allow
    signing complex data structures. See :ref:`signing-complex-data` for more
    details.
    
    Also, :func:`signing.dumps() &lt;django.core.signing.dumps&gt;` and
    :func:`~django.core.signing.loads` become shortcuts for
    :meth:`.TimestampSigner.sign_object` and
    :meth:`~.TimestampSigner.unsign_object`.
    
    Serialization
    ~~~~~~~~~~~~~
    
    * The new :ref:`JSONL &lt;serialization-formats-jsonl&gt;` serializer allows using
    the JSON Lines format with :djadmin:`dumpdata` and :djadmin:`loaddata`. This
    can be useful for populating large databases because data is loaded line by
    line into memory, rather than being loaded all at once.
    
    Signals
    ~~~~~~~
    
    * :meth:`Signal.send_robust() &lt;django.dispatch.Signal.send_robust&gt;` now logs
    exceptions.
    
    Templates
    ~~~~~~~~~
    
    * :tfilter:`floatformat` template filter now allows using the ``g`` suffix to
    force grouping by the :setting:`THOUSAND_SEPARATOR` for the active locale.
    
    * Templates cached with :ref:`Cached template loaders&lt;template-loaders&gt;` are
    now correctly reloaded in development.
    
    Tests
    ~~~~~
    
    * Objects assigned to class attributes in :meth:`.TestCase.setUpTestData` are
    now isolated for each test method. Such objects are now required to support
    creating deep copies with :py:func:`copy.deepcopy`. Assigning objects which
    don&#39;t support ``deepcopy()`` is deprecated and will be removed in Django 4.1.
    
    * :class:`~django.test.runner.DiscoverRunner` now enables
    :py:mod:`faulthandler` by default. This can be disabled by using the
    :option:`test --no-faulthandler` option.
    
    * :class:`~django.test.runner.DiscoverRunner` and the
    :djadmin:`test` management command can now track timings, including database
    setup and total run time. This can be enabled by using the :option:`test
    --timing` option.
    
    * :class:`~django.test.Client` now preserves the request query string when
    following 307 and 308 redirects.
    
    * The new :meth:`.TestCase.captureOnCommitCallbacks` method captures callback
    functions passed to :func:`transaction.on_commit()
    &lt;django.db.transaction.on_commit&gt;` in a list. This allows you to test such
    callbacks without using the slower :class:`.TransactionTestCase`.
    
    * :meth:`.TransactionTestCase.assertQuerysetEqual` now supports direct
    comparison against another queryset rather than being restricted to
    comparison against a list of string representations of objects when using the
    default value for the ``transform`` argument.
    
    Utilities
    ~~~~~~~~~
    
    * The new ``depth`` parameter of ``django.utils.timesince.timesince()`` and
    ``django.utils.timesince.timeuntil()`` functions allows specifying the number
    of adjacent time units to return.
    
    Validators
    ~~~~~~~~~~
    
    * Built-in validators now include the provided value in the ``params`` argument
    of a raised :exc:`~django.core.exceptions.ValidationError`. This allows
    custom error messages to use the ``%(value)s`` placeholder.
    
    * The :class:`.ValidationError` equality operator now ignores ``messages`` and
    ``params`` ordering.
    
    .. _backwards-incompatible-3.2:
    
    Backwards incompatible changes in 3.2
    =====================================
    
    Database backend API
    --------------------
    
    This section describes changes that may be needed in third-party database
    backends.
    
    * The new ``DatabaseFeatures.introspected_field_types`` property replaces these
    features:
    
    * ``can_introspect_autofield``
    * ``can_introspect_big_integer_field``
    * ``can_introspect_binary_field``
    * ``can_introspect_decimal_field``
    * ``can_introspect_duration_field``
    * ``can_introspect_ip_address_field``
    * ``can_introspect_positive_integer_field``
    * ``can_introspect_small_integer_field``
    * ``can_introspect_time_field``
    * ``introspected_big_auto_field_type``
    * ``introspected_small_auto_field_type``
    * ``introspected_boolean_field_type``
    
    * To enable support for covering indexes (:attr:`.Index.include`) and covering
    unique constraints (:attr:`.UniqueConstraint.include`), set
    ``DatabaseFeatures.supports_covering_indexes`` to ``True``.
    
    * Third-party database backends must implement support for column database
    collations on ``CharField``\s and ``TextField``\s or set
    ``DatabaseFeatures.supports_collation_on_charfield`` and
    ``DatabaseFeatures.supports_collation_on_textfield`` to ``False``. If
    non-deterministic collations are not supported, set
    ``supports_non_deterministic_collations`` to ``False``.
    
