Skip to content

Bump django-filter from 2.3.0 to 25.1 #683

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

Bump django-filter from 2.3.0 to 25.1 #683

dependabot wants to merge 7 commits into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jul 1, 2025
edited
Loading

Bumps django-filter from 2.3.0 to 25.1.

Release notes

Sourced from django-filter's releases.

23.1

No release notes provided.

22.1

No release notes provided.

21.1

No release notes provided.

Version 2.4.0

  • SECURITY: Added a MaxValueValidator to the form field for NumberFilter. This prevents a potential DoS attack if numbers with very large exponents were subsequently converted to integers.

    The default limit value for the validator is 1e50.

    The new NumberFilter.get_max_validator() allows customising the used validator, and may return None to disable the validation entirely.

  • Added testing against Django 3.1 and Python 3.9.

    In addition tests against Django main development branch are now required to pass.

Changelog

Sourced from django-filter's changelog.

Version 25.1 (2025-02-14)

  • Removed the in-built API schema generation methods, which have been deprecated since v23.2.

    You should use drf-spectacular <https://drf-spectacular.readthedocs.io/en/latest/>_ for generating OpenAPI schemas with DRF.

  • Dropped support for EOL Python 3.8.

  • Added testing against Python 3.13.

  • Added official support for Django 5.2.

Version 24.3 (2024-08-02)

  • Adds official support for Django 5.1.

  • Allow using dictionaries for grouped choices on Django 5.0+.

    Thanks to Sævar Öfjörð Magnússon.

  • Adds unknown_field_behavior FilterSet option to allowing warning and ignore behaviours for unknown field types during FilterSet generation.

    Thanks to Loes.

Version 24.2 (2024-03-27)

  • Fixed a regression in v23.4 where callable choices were incorrectly evaluated at filter instantiation, on Django versions prior to 5.0.

    Thanks to Craig de Stigter for the report and reproduce.

Version 24.1 (2024-03-08)

  • Updated supported Python and Django versions, and resolved upcoming Django deprecations.

    Required versions are now at least Python 3.8 and Django 4.2.

    Thanks to Michael Manganiello.

  • Allowed passing a FilterSet class to the filterset_factory().

    Thanks to Birger Schacht.

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

matthew-li and others added 6 commits April 16, 2025 08:23
@matthew-li
Update GitHub Actions build base
683ff36
@matthew-li
Merge branch 'develop'
ef7adbd
@matthew-li
Merge branch 'develop'
55376f4
@matthew-li
Merge branch 'develop'
a73ba72
@helbashandy
Create dependabot.yml (#680)
f56051e 
* Create dependabot.yml

* Update dependabot.yml

* Update django_testing_ci.yml
@dependabot
Bump django-filter from 2.3.0 to 25.1
856ddc0 
Bumps [django-filter](https://github.com/carltongibson/django-filter) from 2.3.0 to 25.1.
- [Release notes](https://github.com/carltongibson/django-filter/releases)
- [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst)
- [Commits](carltongibson/django-filter@2.3.0...25.1)

---
updated-dependencies:
- dependency-name: django-filter
  dependency-version: '25.1'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 1, 2025
@matthew-li matthew-li changed the base branch from master to develop July 7, 2025 17:52
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 13, 2025

A newer version of django-filter exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matthew-li @helbashandy