Scheduled monthly dependency update for October

[pyup-bot]

Update alabaster from 0.7.12 to 1.0.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/alabaster

Update argh from 0.26.2 to 0.31.3.

Changelog

0.31.3

---------------------------

Bugs fixed:

- wrong type annotation of `errors` in `wrap_errors` (PR 229 by laazy)
- tests were failing under Python 3.13 (issue 228 by mgorny)
- regression: can't set argument name with `dest` via decorator
(issue 224 by mathieulongtin)

0.31.2

---------------------------

Bugs fixed:

- broken support for `Optional[List]` (but not `Optional[list]`), a narrower
case of the problem fixed earlier (issue 216).

0.31.1

---------------------------

Bugs fixed:

- broken support for type alias `List` (issue 216).

Enhancements:

- cleaned up the README, rearranged other documentation.

0.31.0

---------------------------

Breaking changes:

- The typing hints introspection feature is automatically enabled for any
command (function) which does **not** have any arguments specified via `arg`
decorator.

This means that, for example, the following function used to fail and now
it will pass::

   def main(count: int):
       assert isinstance(count, int)

This may lead to unexpected behaviour in some rare cases.

- A small change in the legacy argument mapping policy `BY_NAME_IF_HAS_DEFAULT`
concerning the order of variadic positional vs. keyword-only arguments.

The following function now results in ``main alpha [args ...] beta`` instead of
``main alpha beta [args ...]``::

   def main(alpha, *args, beta): ...

This does **not** concern the default name mapping policy.  Even for the
legacy one it's an edge case which is extremely unlikely to appear in any
real-life application.

- Removed the previously deprecated decorator `expects_obj`.

Enhancements:

- Added experimental support for basic typing hints (issue 203)

The following hints are currently supported:

- ``str``, ``int``, ``float``, ``bool`` (goes to ``type``);
- ``list`` (affects ``nargs``), ``list[T]`` (first subtype goes into ``type``);
- ``Literal[T1, T2, ...]`` (interpreted as ``choices``);
- ``Optional[T]`` AKA ``T | None`` (currently interpreted as
 ``required=False`` for optional and ``nargs="?"`` for positional
 arguments; likely to change in the future as use cases accumulate).

The exact interpretation of the type hints is subject to change in the
upcoming versions of Argh.

- Added `always_flush` argument to `dispatch()` (issue 145)

- High-level functions `argh.dispatch_command()` and `argh.dispatch_commands()`
now accept a new parameter `old_name_mapping_policy`.  The behaviour hasn't
changed because the parameter is `True` by default.  It will change to
`False` in Argh v.0.33 or v.1.0.

Deprecated:

- the `namespace` argument in `argh.dispatch()` and `argh.parse_and_resolve()`.
Rationale: continued API cleanup.  It's already possible to mutate the
namespace object between parsing and calling the endpoint; it's unlikely that
anyone would need to specify a custom namespace class or pre-populate it
before parsing.  Please file an issue if you have a valid use case.

Other changes:

- Refactoring.

0.30.5

---------------------------

Bugs fixed:

- A combination of `nargs` with a list as default value would lead to the
values coming from CLI being wrapped in another list (issue 212).

Enhancements:

- Argspec guessing: if `nargs` is not specified but the default value
is a list, ``nargs="*"`` is assumed and passed to argparse.

0.30.4

---------------------------

There were complaints about the lack of a deprecation cycle for the legacy name
mapping policy.  This version addresses the issue:

- The handling introduced in v.0.30.2 (raising an exception for clarity)
is retained for cases when no name mapping policy is specified but function
signature contains defaults in non-kwonly args **and kwonly args are also
defined**::

   def main(alpha, beta=1, *, gamma=2):   error — explicit policy required

In a similar case but when **kwonly args are not defined** Argh now assumes
the legacy name mapping policy (`BY_NAME_IF_HAS_DEFAULT`) and merely issues
a deprecation warning with the same message as the exception mentioned above::

   def main(alpha, beta=2):     `[-b BETA] alpha` + DeprecationWarning

This ensures that most of the old scripts still work the same way despite the
new policy being used by default and enforced in cases when it's impossible
to resolve the mapping conflict.

Please note that this "soft" handling is to be removed in version v0.33
(or v1.0 if the former is not deemed necessary).  The new name mapping policy
will be used by default without warnings, like in v0.30.

0.30.3

---------------------------

Bugs fixed:

- Regression: a positional argument with an underscore used in `arg` decorator
would cause Argh fail on the assembling stage. (208)

0.30.2

---------------------------

Bugs fixed:

- As reported in 204 and 206, the new default name mapping policy in fact
silently changed the CLI API of some scripts: arguments which were previously
translated as CLI options became optional positionals. Although the
instructions were supplied in the release notes, the upgrade may not
necessarily be intentional, so a waste of users' time is quite likely.

To alleviate this, the default value for `name_mapping_policy` in standard
functions has been changed to `None`; if it's not specified, Argh falls back
to the new default policy, but raises `ArgumentNameMappingError` with
detailed instructions if it sees a non-kwonly argument with a default value.

Please specify the policy explicitly in order to avoid this error if you need
to infer optional positionals (``nargs="?"``) from function signature.

0.30.1

---------------------------

Bugs fixed:

- Regression: certain special values in argument default value would cause an
exception (204)

Enhancements:

- Improved the tutorial.
- Added a more informative error message when the reason is likely to be
related to the migration from Argh v0.29 to a version with a new argument
name mapping policy.

Other changes:

- Added `py.typed` marker file for :pep:`561`.

0.30.0

---------------------------

Backwards incompatible changes:

- A new policy for mapping function arguments to CLI arguments is used by
default (see :class:`argh.assembling.NameMappingPolicy`).

The following function does **not** map to ``func foo [--bar]`` anymore::

   def func(foo, bar=None):
       ...

Since this release it maps to ``func foo [bar]`` instead.
Please update the function this way to keep `bar` an "option"::

   def func(foo, *, bar=None):
       ...

If you cannot modify the function signature to use kwonly args for options,
please consider explicitly specifying the legacy name mapping policy::

   set_default_command(
       func, name_mapping_policy=NameMappingPolicy.BY_NAME_IF_HAS_DEFAULT
   )

- The name mapping policy `BY_NAME_IF_HAS_DEFAULT` slightly deviates from the
old behaviour. Kwonly arguments without default values used to be marked as
required options (``--foo FOO``), now they are treated as positionals
(``foo``). Please consider the new default policy (`BY_NAME_IF_KWONLY`) for
a better treatment of kwonly.

- Removed previously deprecated features (184 → 188):

- argument help string in annotations — reserved for type hints;
- `argh.SUPPORTS_ALIASES`;
- `argh.safe_input()`;
- previously renamed arguments for `add_commands()`: `namespace`,
 `namespace_kwargs`, `title`, `description`, `help`;
- `pre_call` argument in `dispatch()`.  The basic usage remains simple but
 more granular functions are now available for more control.

 Instead of this::

   argh.dispatch(..., pre_call=pre_call_hook)

 please use this::

   func, ns = argh.parse_and_resolve(...)
   pre_call_hook(ns)
   argh.run_endpoint_function(func, ns, ...)

Deprecated:

- The `expects_obj` decorator.  Rationale: it used to support the old,
"un-pythonic" style of usage, which essentially lies outside the scope of
Argh.  If you are not using the mapping of function arguments onto CLI, then
you aren't reducing the amount of code compared to vanilla Argparse.

