Merge branch 'master' into drop-break-long-headers

2024-11-22 09:36:49 +03:00 · 2024-06-15 14:30:29 +06:00 · 2024-06-15 14:30:29 +06:00 · 2445421821
commit 2445421821
parent bf9212d070 1e9b5c15ec
43 changed files with 990 additions and 1182 deletions
--- a/.github/ISSUE_TEMPLATE/1-issue.md
+++ b/.github/ISSUE_TEMPLATE/1-issue.md
@ -5,6 +5,13 @@ about: Please only raise an issue if you've been advised to do so after discussi
 ## Checklist
 <!--
 Note: REST framework is considered feature-complete. New functionality should be implemented outside the core REST framework. For details, please check the docs: https://www.django-rest-framework.org/community/third-party-packages/#about-third-party-packages
 -->
 - [ ] Raised initially as discussion #...
- [ ] This cannot be dealt with as a third party library. (We prefer new functionality to be [in the form of third party libraries](https://www.django-rest-framework.org/community/third-party-packages/#about-third-party-packages) where possible.)
+- [ ] This is not a feature request suitable for implementation outside this project. Please elaborate what it is:
  - [ ] compatibility fix for new Django/Python version ...
  - [ ] other type of bug fix
  - [ ] other type of improvement that does not touch existing code or change existing behavior (e.g. wrapper for new Django field)
 - [ ] I have reduced the issue to the simplest possible case.
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -14,8 +14,6 @@ jobs:
    strategy:
      matrix:
        python-version:
        - '3.6'
        - '3.7'
        - '3.8'
        - '3.9'
        - '3.10'
@ -37,18 +35,9 @@ jobs:
    - name: Install dependencies
      run: python -m pip install --upgrade codecov tox
    - name: Install tox-py
      if: ${{ matrix.python-version == '3.6' }}
      run: python -m pip install --upgrade tox-py
    - name: Run tox targets for ${{ matrix.python-version }}
      if: ${{ matrix.python-version != '3.6' }}
      run: tox run -f py$(echo ${{ matrix.python-version }} | tr -d .)
    - name: Run tox targets for ${{ matrix.python-version }}
      if: ${{ matrix.python-version == '3.6' }}
      run: tox --py current
    - name: Run extra tox targets
      if: ${{ matrix.python-version == '3.9' }}
      run: |
--- a/PULL_REQUEST_TEMPLATE.md
+++ b/PULL_REQUEST_TEMPLATE.md
@ -1,4 +1,4 @@
-*Note*: Before submitting this pull request, please review our [contributing guidelines](https://www.django-rest-framework.org/community/contributing/#pull-requests).
+*Note*: Before submitting a code change, please review our [contributing guidelines](https://www.django-rest-framework.org/community/contributing/#pull-requests).
 ## Description
--- a/README.md
+++ b/README.md
@ -53,8 +53,8 @@ Some reasons you might want to use REST framework:
 # Requirements
-* Python 3.6+
+* Python 3.8+
-* Django 5.0, 4.2, 4.1, 4.0, 3.2, 3.1, 3.0
+* Django 5.0, 4.2
 We **highly recommend** and only officially support the latest patch release of
 each Python and Django series.
@ -172,8 +172,6 @@ Full documentation for the project is available at [https://www.django-rest-fram
 For questions and support, use the [REST framework discussion group][group], or `#restframework` on libera.chat IRC.
 You may also want to [follow the author on Twitter][twitter].
 # Security
 Please see the [security policy][security-policy].
@ -184,7 +182,6 @@ Please see the [security policy][security-policy].
 [codecov]: https://codecov.io/github/encode/django-rest-framework?branch=master
 [pypi-version]: https://img.shields.io/pypi/v/djangorestframework.svg
 [pypi]: https://pypi.org/project/djangorestframework/
 [twitter]: https://twitter.com/starletdreaming
 [group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework
 [funding]: https://fund.django-rest-framework.org/topics/funding/
--- a/docs/api-guide/serializers.md
+++ b/docs/api-guide/serializers.md
@ -845,8 +845,6 @@ Here's an example of how you might choose to implement multiple updates:
        class Meta:
            list_serializer_class = BookListSerializer
 It is possible that a third party package may be included alongside the 3.1 release that provides some automatic support for multiple update operations, similar to the `allow_add_remove` behavior that was present in REST framework 2.
 #### Customizing ListSerializer initialization
 When a serializer with `many=True` is instantiated, we need to determine which arguments and keyword arguments should be passed to the `.__init__()` method for both the child `Serializer` class, and for the parent `ListSerializer` class.
--- a/docs/community/contributing.md
+++ b/docs/community/contributing.md
@ -6,11 +6,9 @@
 There are many ways you can contribute to Django REST framework.  We'd like it to be a community-led project, so please get involved and help shape the future of the project.
---
+!!! note
-**Note**: At this point in it's lifespan we consider Django REST framework to be essentially feature-complete. We may accept pull requests that track the continued development of Django versions, but would prefer not to accept new features or code formatting changes.
+    At this point in its lifespan we consider Django REST framework to be feature-complete. We focus on pull requests that track the continued development of Django versions, and generally do not accept new features or code formatting changes.
 ---
 ## Community
@ -36,10 +34,9 @@ Our contribution process is that the [GitHub discussions page](https://github.co
 Some tips on good potential issue reporting:
-* When describing issues try to phrase your ticket in terms of the *behavior* you think needs changing rather than the *code* you think need changing.
+* Django REST framework is considered feature-complete. Please do not file requests to change behavior, unless it is required for security reasons or to maintain compatibility with upcoming Django or Python versions.
 * Search the GitHub project page for related items, and make sure you're running the latest version of REST framework before reporting an issue.
-* Feature requests will often be closed with a recommendation that they be implemented outside of the core REST framework library.  Keeping new feature requests implemented as third party libraries allows us to keep down the maintenance overhead of REST framework, so that the focus can be on continued stability, bugfixes, and great documentation. At this point in it's lifespan we consider Django REST framework to be essentially feature-complete.
