| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for
an accessible and translatable blank choice label in forms.
Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant.
Added the immediately deprecated transitional setting
USE_BLANK_CHOICE_DASH.
Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
|
|
formatting.
|
|
Now that the DSF is a CVE Numbering Authority (CNA), we
manage our own CVE assignments.
|
|
|
|
|
|
Altering the .po files by hand was causing incorrect line numbers and
plural forms. Since our fetching procedure does not recompile any
hand-edited .po files to .mo files for production use, just accept
Transifex's plural forms as a source of truth.
https://forum.djangoproject.com/t/discourage-releasers-from-editing-po-files-by-hand/44441
|
|
Passing the --domain flag again just overwrites the prior value.
|
|
This follows a post from Seth Larson (Security Developer-in-Residence at the PSF):
https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies
|
|
RemoteUserMiddleware under ASGI.
We have a flood of nuisance security reports describing ASGI deployments
using RemoteUserMiddleware without a fronting proxy, which is not
realistic.
|
|
Thanks Sarah Boyce for the idea and Tim McCurrach for the review.
Co-authored-by: Timothy McCurrach <tim.mccurrach@gmail.com>
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
It has been superseded with .quote_name(), which ensures aliases are
always quoted.
|
|
verify_release.sh.
This reuses the same download for both artifacts and checks both GPG
signature and minimal correctness in the same script. Docs and script
do_django_release.py were updated.
|
|
|
|
get_placeholder_sql.
The lack of ability of the get_placeholder call chain to return SQL and
parameters separated so they can be mogrified by the backend at execution time
forced implementations to dangerously interpolate potentially user controlled
values.
The get_placeholder_sql name was chosen due to its proximity to the previous
method, but other options such as Field.as_sql were considered but ultimately
rejected due to its different input signature compared to Expression.as_sql
that might have lead to confusion.
There is a lot of overlap between what Field.get_db_prep_value and
get_placeholder_sql do but folding the latter in the former would require
changing its return signature to return expression which is a way more invasive
change than what is proposed here.
Given we always call get_db_prep_value it might still be an avenue worth
exploring in the future to offer a publicly documented interface to allow field
to take an active part in the compilation chain.
Thanks Jacob for the review.
|
|
Some contributors have been requesting Copilot reviews on pull requests
submitted to the Django repository. These automated reviews add noise to
the PR history, making it harder to follow the discussion, and Django
does not incorporate them into its review process.
This change discourages the practice by:
- Adding a `copilot-instructions.md` file instructing Copilot to decline
review requests in this repository.
- Adding a checklist item to the PR template asking contributors not to
request automated AI reviews for their PR.
- Documenting the policy in the contributing guidelines.
|
|
Thanks to Jacob Walls for the original idea and the review.
|
|
Thanks to Tim Schilling for the review.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
It's not clear that CLAs are needed to ensure contributors are
assenting to our license (the "inbound=outbound" agreement),
but we can keep them around for contributors who would like to
(or are required by their employer) to submit one, without
investing additional resources in checking every single contribution.
See https://forum.djangoproject.com/t/cla-vs-dco-for-django-contributors/42399
and recent board minutes.
|
|
Original inspiration drawn from Sarah Boyce's talk:
"Django needs you! (to do code review)"
|
|
|
|
The `docs` GitHub action does not install `aspell` so the seplling
checks are always passing in CI. After installing it, the following
errors are reported:
WARNING: internals/security.txt:50: : Spell check: runnable: Include a runnable proof of concept.
WARNING: ref/contrib/postgres/search.txt:292: : Spell check: lexeme: an untrusted source. The content of each lexeme is escaped so that any.
WARNING: ref/contrib/postgres/search.txt:295: : Spell check: lexemes: You can combine lexemes with other lexemes using the .
WARNING: ref/contrib/postgres/search.txt:295: : Spell check: lexemes: You can combine lexemes with other lexemes using the .
WARNING: ref/contrib/postgres/search.txt:314: : Spell check: Lexeme: Lexeme objects also support term weighting and prefixes:.
WARNING: ref/models/database-functions.txt:1897: : Spell check: ai: 23ai/26ai (23.9) or later..
WARNING: ref/models/database-functions.txt:1897: : Spell check: ai: 23ai/26ai (23.9) or later..
WARNING: ref/models/expressions.txt:439: : Spell check: positionally: can be supplied positionally or only by keyword. For.
WARNING: ref/models/fields.txt:1339: : Spell check: ai: PostgreSQL < 18 only supports persisted columns. Oracle < 23ai/26ai (23.7).
WARNING: ref/models/fields.txt:1339: : Spell check: ai: PostgreSQL < 18 only supports persisted columns. Oracle < 23ai/26ai (23.7).
WARNING: ref/models/fields.txt:1344: : Spell check: ai: s was added on Oracle 23ai/26ai.
WARNING: ref/models/fields.txt:1344: : Spell check: ai: s was added on Oracle 23ai/26ai.
WARNING: releases/4.2.21.txt:24: : Spell check: unclosed: exception if it encounters an unusually large number of unclosed opening tags..
WARNING: releases/5.1.9.txt:24: : Spell check: unclosed: exception if it encounters an unusually large number of unclosed opening tags..
WARNING: releases/5.2.1.txt:24: : Spell check: unclosed: exception if it encounters an unusually large number of unclosed opening tags..
WARNING: releases/6.1.txt:244: : Spell check: mistyped: suggestions for mistyped subcommand names and argument choices..
WARNING: releases/6.1.txt:281: : Spell check: ai: Oracle 23ai/26ai (23.7+)..
WARNING: releases/6.1.txt:281: : Spell check: ai: Oracle 23ai/26ai (23.7+)..
WARNING: releases/6.1.txt:343: : Spell check: durations: durations expressed in weeks (.
WARNING: Found 19 misspelled words
build finished with problems, 20 warnings (with warnings treated as errors).
This branch adds some of the words to the allowlist, but for others I
chose to rephrase the text in a more approachable manner.
|
|
|
|
|
|
Co-authored-by: James Bligh <blighj@users.noreply.github.com>
|
|
Follow-up to 64ac4385c75b12a4065055b3d8d60bd5e0e61f04.
|
|
JSONExact.
|
|
|
|
|
|
docs/internals/_images/contribution_process.svg.
The PDF is needed to build the PDF version of the whole docs.
|
|
expressions.
Thanks Clifford Gama and Simon Charette for reviews.
|
|
This was included in the original reverted patch:
a89183e63844a937aacd3ddb73c4952ef869d2cc
Follow-up to 26b0e2bb92caf2d16cabe455792350f20d6f42ca.
|
|
|
|
pull requests."
This reverts commit a89183e63844a937aacd3ddb73c4952ef869d2cc.
|
|
Follow-up to 4686541691dbe986f58ac87630c3b7a04db4ff93.
|
|
Part of GSoC 2025. Thanks Lily for mentorship, and Sarah Boyce and
Jacob Walls for reviews.
|
|
At the direction of the Security Team. Thanks Markus Holtermann,
Jake Howard, and Natalia Bidart for reviews.
|
|
|
|
|
|
Added ignores relating to https://github.com/PyCQA/isort/issues/2352.
|
|
docs/internals/howto-release-django.txt.
The practice since 2.2a1 (2019) has been to upload source distributions
as well.
|
|
docs/internals/contributing/writing-code/unit-tests.txt.
|
|
|
|
docs/internals/howto-release-django.txt.
|
|
Thanks to Jacob Walls and Simon Charette for their input.
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
|
docs/internals/howto-release-django.txt.
|
|
|
|
|