- The `add_help_command` argument in `dispatch()`.
Rationale: it doesn't add much to user experience; it's not much harder to
type ``--help`` than it is to type ``help``; moreover, the option can be
added anywhere, unlike its positional counterpart.

Enhancements:

- Added support for Python 3.12.
- Added type annotations to existing Argh code (185 → 189).
- The `dispatch()` function has been refactored, so in case you need finer
control over the process, two new, more granular functions can be used:

- `endpoint_function, namespace = argh.parse_and_resolve(...)`
- `argh.run_endpoint_function(endpoint_function, namespace, ...)`

Please note that the names may change in the upcoming versions.

- Configurable name mapping policy has been introduced for function argument
to CLI argument translation (191 → 199):

- `BY_NAME_IF_KWONLY` (default and recommended).
- `BY_NAME_IF_HAS_DEFAULT` (close to pre-v.0.30 behaviour);

Please check API docs on :class:`argh.assembling.NameMappingPolicy` for
details.

0.29.4

---------------------------

Bugs fixed:

- Test coverage reported as <100% when argcomplete is installed (187)

0.29.3

------------------------------

Technical releases for packaging purposes.  No changes in functionality.

0.29.0

---------------------------

Backwards incompatible changes:

- Wrapped exceptions now cause ``dispatching.dispatch()`` to raise
``SystemExit(1)`` instead of returning without error. For most users, this
means failed commands will now exit with a failure status instead of a
success. (161)

Deprecated:

- Renamed arguments in `add_commands()` (165):

- `namespace` → `group_name`
- `namespace_kwargs` → `group_kwargs`

The old names are deprecated and will be removed in v.0.30.

Enhancements:

- Can control exit status (see Backwards Incompatible Changes above) when
raising ``CommandError`` using the ``code`` keyword arg.

Bugs fixed:

-  Positional arguments should not lead to removal of short form of keyword
arguments. (115)

Other changes:

- Avoid depending on iocapture by using pytest's built-in feature (177)

0.28.1

---------------------------

- Fixed bugs in tests (171, 172)

0.28.0

---------------------------

A major cleanup.

Backward incompatible changes:

- Dropped support for Python 2.7 and 3.7.

Deprecated features, to be removed in v.0.30:

- `argh.assembling.SUPPORTS_ALIASES`.

- Always `True` for recent versions of Python.

- `argh.io.safe_input()` AKA `argh.interaction.safe_input()`.

- Not relevant anymore.  Please use the built-in `input()` instead.

- argument `pre_call` in `dispatch()`.

Even though this hack seems to have been used in some projects, it was never
part of the official API and never recommended.

Describing your use case in the `discussion about shared arguments`_ can
help improve the library to accomodate it in a proper way.

.. _discussion about shared arguments: https://github.com/neithere/argh/issues/63

- Argument help as annotations.

- Annotations will only be used for types after v.0.30.
- Please replace any instance of::

   def func(foo: "Foobar"):

 with the following::

   arg('-f', '--foo', help="Foobar")
   def func(foo):

 It will be decided later how to keep this functionality "DRY" (don't repeat
 yourself) without conflicts with modern conventions and tools.

- Added deprecation warnings for some arguments deprecated back in v.0.26.

0.27.2

---------------------------

Minor packaging fix:

* chore: include file required by tox.ini in the sdist (155)

0.27.1

---------------------------

Minor building and packaging fixes:

* docs: add Read the Docs config (160)
* chore: include tox.ini in the sdist (155)

0.27.0

---------------------------

This is the last version to support Python 2.7.

Backward incompatible changes:

- Dropped support for Python 2.6.

Enhancements:

- Added support for Python 3.7 through 3.11.
- Support introspection of function signature behind the `wraps` decorator
(issue 111).

Fixed bugs:

- When command function signature contained ``**kwargs`` *and* positionals
without defaults and with underscores in their names, a weird behaviour could
be observed (issue 104).
- Fixed introspection through decorators (issue 111).
- Switched to Python's built-in `unittest.mock` (PR 154).
- Fixed bug with `skip_unknown_args=True` (PR 134).
- Fixed tests for Python 3.9.7+ (issue 148).

Other changes:

- Included the license files in manifest (PR 112).
- Extended the list of similar projects (PR 87).
- Fixed typos and links in documentation (PR 110, 116, 156).
- Switched CI to Github Actions (PR 153).

Links

• PyPI: https://pypi.org/project/argh
• Changelog: https://data.safetycli.com/changelogs/argh/
• Docs: https://pythonhosted.org/argh/

Update babel from 2.6.0 to 2.16.0.

Changelog

2.16.0

--------------

Features
~~~~~~~~

* CLDR: Upgrade to CLDR 45 by tomasr8 in :gh:`1077`
* Lists: Support list format fallbacks by akx in :gh:`1099`
* Messages: Initial support for reading mapping configuration as TOML by akx in :gh:`1108`

Bugfixes
~~~~~~~~

* CLDR: Do not allow substituting alternates or drafts in derived locales by akx in :gh:`1113`
* Core: Allow falling back to modifier-less locale data by akx in :gh:`1104`
* Core: Allow use of importlib.metadata for finding entrypoints by akx in :gh:`1102`
* Dates: Avoid crashing on importing localtime when TZ is malformed by akx in :gh:`1100`
* Messages: Allow parsing .po files that have an extant but empty Language header by akx in :gh:`1101`
* Messages: Fix ``--ignore-dirs`` being incorrectly read (1094) by john-psina and Edwin18 in :gh:`1052` and :gh:`1095`
* Messages: Make pgettext search plurals when translation is not found by tomasr8 in :gh:`1085`

Infrastructure
~~~~~~~~~~~~~~

* Replace deprecated `ast.Str` with `ast.Constant` by tomasr8 in :gh:`1083`
* CI fixes by akx in :gh:`1080`, :gh:`1097`, :gh:`1103`, :gh:`1107`
* Test on Python 3.13 beta releases by akx in
* Normalize package name to lower-case in setup.py by akx in :gh:`1110`

Documentation
~~~~~~~~~~~~~

* Add a mention to the docs that `format_skeleton(..., fuzzy=True)` may raise by tomasr8 in :gh:`1106`
* Two hyperlinks (to CLDR) and some typos by buhtz in :gh:`1115`

2.15.0

--------------

Python version support
~~~~~~~~~~~~~~~~~~~~~~

* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)

Features
~~~~~~~~

* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (akx)
* Message: More versatile .po IO functions (:gh:`1068`) (akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (ronnix's first contribution)

Infrastructure
~~~~~~~~~~~~~~

* Upgrade GitHub Actions (:gh:`1054`) (cclauss's first contribution)
* The Unicode license is now included in `locale-data` and in the documentation (:gh:`1074`) (akx)

2.14.0

--------------

Upcoming deprecation
~~~~~~~~~~~~~~~~~~~~

* This version, Babel 2.14, is the last version of Babel to support Python 3.7.
Babel 2.15 will require Python 3.8 or newer.
* We had previously announced Babel 2.13 to have been the last version to support
Python 3.7, but being able to use CLDR 43 with Python 3.7 was deemed important
enough to keep supporting the EOL Python version for one more release.

