- Dec 18, 2024
-
-
Fredrik Jonsson authored
Update referrer-policy to strict-origin-when-cross-origin, remove django-referrer-policy packages, built in to Django 3 and later (#4296)
-
- Dec 16, 2024
-
-
Fredrik Jonsson authored
They were used with the old way we handled comment editing.
-
Saurabh Kumar authored
Allow for better type hints when working with editors that support it. I'm using Zed with pywright linter. Recently, some type hints were added to the project. This help catch issues against the django default types and any custom types that are added to this codebase. This doesn't add any runtime overhead. This PR also these patch versions of these dependencies - Updated anyio v4.6.2.post1 -> v4.7.0 - Updated boto3 v1.35.76 -> v1.35.79 - Updated botocore v1.35.76 -> v1.35.79 - Updated coverage v7.6.8 -> v7.6.9 - Updated django-select2 v8.2.1 -> v8.2.3 - Updated httpx v0.28.0 -> v0.28.1 - Updated mkdocs-material v9.5.47 -> v9.5.48 - Updated numpy v2.1.3 -> v2.2.0 - Updated sentry-sdk v2.19.0 -> v2.19.2 - Updated sqlparse v0.5.2 -> v0.5.3 https://github.com/typeddjango/django-stubs
-
- Dec 06, 2024
-
-
Fredrik Jonsson authored
The flow to update are as follow: 1. Run `uv tree -d 1 --outdated` to get list of packages with updates. 2. Update the package version in `pyproject.toml` 3. Run `uv sync`, this will install all the new packages and sync the `uv.lock` file. * The command will alert of any dependency conflicts, you need to resolve these. 4. Run `pre-commit run --all-files`, this will run the `uv` commands needed to update all the requirements* files. (Info is taken from the `uv.lock` file so it must be updated before this step.)
-
- Dec 05, 2024
-
-
Saurabh Kumar authored
- Use frozen dependencies with hashes to ensure reproducible dependency installation in a secure way. - Uses `uv` and pre-commit to automatically generate the locked requirements files from pyproject.toml. - While the translation dependencies can be installed directly with `uv`, uv doesn’t seem to be able to add `--find-link=…` to the exported `requirements/translate.txt`, for that reason the translation dependencies are left as they are and won’t be automatically exported via pre-commit. - So whenever `uv lock —upgrade` is run, it will freeze the latest patch versions. - The production dependencies are specified with a `~` which means `>=` at the last digit of requirements. - The dev dependencies have `>=` to make them easy to update, if something breaks in dev either fix it or go back to the old frozen dependencies. - Moved generated dependencies in requirements/ folder. - Use `--no-deps` where applicable while installing these generated requirements as the sub-dependencies are already resolved.
-