Bump django-csp from 3.7 to 3.8 #11977

dependabot · 2024-03-04T06:32:50Z

Bumps django-csp from 3.7 to 3.8.

Release notes

Sourced from [django-csp's releases](https://github.com/mozilla/django-csp/releases).

3.8

Please note that 3.8 is Python-code-identical to 3.8rc1, and there were no regressions or problems noted or reported with 3.8rc0 nor 3.8rc1

django-csp lives!

It's been more than a year since the last release and the project needed some refreshing before we can move forward with it.

This release aims to be functionally equivalent to 3.7, but with formal support for more modern Django and Python versions, all the way up to Django 5 on Python 3.12

Please see [https://github.com/mozilla/django-csp/blob/main/CHANGES](https://github.com/mozilla/django-csp/blob/main/CHANGES) for a short summary of changes.

Feedback and bug reports are very welcome. 🙇‍♂️

What's Changed

Update installation.rst by @Jesus805 in [Update installation.rst mozilla/django-csp#163](https://redirect.github.com/Update installation.rst mozilla/django-csp#163)

Fix 164 migrate ci by @g-k in [Fix 164 migrate ci mozilla/django-csp#165](https://redirect.github.com/Fix 164 migrate ci mozilla/django-csp#165)

Update test configuration to cover up to Py3.9 and Django 3.2 by @mkoistinen in [Update test configuration to cover up to Py3.9 and Django 3.2 mozilla/django-csp#172](https://redirect.github.com/Update test configuration to cover up to Py3.9 and Django 3.2 mozilla/django-csp#172)

Remove deprecation warning for child-src by @rik in [Remove deprecation warning for child-src mozilla/django-csp#154](https://redirect.github.com/Remove deprecation warning for child-src mozilla/django-csp#154)

add project_urls to setup.py by @pawl in [add project_urls to setup.py mozilla/django-csp#171](https://redirect.github.com/add project_urls to setup.py mozilla/django-csp#171)

Drop old Django and Python versions by @g-k in [Drop old Django and Python versions mozilla/django-csp#175](https://redirect.github.com/Drop old Django and Python versions mozilla/django-csp#175)

rename default branch by @g-k in [rename default branch mozilla/django-csp#176](https://redirect.github.com/rename default branch mozilla/django-csp#176)

Update CI badge to CircleCI by @g-k in [Update CI badge to CircleCI mozilla/django-csp#177](https://redirect.github.com/Update CI badge to CircleCI mozilla/django-csp#177)

fix unwrap script re by @g-k in [fix unwrap script re mozilla/django-csp#178](https://redirect.github.com/fix unwrap script re mozilla/django-csp#178)

Tweak configuration docs by @jaap3 in [Tweak configuration docs mozilla/django-csp#146](https://redirect.github.com/Tweak configuration docs mozilla/django-csp#146)

docs: add note about nonce value visibility by @g-k in [docs: add note about nonce value visibility mozilla/django-csp#180](https://redirect.github.com/docs: add note about nonce value visibility mozilla/django-csp#180)

[making headers consistent x-browser – closes #167 #182](https://redirect.github.com/CSP_INCLUDE_NONCE_IN not working? mozilla/django-csp#182) Update docs to clarify when nonce will not be added to headers by @DylanYoung in [GH-182 Update docs to clarify when nonce will not be added to headers mozilla/django-csp#185](https://redirect.github.com/GH-182 Update docs to clarify when nonce will not be added to headers mozilla/django-csp#185)

Remove outdated docs reference to MIDDLEWARE_CLASSES by @mlazar-endear in [Remove outdated docs reference to MIDDLEWARE_CLASSES mozilla/django-csp#193](https://redirect.github.com/Remove outdated docs reference to MIDDLEWARE_CLASSES mozilla/django-csp#193)

updating csp_replace decorator doc by @chestnutcone in [updating csp_replace decorator doc mozilla/django-csp#183](https://redirect.github.com/updating csp_replace decorator doc mozilla/django-csp#183)

Wrap the test install with quotes. by @tim-schilling in [Wrap the test install with quotes. mozilla/django-csp#200](https://redirect.github.com/Wrap the test install with quotes. mozilla/django-csp#200)

Reawaken development by @stevejalim in [Reawaken development mozilla/django-csp#204](https://redirect.github.com/Reawaken development mozilla/django-csp#204)