Possibly backwards incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ``Locale.number_symbols`` will now have first-level keys for each numbering system.
Since the implicit default numbering system still is ``"latn"``, what had previously
been e.g. ``Locale.number_symbols['decimal']`` is now ``Locale.number_symbols['latn']['decimal']``.
* Babel no longer directly depends on either ``distutils`` or ``setuptools``; if you had been
using the Babel setuptools command extensions, you would need to explicitly depend on ``setuptools`` –
though given you're running ``setup.py`` you probably already do.

Features
~~~~~~~~

* CLDR/Numbers: Add support of local numbering systems for number symbols by kajte in :gh:`1036`
* CLDR: Upgrade to CLDR 43 by rix0rrr in :gh:`1043`
* Frontend: Allow last_translator to be passed as an option to extract_message by AivGitHub in :gh:`1044`
* Frontend: Decouple `pybabel` CLI frontend from distutils/setuptools by akx in :gh:`1041`
* Numbers: Improve parsing of malformed decimals by Olunusib and akx in :gh:`1042`

Infrastructure
~~~~~~~~~~~~~~

* Enforce trailing commas (enable Ruff COM rule and autofix) by akx in :gh:`1045`
* CI: use GitHub output formats by akx in :gh:`1046`

2.13.1

--------------

This is a patch release to fix a few bugs.

Fixes
~~~~~

* Fix a typo in ``_locales_to_names`` by Dl84 in :gh:`1038` (issue :gh:`1037`)
* Fix ``setuptools`` dependency for Python 3.12 by opryprin in :gh:`1033`

2.13.0

--------------

Upcoming deprecation (reverted)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* It was previously announced that this version, Babel 2.13, would be the last version of
Babel to support Python 3.7. Babel 2.14 will still support Python 3.7.

Features
~~~~~~~~

* Add flag to ignore POT-Creation-Date for updates by joeportela in :gh:`999`
* Support 't' specifier in keywords by jeanas in :gh:`1015`
* Add f-string parsing for Python 3.12 (PEP 701) by encukou in :gh:`1027`

Fixes
~~~~~

* Various typing-related fixes by akx in :gh:`979`, in :gh:`978`, :gh:`981`,  :gh:`983`
* babel.messages.catalog: deduplicate _to_fuzzy_match_key logic by akx in :gh:`980`
* Freeze format_time() tests to a specific date to fix test failures by mgorny in :gh:`998`
* Spelling and grammar fixes by scop in :gh:`1008`
* Renovate lint tools by akx in :gh:`1017`, :gh:`1028`
* Use SPDX license identifier by vargenau in :gh:`994`
* Use aware UTC datetimes internally by scop in :gh:`1009`

New Contributors
~~~~~~~~~~~~~~~~

* mgorny made their first contribution in :gh:`998`
* vargenau made their first contribution in :gh:`994`
* joeportela made their first contribution in :gh:`999`
* encukou made their first contribution in :gh:`1027`

2.12.1

--------------

Fixes
~~~~~

* Version 2.12.0 was missing the ``py.typed`` marker file. Thanks to Alex Waygood for the fix! :gh:`975`
* The copyright year in all files was bumped to 2023.

2.12.0

--------------

Deprecations & breaking changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Python 3.6 is no longer supported (:gh:`919`) - Aarni Koskela
* The `get_next_timezone_transition` function is no more (:gh:`958`) - Aarni Koskela
* `Locale.parse()` will no longer return `None`; it will always return a Locale or raise an exception.
Passing in `None`, though technically allowed by the typing, will raise. (:gh:`966`)

New features
~~~~~~~~~~~~

* CLDR: Babel now uses CLDR 42 (:gh:`951`) - Aarni Koskela
* Dates: `pytz` is now optional; Babel will prefer it but will use `zoneinfo` when available. (:gh:`940`) - ds-cbo
* General: Babel now ships type annotations, thanks to Jonah Lawrence's work in multiple PRs.
* Locales: modifiers are now retained when parsing locales (:gh:`947`) - martin f. krafft
* Messages: JavaScript template string expression extraction is now smarter. (:gh:`939`) - Johannes Wilm
* Numbers: NaN and Infinity are now better supported (:gh:`955`) - Jonah Lawrence
* Numbers: Short compact currency formats are now supported (:gh:`926`) - Jonah Lawrence
* Numbers: There's now a `Format.compact_decimal` utility function. (:gh:`921`) - Jonah Lawrence

Bugfixes
~~~~~~~~

* Dates: The cache for parsed datetime patterns is now bounded (:gh:`967`) - Aarni Koskela
* Messages: Fuzzy candidate matching accuracy is improved (:gh:`970`) - Jean Abou Samra
* Numbers: Compact singular formats and patterns with no numbers work correctly (:gh:`930`, :gh:`932`) - Jonah Lawrence, Jun Omae

Improvements & cleanup
~~~~~~~~~~~~~~~~~~~~~~

* Dates: `babel.dates.UTC` is now an alias for `datetime.timezone.utc` (:gh:`957`) - Aarni Koskela
* Dates: `babel.localtime` was slightly cleaned up. (:gh:`952`) - Aarni Koskela
* Documentation: Documentation was improved by Maciej Olko, Jonah Lawrence, lilinjie, and Aarni Koskela.
* Infrastructure: Babel is now being linted with pre-commit and ruff. - Aarni Koskela

2.11.0

--------------

Upcoming deprecation
~~~~~~~~~~~~~~~~~~~~

* This version, Babel 2.11, is the last version of Babel to support Python 3.6.
Babel 2.12 will require Python 3.7 or newer.

Improvements
~~~~~~~~~~~~

* Support for hex escapes in JavaScript string literals :gh:`877` - Przemyslaw Wegrzyn
* Add support for formatting decimals in compact form :gh:`909` - Jonah Lawrence
* Adapt parse_date to handle ISO dates in ASCII format :gh:`842` - Eric L.
* Use `ast` instead of `eval` for Python string extraction :gh:`915` - Aarni Koskela
 * This also enables extraction from static f-strings.
   F-strings with expressions are silently ignored (but won't raise an error as they used to).

Infrastructure
~~~~~~~~~~~~~~

* Tests: Use regular asserts and ``pytest.raises()`` :gh:`875` – Aarni Koskela
* Wheels are now built in GitHub Actions :gh:`888` – Aarni Koskela
* Small improvements to the CLDR downloader script :gh:`894` – Aarni Koskela
* Remove antiquated `__nonzero__` methods :gh:`896` - Nikita Sobolev
* Remove superfluous `__unicode__` declarations :gh:`905` - Lukas Juhrich
* Mark package compatible with Python 3.11 :gh:`913` - Aarni Koskela
* Quiesce pytest warnings :gh:`916` - Aarni Koskela

Bugfixes
~~~~~~~~

* Use email.Message for pofile header parsing instead of the deprecated ``cgi.parse_header`` function. :gh:`876` – Aarni Koskela
* Remove determining time zone via systemsetup on macOS :gh:`914` - Aarni Koskela

