Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

django-axes	1.6.0	»	2.3.3	PyPI | Changelog | Repo
django-bootstrap-pagination	1.6.2	»	1.6.3	PyPI | Changelog | Repo
django-bootstrap3	6.2.2	»	9.0.0	PyPI | Changelog | Repo
django-braces	1.9.0	»	1.11.0	PyPI | Changelog | Repo
django-chroniker	0.9.3	»	1.0.8	PyPI | Repo
django-countries	3.4.1	»	5.0	PyPI | Changelog | Repo
django-crispy-forms	1.6.0	»	1.6.1	PyPI | Changelog | Repo
django-qsstats-magic	0.7.2	»	1.0.0	PyPI | Repo
django-simple-import	1.17	»	2.0.2	PyPI | Repo
django-tables2	1.1.2	»	1.12.0	PyPI | Changelog | Repo
Django	1.7.11	»	1.11.6	PyPI | Changelog | Homepage
httplib2	0.9.2	»	0.10.3	PyPI | Changelog | Repo
netaddr	0.7.18	»	0.7.19	PyPI | Changelog | Repo
netifaces	0.10.5	»	0.10.6	PyPI | Changelog | Repo
oauth2client	1.4.12	»	4.1.2	PyPI | Changelog | Repo
odfpy	1.3.3	»	1.3.5	PyPI | Changelog | Repo
openpyxl	2.4.0	»	2.4.8	PyPI | Changelog | Docs
psutil	4.1.0	»	5.4.0	PyPI | Changelog | Repo | Docs
psycopg2	2.6.2	»	2.7.3.1	PyPI | Changelog | Homepage
pyasn1-modules	0.0.8	»	0.1.5	PyPI | Changelog | Repo
pyasn1	0.1.9	»	0.3.7	PyPI | Changelog | Repo
python-dateutil	2.5.3	»	2.6.1	PyPI | Changelog | Docs
python-stdnum	1.4	»	1.7	PyPI | Changelog | Homepage
pytz	2016.7	»	2017.2	PyPI | Homepage | Docs
six	1.10.0	»	1.11.0	PyPI | Changelog | Homepage | Docs
tablib	0.11.2	»	0.12.1	PyPI | Changelog | Homepage
toposort	1.4	»	1.5	PyPI | Changelog | Repo
xlrd	1.0.0	»	1.1.0	PyPI | Changelog | Homepage
django-extensions	1.7.4	»	1.9.1	PyPI | Changelog | Repo | Docs
django-debug-toolbar	1.3.2	»	1.8	PyPI | Changelog | Repo
Werkzeug	0.12.2	»	0.12.2	PyPI | Changelog | Homepage
selenium	3.6.0	»	3.6.0	PyPI | Changelog | Repo

Changelogs

django-axes 1.6.0 -> 2.3.3

2.3.3

---

• Many tweaks and handles successful AJAX logins.
  [Jack Sullivan]

• Add tests for proxy number parametrization
  [aleksihakli]

• Add AXES_NUM_PROXIES setting
  [aleksihakli]

• Log failed access attempts regardless of settings
  [jimr]

• Updated configuration docs to include AXES_IP_WHITELIST
  [Minkey27]

• Add test for get_cache_key function
  [jorlugaqui]

• Delete cache key in reset command line
  [jorlugaqui]

• Add signals for setting/deleting cache keys
  [jorlugaqui]

2.3.2

---

• Only look for lockable users on a POST
  [schinckel]

• Fix and add tests for IPv4 and IPv6 parsing
  [aleksihakli]

2.3.1

---

• Added settings for disabling success accesslogs
  [Minkey27]

• Fixed illegal IP address string passed to inet_pton
  [samkuehn]

2.3.0

---

• Fixed axes_reset management command to skip "ip" prefix to command
  arguments.
  [EvaMarques]

• Added axes_reset_user management command to reset lockouts and failed
  login records for given users.
  [vladimirnani]

• Fixed Travis-PyPI release configuration.
  [jezdez]

• Make IP position argument optional.
  [aredalen]

• Added possibility to disable access log
  [svenhertle]

• Fix for IIS used as reverse proxy adding port number
  [Dmitri-Sintsov]

• Made the signal race condition safe.
  [Minkey27]

• Added AXES_ONLY_USER_FAILURES to support only looking at the user ID.
  [lip77us]

2.2.0

---

• Improve the logic when using a reverse proxy to avoid possible attacks.
  [camilonova]

2.1.0

---

• Add default_app_config so you can just use axes in INSTALLED_APPS
  [vdboor]

2.0.0

---

• Removed middleware to use app_config
  [camilonova]

• Lots of cleaning
  [camilonova]

• Improved test suite and versions
  [camilonova]

1.7.0

---

• Use render shortcut for rendering LOCKOUT_TEMPLATE
  [Radosław Luter]

• Added app_label for RemovedInDjango19Warning
  [yograterol]

• Add iso8601 translator.
  [mullakhmetov]

• Edit json response. Context now contains ISO 8601 formatted cooloff time
  [mullakhmetov]

• Add json response and iso8601 tests.
  [mullakhmetov]

• Fixes issue 162: UnicodeDecodeError on pip install
  [joeribekker]

• Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out.
  [joeribekker]

1.6.1

---

• Fixes whitelist check when BEHIND_REVERSE_PROXY
  [Patrick Hagemeister]

• Made migrations py3 compatible
  [mvdwaeter]

• Fixing 126, possibly breaking compatibility with Django<=1.7
  [int-ua]

• Add note for upgrading users about new migration files
  [kelseyq]

• Fixes 148
  [camilonova]

• Decorate auth_views.login only once
  [teeberg]

• Set IP public/private classifier to be compliant with RFC 1918.
  [SilasX]

• Issue 155. Lockout response status code changed to 403.
  [Артур Муллахметов]

