Merge branch 'encode:main' into master

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,7 @@
+blank_issues_enabled: false
+contact_links:
+- name: Discussions
+  url: https://github.com/encode/django-rest-framework/discussions
+  about: >
+    The "Discussions" forum is where you want to start. 💖
+    Please note that at this point in its lifespan, we consider Django REST framework to be feature-complete.

.github/workflows/main.yml

@@ -3,7 +3,7 @@ name: CI
 on:
   push:
     branches:
-    - master
+    - main
   pull_request:
 
 jobs:
@@ -21,9 +21,9 @@ jobs:
         - '3.13'
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
-    - uses: actions/setup-python@v5
+    - uses: actions/setup-python@v6
       with:
         python-version: ${{ matrix.python-version }}
         cache: 'pip'
@@ -52,9 +52,9 @@ jobs:
     name: Test documentation links
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
-    - uses: actions/setup-python@v5
+    - uses: actions/setup-python@v6
       with:
         python-version: '3.9'
 

.github/workflows/mkdocs-deploy.yml

@@ -0,0 +1,29 @@
+name: mkdocs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - docs/**
+      - docs_theme/**
+      - requirements/requirements-documentation.txt
+      - mkdocs.yml
+      - .github/workflows/mkdocs-deploy.yml
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: github-pages
+    permissions:
+      contents: write
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+    steps:
+      - uses: actions/checkout@v5
+      - run: git fetch --no-tags --prune --depth=1 origin gh-pages
+      - uses: actions/setup-python@v6
+        with:
+          python-version: 3.x
+      - run: pip install -r requirements/requirements-documentation.txt
+      - run: mkdocs gh-deploy

.github/workflows/pre-commit.yml

@@ -3,7 +3,7 @@ name: pre-commit
 on:
   push:
     branches:
-      - master
+      - main
   pull_request:
 
 jobs:
@@ -11,11 +11,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.10"
 

.pre-commit-config.yaml

@@ -31,9 +31,17 @@ repos:
   hooks:
   - id: codespell
     exclude: locale|kickstarter-announcement.md|coreapi-0.1.1.js
+    additional_dependencies:
+      # python doesn't come with a toml parser prior to 3.11
+      - "tomli; python_version < '3.11'"
 
 - repo: https://github.com/asottile/pyupgrade
   rev: v3.19.1
   hooks:
   - id: pyupgrade
     args: ["--py39-plus", "--keep-percent-format"]
+
+- repo: https://github.com/tox-dev/pyproject-fmt
+  rev: v2.6.0
+  hooks:
+  - id: pyproject-fmt

CONTRIBUTING.md

@@ -2,4 +2,6 @@
 
 At this point in its lifespan we consider Django REST framework to be essentially feature-complete. We may accept pull requests that track the continued development of Django versions, but would prefer not to accept new features or code formatting changes.
 
+Apart from minor documentation changes, the [GitHub discussions page](https://github.com/encode/django-rest-framework/discussions) should generally be your starting point. Please only open a pull request if you've been recommended to do so **after discussion**.
+
 The [Contributing guide in the documentation](https://www.django-rest-framework.org/community/contributing/) gives some more information on our process and code of conduct.

README.md

@@ -179,8 +179,8 @@ Please see the [security policy][security-policy].
 
 [build-status-image]: https://github.com/encode/django-rest-framework/actions/workflows/main.yml/badge.svg
 [build-status]: https://github.com/encode/django-rest-framework/actions/workflows/main.yml
-[coverage-status-image]: https://img.shields.io/codecov/c/github/encode/django-rest-framework/master.svg
-[codecov]: https://codecov.io/github/encode/django-rest-framework?branch=master
+[coverage-status-image]: https://img.shields.io/codecov/c/github/encode/django-rest-framework/main.svg
+[codecov]: https://codecov.io/github/encode/django-rest-framework?branch=main
 [pypi-version]: https://img.shields.io/pypi/v/djangorestframework.svg
 [pypi]: https://pypi.org/project/djangorestframework/
 [group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework
@@ -188,16 +188,16 @@ Please see the [security policy][security-policy].
 [funding]: https://fund.django-rest-framework.org/topics/funding/
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
 
-[sentry-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/sentry-readme.png
-[stream-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/stream-readme.png
-[spacinov-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/spacinov-readme.png
-[retool-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/retool-readme.png
-[bitio-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/bitio-readme.png
-[posthog-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/posthog-readme.png
-[cryptapi-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/cryptapi-readme.png
-[fezto-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/fezto-readme.png
-[svix-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/svix-premium.png
-[zuplo-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/zuplo-readme.png
+[sentry-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/sentry-readme.png
+[stream-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/stream-readme.png
+[spacinov-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/spacinov-readme.png
+[retool-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/retool-readme.png
+[bitio-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/bitio-readme.png
+[posthog-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/posthog-readme.png
+[cryptapi-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/cryptapi-readme.png
+[fezto-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/fezto-readme.png
+[svix-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/svix-premium.png
+[zuplo-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/zuplo-readme.png
 
 [sentry-url]: https://getsentry.com/welcome/
 [stream-url]: https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage

docs/api-guide/caching.md

@@ -85,7 +85,7 @@ def get_user_list(request):
 **NOTE:** The [`cache_page`][page] decorator only caches the
 `GET` and `HEAD` responses with status 200.
 
-[page]: https://docs.djangoproject.com/en/dev/topics/cache/#the-per-view-cache
-[cookie]: https://docs.djangoproject.com/en/dev/topics/http/decorators/#django.views.decorators.vary.vary_on_cookie
-[headers]: https://docs.djangoproject.com/en/dev/topics/http/decorators/#django.views.decorators.vary.vary_on_headers
-[decorator]: https://docs.djangoproject.com/en/dev/topics/class-based-views/intro/#decorating-the-class
+[page]: https://docs.djangoproject.com/en/stable/topics/cache/#the-per-view-cache
+[cookie]: https://docs.djangoproject.com/en/stable/topics/http/decorators/#django.views.decorators.vary.vary_on_cookie
+[headers]: https://docs.djangoproject.com/en/stable/topics/http/decorators/#django.views.decorators.vary.vary_on_headers
+[decorator]: https://docs.djangoproject.com/en/stable/topics/class-based-views/intro/#decorating-the-class

docs/api-guide/exceptions.md

@@ -269,5 +269,5 @@ The [drf-standardized-errors][drf-standardized-errors] package provides an excep
 
 [cite]: https://doughellmann.com/blog/2009/06/19/python-exception-handling-techniques/
 [authentication]: authentication.md
-[django-custom-error-views]: https://docs.djangoproject.com/en/dev/topics/http/views/#customizing-error-views
+[django-custom-error-views]: https://docs.djangoproject.com/en/stable/topics/http/views/#customizing-error-views
 [drf-standardized-errors]: https://github.com/ghazi-git/drf-standardized-errors

docs/api-guide/fields.md

@@ -42,7 +42,7 @@ Set to false if this field is not required to be present during deserialization.
 
 Setting this to `False` also allows the object attribute or dictionary key to be omitted from output when serializing the instance. If the key is not present it will simply not be included in the output representation.
 
-Defaults to `True`. If you're using [Model Serializer](https://www.django-rest-framework.org/api-guide/serializers/#modelserializer) default value will be `False` if you have specified `blank=True` or `default` or `null=True` at your field in your `Model`.
+Defaults to `True`. If you're using [Model Serializer](https://www.django-rest-framework.org/api-guide/serializers/#modelserializer), the default value will be `False` when you have specified a `default`, or when the corresponding `Model` field has `blank=True` or `null=True` and is not part of a unique constraint at the same time. (Note that without a `default` value, [unique constraints will cause the field to be required](https://www.django-rest-framework.org/api-guide/validators/#optional-fields).)
 
 ### `default`
 
@@ -377,13 +377,16 @@ A Duration representation.
 Corresponds to `django.db.models.fields.DurationField`
 
 The `validated_data` for these fields will contain a `datetime.timedelta` instance.
-The representation is a string following this format `'[DD] [HH:[MM:]]ss[.uuuuuu]'`.
 
-**Signature:** `DurationField(max_value=None, min_value=None)`
+**Signature:** `DurationField(format=api_settings.DURATION_FORMAT, max_value=None, min_value=None)`
 
+* `format` - A string representing the output format.  If not specified, this defaults to the same value as the `DURATION_FORMAT` settings key, which will be `'django'` unless set. Formats are described below. Setting this value to `None` indicates that Python `timedelta` objects should be returned by `to_representation`. In this case the date encoding will be determined by the renderer.
 * `max_value` Validate that the duration provided is no greater than this value.
 * `min_value` Validate that the duration provided is no less than this value.
 
+#### `DurationField` formats
+Format may either be the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style intervals should be used (eg `'P4DT1H15M20S'`), or `'django'` which indicates that Django interval format `'[DD] [HH:[MM:]]ss[.uuuuuu]'` should be used (eg: `'4 1:15:20'`).
+
 ---
 
 # Choice selection fields
@@ -857,4 +860,4 @@ The [django-rest-framework-hstore][django-rest-framework-hstore] package provide
 [django-hstore]: https://github.com/djangonauts/django-hstore
 [python-decimal-rounding-modes]: https://docs.python.org/3/library/decimal.html#rounding-modes
 [django-current-timezone]: https://docs.djangoproject.com/en/stable/topics/i18n/timezones/#default-time-zone-and-current-time-zone
-[django-docs-select-related]: https://docs.djangoproject.com/en/3.1/ref/models/querysets/#django.db.models.query.QuerySet.select_related
+[django-docs-select-related]: https://docs.djangoproject.com/en/stable/ref/models/querysets/#django.db.models.query.QuerySet.select_related

docs/api-guide/filtering.md

@@ -367,6 +367,6 @@ The [djangorestframework-word-filter][django-rest-framework-word-search-filter]
 [django-rest-framework-word-search-filter]: https://github.com/trollknurr/django-rest-framework-word-search-filter
 [django-url-filter]: https://github.com/miki725/django-url-filter
 [drf-url-filter]: https://github.com/manjitkumar/drf-url-filters
-[HStoreField]: https://docs.djangoproject.com/en/3.0/ref/contrib/postgres/fields/#hstorefield
-[JSONField]: https://docs.djangoproject.com/en/3.0/ref/contrib/postgres/fields/#jsonfield
+[HStoreField]: https://docs.djangoproject.com/en/stable/ref/contrib/postgres/fields/#hstorefield
+[JSONField]: https://docs.djangoproject.com/en/stable/ref/models/fields/#django.db.models.JSONField
 [postgres-search]: https://docs.djangoproject.com/en/stable/ref/contrib/postgres/search/

docs/api-guide/generic-views.md

@@ -374,8 +374,6 @@ Allowing `PUT` as create operations is problematic, as it necessarily exposes in
 
 Both styles "`PUT` as 404" and "`PUT` as create" can be valid in different circumstances, but from version 3.0 onwards we now use 404 behavior as the default, due to it being simpler and more obvious.
 
-If you need to generic PUT-as-create behavior you may want to include something like [this `AllowPUTAsCreateMixin` class](https://gist.github.com/tomchristie/a2ace4577eff2c603b1b) as a mixin to your views.
-
 ---
 
 # Third party packages
@@ -395,4 +393,4 @@ The following third party packages provide additional generic view implementatio
 [UpdateModelMixin]: #updatemodelmixin
 [DestroyModelMixin]: #destroymodelmixin
 [django-rest-multiple-models]: https://github.com/MattBroach/DjangoRestMultipleModels
-[django-docs-select-related]: https://docs.djangoproject.com/en/3.1/ref/models/querysets/#django.db.models.query.QuerySet.select_related
+[django-docs-select-related]: https://docs.djangoproject.com/en/stable/ref/models/querysets/#django.db.models.query.QuerySet.select_related

docs/api-guide/permissions.md

@@ -201,7 +201,7 @@ As with `DjangoModelPermissions` you can use custom model permissions by overrid
 
 ---
 
-**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests and are using django-guardian for your object-level permissions backend, you'll want to consider using the `DjangoObjectPermissionsFilter` class provided by the [`djangorestframework-guardian2` package][django-rest-framework-guardian2]. It ensures that list endpoints only return results including objects for which the user has appropriate view permissions.
+**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests and are using django-guardian for your object-level permissions backend, you'll want to consider using the `DjangoObjectPermissionsFilter` class provided by the [`djangorestframework-guardian` package][django-rest-framework-guardian]. It ensures that list endpoints only return results including objects for which the user has appropriate view permissions.
 
 ---
 
@@ -356,6 +356,6 @@ The [Django Rest Framework PSQ][drf-psq] package is an extension that gives supp
 [rest-framework-roles]: https://github.com/Pithikos/rest-framework-roles
 [djangorestframework-api-key]: https://florimondmanca.github.io/djangorestframework-api-key/
 [django-rest-framework-role-filters]: https://github.com/allisson/django-rest-framework-role-filters
-[django-rest-framework-guardian2]: https://github.com/johnthagen/django-rest-framework-guardian2
+[django-rest-framework-guardian]: https://github.com/rpkilby/django-rest-framework-guardian
 [drf-access-policy]: https://github.com/rsinger86/drf-access-policy
 [drf-psq]: https://github.com/drf-psq/drf-psq

docs/api-guide/routers.md

@@ -350,6 +350,6 @@ The [`DRF-extensions` package][drf-extensions] provides [routers][drf-extensions
 [drf-extensions-nested-viewsets]: https://chibisov.github.io/drf-extensions/docs/#nested-routes
 [drf-extensions-collection-level-controllers]: https://chibisov.github.io/drf-extensions/docs/#collection-level-controllers
 [drf-extensions-customizable-endpoint-names]: https://chibisov.github.io/drf-extensions/docs/#controller-endpoint-name
-[url-namespace-docs]: https://docs.djangoproject.com/en/4.0/topics/http/urls/#url-namespaces
-[include-api-reference]: https://docs.djangoproject.com/en/4.0/ref/urls/#include
-[path-converters-topic-reference]: https://docs.djangoproject.com/en/2.0/topics/http/urls/#path-converters
+[url-namespace-docs]: https://docs.djangoproject.com/en/stable/topics/http/urls/#url-namespaces
+[include-api-reference]: https://docs.djangoproject.com/en/stable/ref/urls/#include
+[path-converters-topic-reference]: https://docs.djangoproject.com/en/stable/topics/http/urls/#path-converters

docs/api-guide/schemas.md

@@ -392,7 +392,7 @@ introspection.
 
 #### `get_operation_id()`
 
-There must be a unique [operationid](openapi-operationid) for each operation.
+There must be a unique [operationid][openapi-operationid] for each operation.
 By default the `operationId` is deduced from the model name, serializer name or
 view name. The operationId looks like "listItems", "retrieveItem",
 "updateItem", etc. The `operationId` is camelCase by convention.
@@ -453,12 +453,12 @@ create a base `AutoSchema` subclass for your project that takes additional
 
 [cite]: https://www.heroku.com/blog/json_schema_for_heroku_platform_api/
 [openapi]: https://github.com/OAI/OpenAPI-Specification
-[openapi-specification-extensions]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#specification-extensions
-[openapi-operation]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#operationObject
+[openapi-specification-extensions]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#specification-extensions
+[openapi-operation]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#operationObject
 [openapi-tags]: https://swagger.io/specification/#tagObject
-[openapi-operationid]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#fixed-fields-17
-[openapi-components]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#componentsObject
-[openapi-reference]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#referenceObject
+[openapi-operationid]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#fixed-fields-17
+[openapi-components]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#componentsObject
+[openapi-reference]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#referenceObject
 [openapi-generator]: https://github.com/OpenAPITools/openapi-generator
 [swagger-codegen]: https://github.com/swagger-api/swagger-codegen
 [info-object]: https://swagger.io/specification/#infoObject

docs/api-guide/serializers.md

@@ -1189,6 +1189,10 @@ The [drf-writable-nested][drf-writable-nested] package provides writable nested
 
 The [drf-encrypt-content][drf-encrypt-content] package helps you encrypt your data, serialized through ModelSerializer. It also contains some helper functions. Which helps you to encrypt your data.
 
+## Shapeless Serializers
+
+The [drf-shapeless-serializers][drf-shapeless-serializers] package provides dynamic serializer configuration capabilities, allowing runtime field selection, renaming, attribute modification, and nested relationship configuration without creating multiple serializer classes. It helps eliminate serializer boilerplate while providing flexible API responses.
+
 
 [cite]: https://groups.google.com/d/topic/django-users/sVFaOfQi4wY/discussion
 [relations]: relations.md
@@ -1212,3 +1216,4 @@ The [drf-encrypt-content][drf-encrypt-content] package helps you encrypt your da
 [djangorestframework-queryfields]: https://djangorestframework-queryfields.readthedocs.io/
 [drf-writable-nested]: https://github.com/beda-software/drf-writable-nested
 [drf-encrypt-content]: https://github.com/oguzhancelikarslan/drf-encrypt-content
+[drf-shapeless-serializers]: https://github.com/khaledsukkar2/drf-shapeless-serializers

docs/api-guide/settings.md

@@ -314,6 +314,15 @@ May be a list including the string `'iso-8601'` or Python [strftime format][strf
 
 Default: `['iso-8601']`
 
+
+#### DURATION_FORMAT
+
+Indicates the default format that should be used for rendering the output of `DurationField` serializer fields.  If `None`, then `DurationField` serializer fields will return Python `timedelta` objects, and the duration encoding will be determined by the renderer.
+
+May be any of `None`, `'iso-8601'` or `'django'` (the format accepted by `django.utils.dateparse.parse_duration`).
+
+Default: `'django'`
+
 ---
 
 ## Encodings

docs/api-guide/testing.md

@@ -105,6 +105,20 @@ This means that setting attributes directly on the request object may not always
     request.user = user
     response = view(request)
 
+If you want to test a request involving the REST framework’s 'Request' object, you’ll need to manually transform it first:
+
+    class DummyView(APIView):
+        ...
+
+    factory = APIRequestFactory()
+    request = factory.get('/', {'demo': 'test'})
+    drf_request = DummyView().initialize_request(request)
+    assert drf_request.query_params == {'demo': ['test']}
+
+    request = factory.post('/', {'example': 'test'})
+    drf_request = DummyView().initialize_request(request)
+    assert drf_request.data.get('example') == 'test'
+
 ---
 
 ## Forcing CSRF validation
@@ -417,5 +431,5 @@ For example, to add support for using `format='html'` in test requests, you migh
 [requestfactory]: https://docs.djangoproject.com/en/stable/topics/testing/advanced/#django.test.client.RequestFactory
 [configuration]: #configuration
 [refresh_from_db_docs]: https://docs.djangoproject.com/en/stable/ref/models/instances/#django.db.models.Model.refresh_from_db
-[session_objects]: https://requests.readthedocs.io/en/master/user/advanced/#session-objects
+[session_objects]: https://requests.readthedocs.io/en/latest/user/advanced/#session-objects
 [provided_test_case_classes]: https://docs.djangoproject.com/en/stable/topics/testing/tools/#provided-test-case-classes

docs/api-guide/throttling.md

@@ -110,7 +110,7 @@ You'll need to remember to also set your custom throttle class in the `'DEFAULT_
 
 The built-in throttle implementations are open to [race conditions][race], so under high concurrency they may allow a few extra requests through.
 
-If your project relies on guaranteeing the number of requests during concurrent requests, you will need to implement your own throttle class.
+If your project relies on guaranteeing the number of requests during concurrent requests, you will need to implement your own throttle class. See [issue #5181][gh5181] for more details.
 
 ---
 
@@ -220,4 +220,5 @@ The following is an example of a rate throttle, that will randomly throttle 1 in
 [identifying-clients]: http://oxpedia.org/wiki/index.php?title=AppSuite:Grizzly#Multiple_Proxies_in_front_of_the_cluster
 [cache-setting]: https://docs.djangoproject.com/en/stable/ref/settings/#caches
 [cache-docs]: https://docs.djangoproject.com/en/stable/topics/cache/#setting-up-the-cache
+[gh5181]: https://github.com/encode/django-rest-framework/issues/5181
 [race]: https://en.wikipedia.org/wiki/Race_condition#Data_race

docs/api-guide/validators.md

@@ -13,7 +13,7 @@ Most of the time you're dealing with validation in REST framework you'll simply
 
 However, sometimes you'll want to place your validation logic into reusable components, so that it can easily be reused throughout your codebase. This can be achieved by using validator functions and validator classes.
 
-## Validation in REST framework
+## Validation in REST framework
 
 Validation in Django REST framework serializers is handled a little differently to how validation works in Django's `ModelForm` class.
 
@@ -75,7 +75,7 @@ This validator should be applied to *serializer fields*, like so:
         validators=[UniqueValidator(queryset=BlogPost.objects.all())]
     )
 
-## UniqueTogetherValidator
+## UniqueTogetherValidator
 
 This validator can be used to enforce `unique_together` constraints on model instances.
 It has two required arguments, and a single optional `messages` argument:
@@ -92,7 +92,7 @@ The validator should be applied to *serializer classes*, like so:
         # ...
         class Meta:
             # ToDo items belong to a parent list, and have an ordering defined
-            # by the 'position' field. No two items in a given list may share
+            # by the 'position' field. No two items in a given list may share
             # the same position.
             validators = [
                 UniqueTogetherValidator(

docs/api-guide/views.md

@@ -186,8 +186,13 @@ The available decorators are:
 * `@authentication_classes(...)`
 * `@throttle_classes(...)`
 * `@permission_classes(...)`
+* `@content_negotiation_class(...)`
+* `@metadata_class(...)`
+* `@versioning_class(...)`
 
-Each of these decorators takes a single argument which must be a list or tuple of classes.
+Each of these decorators is equivalent to setting their respective [api policy attributes][api-policy-attributes].
+
+All decorators take a single argument. The ones that end with `_class` expect a single class while the ones ending in `_classes` expect a list or tuple of classes.
 
 
 ## View schema decorator
@@ -224,4 +229,5 @@ You may pass `None` in order to exclude the view from schema generation.
 [throttling]: throttling.md
 [schemas]: schemas.md
 [classy-drf]: http://www.cdrf.co
+[api-policy-attributes]: views.md#api-policy-attributes
 

docs/community/3.0-announcement.md

@@ -961,5 +961,5 @@ You can follow development on the GitHub site, where we use [milestones to indic
 
 [kickstarter]: https://www.kickstarter.com/projects/tomchristie/django-rest-framework-3
 [sponsors]: https://www.django-rest-framework.org/community/kickstarter-announcement/#sponsors
-[mixins.py]: https://github.com/encode/django-rest-framework/blob/master/rest_framework/mixins.py
+[mixins.py]: https://github.com/encode/django-rest-framework/blob/main/rest_framework/mixins.py
 [django-localization]: https://docs.djangoproject.com/en/stable/topics/i18n/translation/#localization-how-to-create-language-files

docs/community/3.1-announcement.md

@@ -46,7 +46,7 @@ The cursor based pagination renders a more simple style of control:
 
 The pagination API was previously only able to alter the pagination style in the body of the response. The API now supports being able to write pagination information in response headers, making it possible to use pagination schemes that use the `Link` or `Content-Range` headers.
 
-For more information, see the [custom pagination styles](../api-guide/pagination/#custom-pagination-styles) documentation.
+For more information, see the [custom pagination styles](../api-guide/pagination.md#custom-pagination-styles) documentation.
 
 ---
 

docs/community/3.3-announcement.md

@@ -54,7 +54,7 @@ The `ModelSerializer` and `HyperlinkedModelSerializer` classes should now includ
 
 [forms-api]: ../topics/html-and-forms.md
 [ajax-form]: https://github.com/encode/ajax-form
-[jsonfield]: ../api-guide/fields#jsonfield
+[jsonfield]: ../api-guide/fields.md#jsonfield
 [accept-headers]: ../topics/browser-enhancements.md#url-based-accept-headers
 [method-override]: ../topics/browser-enhancements.md#http-header-based-method-overriding
 [django-supported-versions]: https://www.djangoproject.com/download/#supported-versions

docs/community/3.4-announcement.md

@@ -179,16 +179,16 @@ The full set of itemized release notes [are available here][release-notes].
 [moss]: mozilla-grant.md
 [funding]: funding.md
 [core-api]: https://www.coreapi.org/
-[command-line-client]: api-clients#command-line-client
-[client-library]: api-clients#python-client-library
+[command-line-client]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/topics/api-clients.md#command-line-client
+[client-library]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/topics/api-clients.md#python-client-library
 [core-json]: https://www.coreapi.org/specification/encoding/#core-json-encoding
 [swagger]: https://openapis.org/specification
 [hyperschema]: https://json-schema.org/latest/json-schema-hypermedia.html
 [api-blueprint]: https://apiblueprint.org/
-[tut-7]: ../tutorial/7-schemas-and-client-libraries/
-[schema-generation]: ../api-guide/schemas/
+[tut-7]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/tutorial/7-schemas-and-client-libraries.md
+[schema-generation]: ../api-guide/schemas.md
 [api-clients]: https://github.com/encode/django-rest-framework/blob/3.14.0/docs/topics/api-clients.md
 [milestone]: https://github.com/encode/django-rest-framework/milestone/35
-[release-notes]: release-notes#34
-[metadata]: ../api-guide/metadata/#custom-metadata-classes
+[release-notes]: ./release-notes.md#34x-series
+[metadata]: ../api-guide/metadata.md#custom-metadata-classes
 [gh3751]: https://github.com/encode/django-rest-framework/issues/3751

docs/community/3.5-announcement.md

@@ -254,9 +254,9 @@ in version 3.3 and raised a deprecation warning in 3.4. Its usage is now mandato
 [funding]: funding.md
 [uploads]: https://core-api.github.io/python-client/api-guide/utils/#file
 [downloads]: https://core-api.github.io/python-client/api-guide/codecs/#downloadcodec
-[schema-generation-api]: ../api-guide/schemas/#schemagenerator
-[schema-docs]: ../api-guide/schemas/#schemas-as-documentation
-[schema-view]: ../api-guide/schemas/#the-get_schema_view-shortcut
+[schema-generation-api]: ../api-guide/schemas.md#schemagenerator
+[schema-docs]: ../api-guide/schemas.md#schemas-as-documentation
+[schema-view]: ../api-guide/schemas.md#get_schema_view
 [django-rest-raml]: https://github.com/encode/django-rest-raml
 [raml-image]: ../img/raml.png
 [raml-codec]: https://github.com/core-api/python-raml-codec

docs/community/contributing.md

@@ -4,6 +4,8 @@
 >
 > — [Tim Berners-Lee][cite]
 
+There are many ways you can contribute to Django REST framework.  We'd like it to be a community-led project, so please get involved and help shape the future of the project.
+
 !!! note
 
     At this point in its lifespan we consider Django REST framework to be feature-complete. We focus on pull requests that track the continued development of Django versions, and generally do not accept new features or code formatting changes.
@@ -28,9 +30,22 @@ The [Django code of conduct][code-of-conduct] gives a fuller set of guidelines f
 
 # Issues
 
+Our contribution process is that the [GitHub discussions page](https://github.com/encode/django-rest-framework/discussions) should generally be your starting point. Some tips on good potential issue reporting:
+
 * Django REST framework is considered feature-complete. Please do not file requests to change behavior, unless it is required for security reasons or to maintain compatibility with upcoming Django or Python versions.
+* Search the GitHub project page for related items, and make sure you're running the latest version of REST framework before reporting an issue.
 * Feature requests will typically be closed with a recommendation that they be implemented outside the core REST framework library (e.g. as third-party libraries).  This approach allows us to keep down the maintenance overhead of REST framework, so that the focus can be on continued stability and great documentation.
 
+## Triaging issues
+
+Getting involved in triaging incoming issues is a good way to start contributing.  Every single ticket that comes into the ticket tracker needs to be reviewed in order to determine what the next steps should be.  Anyone can help out with this, you just need to be willing to
+
+* Read through the ticket - does it make sense, is it missing any context that would help explain it better?
+* Is the ticket reported in the correct place, would it be better suited as a discussion on the discussion group?
+* If the ticket is a bug report, can you reproduce it? Are you able to write a failing test case that demonstrates the issue and that can be submitted as a pull request?
+* If the ticket is a feature request, could the feature request instead be implemented as a third party package?
+* If a ticket hasn't had much activity and addresses something you need, then comment on the ticket and try to find out what's needed to get it moving again.
+
 # Development
 
 To start developing on Django REST framework, first create a Fork from the
@@ -194,7 +209,7 @@ If you want to draw attention to a note or warning, use a pair of enclosing line
 [pull-requests]: https://help.github.com/articles/using-pull-requests
 [tox]: https://tox.readthedocs.io/en/latest/
 [markdown]: https://daringfireball.net/projects/markdown/basics
-[docs]: https://github.com/encode/django-rest-framework/tree/master/docs
+[docs]: https://github.com/encode/django-rest-framework/tree/main/docs
 [mou]: http://mouapp.com/
 [repo]: https://github.com/encode/django-rest-framework
 [how-to-fork]: https://help.github.com/articles/fork-a-repo/

docs/community/project-management.md

@@ -31,9 +31,10 @@ Team members have the following responsibilities.
 
 Further notes for maintainers:
 
-* Code changes should come in the form of a pull request - do not push directly to master.
+* Code changes should come in the form of a pull request - do not push directly to main.
 * Maintainers should typically not merge their own pull requests.
 * Each issue/pull request should have exactly one label once triaged.
+* Search for un-triaged issues with [is:open no:label][un-triaged].
 
 ---
 
@@ -57,21 +58,23 @@ The following template should be used for the description of the issue, and serv
 
     Checklist:
 
-    - [ ] Create pull request for [release notes](https://github.com/encode/django-rest-framework/blob/master/docs/topics/release-notes.md) based on the [*.*.* milestone](https://github.com/encode/django-rest-framework/milestones/***).
+    - [ ] Create pull request for [release notes](https://github.com/encode/django-rest-framework/blob/mains/docs/topics/release-notes.md) based on the [*.*.* milestone](https://github.com/encode/django-rest-framework/milestones/***).
     - [ ] Update supported versions:
-        - [ ] `setup.py` `python_requires` list
-        - [ ] `setup.py` Python & Django version trove classifiers
+        - [ ] `pyproject.toml` `python_requires` list
+        - [ ] `pyproject.toml` Python & Django version trove classifiers
         - [ ] `README` Python & Django versions
         - [ ] `docs` Python & Django versions
     - [ ] Update the translations from [transifex](https://www.django-rest-framework.org/topics/project-management/#translations).
-    - [ ] Ensure the pull request increments the version to `*.*.*` in [`restframework/__init__.py`](https://github.com/encode/django-rest-framework/blob/master/rest_framework/__init__.py).
+    - [ ] Ensure the pull request increments the version to `*.*.*` in [`restframework/__init__.py`](https://github.com/encode/django-rest-framework/blob/main/rest_framework/__init__.py).
     - [ ] Ensure documentation validates
         - Build and serve docs `mkdocs serve`
         - Validate links `pylinkvalidate.py -P http://127.0.0.1:8000`
     - [ ] Confirm with @tomchristie that release is finalized and ready to go.
     - [ ] Ensure that release date is included in pull request.
     - [ ] Merge the release pull request.
-    - [ ] Push the package to PyPI with `./setup.py publish`.
+    - [ ] Install the release tools: `pip install build twine`
+    - [ ] Build the package: `python -m build`
+    - [ ] Push the package to PyPI with `twine upload dist/*`
     - [ ] Tag the release, with `git tag -a *.*.* -m 'version *.*.*'; git push --tags`.
     - [ ] Deploy the documentation with `mkdocs gh-deploy`.
     - [ ] Make a release announcement on the [discussion group](https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework).
@@ -156,6 +159,7 @@ The following issues still need to be addressed:
 * Document ownership and management of the security mailing list.
 
 [bus-factor]: https://en.wikipedia.org/wiki/Bus_factor
+[un-triaged]: https://github.com/encode/django-rest-framework/issues?q=is%3Aopen+no%3Alabel
 [transifex-project]: https://www.transifex.com/projects/p/django-rest-framework/
 [transifex-client]: https://pypi.org/project/transifex-client/
 [translation-memory]: http://docs.transifex.com/guides/tm#let-tm-automatically-populate-translations

docs/community/release-notes.md

@@ -38,20 +38,83 @@ You can determine your currently installed version using `pip show`:
 