+* Feature requests will typically be closed with a recommendation that they be implemented outside the core REST framework library (e.g. as third-party libraries).  This approach allows us to keep down the maintenance overhead of REST framework, so that the focus can be on continued stability and great documentation.
 * Closing an issue doesn't necessarily mean the end of a discussion.  If you believe your issue has been closed incorrectly, explain why and we'll consider if it needs to be reopened.
 ## Triaging issues
@ -48,8 +45,8 @@ Getting involved in triaging incoming issues is a good way to start contributing
 * Read through the ticket - does it make sense, is it missing any context that would help explain it better?
 * Is the ticket reported in the correct place, would it be better suited as a discussion on the discussion group?
 * If the ticket is a bug report, can you reproduce it? Are you able to write a failing test case that demonstrates the issue and that can be submitted as a pull request?
-* If the ticket is a feature request, do you agree with it, and could the feature request instead be implemented as a third party package?
+* If the ticket is a feature request, could the feature request instead be implemented as a third party package?
-* If a ticket hasn't had much activity and it addresses something you need, then comment on the ticket and try to find out what's needed to get it moving again.
+* If a ticket hasn't had much activity and addresses something you need, then comment on the ticket and try to find out what's needed to get it moving again.
 # Development
--- a/docs/community/project-management.md
+++ b/docs/community/project-management.md
@ -13,55 +13,13 @@ The aim is to ensure that the project has a high
 ## Maintenance team
-We have a quarterly maintenance cycle where new members may join the maintenance team. We currently cap the size of the team at 5 members, and may encourage folks to step out of the team for a cycle to allow new members to participate.
+[Participating actively in the REST framework project](contributing.md) **does not require being part of the maintenance team**. Almost every important part of issue triage and project improvement can be actively worked on regardless of your collaborator status on the repository.
-#### Current team
+#### Composition
-The [maintenance team for Q4 2015](https://github.com/encode/django-rest-framework/issues/2190):
+The composition of the maintenance team is handled by [@tomchristie](https://github.com/encode/). Team members will be added as collaborators to the repository.
-* [@tomchristie](https://github.com/encode/)
+#### Responsibilities
 * [@xordoquy](https://github.com/xordoquy/) (Release manager.)
 * [@carltongibson](https://github.com/carltongibson/)
 * [@kevin-brown](https://github.com/kevin-brown/)
 * [@jpadilla](https://github.com/jpadilla/)
 #### Maintenance cycles
 Each maintenance cycle is initiated by an issue being opened with the `Process` label.
 * To be considered for a maintainer role simply comment against the issue.
 * Existing members must explicitly opt-in to the next cycle by check-marking their name.
 * The final decision on the incoming team will be made by `@tomchristie`.
 Members of the maintenance team will be added as collaborators to the repository.
 The following template should be used for the description of the issue, and serves as the formal process for selecting the team.
    This issue is for determining the maintenance team for the *** period.
    Please see the [Project management](https://www.django-rest-framework.org/topics/project-management/) section of our documentation for more details.
    ---
    #### Renewing existing members.
    The following people are the current maintenance team. Please checkmark your name if you wish to continue to have write permission on the repository for the *** period.
    - [ ] @***
    - [ ] @***
    - [ ] @***
    - [ ] @***
    - [ ] @***
    ---
    #### New members.
    If you wish to be considered for this or a future date, please comment against this or subsequent issues.
    To modify this process for future maintenance cycles make a pull request to the [project management](https://www.django-rest-framework.org/topics/project-management/) documentation.
 #### Responsibilities of team members
 Team members have the following responsibilities.
@ -78,16 +36,12 @@ Further notes for maintainers:
 * Each issue/pull request should have exactly one label once triaged.
 * Search for un-triaged issues with [is:open no:label][un-triaged].
 It should be noted that participating actively in the REST framework project clearly **does not require being part of the maintenance team**. Almost every import part of issue triage and project improvement can be actively worked on regardless of your collaborator status on the repository.
 ---
 ## Release process
-The release manager is selected on every quarterly maintenance cycle.
+* The release manager is selected by `@tomchristie`.
-
+* The release manager will then have the maintainer role added to PyPI package.
 * The manager should be selected by `@tomchristie`.
 * The manager will then have the maintainer role added to PyPI package.
 * The previous manager will then have the maintainer role removed from the PyPI package.
 Our PyPI releases will be handled by either the current release manager, or by `@tomchristie`. Every release should have an open issue tagged with the `Release` label and marked against the appropriate milestone.
@ -198,7 +152,7 @@ If `@tomchristie` ceases to participate in the project then `@j4mie` has respons
 The following issues still need to be addressed:
-* Ensure `@jamie` has back-up access to the `django-rest-framework.org` domain setup and admin.
+* Ensure `@j4mie` has back-up access to the `django-rest-framework.org` domain setup and admin.
 * Document ownership of the [mailing list][mailing-list] and IRC channel.
 * Document ownership and management of the security mailing list.
--- a/docs/community/release-notes.md
+++ b/docs/community/release-notes.md
@ -2,11 +2,13 @@
 ## Versioning
-Minor version numbers (0.0.x) are used for changes that are API compatible.  You should be able to upgrade between minor point releases without any other code changes.
+- **Minor** version numbers (0.0.x) are used for changes that are API compatible.  You should be able to upgrade between minor point releases without any other code changes.
-Medium version numbers (0.x.0) may include API changes, in line with the [deprecation policy][deprecation-policy].  You should read the release notes carefully before upgrading between medium point releases.
+- **Medium** version numbers (0.x.0) may include API changes, in line with the [deprecation policy][deprecation-policy].  You should read the release notes carefully before upgrading between medium point releases.
-Major version numbers (x.0.0) are reserved for substantial project milestones.
