Scheduled daily dependency update on Monday

[pyup-bot]

Update pytz from 2022.7.1 to 2023.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pytz
• Homepage: http://pythonhosted.org/pytz
• Docs: https://pythonhosted.org/pytz/

Update Django from 4.1.7 to 4.2.1.

Changelog

4.2.1

==========================

*May 3, 2023*

Django 4.2.1 fixes a security issue with severity "low" and several bugs in
4.2.

CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field
=================================================================================================

Uploading multiple files using one form field has never been supported by
:class:`.forms.FileField` or :class:`.forms.ImageField` as only the last
uploaded file was validated. Unfortunately, :ref:`uploading_multiple_files`
topic suggested otherwise.

In order to avoid the vulnerability, :class:`~django.forms.ClearableFileInput`
and :class:`~django.forms.FileInput` form widgets now raise ``ValueError`` when
the ``multiple`` HTML attribute is set on them. To prevent the exception and
keep the old behavior, set ``allow_multiple_selected`` to ``True``.

For more details on using the new attribute and handling of multiple files
through a single field, see :ref:`uploading_multiple_files`.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.defer()``
when deferring fields by attribute names (:ticket:`34458`).

* Fixed a regression in Django 4.2 that caused a crash of
:class:`~django.contrib.postgres.search.SearchVector` function with ``%``
characters (:ticket:`34459`).

* Fixed a regression in Django 4.2 that caused aggregation over query that
uses explicit grouping to group against the wrong columns (:ticket:`34464`).

* Reallowed, following a regression in Django 4.2, setting the
``"cursor_factory"`` option in :setting:`OPTIONS` on PostgreSQL
(:ticket:`34466`).

* Enforced UTF-8 client encoding on PostgreSQL, following a regression in
Django 4.2 (:ticket:`34470`).

* Fixed a regression in Django 4.2 where ``i18n_patterns()`` didn't respect the
``prefix_default_language`` argument when a fallback language of the default
language was used (:ticket:`34455`).

* Fixed a regression in Django 4.2 where translated URLs of the default
language from ``i18n_patterns()`` with ``prefix_default_language`` set to
``False`` raised 404 errors for a request with a different language
(:ticket:`34515`).

* Fixed a regression in Django 4.2 where creating copies and deep copies of
``HttpRequest``, ``HttpResponse``, and their subclasses didn't always work
correctly (:ticket:`34482`, :ticket:`34484`).

* Fixed a regression in Django 4.2 where ``timesince`` and ``timeuntil``
template filters returned incorrect results for a datetime with a non-UTC
timezone when a time difference is less than 1 day (:ticket:`34483`).

* Fixed a regression in Django 4.2 that caused a crash of
:class:`~django.contrib.postgres.search.SearchHeadline` function with
``psycopg`` 3 (:ticket:`34486`).

* Fixed a regression in Django 4.2 that caused incorrect ``ClearableFileInput``
margins in the admin (:ticket:`34506`).

* Fixed a regression in Django 4.2 where breadcrumbs didn't appear on admin
site app index views (:ticket:`34512`).

* Made squashing migrations reduce ``AddIndex``, ``RemoveIndex``,
``RenameIndex``, and ``CreateModel`` operations which allows removing a
deprecated ``Meta.index_together`` option from historical migrations and use
``Meta.indexes`` instead (:ticket:`34525`).


========================

4.2

========================

*April 3, 2023*

Welcome to Django 4.2!

These release notes cover the :ref:`new features <whats-new-4.2>`, as well as
some :ref:`backwards incompatible changes <backwards-incompatible-4.2>` you'll
want to be aware of when upgrading from Django 4.1 or earlier. We've
:ref:`begun the deprecation process for some features
<deprecated-features-4.2>`.

See the :doc:`/howto/upgrade-version` guide if you're updating an existing
project.

Django 4.2 is designated as a :term:`long-term support release
<Long-term support release>`. It will receive security updates for at least
three years after its release. Support for the previous LTS, Django 3.2, will
end in April 2024.

Python compatibility
====================

Django 4.2 supports Python 3.8, 3.9, 3.10, and 3.11. We **highly recommend**
and only officially support the latest release of each series.

.. _whats-new-4.2:

What's new in Django 4.2
========================

Psycopg 3 support
-----------------

Django now supports `psycopg`_ version 3.1.8 or higher. To update your code,
install the :pypi:`psycopg library <psycopg>`, you don't need to change the
:setting:`ENGINE <DATABASE-ENGINE>` as ``django.db.backends.postgresql``
supports both libraries.

Support for ``psycopg2`` is likely to be deprecated and removed at some point
in the future.

Be aware that ``psycopg`` 3 introduces some breaking changes over ``psycopg2``.
As a consequence, you may need to make some changes to account for
`differences from psycopg2`_.

.. _psycopg: https://www.psycopg.org/psycopg3/
.. _differences from psycopg2: https://www.psycopg.org/psycopg3/docs/basic/from_pg2.html

Comments on columns and tables
------------------------------

The new :attr:`Field.db_comment <django.db.models.Field.db_comment>` and
:attr:`Meta.db_table_comment <django.db.models.Options.db_table_comment>`
options allow creating comments on columns and tables, respectively. For
example::

 from django.db import models


 class Question(models.Model):
     text = models.TextField(db_comment="Poll question")
     pub_date = models.DateTimeField(
         db_comment="Date and time when the question was published",
     )

     class Meta:
         db_table_comment = "Poll questions"


 class Answer(models.Model):
     question = models.ForeignKey(
         Question,
         on_delete=models.CASCADE,
         db_comment="Reference to a question",
     )
     answer = models.TextField(db_comment="Question answer")

     class Meta:
         db_table_comment = "Question answers"

Also, the new :class:`~django.db.migrations.operations.AlterModelTableComment`
operation allows changing table comments defined in the
:attr:`Meta.db_table_comment <django.db.models.Options.db_table_comment>`.

Mitigation for the BREACH attack
--------------------------------

:class:`~django.middleware.gzip.GZipMiddleware` now includes a mitigation for
the BREACH attack. It will add up to 100 random bytes to gzip responses to make
BREACH attacks harder. Read more about the mitigation technique in the `Heal
The Breach (HTB) paper`_.

.. _Heal The Breach (HTB) paper: https://ieeexplore.ieee.org/document/9754554

In-memory file storage
----------------------

The new :class:`django.core.files.storage.InMemoryStorage` class provides a
non-persistent storage useful for speeding up tests by avoiding disk access.

Custom file storages
--------------------

The new :setting:`STORAGES` setting allows configuring multiple custom file
storage backends. It also controls storage engines for managing
:doc:`files </topics/files>` (the ``"default"`` key) and :doc:`static files
</ref/contrib/staticfiles>` (the ``"staticfiles"`` key).

The old ``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings are
deprecated as of this release.

Minor features
--------------

:mod:`django.contrib.admin`
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* The light or dark color theme of the admin can now be toggled in the UI, as
well as being set to follow the system setting.