Documentation
~~~~~~~~~~~~~

* Update Python versions in documentation :gh:`898` - Raphael Nestler
* Align BSD-3 license with OSI template :gh:`912` - Lukas Kahwe Smith

2.10.3

--------------

This is a bugfix release for Babel 2.10.2, which was mistakenly packaged with outdated locale data.

Thanks to Michał Górny for pointing this out and Jun Omae for verifying.

This and future Babel PyPI packages will be built by a more automated process,
which should make problems like this less likely to occur.

2.10.2

--------------

This is a bugfix release for Babel 2.10.1.

* Fallback count="other" format in format_currency() (:gh:`872`) - Jun Omae
* Fix get_period_id() with ``dayPeriodRule`` across 0:00 (:gh:`871`) - Jun Omae
* Add support for ``b`` and ``B`` period symbols in time format (:gh:`869`) - Jun Omae
* chore(docs/typo): Fixes a minor typo in a function comment (:gh:`864`) - Frank Harrison

2.10.1

--------------

This is a bugfix release for Babel 2.10.0.

* Messages: Fix ``distutils`` import. Regressed in :gh:`843`. (:gh:`852`) - Nehal J Wani
* The wheel file is no longer marked as universal, since Babel only supports Python 3.

2.10.0

--------------

Upcoming deprecation
~~~~~~~~~~~~~~~~~~~~

* The ``get_next_timezone_transition()`` function is marked deprecated in this version and will be removed
likely as soon as Babel 2.11.  No replacement for this function is planned; based on discussion in
:gh:`716`, it's likely the function is not used in any real code. (:gh:`852`) - Aarni Koskela, Paul Ganssle

Improvements
~~~~~~~~~~~~

* CLDR: Upgrade to CLDR 41.0. (:gh:`853`) - Aarni Koskela

* The ``c`` and ``e`` plural form operands introduced in CLDR 40 are parsed, but otherwise unsupported. (:gh:`826`)
* Non-nominative forms of units are currently ignored.

* Messages: Implement ``--init-missing`` option for ``pybabel update`` (:gh:`785`) - ruro
* Messages: For ``extract``, you can now replace the built-in ``.*`` / ``_*`` ignored directory patterns
with ones of your own. (:gh:`832`) - Aarni Koskela, Kinshuk Dua
* Messages: Add ``--check`` to verify if catalogs are up-to-date (:gh:`831`) - Krzysztof Jagiełło
* Messages: Add ``--header-comment`` to override default header comment (:gh:`720`) - Mohamed Hafez Morsy, Aarni Koskela
* Dates: ``parse_time`` now supports 12-hour clock, and is better at parsing partial times.
(:gh:`834`) - Aarni Koskela, David Bauer, Arthur Jovart
* Dates: ``parse_date`` and ``parse_time`` now raise ``ParseError``, a subclass of ``ValueError``, in certain cases.
(:gh:`834`) - Aarni Koskela
* Dates: ``parse_date`` and ``parse_time`` now accept the ``format`` parameter.
(:gh:`834`) - Juliette Monsel, Aarni Koskela

Infrastructure
~~~~~~~~~~~~~~

* The internal ``babel/_compat.py`` module is no more (:gh:`808`) - Hugo van Kemenade
* Python 3.10 is officially supported (:gh:`809`) - Hugo van Kemenade
* There's now a friendly GitHub issue template. (:gh:`800`) – Álvaro Mondéjar Rubio
* Don't use the deprecated format_number function internally or in tests - Aarni Koskela
* Add GitHub URL for PyPi (:gh:`846`) - Andrii Oriekhov
* Python 3.12 compatibility: Prefer setuptools imports to distutils imports (:gh:`843`) - Aarni Koskela
* Python 3.11 compatibility: Add deprecations to l*gettext variants (:gh:`835`) - Aarni Koskela
* CI: Babel is now tested with PyPy 3.7. (:gh:`851`) - Aarni Koskela

Bugfixes
~~~~~~~~

* Date formatting: Allow using ``other`` as fallback form (:gh:`827`) - Aarni Koskela
* Locales: ``Locale.parse()`` normalizes variant tags to upper case (:gh:`829`) - Aarni Koskela
* A typo in the plural format for Maltese is fixed. (:gh:`796`) - Lukas Winkler
* Messages: Catalog date parsing is now timezone independent. (:gh:`701`) - rachele-collin
* Messages: Fix duplicate locations when writing without lineno (:gh:`837`) - Sigurd Ljødal
* Messages: Fix missing trailing semicolon in plural form headers (:gh:`848`) - farhan5900
* CLI: Fix output of ``--list-locales`` to not be a bytes repr (:gh:`845`) - Morgan Wahl

Documentation
~~~~~~~~~~~~~

* Documentation is now correctly built again, and up to date (:gh:`830`) - Aarni Koskela

2.9.1

-------------

Bugfixes
~~~~~~~~

* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

2.9.0

-------------

Upcoming version support changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements
~~~~~~~~~~~~

* CLDR: Use CLDR 37 – Aarni Koskela (:gh:`734`)
* Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (:gh:`741`)
* Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (:gh:`726`)

Bugfixes
~~~~~~~~

* Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
* Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
* Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
* Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
* Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
* Tests: fix tests when using Python 3.9 – Felix Schwarz
* Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
* Tests: Support Py.test 6.x – Aarni Koskela
* Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (:gh:`724`)
* Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation
~~~~~~~~~~~~~

* Update parse_number comments – Brad Martin (:gh:`708`)
* Add __iter__ to Catalog documentation – CyanNani123

2.8.1

-------------

This is solely a patch release to make running tests on Py.test 6+ possible.

Bugfixes
~~~~~~~~

* Support Py.test 6 - Aarni Koskela (:gh:`747`, :gh:`750`, :gh:`752`)

2.8.0

-------------

Improvements
~~~~~~~~~~~~

* CLDR: Upgrade to CLDR 36.0 - Aarni Koskela (:gh:`679`)
* Messages: Don't even open files with the "ignore" extraction method - sebleblanc (:gh:`678`)

Bugfixes
~~~~~~~~

* Numbers: Fix formatting very small decimals when quantization is disabled - Lev Lybin, miluChen (:gh:`662`)
* Messages: Attempt to sort all messages – Mario Frasca (:gh:`651`, :gh:`606`)

Docs
~~~~

* Add years to changelog - Romuald Brunet
* Note that installation requires pytz - Steve (Gadget) Barnes

2.7.0

-------------

Possibly incompatible changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

These may be backward incompatible in some cases, as some more-or-less internal
APIs have changed. Please feel free to file issues if you bump into anything
strange and we'll try to help!

* General: Internal uses of ``babel.util.odict`` have been replaced with
``collections.OrderedDict`` from The Python standard library.

Improvements
~~~~~~~~~~~~

* CLDR: Upgrade to CLDR 35.1 - Alberto Mardegan, Aarni Koskela (:gh:`626`, :gh:`643`)
* General: allow anchoring path patterns to the start of a string - Brian Cappello (:gh:`600`)
* General: Bumped version requirement on pytz - chrisbrake (:gh:`592`)
* Messages: `pybabel compile`: exit with code 1 if errors were encountered - Aarni Koskela (:gh:`647`)
* Messages: Add omit-header to update_catalog - Cédric Krier (:gh:`633`)
* Messages: Catalog update: keep user comments from destination by default - Aarni Koskela (:gh:`648`)
* Messages: Skip empty message when writing mo file - Cédric Krier (:gh:`564`)
* Messages: Small fixes to avoid crashes on badly formatted .po files - Bryn Truscott (:gh:`597`)
* Numbers: `parse_decimal()` `strict` argument and `suggestions` - Charly C (:gh:`590`)
* Numbers: don't repeat suggestions in parse_decimal strict - Serban Constantin (:gh:`599`)
* Numbers: implement currency formatting with long display names - Luke Plant (:gh:`585`)
* Numbers: parse_decimal(): assume spaces are equivalent to non-breaking spaces when not in strict mode - Aarni Koskela (:gh:`649`)
* Performance: Cache locale_identifiers() - Aarni Koskela (:gh:`644`)

Bugfixes
~~~~~~~~