• BUGFIX: Missing migration
  [smeinel]

django-bootstrap3 6.2.2 -> 9.0.0

9.0.0

++++++++++++++++++

• Renamed requirements-dev.txt back to requirements.txt because that suits ReadTheDocs better
• Added error_types support on bootstrap3_form (thanks mkoistinen and ickam)
• BREAKING Default setting of error_types to non_field_errors is different fro behavior in versions < 9

8.2.3

++++++++++++++++++

• Renamed requirements.txt to requirements-dev.txt
• Tweaks to tests and CI (see 400)
• Prepared test for geometry fields (disabled, blocked by Django update, see 392)
• Bug fixes for add ons and placeholders (thanks jaimesanz, cybojenix and marc-gist)
• Improve documentation for pagination with GET parameters (thanks nspo)
• Add unicode test for help_text
• Removed tests for Python 3.2 from tox and Travis CI (no longer supported by Django 1.8)

8.2.2

++++++++++++++++++

• Fix invalid HTML in help texts (thanks luksen)
• Added mark_safe to placeholder (thanks ppo)
• Fix DateWidget import for newer Django versions (thanks clokep)

8.2.1

++++++++++++++++++

• Support for local languages in url_replace_param on Python 2 (362, thanks aamalev)
• Correct checking Mapping instance (363, thanks aamalev)
• Fix Django 1.11 import bug (see 369)
• Add Django 1.11 and Python 3.6 to tests
• Fix sdist issue with .pyc files

8.1.0

++++++++++++++++++

• Rolled back subresource integrity (see 353)
• Documentation fix (thanks clokep)

8.0.0

++++++++++++++++++

• BREAKING For Django >= 1.10 Remove everything to do with setting HTML attributes required (337) and disabled (345)
• Add id parameter to bootstrap_button (214)
• Add set_placeholder to field and form renderers (339, thanks predatell)
• Default button type to btn-default
• Add addon_before_class and addon_after_class (295, thanks DanWright91 and others)
• Fix handling of error class (170)
• No size class for checkboxes (318, thanks cybojenix)
• Fix warnings during install (thanks mfcovington)
• Fix rare RunTimeError when working without database (346, thanks Mactory)
• Add subresource integrity to external components (thanks mfcovington and Alex131089)
• Several improvements to documentation, tests, and comments. Thanks all!

7.1.0

++++++++++++++++++

• Print help text and errors in their own block (329, thanks Matoking)
• Improved page urls in pagination (fixes 323)
• Changed setup.py to allow setup.py test run tests
• Removed link target from active page in pagination (fixes 328)
• Fixed example for bootstrap_label (fixed 332)
• Fixed tests to support Django 1.10 handling of required attribute, see 337 (needs fixing)
• Added tests for Django 1.10
• Bootstrap to 3.3.7

7.0.1

++++++++++++++++++

• Fixed bug with widget attrs consistency (onysos)

7.0.0

++++++++++++++++++

• Dropped support for Django < 1.8
• Dropped support for Python < 2.7
• Fix page number bug (thanks frewsxcv)
• Fix template context warning (thanks jieter and jonashaag)
• Update to Bootstrap 3.3.6 (nikolas)
• Show links and newlines in messages (jakub3279)
• CSS classes arguments passed to the bootstrap_form are now working (gordon)
• Support for Django 1.9/Python 3.5 (jieter and jonashaag)
• Better Travis CI Django versions (thanks jonashaag)
• Improved handling of messages in bootstrap_messages (thanks frewsxcv and rjsparks)

django-braces 1.9.0 -> 1.11.0

1.10.0

• 🐛212 major Small changes for Django 1.10 compatibility.
• 🐛211 major ReadTheDocs links updated.
• 🐛209 major Django documentation link updated.

django-countries 3.4.1 -> 5.0

5.0

=============================

• No longer allow multiple=True and null=True together. This causes
  problems saving the field, and null shouldn't really be used anyway
  because the country field is a subclass of CharField.

4.6.2

---

• Use transparency layer for flag sprites.

4.6.1

---

• Fix invalid reStructuredText in CHANGES.

4.6

==========================

• Add a CountryFieldMixin Django Rest Framework serializer mixin that
  automatically picks the right field type for a CountryField (both single
  and multi-choice).

• Validation for Django Rest Framework field (thanks Simon Meers).

• Allow case-insensitive .by_name() matching (thanks again, Simon).

• Ensure a multiple-choice CountryField.max_length is enough to hold all
  countries.

• Fix inefficient pickling of countries (thanks Craig de Stigter for the report
  and tests).

• Stop adding a blank choice when dealing with a multi-choice CountryField.

• Tests now cover multiple Django Rest Framework versions (back to 3.3).

4.5

===========================

• Change rest framework field to be based on ChoiceField.

• Allow for the rest framework field to deserialize by full country name
  (specifically the English name for now).

4.4

==========================

• Fix for broken CountryField on certain models in Django 1.11.
  Thanks aktiur for the test case.

• Update tests to cover Django 1.11

4.3

===========================

• Handle "Czechia" translations in a nicer way (fall back to "Czech Republic"
  until new translations are available).

• Fix for an import error in Django 1.9+ due to use of non-lazy ugettext in
  the django-countries custom admin filter.

• Back to 100% test coverage.

4.2

===========================

• Add sprite flag files (and Country.flag_css property) to help minimize
  HTTP requests.

4.1

==============================

• Better default Django admin filter when filtering a country field in a
  ModelAdmin.

• Fix settings to support Django 1.11

• Fix when using a model instance with a deferred country field.

• Allow CountryField to handle multiple countries at once!

• Allow CountryField to still work if Deferred.

• Fix a field with customized country list. Thanks pilmie!

4.0.1

---

• Fix tests for COUNTRIES_FIRST_SORT (feature still worked, tests didn't).