    * ``DatabaseOperations.random_function_sql()`` is removed in favor of the new
    :class:`~django.db.models.functions.Random` database function.
    
    * ``DatabaseOperations.date_trunc_sql()`` and
    ``DatabaseOperations.time_trunc_sql()`` now take the optional ``tzname``
    argument in order to truncate in a specific timezone.
    
    * ``DatabaseClient.runshell()`` now gets arguments and an optional dictionary
    with environment variables to the underlying command-line client from
    ``DatabaseClient.settings_to_cmd_args_env()`` method. Third-party database
    backends must implement ``DatabaseClient.settings_to_cmd_args_env()`` or
    override ``DatabaseClient.runshell()``.
    
    * Third-party database backends must implement support for functional indexes
    (:attr:`.Index.expressions`) or set
    ``DatabaseFeatures.supports_expression_indexes`` to ``False``. If ``COLLATE``
    is not a part of the ``CREATE INDEX`` statement, set
    ``DatabaseFeatures.collate_as_index_expression`` to ``True``.
    
    :mod:`django.contrib.admin`
    ---------------------------
    
    * Pagination links in the admin are now 1-indexed instead of 0-indexed, i.e.
    the query string for the first page is ``?p=1`` instead of ``?p=0``.
    
    * The new admin catch-all view will break URL patterns routed after the admin
    URLs and matching the admin URL prefix. You can either adjust your URL
    ordering or, if necessary, set :attr:`AdminSite.final_catch_all_view
    &lt;django.contrib.admin.AdminSite.final_catch_all_view&gt;` to ``False``,
    disabling the catch-all view. See :ref:`whats-new-3.2` for more details.
    
    * Minified JavaScript files are no longer included with the admin. If you
    require these files to be minified, consider using a third party app or
    external build tool. The minified vendored JavaScript files packaged with the
    admin (e.g. :ref:`jquery.min.js &lt;contrib-admin-jquery&gt;`) are still included.
    
    * :attr:`.ModelAdmin.prepopulated_fields` no longer strips English stop words,
    such as ``&#39;a&#39;`` or ``&#39;an&#39;``.
    
    :mod:`django.contrib.gis`
    -------------------------
    
    * Support for PostGIS 2.2 is removed.
    
    * The Oracle backend now clones polygons (and geometry collections containing
    polygons) before reorienting them and saving them to the database. They are
    no longer mutated in place. You might notice this if you use the polygons
    after a model is saved.
    
    Dropped support for PostgreSQL 9.5
    ----------------------------------
    
    Upstream support for PostgreSQL 9.5 ends in February 2021. Django 3.2 supports
    PostgreSQL 9.6 and higher.
    
    Dropped support for MySQL 5.6
    -----------------------------
    
    The end of upstream support for MySQL 5.6 is April 2021. Django 3.2 supports
    MySQL 5.7 and higher.
    
    Miscellaneous
    -------------
    
    * Django now supports non-``pytz`` time zones, such as Python 3.9+&#39;s
    :mod:`zoneinfo` module and its backport.
    
    * The undocumented ``SpatiaLiteOperations.proj4_version()`` method is renamed
    to ``proj_version()``.
    
    * :func:`~django.utils.text.slugify` now removes leading and trailing dashes
    and underscores.
    
    * The :tfilter:`intcomma` and :tfilter:`intword` template filters no longer
    depend on the :setting:`USE_L10N` setting.
    
    * Support for ``argon2-cffi`` &lt; 19.1.0 is removed.
    
    * The cache keys no longer includes the language when internationalization is
    disabled (``USE_I18N = False``) and localization is enabled
    (``USE_L10N = True``). After upgrading to Django 3.2 in such configurations,
    the first request to any previously cached value will be a cache miss.
    
    * ``ForeignKey.validate()`` now uses
    :attr:`~django.db.models.Model._base_manager` rather than
    :attr:`~django.db.models.Model._default_manager` to check that related
    instances exist.
    
    * When an application defines an :class:`~django.apps.AppConfig` subclass in
    an ``apps.py`` submodule, Django now uses this configuration automatically,
    even if it isn&#39;t enabled with ``default_app_config``. Set ``default = False``
    in the :class:`~django.apps.AppConfig` subclass if you need to prevent this
    behavior. See :ref:`whats-new-3.2` for more details.
    
    * Instantiating an abstract model now raises ``TypeError``.
    