* CLDR: Skip alt=... for week data (minDays, firstDay, weekendStart, weekendEnd) - Aarni Koskela (:gh:`634`)
* Dates: Fix wrong weeknumber for 31.12.2018 - BT-sschmid (:gh:`621`)
* Locale: Avoid KeyError trying to get data on WindowsXP - mondeja (:gh:`604`)
* Locale: get_display_name(): Don't attempt to concatenate variant information to None - Aarni Koskela (:gh:`645`)
* Messages: pofile: Add comparison operators to _NormalizedString - Aarni Koskela (:gh:`646`)
* Messages: pofile: don't crash when message.locations can't be sorted - Aarni Koskela (:gh:`646`)

Tooling & docs
~~~~~~~~~~~~~~

* Docs: Remove all references to deprecated easy_install - Jon Dufresne (:gh:`610`)
* Docs: Switch print statement in docs to print function - NotAFile
* Docs: Update all pypi.python.org URLs to pypi.org - Jon Dufresne (:gh:`587`)
* Docs: Use https URLs throughout project where available - Jon Dufresne (:gh:`588`)
* Support: Add testing and document support for Python 3.7 - Jon Dufresne (:gh:`611`)
* Support: Test on Python 3.8-dev - Aarni Koskela (:gh:`642`)
* Support: Using ABCs from collections instead of collections.abc is deprecated. - Julien Palard (:gh:`609`)
* Tests: Fix conftest.py compatibility with pytest 4.3 - Miro Hrončok (:gh:`635`)
* Tests: Update pytest and pytest-cov - Miro Hrončok (:gh:`635`)

Links

• PyPI: https://pypi.org/project/babel
• Changelog: https://data.safetycli.com/changelogs/babel/
• Homepage: https://babel.pocoo.org/
• Docs: https://pythonhosted.org/babel/

Update certifi from 2018.11.29 to 2024.8.30.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/certifi
• Repo: https://github.com/certifi/python-certifi

Update chardet from 3.0.4 to 5.2.0.

Changelog

5.2.0

Adds support for running chardet CLI via `python -m chardet` (0e9b7bc20366163efcc221281201baff4100fe19, dan-blanchard)

5.1.0

Features
- Add `should_rename_legacy` argument to most functions, which will rename older encodings to their more modern equivalents (e.g., `GB2312` becomes `GB18030`) (264, dan-blanchard)
- Add capital letter sharp S and ISO-8859-15 support (222, SimonWaldherr)
- Add a prober for MacRoman encoding (5 updated as c292b52a97e57c95429ef559af36845019b88b33, Rob Speer and dan-blanchard )
- Add `--minimal` flag to `chardetect` command (214, dan-blanchard)
- Add type annotations to the project and run mypy on CI (261, jdufresne)
- Add support for Python 3.11 (274, hugovk)

Fixes
- Clarify LGPL version in License trove classifier (255, musicinmybrain)
- Remove support for EOL Python 3.6 (260, jdufresne)
- Remove unnecessary guards for non-falsey values (259, jdufresne)

Misc changes
- Switch to Python 3.10 release in GitHub actions (257, jdufresne)
- Remove setup.py in favor of build package (262, jdufresne)
- Run tests on macos, Windows, and 3.11-dev (267, dan-blanchard)

5.0.0

⚠️ This release is the first release of chardet that no longer supports Python < 3.6 ⚠️

In addition to that change, it features the following user-facing changes:

- Added a prober for Johab Korean (207, grizlupo)
- Added a prober for UTF-16/32 BE/LE (109, 206, jpz) 
- Added test data for Croatian, Czech, Hungarian, Polish, Slovak, Slovene, Greek, and Turkish, which should help prevent future errors with those languages
- Improved XML tag filtering, which should improve accuracy for XML files (208)
- Tweaked `SingleByteCharSetProber` confidence to match latest uchardet (209)
- Made `detect_all` return child prober confidences (210)
- Updated examples in docs (223, domdfcoding)
- Documentation fixes (212, 224, 225, 226, 220, 221, 244 from too many to mention)
- Minor performance improvements (252, deedy5)
- Add support for Python 3.10 when testing (232, jdufresne)
- Lots of little development cycle improvements, mostly thanks to jdufresne

4.0.0

Benchmarking chardet 4.0.0 on CPython 3.7.5 (default, Sep  8 2020, 12:19:42)
[Clang 11.0.3 (clang-1103.0.32.62)]
--------------------------------------------------------------------------------
.......................................................................................................................................................................................................................................................................................................................................................................
Calls per second for each encoding:

Links

• PyPI: https://pypi.org/project/chardet
• Changelog: https://data.safetycli.com/changelogs/chardet/
• Repo: https://github.com/chardet/chardet

Update dj-database-url from 0.5.0 to 2.2.0.

Changelog

2.1.0

* Add value to int parsing when deconstructing url string.

2.0.0

* Update project setup such that we now install as a package.

_Notes_: while this does not alter the underlying application code, we are bumping to
2.0 incase there are unforeseen knock on use-case issues.

1.3.0

* Cosmetic changes to the generation of schemes.
* Bump isort version - 5.11.5.
* raise warning message if database_url is not set.
* CONN_MAX_AGE fix type - Optional[int].

1.2.0

* Add the ability to add test databases.
* Improve url parsing and encoding.
* Fix missing parameter conn_health_check in check function.

1.1.0

* Option for connection health checks parameter.
* Update supported version python 3.11.
* Code changes, various improvments.
* Add project links to setup.py

1.0.0

Initial release of code now dj-database-urls is part of jazzband.

* Add support for cockroachdb.
* Add support for the offical MSSQL connector.
* Update License to be compatible with Jazzband.
* Remove support for Python < 3.5 including Python 2.7
* Update source code to Black format.
* Update CI using pre-commit

Links

• PyPI: https://pypi.org/project/dj-database-url
• Changelog: https://data.safetycli.com/changelogs/dj-database-url/
• Repo: https://github.com/jazzband/dj-database-url

Update django from 2.1.4 to 5.1.1.

Changelog

5.1.1

==========================

*September 3, 2024*

Django 5.1.1 fixes one security issue with severity "moderate", one security
issue with severity "low", and several bugs in 5.1.

CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
===========================================================================================

:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.

CVE-2024-45231: Potential user email enumeration via response status on password reset
======================================================================================

Due to unhandled email sending failures, the
:class:`~django.contrib.auth.forms.PasswordResetForm` class allowed remote
attackers to enumerate user emails by issuing password reset requests and
observing the outcomes.

To mitigate this risk, exceptions occurring during password reset email sending
are now handled and logged using the :ref:`django-contrib-auth-logger` logger.

Bugfixes
========

* Fixed a regression in Django 5.1 that caused a crash of ``Window()`` when
passing an empty sequence to the ``order_by`` parameter, and a crash of
``Prefetch()`` for a sliced queryset without ordering (:ticket:`35665`).

* Fixed a regression in Django 5.1 where a new ``usable_password`` field was
included in :class:`~django.contrib.auth.forms.BaseUserCreationForm` (and
children). A new :class:`~django.contrib.auth.forms.AdminUserCreationForm`
including this field was added, isolating the feature to the admin where it
was intended (:ticket:`35678`).

* Adjusted the deprecation warning ``stacklevel`` in :meth:`.Model.save` and
:meth:`.Model.asave` to correctly point to the offending call site
(:ticket:`35060`).

* Adjusted the deprecation warning ``stacklevel`` when using ``OS_OPEN_FLAGS``
in :class:`~django.core.files.storage.FileSystemStorage` to correctly point
to the offending call site (:ticket:`35326`).

* Adjusted the deprecation warning ``stacklevel`` in
``FieldCacheMixin.get_cache_name()`` to correctly point to the offending call
site (:ticket:`35405`).

* Restored, following a regression in Django 5.1, the ability to override the
timezone and role setting behavior used within the ``init_connection_state``
method of the PostgreSQL backend (:ticket:`35688`).

* Fixed a bug in Django 5.1 where variable lookup errors were logged when
rendering admin fieldsets (:ticket:`35716`).


========================

5.1

========================

*August 7, 2024*

Welcome to Django 5.1!

These release notes cover the :ref:`new features <whats-new-5.1>`, as well as
some :ref:`backwards incompatible changes <backwards-incompatible-5.1>` you
should be aware of when upgrading from Django 5.0 or earlier. We've
:ref:`begun the deprecation process for some features
<deprecated-features-5.1>`.

See the :doc:`/howto/upgrade-version` guide if you're updating an existing
project.

Python compatibility
====================

Django 5.1 supports Python 3.10, 3.11, and 3.12. We **highly recommend** and
only officially support the latest release of each series.

.. _whats-new-5.1:

What's new in Django 5.1
========================

``{% querystring %}`` template tag
-----------------------------------

Django 5.1 introduces the :ttag:`{% querystring %} <querystring>` template
tag, simplifying the modification of query parameters in URLs, making it easier
to generate links that maintain existing query parameters while adding or
changing specific ones.

For instance, navigating pagination and query strings in templates can be
cumbersome. Consider this template fragment that dynamically generates a URL
for navigating to the next page within a paginated view:

.. code-block:: html+django

 { Linebreaks added for readability, this should be one, long line. }
 <a href="?{% for key, values in request.GET.iterlists %}
   {% if key != "page" %}
     {% for value in values %}
       {{ key }}={{ value }}&
     {% endfor %}
   {% endif %}
 {% endfor %}page={{ page.next_page_number }}">Next page</a>

When switching to using this new template tag, the above magically becomes:

.. code-block:: html+django

 <a href="{% querystring page=page.next_page_number %}">Next page</a>

PostgreSQL Connection Pools
---------------------------

Django 5.1 also introduces :ref:`connection pool <postgresql-pool>` support for
PostgreSQL. As the time to establish a new connection can be relatively long,
keeping connections open can reduce latency.

To use a connection pool with `psycopg`_, you can set the ``"pool"`` option
inside :setting:`OPTIONS` to be a dict to be passed to
:class:`~psycopg:psycopg_pool.ConnectionPool`, or to ``True`` to use the
``ConnectionPool`` defaults::

 DATABASES = {
     "default": {
         "ENGINE": "django.db.backends.postgresql",
          ...
         "OPTIONS": {
             "pool": {
                 "min_size": 2,
                 "max_size": 4,
                 "timeout": 10,
             }
         },
     },
 }

.. _psycopg: https://www.psycopg.org/

Middleware to require authentication by default
-----------------------------------------------

The new :class:`~django.contrib.auth.middleware.LoginRequiredMiddleware`
redirects all unauthenticated requests to a login page. Views can allow
unauthenticated requests by using the new
:func:`~django.contrib.auth.decorators.login_not_required` decorator.

``LoginRequiredMiddleware`` respects the ``login_url`` and
``redirect_field_name`` values set via the
:func:`~.django.contrib.auth.decorators.login_required` decorator, but does not
support setting ``login_url`` or ``redirect_field_name`` via the
:class:`~django.contrib.auth.mixins.LoginRequiredMixin`.

To enable this, add ``"django.contrib.auth.middleware.LoginRequiredMiddleware"``
to your :setting:`MIDDLEWARE` setting.

Minor features
--------------

:mod:`django.contrib.admin`
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* :attr:`.ModelAdmin.list_display` now supports using ``__`` lookups to list
fields from related models.

:mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~

* The default iteration count for the PBKDF2 password hasher is increased from
720,000 to 870,000.

* The default ``parallelism`` of the ``ScryptPasswordHasher`` is 
increased from 1 to 5, to follow OWASP recommendations.

* The new :class:`~django.contrib.auth.forms.AdminUserCreationForm` and
the existing :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` now
support disabling password-based authentication by setting an unusable
password on form save. This is now available in the admin when visiting the
user creation and password change pages.

* :func:`~.django.contrib.auth.decorators.login_required`,
:func:`~.django.contrib.auth.decorators.permission_required`, and
:func:`~.django.contrib.auth.decorators.user_passes_test` decorators now
support wrapping asynchronous view functions.

* ``ReadOnlyPasswordHashWidget`` now includes a button to reset the user's
password, which replaces the link previously embedded in the
``ReadOnlyPasswordHashField``'s help text, improving the overall
accessibility of the
:class:`~django.contrib.auth.forms.UserChangeForm`.

:mod:`django.contrib.gis`
~~~~~~~~~~~~~~~~~~~~~~~~~