4.0

============================

django-crispy-forms 1.6.0 -> 1.6.1

1.6.1

• Updates compatibility for Django 1.10
• A number of small Bootstrap 4 fixes.

See 1.6.1 Milestone
for full issue list.

django-tables2 1.1.2 -> 1.12.0

1.12.0

• Allow export filename customization 484 by federicobond
• Fixed a bug where template columns were not rendered for pinned rows (483 by khirstinova, fixes 482)

1.11.0

• Added Hungarian translation 471 by hmikihth.
• Added TemplateColumn.value() and enhanced export docs (fixes 470)
• Fixed display of pinned rows if table has no data. 477 by khirstinova

1.10.0

• Added ManyToManyColumn automatically added for ManyToManyFields.

1.9.1

• Allow customizing the value used in Table.as_values() (when using a render_<name> method) using a value_<name> method. (fixes 458)
• Allow excluding columns from the Table.as_values() output. (fixes 459)
• Fixed unicode handling for columhn headers in Table.as_values()

1.9.0

• Allow computable attrs for <td>-tags from Table.attrs (457, fixes 451)

1.8.0

• Feature: Added an ExportMixin to export table data in various export formats (CSV, XLS, etc.) using tablib.
• Defer expanding Meta.sequence to Table.__init__, to make sequence work in combination with extra_columns (fixes 450)
• Fixed a crash when MultiTableMixin.get_tables() returned an empty array (454 by pypetey

1.7.1

• Call before_render when rendering with the render_table template tag (fixes 447)

1.7.0

• Make title() lazy (443 by ygwain, fixes 438)
• Fix __all__ by populating them with the names of the items to export instead of the items themself.
• Allow adding extra columns to an instance using the extra_columns argument. Fixes 403, 70
• Added a hook before_render to allow last-minute changes to the table before rendering.
• Added BoundColumns.show() and BoundColumns.hide() to show/hide columns on an instance of a Table.
• Use <listlike>.verbose_name/.verbose_name_plural if it exists to name the items in the list. (fixes 166)

1.6.1

• Add missing pagination to the responsive bootstrap template (440 by tobiasmcnulty)

1.6.0

• Add new template bootstrap-responsive.html to generate a responsive bootstrap table. (Fixes 436)

1.5.0

Full disclosure: as of april 1st, 2017, I am an employee of Zostera, as such I will continue to maintain and improve django-tables2.

• Made TableBase.as_values() an interator (432 by pziarsolo)
• Added JSONField for data in JSON format.
• Added __all__ in django_tables2/__init__.py and django_tables2/columns/__init__.py
• Added a setting DJANGO_TABLES2_TEMPLATE to allow project-wide overriding of the template used to render tables (fixes 434).

1.4.2

• Feature: Pinned rows (411 by djk2, fixes 406)
• Fix an issue where ValueError was raised while using a view with a get_queryset() method defined. (fix with 423 by desecho)

1.4.1

• Fix urls to screenshots in on pypi description (fixes 398)
• Prevent superfluous spaces when a callable row_attrs['class'] returns an empty string ([417](Check for empty string on row_attrs['class'] jieter/django-tables2#417 by Superman8218), fixes 416)

1.4.0

• Return None from Table.as_values() for missing values. 419
• Fix ordering by custom fields, and refactor TableData 424, fixes 413
• Revert removing TableData.__iter__() (removed in this commit), fixes 427, 361 and 421.

1.3.0

• Implement method Table.as_values() to get it's raw values. 394 by intiocean
• Fix some compatibility issues with django 2.0 408 by djk2

1.2.9

• Documentation for None-column attributes 401 by dyve

1.2.8

• None-column attributes on child class overwrite column attributes of parent class
  400 by dyve

1.2.7

• Apply title to a column's verbose_name when it is derived from a model, fixes 249. (382 by shawnnapora)
• Update documentation after deprecation of STATIC_URL in django (384, by velaia)
• Cleanup of the templates, making the output more equal (381 by ralgozino)
• Use new location for urlresolvers in Django and add backwards compatible import (388 by felixxm)
• Fix a bug where using sequence and then exclude in a child table would result in a KeyError
• Some documentation fixes and cleanups.

1.2.6

• Added get_table_kwargs() method to SingleTableMixin to allow passing custom keyword arguments to the Table constructor. (366 by fritz-k)
• Allow the children of TableBase render in the {% render_table %} template tag. (377 by shawnnapora)
• Refactor BoundColumn attributes to allow override of CSS class names, fixes 349 (370 by graup). Current behaviour should be intact, we will change the default in the future so it will not add the column name to the list of CSS classes.

1.2.5

• Fixed an issue preventing the rest of the row being rendered if a BooleanColumn was in the table for a model without custom choices defined on the model field. (360)

1.2.4

• Added Norwegian Locale (356 by fanzypantz)
• Restore default pagination for SingleTableMixin, fixes 354 (395 by graup)

1.2.3

• Accept text parameter in FileColumn, analogous to LinkColumn (343 by graup)
• Fix TemplateColumn RemovedInDjango110Warning fixes 346.
• Use field name in RelatedColumnLink (350, fixes 347)

1.2.2

• Allow use of custom class names for ordered columns through attrs. (
  329 by theTarkus)
• Column ordering queryset passthrough (330 by theTarkus)
• Cleanup/restructuring of documentation, (325)
• Fixed an issue where explicitly defined column options where not preserved over inheritance (339, issue 337)
• Fixed an issue where exclude in combination with sequence raised a KeyError (341, issue 205)

1.2.1

• table footers (323)
• Non-field based LinkColumn only renders default value if lookup fails. (322)
• Accept text parameter in BaseLinkColumn-based columns. (322)
• Pass the table instance into SingleTableMixin's get_table_pagination (320 by georgema1982, fixes 319)
• Check if the view has paginate_by before before trying to access it. (fixes 326)

1.2.0

• Allow custom attributes for rows (fixes 47)

1.1.8

• Ability to change the body of the <a>-tag, by passing text kwarg to the columns inheriting from BaseLinkColumn (318 by desecho, 322)
• Non-field based LinkColumn only renders default value if lookup fails and text is not set. (322, fixes 257)

1.1.7

• Added Italian translation (315 by paolodina
• Added Dutch translation.
• Fixed {% blocktrans %} template whitespace issues
• Fixed errors when using a column named items (316)
• Obey paginate_by (from MultipleObjectMixin) if no later pagination is defined (242)

1.1.6

• Correct error message about request context processors for current Django (314)
• Skipped 1.1.5 due to an error while creating the tag.