* The admin's font stack now prefers system UI fonts and no longer requires
downloading fonts. Additionally, CSS variables are available to more easily
override the default font families.

* The :source:`admin/delete_confirmation.html
<django/contrib/admin/templates/admin/delete_confirmation.html>` template now
has some additional blocks and scripting hooks to ease customization.

* The chosen options of
:attr:`~django.contrib.admin.ModelAdmin.filter_horizontal` and
:attr:`~django.contrib.admin.ModelAdmin.filter_vertical` widgets are now
filterable.

* The ``admin/base.html`` template now has a new block ``nav-breadcrumbs``
which contains the navigation landmark and the ``breadcrumbs`` block.

* :attr:`.ModelAdmin.list_editable` now uses atomic transactions when making
edits.

* jQuery is upgraded from version 3.6.0 to 3.6.4.

:mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~

* The default iteration count for the PBKDF2 password hasher is increased from
390,000 to 600,000.

* :class:`~django.contrib.auth.forms.UserCreationForm` now saves many-to-many
form fields for a custom user model.

* The new :class:`~django.contrib.auth.forms.BaseUserCreationForm` is now the
recommended base class for customizing the user creation form.

:mod:`django.contrib.gis`
~~~~~~~~~~~~~~~~~~~~~~~~~

* The :doc:`GeoJSON serializer </ref/contrib/gis/serializers>` now outputs the
``id`` key for serialized features, which defaults to the primary key of
objects.

* The :class:`~django.contrib.gis.gdal.GDALRaster` class now supports
:class:`pathlib.Path`.

* The :class:`~django.contrib.gis.geoip2.GeoIP2` class now supports  ``.mmdb``
files downloaded from DB-IP.

* The OpenLayers template widget no longer includes inline CSS (which also
removes the former ``map_css`` block) to better comply with a strict Content
Security Policy.

* :class:`~django.contrib.gis.forms.widgets.OpenLayersWidget` is now based on
OpenLayers 7.2.2 (previously 4.6.5).

* The new :lookup:`isempty` lookup and
:class:`IsEmpty() <django.contrib.gis.db.models.functions.IsEmpty>`
expression allow filtering empty geometries on PostGIS.

* The new :class:`FromWKB() <django.contrib.gis.db.models.functions.FromWKB>`
and :class:`FromWKT() <django.contrib.gis.db.models.functions.FromWKT>`
functions allow creating geometries from Well-known binary (WKB) and
Well-known text (WKT) representations.

:mod:`django.contrib.postgres`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* The new :lookup:`trigram_strict_word_similar` lookup, and the
:class:`TrigramStrictWordSimilarity()
<django.contrib.postgres.search.TrigramStrictWordSimilarity>` and
:class:`TrigramStrictWordDistance()
<django.contrib.postgres.search.TrigramStrictWordDistance>` expressions allow
using trigram strict word similarity.

* The :lookup:`arrayfield.overlap` lookup now supports ``QuerySet.values()``
and ``values_list()`` as a right-hand side.

:mod:`django.contrib.sitemaps`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* The new :meth:`.Sitemap.get_languages_for_item` method allows customizing the
list of languages for which the item is displayed.

:mod:`django.contrib.staticfiles`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* :class:`~django.contrib.staticfiles.storage.ManifestStaticFilesStorage` now
has experimental support for replacing paths to JavaScript modules in
``import`` and ``export`` statements with their hashed counterparts. If you
want to try it, subclass ``ManifestStaticFilesStorage`` and set the
``support_js_module_import_aggregation`` attribute to ``True``.

* The new :attr:`.ManifestStaticFilesStorage.manifest_hash` attribute provides
a hash over all files in the manifest and changes whenever one of the files
changes.

Database backends
~~~~~~~~~~~~~~~~~

* The new ``"assume_role"`` option is now supported in :setting:`OPTIONS` on
PostgreSQL to allow specifying the :ref:`session role <database-role>`.

* The new ``"server_side_binding"`` option is now supported in
:setting:`OPTIONS` on PostgreSQL with ``psycopg`` 3.1.8+ to allow using
:ref:`server-side binding cursors <database-server-side-parameters-binding>`.

Error Reporting
~~~~~~~~~~~~~~~

* The debug page now shows :pep:`exception notes <678>` and
:pep:`fine-grained error locations <657>` on Python 3.11+.

* Session cookies are now treated as credentials and therefore hidden and
replaced with stars (``**********``) in error reports.

Forms
~~~~~

* :class:`~django.forms.ModelForm` now accepts the new ``Meta`` option
``formfield_callback`` to customize form fields.

* :func:`~django.forms.models.modelform_factory` now respects the
``formfield_callback`` attribute of the ``form``’s ``Meta``.

Internationalization
~~~~~~~~~~~~~~~~~~~~

* Added support and translations for the Central Kurdish (Sorani) language.

Logging
~~~~~~~

* The :ref:`django-db-logger` logger now logs transaction management queries
(``BEGIN``, ``COMMIT``, and ``ROLLBACK``) at the ``DEBUG`` level.

Management Commands
~~~~~~~~~~~~~~~~~~~

* :djadmin:`makemessages` command now supports locales with private sub-tags
such as ``nl_NL-x-informal``.

* The new :option:`makemigrations --update` option merges model changes into
the latest migration and optimizes the resulting operations.

Migrations
~~~~~~~~~~

* Migrations now support serialization of ``enum.Flag`` objects.

Models
~~~~~~

* ``QuerySet`` now extensively supports filtering against
:ref:`window-functions` with the exception of disjunctive filter lookups
against window functions when performing aggregation.

* :meth:`~.QuerySet.prefetch_related` now supports
:class:`~django.db.models.Prefetch` objects with sliced querysets.

* :ref:`Registering lookups <lookup-registration-api>` on
:class:`~django.db.models.Field` instances is now supported.

* The new ``robust`` argument for :func:`~django.db.transaction.on_commit`
allows performing actions that can fail after a database transaction is
successfully committed.

* The new :class:`KT() <django.db.models.fields.json.KT>` expression represents
the text value of a key, index, or path transform of
:class:`~django.db.models.JSONField`.

* :class:`~django.db.models.functions.Now` now supports microsecond precision
on MySQL and millisecond precision on SQLite.

* :class:`F() <django.db.models.F>` expressions that output ``BooleanField``
can now be negated using ``~F()`` (inversion operator).

* ``Model`` now provides asynchronous versions of some methods that use the
database, using an ``a`` prefix: :meth:`~.Model.adelete`,
:meth:`~.Model.arefresh_from_db`, and :meth:`~.Model.asave`.

* Related managers now provide asynchronous versions of methods that change a
set of related objects, using an ``a`` prefix: :meth:`~.RelatedManager.aadd`,
:meth:`~.RelatedManager.aclear`, :meth:`~.RelatedManager.aremove`, and
:meth:`~.RelatedManager.aset`.

* :attr:`CharField.max_length <django.db.models.CharField.max_length>` is no
longer required to be set on PostgreSQL, which supports unlimited ``VARCHAR``
columns.

Requests and Responses
~~~~~~~~~~~~~~~~~~~~~~

* :class:`~django.http.StreamingHttpResponse` now supports async iterators
when Django is served via ASGI.