* :class:`~django.contrib.gis.db.models.functions.BoundingCircle` is now
supported on SpatiaLite 5.1+.

* :class:`~django.contrib.gis.db.models.Collect` is now supported on MySQL
8.0.24+.

* :class:`~django.contrib.gis.geoip2.GeoIP2` now allows querying using
:class:`ipaddress.IPv4Address` or :class:`ipaddress.IPv6Address` objects.

* :meth:`.GeoIP2.country` now exposes the ``continent_code``,
``continent_name``, and ``is_in_european_union`` values.

* :meth:`.GeoIP2.city` now exposes the ``accuracy_radius`` and ``region_name``
values. In addition, the ``dma_code`` and ``region`` values are now exposed
as ``metro_code`` and ``region_code``, but the previous keys are also
retained for backward compatibility.

* :class:`~django.contrib.gis.measure.Area` now supports the ``ha`` unit.

* The new :attr:`.OGRGeometry.is_3d` attribute allows checking if a geometry
has a ``Z`` coordinate dimension.

* The new :meth:`.OGRGeometry.set_3d` method allows addition and removal of the
``Z`` coordinate dimension.

* :class:`~django.contrib.gis.gdal.OGRGeometry`,
:class:`~django.contrib.gis.gdal.Point`,
:class:`~django.contrib.gis.gdal.LineString`,
:class:`~django.contrib.gis.gdal.Polygon`, and
:class:`~django.contrib.gis.gdal.GeometryCollection` and its subclasses now
support measured geometries via the new :attr:`.OGRGeometry.is_measured` and
``m`` properties, and the :meth:`.OGRGeometry.set_measured` method.

* :attr:`.OGRGeometry.centroid` is now available on all supported geometry
types.

* :class:`FromWKB() <django.contrib.gis.db.models.functions.FromWKB>` and
:class:`FromWKT() <django.contrib.gis.db.models.functions.FromWKT>` functions
now support the optional ``srid`` argument (except for Oracle where it is
ignored).

