Update django to 1.11.7

[pyup-bot]

There's a new version of Django available.
You are currently using 1.11.2. I have updated it to 1.11.7

These links might come in handy: PyPI | Changelog | Homepage

Changelog

1.11.7

===========================

November 1, 2017

Django 1.11.7 fixes several bugs in 1.11.6.

Bugfixes

• Prevented cache.get_or_set() from caching None if the default
  argument is a callable that returns None (:ticket:28601).

• Fixed the Basque DATE_FORMAT string (:ticket:28710).

• Made QuerySet.reverse() affect nulls_first and nulls_last
  (:ticket:28722).

• Fixed unquoted table names in Subquery SQL when using OuterRef
  (:ticket:28689).

===========================

1.11.6

===========================

October 5, 2017

Django 1.11.6 fixes several bugs in 1.11.5.

Bugfixes

• Made the CharField form field convert whitespace-only values to the
  empty_value when strip is enabled (:ticket:28555).

• Fixed crash when using the name of a model's autogenerated primary key
  (id) in an Index's fields (:ticket:28597).

• Fixed a regression in Django 1.9 where a custom view error handler such as
  handler404 that accesses csrf_token could cause CSRF verification
  failures on other pages (:ticket:28488).

===========================

1.11.5

===========================

September 5, 2017

Django 1.11.5 fixes a security issue and several bugs in 1.11.4.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed
a cross-site scripting attack. This vulnerability shouldn't affect most
production sites since you shouldn't run with DEBUG = True (which makes
this page accessible) in your production settings.

Bugfixes

• Fixed GEOS version parsing if the version has a commit hash at the end (new
  in GEOS 3.6.2) (:ticket:28441).

• Added compatibility for cx_Oracle 6 (:ticket:28498).

• Fixed select widget rendering when option values are tuples (:ticket:28502).

• Django 1.11 inadvertently changed the sequence and trigger naming scheme on
  Oracle. This causes errors on INSERTs for some tables if
  'use_returning_into': False is in the OPTIONS part of DATABASES.
  The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily
  requires an update to Oracle tables created with Django 1.11.[1-4]. Use the
  upgrade script in 🎫28451 comment 8 to update sequence and trigger
  names to use the pre-1.11 naming scheme.

• Added POST request support to LogoutView, for equivalence with the
  function-based logout() view (:ticket:28513).

• Omitted pages_per_range from BrinIndex.deconstruct() if it's None
  (:ticket:25809).

• Fixed a regression where SelectDateWidget localized the years in the
  select box (:ticket:28530).

• Fixed a regression in 1.11.4 where runserver crashed with non-Unicode
  system encodings on Python 2 + Windows (:ticket:28487).

• Fixed a regression in Django 1.10 where changes to a ManyToManyField
  weren't logged in the admin change history (:ticket:27998) and prevented
  ManyToManyField initial data in model forms from being affected by
  subsequent model changes (:ticket:28543).

• Fixed non-deterministic results or an AssertionError crash in some
  queries with multiple joins (:ticket:26522).

• Fixed a regression in contrib.auth's login() and logout() views
  where they ignored positional arguments (:ticket:28550).

===========================

1.11.4

===========================

August 1, 2017

Django 1.11.4 fixes several bugs in 1.11.3.

Bugfixes

• Fixed a regression in 1.11.3 on Python 2 where non-ASCII format values
  for date/time widgets results in an empty value in the widget's HTML
  (:ticket:28355).

• Fixed QuerySet.union() and difference() when combining with
  a queryset raising EmptyResultSet (:ticket:28378).

• Fixed a regression in pickling of LazyObject on Python 2 when the wrapped
  object doesn't have __reduce__() (:ticket:28389).

• Fixed crash in runserver's autoreload with Python 2 on Windows with
  non-str environment variables (:ticket:28174).

• Corrected Field.has_changed() to return False for disabled form
  fields: BooleanField, MultipleChoiceField, MultiValueField,
  FileField, ModelChoiceField, and ModelMultipleChoiceField.

• Fixed QuerySet.count() for union(), difference(), and
  intersection() queries. (:ticket:28399).

• Fixed ClearableFileInput rendering as a subwidget of MultiWidget
  (:ticket:28414). Custom clearable_file_input.html widget templates
  will need to adapt for the fact that context values
  checkbox_name, checkbox_id, is_initial, input_text,
  initial_text, and clear_checkbox_label are now attributes of
  widget rather than appearing in the top-level context.

• Fixed queryset crash when using a GenericRelation to a proxy model
  (:ticket:28418).

===========================

1.11.3

===========================

July 1, 2017

Django 1.11.3 fixes several bugs in 1.11.2.

Bugfixes

• Removed an incorrect deprecation warning about a missing renderer
  argument if a Widget.render() method accepts **kwargs
  (:ticket:28265).

• Fixed a regression causing Model.__init__() to crash if a field has an
  instance only descriptor (:ticket:28269).

• Fixed an incorrect DisallowedModelAdminLookup exception when using
  a nested reverse relation in list_filter (:ticket:28262).

• Fixed admin's FieldListFilter.get_queryset() crash on invalid input
  (:ticket:28202).

• Fixed invalid HTML for a required AdminFileWidget (:ticket:28278).

• Fixed model initialization to set the name of class-based model indexes
  for models that only inherit models.Model (:ticket:28282).

• Fixed crash in admin's inlines when a model has an inherited non-editable
  primary key (:ticket:27967).

• Fixed QuerySet.union(), intersection(), and difference() when
  combining with an EmptyQuerySet (:ticket:28293).

• Prevented Paginator’s unordered object list warning from evaluating a
  QuerySet (:ticket:28284).

• Fixed the value of redirect_field_name in LoginView’s template
  context. It's now an empty string (as it is for the original function-based
  login() view) if the corresponding parameter isn't sent in a request (in
  particular, when the login page is accessed directly) (:ticket:28229).

• Prevented attribute values in the django/forms/widgets/attrs.html
  template from being localized so that numeric attributes (e.g. max and
  min) of NumberInput work correctly (:ticket:28303).

• Removed casting of the option value to a string in the template context of
  the CheckboxSelectMultiple, NullBooleanSelect, RadioSelect,
  SelectMultiple, and Select widgets (:ticket:28176). In Django
  1.11.1, casting was added in Python to avoid localization of numeric values
  in Django templates, but this made some use cases more difficult. Casting is
  now done in the template using the |stringformat:'s' filter.

• Prevented a primary key alteration from adding a foreign key constraint if
  db_constraint=False (:ticket:28298).

• Fixed UnboundLocalError crash in RenameField with nonexistent field
  (:ticket:28350).

• Fixed a regression preventing a model field's limit_choices_to from being
  evaluated when a ModelForm is instantiated (:ticket:28345).

===========================

Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.

Happy merging! 🤖

[pyup-bot]

Closing this in favor of #62