Skip to content

Bump mezzanine from 4.2.3 to 6.1.1 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump mezzanine from 4.2.3 to 6.1.1 #6

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 17, 2025

Bumps mezzanine from 4.2.3 to 6.1.1.

Release notes

Sourced from mezzanine's releases.

v6.1.1

6.1.1 (2025-06-04)

Bug Fixes

  • [security] fix XSS in admin (898630d)

v6.1.0

6.1.0 (2025-04-06)

Bug Fixes

  • Changing ANTIALIAS to LANCZOS in thumbnail() Fixes #2065 (0c93a0b)
  • replace pkg_resources with importlib.metadata and requirements-parser (fa37fe9)

Features

  • support Pillow >= 10 and Python 12 (112540b)

v6.0.1

6.0.1 (2025-04-02)

Bug Fixes

  • fix frozenset + list and unsupport styles parameter (#2059)
  • set pillow dependency under v10 as the "ANTIALIAS" attribute is removed in v10 (e1c41c1)

Other Changes

  • add support for Django 4.1 and 4.2
  • add support for Python 3.11
  • remove official support and testing for Python 3.7

v6.0.0

6.0.0 (2022-05-12)

Code Refactoring

  • drop support for Python 3.6 (fe094f5)

BREAKING CHANGES

... (truncated)

Changelog

Sourced from mezzanine's changelog.

Version 5.0 and newer

Please refer to the GitHub Releases Page <https://github.com/stephenmcd/mezzanine/releases>_.

Version 4.3.1 (Aug 08, 2018)

Version 4.3.0 (Jun 15, 2018)

