Update Next Updates (next)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Jinja2 (changelog)	~3.0.3 -> ~3.1.0
Jinja2 (changelog)	==3.0.3 -> ==3.1.2
Markdown	~3.3.7 -> ~3.4.0
Pillow (source, changelog)	~9.1.1 -> ~9.2.0
black (changelog)	~22.3.0 -> ~22.6.0
coverage	6.4.1 -> 6.4.2
django-cacheops	6.0 -> 6.1
django-celery-beat	~2.2.1 -> ~2.3.0
django-constance	~2.8.0 -> ~2.9.0
django-cryptography	1.0 -> 1.1
django-debug-toolbar (changelog)	~3.4.0 -> ~3.5.0
django-extensions (changelog)	~3.1.5 -> ~3.2.0
drf-spectacular	~0.22.1 -> ~0.23.0
drf-yasg	~1.20.0 -> ~1.21.0
importlib-metadata	~4.4 -> ~4.12.0
jsonschema (changelog)	~4.4.0 -> ~4.7.0
mkdocs (source)	1.3.0 -> 1.3.1
mkdocs (source)	==1.3.0 -> ==1.3.1
mkdocs-include-markdown-plugin	~3.2.3 -> ~3.6.0
mkdocs-include-markdown-plugin	==3.2.3 -> ==3.6.1
requests (source, changelog)	~2.27.1 -> ~2.28.0
social-auth-core	~4.2.0 -> ~4.3.0
svgwrite	1.4.2 -> 1.4.3

---

Release Notes

Python-Markdown/markdown

v3.4.1

Compare Source

v3.4

Compare Source

python-pillow/Pillow

v9.2.0

Compare Source

• Deprecate ImageFont.getsize and related functions #​6381
  [nulano, radarhere]

• Fixed null check for fribidi_version_info in FriBiDi shim #​6376
  [nulano]

• Added GIF decompression bomb check #​6402
  [radarhere]

• Handle PCF fonts files with less than 256 characters #​6386
  [dawidcrivelli, radarhere]

• Improved GIF optimize condition #​6378
  [raygard, radarhere]

• Reverted to array_interface with the release of NumPy 1.23 #​6394
  [radarhere]

• Pad PCX palette to 768 bytes when saving #​6391
  [radarhere]

• Fixed bug with rounding pixels to palette colors #​6377
  [btrekkie, radarhere]

• Use gnome-screenshot on Linux if available #​6361
  [radarhere, nulano]

• Fixed loading L mode BMP RLE8 images #​6384
  [radarhere]

• Fixed incorrect operator in ImageCms error #​6370
  [LostBenjamin, hugovk, radarhere]

• Limit FPX tile size to avoid extending outside image #​6368
  [radarhere]

• Added support for decoding plain PPM formats #​5242
  [Piolie, radarhere]

• Added apply_transparency() #​6352
  [radarhere]

• Fixed behaviour change from endian fix #​6197
  [radarhere]

• Allow remapping P images with RGBA palettes #​6350
  [radarhere]

• Fixed drawing translucent 1px high polygons #​6278
  [radarhere]

• Pad COLORMAP to 768 items when saving TIFF #​6232
  [radarhere]

• Fix P -> PA conversion #​6337
  [RedShy, radarhere]

• Once exif data is parsed, do not reload unless it changes #​6335
  [radarhere]

• Only try to connect discontiguous corners at the end of edges #​6303
  [radarhere]

• Improve transparency handling when saving GIF images #​6176
  [radarhere]

• Do not update GIF frame position until local image is found #​6219
  [radarhere]

• Netscape GIF extension belongs after the global color table #​6211
  [radarhere]

• Only write GIF comments at the beginning of the file #​6300
  [raygard, radarhere]

• Separate multiple GIF comment blocks with newlines #​6294
  [raygard, radarhere]

• Always use GIF89a for comments #​6292
  [raygard, radarhere]

• Ignore compression value from BMP info dictionary when saving as TIFF #​6231
  [radarhere]

• If font is file-like object, do not re-read from object to get variant #​6234
  [radarhere]

• Raise ValueError when trying to access internal fp after close #​6213
  [radarhere]

• Support more affine expression forms in im.point() #​6254
  [benrg, radarhere]

• Populate Python palette in fromarray() #​6283
  [radarhere]

• Raise ValueError if PNG chunks are truncated #​6253
  [radarhere]

