| Age | Commit message (Collapse) | Author |
|
Needed by Django MongoDB Backend's EmbeddedModelField.
|
|
Added in 5bc3123479bd97dc9d8a36fa9a3421a71063d1da (refs #24558),
it was obsoleted when OrderedDict usage was removed in
24b82cd201e21060fbc02117dc16d1702877a1f3 (refs #30159).
|
|
with a representer.
|
|
sort_keys=False.
The sort_keys parameter was added in PyYAML 5.1 (released March 2019).
The workaround was added in 24b82cd201e21060fbc02117dc16d1702877a1f3
(refs #30159).
|
|
|
|
Thanks Tarek Nakkouch for the report and Jake Howard and Natalia Bidart
for reviews.
|
|
own line.
|
|
This facilitates nested fields and objects.
|
|
A TypeError is now raised if fail_silently=True, auth_user, or auth_password
are provided along a connection.
Updated AdminEmailHandler in django.utils.log to remove redundant
fail_silently=True.
Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
|
|
truncated db_table names.
|
|
Paths that happened to begin with the script name were inappropriately
stripped, instead of checking that script name preceded a slash.
|
|
system object creation.
This fix introduces `safe_makedirs()` in the `os` utils as a safer
alternative to `os.makedirs()` that avoids umask-related race conditions
in multi-threaded environments.
This is a workaround for https://github.com/python/cpython/issues/86533
and the solution is based on the fix being proposed for CPython.
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Refs CVE-2020-24583 and #31921.
Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and
Shai Berger for reviews.
|
|
|
|
Co-authored-by: Simon Charette <charette.s@gmail.com>
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
deferred annotations.
Provide a wrapper for safe introspection of user functions on Python 3.14+.
Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04.
|
|
Needed by MongoDB.
|
|
Thanks Jiyong Yang for the report, and Natalia Bidart, Jacob Walls, and
Shai Berger for reviews.
|
|
|
|
As Python 3.12 is now the floor, we can drop the shims and
use the `inspect` module.
|
|
|
|
https://github.com/psf/black/releases/tag/26.1.0
|
|
Deserializer.
Thanks Shai Berger and Natalia Bidart for reviews.
|
|
The only use case for visiting grandchild nodes turned out to be to
support an unintentionally invalid fixture in the test suite.
The invalid fixture added in #36969 was modeled on fixture9.xml in
dae08cf55b83caef5e8ee39b16417692e8565278, so that is corrected as well
in this commit, where the test will still pass.
|
|
None values in natural keys were incorrectly serialized as the string
"None", causing deserialization to fail for fields like UUIDField.
|
|
https://github.com/python/cpython/pull/136809 made `color` default to
True in ArgumentParser.
|
|
available.
Thanks Simon Charette, Sarah Boyce, and Jacob Walls for reviews.
|
|
|
|
Only children at one level of depth need to be visited.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
Refactored serialization logic to allow models inheriting a natural_key()
method (e.g. AbstractBaseUser) to explicitly opt out of natural key
serialization by returning an empty tuple from the method.
Thanks Jonas Dittrich for the report.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
serializer.
Previously, `getInnerText()` recursively used `list.extend()` on strings,
which added each character from child nodes as a separate list element.
On deeply nested XML content, this caused the overall deserialization
work to grow quadratically with input size, potentially allowing
disproportionate CPU consumption for crafted XML.
The fix separates collection of inner texts from joining them, so that
each subtree is joined only once, reducing the complexity to linear in
the size of the input. These changes also include a mitigation for a
xml.dom.minidom performance issue.
Thanks Seokchan Yoon (https://ch4n3.kr/) for report.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
Python 3.15 defaults suggest_on_error=True, but the feature is available
from 3.14, so this change opts in earlier. This change can be reverted
when Python 3.15 is the minimum supported version.
|
|
Thanks Lily for the review.
|
|
Regression in 0b83c8cc4db95812f1e15ca19d78614e94cf38dd which added
support for running checks only against databases but also defaulted to
running against no databases if not specified.
Note that this continues to *not* default to runing database tagged
checks for all management commands except the migrate one as whether or
not we should change this must be discussed further.
Thanks Tim Graham for surfacing how this was a problematic default.
|
|
in ASGIHandler.
|
|
|
|
|
|
Migrated `WSGIRequestHandler.log_message()` to use a more robust
`log_message()` helper, which was based of `log_response()` via factoring out
the common bits.
Refs CVE-2025-48432.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
May your database queries be much reduced with minimal effort.
co-authored-by: Andreas Pelme <andreas@pelme.se>
co-authored-by: Simon Charette <charette.s@gmail.com>
co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
|
|
django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()."
This reverts commit 0246f478882c26bc1fe293224653074cd46a90d0.
|
|
favor of hmac.compare_digest().
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
ASGIRequest.
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
makemessages.
|
|
- Changed EmailMessage.message() to construct a "modern email API"
email.message.EmailMessage and added policy keyword arg.
- Added support for modern MIMEPart objects in EmailMessage.attach()
(and EmailMessage constructor, EmailMessage.attachments list).
- Updated SMTP EmailBackend to use modern email.policy.SMTP.
Deprecated:
- Attaching MIMEBase objects (replace with MIMEPart)
- BadHeaderError (modern email uses ValueError)
- SafeMIMEText, SafeMIMEMultipart (unnecessary for modern email)
- django.core.mail.forbid_multi_line_headers()
(undocumented, but exposed via `__all__` and in wide use)
- django.core.mail.message.sanitize_address()
(undocumented, but in wide use)
Removed without deprecation (all undocumented):
- EmailMessage.mixed_subtype
- EmailMultiAlternatives.alternative_subtype
- Support for setting (undocumented) EmailMessage.encoding property
to a legacy email.charset.Charset object
Related changes:
- Dropped tests for incorrect RFC 2047 encoding of non-ASCII email
address localparts. This is specifically prohibited by RFC 2047, and
not supported by any known MTA or email client. (Python still
mis-applies encoded-word to non-ASCII localparts, but it is a bug that
may be fixed in the future.)
- Added tests that try to discourage using Python's legacy email APIs
in future updates to django.core.mail.
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
Manually reformatted some long docstrings and comments that would be
damaged by the to-be-applied autofixer script, in cases where editorial
judgment seemed necessary for style or wording changes.
|
|
|