Tests
~~~~~

* The :option:`test --debug-sql` option now formats SQL queries with
``sqlparse``.

* The :class:`~django.test.RequestFactory`,
:class:`~django.test.AsyncRequestFactory`, :class:`~django.test.Client`, and
:class:`~django.test.AsyncClient` classes now support the ``headers``
parameter, which accepts a dictionary of header names and values. This allows
a more natural syntax for declaring headers.

.. code-block:: python

   Before:
  self.client.get("/home/", HTTP_ACCEPT_LANGUAGE="fr")
  await self.async_client.get("/home/", ACCEPT_LANGUAGE="fr")

   After:
  self.client.get("/home/", headers={"accept-language": "fr"})
  await self.async_client.get("/home/", headers={"accept-language": "fr"})

Utilities
~~~~~~~~~

* The new ``encoder`` parameter for :meth:`django.utils.html.json_script`
function allows customizing a JSON encoder class.

* The private internal vendored copy of ``urllib.parse.urlsplit()`` now strips
``'\r'``, ``'\n'``, and ``'\t'`` (see :cve:`2022-0391` and :bpo:`43882`).
This is to protect projects that may be incorrectly using the internal
``url_has_allowed_host_and_scheme()`` function, instead of using one of the
documented functions for handling URL redirects. The Django functions were
not affected.

* The new :func:`django.utils.http.content_disposition_header` function returns
a ``Content-Disposition`` HTTP header value as specified by :rfc:`6266`.

Validators
~~~~~~~~~~

* The list of common passwords used by ``CommonPasswordValidator`` is updated
to the most recent version.

.. _backwards-incompatible-4.2:

Backwards incompatible changes in 4.2
=====================================

Database backend API
--------------------

This section describes changes that may be needed in third-party database
backends.

* ``DatabaseFeatures.allows_group_by_pk`` is removed as it only remained to
accommodate a MySQL extension that has been supplanted by proper functional
dependency detection in MySQL 5.7.15. Note that
``DatabaseFeatures.allows_group_by_selected_pks`` is still supported and
should be enabled if your backend supports functional dependency detection in
``GROUP BY`` clauses as specified by the ``SQL:1999`` standard.

* :djadmin:`inspectdb` now uses ``display_size`` from
``DatabaseIntrospection.get_table_description()`` rather than
``internal_size`` for ``CharField``.

Dropped support for MariaDB 10.3
--------------------------------

Upstream support for MariaDB 10.3 ends in May 2023. Django 4.2 supports MariaDB
10.4 and higher.

Dropped support for MySQL 5.7
-----------------------------

Upstream support for MySQL 5.7 ends in October 2023. Django 4.2 supports MySQL
8 and higher.

Dropped support for PostgreSQL 11
---------------------------------

Upstream support for PostgreSQL 11 ends in November 2023. Django 4.2 supports
PostgreSQL 12 and higher.

Setting ``update_fields`` in ``Model.save()`` may now be required
-----------------------------------------------------------------

In order to avoid updating unnecessary columns,
:meth:`.QuerySet.update_or_create` now passes ``update_fields`` to the
:meth:`Model.save() <django.db.models.Model.save>` calls. As a consequence, any
fields modified in the custom ``save()`` methods should be added to the
``update_fields`` keyword argument before calling ``super()``. See
:ref:`overriding-model-methods` for more details.

Miscellaneous
-------------

* The undocumented ``django.http.multipartparser.parse_header()`` function is
removed. Use ``django.utils.http.parse_header_parameters()`` instead.

* :ttag:`{% blocktranslate asvar … %}<blocktranslate>` result is now marked as
safe for (HTML) output purposes.

* The ``autofocus`` HTML attribute in the admin search box is removed as it can
be confusing for screen readers.

* The :option:`makemigrations --check` option no longer creates missing
migration files.

* The ``alias`` argument for :meth:`.Expression.get_group_by_cols` is removed.

* The minimum supported version of ``sqlparse`` is increased from 0.2.2 to
0.3.1.

* The undocumented ``negated`` parameter of the
:class:`~django.db.models.Exists` expression is removed.

* The ``is_summary`` argument of the undocumented ``Query.add_annotation()``
method is removed.

* The minimum supported version of SQLite is increased from 3.9.0 to 3.21.0.

* The minimum supported version of ``asgiref`` is increased from 3.5.2 to
3.6.0.

* :class:`~django.contrib.auth.forms.UserCreationForm` now rejects usernames
that differ only in case. If you need the previous behavior, use
:class:`~django.contrib.auth.forms.BaseUserCreationForm` instead.

* The minimum supported version of ``mysqlclient`` is increased from 1.4.0 to
1.4.3.

* The minimum supported version of ``argon2-cffi`` is increased  from 19.1.0 to
19.2.0.

* The minimum supported version of ``Pillow`` is increased from 6.2.0 to 6.2.1.

* The minimum supported version of ``jinja2`` is increased from 2.9.2 to
2.11.0.

* The minimum supported version of :pypi:`redis-py <redis>` is increased from
3.0.0 to 3.4.0.

* Manually instantiated ``WSGIRequest`` objects must be provided a file-like
object for ``wsgi.input``. Previously, Django was more lax than the expected
behavior as specified by the WSGI specification.

* Support for ``PROJ`` < 5 is removed.

* :class:`~django.core.mail.backends.smtp.EmailBackend` now verifies a
:py:attr:`hostname <ssl.SSLContext.check_hostname>` and
:py:attr:`certificates <ssl.SSLContext.verify_mode>`. If you need the
previous behavior that is less restrictive and not recommended, subclass
``EmailBackend`` and override the ``ssl_context`` property.

.. _deprecated-features-4.2:

Features deprecated in 4.2
==========================

``index_together`` option is deprecated in favor of ``indexes``
---------------------------------------------------------------

The :attr:`Meta.index_together <django.db.models.Options.index_together>`
option is deprecated in favor of the :attr:`~django.db.models.Options.indexes`
option.

Migrating existing ``index_together`` should be handled as a migration. For
example::

 class Author(models.Model):
     rank = models.IntegerField()
     name = models.CharField(max_length=30)

     class Meta:
         index_together = [["rank", "name"]]

Should become::

 class Author(models.Model):
     rank = models.IntegerField()
     name = models.CharField(max_length=30)

     class Meta:
         indexes = [models.Index(fields=["rank", "name"])]

Running the :djadmin:`makemigrations` command will generate a migration
containing a :class:`~django.db.migrations.operations.RenameIndex` operation
which will rename the existing index. Next, consider squashing migrations to
remove ``index_together`` from historical migrations.

The ``AlterIndexTogether`` migration operation is now officially supported only
for pre-Django 4.2 migration files. For backward compatibility reasons, it's
still part of the public API, and there's no plan to deprecate or remove it,
but it should not be used for new migrations. Use
:class:`~django.db.migrations.operations.AddIndex` and
:class:`~django.db.migrations.operations.RemoveIndex` operations instead.

Passing encoded JSON string literals to ``JSONField`` is deprecated
-------------------------------------------------------------------

``JSONField`` and its associated lookups and aggregates used to allow passing
JSON encoded string literals which caused ambiguity on whether string literals
were already encoded from database backend's perspective.

During the deprecation period string literals will be attempted to be JSON
decoded and a warning will be emitted on success that points at passing
non-encoded forms instead.

Code that use to pass JSON encoded string literals::

 Document.objects.bulk_create(
     Document(data=Value("null")),
     Document(data=Value("[]")),
     Document(data=Value('"foo-bar"')),
 )
 Document.objects.annotate(
     JSONBAgg("field", default=Value("[]")),
 )

Should become::

 Document.objects.bulk_create(
     Document(data=Value(None, JSONField())),
     Document(data=[]),
     Document(data="foo-bar"),
 )
 Document.objects.annotate(
     JSONBAgg("field", default=[]),
 )

From Django 5.1+ string literals will be implicitly interpreted as JSON string
literals.

Miscellaneous
-------------

* The ``BaseUserManager.make_random_password()`` method is deprecated. See
`recipes and best practices
<https://docs.python.org/3/library/secrets.html#recipes-and-best-practices>`_
for using Python's :py:mod:`secrets` module to generate passwords.

* The ``length_is`` template filter is deprecated in favor of :tfilter:`length`
and the ``==`` operator within an :ttag:`{% if %}<if>` tag. For example

.. code-block:: html+django

 {% if value|length == 4 %}…{% endif %}
 {% if value|length == 4 %}True{% else %}False{% endif %}

instead of:

.. code-block:: html+django

 {% if value|length_is:4 %}…{% endif %}
 {{ value|length_is:4 }}

* ``django.contrib.auth.hashers.SHA1PasswordHasher``,
``django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher``, and
``django.contrib.auth.hashers.UnsaltedMD5PasswordHasher`` are deprecated.

* ``django.contrib.postgres.fields.CICharField`` is deprecated in favor of
``CharField(db_collation="…")`` with a case-insensitive non-deterministic
collation.

* ``django.contrib.postgres.fields.CIEmailField`` is deprecated in favor of
``EmailField(db_collation="…")`` with a case-insensitive non-deterministic
collation.

* ``django.contrib.postgres.fields.CITextField`` is deprecated in favor of
``TextField(db_collation="…")`` with a case-insensitive non-deterministic
collation.

* ``django.contrib.postgres.fields.CIText`` mixin is deprecated.

* The ``map_height`` and ``map_width`` attributes of ``BaseGeometryWidget`` are
deprecated, use CSS to size map widgets instead.

* ``SimpleTestCase.assertFormsetError()`` is deprecated in favor of
``assertFormSetError()``.

* ``TransactionTestCase.assertQuerysetEqual()`` is deprecated in favor of
``assertQuerySetEqual()``.

* Passing positional arguments to ``Signer`` and ``TimestampSigner`` is