  • Added explicit on_delete arguments for all ForeignKey models - Samir Shah
  • Only generate thumbnails in RichText when absolute width/height used. Closes #1748 - Stephen McDonald
  • Removed null attribute from slug CharField - Samir Shah
  • Converted all template.render calls to pass a dict instead of a Context object - Samir Shah
  • Fixed MezzanineBackend.authenticate backend to accept a request argument, added in Django 1.11 - Samir Shah
  • Fixed test_multiple_comment_forms to be agnostic of the order of HTML attributes - Samir Shah
  • Altered annotation behaviour of search results. Previously this was done implicitly in the SearchQuerySet.iterator() method,. which Django would call internally when evaluating the queryset. Django 1.11 changed its behaviour to use a ModelIterator class instead of. just calling iterator() on the queryset. Rather than suppy a custom. ModelIterator, we just make the annotate explicit - Samir Shah
  • Updated setup and test configuration to include Django 1.11 - Samir Shah
  • password reset: 'http' -> request.schema. This fixes a potential security vulnerability in which the password. reset url is exposed to untrusted intermediary nodes in the network. Thanks to John Barham for reporting. See. <https://groups.google.com/forum/?_escaped_fragment_=topic/mezzanine-users/KaDzCzCJDPM#!topic/mezzanine-users/KaDzCzCJDPM> - ryneeverett
  • Add explicit on_delete arguments to foreign keys in migrations - Samir Shah
  • Use TextField for Field.label and Field.help_text. Fixes #1753. Now length limits for user-defined labels and help_texts are enforced in the admin instead of the DB, which should prevent any further migrations - Eduardo Rivas
  • Get rid of max_length settings for mezzanine.forms - Eduardo Rivas
  • Timezone aware blog months. From [the mailing. list](https://groups.google.com/forum/#!topic/mezzanine-users/W1HNoqj1ZHI): Quoting Luke Addison (2017-04-30 21:20:09). > When USE_TZ is set to True,. > mezzanine.blog.templatetags.blog_tags.blog_months pulls the month and year. > from an array of timezone aware datatime objects but uses them to create an. > array of timezone unaware datatime objects which is the used to create the. > month_dicts return value. This seems like a bug to me. >. > For example, if a UTC time is stored in the database less than an hour. > before the end of a month, and then this tag is used with timezone. > Europe/London (UTC+1 currently) then wouldn't this tag return the pervious. > month instead of the current month? - ryneeverett
  • Test and simplify blog_months - ryneeverett
  • Weigh search results by age. Weigh search results by their age by default. Add a new setting,. SEARCH_AGE_SCALE_FACTOR, controlling how much emphasis to put on the. age when ranking results (set this to 0 to revert to the old behavior) - Simen Heggestøyl
  • Split dev and prod ALLOWED_HOSTS. Django started checking ALLOWED_HOSTS when DEBUG=True a few releases back. See https://www.djangoproject.com/weblog/2016/nov/01/security-releases/#s-cve-2016-9014-dns-rebinding-vulnerability-when-debug-true - Ed Rivas
  • Update docs related to ALLOWED_HOSTS - Ed Rivas
  • Fix the old url parsing in import wordpress - Karim N Gorjux
  • Use Django's six module - Stephen McDonald
  • Don't warn Mezzanine about itself - Stephen McDonald
  • Looser check for LocalMiddleware. Closes #1621 - Stephen McDonald
  • Modified the blog homepage pattern to a working version. Added import it requires - Ville Ranki
  • Remove explicit show_banner argument from inner_run. This broke --noreload for me. When called from https://github.com/django/django/blob/master/django/core/management/commands/runserver.py#L107, if **options contains a show_banner arg (which, seemingly, is set just above in add_arguments), this throws a "Got multiple values for argument" TypeError - Kevin Shen
  • Handle MIDDLEWARE_CLASSES -> MIDDLEWARE - Stephen McDonald
  • Don't use lazy static loading when Django's ManifestStaticFilesStorage is configured. Closes #1772 - Stephen McDonald
  • Link to Pillow docs for dependencies - Stephen McDonald
  • Adding new site to site list. Adding "The National: New Australian Art" to the site list. https://the-national.com.au - pegl
  • Doesn't convert JPG/JPEG images to RGBA. resolve #1781 - Bruno Barbosa
  • Remove all device-detection features - Eduardo Rivas
  • Remove mentions of device handling from docs - Eduardo Rivas
  • Use template loaders instead of middlware for host-based template swapping - Eduardo Rivas
  • Add docs on upgrading from TemplateForHostMiddleware - Eduardo Rivas
  • Create __init__.py so Python can find directory - Dylan Peter Hayward
  • Properly parse positional args. As demonstrated by using call_command, the positional args not. processed. This may be a left-over from optarg migration. Usage property is no longer necessary - Melvyn Sopacua
  • Fix build fail while in here - Melvyn Sopacua

... (truncated)

Commits
  • 898630d fix: [security] fix XSS in admin
  • 2454734 style: fix some linting issues
  • fa37fe9 fix: replace pkg_resources with importlib.metadata and requirements-parser
  • 112540b feat: support Pillow >= 10 and Python 12
  • 0c93a0b fix: Changing ANTIALIAS to LANCZOS in thumbnail() Fixes #2065
  • 52cf68c fix: remove support for Python 3.12 as it is not compatible with Pillow 9.5
  • 02dd3b3 chore: remove official support and testing for Python 3.7
  • e1c41c1 fix: set pillow dependency under v10 as the "ANTIALIAS" attribute is removed ...
  • be01d6a chore: upgrade github actions dependencies
  • c0d8340 chore: add support for Django 4.2 and Python 3.11 and 3.12
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump mezzanine from 4.2.3 to 6.1.1
14ff7d7 
Bumps [mezzanine](https://github.com/stephenmcd/mezzanine) from 4.2.3 to 6.1.1.
- [Release notes](https://github.com/stephenmcd/mezzanine/releases)
- [Changelog](https://github.com/stephenmcd/mezzanine/blob/master/CHANGELOG)
- [Commits](stephenmcd/mezzanine@v4.2.3...v6.1.1)

---
updated-dependencies:
- dependency-name: mezzanine
  dependency-version: 6.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants