Update django-debug-toolbar to 3.2.3

[pyup-bot]

This PR updates django-debug-toolbar from 2.2 to 3.2.3.

Changelog

3.2.3

------------------

* Changed cache monkey-patching for Django 3.2+ to iterate over existing
caches and patch them individually rather than attempting to patch
``django.core.caches`` as a whole. The ``middleware.cache`` is still
being patched as a whole in order to attempt to catch any cache
usages before ``enable_instrumentation`` is called.
* Add check ``W006`` to warn that the toolbar is incompatible with
``TEMPLATES`` settings configurations with ``APP_DIRS`` set to ``False``.
* Create ``urls`` module and update documentation to no longer require
importing the toolbar package.

3.2.2

------------------

* Ensured that the handle stays within bounds when resizing the window.
* Disabled ``HistoryPanel`` when ``RENDER_PANELS`` is ``True``
or if ``RENDER_PANELS`` is ``None`` and the WSGI container is
running with multiple processes.
* Fixed ``RENDER_PANELS`` functionality so that when ``True`` panels are
rendered during the request and not loaded asynchronously.
* HistoryPanel now shows status codes of responses.
* Support ``request.urlconf`` override when checking for toolbar requests.

3.2.1

------------------

* Fixed SQL Injection vulnerability, CVE-2021-30459. The toolbar now
calculates a signature on all fields for the SQL select, explain,
and analyze forms.
* Changed ``djdt.cookie.set()`` to set ``sameSite=Lax`` by default if
callers do not provide a value.
* Added ``PRETTIFY_SQL`` configuration option to support controlling
SQL token grouping. By default it's set to True. When set to False,
a performance improvement can be seen by the SQL panel.
* Added a JavaScript event when a panel loads of the format
``djdt.panel.[PanelId]`` where PanelId is the ``panel_id`` property
of the panel's Python class. Listening for this event corrects the bug
in the Timer Panel in which it didn't insert the browser timings
after switching requests in the History Panel.
* Fixed issue with the toolbar expecting URL paths to start with
``/__debug__/`` while the documentation indicates it's not required.

3.2

----------------

* Moved CI to GitHub Actions: https://github.com/jazzband/django-debug-toolbar/actions
* Stopped crashing when ``request.GET`` and ``request.POST`` are
dictionaries instead of ``QueryDict`` instances. This isn't a valid
use of Django but django-debug-toolbar shouldn't crash anyway.
* Fixed a crash in the history panel when sending a  JSON POST request
with invalid JSON.
* Added missing signals to the signals panel by default.
* Documented how to avoid CORS errors now that we're using JavaScript
modules.
* Verified support for Python 3.9.
* Added a ``css`` and a ``js`` template block to
``debug_toolbar/base.html`` to allow overriding CSS and JS.

3.2a1

------------------

* Fixed a regression where the JavaScript code crashed with an invalid
CSS selector when searching for an element to replace.
* Replaced remaining images with CSS.
* Continued refactoring the HTML and CSS code for simplicity, continued
improving the use of semantic HTML.
* Stopped caring about prehistoric browsers for good. Started splitting
up the JavaScript code to take advantage of JavaScript modules.
* Continued removing unused CSS.
* Started running Selenium tests on Travis CI.
* Added a system check which prevents using django-debug-toolbar without
any enabled panels.
* Added :meth:`Panel.run_checks() <debug_toolbar.panels.Panel.run_checks>` for
panels to verify the configuration before the application starts.
* Validate the static file paths specified in ``STATICFILES_DIRS``
exist via :class:`~debug_toolbar.panels.staticfiles.StaticFilesPanel`
* Introduced `prettier <https://prettier.io/>`__ to format the frontend
code.
* Started accessing history views using GET requests since they do not
change state on the server.
* Fixed a bug where unsuccessful requests (e.g. network errors) were
silently ignored.
* Started spellchecking the documentation.
* Removed calls to the deprecated ``request.is_ajax()`` method. These calls
were unnecessary now that most endpoints return JSON anyway.
* Removed support for Python 3.5.

3.1

----------------

* Fixed a crash in the history panel when sending an empty JSON POST
request.
* Made ``make example`` also set up the database and a superuser
account.
* Added a Makefile target for regenerating the django-debug-toolbar
screenshot.
* Added automatic escaping of panel titles resp. disallowed HTML tags.
* Removed some CSS
* Restructured the SQL stats template.
* Changed command line examples to prefer ``python -m pip`` to ``pip``.

3.0

----------------

* Added an ``.editorconfig`` file specifying indentation rules etc.
* Updated the Italian translation.
* Added support for Django 3.1a1. ``fetch()`` and ``jQuery.ajax`` requests are
now detected by the absence of a ``Accept: text/html`` header instead of the
jQuery-specific ``X-Requested-With`` header on Django 3.1 or better.
* Pruned unused CSS and removed hacks for ancient browsers.
* Added the new :attr:`Panel.scripts <debug_toolbar.panels.Panel.scripts>`
property. This property should return a list of JavaScript resources to be
loaded in the browser when displaying the panel. Right now, this is used by a
single panel, the Timer panel. Third party panels can use this property to
add scripts rather then embedding them in the content HTML.
* Switched from JSHint to ESLint. Added an ESLint job to the Travis CI matrix.
* Debug toolbar state which is only needed in the JavaScript code now uses
``localStorage``.
* Updated the code to avoid a few deprecation warnings and resource warnings.
* Started loading JavaScript as ES6 modules.
* Added support for :meth:`cache.touch() <django.core.caches.cache.touch>` when
using django-debug-toolbar.
* Eliminated more inline CSS.
* Updated ``tox.ini`` and ``Makefile`` to use isort>=5.
* Increased RESULTS_CACHE_SIZE to 25 to better support AJAX requests.
* Fixed the close button CSS by explicitly specifying the
``box-sizing`` property.
* Simplified the ``isort`` configuration by taking advantage of isort's
``black`` profile.
* Added :class:`~debug_toolbar.panels.history.HistoryPanel` including support
for AJAX requests.

**Backwards incompatible changes**
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Loading panel content no longer executes the scripts elements embedded in the
HTML. Third party panels that require JavaScript resources should now use the
:attr:`Panel.scripts <debug_toolbar.panels.Panel.scripts>` property.
* Removed support for end of life Django 1.11. The minimum supported Django is
now 2.2.
* The Debug Toolbar now loads a `JavaScript module`_. Typical local development
using Django ``runserver`` is not impacted. However, if your application
server and static files server are at different origins, you may see CORS
errors in your browser's development console. See the "Cross-Origin Request
Blocked" section of the :doc:`installation docs <installation>` for details
on how to resolve this issue.

.. _JavaScript module: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules

Links

• PyPI: https://pypi.org/project/django-debug-toolbar
• Changelog: https://pyup.io/changelogs/django-debug-toolbar/
• Repo: https://github.com/jazzband/django-debug-toolbar