    * Keyword arguments to :func:`~django.test.utils.setup_databases` are now
    keyword-only.
    
    * The undocumented ``django.utils.http.limited_parse_qsl()`` function is
    removed. Please use :func:`urllib.parse.parse_qsl` instead.
    
    * ``django.test.utils.TestContextDecorator`` now uses
    :py:meth:`~unittest.TestCase.addCleanup` so that cleanups registered in the
    :py:meth:`~unittest.TestCase.setUp` method are called before
    ``TestContextDecorator.disable()``.
    
    * ``SessionMiddleware`` now raises a
    :exc:`~django.contrib.sessions.exceptions.SessionInterrupted` exception
    instead of :exc:`~django.core.exceptions.SuspiciousOperation` when a session
    is destroyed in a concurrent request.
    
    * The :class:`django.db.models.Field` equality operator now correctly
    distinguishes inherited field instances across models. Additionally, the
    ordering of such fields is now defined.
    
    * The undocumented ``django.core.files.locks.lock()`` function now returns
    ``False`` if the file cannot be locked, instead of raising
    :exc:`BlockingIOError`.
    
    * The password reset mechanism now invalidates tokens when the user email is
    changed.
    
    * :djadmin:`makemessages` command no longer processes invalid locales specified
    using :option:`makemessages --locale` option, when they contain hyphens
    (``&#39;-&#39;``).
    
    * The ``django.contrib.auth.forms.ReadOnlyPasswordHashField`` form field is now
    :attr:`~django.forms.Field.disabled` by default. Therefore
    ``UserChangeForm.clean_password()`` is no longer required to return the
    initial value.
    
    * The ``cache.get_many()``, ``get_or_set()``, ``has_key()``, ``incr()``,
    ``decr()``, ``incr_version()``, and ``decr_version()`` cache operations now
    correctly handle ``None`` stored in the cache, in the same way as any other
    value, instead of behaving as though the key didn&#39;t exist.
    
    Due to a ``python-memcached`` limitation, the previous behavior is kept for
    the deprecated ``MemcachedCache`` backend.
    
    * The minimum supported version of SQLite is increased from 3.8.3 to 3.9.0.
    
    * :class:`~django.contrib.messages.storage.cookie.CookieStorage` now stores
    messages in the :rfc:`6265` compliant format. Support for cookies that use
    the old format remains until Django 4.1.
    
    * The minimum supported version of ``asgiref`` is increased from 3.2.10 to
    3.3.2.
    
    .. _deprecated-features-3.2:
    
    Features deprecated in 3.2
    ==========================
    
    Miscellaneous
    -------------
    
    * Assigning objects which don&#39;t support creating deep copies with
    :py:func:`copy.deepcopy` to class attributes in
    :meth:`.TestCase.setUpTestData` is deprecated.
    
    * Using a boolean value in :attr:`.BaseCommand.requires_system_checks` is
    deprecated. Use ``&#39;__all__&#39;`` instead of ``True``, and ``[]`` (an empty list)
    instead of ``False``.
    
    * The ``whitelist`` argument and ``domain_whitelist`` attribute of
    :class:`~django.core.validators.EmailValidator` are deprecated. Use
    ``allowlist`` instead of ``whitelist``, and ``domain_allowlist`` instead of
    ``domain_whitelist``. You may need to rename ``whitelist`` in existing
    migrations.
    
    * The ``default_app_config`` application configuration variable is deprecated,
    due to the now automatic ``AppConfig`` discovery. See :ref:`whats-new-3.2`
    for more details.
    
    * Automatically calling ``repr()`` on a queryset in
    ``TransactionTestCase.assertQuerysetEqual()``, when compared to string
    values, is deprecated. If you need the previous behavior, explicitly set
    ``transform`` to ``repr``.
    
    * The ``django.core.cache.backends.memcached.MemcachedCache`` backend is
    deprecated as ``python-memcached`` has some problems and seems to be
    unmaintained. Use ``django.core.cache.backends.memcached.PyMemcacheCache``
    or ``django.core.cache.backends.memcached.PyLibMCCache`` instead.
    
    * The format of messages used by
    ``django.contrib.messages.storage.cookie.CookieStorage`` is different from
    the format generated by older versions of Django. Support for the old format
    remains until Django 4.1.
    
    
    ==========================
    

    3.1.9

    ==========================
    
    *May 4, 2021*
    
    Django 3.1.9 fixes a security issue in 3.1.8.
    