deprecated in favor of keyword-only arguments.

* The ``DEFAULT_FILE_STORAGE`` setting is deprecated in favor of
``STORAGES["default"]``.

* The ``STATICFILES_STORAGE`` setting is deprecated in favor of
``STORAGES["staticfiles"]``.

* The ``django.core.files.storage.get_storage_class()`` function is deprecated.








==========================

4.1.9

==========================

*May 3, 2023*

Django 4.1.9 fixes a security issue with severity "low" in 4.1.8.

CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field
=================================================================================================

Uploading multiple files using one form field has never been supported by
:class:`.forms.FileField` or :class:`.forms.ImageField` as only the last
uploaded file was validated. Unfortunately, :ref:`uploading_multiple_files`
topic suggested otherwise.

In order to avoid the vulnerability, :class:`~django.forms.ClearableFileInput`
and :class:`~django.forms.FileInput` form widgets now raise ``ValueError`` when
the ``multiple`` HTML attribute is set on them. To prevent the exception and
keep the old behavior, set ``allow_multiple_selected`` to ``True``.

For more details on using the new attribute and handling of multiple files
through a single field, see :ref:`uploading_multiple_files`.


==========================

4.1.8

==========================

*April 5, 2023*

Django 4.1.8 fixes a bug in 4.1.7.

Bugfixes
========

* Fixed a bug in Django 4.1 that caused invalidation of sessions when rotating
secret keys with ``SECRET_KEY_FALLBACKS`` (:ticket:`34384`).


==========================

Links

• PyPI: https://pypi.org/project/django
• Changelog: https://pyup.io/changelogs/django/
• Homepage: https://www.djangoproject.com/

Update django-configurations from 2.4 to 2.4.1.

Changelog

2.4.1

^^^^^^^^^^^^^^^^^^^

- Use furo as documentation theme 
- Add compatibility with Django 4.2 - fix "STATICFILES_STORAGE/STORAGES are mutually exclusive" error.
- Test Django 4.1.3+ on Python 3.11

Links

• PyPI: https://pypi.org/project/django-configurations
• Changelog: https://pyup.io/changelogs/django-configurations/
• Docs: https://django-configurations.readthedocs.io/

Update newrelic from 8.7.0 to 8.8.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/newrelic
• Homepage: https://docs.newrelic.com/docs/apm/agents/python-agent/

Update psycopg2-binary from 2.9.5 to 2.9.6.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/psycopg2-binary
• Homepage: https://psycopg.org/

Update dj-database-url from 1.2.0 to 2.0.0.

Changelog

2.0.0

* Update project setup such that we now install as a package.

_Notes_: while this does not alter the underlying application code, we are bumping to
2.0 incase there are unforeseen knock on use-case issues.

1.3.0

* Cosmetic changes to the generation of schemes.
* Bump isort version - 5.11.5.
* raise warning message if database_url is not set.
* CONN_MAX_AGE fix type - Optional[int].

Links

• PyPI: https://pypi.org/project/dj-database-url
• Changelog: https://pyup.io/changelogs/dj-database-url/
• Repo: https://github.com/jazzband/dj-database-url

Update Markdown from 3.4.1 to 3.4.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/markdown

Update django-filter from 22.1 to 23.2.

Changelog

23.2

------------------------

* Deprecated the schema generation methods of the DRF related ``DjangoFilterBackend``.
These will be removed in version 25.1.

You should use `drf-spectacular <https://drf-spectacular.readthedocs.io/en/latest/>`_
for generating OpenAPI schemas with DRF.

* In addition, stopped testing against the (very old now) ``coreapi`` schema generation.
These methods should continue to work if you're using them until v25.1, but
``coreapi`` is no longer maintained, and is raising warnings against the current
versions of Python. To workaround this is not worth the effort at this point.

* Updated Polish translations.

23.1

------------------------

* Declared support for Django 4.2.

* Various updated and new translations. Thanks to all who contributed, and
Weblate for hosting.

* Fixed QueryArrayWidget.value_from_datadict() to not mutate input data. (1540)

Links

• PyPI: https://pypi.org/project/django-filter
• Changelog: https://pyup.io/changelogs/django-filter/
• Repo: https://github.com/carltongibson/django-filter/tree/main

Update ipython from 8.11.0 to 8.13.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/ipython
• Changelog: https://pyup.io/changelogs/ipython/
• Homepage: https://ipython.org

Update mkdocs from 1.4.2 to 1.4.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/mkdocs

Update mock from 5.0.1 to 5.0.2.

Changelog

5.0.2

-----

- gh-102978: Fixes :func:`unittest.mock.patch` not enforcing function
signatures for methods decorated with ``classmethod`` or
``staticmethod`` when patch is called with ``autospec=True``.

- gh-103329: Regression tests for the behaviour of
``unittest.mock.PropertyMock`` were added.

Links

• PyPI: https://pypi.org/project/mock
• Changelog: https://pyup.io/changelogs/mock/
• Docs: http://mock.readthedocs.org/en/latest/

Update coverage from 7.2.1 to 7.2.5.

Changelog

7.2.5

--------------------------

- Fix: ``html_report()`` could fail with an AttributeError on ``isatty`` if run
in an unusual environment where sys.stdout had been replaced.  This is now
fixed.


.. _changes_7-2-4:

7.2.4

--------------------------

PyCon 2023 sprint fixes!

- Fix: with ``relative_files = true``, specifying a specific file to include or
omit wouldn't work correctly (`issue 1604`_).  This is now fixed, with
testing help by `Marc Gibbons <pull 1608_>`_.

- Fix: the XML report would have an incorrect ``<source>`` element when using
relative files and the source option ended with a slash (`issue 1541`_).
This is now fixed, thanks to `Kevin Brown-Silva <pull 1608_>`_.

- When the HTML report location is printed to the terminal, it's now a
terminal-compatible URL, so that you can click the location to open the HTML
file in your browser.  Finishes `issue 1523`_ thanks to `Ricardo Newbery
<pull 1613_>`_.

- Docs: a new :ref:`Migrating page <migrating>` with details about how to
migrate between major versions of coverage.py.  It currently covers the
wildcard changes in 7.x.  Thanks, `Brian Grohe <pull 1610_>`_.

.. _issue 1523: https://github.com/nedbat/coveragepy/issues/1523
.. _issue 1541: https://github.com/nedbat/coveragepy/issues/1541
.. _issue 1604: https://github.com/nedbat/coveragepy/issues/1604
.. _pull 1608: https://github.com/nedbat/coveragepy/pull/1608
.. _pull 1609: https://github.com/nedbat/coveragepy/pull/1609
.. _pull 1610: https://github.com/nedbat/coveragepy/pull/1610
.. _pull 1613: https://github.com/nedbat/coveragepy/pull/1613


.. _changes_7-2-3:

7.2.3

--------------------------

- Fix: the :ref:`config_run_sigterm` setting was meant to capture data if a
process was terminated with a SIGTERM signal, but it didn't always.  This was
fixed thanks to `Lewis Gaul <pull 1600_>`_, closing `issue 1599`_.

- Performance: HTML reports with context information are now much more compact.
File sizes are typically as small as one-third the previous size, but can be
dramatically smaller. This closes `issue 1584`_ thanks to `Oleh Krehel
<pull 1587_>`_.

- Development dependencies no longer use hashed pins, closing `issue 1592`_.

.. _issue 1584: https://github.com/nedbat/coveragepy/issues/1584
.. _pull 1587: https://github.com/nedbat/coveragepy/pull/1587
.. _issue 1592: https://github.com/nedbat/coveragepy/issues/1592
.. _issue 1599: https://github.com/nedbat/coveragepy/issues/1599
.. _pull 1600: https://github.com/nedbat/coveragepy/pull/1600


.. _changes_7-2-2:

7.2.2

--------------------------

- Fix: if a virtualenv was created inside a source directory, and a sourced
package was installed inside the virtualenv, then all of the third-party
packages inside the virtualenv would be measured.  This was incorrect, but
has now been fixed: only the specified packages will be measured, thanks to
`Manuel Jacob <pull 1560_>`_.

- Fix: the ``coverage lcov`` command could create a .lcov file with incorrect
LF (lines found) and LH (lines hit) totals.  This is now fixed, thanks to
`Ian Moore <pull 1583_>`_.

- Fix: the ``coverage xml`` command on Windows could create a .xml file with
duplicate ``<package>`` elements. This is now fixed, thanks to `Benjamin
Parzella <pull 1574_>`_, closing `issue 1573`_.

.. _pull 1560: https://github.com/nedbat/coveragepy/pull/1560
.. _issue 1573: https://github.com/nedbat/coveragepy/issues/1573
.. _pull 1574: https://github.com/nedbat/coveragepy/pull/1574
.. _pull 1583: https://github.com/nedbat/coveragepy/pull/1583