Add readthedocs config and slightly update Sphinx config by @stevejalim in [Add readthedocs config and slightly update Sphinx config mozilla/django-csp#205](https://redirect.github.com/Add readthedocs config and slightly update Sphinx config mozilla/django-csp#205)

Ensure docs building has access to django_csp itself by @stevejalim in [Ensure docs building has access to django_csp itself mozilla/django-csp#206](https://redirect.github.com/Ensure docs building has access to django_csp itself mozilla/django-csp#206)

Add Sphinx RTD theme by @stevejalim in [Add Sphinx RTD theme mozilla/django-csp#207](https://redirect.github.com/Add Sphinx RTD theme mozilla/django-csp#207)

Improve themeing in RTD by @stevejalim in [Improve themeing in RTD mozilla/django-csp#208](https://redirect.github.com/Improve themeing in RTD mozilla/django-csp#208)

Update settings documentation to move deprecated-within-csp settings to their own section, at the bottom by @stevejalim in [Update settings documentation to move deprecated-within-csp settings to their own section, at the bottom mozilla/django-csp#210](https://redirect.github.com/Update settings documentation to move deprecated-within-csp settings to their own section, at the bottom mozilla/django-csp#210)

MiddlewareMixin is always present in django>=3.2 by @asottile-sentry in [MiddlewareMixin is always present in django>=3.2 mozilla/django-csp#211](https://redirect.github.com/MiddlewareMixin is always present in django>=3.2 mozilla/django-csp#211)

Bring codebase up to modern Python using pyupgrade by @stevejalim in [Bring codebase up to modern Python using pyupgrade mozilla/django-csp#213](https://redirect.github.com/Bring codebase up to modern Python using pyupgrade mozilla/django-csp#213)

Update GH actions helpers to use Node 20-based versions by @stevejalim in [Update GH actions helpers to use Node 20-based versions mozilla/django-csp#214](https://redirect.github.com/Update GH actions helpers to use Node 20-based versions mozilla/django-csp#214)

Prepare for 3.8rc release by @stevejalim in [Prepare for 3.8rc release mozilla/django-csp#215](https://redirect.github.com/Prepare for 3.8rc release mozilla/django-csp#215)

Tomlify setup.py by @hmpf in [Tomlify setup.py mozilla/django-csp#216](https://redirect.github.com/Tomlify setup.py mozilla/django-csp#216)

Prepare for 3.8 final release by @stevejalim in [Prepare for 3.8 final release mozilla/django-csp#217](https://redirect.github.com/Prepare for 3.8 final release mozilla/django-csp#217)

New Contributors

@Jesus805 made their first contribution in [Update installation.rst mozilla/django-csp#163](https://redirect.github.com/Update installation.rst mozilla/django-csp#163)

@mkoistinen made their first contribution in [Update test configuration to cover up to Py3.9 and Django 3.2 mozilla/django-csp#172](https://redirect.github.com/Update test configuration to cover up to Py3.9 and Django 3.2 mozilla/django-csp#172)

@pawl made their first contribution in [add project_urls to setup.py mozilla/django-csp#171](https://redirect.github.com/add project_urls to setup.py mozilla/django-csp#171)

@DylanYoung made their first contribution in [GH-182 Update docs to clarify when nonce will not be added to headers mozilla/django-csp#185](https://redirect.github.com/GH-182 Update docs to clarify when nonce will not be added to headers mozilla/django-csp#185)

@mlazar-endear made their first contribution in [Remove outdated docs reference to MIDDLEWARE_CLASSES mozilla/django-csp#193](https://redirect.github.com/Remove outdated docs reference to MIDDLEWARE_CLASSES mozilla/django-csp#193)

@chestnutcone made their first contribution in [updating csp_replace decorator doc mozilla/django-csp#183](https://redirect.github.com/updating csp_replace decorator doc mozilla/django-csp#183)

... (truncated)

Changelog

Sourced from [django-csp's changelog](https://github.com/mozilla/django-csp/blob/main/CHANGES).

3.8

Please note: this release folds in a number of fixups, upgrades and documentation tweaks, but is functionally the same as 3.7. New features will come with 3.9+

Update Python syntax for modern versions with pyupgrade

Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12

Switch to ruff instead of pep8 and flake8

Move from CircleCI to Github Actions for CI

Add support for using pre-commit with the project

Remove deprecation warning for child-src

Fix capturing brackets in script template tags

Update docs to clarify when nonce will not be added to headers

Move from setup.py and setup.cfg to pyproject.toml ([closes #174 #209](https://redirect.github.com/Move project to pyproject.toml mozilla/django-csp#209))

Note: identical other than release packaging to 3.8rc1

3.8rc1

Move from setup.py and setup.cfg to pyproject.toml ([closes #174 #209](https://redirect.github.com/Move project to pyproject.toml mozilla/django-csp#209))

3.8rc

Please note: this release folds in a number of fixups, upgrades and documentation tweaks, but is functionally the same as 3.7. New features will come with 3.9+

Update Python syntax for modern versions with pyupgrade

Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12

Switch to ruff instead of pep8 and flake8

Move from CircleCI to Github Actions for CI

Add support for using pre-commit with the project

Remove deprecation warning for child-src

Fix capturing brackets in script template tags

Update docs to clarify when nonce will not be added to headers

Commits

4899179 Prepare for 3.8 final release
684b12a Prepare for 3.8rc1 release - just one packaging change
b1dd37e Tomlify setup.py ([Enable adding new Opportunities pages #216](https://redirect.github.com/Tomlify setup.py mozilla/django-csp#216))
7200b16 Prepare for 3.8rc release ([Add className and margin style to subpageHero #215](https://redirect.github.com/Prepare for 3.8rc release mozilla/django-csp#215))
4be512c Update GH actions helpers to use Node 20-based versions ([Change hamburger margin on small devices #214](https://redirect.github.com/Update GH actions helpers to use Node 20-based versions mozilla/django-csp#214))
371da46 Bring codebase up to modern Python using pyupgrade ([Simply font sizing adjustments for mobile #213](https://redirect.github.com/Bring codebase up to modern Python using pyupgrade mozilla/django-csp#213))
9698258 MiddlewareMixin is always present in django>=3.2
12116dc Update settings documentation to move deprecated-within-csp settings to their...
61f3124 Update README.rst
58113ef Fix sphinx theme installation ([closes #178 #208](https://redirect.github.com/Improve themeing in RTD mozilla/django-csp#208))
Additional commits viewable in [compare view](https://github.com/mozilla/django-csp/compare/3.7...3.8)

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

┆Issue is synchronized with this Jira Task

robdivincenzo · 2024-05-07T12:04:37Z

@dependabot rebase

Bumps [django-csp](https://github.com/mozilla/django-csp) from 3.7 to 3.8. - [Release notes](https://github.com/mozilla/django-csp/releases) - [Changelog](https://github.com/mozilla/django-csp/blob/main/CHANGES) - [Commits](mozilla/django-csp@3.7...3.8) --- updated-dependencies: - dependency-name: django-csp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

data-sync-user · 2024-06-03T18:54:38Z

➤ Simon Acosta Torres commented:

PR has already been merged.

dependabot bot added backend dependencies Pull requests that update a dependency file engineering labels Mar 4, 2024

dependabot bot force-pushed the dependabot/pip/django-csp-3.8 branch 3 times, most recently from de201be to 1953c60 Compare March 12, 2024 16:33

dependabot bot force-pushed the dependabot/pip/django-csp-3.8 branch 8 times, most recently from c070df7 to d15ef0e Compare March 21, 2024 19:25

dependabot bot force-pushed the dependabot/pip/django-csp-3.8 branch from d15ef0e to 47f2a44 Compare May 7, 2024 12:07

robdivincenzo self-requested a review May 7, 2024 12:08

robdivincenzo approved these changes May 7, 2024

View reviewed changes

robdivincenzo merged commit 7dd58e4 into main May 7, 2024
6 checks passed

robdivincenzo deleted the dependabot/pip/django-csp-3.8 branch May 7, 2024 12:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump django-csp from 3.7 to 3.8 #11977

Bump django-csp from 3.7 to 3.8 #11977

dependabot bot commented on behalf of github Mar 4, 2024 •

edited by data-sync-user

Loading

robdivincenzo commented May 7, 2024

data-sync-user commented Jun 3, 2024

Bump django-csp from 3.7 to 3.8 #11977

Bump django-csp from 3.7 to 3.8 #11977

Conversation

dependabot bot commented on behalf of github Mar 4, 2024 • edited by data-sync-user Loading

3.8

django-csp lives!

What's Changed

New Contributors

3.8

3.8rc1

3.8rc

robdivincenzo commented May 7, 2024

data-sync-user commented Jun 3, 2024

dependabot bot commented on behalf of github Mar 4, 2024 •

edited by data-sync-user

Loading

`django-csp` lives!