:mod:`django.contrib.postgres`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* :class:`~django.contrib.postgres.indexes.BTreeIndex` now supports the
``deduplicate_items`` parameter.

:mod:`django.contrib.sessions`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* :class:`django.contrib.sessions.backends.cached_db.SessionStore` now handles
exceptions when storing session information in the cache, logging proper
error messages with their traceback via the newly added
:ref:`sessions logger <django-contrib-sessions-logger>`.

* :class:`django.contrib.sessions.backends.base.SessionBase` and all built-in
session engines now provide async API. The new asynchronous methods all have
``a`` prefixed names, e.g. ``aget()``, ``akeys()``, or ``acycle_key()``.

Database backends
~~~~~~~~~~~~~~~~~

* ``"init_command"`` option is now supported in :setting:`OPTIONS` on SQLite
to allow specifying :ref:`pragma options <sqlite-init-command>` to set upon
connection.

* ``"transaction_mode"`` option is now supported in :setting:`OPTIONS` on
SQLite to allow specifying the :ref:`sqlite-transaction-behavior`.

* ``"pool"`` option is now supported in :setting:`OPTIONS` on PostgreSQL to
allow using :ref:`connection pools <postgresql-pool>`.

Error Reporting
~~~~~~~~~~~~~~~

* In order to improve accessibility, the technical 404 and 500 error pages now
use HTML landmark elements for the header, footer, and main content areas.

File Storage
~~~~~~~~~~~~

* The :attr:`~django.core.files.storage.FileSystemStorage.allow_overwrite`
parameter of :class:`~django.core.files.storage.FileSystemStorage` now allows
saving new files over existing ones.

Forms
~~~~~

* In order to improve accessibility and enable screen readers to associate
fieldsets with their help text, the form fieldset now includes the
``aria-describedby`` HTML attribute.

Management Commands
~~~~~~~~~~~~~~~~~~~

* The :djadmin:`makemigrations` command now displays meaningful symbols for
each operation to highlight :class:`operation categories
<django.db.migrations.operations.base.OperationCategory>`.

Migrations
~~~~~~~~~~

* The new ``Operation.category`` attribute allows specifying an
:class:`operation category
<django.db.migrations.operations.base.OperationCategory>` used by the
:djadmin:`makemigrations` to display a meaningful symbol for the operation.

Models
~~~~~~

* :meth:`.QuerySet.explain` now supports the ``generic_plan`` option on
PostgreSQL 16+.

* :class:`~django.db.models.expressions.RowRange` now accepts positive integers
for the ``start`` argument and negative integers for the ``end`` argument.

* The new ``exclusion`` argument of
:class:`~django.db.models.expressions.RowRange` and
:class:`~django.db.models.expressions.ValueRange` allows excluding rows,
groups, and ties from the window frames.

* :meth:`.QuerySet.order_by` now supports ordering by annotation transforms
such as ``JSONObject`` keys and ``ArrayAgg`` indices.

* :class:`F() <django.db.models.F>` and :class:`OuterRef()
<django.db.models.OuterRef>` expressions that output
:class:`~django.db.models.CharField`, :class:`~django.db.models.EmailField`,
:class:`~django.db.models.SlugField`, :class:`~django.db.models.URLField`,
:class:`~django.db.models.TextField`, or
:class:`~django.contrib.postgres.fields.ArrayField` can now be :ref:`sliced
<slicing-using-f>`.

* The new ``from_queryset`` argument of :meth:`.Model.refresh_from_db` and
:meth:`.Model.arefresh_from_db`  allows customizing the queryset used to
reload a model's value. This can be used to lock the row before reloading or
to select related objects.

* The new :attr:`.Expression.constraint_validation_compatible` attribute allows
specifying that the expression should be ignored during a constraint
validation.

Templates
~~~~~~~~~

* Custom tags may now set extra data on the ``Parser`` object that will later
be made available on the ``Template`` instance. Such data may be used, for
example, by the template loader, or other template clients.

* :ref:`Template engines <field-checking>` now implement a ``check()`` method
that is already registered with the check framework.

Tests
~~~~~

* :meth:`~django.test.SimpleTestCase.assertContains`,
:meth:`~django.test.SimpleTestCase.assertNotContains`, and
:meth:`~django.test.SimpleTestCase.assertInHTML` assertions now add haystacks
to assertion error messages.

* The :class:`~django.test.RequestFactory`,
:class:`~django.test.AsyncRequestFactory`, :class:`~django.test.Client`, and
:class:`~django.test.AsyncClient` classes now support the ``query_params``
parameter, which accepts a dictionary of query string keys and values. This
allows setting query strings on any HTTP methods more easily.

.. code-block:: python

  self.client.post("/items/1", query_params={"action": "delete"})
  await self.async_client.post("/items/1", query_params={"action": "delete"})

* The new :meth:`.SimpleTestCase.assertNotInHTML` assertion allows testing that
an HTML fragment is not contained in the given HTML haystack.

* In order to enforce test isolation, database connections inside threads are
no longer allowed in :class:`~django.test.SimpleTestCase`.

Validators
~~~~~~~~~~

* The new :class:`~django.core.validators.DomainNameValidator` validates domain
names, including internationalized domain names. The new
:func:`~django.core.validators.validate_domain_name` function returns an
instance of :class:`~django.core.validators.DomainNameValidator`.

.. _backwards-incompatible-5.1:

Backwards incompatible changes in 5.1
=====================================

:mod:`django.contrib.gis`
-------------------------

* Support for PostGIS 2.5 is removed.

* Support for PROJ < 6 is removed.

* Support for GDAL 2.4 is removed.

* :class:`~django.contrib.gis.geoip2.GeoIP2` no longer opens both city and
country databases when a directory path is provided, preferring the city
database, if it is available. The country database is a subset of the city
database and both are not typically needed. If you require use of the country
database when in the same directory as the city database, explicitly pass the
country database path to the constructor.

Dropped support for MariaDB 10.4
--------------------------------

Upstream support for MariaDB 10.4 ends in June 2024. Django 5.1 supports
MariaDB 10.5 and higher.

Dropped support for PostgreSQL 12
---------------------------------

Upstream support for PostgreSQL 12 ends in November 2024. Django 5.1 supports
PostgreSQL 13 and higher.

Miscellaneous
-------------

* In order to improve accessibility, the admin's changelist filter is now
rendered in a ``<nav>`` tag instead of a ``<div>``.

* In order to improve accessibility, the admin's footer is now rendered in
a ``<footer>`` tag instead of a ``<div>``, and also moved below the
``<div id="main">`` element.

* In order to improve accessibility, the expandable widget used for
:attr:`ModelAdmin.fieldsets <django.contrib.admin.ModelAdmin.fieldsets>` and
:attr:`InlineModelAdmin.fieldsets <django.contrib.admin.InlineModelAdmin>`,
when the fieldset has a name and use the ``collapse`` class, now includes
``<details>`` and ``<summary>`` elements.

* The JavaScript file ``collapse.js`` is removed since it is no longer needed
in the Django admin site.

* :meth:`.SimpleTestCase.assertURLEqual` and
:meth:`~django.test.SimpleTestCase.assertInHTML` now add ``": "`` to the
``msg_prefix``. This is consistent with the behavior of other assertions.

* ``django.utils.text.Truncator`` used by :tfilter:`truncatechars_html` and
:tfilter:`truncatewords_html` template filters now uses
:py:class:`html.parser.HTMLParser` subclasses. This results in a more robust
and faster operation, but there may be small differences in the output.