.. _changes_7-2-1:

Links

• PyPI: https://pypi.org/project/coverage
• Changelog: https://pyup.io/changelogs/coverage/
• Repo: https://github.com/nedbat/coveragepy

Update boto3 from 1.26.89 to 1.26.129.

Changelog

1.26.129

========

* api-change:``ec2``: [``botocore``] This release adds support the inf2 and trn1n instances. inf2 instances are purpose built for deep learning inference while trn1n instances are powered by AWS Trainium accelerators and they build on the capabilities of Trainium-powered trn1 instances.
* api-change:``inspector2``: [``botocore``] Amazon Inspector now allows customers to search its vulnerability intelligence database if any of the Inspector scanning types are activated.
* api-change:``mediatailor``: [``botocore``] This release adds support for AFTER_LIVE_EDGE mode configuration for avail suppression, and adding a fill-policy setting that sets the avail suppression to PARTIAL_AVAIL or FULL_AVAIL_ONLY when AFTER_LIVE_EDGE is enabled.
* api-change:``sqs``: [``botocore``] Revert previous SQS protocol change.

1.26.128

========

* bugfix:``sqs``: [``botocore``] Rolled back recent change to wire format protocol

1.26.127

========

* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``config``: [``botocore``] Updated ResourceType enum with new resource types onboarded by AWS Config in April 2023.
* api-change:``connect``: [``botocore``] Remove unused InvalidParameterException from CreateParticipant API
* api-change:``ecs``: [``botocore``] Documentation update for new error type NamespaceNotFoundException for CreateCluster and UpdateCluster
* api-change:``network-firewall``: [``botocore``] This release adds support for the Suricata REJECT option in midstream exception configurations.
* api-change:``opensearch``: [``botocore``] DescribeDomainNodes: A new API that provides configuration information for nodes part of the domain
* api-change:``quicksight``: [``botocore``] Add support for Topic, Dataset parameters and VPC
* api-change:``rekognition``: [``botocore``] This release adds a new attribute FaceOccluded. Additionally, you can now select attributes individually (e.g. ["DEFAULT", "FACE_OCCLUDED", "AGE_RANGE"] instead of ["ALL"]), which can reduce response time.
* api-change:``s3``: [``botocore``] Documentation updates for Amazon S3
* api-change:``sagemaker``: [``botocore``] We added support for ml.inf2 and ml.trn1 family of instances on Amazon SageMaker for deploying machine learning (ML) models for Real-time and Asynchronous inference. You can use these instances to achieve high performance at a low cost for generative artificial intelligence (AI) models.
* api-change:``securityhub``: [``botocore``] Add support for Finding History.
* api-change:``sqs``: [``botocore``] This release enables customers to call SQS using AWS JSON-1.0 protocol.

1.26.126

========

* api-change:``appsync``: [``botocore``] Private API support for AWS AppSync. With Private APIs, you can now create GraphQL APIs that can only be accessed from your Amazon Virtual Private Cloud ("VPC").
* api-change:``ec2``: [``botocore``] Adds an SDK paginator for GetNetworkInsightsAccessScopeAnalysisFindings
* api-change:``inspector2``: [``botocore``] This feature provides deep inspection for linux based instance
* api-change:``iottwinmaker``: [``botocore``] This release adds a field for GetScene API to return error code and message from dependency services.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall now supports policy level HOME_NET variable overrides.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds the option to deploy a domain across multiple Availability Zones, with each AZ containing a complete copy of data and with nodes in one AZ acting as a standby. This option provides 99.99% availability and consistent performance in the event of infrastructure failure.
* api-change:``wellarchitected``: [``botocore``] This release deepens integration with AWS Service Catalog AppRegistry to improve workload resource discovery.

1.26.125

========

* api-change:``appflow``: [``botocore``] This release adds new API to cancel flow executions.
* api-change:``connect``: [``botocore``] Amazon Connect Service Rules API update: Added OnContactEvaluationSubmit event source to support user configuring evaluation form rules.
* api-change:``ecs``: [``botocore``] Documentation only update to address Amazon ECS tickets.
* api-change:``kendra``: [``botocore``] AWS Kendra now supports configuring document fields/attributes via the GetQuerySuggestions API. You can now base query suggestions on the contents of document fields.
* api-change:``resiliencehub``: [``botocore``] This release will improve resource level transparency in applications by discovering previously hidden resources.
* api-change:``sagemaker``: [``botocore``] Amazon Sagemaker Autopilot supports training models with sample weights and additional objective metrics.

1.26.124

========

* api-change:``compute-optimizer``: [``botocore``] support for tag filtering within compute optimizer. ability to filter recommendation results by tag and tag key value pairs. ability to filter by inferred workload type added.
* api-change:``kms``: [``botocore``] This release makes the NitroEnclave request parameter Recipient and the response field for CiphertextForRecipient available in AWS SDKs. It also adds the regex pattern for CloudHsmClusterId validation.

1.26.123

========

* api-change:``appflow``: [``botocore``] Adds Jwt Support for Salesforce Credentials.
* api-change:``athena``: [``botocore``] You can now use capacity reservations on Amazon Athena to run SQL queries on fully-managed compute capacity.
* api-change:``directconnect``: [``botocore``] This release corrects the jumbo frames MTU from 9100 to 8500.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``grafana``: [``botocore``] This release adds support for the grafanaVersion parameter in CreateWorkspace.
* api-change:``iot``: [``botocore``] This release allows AWS IoT Core users to specify a TLS security policy when creating and updating AWS IoT Domain Configurations.
* api-change:``rekognition``: [``botocore``] Added support for aggregating moderation labels by video segment timestamps for Stored Video Content Moderation APIs and added additional information about the job to all Stored Video Get API responses.
* api-change:``simspaceweaver``: [``botocore``] Added a new CreateSnapshot API. For the StartSimulation API, SchemaS3Location is now optional, added a new SnapshotS3Location parameter. For the DescribeSimulation API, added SNAPSHOT_IN_PROGRESS simulation state, deprecated SchemaError, added new fields: StartError and SnapshotS3Location.
* api-change:``wafv2``: [``botocore``] You can now associate a web ACL with a Verified Access instance.
* api-change:``workspaces``: [``botocore``] Added Windows 11 to support Microsoft_Office_2019

1.26.122

========

* api-change:``ec2``: [``botocore``] This release adds support for AMD SEV-SNP on EC2 instances.
* api-change:``emr-containers``: [``botocore``] This release adds GetManagedEndpointSessionCredentials, a new API that allows customers to generate an auth token to connect to a managed endpoint, enabling features such as self-hosted Jupyter notebooks for EMR on EKS.
* api-change:``guardduty``: [``botocore``] Added API support to initiate on-demand malware scan on specific resources.
* api-change:``iotdeviceadvisor``: [``botocore``] AWS IoT Core Device Advisor now supports MQTT over WebSocket. With this update, customers can run all three test suites of AWS IoT Core Device Advisor - qualification, custom, and long duration tests - using Signature Version 4 for MQTT over WebSocket.
* api-change:``kafka``: [``botocore``] Amazon MSK has added new APIs that allows multi-VPC private connectivity and cluster policy support for Amazon MSK clusters that simplify connectivity and access between your Apache Kafka clients hosted in different VPCs and AWS accounts and your Amazon MSK clusters.
* api-change:``lambda``: [``botocore``] Add Java 17 (java17) support to AWS Lambda
* api-change:``marketplace-catalog``: [``botocore``] Enabled Pagination for List Entities and List Change Sets operations
* api-change:``osis``: [``botocore``] Documentation updates for OpenSearch Ingestion
* api-change:``qldb``: [``botocore``] Documentation updates for Amazon QLDB
* api-change:``sagemaker``: [``botocore``] Added ml.p4d.24xlarge and ml.p4de.24xlarge as supported instances for SageMaker Studio
* api-change:``xray``: [``botocore``] Updated X-Ray documentation with Resource Policy API descriptions.

1.26.121

========

* api-change:``osis``: [``botocore``] Initial release for OpenSearch Ingestion

1.26.120

========

* api-change:``chime-sdk-messaging``: [``botocore``] Remove non actionable field from UpdateChannelReadMarker and DeleteChannelRequest.  Add precise exceptions to DeleteChannel and DeleteStreamingConfigurations error cases.
* api-change:``connect``: [``botocore``] Amazon Connect, Contact Lens Evaluation API release including ability to manage forms and to submit contact evaluations.
* api-change:``datasync``: [``botocore``] This release adds 13 new APIs to support AWS DataSync Discovery GA.
* api-change:``ds``: [``botocore``] New field added in AWS Managed Microsoft AD DescribeSettings response and regex pattern update for UpdateSettings value.  Added length validation to RemoteDomainName.
* api-change:``pinpoint``: [``botocore``] Adds support for journey runs and querying journey execution metrics based on journey runs. Adds execution metrics to campaign activities. Updates docs for Advanced Quiet Time.

1.26.119

========

* api-change:``appflow``: [``botocore``] Increased the max length for RefreshToken and AuthCode from 2048 to 4096.
* api-change:``codecatalyst``: [``botocore``] Documentation updates for Amazon CodeCatalyst.
* api-change:``ec2``: [``botocore``] API changes to AWS Verified Access related to identity providers' information.
* api-change:``mediaconvert``: [``botocore``] This release introduces a noise reduction pre-filter, linear interpolation deinterlace mode, video pass-through, updated default job settings, and expanded LC-AAC Stereo audio bitrate ranges.
* api-change:``rekognition``: [``botocore``] Added new status result to Liveness session status.

1.26.118

========

* api-change:``connect``: [``botocore``] This release adds a new API CreateParticipant. For Amazon Connect Chat, you can use this new API to customize chat flow experiences.
* api-change:``ecs``: [``botocore``] Documentation update to address various Amazon ECS tickets.
* api-change:``fms``: [``botocore``] AWS Firewall Manager adds support for multiple administrators. You can now delegate more than one administrator per organization.

1.26.117

========

* api-change:``chime-sdk-media-pipelines``: [``botocore``] This release adds support for specifying the recording file format in an S3 recording sink configuration.
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.
* api-change:``chime``: [``botocore``] Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.
* api-change:``gamelift``: [``botocore``] Amazon GameLift supports creating Builds for Windows 2016 operating system.
* api-change:``guardduty``: [``botocore``] This release adds support for the new Lambda Protection feature.
* api-change:``iot``: [``botocore``] Support additional OTA states in GetOTAUpdate API
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Canvas adds ModelRegisterSettings support for CanvasAppSettings.
* api-change:``snowball``: [``botocore``] Adds support for Amazon S3 compatible storage. AWS Snow Family customers can now use Amazon S3 compatible storage on Snowball Edge devices. Also adds support for V3_5S. This is a refreshed AWS Snowball Edge Storage Optimized device type with 210TB SSD (customer usable).
* api-change:``wafv2``: [``botocore``] You can now create encrypted API keys to use in a client application integration of the JavaScript CAPTCHA API . You can also retrieve a list of your API keys and the JavaScript application integration URL.

1.26.116

========

* api-change:``comprehend``: [``botocore``] This release supports native document models for custom classification, in addition to plain-text models. You train native document models using documents (PDF, Word, images) in their native format.
* api-change:``ecs``: [``botocore``] This release supports the Account Setting "TagResourceAuthorization" that allows for enhanced Tagging security controls.
* api-change:``ram``: [``botocore``] This release adds support for customer managed permissions. Customer managed permissions enable customers to author and manage tailored permissions for resources shared using RAM.
* api-change:``rds``: [``botocore``] Adds support for the ImageId parameter of CreateCustomDBEngineVersion to RDS Custom for Oracle
* api-change:``s3``: [``botocore``] Provides support for "Snow" Storage class.
* api-change:``s3control``: [``botocore``] Provides support for overriding endpoint when region is "snow". This will enable bucket APIs for Amazon S3 Compatible storage on Snow Family devices.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager

1.26.115

========

* api-change:``appflow``: [``botocore``] This release adds a Client Token parameter to the following AppFlow APIs: Create/Update Connector Profile, Create/Update Flow, Start Flow, Register Connector, Update Connector Registration. The Client Token parameter allows idempotent operations for these APIs.
* api-change:``drs``: [``botocore``] Changed existing APIs and added new APIs to support using an account-level launch configuration template with AWS Elastic Disaster Recovery.
* api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB API
* api-change:``emr-serverless``: [``botocore``] The GetJobRun API has been updated to include the job's billed resource utilization. This utilization shows the aggregate vCPU, memory and storage that AWS has billed for the job run. The billed resources include a 1-minute minimum usage for workers, plus additional storage over 20 GB per worker.
* api-change:``internetmonitor``: [``botocore``] This release includes a new configurable value, TrafficPercentageToMonitor, which allows users to adjust the amount of traffic monitored by percentage
* api-change:``iotwireless``: [``botocore``] Supports the new feature of LoRaWAN roaming, allows to configure MaxEirp for LoRaWAN gateway, and allows to configure PingSlotPeriod for LoRaWAN multicast group
* api-change:``lambda``: [``botocore``] Add Python 3.10 (python3.10) support to AWS Lambda

1.26.114

========

* api-change:``ecs``: [``botocore``] This release supports  ephemeral storage for AWS Fargate Windows containers.
* api-change:``lambda``: [``botocore``] This release adds SnapStart related exceptions to InvokeWithResponseStream API. IAM access related documentation is also added for this API.
* api-change:``migration-hub-refactor-spaces``: [``botocore``] Doc only update for Refactor Spaces environments without network bridge feature.
* api-change:``rds``: [``botocore``] This release adds support of modifying the engine mode of database clusters.

1.26.113

========

* api-change:``chime-sdk-voice``: [``botocore``] This release adds tagging support for Voice Connectors and SIP Media Applications
* api-change:``mediaconnect``: [``botocore``] Gateway is a new feature of AWS Elemental MediaConnect. Gateway allows the deployment of on-premises resources for the purpose of transporting live video to and from the AWS Cloud.

1.26.112

========

* api-change:``groundstation``: [``botocore``] AWS Ground Station Wideband DigIF GA Release
* api-change:``managedblockchain``: [``botocore``] Removal of the Ropsten network. The Ethereum foundation ceased support of Ropsten on December 31st, 2022..

1.26.111

========

* api-change:``ecr-public``: [``botocore``] This release will allow using registry alias as registryId in BatchDeleteImage request.
* api-change:``emr-serverless``: [``botocore``] This release extends GetJobRun API to return job run timeout (executionTimeoutMinutes) specified during StartJobRun call (or default timeout of 720 minutes if none was specified).
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``iot-data``: [``botocore``] This release adds support for MQTT5 user properties when calling the AWS IoT GetRetainedMessage API
* api-change:``wafv2``: [``botocore``] For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.

1.26.110

========

* api-change:``connect``: [``botocore``] This release adds the ability to configure an agent's routing profile to receive contacts from multiple channels at the same time via extending the UpdateRoutingProfileConcurrency, CreateRoutingProfile and DescribeRoutingProfile APIs.
* api-change:``ecs``: [``botocore``] This release adds support for enabling FIPS compliance on Amazon ECS Fargate tasks
* api-change:``marketplace-catalog``: [``botocore``] Added three new APIs to support resource sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added new OwnershipType field to ListEntities request to let users filter on entities that are shared with them. Increased max page size of ListEntities response from 20 to 50 results.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK now supports conversion of 608 paint-on captions to pop-on captions for SCC sources.
