Skip to content

Bump wagtail from 2.3 to 2.7.2

Marvin Wilke requested to merge dependabot/pip/wagtail-2.7.2 into master

Created by: dependabot[bot]

Bumps wagtail from 2.3 to 2.7.2.

Release notes

Sourced from wagtail's releases.

2.7.2

CVE-2020-11001 - prevent XSS attack via page revision comparison view (Vlad Gerasimenko, Matt Westcott)

2.7.1

  • Fix: Management command startup checks under ManifestStaticFilesStorage no longer fail if collectstatic has not been run first (Alex Tomkins)

2.7

  • Improved StreamField design (Bertrand Bordage)
  • Added WebP image support (frmdstryr, Karl Hobley, Matt Westcott)
  • Added Elasticsearch 7 support (pySilver)
  • Added Python 3.8 support (John Carter, Matt Westcott)
  • Added construct_page_listing_buttons hook (Michael van Tellingen)
  • Added more detailed documentation and troubleshooting for installing OpenCV for feature detection (Daniele Procida)
  • Added Table Block caption for accessibility (Rahmi Pruitt)
  • Move and refactor upgrade notification JS (Jonny Scholes)
  • Add ability to insert internal anchor links/links with fragment identifiers in Draftail (rich text) fields (Iman Syed)
  • Remove need for Elasticsearch update_all_types workaround, upgrade minimum release to 6.4.0 or above (Jonathan Liuti)
  • Add ability for users to change their own name via the account settings page (Kevin Howbrook)
  • Add ability to insert telephone numbers as links in Draftail (rich text) fields (Mikael Engström and Liam Brenner)
  • Increase delay before search in the snippet chooser, to prevent redundant search request round trips (Robert Rollins)
  • Add WAGTAIL_EMAIL_MANAGEMENT_ENABLED setting to determine whether users can change their email address (Janne Alatalo)
  • Recognise Soundcloud artist URLs as embeddable (Kiril Staikov)
  • Add WAGTAILDOCS_SERVE_METHOD setting to determine how document downloads will be linked to and served (Tobias McNulty, Matt Westcott)
  • Add WAGTAIL_MODERATION_ENABLED setting to enable / disable the 'Submit for Moderation' option (Jacob Topp-Mugglestone)
  • Added settings to customise pagination page size for the Images admin area (Brian Whitton)
  • Added ARIA role to TableBlock output (Matt Westcott)
  • Added cache-busting query parameters to static files within the Wagtail admin (Matt Westcott)
  • Allow register_page_action_menu_item and construct_page_action_menu hooks to override the default menu action (Rahmi Pruitt, Matt Westcott)
  • WAGTAILIMAGES_MAX_IMAGE_PIXELS limit now takes the number of animation frames into account (Karl Hobley)
  • Fix: Added line breaks to long filenames on multiple image / document uploader (Kevin Howbrook)
  • Fix: Added https support for Scribd oEmbed provider (Rodrigo)
  • Fix: Changed StreamField group labels color so labels are visible (Catherine Farman)
  • Fix: Prevented images with a very wide aspect ratio from being displayed distorted in the rich text editor (Iman Syed)
  • Fix: Prevent exception when deleting a model with a protected One-to-one relationship (Neal Todd)
  • Fix: Added labels to snippet bulk edit checkboxes for screen reader users (Martey Dodoo)
  • Fix: Middleware responses during page preview are now properly returned to the user (Matt Westcott)
  • Fix: Default text of page links in rich text uses the public page title rather than the admin display title (Andy Chosak)
  • Fix: Specific page permission checks are now enforced when viewing a page revision (Andy Chosak)
  • Fix: pageurl and slugurl tags no longer fail when request.site is None (Samir Shah)
  • Fix: Output form media on add/edit image forms with custom models (Matt Westcott)
  • Fix: Output form media on add/edit document forms with custom models (Sergey Fedoseev)
  • Fix: Layout for the clear checkbox in default FileField widget (Mikalai Radchuk)
  • Fix: Remove ASCII conversion from Postgres search backend, to support stemming in non-Latin alphabets (Pavel Denisov)
  • Fix: Prevent tab labels on page edit view from being cut off on very narrow screens (Kevin Howbrook)
  • Fix: Very long words in page listings are now broken where necessary (Kevin Howbrook)
  • Fix: Language chosen in user preferences no longer persists on subsequent requests (Bojan Mihelac)
  • Fix: Prevent new block IDs from being assigned on repeated calls to StreamBlock.get_prep_value (Colin Klein)
  • Fix: Prevent broken images in notification emails when static files are hosted on a remote domain (Eduard Luca)
  • Fix: Replace styleguide example avatar with default image to avoid issues when custom user model is used (Matt Westcott)
  • Fix: DraftailRichTextArea is no longer treated as a hidden field by Django's form logic (Sergey Fedoseev)
... (truncated)
Changelog

Sourced from wagtail's changelog.