• Use durations from each frame by default when saving GIFs #​6265
  [radarhere]

• Adjust BITSPERSAMPLE to match SAMPLESPERPIXEL when opening TIFFs #​6270
  [radarhere]

• Search pkgconf system libs/cflags #​6138
  [jameshilliard, radarhere]

• Raise ValueError for invalid PPM maxval #​6242
  [radarhere]

• Corrected screencapture argument in ImageGrab.grab() #​6244
  [axt-one]

• Deprecate support for Qt 5 (PyQt5 and PySide2) #​6237
  [hugovk, radarhere]

• Increase wait time of temporary file deletion on Windows #​6224
  [AlexTedeschi]

• Deprecate FreeTypeFont.getmask2 fill parameter #​6220
  [nulano, radarhere, hugovk]

• Round lut values where necessary #​6188
  [radarhere]

• Load before getting size in resize() #​6190
  [radarhere]

• Load image before performing size calculations in thumbnail() #​6186
  [radarhere]

• Deprecated PhotoImage.paste() box parameter #​6178
  [radarhere]

psf/black

v22.6.0

Compare Source

Style

• Fix unstable formatting involving #fmt: skip and # fmt:skip comments (notice the
  lack of spaces) (#​2970)

Preview style

• Docstring quotes are no longer moved if it would violate the line length limit (#​3044)
• Parentheses around return annotations are now managed (#​2990)
• Remove unnecessary parentheses around awaited objects (#​2991)
• Remove unnecessary parentheses in with statements (#​2926)
• Remove trailing newlines after code block open (#​3035)

Integrations

• Add scripts/migrate-black.py script to ease introduction of Black to a Git project
  (#​3038)

Output

• Output Python version and implementation as part of --version flag (#​2997)

Packaging

• Use tomli instead of tomllib on Python 3.11 builds where tomllib is not
  available (#​2987)

Parser

• PEP 654 syntax (for example,
  except *ExceptionGroup:) is now supported (#​3016)
• PEP 646 syntax (for example,
  Array[Batch, *Shape] or def fn(*args: *T) -> None) is now supported (#​3071)

Vim Plugin

• Fix strtobool function. It didn't parse true/on/false/off. (#​3025)

nedbat/coveragepy

v6.4.2

Compare Source

• Updated for a small change in Python 3.11.0 beta 4: modules now start with a
  line with line number 0, which is ignored. This line cannnot be executed, so
  coverage totals were thrown off. This line is now ignored by coverage.py,
  but this also means that truly empty modules (like __init__.py) have no
  lines in them, rather than one phantom line. Fixes issue 1419_.

• Internal debugging data added to sys.modules is now an actual module, to
  avoid confusing code that examines everything in sys.modules. Thanks,
  Yilei Yang (pull 1399_).

.. _pull 1399:https://github.com/nedbat/coveragepy/pull/13999
.. _issue 1419https://github.com/nedbat/coveragepy/issues/141919

.. _changes_6-4-1:

Suor/django-cacheops

v6.1

Compare Source

celery/django-celery-beat

v2.3.0

Compare Source

=====
:release-date:
:release-by:

• Admin "disable_tasks" action also updates PeriodicTask's last_run_at field
• feat: add periodic_task_name in favor of celery/django-celery-results
• Fix ClockedSchedule and PeriodicTasks showing UTC time when Time Zone
• Change last_run_at=None when using disable tasks admin action (#​501)
• fix the conflict with celery configuration (#​525)
• A unit Test to make sure ClockedSchedule and PeriodicTasks are shown
• Django 4.0 and Python 3.10 support (#​528)

.. _version-2.2.1:

jazzband/django-constance

v2.9.0

Compare Source

georgemarshall/django-cryptography

v1.1

Compare Source

jazzband/django-debug-toolbar

v3.5.0

Compare Source

django-extensions/django-extensions

v3.2.0

Compare Source

Changes:

• Improvement: Django 4 support
• Improvement: Accept both --no-input and --noinput
• Improvement: sqldsn, Added more styles to the sqldsn management command
• Improvement: graph_models, Flag for to color code relations based on on_delete
• Improvement: graph_models, Add --relation-fields-only flag
• Improvement: RandomCharField, allow keeping default values
• Fix: HexValidator, Max length validation
• Fix: runserver_plus, Fix KeyError: 'werkzeug.server.shutdown'
• New: managestate, Saves current applied migrations to a file or applies migrations from file

tfranzel/drf-spectacular

v0.23.1

Compare Source

• improve CAMELIZE_NAMES doc #&#8203;774 <https://github.com/tfranzel/drf-spectacular/issues/774>_
• move import into build_geo_schema function [bidaya0]

Breaking changes / important additions:

• Hotfix release to mitigate unwanted import of optional GIS features that depend on GDAL. GDAL is not a new requirement.

v0.23.0

Compare Source

• fix infinite recursion when accessing missing attributes in generator stats [Oleg Hoefling]
• fix list pagination when examples are provided [topher235]
• accept integer status codes in OpenApiExample [Nicholas Guriev]
• Missing ":" in example documentation [Josué Millán Zamora]
• Flip direction for callbacks serializers [Justas]
• grammar fix [Kojo Idrissa]
• fix sidecar for alternate staticfile storages #&#8203;718 <https://github.com/tfranzel/drf-spectacular/issues/718>_
• add support for rest_framework_gis
• add mechanism to handle custom ListSerializers with extensions
• Update based on review [johnthagen]
• Hyphenate in-memory [johnthagen]
• Add FAQ entry for how to serve in-memory generated files [johnthagen]
• add pattern to OpenApiParameter #&#8203;738 <https://github.com/tfranzel/drf-spectacular/issues/738>_
• Add test that extend_schema_field on django-filter is not modified [Take Weiland]
• Do not forcefully overwrite enum setting on custom django-filter schema [Take Weiland]
• django-filter: Enable type extraction fallback for MultipleChoiceFilter as well [Take Weiland]
• Add examples camelization note to settings.py [Zac Miller]
• fix codecov badge url issue on github #&#8203;713 <https://github.com/tfranzel/drf-spectacular/issues/713>_

Breaking changes / important additions:

• A whole bunch of smaller bug fixes.
• OpenAPI Callbacks should now be production ready
• Introduction of rest_framework_gis support. This might impact APIs that are using GIS so this is a y-stream release.

axnsan12/drf-yasg

v1.21.3

Compare Source

FIXED: Set generator url for swagger_settings.DEFAULT_API_URL (#​682)
FIXED: Check fields for allow_null attribute (#​688)
FIXED: Encode pytz object field as a string by default (#​717)
FIXED: Handle errors rendering with TemplateHTMLRenderer (#​742)

v1.21.2

Compare Source

FIXED: Fixed code block rst syntax in README.rst (#​797)

v1.21.0

Compare Source

• IMPROVED: Add utf-8 support to yaml loaders (#​692)

v1.20.3

Compare Source

• FIXED: Source mapping in redoc.min.js (#​778)
• FIXED: Publish action tag pattern in publish.yml (#​794)

python/importlib_metadata

v4.12.0

Compare Source

=======

• py-93259: Now raise ValueError when None or an empty
  string are passed to Distribution.from_name (and other
  callers).

v4.11.4

Compare Source

=======

• #​379: In PathDistribution._name_from_stem, avoid including
  parts of the extension in the result.
• #​381: In PathDistribution._normalized_name, ensure names
  loaded from the stem of the filename are also normalized, ensuring
  duplicate entry points by packages varying only by non-normalized
  name are hidden.

v4.11.3

Compare Source

=======

• #​372: Removed cast of path items in FastPath, not needed.

v4.11.2

Compare Source

=======

• #​369: Fixed bug where EntryPoint.extras was returning
  match objects and not the extras strings.

v4.11.1

Compare Source

=======

• #​367: In Distribution.requires for egg-info, if requires.txt
  is empty, return an empty list.

v4.11.0

Compare Source

=======

• bpo-46246: Added __slots__ to EntryPoints.

v4.10.1

Compare Source

=======

v4.10.0

Compare Source

=======

• #​354: Removed Distribution._local factory. This
  functionality was created as a demonstration of the
  possible implementation. Now, the
  pep517 <https://pypi.org/project/pep517>_ package
  provides this functionality directly through
  pep517.meta.load <https://github.com/pypa/pep517/blob/a942316305395f8f757f210e2b16f738af73f8b8/pep517/meta.py#L63-L73>_.

v4.9.0

Compare Source

======

• Require Python 3.7 or later.

v4.8.3

Compare Source

======

• #​357: Fixed requirement generation from egg-info when a
  URL requirement is given.

v4.8.2

Compare Source

======

v4.8.1

Compare Source

======

• #​348: Restored support for EntryPoint access by item,
  deprecating support in the process. Users are advised
  to use direct member access instead of item-based access::

  • ep[0] -> ep.name
  • ep[1] -> ep.value
  • ep[2] -> ep.group
  • ep[:] -> ep.name, ep.value, ep.group

v4.8.0

Compare Source

======

• #​337: Rewrote EntryPoint as a simple class, still
  immutable and still with the attributes, but without any
  expectation for namedtuple functionality such as
  _asdict.

v4.7.1

Compare Source

======

• #​344: Fixed regression in packages_distributions when
  neither top-level.txt nor a files manifest is present.

v4.7.0

Compare Source

======

• #​330: In packages_distributions, now infer top-level
  names from .files() when a top-level.txt
  (Setuptools-specific metadata) is not present.

v4.6.4

Compare Source

======

• #​334: Correct SimplePath protocol to match pathlib
  protocol for __truediv__.

v4.6.3

Compare Source

======

• Moved workaround for #​327 to _compat module.

v4.6.2

Compare Source

======

• bpo-44784: Avoid errors in test suite when
  DeprecationWarnings are treated as errors.

v4.6.1

Compare Source

======

• #​327: Deprecation warnings now honor call stack variance
  on PyPy.

v4.6.0

Compare Source

======

• #​326: Performance tests now rely on
  pytest-perf <https://pypi.org/project/pytest-perf>_.
  To disable these tests, which require network access
  and a git checkout, pass -p no:perf to pytest.

v4.5.0

Compare Source

======

• #​319: Remove SelectableGroups deprecation exception
  for flake8.

python-jsonschema/jsonschema

v4.7.2

Compare Source

• Also have best_match handle cases where the type validator is an
  array.

v4.7.1

Compare Source

• Minor tweak of the PyPI hyperlink names

v4.7.0

Compare Source

• Enhance best_match to prefer errors from branches of the schema which
  match the instance's type (#​728)

v4.6.2

Compare Source

• Fix a number of minor typos in docstrings, mostly private ones (#​969)

v4.6.1

Compare Source

• Gut the (incomplete) implementation of recursiveRef on draft 2019. It
  needs completing, but for now can lead to recursion errors (e.g. #​847).

v4.6.0

Compare Source

• Fix unevaluatedProperties and unevaluatedItems for types they should
  ignore (#​949)
• jsonschema now uses hatch <https://hatch.pypa.io/>_ for its build
  process. This should be completely transparent to end-users (and only matters
  to contributors).

v4.5.1

Compare Source

• Revert changes to $dynamicRef which caused a performance regression
  in v4.5.0

v4.5.0

Compare Source

• Validator classes for each version now maintain references to the correct
  corresponding format checker (#​905)
• Development has moved to a GitHub organization <https://github.com/python-jsonschema/>_.
  No functional behavior changes are expected from the change.

mkdocs/mkdocs

v1.3.1

Compare Source

• Pin Python-Markdown version to <3.4, thus excluding its latest release that breaks too many external extensions (#​2893)

• When a Markdown extension fails to load, print its name and traceback (#​2894)

• Bugfix for "readthedocs" theme (regression in 1.3.0): add missing space in breadcrumbs (#​2810)

• Bugfix: don't complain when a file "readme.md" (lowercase) exists, it's not recognized otherwise (#​2852)

• Built-in themes now also support these languages:

  • Italian (#​2860)

Other small improvements; see commit log.

mondeja/mkdocs-include-markdown-plugin

v3.6.1

Compare Source

Bug fixes:

• Wrap start and end delimiters contents by single quotes in comments to show them better.

v3.6.0

Compare Source

New features:

• Allow to configure globally custom tags strings to open and close directives (#​112).

v3.5.2

Compare Source

Bug fixes:

• Fixed incompatibility between trailing-newlines and comments arguments of include-markdown directive.

v3.5.1

Compare Source

Bug fixes:

• Fixed nested inclusions showing incorrect warning messages.
• Fixed error skipping relative URLs rewriting in indented codeblocks using Windows newlines.