1.1.4

• Fix broken setup.py if Django is not installed before django-tables2 (fixes 312)

1.1.3

• Drop support for Django 1.7
• Add argument to CheckBoxColumn to render it as checked (original PR: 208)

Django 1.7.11 -> 1.11.6

1.11.6

===========================

October 5, 2017

Django 1.11.6 fixes several bugs in 1.11.5.

Bugfixes

• Made the CharField form field convert whitespace-only values to the
  empty_value when strip is enabled (:ticket:28555).

• Fixed crash when using the name of a model's autogenerated primary key
  (id) in an Index's fields (:ticket:28597).

• Fixed a regression in Django 1.9 where a custom view error handler such as
  handler404 that accesses csrf_token could cause CSRF verification
  failures on other pages (:ticket:28488).

===========================

1.11.5

===========================

September 5, 2017

Django 1.11.5 fixes a security issue and several bugs in 1.11.4.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed
a cross-site scripting attack. This vulnerability shouldn't affect most
production sites since you shouldn't run with DEBUG = True (which makes
this page accessible) in your production settings.

Bugfixes

• Fixed GEOS version parsing if the version has a commit hash at the end (new
  in GEOS 3.6.2) (:ticket:28441).

• Added compatibility for cx_Oracle 6 (:ticket:28498).

• Fixed select widget rendering when option values are tuples (:ticket:28502).

• Django 1.11 inadvertently changed the sequence and trigger naming scheme on
  Oracle. This causes errors on INSERTs for some tables if
  'use_returning_into': False is in the OPTIONS part of DATABASES.
  The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
  requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
  upgrade script in 🎫28451 comment 8 to update sequence and trigger
  names to use the pre-1.11 naming scheme.

• Added POST request support to LogoutView, for equivalence with the
  function-based logout() view (:ticket:28513).

• Omitted pages_per_range from BrinIndex.deconstruct() if it's None
  (:ticket:25809).

• Fixed a regression where SelectDateWidget localized the years in the
  select box (:ticket:28530).

• Fixed a regression in 1.11.4 where runserver crashed with non-Unicode
  system encodings on Python 2 + Windows (:ticket:28487).

• Fixed a regression in Django 1.10 where changes to a ManyToManyField
  weren't logged in the admin change history (:ticket:27998) and prevented
  ManyToManyField initial data in model forms from being affected by
  subsequent model changes (:ticket:28543).

• Fixed non-deterministic results or an AssertionError crash in some
  queries with multiple joins (:ticket:26522).

• Fixed a regression in contrib.auth's login() and logout() views
  where they ignored positional arguments (:ticket:28550).

===========================

1.11.4

===========================

August 1, 2017

Django 1.11.4 fixes several bugs in 1.11.3.

Bugfixes

• Fixed a regression in 1.11.3 on Python 2 where non-ASCII format values
  for date/time widgets results in an empty value in the widget's HTML
  (:ticket:28355).

• Fixed QuerySet.union() and difference() when combining with
  a queryset raising EmptyResultSet (:ticket:28378).

• Fixed a regression in pickling of LazyObject on Python 2 when the wrapped
  object doesn't have __reduce__() (:ticket:28389).

• Fixed crash in runserver's autoreload with Python 2 on Windows with
  non-str environment variables (:ticket:28174).

• Corrected Field.has_changed() to return False for disabled form
  fields: BooleanField, MultipleChoiceField, MultiValueField,
  FileField, ModelChoiceField, and ModelMultipleChoiceField.

• Fixed QuerySet.count() for union(), difference(), and
  intersection() queries. (:ticket:28399).

• Fixed ClearableFileInput rendering as a subwidget of MultiWidget
  (:ticket:28414). Custom clearable_file_input.html widget templates
  will need to adapt for the fact that context values
  checkbox_name, checkbox_id, is_initial, input_text,
  initial_text, and clear_checkbox_label are now attributes of
  widget rather than appearing in the top-level context.

• Fixed queryset crash when using a GenericRelation to a proxy model
  (:ticket:28418).

===========================

1.11.3

===========================

July 1, 2017

Django 1.11.3 fixes several bugs in 1.11.2.

Bugfixes

• Removed an incorrect deprecation warning about a missing renderer
  argument if a Widget.render() method accepts **kwargs
  (:ticket:28265).

• Fixed a regression causing Model.__init__() to crash if a field has an
  instance only descriptor (:ticket:28269).

• Fixed an incorrect DisallowedModelAdminLookup exception when using
  a nested reverse relation in list_filter (:ticket:28262).

• Fixed admin's FieldListFilter.get_queryset() crash on invalid input
  (:ticket:28202).

• Fixed invalid HTML for a required AdminFileWidget (:ticket:28278).

• Fixed model initialization to set the name of class-based model indexes
  for models that only inherit models.Model (:ticket:28282).

• Fixed crash in admin's inlines when a model has an inherited non-editable
  primary key (:ticket:27967).