* api-change:``omics``: [``botocore``] Remove unexpected API changes.
* api-change:``rekognition``: [``botocore``] This release adds support for Face Liveness APIs in Amazon Rekognition. Updates UpdateStreamProcessor to return ResourceInUseException Exception. Minor updates to API documentation.

1.26.109

========

* api-change:``dlm``: [``botocore``] Updated timestamp format for GetLifecyclePolicy API
* api-change:``docdb``: [``botocore``] This release adds a new parameter 'DBClusterParameterGroupName' to 'RestoreDBClusterFromSnapshot' API to associate the name of the DB cluster parameter group while performing restore.
* api-change:``fsx``: [``botocore``] Amazon FSx for Lustre now supports creating data repository associations on Persistent_1 and Scratch_2 file systems.
* api-change:``lambda``: [``botocore``] This release adds a new Lambda InvokeWithResponseStream API to support streaming Lambda function responses. The release also adds a new InvokeMode parameter to Function Url APIs to control whether the response will be streamed or buffered.
* api-change:``quicksight``: [``botocore``] This release has two changes: adding the OR condition to tag-based RLS rules in CreateDataSet and UpdateDataSet; adding RefreshSchedule and Incremental RefreshProperties operations for users to programmatically configure SPICE dataset ingestions.
* api-change:``redshift-data``: [``botocore``] Update documentation of API descriptions as needed in support of temporary credentials with IAM identity.
* api-change:``servicecatalog``: [``botocore``] Updates description for property

1.26.108

========

* api-change:``cloudformation``: [``botocore``] Including UPDATE_COMPLETE as a failed status for DeleteStack waiter.
* api-change:``greengrassv2``: [``botocore``] Add support for SUCCEEDED value in coreDeviceExecutionStatus field. Documentation updates for Greengrass V2.
* api-change:``proton``: [``botocore``] This release adds support for the AWS Proton service sync feature. Service sync enables managing an AWS Proton service (creating and updating instances) and all of it's corresponding service instances from a Git repository.
* api-change:``rds``: [``botocore``] Adds and updates the SDK examples

1.26.107

========

* api-change:``apprunner``: [``botocore``] App Runner adds support for seven new vCPU and memory configurations.
* api-change:``config``: [``botocore``] This release adds resourceType enums for types released in March 2023.
* api-change:``ecs``: [``botocore``] This is a document only updated to add information about Amazon Elastic Inference (EI).
* api-change:``identitystore``: [``botocore``] Documentation updates for Identity Store CLI command reference.
* api-change:``ivs-realtime``: [``botocore``] Fix ParticipantToken ExpirationTime format
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall now supports IPv6-only subnets.
* api-change:``servicecatalog``: [``botocore``] removed incorrect product type value
* api-change:``vpc-lattice``: [``botocore``] This release removes the entities in the API doc model package for auth policies.

1.26.106

========

* api-change:``amplifyuibuilder``: [``botocore``] Support StorageField and custom displays for data-bound options in form builder. Support non-string operands for predicates in collections. Support choosing client to get token from.
* api-change:``autoscaling``: [``botocore``] Documentation updates for Amazon EC2 Auto Scaling
* api-change:``dataexchange``: [``botocore``] This release updates the value of MaxResults.
* api-change:``ec2``: [``botocore``] C6in, M6in, M6idn, R6in and R6idn bare metal instances are powered by 3rd Generation Intel Xeon Scalable processors and offer up to 200 Gbps of network bandwidth.
* api-change:``elastic-inference``: [``botocore``] Updated public documentation for the Describe and Tagging APIs.
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Asynchronous Inference now allows customer's to receive failure model responses in S3 and receive success/failure model responses in SNS notifications.
* api-change:``wafv2``: [``botocore``] This release rolls back association config feature for webACLs that protect CloudFront protections.

1.26.105

========

* api-change:``glue``: [``botocore``] Add support for database-level federation
* api-change:``lakeformation``: [``botocore``] Add support for database-level federation
* api-change:``license-manager``: [``botocore``] This release adds grant override options to the CreateGrantVersion API. These options can be used to specify grant replacement behavior during grant activation.
* api-change:``mwaa``: [``botocore``] This Amazon MWAA release adds the ability to customize the Apache Airflow environment by launching a shell script at startup. This shell script is hosted in your environment's Amazon S3 bucket. Amazon MWAA runs the script before installing requirements and initializing the Apache Airflow process.
* api-change:``servicecatalog``: [``botocore``] This release introduces Service Catalog support for Terraform open source. It enables 1. The notify* APIs to Service Catalog. These APIs are used by the terraform engine to notify the result of the provisioning engine execution. 2. Adds a new TERRAFORM_OPEN_SOURCE product type in CreateProduct API.
* api-change:``wafv2``: [``botocore``] For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.

1.26.104

========

* api-change:``ec2``: [``botocore``] Documentation updates for EC2 On Demand Capacity Reservations
* api-change:``internetmonitor``: [``botocore``] This release adds a new feature for Amazon CloudWatch Internet Monitor that enables customers to deliver internet measurements to Amazon S3 buckets as well as CloudWatch Logs.
* api-change:``resiliencehub``: [``botocore``] Adding EKS related documentation for appTemplateBody
* api-change:``s3``: [``botocore``] Documentation updates for Amazon S3
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] In this release, you can now chose between soft delete and hard delete when calling the DeleteRecord API, so you have more flexibility when it comes to managing online store data.
* api-change:``sms``: [``botocore``] Deprecating AWS Server Migration Service.

1.26.103

========

* api-change:``athena``: [``botocore``] Make DefaultExecutorDpuSize and CoordinatorDpuSize  fields optional  in StartSession
* api-change:``autoscaling``: [``botocore``] Amazon EC2 Auto Scaling now supports Elastic Load Balancing traffic sources with the AttachTrafficSources, DetachTrafficSources, and DescribeTrafficSources APIs. This release also introduces a new activity status, "WaitingForConnectionDraining", for VPC Lattice to the DescribeScalingActivities API.
* api-change:``batch``: [``botocore``] This feature allows Batch on EKS to support configuration of Pod Labels through Metadata for Batch on EKS Jobs.
* api-change:``compute-optimizer``: [``botocore``] This release adds support for HDD EBS volume types and io2 Block Express. We are also adding support for 61 new instance types and instances that have non consecutive runtime.
* api-change:``drs``: [``botocore``] Adding a field to the replication configuration APIs to support the auto replicate new disks feature. We also deprecated RetryDataReplication.
* api-change:``ec2``: [``botocore``] This release adds support for Tunnel Endpoint Lifecycle control, a new feature that provides Site-to-Site VPN customers with better visibility and control of their VPN tunnel maintenance updates.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Data Quality, which helps you evaluate and monitor the quality of your data and includes the API for creating, deleting, or updating data quality rulesets, runs and evaluations.
* api-change:``guardduty``: [``botocore``] Added EKS Runtime Monitoring feature support to existing detector, finding APIs and introducing new Coverage APIs
* api-change:``imagebuilder``: [``botocore``] Adds support for new image workflow details and image vulnerability detection.
* api-change:``ivs``: [``botocore``] Amazon Interactive Video Service (IVS) now offers customers the ability to configure IVS channels to allow insecure RTMP ingest.
* api-change:``kendra``: [``botocore``] AWS Kendra now supports featured results for a query.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall added TLS inspection configurations to allow TLS traffic inspection.
* api-change:``sagemaker-geospatial``: [``botocore``] Amazon SageMaker geospatial capabilities now supports server-side encryption with customer managed KMS key and SageMaker notebooks with a SageMaker geospatial image in a Amazon SageMa