+- **Major** version numbers (x.0.0) are reserved for substantial project milestones.
 As REST Framework is considered feature-complete, most releases are expected to be minor releases.
 ## Deprecation policy
@ -36,6 +38,15 @@ You can determine your currently installed version using `pip show`:
 ## 3.15.x series
 ### 3.15.2
 **Date**: 14th June 2024
 * Fix potential XSS vulnerability in browsable API. [#9435](https://github.com/encode/django-rest-framework/pull/9157)
 * Revert "Ensure CursorPagination respects nulls in the ordering field". [#9381](https://github.com/encode/django-rest-framework/pull/9381)
 * Use warnings rather than logging a warning for DecimalField. [#9367](https://github.com/encode/django-rest-framework/pull/9367)
 * Remove unused code. [#9393](https://github.com/encode/django-rest-framework/pull/9393)
 ### 3.15.1
 Date: 22nd March 2024
--- a/docs/index.md
+++ b/docs/index.md
@ -86,8 +86,8 @@ continued development by **[signing up for a paid plan][funding]**.
 REST framework requires the following:
-* Python (3.6, 3.7, 3.8, 3.9, 3.10, 3.11)
+* Django (4.2, 5.0)
-* Django (3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0)
+* Python (3.8, 3.9, 3.10, 3.11, 3.12)
 We **highly recommend** and only officially support the latest patch release of
 each Python and Django series.
@ -95,8 +95,8 @@ each Python and Django series.
 The following packages are optional:
 * [PyYAML][pyyaml], [uritemplate][uriteemplate] (5.1+, 3.0.0+) - Schema generation support.
-* [Markdown][markdown] (3.0.0+) - Markdown support for the browsable API.
+* [Markdown][markdown] (3.3.0+) - Markdown support for the browsable API.
-* [Pygments][pygments] (2.4.0+) - Add syntax highlighting to Markdown processing.
+* [Pygments][pygments] (2.7.0+) - Add syntax highlighting to Markdown processing.
 * [django-filter][django-filter] (1.0.1+) - Filtering support.
 * [django-guardian][django-guardian] (1.1.1+) - Object level permissions support.
@ -184,7 +184,7 @@ Can't wait to get started? The [quickstart guide][quickstart] is the fastest way
 ## Development
 See the [Contribution guidelines][contributing] for information on how to clone
-the repository, run the test suite and contribute changes back to REST
+the repository, run the test suite and help maintain the code base of REST
 Framework.
 ## Support
--- a/docs/tutorial/1-serialization.md
+++ b/docs/tutorial/1-serialization.md
@ -165,7 +165,7 @@ Deserialization is similar.  First we parse a stream into Python native datatype
    serializer.is_valid()
    # True
    serializer.validated_data
-    # OrderedDict([('title', ''), ('code', 'print("hello, world")\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')])
+    # {'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'}
    serializer.save()
    # <Snippet: Snippet object>
@ -175,7 +175,7 @@ We can also serialize querysets instead of model instances.  To do so we simply
    serializer = SnippetSerializer(Snippet.objects.all(), many=True)
    serializer.data
-    # [OrderedDict([('id', 1), ('title', ''), ('code', 'foo = "bar"\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')]), OrderedDict([('id', 2), ('title', ''), ('code', 'print("hello, world")\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')]), OrderedDict([('id', 3), ('title', ''), ('code', 'print("hello, world")'), ('linenos', False), ('language', 'python'), ('style', 'friendly')])]
+    # [{'id': 1, 'title': '', 'code': 'foo = "bar"\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 2, 'title': '', 'code': 'print("hello, world")\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 3, 'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'}]
 ## Using ModelSerializers
@ -321,7 +321,7 @@ You can install httpie using pip:
 Finally, we can get a list of all of the snippets:
-    http http://127.0.0.1:8000/snippets/
+    http http://127.0.0.1:8000/snippets/ --unsorted
    HTTP/1.1 200 OK
    ...
@ -341,12 +341,20 @@ Finally, we can get a list of all of the snippets:
            "linenos": false,
            "language": "python",
            "style": "friendly"
        },
        {
            "id": 3,
            "title": "",
            "code": "print(\"hello, world\")",
            "linenos": false,
            "language": "python",
            "style": "friendly"
        }
    ]
 Or we can get a particular snippet by referencing its id:
-    http http://127.0.0.1:8000/snippets/2/
+    http http://127.0.0.1:8000/snippets/2/ --unsorted
    HTTP/1.1 200 OK
    ...
--- a/docs/tutorial/quickstart.md
+++ b/docs/tutorial/quickstart.md
@ -15,7 +15,6 @@ Create a new Django project named `tutorial`, then start a new app called `quick
    source env/bin/activate  # On Windows use `env\Scripts\activate`
    # Install Django and Django REST framework into the virtual environment
    pip install django
    pip install djangorestframework
    # Set up a new project with a single application
--- a/docs_theme/css/default.css
+++ b/docs_theme/css/default.css
@ -439,3 +439,17 @@ ul.sponsor {
  display: inline-block !important;
 }
 /* admonition */
 .admonition {
  border: .075rem solid #448aff;
  border-radius: .2rem;
  margin: 1.5625em 0;
  padding: 0 .6rem;
 }
 .admonition-title {
  background: #448aff1a;
  font-weight: 700;
  margin:  0 -.6rem 1em;
  padding: 0.4rem 0.6rem;
 }
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -9,6 +9,7 @@ theme:
    custom_dir: docs_theme
 markdown_extensions:
 - admonition
 - toc:
    anchorlink: True
--- a/requirements/requirements-documentation.txt
+++ b/requirements/requirements-documentation.txt
@ -1,6 +1,5 @@
 # MkDocs to build our documentation.
-mkdocs==1.2.4
+mkdocs==1.6.0
 jinja2>=2.10,<3.1.0 # contextfilter has been renamed
 # pylinkvalidator to check for broken links in documentation.
 pylinkvalidator==0.3
--- a/requirements/requirements-optionals.txt
+++ b/requirements/requirements-optionals.txt
@ -6,5 +6,5 @@ django-guardian>=2.4.0,<2.5
 inflection==0.5.1
 markdown>=3.3.7
 psycopg2-binary>=2.9.5,<2.10
-pygments>=2.12.0,<2.14.0
+pygments~=2.17.0
 pyyaml>=5.3.1,<5.4
--- a/rest_framework/init.py
+++ b/rest_framework/init.py
@ -7,10 +7,8 @@ ______ _____ _____ _____    __
 \_| \_\____/\____/  \_/   |_| |_|  \__,_|_| |_| |_|\___| \_/\_/ \___/|_|  |_|\_|
 """
 import django
 __title__ = 'Django REST framework'
-__version__ = '3.15.1'
+__version__ = '3.15.2'
 __author__ = 'Tom Christie'
 __license__ = 'BSD 3-Clause'
 __copyright__ = 'Copyright 2011-2023 Encode OSS Ltd'
@ -25,11 +23,7 @@ HTTP_HEADER_ENCODING = 'iso-8859-1'
 ISO_8601 = 'iso-8601'
-if django.VERSION < (3, 2):
+class RemovedInDRF316Warning(DeprecationWarning):
    default_app_config = 'rest_framework.apps.RestFrameworkConfig'
 class RemovedInDRF315Warning(DeprecationWarning):
    pass
--- a/rest_framework/authtoken/init.py
+++ b/rest_framework/authtoken/init.py
@ -1,4 +0,0 @@
 import django
 if django.VERSION < (3, 2):
    default_app_config = 'rest_framework.authtoken.apps.AuthTokenConfig'
--- a/rest_framework/compat.py
+++ b/rest_framework/compat.py
@ -151,30 +151,6 @@ else:
        return False
 if django.VERSION >= (4, 2):
    # Django 4.2+: use the stock parse_header_parameters function
    # Note: Django 4.1 also has an implementation of parse_header_parameters
    #       which is slightly different from the one in 4.2, it needs
    #       the compatibility shim as well.
    from django.utils.http import parse_header_parameters
 else:
    # Django <= 4.1: create a compatibility shim for parse_header_parameters
    from django.http.multipartparser import parse_header
    def parse_header_parameters(line):
        # parse_header works with bytes, but parse_header_parameters
        # works with strings. Call encode to convert the line to bytes.
        main_value_pair, params = parse_header(line.encode())
        return main_value_pair, {
            # parse_header will convert *some* values to string.
            # parse_header_parameters converts *all* values to string.
            # Make sure all values are converted by calling decode on
            # any remaining non-string values.
            k: v if isinstance(v, str) else v.decode()
            for k, v in params.items()
        }
 if django.VERSION >= (5, 1):
    # Django 5.1+: use the stock ip_address_validators function
    # Note: Before Django 5.1, ip_address_validators returns a tuple containing
--- a/rest_framework/fields.py
+++ b/rest_framework/fields.py
@ -4,9 +4,9 @@ import datetime
 import decimal
 import functools
 import inspect
 import logging
 import re
 import uuid
 import warnings
 from collections.abc import Mapping
 from enum import Enum
@ -44,8 +44,6 @@ from rest_framework.utils.formatting import lazy_format
 from rest_framework.utils.timezone import valid_datetime
 from rest_framework.validators import ProhibitSurrogateCharactersValidator
 logger = logging.getLogger("rest_framework.fields")
 class empty:
    """
@ -989,9 +987,9 @@ class DecimalField(Field):
        self.min_value = min_value
        if self.max_value is not None and not isinstance(self.max_value, decimal.Decimal):
-            logger.warning("max_value in DecimalField should be Decimal type.")
+            warnings.warn("max_value should be a Decimal instance.")
        if self.min_value is not None and not isinstance(self.min_value, decimal.Decimal):
-            logger.warning("min_value in DecimalField should be Decimal type.")
+            warnings.warn("min_value should be a Decimal instance.")
        if self.max_digits is not None and self.decimal_places is not None:
            self.max_whole_digits = self.max_digits - self.decimal_places
--- a/rest_framework/filters.py
+++ b/rest_framework/filters.py
@ -114,10 +114,6 @@ class SearchFilter(BaseFilterBackend):
                    if hasattr(field, "path_infos"):
                        # Update opts to follow the relation.
                        opts = field.path_infos[-1].to_opts
                    # django < 4.1
                    elif hasattr(field, 'get_path_info'):
                        # Update opts to follow the relation.
                        opts = field.get_path_info()[-1].to_opts
            # Otherwise, use the field with icontains.
            lookup = 'icontains'
        return LOOKUP_SEP.join([field_name, lookup])
--- a/rest_framework/pagination.py
+++ b/rest_framework/pagination.py
@ -11,7 +11,6 @@ from urllib import parse
 from django.core.paginator import InvalidPage
 from django.core.paginator import Paginator as DjangoPaginator
 from django.db.models import Q
 from django.template import loader
 from django.utils.encoding import force_str
 from django.utils.translation import gettext_lazy as _
@ -631,7 +630,7 @@ class CursorPagination(BasePagination):
            queryset = queryset.order_by(*self.ordering)
        # If we have a cursor with a fixed position then filter by that.
-        if str(current_position) != 'None':
+        if current_position is not None:
            order = self.ordering[0]
            is_reversed = order.startswith('-')
            order_attr = order.lstrip('-')
@ -642,12 +641,7 @@ class CursorPagination(BasePagination):
            else:
                kwargs = {order_attr + '__gt': current_position}
-            filter_query = Q(**kwargs)
+            queryset = queryset.filter(**kwargs)
            # If some records contain a null for the ordering field, don't lose them.
            # When reverse ordering, nulls will come last and need to be included.
            if (reverse and not is_reversed) or is_reversed:
                filter_query |= Q(**{order_attr + '__isnull': True})
            queryset = queryset.filter(filter_query)
        # If we have an offset cursor then offset the entire page by that amount.
        # We also always fetch an extra item in order to determine if there is a
@ -720,7 +714,7 @@ class CursorPagination(BasePagination):
                # The item in this position and the item following it
                # have different positions. We can use this position as
                # our marker.
-                has_item_with_unique_position = position is not None
+                has_item_with_unique_position = True
                break
            # The item in this position has the same position as the item
@ -773,7 +767,7 @@ class CursorPagination(BasePagination):
                # The item in this position and the item following it
                # have different positions. We can use this position as
                # our marker.
-                has_item_with_unique_position = position is not None
+                has_item_with_unique_position = True
                break
            # The item in this position has the same position as the item
@ -896,7 +890,7 @@ class CursorPagination(BasePagination):
            attr = instance[field_name]
        else:
            attr = getattr(instance, field_name)
-        return None if attr is None else str(attr)
+        return str(attr)
    def get_paginated_response(self, data):
        return Response({
--- a/rest_framework/parsers.py
+++ b/rest_framework/parsers.py
@ -15,9 +15,9 @@ from django.http.multipartparser import ChunkIter
 from django.http.multipartparser import \
    MultiPartParser as DjangoMultiPartParser
 from django.http.multipartparser import MultiPartParserError
 from django.utils.http import parse_header_parameters
 from rest_framework import renderers
 from rest_framework.compat import parse_header_parameters
 from rest_framework.exceptions import ParseError
 from rest_framework.settings import api_settings
 from rest_framework.utils import json
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@ -54,6 +54,9 @@ class OperandHolder(OperationHolderMixin):
            self.op2_class == other.op2_class
        )
    def __hash__(self):
        return hash((self.operator_class, self.op1_class, self.op2_class))
 class AND:
    def __init__(self, op1, op2):
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@ -19,12 +19,13 @@ from django.core.paginator import Page
 from django.template import engines, loader
 from django.urls import NoReverseMatch
 from django.utils.html import mark_safe
 from django.utils.http import parse_header_parameters
 from django.utils.safestring import SafeString
 from rest_framework import VERSION, exceptions, serializers, status
 from rest_framework.compat import (
    INDENT_SEPARATORS, LONG_SEPARATORS, SHORT_SEPARATORS, coreapi, coreschema,
-    parse_header_parameters, pygments_css, yaml
+    pygments_css, yaml
 )
 from rest_framework.exceptions import ParseError
 from rest_framework.request import is_form_media_type, override_method
--- a/rest_framework/request.py
+++ b/rest_framework/request.py
@ -16,9 +16,9 @@ from django.conf import settings
 from django.http import HttpRequest, QueryDict
 from django.http.request import RawPostDataException
 from django.utils.datastructures import MultiValueDict
 from django.utils.http import parse_header_parameters
 from rest_framework import exceptions
 from rest_framework.compat import parse_header_parameters
 from rest_framework.settings import api_settings
--- a/rest_framework/schemas/openapi.py
+++ b/rest_framework/schemas/openapi.py
@ -12,7 +12,7 @@ from django.db import models
 from django.utils.encoding import force_str
 from rest_framework import (
-    RemovedInDRF315Warning, exceptions, renderers, serializers
+    RemovedInDRF316Warning, exceptions, renderers, serializers
 )
 from rest_framework.compat import inflection, uritemplate
 from rest_framework.fields import _UnvalidatedField, empty
@ -725,7 +725,7 @@ class AutoSchema(ViewInspector):
    def _get_reference(self, serializer):
        warnings.warn(
            "Method `_get_reference()` has been renamed to `get_reference()`. "
-            "The old name will be removed in DRF v3.15.",
+            "The old name will be removed in DRF v3.16.",
-            RemovedInDRF315Warning, stacklevel=2
+            RemovedInDRF316Warning, stacklevel=2
        )
        return self.get_reference(serializer)
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@ -313,3 +313,4 @@ def smart_urlquote_wrapper(matched_url):
        return smart_urlquote(matched_url)
    except ValueError:
        return None
--- a/rest_framework/test.py
+++ b/rest_framework/test.py
@ -3,7 +3,6 @@
 import io
 from importlib import import_module
 import django
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured
 from django.core.handlers.wsgi import WSGIHandler
@ -394,19 +393,7 @@ class URLPatternsTestCase(testcases.SimpleTestCase):
        cls._override.enable()
        if django.VERSION > (4, 0):
        cls.addClassCleanup(cls._override.disable)
        cls.addClassCleanup(cleanup_url_patterns, cls)
        super().setUpClass()
    if django.VERSION < (4, 0):
        @classmethod
        def tearDownClass(cls):
            super().tearDownClass()
            cls._override.disable()
            if hasattr(cls, '_module_urlpatterns'):
                cls._module.urlpatterns = cls._module_urlpatterns
            else:
                del cls._module.urlpatterns
--- a/rest_framework/utils/mediatypes.py
+++ b/rest_framework/utils/mediatypes.py
@ -3,7 +3,7 @@ Handling of media types, as found in HTTP Content-Type and Accept headers.
 See https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
 """
-from rest_framework.compat import parse_header_parameters
+from django.utils.http import parse_header_parameters
 def media_type_matches(lhs, rhs):
--- a/setup.cfg
+++ b/setup.cfg
@ -3,7 +3,7 @@ license_files = LICENSE.md
 [tool:pytest]
 addopts=--tb=short --strict-markers -ra
-testspath = tests
+testpaths = tests
 filterwarnings = ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF317Warning
 [flake8]
--- a/setup.py
+++ b/setup.py
@ -8,7 +8,7 @@ from io import open
 from setuptools import find_packages, setup
 CURRENT_PYTHON = sys.version_info[:2]
-REQUIRED_PYTHON = (3, 6)
+REQUIRED_PYTHON = (3, 8)
 # This check and everything above must remain compatible with Python 2.7.
 if CURRENT_PYTHON < REQUIRED_PYTHON:
@ -83,18 +83,13 @@ setup(
    author_email='tom@tomchristie.com',  # SEE NOTE BELOW (*)
    packages=find_packages(exclude=['tests*']),
    include_package_data=True,
-    install_requires=["django>=3.0", 'backports.zoneinfo;python_version<"3.9"'],
+    install_requires=["django>=4.2", 'backports.zoneinfo;python_version<"3.9"'],
-    python_requires=">=3.6",
+    python_requires=">=3.8",
    zip_safe=False,
    classifiers=[
        'Development Status :: 5 - Production/Stable',
        'Environment :: Web Environment',
        'Framework :: Django',
        'Framework :: Django :: 3.0',
        'Framework :: Django :: 3.1',
        'Framework :: Django :: 3.2',
        'Framework :: Django :: 4.0',
        'Framework :: Django :: 4.1',
        'Framework :: Django :: 4.2',
        'Framework :: Django :: 5.0',
        'Intended Audience :: Developers',
@ -102,8 +97,6 @@ setup(
        'Operating System :: OS Independent',
        'Programming Language :: Python',
        'Programming Language :: Python :: 3',
        'Programming Language :: Python :: 3.6',
        'Programming Language :: Python :: 3.7',
        'Programming Language :: Python :: 3.8',
        'Programming Language :: Python :: 3.9',
        'Programming Language :: Python :: 3.10',
--- a/tests/authentication/test_authentication.py
+++ b/tests/authentication/test_authentication.py
@ -1,6 +1,5 @@
 import base64
 import django
 import pytest
 from django.conf import settings
 from django.contrib.auth.models import User
@ -235,21 +234,13 @@ class SessionAuthTests(TestCase):
        Ensure POSTing form over session authentication with CSRF token succeeds.
        Regression test for #6088
        """
        # Remove this shim when dropping support for Django 3.0.
        if django.VERSION < (3, 1):
            from django.middleware.csrf import _get_new_csrf_token
        else:
            from django.middleware.csrf import (
                _get_new_csrf_string, _mask_cipher_secret
            )
            def _get_new_csrf_token():
                return _mask_cipher_secret(_get_new_csrf_string())
        self.csrf_client.login(username=self.username, password=self.password)
        # Set the csrf_token cookie so that CsrfViewMiddleware._get_token() works
-        token = _get_new_csrf_token()
+        from django.middleware.csrf import (
            _get_new_csrf_string, _mask_cipher_secret
        )
        token = _mask_cipher_secret(_get_new_csrf_string())
        self.csrf_client.cookies[settings.CSRF_COOKIE_NAME] = token
        # Post the token matching the cookie value
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -13,8 +13,6 @@ def pytest_addoption(parser):
 def pytest_configure(config):
    from django.conf import settings
    # USE_L10N is deprecated, and will be removed in Django 5.0.
    use_l10n = {"USE_L10N": True} if django.VERSION < (4, 0) else {}
    settings.configure(
        DEBUG_PROPAGATE_EXCEPTIONS=True,
        DATABASES={
@ -64,7 +62,6 @@ def pytest_configure(config):
        PASSWORD_HASHERS=(
            'django.contrib.auth.hashers.MD5PasswordHasher',
        ),
        **use_l10n,
    )
    # guardian is optional
@ -87,9 +84,6 @@ def pytest_configure(config):
        import rest_framework
        settings.STATIC_ROOT = os.path.join(os.path.dirname(rest_framework.__file__), 'static-root')
        backend = 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
        if django.VERSION < (4, 2):
            settings.STATICFILES_STORAGE = backend
        else:
        settings.STORAGES['staticfiles']['BACKEND'] = backend
    django.setup()
--- a/tests/test_description.py
+++ b/tests/test_description.py
@ -41,7 +41,7 @@ MARKDOWN_DOCSTRING = """<h2 id="an-example-docstring">an example docstring</h2>
 </code></pre>
 <p>indented</p>
 <h2 id="hash-style-header">hash style header</h2>
-<div class="highlight"><pre><span></span><span class="p">[{</span><span class="w"></span><br /><span class="w">    </span><span class="nt">&quot;alpha&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"></span><br /><span class="w">    </span><span class="nt">&quot;beta&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;this is a string&quot;</span><span class="w"></span><br /><span class="p">}]</span><span class="w"></span><br /></pre></div>
+<div class="highlight"><pre><span></span><span class="p">[{</span><br /><span class="w">    </span><span class="nt">&quot;alpha&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><br /><span class="w">    </span><span class="nt">&quot;beta&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;this is a string&quot;</span><br /><span class="p">}]</span><br /></pre></div>
 <p><br /></p>"""
--- a/tests/test_fields.py
+++ b/tests/test_fields.py
@ -4,6 +4,7 @@ import os
 import re
 import sys
 import uuid
 import warnings
 from decimal import ROUND_DOWN, ROUND_UP, Decimal
 from enum import auto
 from unittest.mock import patch
@ -1254,15 +1255,19 @@ class TestMinMaxDecimalField(FieldValues):
    )
    def test_warning_when_not_decimal_types(self, caplog):
-        import logging
+        with warnings.catch_warnings(record=True) as w:
            warnings.simplefilter('always')
            serializers.DecimalField(
                max_digits=3, decimal_places=1,
                min_value=10, max_value=20
            )
-        assert caplog.record_tuples == [
+
-            ("rest_framework.fields", logging.WARNING, "max_value in DecimalField should be Decimal type."),
+            assert len(w) == 2
-            ("rest_framework.fields", logging.WARNING, "min_value in DecimalField should be Decimal type.")
+            assert all(issubclass(i.category, UserWarning) for i in w)
-        ]
+
            assert 'max_value should be a Decimal instance' in str(w[0].message)
            assert 'min_value should be a Decimal instance' in str(w[1].message)
 class TestAllowEmptyStrDecimalFieldWithValidators(FieldValues):
@ -1628,7 +1633,7 @@ class TestCustomTimezoneForDateTimeField(TestCase):
        assert rendered_date == rendered_date_in_timezone
-@pytest.mark.skipif(pytz is None, reason="As Django 4.0 has deprecated pytz, this test should eventually be able to get removed.")
+@pytest.mark.skipif(pytz is None, reason="Django 5.0 has removed pytz; this test should eventually be able to get removed.")
 class TestPytzNaiveDayLightSavingTimeTimeZoneDateTimeField(FieldValues):
    """
    Invalid values for `DateTimeField` with datetime in DST shift (non-existing or ambiguous) and timezone with DST.
--- a/tests/test_model_serializer.py
+++ b/tests/test_model_serializer.py
@ -12,7 +12,6 @@ import re
 import sys
 import tempfile
 import django
 import pytest
 from django.core.exceptions import ImproperlyConfigured
 from django.core.serializers.json import DjangoJSONEncoder
@ -453,14 +452,11 @@ class TestPosgresFieldsMapping(TestCase):
                model = ArrayFieldModel
                fields = ['array_field', 'array_field_with_blank']
        validators = ""
        if django.VERSION < (4, 1):
            validators = ", validators=[<django.core.validators.MaxLengthValidator object>]"
        expected = dedent("""
            TestSerializer():
-                array_field = ListField(allow_empty=False, child=CharField(label='Array field'%s))
+                array_field = ListField(allow_empty=False, child=CharField(label='Array field'))
-                array_field_with_blank = ListField(child=CharField(label='Array field with blank'%s), required=False)
+                array_field_with_blank = ListField(child=CharField(label='Array field with blank'), required=False)
-        """ % (validators, validators))
+        """)
        self.assertEqual(repr(TestSerializer()), expected)
    @pytest.mark.skipif(hasattr(models, 'JSONField'), reason='has models.JSONField')
--- a/tests/test_pagination.py
+++ b/tests/test_pagination.py
@ -972,24 +972,17 @@ class TestCursorPagination(CursorPaginationTestsMixin):
            def __init__(self, items):
                self.items = items
-            def filter(self, q):
+            def filter(self, created__gt=None, created__lt=None):
                q_args = dict(q.deconstruct()[1])
                if not q_args:
                    # django 3.0.x artifact
                    q_args = dict(q.deconstruct()[2])
                created__gt = q_args.get('created__gt')
                created__lt = q_args.get('created__lt')
                if created__gt is not None:
                    return MockQuerySet([
                        item for item in self.items
-                        if item.created is None or item.created > int(created__gt)
+                        if item.created > int(created__gt)
                    ])
                assert created__lt is not None
                return MockQuerySet([
                    item for item in self.items
-                    if item.created is None or item.created < int(created__lt)
+                    if item.created < int(created__lt)
                ])
            def order_by(self, *ordering):
@ -1108,127 +1101,6 @@ class TestCursorPaginationWithValueQueryset(CursorPaginationTestsMixin, TestCase
        return (previous, current, next, previous_url, next_url)
 class NullableCursorPaginationModel(models.Model):
    created = models.IntegerField(null=True)
 class TestCursorPaginationWithNulls(TestCase):
    """
    Unit tests for `pagination.CursorPagination` with ordering on a nullable field.
    """
    def setUp(self):
        class ExamplePagination(pagination.CursorPagination):
            page_size = 1
            ordering = 'created'
        self.pagination = ExamplePagination()
        data = [
            None, None, 3, 4
        ]
        for idx in data:
            NullableCursorPaginationModel.objects.create(created=idx)
        self.queryset = NullableCursorPaginationModel.objects.all()
    get_pages = TestCursorPagination.get_pages
    def test_ascending(self):
        """Test paginating one row at a time, current should go 1, 2, 3, 4, 3, 2, 1."""
        (previous, current, next, previous_url, next_url) = self.get_pages('/')
        assert previous is None
        assert current == [None]
        assert next == [None]
        (previous, current, next, previous_url, next_url) = self.get_pages(next_url)
        assert previous == [None]
        assert current == [None]
        assert next == [3]
        (previous, current, next, previous_url, next_url) = self.get_pages(next_url)
        assert previous == [3]  # [None] paging artifact documented at https://github.com/ddelange/django-rest-framework/blob/3.14.0/rest_framework/pagination.py#L789
        assert current == [3]
        assert next == [4]
        (previous, current, next, previous_url, next_url) = self.get_pages(next_url)
        assert previous == [3]
        assert current == [4]
        assert next is None
        assert next_url is None
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        assert previous == [None]
        assert current == [3]
        assert next == [4]
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        assert previous == [None]
        assert current == [None]
        assert next == [None]  # [3] paging artifact documented at https://github.com/ddelange/django-rest-framework/blob/3.14.0/rest_framework/pagination.py#L731
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        assert previous is None
        assert current == [None]
        assert next == [None]
    def test_descending(self):
        """Test paginating one row at a time, current should go 4, 3, 2, 1, 2, 3, 4."""
        self.pagination.ordering = ('-created',)
        (previous, current, next, previous_url, next_url) = self.get_pages('/')
        assert previous is None
        assert current == [4]
        assert next == [3]
        (previous, current, next, previous_url, next_url) = self.get_pages(next_url)
        assert previous == [None]  # [4] paging artifact
        assert current == [3]
        assert next == [None]
        (previous, current, next, previous_url, next_url) = self.get_pages(next_url)
        assert previous == [None]  # [3] paging artifact
        assert current == [None]
        assert next == [None]
        (previous, current, next, previous_url, next_url) = self.get_pages(next_url)
        assert previous == [None]
        assert current == [None]
        assert next is None
        assert next_url is None
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        assert previous == [3]
        assert current == [None]
        assert next == [None]
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        assert previous == [None]
        assert current == [3]
        assert next == [3]  # [4] paging artifact documented at https://github.com/ddelange/django-rest-framework/blob/3.14.0/rest_framework/pagination.py#L731
        # skip back artifact
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        (previous, current, next, previous_url, next_url) = self.get_pages(previous_url)
        assert previous is None
        assert current == [4]
        assert next == [3]
 def test_get_displayed_page_numbers():
    """
    Test our contextual page display function.