• Fixed QuerySet.union(), intersection(), and difference() when
  combining with an EmptyQuerySet (:ticket:28293).

• Prevented Paginator’s unordered object list warning from evaluating a
  QuerySet (:ticket:28284).

• Fixed the value of redirect_field_name in LoginView’s template
  context. It's now an empty string (as it is for the original function-based
  login() view) if the corresponding parameter isn't sent in a request (in
  particular, when the login page is accessed directly) (:ticket:28229).

• Prevented attribute values in the django/forms/widgets/attrs.html
  template from being localized so that numeric attributes (e.g. max and
  min) of NumberInput work correctly (:ticket:28303).

• Removed casting of the option value to a string in the template context of
  the CheckboxSelectMultiple, NullBooleanSelect, RadioSelect,
  SelectMultiple, and Select widgets (:ticket:28176). In Django
  1.11.1, casting was added in Python to avoid localization of numeric values
  in Django templates, but this made some use cases more difficult. Casting is
  now done in the template using the |stringformat:'s' filter.

• Prevented a primary key alteration from adding a foreign key constraint if
  db_constraint=False (:ticket:28298).

• Fixed UnboundLocalError crash in RenameField with nonexistent field
  (:ticket:28350).

• Fixed a regression preventing a model field's limit_choices_to from being
  evaluated when a ModelForm is instantiated (:ticket:28345).

===========================

1.11.2

===========================

June 1, 2017

Django 1.11.2 adds a minor feature and fixes several bugs in 1.11.1. Also, the
latest string translations from Transifex are incorporated.

Minor feature

The new LiveServerTestCase.port attribute reallows the use case of binding
to a specific port following the :ref:bind to port zero <liveservertestcase-port-zero-change> change in Django 1.11.

Bugfixes

• Added detection for GDAL 2.1 and 2.0, and removed detection for unsupported
  versions 1.7 and 1.8 (:ticket:28181).

• Changed contrib.gis to raise ImproperlyConfigured rather than
  GDALException if gdal isn't installed, to allow third-party apps to
  catch that exception (:ticket:28178).

• Fixed django.utils.http.is_safe_url() crash on invalid IPv6 URLs
  (:ticket:28142).

• Fixed regression causing pickling of model fields to crash (:ticket:28188).

• Fixed django.contrib.auth.authenticate() when multiple authentication
  backends don't accept a positional request argument (:ticket:28207).

• Fixed introspection of index field ordering on PostgreSQL (:ticket:28197).

• Fixed a regression where Model._state.adding wasn't set correctly on
  multi-table inheritance parent models after saving a child model
  (:ticket:28210).

• Allowed DjangoJSONEncoder to serialize
  django.utils.deprecation.CallableBool (:ticket:28230).

• Relaxed the validation added in Django 1.11 of the fields in the defaults
  argument of QuerySet.get_or_create() and update_or_create() to
  reallow settable model properties (:ticket:28222).

• Fixed MultipleObjectMixin.paginate_queryset() crash on Python 2 if the
  InvalidPage message contains non-ASCII (:ticket:28204).

• Prevented Subquery from adding an unnecessary CAST which resulted in
  invalid SQL (:ticket:28199).

• Corrected detection of GDAL 2.1 on Windows (:ticket:28181).

• Made date-based generic views return a 404 rather than crash when given an
  out of range date (:ticket:28209).

• Fixed a regression where file_move_safe() crashed when moving files to a
  CIFS mount (:ticket:28170).

• Moved the ImageField file extension validation added in Django 1.11 from
  the model field to the form field to reallow the use case of storing images
  without an extension (:ticket:28242).

===========================

1.11.1

===========================

May 6, 2017

Django 1.11.1 adds a minor feature and fixes several bugs in 1.11.

Allowed disabling server-side cursors on PostgreSQL

The change in Django 1.11 to make :meth:.QuerySet.iterator() use server-side
cursors on PostgreSQL prevents running Django with pgBouncer in transaction
pooling mode. To reallow that, use the :setting:DISABLE_SERVER_SIDE_CURSORS <DATABASE-DISABLE_SERVER_SIDE_CURSORS> setting in :setting:DATABASES.

See :ref:transaction-pooling-server-side-cursors for more discussion.

Bugfixes

• Made migrations respect Index’s name argument. If you created a
  named index with Django 1.11, makemigrations will create a migration to
  recreate the index with the correct name (:ticket:28051).

• Fixed a crash when using a __icontains lookup on a ArrayField
  (:ticket:28038).

• Fixed a crash when using a two-tuple in EmailMessage’s attachments
  argument (:ticket:28042).

• Fixed QuerySet.filter() crash when it references the name of a
  OneToOneField primary key (:ticket:28047).

• Fixed empty POST data table appearing instead of "No POST data" in HTML debug
  page (:ticket:28079).

• Restored BoundField\s without any choices evaluating to True
  (:ticket:28058).

• Prevented SessionBase.cycle_key() from losing session data if
  _session_cache isn't populated (:ticket:28066).

• Fixed layout of ReadOnlyPasswordHashWidget (used in the admin's user
  change page) (:ticket:28097).

• Allowed prefetch calls on managers with custom ModelIterable subclasses
  (:ticket:28096).

• Fixed change password link in the contrib.auth admin for el,
  es_MX, and pt translations (:ticket:28100).

• Restored the output of the class attribute in the <ul> of widgets
  that use the multiple_input.html template. This fixes
  ModelAdmin.radio_fields with admin.HORIZONTAL (:ticket:28059).

• Fixed crash in BaseGeometryWidget.subwidgets() (:ticket:28039).

• Fixed exception reraising in ORM query execution when cursor.execute()
  fails and the subsequent cursor.close() also fails (:ticket:28091).

• Fixed a regression where CheckboxSelectMultiple, NullBooleanSelect,
  RadioSelect, SelectMultiple, and Select localized option values
  (:ticket:28075).