Enhancements:

• Allow to pass string arguments wrapped by single quotes ' escaping them with \'.
• Show errors if filename, end, start or exclude arguments are empty.
• Show error rather than raising an exception if a file to be included is not found.
• Show error rather than raising an exception if a parsed boolean value is not valid.
• Improved warning messages adding affected line number and directive.

v3.5.0

Compare Source

New features:

• New option trailing-newlines for both directives to strip trailing newlines from content to include.
• Both directives accept now recursive ** wildcard globbing to match against subdirectories including multiple files.

Enhancements:

• String arguments filename, start, end and exclude now accept double quotes " in values escaping them with \".

v3.4.1

Compare Source

Bug fixes:

• Fixed offset application not skipped in codeblocks at nested Markdown blocks.
• Fixed incorrect output skipping relative URL rewritings in indented codeblocks.

Enhancements:

• Optimize migrating from pathlib to os.path.
• Some tiny performance optimizations processing text.

v3.4.0

Compare Source

Enhancements:

• Warn if end or start arguments are not detected inside content to include.

v3.3.0

Compare Source

Enhancements:

• Remove upper and lower limits for heading-offset argument.
• Accept negative arguments for heading-offset argument to decrease heading depth.

psf/requests

v2.28.1

Compare Source

Improvements

• Speed optimization in iter_content with transition to yield from. (#​6170)

Dependencies

• Added support for chardet 5.0.0 (#​6179)
• Added support for charset-normalizer 2.1.0 (#​6169)

python-social-auth/social-core

v4.3.0

Compare Source

Added

• Add backend for Hashicorp Vault OIDC backend
• Add generic OpenID Connect backend
• Add Grafana OAuth2 backend
• Add MusicBrainz OAuth2 backend

Changed

• Fixed redirect state for Keycloak backend
• Add fallback to RSA256 in OpenID Connect when alg is not set
• Fixed Azure backend so it can be used with all Azure authority hosts

mozman/svgwrite

v1.4.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - "before 2am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

Installing v1 tool poetry v1.1.14
The canonical source for Poetry's installation script is now https://install.python-poetry.org. Please update your usage to reflect this.
Retrieving Poetry metadata

# Welcome to Poetry!

This will download and install the latest version of Poetry,
a dependency and package manager for Python.

It will add the `poetry` command to Poetry's bin directory, located at:

/home/ubuntu/poetry/1.1.14/bin

You can uninstall at any time by executing this script with the --uninstall option,
and these changes will be reverted.

Installing Poetry (1.1.14)
Installing Poetry (1.1.14): Creating environment
Installing Poetry (1.1.14): Installing Poetry
Installing Poetry (1.1.14): Creating script
Installing Poetry (1.1.14): Done

Poetry (1.1.14) is installed now. Great!

To get started you need Poetry's bin directory (/home/ubuntu/poetry/1.1.14/bin) in your `PATH`
environment variable.

Add `export PATH="/home/ubuntu/poetry/1.1.14/bin:$PATH"` to your shell configuration file.

Alternatively, you can call Poetry explicitly with `/home/ubuntu/poetry/1.1.14/bin/poetry`.

You can test that everything is set up by executing:

`poetry --version`

Poetry version 1.1.14
Installed v1 poetry in 38 seconds
Creating virtualenv nautobot-6Z2DpQq9-py3.7 in /home/ubuntu/.cache/pypoetry/virtualenvs
Updating dependencies
Resolving dependencies...

  JSONDecodeError

  Expecting value: line 1 column 1 (char 0)

  at ~/poetry/1.1.14/venv/lib/python3.7/site-packages/requests/models.py:975 in json
       971│             return complexjson.loads(self.text, **kwargs)
       972│         except JSONDecodeError as e:
       973│             # Catch JSON-related errors and raise as requests.JSONDecodeError
       974│             # This aliases json.JSONDecodeError and simplejson.JSONDecodeError
    →  975│             raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
       976│ 
       977│     @property
       978│     def links(self):
       979│         """Returns the parsed header links of the response, if any."""

File name: poetry.lock

Installing v1 tool poetry v1.1.14
The canonical source for Poetry's installation script is now https://install.python-poetry.org. Please update your usage to reflect this.
Retrieving Poetry metadata

# Welcome to Poetry!

This will download and install the latest version of Poetry,
a dependency and package manager for Python.

It will add the `poetry` command to Poetry's bin directory, located at:

/home/ubuntu/poetry/1.1.14/bin

You can uninstall at any time by executing this script with the --uninstall option,
and these changes will be reverted.