* The undocumented ``django.urls.converters.get_converter()`` function is
removed.

* The minimum supported version of SQLite is increased from 3.27.0 to 3.31.0.

* :class:`~django.db.models.FileField` now raises a
:class:`~django.core.exceptions.FieldError` when saving a file without a
``name``.

* ``ImageField.update_dimension_fields(force=True)`` is no longer called after
saving the image to storage. If your storage backend resizes images, the
``width_field`` and ``height_field`` will not match the width and height of
the image.

* The minimum supported version of ``asgiref`` is increased from 3.7.0 to
3.8.1.

.. _deprecated-features-5.1:

Features deprecated in 5.1
==========================

Miscellaneous
-------------

* The ``ModelAdmin.log_deletion()`` and ``LogEntryManager.log_action()``
methods are deprecated. Subclasses should implement
``ModelAdmin.log_deletions()`` and  ``LogEntryManager.log_actions()``
instead.

* The undocumented ``django.utils.itercompat.is_iterable()`` function and the
``django.utils.itercompat`` module are deprecated. Use
``isinstance(..., collections.abc.Iterable)`` instead.

* The ``django.contrib.gis.geoip2.GeoIP2.coords()`` method is deprecated. Use
``django.contrib.gis.geoip2.GeoIP2.lon_lat()`` instead.

* The ``django.contrib.gis.geoip2.GeoIP2.open()`` method is deprecated. Use the
:class:`~django.contrib.gis.geoip2.GeoIP2` constructor instead.

* Passing positional arguments to :meth:`.Model.save` and :meth:`.Model.asave`
is deprecated in favor of keyword-only arguments.

* Setting ``django.contrib.gis.gdal.OGRGeometry.coord_dim`` is deprecated. Use
:meth:`~django.contrib.gis.gdal.OGRGeometry.set_3d` instead.

* Overriding existing converters with ``django.urls.register_converter()`` is
deprecated.

* The ``check`` keyword argument of ``CheckConstraint`` is deprecated in favor
of ``condition``.

* The undocumented ``OS_OPEN_FLAGS`` property of
:class:`~django.core.files.storage.FileSystemStorage` is deprecated. To allow
overwriting files in storage, set the new
:attr:`~django.core.files.storage.FileSystemStorage.allow_overwrite` option
to ``True`` instead.

* The ``get_cache_name()`` method of ``FieldCacheMixin`` is deprecated in favor
of the ``cache_name`` cached property.

Features removed in 5.1
=======================

These features have reached the end of their deprecation cycle and are removed
in Django 5.1.

See :ref:`deprecated-features-4.2` for details on these changes, including how
to remove usage of these features.

* The ``BaseUserManager.make_random_password()`` method is removed.

* The model's ``Meta.index_together`` option is removed.

* The ``length_is`` template filter is removed.

* The ``django.contrib.auth.hashers.SHA1PasswordHasher``,
``django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher``, and
``django.contrib.auth.hashers.UnsaltedMD5PasswordHasher`` are removed.

* The model ``django.contrib.postgres.fields.CICharField``,
``django.contrib.postgres.fields.CIEmailField``, and
``django.contrib.postgres.fields.CITextField`` are removed, except for
support in historical migrations.

* The ``django.contrib.postgres.fields.CIText`` mixin is removed.

* The ``map_width`` and ``map_height`` attributes of ``BaseGeometryWidget`` are
removed.

* The ``SimpleTestCase.assertFormsetError()`` method is removed.

* The ``TransactionTestCase.assertQuerysetEqual()`` method is removed.

* Support for passing encoded JSON string literals to ``JSONField`` and
associated lookups and expressions is removed.

* Support for passing positional arguments to ``Signer`` and
``TimestampSigner`` is removed.

* The ``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings is removed.

* The ``django.core.files.storage.get_storage_class()`` function is removed.








===========================

5.0.9

===========================

*September 3, 2024*

Django 5.0.9 fixes one security issue with severity "moderate" and one security
issue with severity "low" in 5.0.8.

CVE-2024-45230: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
===========================================================================================

:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.

CVE-2024-45231: Potential user email enumeration via response status on password reset
======================================================================================

Due to unhandled email sending failures, the
:class:`~django.contrib.auth.forms.PasswordResetForm` class allowed remote
attackers to enumerate user emails by issuing password reset requests and
observing the outcomes.

To mitigate this risk, exceptions occurring during password reset email sending
are now handled and logged using the :ref:`django-contrib-auth-logger` logger.


==========================

5.0.8

==========================

*August 6, 2024*

Django 5.0.8 fixes three security issues with severity "moderate", one security
issue with severity "high", and several bugs in 5.0.7.

CVE-2024-41989: Memory exhaustion in ``django.utils.numberformat.floatformat()``
================================================================================

If :tfilter:`floatformat` received a string representation of a number in
scientific notation with a large exponent, it could lead to significant memory
consumption.

To avoid this, decimals with more than 200 digits are now returned as is.

CVE-2024-41990: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
===========================================================================================

:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.

CVE-2024-41991: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` and ``AdminURLFieldWidget``
=======================================================================================================================

:tfilter:`urlize`, :tfilter:`urlizetrunc`, and ``AdminURLFieldWidget`` were
subject to a potential denial-of-service attack via certain inputs with a very
large number of Unicode characters.

CVE-2024-42005: Potential SQL injection in ``QuerySet.values()`` and ``values_list()``
======================================================================================

:meth:`.QuerySet.values` and :meth:`~.QuerySet.values_list` methods on models
with a ``JSONField`` were subject to SQL injection in column aliases, via a
crafted JSON object key as a passed ``*arg``.

Bugfixes
========

* Added missing validation for ``UniqueConstraint(nulls_distinct=False)`` when
using ``*expressions`` (:ticket:`35594`).

* Fixed a regression in Django 5.0 where ``ModelAdmin.action_checkbox`` could
break the admin changelist HTML page when rendering a model instance with a
``__html__`` method (:ticket:`35606`).

* Fixed a crash when creating a model with a ``Field.db_default`` and a
``Meta.constraints`` constraint composed of ``__endswith``, ``__startswith``,
or ``__contains`` lookups (:ticket:`35625`).

* Fixed a regression in Django 5.0.7 that caused a crash in
``LocaleMiddleware`` when processing a language code over 500 characters
(:ticket:`35627`).

* Fixed a bug in Django 5.0 that caused a system check crash when
``ModelAdmin.date_hierarchy`` was a ``GeneratedField`` with an
``output_field`` of ``DateField`` or ``DateTimeField`` (:ticket:`35628`).

* Fixed a bug in Django 5.0 which caused constraint validation to either crash
or incorrectly raise validation errors for constraints referring to fields
using ``Field.db_default`` (:ticket:`35638`).

* Fixed a crash in Django 5.0 when saving a model containing a ``FileField``
with a ``db_default`` set (:ticket:`35657`).


==========================

5.0.7

==========================

*July 9, 2024*

Django 5.0.7 fixes two security issues with severity "moderate", two security
issues with severity "low", and one bug in 5.0.6.

CVE-2024-38875: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
===========================================================================================

:tfilter:`urlize` and :tfilter:`urlizetrunc` were subject to a potential
denial-of-service attack via certain inputs with a very large number of
brackets.

CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords
===========================================================================================