• Corrected the stack level of unordered queryset pagination warnings
  (:ticket:28109).

• Fixed a regression causing incorrect queries for __in subquery lookups
  when models use ForeignKey.to_field (:ticket:28101).

• Fixed crash when overriding the template of
  django.views.static.directory_index() (:ticket:28122).

• Fixed a regression in formset min_num validation with unchanged forms
  that have initial data (:ticket:28130).

• Prepared for cx_Oracle 6.0 support (:ticket:28138).

• Updated the contrib.postgres SplitArrayWidget to use template-based
  widget rendering (:ticket:28040).

• Fixed crash in BaseGeometryWidget.get_context() when overriding existing
  attrs (:ticket:28105).

• Prevented AddIndex and RemoveIndex from mutating model state
  (:ticket:28043).

• Prevented migrations from dropping database indexes from Meta.indexes
  when changing Field.db_index to False (:ticket:28052).

• Fixed a regression in choice ordering in form fields with grouped and
  non-grouped options (:ticket:28157).

• Fixed crash in BaseInlineFormSet._construct_form() when using
  save_as_new (:ticket:28159).

• Fixed a regression where Model._state.db wasn't set correctly on
  multi-table inheritance parent models after saving a child model
  (:ticket:28166).

• Corrected the return type of ArrayField(CITextField()) values retrieved
  from the database (:ticket:28161).

• Fixed QuerySet.prefetch_related() crash when fetching relations in nested
  Prefetch objects (:ticket:27554).

• Prevented hiding GDAL errors if it's not installed when using contrib.gis
  (:ticket:28160). (It's a required dependency as of Django 1.11.)

• Fixed a regression causing __in lookups on a foreign key to fail when
  using the foreign key's parent model as the lookup value (:ticket:28175).

=========================

1.11

=========================

April 4, 2017

Welcome to Django 1.11!

These release notes cover the :ref:new features <whats-new-1.11>, as well as
some :ref:backwards incompatible changes <backwards-incompatible-1.11> you'll
want to be aware of when upgrading from Django 1.10 or older versions. We've
:ref:begun the deprecation process for some features <deprecated-features-1.11>.

See the :doc:/howto/upgrade-version guide if you're updating an existing
project.

Django 1.11 is designated as a :term:long-term support release. It will
receive security updates for at least three years after its release. Support
for the previous LTS, Django 1.8, will end in April 2018.

Python compatibility

Django 1.11 requires Python 2.7, 3.4, 3.5, or 3.6. Django 1.11 is the first
release to support Python 3.6. We highly recommend and only officially
support the latest release of each series.

The Django 1.11.x series is the last to support Python 2. The next major
release, Django 2.0, will only support Python 3.4+.

Deprecating warnings are no longer loud by default

Unlike older versions of Django, Django's own deprecation warnings are no
longer displayed by default. This is consistent with Python's default behavior.

This change allows third-party apps to support both Django 1.11 LTS and Django
1.8 LTS without having to add code to avoid deprecation warnings.

Following the release of Django 2.0, we suggest that third-party app authors
drop support for all versions of Django prior to 1.11. At that time, you should
be able run your package's tests using python -Wd so that deprecation
warnings do appear. After making the deprecation warning fixes, your app should
be compatible with Django 2.0.

.. _whats-new-1.11:

What's new in Django 1.11

Class-based model indexes

The new :mod:django.db.models.indexes module contains classes which ease
creating database indexes. Indexes are added to models using the
:attr:Meta.indexes <django.db.models.Options.indexes> option.

The :class:~django.db.models.Index class creates a b-tree index, as if you
used :attr:~django.db.models.Field.db_index on the model field or
:attr:~django.db.models.Options.index_together on the model Meta class.
It can be subclassed to support different index types, such as
:class:~django.contrib.postgres.indexes.GinIndex. It also allows defining the
order (ASC/DESC) for the columns of the index.

Template-based widget rendering

To ease customizing widgets, form widget rendering is now done using the
template system rather than in Python. See :doc:/ref/forms/renderers.

You may need to adjust any custom widgets that you've written for a few
:ref:backwards incompatible changes <template-widget-incompatibilities-1-11>.

Subquery expressions

The new :class:~django.db.models.Subquery and
:class:~django.db.models.Exists database expressions allow creating
explicit subqueries. Subqueries may refer to fields from the outer queryset
using the :class:~django.db.models.OuterRef class.

Minor features

:mod:django.contrib.admin

• :attr:.ModelAdmin.date_hierarchy can now reference fields across relations.

• The new :meth:ModelAdmin.get_exclude() <django.contrib.admin.ModelAdmin.get_exclude> hook allows specifying the
  exclude fields based on the request or model instance.

• The popup_response.html template can now be overridden per app, per
  model, or by setting the :attr:.ModelAdmin.popup_response_template
  attribute.

:mod:django.contrib.auth

• The default iteration count for the PBKDF2 password hasher is increased by
  20%.

• The :class:~django.contrib.auth.views.LoginView and
  :class:~django.contrib.auth.views.LogoutView class-based views supersede the
  deprecated login() and logout() function-based views.

• The :class:~django.contrib.auth.views.PasswordChangeView,
  :class:~django.contrib.auth.views.PasswordChangeDoneView,
  :class:~django.contrib.auth.views.PasswordResetView,
  :class:~django.contrib.auth.views.PasswordResetDoneView,
  :class:~django.contrib.auth.views.PasswordResetConfirmView, and
  :class:~django.contrib.auth.views.PasswordResetCompleteView class-based
  views supersede the deprecated password_change(),
  password_change_done(), password_reset(), password_reset_done(),
  password_reset_confirm(), and password_reset_complete() function-based
  views.