    CVE-2021-31542: Potential directory-traversal via uploaded files
    ================================================================
    
    ``MultiPartParser``, ``UploadedFile``, and ``FieldFile`` allowed
    directory-traversal via uploaded files with suitably crafted file names.
    
    In order to mitigate this risk, stricter basename and path sanitation is now
    applied. Specifically, empty file names and paths with dot segments will be
    rejected.
    
    
    ==========================
    

    3.1.8

    ==========================
    
    *April 6, 2021*
    
    Django 3.1.8 fixes a security issue with severity &quot;low&quot; and a bug in 3.1.7.
    
    CVE-2021-28658: Potential directory-traversal via uploaded files
    ================================================================
    
    ``MultiPartParser`` allowed directory-traversal via uploaded files with
    suitably crafted file names.
    
    Built-in upload handlers were not affected by this vulnerability.
    
    Bugfixes
    ========
    
    * Fixed a bug in Django 3.1 where the output was hidden on a test error or
    failure when using :option:`test --pdb` with the
    :option:`--buffer &lt;test --buffer&gt;` option (:ticket:`32560`).
    
    
    ==========================
    

    3.1.7

    ==========================
    
    *February 19, 2021*
    
    Django 3.1.7 fixes a security issue and a bug in 3.1.6.
    
    CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()``
    =================================================================================
    
    Django contains a copy of :func:`urllib.parse.parse_qsl` which was added to
    backport some security fixes. A further security fix has been issued recently
    such that ``parse_qsl()`` no longer allows using ``;`` as a query parameter
    separator by default. Django now includes this fix. See :bpo:`42967` for
    further details.
    
    Bugfixes
    ========
    
    * Fixed a regression in Django 3.1 that caused ``RuntimeError`` instead of
    connection errors when using only the ``&#39;postgres&#39;`` database
    (:ticket:`32403`).
    
    
    ==========================
    

    3.1.6

    ==========================
    
    *February 1, 2021*
    
    Django 3.1.6 fixes a security issue with severity &quot;low&quot; and a bug in 3.1.5.
    
    CVE-2021-3281: Potential directory-traversal via ``archive.extract()``
    ======================================================================
    
    The ``django.utils.archive.extract()`` function, used by
    :option:`startapp --template` and :option:`startproject --template`, allowed
    directory-traversal via an archive with absolute paths or relative paths with
    dot segments.
    
    Bugfixes
    ========
    
    * Fixed an admin layout issue in Django 3.1 where changelist filter controls 
    would become squashed (:ticket:`32391`).
    
    
    ==========================
    

    3.1.5

    ==========================
    
    *January 4, 2021*
    
    Django 3.1.5 fixes several bugs in 3.1.4.
    
    Bugfixes
    ========
    
    * Fixed ``__isnull=True`` lookup on key transforms for
    :class:`~django.db.models.JSONField` with Oracle and SQLite
    (:ticket:`32252`).
    
    * Fixed a bug in Django 3.1 that caused a crash when processing middlewares in
    an async context with a middleware that raises a ``MiddlewareNotUsed``
    exception (:ticket:`32299`).
    
    * Fixed a regression in Django 3.1 that caused the incorrect prefixing of
    ``STATIC_URL`` and ``MEDIA_URL`` settings, by the server-provided value of
    ``SCRIPT_NAME`` (or ``/`` if not set), when set to a URL specifying the
    protocol but without a top-level domain, e.g. ``http://myhost/``
    (:ticket:`32304`).
    
    
    ==========================
    
    Links
    • PyPI: https://pypi.org/project/django
    • Changelog: https://pyup.io/changelogs/django/
    • Homepage: https://www.djangoproject.com/
    opened by pyup-bot 1
  • Bump django from 4.0.7 to 4.0.8

    Bump django from 4.0.7 to 4.0.8

    Bumps django from 4.0.7 to 4.0.8.

    Commits
    • 7d5cb49 [4.0.x] Bumped version for 4.0.8 release.
    • 23f0093 [4.0.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regula...
    • 4a30e0d [4.0.x] Set date and added stub notes for 4.0.8 and 3.2.16 releases.
    • 898f0aa [4.0.x] Added CVE-2022-36359 to security archive.
    • 60e6bae [4.0.x] Post-release version bump.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
  • Mirage create wrong model if the type name is wrong.

    Mirage create wrong model if the type name is wrong.

