Update django to 4.1.7

[pyup-bot]

This PR updates Django from 4.1.1 to 4.1.7.

Changelog

4.1.7

==========================

*February 14, 2023*

Django 4.1.7 fixes a security issue with severity "moderate" and a bug in
4.1.6.

CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
=========================================================================

Passing certain inputs to multipart forms could result in too many open files
or memory exhaustion, and provided a potential vector for a denial-of-service
attack.

The number of files parts parsed is now limited via the new
:setting:`DATA_UPLOAD_MAX_NUMBER_FILES` setting.

Bugfixes
========

* Fixed a bug in Django 4.1 that caused a crash of model validation on
``ValidationError`` with no ``code`` (:ticket:`34319`).


==========================

4.1.6

==========================

*February 1, 2023*

Django 4.1.6 fixes a security issue with severity "moderate" and a bug in
4.1.5.

CVE-2023-23969: Potential denial-of-service via ``Accept-Language`` headers
===========================================================================

The parsed values of ``Accept-Language`` headers are cached in order to avoid
repetitive parsing. This leads to a potential denial-of-service vector via
excessive memory usage if large header values are sent.

In order to avoid this vulnerability, the ``Accept-Language`` header is now
parsed up to a maximum length.

Bugfixes
========

* Fixed a bug in Django 4.1 that caused a crash of model validation on
``UniqueConstraint`` with ordered expressions (:ticket:`34291`).


==========================

4.1.5

==========================

*January 2, 2023*

Django 4.1.5 fixes a bug in 4.1.4. Also, the latest string translations from
Transifex are incorporated.

Bugfixes
========

* Fixed a long standing bug in the ``__len`` lookup for ``ArrayField`` that
caused a crash of model validation on
:attr:`Meta.constraints <django.db.models.Options.constraints>`
(:ticket:`34205`).


==========================

4.1.4

==========================

*December 6, 2022*

Django 4.1.4 fixes several bugs in 4.1.3.

Bugfixes
========

* Fixed a regression in Django 4.1 that caused an unnecessary table rebuild
when adding a ``ManyToManyField`` on SQLite (:ticket:`34138`).

* Fixed a bug in Django 4.1 that caused a crash of the sitemap index view with
an empty :meth:`Sitemap.items() <django.contrib.sitemaps.Sitemap.items>` and
a callable :attr:`~django.contrib.sitemaps.Sitemap.lastmod`
(:ticket:`34088`).

* Fixed a bug in Django 4.1 that caused a crash using ``acreate()``,
``aget_or_create()``, and ``aupdate_or_create()`` asynchronous methods of
related managers (:ticket:`34139`).

* Fixed a bug in Django 4.1 that caused a crash of ``QuerySet.bulk_create()``
with ``"pk"`` in ``unique_fields`` (:ticket:`34177`).

* Fixed a bug in Django 4.1 that caused a crash of ``QuerySet.bulk_create()``
on fields with ``db_column`` (:ticket:`34171`).


==========================

4.1.3

==========================

*November 1, 2022*

Django 4.1.3 fixes a bug in 4.1.2 and adds compatibility with Python 3.11.

Bugfixes
========

* Fixed a bug in Django 4.1 that caused non-Python files created by
``startproject`` and ``startapp`` management commands from custom templates
to be incorrectly formatted using the ``black`` command (:ticket:`34085`).


==========================

4.1.2

==========================

*October 4, 2022*

Django 4.1.2 fixes a security issue with severity "medium" and several bugs in
4.1.1.

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs
===================================================================================

Internationalized URLs were subject to potential denial of service attack via
the locale parameter.

Bugfixes
========

* Fixed a regression in Django 4.1 that caused a migration crash on PostgreSQL
when adding a model with ``ExclusionConstraint`` (:ticket:`33982`).

* Fixed a regression in Django 4.1 that caused aggregation over a queryset that
contained an ``Exists`` annotation to crash due to too many selected columns
(:ticket:`33992`).

* Fixed a bug in Django 4.1 that caused an incorrect validation of
``CheckConstraint`` on ``NULL`` values (:ticket:`33996`).

* Fixed a regression in Django 4.1 that caused a
``QuerySet.values()/values_list()`` crash on ``ArrayAgg()`` and
``JSONBAgg()`` (:ticket:`34016`).

* Fixed a bug in Django 4.1 that caused :attr:`.ModelAdmin.autocomplete_fields`
to be incorrectly selected after adding/changing related instances via popups
(:ticket:`34025`).

* Fixed a regression in Django 4.1 where the app registry was not populated
when running parallel tests with the ``multiprocessing`` start method
``spawn`` (:ticket:`34010`).

* Fixed a regression in Django 4.1 where the ``--debug-mode`` argument to
``test`` did not work when running parallel tests with the
``multiprocessing`` start method ``spawn`` (:ticket:`34010`).

* Fixed a regression in Django 4.1 that didn't alter a sequence type when
altering type of pre-Django 4.1 serial columns on PostgreSQL
(:ticket:`34058`).

* Fixed a regression in Django 4.1 that caused a crash for :class:`View`
subclasses with asynchronous handlers when handling non-allowed HTTP methods
(:ticket:`34062`).

* Reverted caching related managers for ``ForeignKey``, ``ManyToManyField``,
and ``GenericRelation`` that caused the incorrect refreshing of related
objects (:ticket:`33984`).

* Relaxed the system check added in Django 4.1 for the same name used for
multiple template tag modules to a warning (:ticket:`32987`).


==========================

Links

• PyPI: https://pypi.org/project/django
• Changelog: https://pyup.io/changelogs/django/
• Homepage: https://www.djangoproject.com/

[pyup-bot]

Closing this in favor of #45