2.7.2 (14.04.2020)


 * Fix: CVE-2020-11001 - prevent XSS attack via page revision comparison view (Vlad Gerasimenko, Matt Westcott)
2.7.1 (08.01.2020)
  • Fix: Management command startup checks under ManifestStaticFilesStorage no longer fail if collectstatic has not been run first (Alex Tomkins)

2.7 LTS (06.11.2019)


 * Improved StreamField design (Bertrand Bordage)
 * Added WebP image support (frmdstryr, Karl Hobley, Matt Westcott)
 * Added Elasticsearch 7 support (pySilver)
 * Added Python 3.8 support (John Carter, Matt Westcott)
 * Added `construct_page_listing_buttons` hook (Michael van Tellingen)
 * Added more detailed documentation and troubleshooting for installing OpenCV for feature detection (Daniele Procida)
 * Added Table Block caption for accessibility (Rahmi Pruitt)
 * Move and refactor upgrade notification JS (Jonny Scholes)
 * Add ability to insert internal anchor links/links with fragment identifiers in Draftail (rich text) fields (Iman Syed)
 * Remove need for Elasticsearch `update_all_types` workaround, upgrade minimum release to 6.4.0 or above (Jonathan Liuti)
 * Add ability for users to change their own name via the account settings page (Kevin Howbrook)
 * Add ability to insert telephone numbers as links in Draftail (rich text) fields (Mikael Engström and Liam Brenner)
 * Increase delay before search in the snippet chooser, to prevent redundant search request round trips (Robert Rollins)
 * Add `WAGTAIL_EMAIL_MANAGEMENT_ENABLED` setting to determine whether users can change their email address (Janne Alatalo)
 * Recognise Soundcloud artist URLs as embeddable (Kiril Staikov)
 * Add `WAGTAILDOCS_SERVE_METHOD` setting to determine how document downloads will be linked to and served (Tobias McNulty, Matt Westcott)
 * Add `WAGTAIL_MODERATION_ENABLED` setting to enable / disable the 'Submit for Moderation' option (Jacob Topp-Mugglestone)
 * Added settings to customise pagination page size for the Images admin area (Brian Whitton)
 * Added ARIA role to TableBlock output (Matt Westcott)
 * Added cache-busting query parameters to static files within the Wagtail admin (Matt Westcott)
 * Allow `register_page_action_menu_item` and `construct_page_action_menu` hooks to override the default menu action (Rahmi Pruitt, Matt Westcott)
 * `WAGTAILIMAGES_MAX_IMAGE_PIXELS` limit now takes the number of animation frames into account (Karl Hobley)
 * Fix: Added line breaks to long filenames on multiple image / document uploader (Kevin Howbrook)
 * Fix: Added https support for Scribd oEmbed provider (Rodrigo)
 * Fix: Changed StreamField group labels color so labels are visible (Catherine Farman)
 * Fix: Prevented images with a very wide aspect ratio from being displayed distorted in the rich text editor (Iman Syed)
 * Fix: Prevent exception when deleting a model with a protected One-to-one relationship (Neal Todd)
 * Fix: Added labels to snippet bulk edit checkboxes for screen reader users (Martey Dodoo)
 * Fix: Middleware responses during page preview are now properly returned to the user (Matt Westcott)
 * Fix: Default text of page links in rich text uses the public page title rather than the admin display title (Andy Chosak)
 * Fix: Specific page permission checks are now enforced when viewing a page revision (Andy Chosak)
 * Fix: `pageurl` and `slugurl` tags no longer fail when `request.site` is `None` (Samir Shah)
 * Fix: Output form media on add/edit image forms with custom models (Matt Westcott)
 * Fix: Output form media on add/edit document forms with custom models (Sergey Fedoseev)
 * Fix: Layout for the clear checkbox in default FileField widget (Mikalai Radchuk)
</tr></table> ... (truncated)
Commits
  • baa4acc Version bump to 2.7.2
  • 55cb4b8 Release notes for 2.7.2
  • 60b1146 Don't mark the translatable string 'None' as safe
  • e4c0a9f Apply proper HTML escaping on StreamField block comparisons
  • 0b1485f Fill in release date for 2.7.1
  • 35e7d3d Release notes for #5694
  • 959d538 Move all usage of versioned_static to media methods (#5694)
  • 8e9cdfc Version bump to 2.7.1
  • 72dcbb6 Version bump to 2.7 final
  • 1914371 Fill in release date for 2.7
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Merge request reports