Update django to 2.0.13
Created by: pyup-bot
This PR updates django from 2.0.3 to 2.0.13.
Changelog
2.0.13
===========================
*February 12, 2019*
Django 2.0.13 fixes a regression in 2.0.12/2.0.11.
Bugfixes
========
* Fixed crash in ``django.utils.numberformat.format_number()`` when the number
has over 200 digits (:ticket:`30177`).
===========================2.0.12
===========================
*February 11, 2019*
Django 2.0.12 fixes a packaging error in 2.0.11.
Bugfixes
========
* Corrected packaging error from 2.0.11 (:ticket:`30175`).
===========================2.0.10
===========================
*January 4, 2019*
Django 2.0.10 fixes a security issue and several bugs in 2.0.9.
CVE-2019-3498: Content spoofing possibility in the default 404 page
-------------------------------------------------------------------
An attacker could craft a malicious URL that could make spoofed content appear
on the default page generated by the ``django.views.defaults.page_not_found()``
view.
The URL path is no longer displayed in the default 404 template and the
``request_path`` context variable is now quoted to fix the issue for custom
templates that use the path.
Bugfixes
========
* Prevented repetitive calls to ``geos_version_tuple()`` in the ``WKBWriter``
class in an attempt to fix a random crash involving ``LooseVersion`` since
Django 2.0.6 (:ticket:`29959`).
* Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and
rebuild your SQLite database if you applied a migration while using an older
version of Django with SQLite 3.26 or later (:ticket:`29182`).
* Prevented SQLite schema alterations while foreign key checks are enabled to
avoid the possibility of schema corruption (:ticket:`30023`).
==========================2.0.9
==========================
*October 1, 2018*
Django 2.0.9 fixes a data loss bug in 2.0.8.
Bugfixes
========
* Fixed a race condition in ``QuerySet.update_or_create()`` that could result
in data loss (:ticket:`29499`).
==========================2.0.8
==========================
*August 1, 2018*
Django 2.0.8 fixes a security issue and several bugs in 2.0.7.
CVE-2018-14574: Open redirect possibility in ``CommonMiddleware``
=================================================================
If the :class:`~django.middleware.common.CommonMiddleware` and the
:setting:`APPEND_SLASH` setting are both enabled, and if the project has a
URL pattern that accepts any path ending in a slash (many content management
systems have such a pattern), then a request to a maliciously crafted URL of
that site could lead to a redirect to another site, enabling phishing and other
attacks.
``CommonMiddleware`` now escapes leading slashes to prevent redirects to other
domains.
Bugfixes
========
* Fixed a regression in Django 2.0.7 that broke the ``regex`` lookup on MariaDB
(even though MariaDB isn't officially supported) (:ticket:`29544`).
* Fixed a regression where ``django.template.Template`` crashed if the
``template_string`` argument is lazy (:ticket:`29617`).
==========================2.0.7
==========================
*July 2, 2018*
Django 2.0.7 fixes several bugs in 2.0.6.
Bugfixes
========
* Fixed admin changelist crash when using a query expression without ``asc()``
or ``desc()`` in the page's ordering (:ticket:`29428`).
* Fixed admin check crash when using a query expression in
``ModelAdmin.ordering`` (:ticket:`29428`).
* Fixed ``__regex`` and ``__iregex`` lookups with MySQL 8 (:ticket:`29451`).
* Fixed migrations crash with namespace packages on Python 3.7
(:ticket:`28814`).
==========================2.0.6
==========================
*June 1, 2018*
Django 2.0.6 fixes several bugs in 2.0.5.
Bugfixes
========
* Fixed a regression that broke custom template filters that use decorators
(:ticket:`29400`).
* Fixed detection of custom URL converters in included patterns
(:ticket:`29415`).
* Fixed a regression that added an unnecessary subquery to the ``GROUP BY``
clause on MySQL when using a ``RawSQL`` annotation (:ticket:`29416`).
* Fixed ``WKBWriter.write()`` and ``write_hex()`` for empty polygons on
GEOS 3.6.1+ (:ticket:`29460`).
* Fixed a regression in Django 1.10 that could result in large memory usage
when making edits using ``ModelAdmin.list_editable`` (:ticket:`28462`).
==========================2.0.5
==========================
*May 1, 2018*
Django 2.0.5 fixes several bugs in 2.0.4.
Bugfixes
========
* Corrected the import paths that ``inspectdb`` generates for
``django.contrib.postgres`` fields (:ticket:`29307`).
* Fixed a regression in Django 1.11.8 where altering a field with a unique
constraint may drop and rebuild more foreign keys than necessary
(:ticket:`29193`).
* Fixed crashes in ``django.contrib.admindocs`` when a view is a callable
object, such as ``django.contrib.syndication.views.Feed`` (:ticket:`29296`).
* Fixed a regression in Django 2.0.4 where ``QuerySet.values()`` or
``values_list()`` after combining an annotated and unannotated queryset with
``union()``, ``difference()``, or ``intersection()`` crashed due to mismatching
columns (:ticket:`29286`).
==========================2.0.4
==========================
*April 2, 2018*
Django 2.0.4 fixes several bugs in 2.0.3.
Bugfixes
========
* Fixed a crash when filtering with an ``Exists()`` annotation of a queryset
containing a single field (:ticket:`29195`).
* Fixed admin autocomplete widget's translations for `zh-hans` and `zh-hant`
languages (:ticket:`29213`).
* Corrected admin's autocomplete widget to add a space after custom classes
(:ticket:`29221`).
* Fixed ``PasswordResetConfirmView`` crash when using a user model with a
``UUIDField`` primary key and the reset URL contains an encoded primary key
value that decodes to an invalid UUID (:ticket:`29206`).
* Fixed a regression in Django 1.11.8 where combining two annotated
``values_list()`` querysets with ``union()``, ``difference()``, or
``intersection()`` crashed due to mismatching columns (:ticket:`29229`).
* Fixed a regression in Django 1.11 where an empty choice could be initially
selected for the ``SelectMultiple`` and ``CheckboxSelectMultiple`` widgets
(:ticket:`29273`).
* Fixed a regression in Django 2.0 where ``OpenLayersWidget`` deserialization
ignored the widget map's SRID and assumed 4326 (WGS84) (:ticket:`29116`).
==========================Links
- PyPI: https://pypi.org/project/django
- Changelog: https://pyup.io/changelogs/django/
- Homepage: https://www.djangoproject.com/