Installing Poetry (1.1.14)
Installing Poetry (1.1.14): Creating environment
Installing Poetry (1.1.14): Installing Poetry
Installing Poetry (1.1.14): Creating script
Installing Poetry (1.1.14): Done

Poetry (1.1.14) is installed now. Great!

To get started you need Poetry's bin directory (/home/ubuntu/poetry/1.1.14/bin) in your `PATH`
environment variable.

Add `export PATH="/home/ubuntu/poetry/1.1.14/bin:$PATH"` to your shell configuration file.

Alternatively, you can call Poetry explicitly with `/home/ubuntu/poetry/1.1.14/bin/poetry`.

You can test that everything is set up by executing:

`poetry --version`

Poetry version 1.1.14
Installed v1 poetry in 37 seconds
Creating virtualenv nautobot-6Z2DpQq9-py3.7 in /home/ubuntu/.cache/pypoetry/virtualenvs
Updating dependencies
Resolving dependencies...

  JSONDecodeError

  Expecting value: line 1 column 1 (char 0)

  at ~/poetry/1.1.14/venv/lib/python3.7/site-packages/requests/models.py:975 in json
       971│             return complexjson.loads(self.text, **kwargs)
       972│         except JSONDecodeError as e:
       973│             # Catch JSON-related errors and raise as requests.JSONDecodeError
       974│             # This aliases json.JSONDecodeError and simplejson.JSONDecodeError
    →  975│             raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
       976│ 
       977│     @property
       978│     def links(self):
       979│         """Returns the parsed header links of the response, if any."""

[glennmatthews]

The following change to celery-beat probably needs to be accounted for: celery/django-celery-beat#525

[glennmatthews]

We may not need a custom ConstanceDatabaseAppConfig class (nautobot.core.apps) any more as it looks like Constance has fixed the issue that necessitated it.

[glennmatthews]

The updated version of requests includes a fix for psf/requests#6071, which I understand to be a bit controversial. We should be thoughtful about our approach to this one and its potential impact to plugins (see for example nautobot/nautobot-app-secrets-providers#32)

[bryanculver]

#2021 (comment)

[bryanculver]

Include:

• Pillow
  • Always good to keep this one up to date
• black
  • Should be good but going to double check it doesn't reformat all our code
• coverage
  • small patch release
• django-cacheops
  • Bug fixes
• django-cryptography
  • Only drops old Python and Django version support
• django-debug-toolbar
  • dev tool, mostly bug fixes and some new features
• django-extensions
  • Mostly just cleanup and additional minor feature and flags
• drf-yasg
  • Adds more UTF-8 support, bug fixes
• importlib-metadata
  • If you take a look at the PR I open this up with documentation for how this is minor and more annoying being a patch-only update. Has been discussed.
• jsonschema
  • Bugfixes
  • Only removes draft features
• mkdocs-include-markdown-plugin
  • Bump to 3.5.2 (3.6 only 1 week old)
  • Bug fixes and new options
• social-auth-core
  • See: Stop passing server_port to python3-saml python-social-auth/social-core#609
• svgwrite
  • Minor bugfix

Exclude (for 1.5 or beyond):

• Jinja2
  • Removed previously deprecated code. Needs some further review
• Markdown
  • Notes some backwards incompatible changes, needs review
• django-celery-beat
  • Config change (see Update Next Updates (next) #2021 (comment))
• django-constance
  • See changes to fake admin model which I think caused issues with migrations somewhere else
  • We should probably evaluate any cleanup (see Update Next Updates (next) #2021 (comment))
• drf-spectacular
  • Very new, low confidence and adoption scores
• mkdocs
  • Pins markdown version
  • very new
• requests
  • Controversial changes: Update Next Updates (next) #2021 (comment)

[glennmatthews]

drf-yasg

* Adds more UTF-8 support, bug fixes

We don't actually use drf-yasg in core any more, so who knows how this change may impact plugins - perhaps instead of updating the minimum requirement we should just widen the range of acceptable versions?

[bryanculver]

drf-yasg

* Adds more UTF-8 support, bug fixes

We don't actually use drf-yasg in core any more, so who knows how this change may impact plugins - perhaps instead of updating the minimum requirement we should just widen the range of acceptable versions?

Thanks for that reminder. ^1.20.0 seem sufficient? This way plugins can bring in newer versions as needed, newer versions can be installed, but there isn't any large concern of new minor releases breaking core?