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -716,3 +716,59 @@ class PermissionsCompositionTests(TestCase):
        composed_perm = (IsAuthenticatedUserOwner | permissions.IsAdminUser)
        hasperm = composed_perm().has_object_permission(request, None, None)
        assert hasperm is False
    def test_operand_holder_is_hashable(self):
        assert hash((permissions.IsAuthenticated & permissions.IsAdminUser))
    def test_operand_holder_hash_same_for_same_operands_and_operator(self):
        first_operand_holder = (
            permissions.IsAuthenticated & permissions.IsAdminUser
        )
        second_operand_holder = (
            permissions.IsAuthenticated & permissions.IsAdminUser
        )
        assert hash(first_operand_holder) == hash(second_operand_holder)
    def test_operand_holder_hash_differs_for_different_operands(self):
        first_operand_holder = (
            permissions.IsAuthenticated & permissions.IsAdminUser
        )
        second_operand_holder = (
            permissions.AllowAny & permissions.IsAdminUser
        )
        third_operand_holder = (
            permissions.IsAuthenticated & permissions.AllowAny
        )
        assert hash(first_operand_holder) != hash(second_operand_holder)
        assert hash(first_operand_holder) != hash(third_operand_holder)
        assert hash(second_operand_holder) != hash(third_operand_holder)
    def test_operand_holder_hash_differs_for_different_operators(self):
        first_operand_holder = (
            permissions.IsAuthenticated & permissions.IsAdminUser
        )
        second_operand_holder = (
            permissions.IsAuthenticated | permissions.IsAdminUser
        )
        assert hash(first_operand_holder) != hash(second_operand_holder)
    def test_filtering_permissions(self):
        unfiltered_permissions = [
            permissions.IsAuthenticated & permissions.IsAdminUser,
            permissions.IsAuthenticated & permissions.IsAdminUser,
            permissions.AllowAny,
        ]
        expected_permissions = [
            permissions.IsAuthenticated & permissions.IsAdminUser,
            permissions.AllowAny,
        ]
        filtered_permissions = [
            perm for perm
            in dict.fromkeys(unfiltered_permissions)
        ]
        assert filtered_permissions == expected_permissions
--- a/tests/test_renderers.py
+++ b/tests/test_renderers.py
@ -910,7 +910,7 @@ class TestDocumentationRenderer(TestCase):
            'link': coreapi.Link(url='/data/', action='get', fields=[]),
        }
        html = template.render(context)
-        assert 'testcases list' in html
+        assert 'testcases<span class="w"> </span>list' in html
@pytest.mark.skipif(not coreapi, reason='coreapi is not installed')
--- a/tests/test_testing.py
+++ b/tests/test_testing.py
@ -2,7 +2,6 @@ import itertools
 from io import BytesIO
 from unittest.mock import patch
 import django
 from django.contrib.auth.models import User
 from django.http import HttpResponseRedirect
 from django.shortcuts import redirect
@ -319,10 +318,6 @@ class TestAPIRequestFactory(TestCase):
        assert request.META['CONTENT_TYPE'] == 'application/json'
 def check_urlpatterns(cls):
    assert urlpatterns is not cls.urlpatterns
 class TestUrlPatternTestCase(URLPatternsTestCase):
    urlpatterns = [
        path('', view),
@ -334,17 +329,10 @@ class TestUrlPatternTestCase(URLPatternsTestCase):
        super().setUpClass()
        assert urlpatterns is cls.urlpatterns
        if django.VERSION > (4, 0):
            cls.addClassCleanup(
                check_urlpatterns,
                cls
            )
    if django.VERSION < (4, 0):
    @classmethod
-        def tearDownClass(cls):
+    def doClassCleanups(cls):
        assert urlpatterns is cls.urlpatterns
-            super().tearDownClass()
+        super().doClassCleanups()
        assert urlpatterns is not cls.urlpatterns
    def test_urlpatterns(self):
--- a/tox.ini
+++ b/tox.ini
@ -1,11 +1,9 @@
 [tox]
 envlist =
-       {py36,py37,py38,py39}-django30
+       {py38,py39}-{django42}
-       {py36,py37,py38,py39}-django31
+       {py310}-{django42,django50,djangomain}
-       {py36,py37,py38,py39,py310}-django32
+       {py311}-{django42,django50,djangomain}
-       {py38,py39,py310}-{django40,django41,django42,djangomain}
+       {py312}-{django42,django50,djangomain}
       {py311}-{django41,django42,django50,djangomain}
       {py312}-{django42,djanggo50,djangomain}
       base
       dist
       docs
@ -17,11 +15,6 @@ setenv =
       PYTHONDONTWRITEBYTECODE=1
       PYTHONWARNINGS=once
 deps =
        django30: Django>=3.0,<3.1
        django31: Django>=3.1,<3.2
        django32: Django>=3.2,<4.0
        django40: Django>=4.0,<4.1
        django41: Django>=4.1,<4.2
        django42: Django>=4.2,<5.0
        django50: Django>=5.0,<5.1
        djangomain: https://github.com/django/django/archive/main.tar.gz
`@ -1,4 +1,4 @@`
	`Note: Before submitting this pull request, please review our [contributing guidelines](https://www.django-rest-framework.org/community/contributing/#pull-requests).`	`Note: Before submitting a code change, please review our [contributing guidelines](https://www.django-rest-framework.org/community/contributing/#pull-requests).`

	`## Description`	`## Description`