    Run g model command with wrong or none supported type name.

    mg g model ModelClass data_name:miss_type hoge:int
    

    Mirage does not raise error & create = None() ?? field!

    class ModelClass(models.Model):
      data_name = None()
      hoge = models.IntegerField()
    
    bug 
    opened by shotastage 0
Releases(0.2.2)
Owner
Shota Shimazu
Web Application and iOS engineer
Shota Shimazu
django-quill-editor makes Quill.js easy to use on Django Forms and admin sites

django-quill-editor django-quill-editor makes Quill.js easy to use on Django Forms and admin sites No configuration required for static files! The ent

lhy 139 Dec 5, 2022
Intellicards-backend - A Django project bootstrapped with django-admin startproject mysite

Intellicards-backend - A Django project bootstrapped with django-admin startproject mysite

Fabrizio Torrico 2 Jan 13, 2022
DRF_commands is a Django package that helps you to create django rest framework endpoints faster using manage.py.

DRF_commands is a Django package that helps you to create django rest framework endpoints faster using manage.py.

Mokrani Yacine 2 Sep 28, 2022
Django application and library for importing and exporting data with admin integration.

django-import-export django-import-export is a Django application and library for importing and exporting data with included admin integration. Featur

null 2.6k Dec 26, 2022
Django admin CKEditor integration.

Django CKEditor NOTICE: django-ckeditor 5 has backward incompatible code moves against 4.5.1. File upload support has been moved to ckeditor_uploader.

null 2.2k Jan 2, 2023
Django admin CKEditor integration.

Django CKEditor NOTICE: django-ckeditor 5 has backward incompatible code moves against 4.5.1. File upload support has been moved to ckeditor_uploader.

null 2.2k Dec 31, 2022
Add Chart.js visualizations to your Django admin using a mixin class

django-admincharts Add Chart.js visualizations to your Django admin using a mixin class. Example from django.contrib import admin from .models import

Dropseed 22 Nov 22, 2022
📝 Sticky Notes in Django admin

django-admin-sticky-notes Share notes between superusers. Installation Install via pip: pip install django_admin_sticky_notes Put django_admin_sticky_

Dariusz Choruży 7 Oct 6, 2021
Super simple bar charts for django admin list views visualizing the number of objects based on date_hierarchy using Chart.js.

Super simple bar charts for django admin list views visualizing the number of objects based on date_hierarchy using Chart.js.

foorilla LLC 4 May 18, 2022
A simple REST API to manage postal addresses, written in Python/Django.

A simple REST API to manage postal addresses, written in Python/Django.

Attila Bagossy 2 Feb 14, 2022
Django URL Shortener is a Django app to to include URL Shortening feature in your Django Project

Django URL Shortener Django URL Shortener is a Django app to to include URL Shortening feature in your Django Project Install this package to your Dja

Rishav Sinha 4 Nov 18, 2021
Store model history and view/revert changes from admin site.

django-simple-history django-simple-history stores Django model state on every create/update/delete. This app supports the following combinations of D

Jazzband 1.8k Jan 8, 2023
Helps working with singletons - things like global settings that you want to edit from the admin site.

Django Solo +---------------------------+ | | | | | \ | Django Solo helps

Sylvain Toé 726 Jan 8, 2023
Store model history and view/revert changes from admin site.

django-simple-history django-simple-history stores Django model state on every create/update/delete. This app supports the following combinations of D

Jazzband 1.8k Jan 6, 2023
A simple plugin to attach a debugger in Django on runserver command.

django-debugger A simple plugin to attach a debugger in Django during runserver Installation pip install django-debugger Usage Prepend django_debugger

Sajal Shrestha 11 Nov 15, 2021
Meta package to combine turbo-django and stimulus-django

Hotwire + Django This repository aims to help you integrate Hotwire with Django ?? Inspiration might be taken from @hotwired/hotwire-rails. We are sti

Hotwire for Django 31 Aug 9, 2022
django-reversion is an extension to the Django web framework that provides version control for model instances.

django-reversion django-reversion is an extension to the Django web framework that provides version control for model instances. Requirements Python 3

Dave Hall 2.8k Jan 2, 2023
Django-environ allows you to utilize 12factor inspired environment variables to configure your Django application.

Django-environ django-environ allows you to use Twelve-factor methodology to configure your Django application with environment variables. import envi

Daniele Faraglia 2.7k Jan 7, 2023
Rosetta is a Django application that eases the translation process of your Django projects

Rosetta Rosetta is a Django application that facilitates the translation process of your Django projects. Because it doesn't export any models, Rosett

Marco Bonetti 909 Dec 26, 2022