[PR #1767] [CLOSED] Bump djangorestframework from 3.7.3 to 3.9.1 #2292

New issue

Closed

opened 2026-02-27 12:10:19 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 12:10:19 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/modoboa/modoboa/pull/1767
Author: @dependabot[bot]
Created: 8/6/2019
Status: ❌ Closed

Base: master ← Head: dependabot/pip/djangorestframework-3.9.1

📝 Commits (1)

2d68c05 Bump djangorestframework from 3.7.3 to 3.9.1

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 requirements.txt (+1 -1)

📄 Description

Bumps djangorestframework from 3.7.3 to 3.9.1.

Release notes

Sourced from djangorestframework's releases.

Version 3.9.1

Change Notes:
https://www.django-rest-framework.org/community/release-notes/#39x-series

Verision 3.9.0

Release announcement:
https://www.django-rest-framework.org/community/3.9-announcement/

Change Notes:
https://www.django-rest-framework.org/community/release-notes/#39x-series

Version 3.8.2

Point release for 3.8.x series

Fix read_only + default unique_together validation. #5922

authtoken.views import coreapi from rest_framework.compat, not directly. #5921

Docs: Add missing argument 'detail' to Route #5920

Version 3.8.1

Use old url_name behavior in route decorators #5915

For list_route and detail_route maintain the old behavior of url_name,
basing it on the url_path instead of the function name.

Version 3.8
Release Announcement

3.8.0 Milestone
Breaking Change: Alter read_only plus default behaviour. #5886

read_only fields will now always be excluded from writable fields.

Previously read_only fields with a default value would use the default for create and update operations.

In order to maintain the old behaviour you may need to pass the value of read_only fields when calling save() in
the view:
  def perform_create(self, serializer):
      serializer.save(owner=self.request.user)
Alternatively you may override save() or create() or update() on the serialiser as appropriate.
Correct allow_null behaviour when required=False #5888

Without an explicit default, allow_null implies a default of null for outgoing serialisation. Previously such
fields were being skipped when read-only or otherwise not required.

Possible backwards compatibility break if you were relying on such fields being excluded from the outgoing
representation. In order to restore the old behaviour you can override data to exclude the field when None.
... (truncated)