• The new post_reset_login attribute for
  :class:~django.contrib.auth.views.PasswordResetConfirmView allows
  automatically logging in a user after a successful password reset.
  If you have multiple AUTHENTICATION_BACKENDS configured, use the
  post_reset_login_backend attribute to choose which one to use.

• To avoid the possibility of leaking a password reset token via the HTTP
  Referer header (for example, if the reset page includes a reference to CSS or
  JavaScript hosted on another domain), the
  :class:~django.contrib.auth.views.PasswordResetConfirmView (but not the
  deprecated password_reset_confirm() function-based view) stores the token
  in a session and redirects to itself to present the password change form to
  the user without the token in the URL.

• :func:~django.contrib.auth.update_session_auth_hash now rotates the session
  key to allow a password change to invalidate stolen session cookies.

• The new success_url_allowed_hosts attribute for
  :class:~django.contrib.auth.views.LoginView and
  :class:~django.contrib.auth.views.LogoutView allows specifying a set of
  hosts that are safe for redirecting after login and logout.

• Added password validators help_text to
  :class:~django.contrib.auth.forms.UserCreationForm.

• The HttpRequest is now passed to :func:~django.contrib.auth.authenticate
  which in turn passes it to the authentication backend if it accepts a
  request argument.

• The :func:~django.contrib.auth.signals.user_login_failed signal now
  receives a request argument.

• :class:~django.contrib.auth.forms.PasswordResetForm supports custom user
  models that use an email field named something other than 'email'.
  Set :attr:CustomUser.EMAIL_FIELD <django.contrib.auth.models.CustomUser.EMAIL_FIELD> to the name of the field.

• :func:~django.contrib.auth.get_user_model can now be called at import time,
  even in modules that define models.

:mod:django.contrib.contenttypes

• When stale content types are detected in the
  :djadmin:remove_stale_contenttypes command, there's now a list of related
  objects such as auth.Permission\s that will also be deleted. Previously,
  only the content types were listed (and this prompt was after migrate
  rather than in a separate command).

:mod:django.contrib.gis

• The new :meth:.GEOSGeometry.from_gml and :meth:.OGRGeometry.from_gml
  methods allow creating geometries from GML.

• Added support for the :lookup:dwithin lookup on SpatiaLite.

• The :class:~django.contrib.gis.db.models.functions.Area function,
  :class:~django.contrib.gis.db.models.functions.Distance function, and
  distance lookups now work with geodetic coordinates on SpatiaLite.

• The OpenLayers-based form widgets now use OpenLayers.js from
  https://cdnjs.cloudflare.com which is more suitable for production use
  than the the old http://openlayers.org source. They are also updated to
  use OpenLayers 3.

• PostGIS migrations can now change field dimensions.

• Added the ability to pass the size, shape, and offset parameter when
  creating :class:~django.contrib.gis.gdal.GDALRaster objects.

• Added SpatiaLite support for the
  :class:~django.contrib.gis.db.models.functions.IsValid function,
  :class:~django.contrib.gis.db.models.functions.MakeValid function, and
  :lookup:isvalid lookup.

• Added Oracle support for the
  :class:~django.contrib.gis.db.models.functions.AsGML function,
  :class:~django.contrib.gis.db.models.functions.BoundingCircle function,
  :class:~django.contrib.gis.db.models.functions.IsValid function, and
  :lookup:isvalid lookup.

:mod:django.contrib.postgres

• The new distinct argument for
  :class:~django.contrib.postgres.aggregates.StringAgg determines if
  concatenated values will be distinct.

• The new :class:~django.contrib.postgres.indexes.GinIndex and
  :class:~django.contrib.postgres.indexes.BrinIndex classes allow
  creating GIN and BRIN indexes in the database.

• :class:~django.contrib.postgres.fields.JSONField accepts a new encoder
  parameter to specify a custom class to encode data types not supported by the
  standard encoder.

• The new :class:~django.contrib.postgres.fields.CIText mixin and
  :class:~django.contrib.postgres.operations.CITextExtension migration
  operation allow using PostgreSQL's citext extension for case-insensitive
  lookups. Three fields are provided: :class:.CICharField,
  :class:.CIEmailField, and :class:.CITextField.

• The new :class:~django.contrib.postgres.aggregates.JSONBAgg allows
  aggregating values as a JSON array.

• The :class:~django.contrib.postgres.fields.HStoreField (model field) and
  :class:~django.contrib.postgres.forms.HStoreField (form field) allow
  storing null values.

Cache

• Memcached backends now pass the contents of :setting:OPTIONS <CACHES-OPTIONS>
  as keyword arguments to the client constructors, allowing for more advanced
  control of client behavior. See the :ref:cache arguments <cache_arguments>
  documentation for examples.

• Memcached backends now allow defining multiple servers as a comma-delimited
  string in :setting:LOCATION <CACHES-LOCATION>, for convenience with
  third-party services that use such strings in environment variables.

CSRF

• Added the :setting:CSRF_USE_SESSIONS setting to allow storing the CSRF
  token in the user's session rather than in a cookie.

Database backends

• Added the skip_locked argument to :meth:.QuerySet.select_for_update()
  on PostgreSQL 9.5+ and Oracle to execute queries with
  FOR UPDATE SKIP LOCKED.

• Added the :setting:TEST['TEMPLATE'] <TEST_TEMPLATE> setting to let
  PostgreSQL users specify a template for creating the test database.

• :meth:.QuerySet.iterator() now uses :ref:server-side cursors <psycopg2:server-side-cursors> on PostgreSQL. This feature transfers some of
  the worker memory load (used to hold query results) to the database and might
  increase database memory usage.

• Added MySQL support for the 'isolation_level' option in
  :setting:OPTIONS to allow specifying the :ref:transaction isolation level <mysql-isolation-level>. To avoid possible data loss, it's recommended to
  switch from MySQL's default level, repeatable read, to read committed.

