Update django to 3.1.7

[pyup-bot]

This PR updates django from 3.1.1 to 3.1.7.

Changelog

3.1.7

==========================

*February 19, 2021*

Django 3.1.7 fixes a security issue and a bug in 3.1.6.

CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()``
=================================================================================

Django contains a copy of :func:`urllib.parse.parse_qsl` which was added to
backport some security fixes. A further security fix has been issued recently
such that ``parse_qsl()`` no longer allows using ``;`` as a query parameter
separator by default. Django now includes this fix. See :bpo:`42967` for
further details.

Bugfixes
========

* Fixed a regression in Django 3.1 that caused ``RuntimeError`` instead of
connection errors when using only the ``'postgres'`` database
(:ticket:`32403`).


==========================

3.1.6

==========================

*February 1, 2021*

Django 3.1.6 fixes a security issue with severity "low" and a bug in 3.1.5.

CVE-2021-3281: Potential directory-traversal via ``archive.extract()``
======================================================================

The ``django.utils.archive.extract()`` function, used by
:option:`startapp --template` and :option:`startproject --template`, allowed
directory-traversal via an archive with absolute paths or relative paths with
dot segments.

Bugfixes
========

* Fixed an admin layout issue in Django 3.1 where changelist filter controls 
would become squashed (:ticket:`32391`).


==========================

3.1.5

==========================

*January 4, 2021*

Django 3.1.5 fixes several bugs in 3.1.4.

Bugfixes
========

* Fixed ``__isnull=True`` lookup on key transforms for
:class:`~django.db.models.JSONField` with Oracle and SQLite
(:ticket:`32252`).

* Fixed a bug in Django 3.1 that caused a crash when processing middlewares in
an async context with a middleware that raises a ``MiddlewareNotUsed``
exception (:ticket:`32299`).

* Fixed a regression in Django 3.1 that caused the incorrect prefixing of
``STATIC_URL`` and ``MEDIA_URL`` settings, by the server-provided value of
``SCRIPT_NAME`` (or ``/`` if not set), when set to a URL specifying the
protocol but without a top-level domain, e.g. ``http://myhost/``
(:ticket:`32304`).


==========================

3.1.4

==========================

*December 1, 2020*

Django 3.1.4 fixes several bugs in 3.1.3.

Bugfixes
========

* Fixed setting the ``Content-Length`` HTTP header in ``AsyncRequestFactory``
(:ticket:`32162`).

* Fixed passing extra HTTP headers to ``AsyncRequestFactory`` request methods
(:ticket:`32159`).

* Fixed crash of key transforms for :class:`~django.db.models.JSONField` on
PostgreSQL when using on a ``Subquery()`` annotation (:ticket:`32182`).

* Fixed a regression in Django 3.1 that caused a crash of auto-reloader for
certain invocations of ``runserver`` on Windows with Python 3.7 and below
(:ticket:`32202`).

* Fixed a regression in Django 3.1 that caused the incorrect grouping by a
``Q`` object annotation (:ticket:`32200`).

* Fixed a regression in Django 3.1 that caused suppressing connection errors
when :class:`~django.db.models.JSONField` is used on SQLite
(:ticket:`32224`).

* Fixed a crash on SQLite, when ``QuerySet.values()/values_list()`` contained
key transforms for :class:`~django.db.models.JSONField` returning non-string
primitive values (:ticket:`32203`).


==========================

3.1.3

==========================

*November 2, 2020*

Django 3.1.3 fixes several bugs in 3.1.2 and adds compatibility with Python
3.9.

Bugfixes
========

* Fixed a regression in Django 3.1.2 that caused the incorrect height of the
admin changelist search bar (:ticket:`32072`).

* Fixed a regression in Django 3.1.2 that caused the incorrect width of the
admin changelist search bar on a filtered page (:ticket:`32091`).

* Fixed displaying Unicode characters in
:class:`forms.JSONField <django.forms.JSONField>` and read-only
:class:`models.JSONField <django.db.models.JSONField>` values in the admin
(:ticket:`32080`).

* Fixed a regression in Django 3.1 that caused a crash of
:class:`~django.contrib.postgres.aggregates.ArrayAgg` and
:class:`~django.contrib.postgres.aggregates.StringAgg` with ``ordering``
on key transforms for :class:`~django.db.models.JSONField` (:ticket:`32096`).

* Fixed a regression in Django 3.1 that caused a crash of ``__in`` lookup when
using key transforms for :class:`~django.db.models.JSONField` in the lookup
value (:ticket:`32096`).

* Fixed a regression in Django 3.1 that caused a crash of
:class:`~django.db.models.ExpressionWrapper` with key transforms for
:class:`~django.db.models.JSONField` (:ticket:`32096`).

* Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL
when adding an
:class:`~django.contrib.postgres.constraints.ExclusionConstraint` with key
transforms for :class:`~django.db.models.JSONField` in ``expressions``
(:ticket:`32096`).

* Fixed a regression in Django 3.1 where
:exc:`ProtectedError.protected_objects <django.db.models.ProtectedError>` and
:exc:`RestrictedError.restricted_objects <django.db.models.RestrictedError>`
attributes returned iterators instead of :py:class:`set` of objects
(:ticket:`32107`).

* Fixed a regression in Django 3.1.2 that caused incorrect form input layout on
small screens in the admin change form view (:ticket:`32069`).

* Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password
reset tokens (:ticket:`32130`).

* Added support for ``asgiref`` 3.3 (:ticket:`32128`).

* Fixed a regression in Django 3.1 that caused incorrect textarea layout on
medium-sized screens in the admin change form view with the sidebar open
(:ticket:`32127`).

* Fixed a regression in Django 3.0.7 that didn't use ``Subquery()`` aliases in
the ``GROUP BY`` clause (:ticket:`32152`).


==========================

3.1.2

==========================

*October 1, 2020*

Django 3.1.2 fixes several bugs in 3.1.1.

Bugfixes
========

* Fixed a bug in Django 3.1 where ``FileField`` instances with a callable
storage were not correctly deconstructed (:ticket:`31941`).

* Fixed a regression in Django 3.1 where the :attr:`.QuerySet.ordered`
attribute returned incorrectly ``True`` for ``GROUP BY`` queries (e.g.
``.annotate().values()``) on models with ``Meta.ordering``. A model's
``Meta.ordering`` doesn't affect such queries (:ticket:`31990`).

* Fixed a regression in Django 3.1 where a queryset would crash if it contained
an aggregation and a ``Q`` object annotation (:ticket:`32007`).

* Fixed a bug in Django 3.1 where a test database was not synced during
creation when using the :setting:`MIGRATE <TEST_MIGRATE>` test database
setting (:ticket:`32012`).

* Fixed a ``django.contrib.admin.EmptyFieldListFilter`` crash when using on a
``GenericRelation`` (:ticket:`32038`).

* Fixed a regression in Django 3.1.1 where the admin changelist filter sidebar
would not scroll for a long list of available filters (:ticket:`31986`).


==========================

Links

• PyPI: https://pypi.org/project/django
• Changelog: https://pyup.io/changelogs/django/
• Homepage: https://www.djangoproject.com/

[pyup-bot]

Closing this in favor of #1676