Commits

453196e Version 3.9.1 (#6405)
4bb9a3c Fix XSS caused by disabled autoescaping in the default DRF Browsable API view...
e3bd4b9 Fix #1811: take limit_choices_to into account with FK (#6371)
9c408b2 Remove reference to deprecated drf-openapi package (#6398)
e0ae975 Fix a badly formatted title in docs (#6089)
c052a86 compat: (py2) urlparse = urllib.parse (py3) (#6262)
a49d744 Fix OpenAPI links (#6382)
0860ef9 Update quickstart to Django 2.0 routing syntax (#6385)
587058e Allow run_validators() to handle non-dict types. (#6365)
0cf18c4 Use Default Version in URLPathVersioning if 'version' Didn't Specified by Cli...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/modoboa/modoboa/pull/1767 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 8/6/2019 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/pip/djangorestframework-3.9.1` --- ### 📝 Commits (1) - [`2d68c05`](https://github.com/modoboa/modoboa/commit/2d68c055f16594346db61eab36dccb6c43004bd0) Bump djangorestframework from 3.7.3 to 3.9.1 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+1 -1) </details> ### 📄 Description Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.7.3 to 3.9.1. <details> <summary>Release notes</summary> *Sourced from [djangorestframework's releases](https://github.com/encode/django-rest-framework/releases).* > ## Version 3.9.1 > Change Notes: > https://www.django-rest-framework.org/community/release-notes/#39x-series > > ## Verision 3.9.0 > Release announcement: > https://www.django-rest-framework.org/community/3.9-announcement/ > > Change Notes: > https://www.django-rest-framework.org/community/release-notes/#39x-series > > ## Version 3.8.2 > Point release for 3.8.x series > > * Fix `read_only` + `default` `unique_together` validation. [#5922](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5922) > * authtoken.views import coreapi from rest_framework.compat, not directly. [#5921](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5921) > * Docs: Add missing argument 'detail' to Route [#5920](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5920) > > ## Version 3.8.1 > * Use old `url_name` behavior in route decorators [#5915](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5915) > > For `list_route` and `detail_route` maintain the old behavior of `url_name`, > basing it on the `url_path` instead of the function name. > > > ## Version 3.8 > * [Release Announcement](http://www.django-rest-framework.org/topics/3.8-announcement/) > * [3.8.0 Milestone](https://github.com/encode/django-rest-framework/milestone/61?closed=1) > > * **Breaking Change**: Alter `read_only` plus `default` behaviour. [#5886](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5886) > > `read_only` fields will now **always** be excluded from writable fields. > > Previously `read_only` fields with a `default` value would use the `default` for create and update operations. > > In order to maintain the old behaviour you may need to pass the value of `read_only` fields when calling `save()` in > the view: > > def perform_create(self, serializer): > serializer.save(owner=self.request.user) > > Alternatively you may override `save()` or `create()` or `update()` on the serialiser as appropriate. > * Correct allow_null behaviour when required=False [#5888](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/5888) > > Without an explicit `default`, `allow_null` implies a default of `null` for outgoing serialisation. Previously such > fields were being skipped when read-only or otherwise not required. > > **Possible backwards compatibility break** if you were relying on such fields being excluded from the outgoing > representation. In order to restore the old behaviour you can override `data` to exclude the field when `None`. > ></tr></table> ... (truncated) </details> <details> <summary>Commits</summary> - [`453196e`](https://github.com/encode/django-rest-framework/commit/453196e9c3a581bac3bf68eb8c9cdd7d28d2dcd6) Version 3.9.1 ([#6405](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6405)) - [`4bb9a3c`](https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8) Fix XSS caused by disabled autoescaping in the default DRF Browsable API view... - [`e3bd4b9`](https://github.com/encode/django-rest-framework/commit/e3bd4b90488bab756694ce271a9615460783f987) Fix [#1811](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/1811): take limit_choices_to into account with FK ([#6371](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6371)) - [`9c408b2`](https://github.com/encode/django-rest-framework/commit/9c408b296b65ea14173de69139218afc97e158b3) Remove reference to deprecated drf-openapi package ([#6398](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6398)) - [`e0ae975`](https://github.com/encode/django-rest-framework/commit/e0ae975e5c543c16f0330cc4acda9387d25fee74) Fix a badly formatted title in docs ([#6089](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6089)) - [`c052a86`](https://github.com/encode/django-rest-framework/commit/c052a86c7b8ebc8159582dafaea3f6cf4a8c40f5) compat: (py2) urlparse = urllib.parse (py3) ([#6262](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6262)) - [`a49d744`](https://github.com/encode/django-rest-framework/commit/a49d744d5ee84ae2e89abde30ceddd2463e1f676) Fix OpenAPI links ([#6382](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6382)) - [`0860ef9`](https://github.com/encode/django-rest-framework/commit/0860ef9eeebf77e1780b0d86b3fdf01f5aaa5cc3) Update quickstart to Django 2.0 routing syntax ([#6385](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6385)) - [`587058e`](https://github.com/encode/django-rest-framework/commit/587058e3c25aac4d871828a3ef19637eb9e8ddbd) Allow run_validators() to handle non-dict types. ([#6365](https://github-redirect.dependabot.com/encode/django-rest-framework/issues/6365)) - [`0cf18c4`](https://github.com/encode/django-rest-framework/commit/0cf18c41631a1e2ee6013a58c7b9bbdb9d8bd8e4) Use Default Version in URLPathVersioning if 'version' Didn't Specified by Cli... - Additional commits viewable in [compare view](https://github.com/encode/django-rest-framework/compare/3.7.3...3.9.1) </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=djangorestframework&package-manager=pip&previous-version=3.7.3&new-version=3.9.1)](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/modoboa/modoboa/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>