• Added support for cx_Oracle 5.3.

Email

• Added the :setting:EMAIL_USE_LOCALTIME setting to allow sending SMTP date
  headers in the local time zone rather than in UTC.

• EmailMessage.attach() and attach_file() now fall back to MIME type
  application/octet-stream when binary content that can't be decoded as
  UTF-8 is specified for a text/* attachment.

File Storage

• To make it wrappable by :class:io.TextIOWrapper,
  :class:~django.core.files.File now has the readable(), writable(),
  and seekable() methods.

Forms

• The new :attr:CharField.empty_value <django.forms.CharField.empty_value>
  attribute allows specifying the Python value to use to represent "empty".

• The new :meth:Form.get_initial_for_field() <django.forms.Form.get_initial_for_field> method returns initial data for a
  form field.

Internationalization

• Number formatting and the :setting:NUMBER_GROUPING setting support
  non-uniform digit grouping.

Management Commands

• The new :option:loaddata --exclude option allows excluding models and apps
  while loading data from fixtures.

• The new :option:diffsettings --default option allows specifying a settings
  module other than Django's default settings to compare against.

• app_label\s arguments now limit the :option:showmigrations --plan
  output.

Migrations

• Added support for serialization of uuid.UUID objects.

Models

• Added support for callable values in the defaults argument of
  :meth:QuerySet.update_or_create() <django.db.models.query.QuerySet.update_or_create> and
  :meth:~django.db.models.query.QuerySet.get_or_create.

• :class:~django.db.models.ImageField now has a default
  :data:~django.core.validators.validate_image_file_extension validator.
  (This validator moved to the form field in :doc:Django 1.11.2 <1.11.2>.)

• Added support for time truncation to
  :class:~django.db.models.functions.datetime.Trunc functions.

• Added the :class:~django.db.models.functions.datetime.ExtractWeek function
  to extract the week from :class:~django.db.models.DateField and
  :class:~django.db.models.DateTimeField and exposed it through the
  :lookup:week lookup.

• Added the :class:~django.db.models.functions.datetime.TruncTime function
  to truncate :class:~django.db.models.DateTimeField to its time component
  and exposed it through the :lookup:time lookup.

• Added support for expressions in :meth:.QuerySet.values and
  :meth:~.QuerySet.values_list.

• Added support for query expressions on lookups that take multiple arguments,
  such as range.

• You can now use the unique=True option with
  :class:~django.db.models.FileField.

• Added the nulls_first and nulls_last parameters to
  :class:Expression.asc() <django.db.models.Expression.asc> and
  :meth:~django.db.models.Expression.desc to control
  the ordering of null values.

• The new F expression bitleftshift() and bitrightshift() methods
  allow :ref:bitwise shift operations <using-f-expressions-in-filters>.

• Added :meth:.QuerySet.union, :meth:~.QuerySet.intersection, and
  :meth:~.QuerySet.difference.

Requests and Responses

• Added :meth:QueryDict.fromkeys() <django.http.QueryDict.fromkeys>.

• :class:~django.middleware.common.CommonMiddleware now sets the
  Content-Length response header for non-streaming responses.

• Added the :setting:SECURE_HSTS_PRELOAD setting to allow appending the
  preload directive to the Strict-Transport-Security header.

• :class:~django.middleware.http.ConditionalGetMiddleware now adds the
  ETag header to responses.

Serialization

• The new django.core.serializers.base.Serializer.stream_class attribute
  allows subclasses to customize the default stream.

• The encoder used by the :ref:JSON serializer <serialization-formats-json>
  can now be customized by passing a cls keyword argument to the
  serializers.serialize() function.

• :class:~django.core.serializers.json.DjangoJSONEncoder now serializes
  :class:~datetime.timedelta objects (used by
  :class:~django.db.models.DurationField).

Templates

• :meth:~django.utils.safestring.mark_safe can now be used as a decorator.

• The :class:~django.template.backends.jinja2.Jinja2 template backend now
  supports context processors by setting the 'context_processors' option in
  :setting:OPTIONS <TEMPLATES-OPTIONS>.

• The :ttag:regroup tag now returns namedtuple\s instead of dictionaries
  so you can unpack the group object directly in a loop, e.g.
  {% for grouper, list in regrouped %}.

• Added a :ttag:resetcycle template tag to allow resetting the sequence of
  the :ttag:cycle template tag.

• You can now specify specific directories for a particular
  :class:filesystem.Loader <django.template.loaders.filesystem.Loader>.

Tests

• Added :meth:.DiscoverRunner.get_test_runner_kwargs to allow customizing the
  keyword arguments passed to the test runner.

• Added the :option:test --debug-mode option to help troubleshoot test
  failures by setting the :setting:DEBUG setting to True.

• The new :func:django.test.utils.setup_databases (moved from
  django.test.runner) and :func:~django.test.utils.teardown_databases
  functions make it easier to build custom test runners.

• Added support for :meth:python:unittest.TestCase.subTest’s when using the
  :option:test --parallel option.

• DiscoverRunner now runs the system checks at the start of a test run.
  Override the :meth:.DiscoverRunner.run_checks method if you want to disable
  that.

Validators

• Added :class:~django.core.validators.FileExtensionValidator to validate
  file extensions and
  :data:~django.core.validators.validate_image_file_extension to validate
  image files.

.. _backwards-incompatible-1.11:

Backwards incompatible changes in 1.11

:mod:django.contrib.gis

• To simplify the codebase and because it's easier to install than when
  contrib.gis was first released, :ref:gdalbuild is now a required
  dependency for GeoDjango. In older versions, it's only required for SQLite.

• contrib.gis.maps is removed as it interfaces with a retired version of
  the Google Maps API and seems to be unmaintained. If you're using it, `let