 ## 3.16.x series
 
+### 3.16.1
+
+**Date**: 6th August 2025
+
+This release fixes a few bugs, clean-up some old code paths for unsupported Python versions and improve translations.
+
+#### Minor changes
+
+* Cleanup optional `backports.zoneinfo` dependency and conditions on unsupported Python 3.8 and lower in [#9681](https://github.com/encode/django-rest-framework/pull/9681). Python versions prior to 3.9 were already unsupported so this shouldn't be a breaking change.
+
+#### Bug fixes
+
+* Fix regression in `unique_together` validation with `SerializerMethodField` in [#9712](https://github.com/encode/django-rest-framework/pull/9712)
+* Fix `UniqueTogetherValidator` to handle fields with `source` attribute in [#9688](https://github.com/encode/django-rest-framework/pull/9688)
+* Drop HTML line breaks on long headers in browsable API in [#9438](https://github.com/encode/django-rest-framework/pull/9438)
+
+#### Translations
+
+* Add Kazakh locale support in [#9713](https://github.com/encode/django-rest-framework/pull/9713)
+* Update translations for Korean translations in [#9571](https://github.com/encode/django-rest-framework/pull/9571)
+* Update German translations in [#9676](https://github.com/encode/django-rest-framework/pull/9676)
+* Update Chinese translations in [#9675](https://github.com/encode/django-rest-framework/pull/9675)
+* Update Arabic translations-sal in [#9595](https://github.com/encode/django-rest-framework/pull/9595)
+* Update Persian translations in [#9576](https://github.com/encode/django-rest-framework/pull/9576)
+* Update Spanish translations in [#9701](https://github.com/encode/django-rest-framework/pull/9701)
+* Update Turkish Translations in [#9749](https://github.com/encode/django-rest-framework/pull/9749)
+* Fix some typos in Brazilian Portuguese translations in [#9673](https://github.com/encode/django-rest-framework/pull/9673)
+
+#### Documentation
+
+* Removed reference to GitHub Issues and Discussions in [#9660](https://github.com/encode/django-rest-framework/pull/9660)
+* Add `drf-restwind` and update outdated images in `browsable-api.md` in [#9680](https://github.com/encode/django-rest-framework/pull/9680)
+* Updated funding page to represent current scope in [#9686](https://github.com/encode/django-rest-framework/pull/9686)
+* Fix broken Heroku JSON Schema link in [#9693](https://github.com/encode/django-rest-framework/pull/9693)
+* Update Django documentation links to use stable version in [#9698](https://github.com/encode/django-rest-framework/pull/9698)
+* Expand docs on unique constraints cause 'required=True' in [#9725](https://github.com/encode/django-rest-framework/pull/9725)
+* Revert extension back from `djangorestframework-guardian2` to `djangorestframework-guardian` in [#9734](https://github.com/encode/django-rest-framework/pull/9734)
+* Add note to tutorial about required `request` in serializer context when using `HyperlinkedModelSerializer` in [#9732](https://github.com/encode/django-rest-framework/pull/9732)
+
+#### Internal changes
+
+* Update GitHub Actions to use Ubuntu 24.04 for testing in [#9677](https://github.com/encode/django-rest-framework/pull/9677)
+* Update test matrix to use Django 5.2 stable version in [#9679](https://github.com/encode/django-rest-framework/pull/9679)
+* Add `pyupgrade` to `pre-commit` hooks in [#9682](https://github.com/encode/django-rest-framework/pull/9682)
+* Fix test with Django 5 when `pytz` is available in [#9715](https://github.com/encode/django-rest-framework/pull/9715)
+
+#### New Contributors
+
+* [`@araggohnxd`](https://github.com/araggohnxd) made their first contribution in [#9673](https://github.com/encode/django-rest-framework/pull/9673)
+* [`@mbeijen`](https://github.com/mbeijen) made their first contribution in [#9660](https://github.com/encode/django-rest-framework/pull/9660)
+* [`@stefan6419846`](https://github.com/stefan6419846) made their first contribution in [#9676](https://github.com/encode/django-rest-framework/pull/9676)
+* [`@ren000thomas`](https://github.com/ren000thomas) made their first contribution in [#9675](https://github.com/encode/django-rest-framework/pull/9675)
+* [`@ulgens`](https://github.com/ulgens) made their first contribution in [#9682](https://github.com/encode/django-rest-framework/pull/9682)
+* [`@bukh-sal`](https://github.com/bukh-sal) made their first contribution in [#9595](https://github.com/encode/django-rest-framework/pull/9595)
+* [`@rezatn0934`](https://github.com/rezatn0934) made their first contribution in [#9576](https://github.com/encode/django-rest-framework/pull/9576)
+* [`@Rohit10jr`](https://github.com/Rohit10jr) made their first contribution in [#9693](https://github.com/encode/django-rest-framework/pull/9693)
+* [`@kushibayev`](https://github.com/kushibayev) made their first contribution in [#9713](https://github.com/encode/django-rest-framework/pull/9713)
+* [`@alihassancods`](https://github.com/alihassancods) made their first contribution in [#9732](https://github.com/encode/django-rest-framework/pull/9732)
+* [`@kulikjak`](https://github.com/kulikjak) made their first contribution in [#9715](https://github.com/encode/django-rest-framework/pull/9715)
+* [`@Natgho`](https://github.com/Natgho) made their first contribution in [#9749](https://github.com/encode/django-rest-framework/pull/9749)
+
+**Full Changelog**: https://github.com/encode/django-rest-framework/compare/3.16.0...3.16.1
+
 ### 3.16.0
 
 **Date**: 28th March 2025
 
 This release is considered a significant release to improve upstream support with Django and Python. Some of these may change the behaviour of existing features and pre-existing behaviour. Specifically, some fixes were added to around the support of `UniqueConstraint` with nullable fields which will improve built-in serializer validation.
 
-## Features
+#### Features
 
 * Add official support for Django 5.1 and its new `LoginRequiredMiddleware` in [#9514](https://github.com/encode/django-rest-framework/pull/9514) and [#9657](https://github.com/encode/django-rest-framework/pull/9657)
 * Add official Django 5.2a1 support in [#9634](https://github.com/encode/django-rest-framework/pull/9634)
 * Add support for Python 3.13 in [#9527](https://github.com/encode/django-rest-framework/pull/9527) and [#9556](https://github.com/encode/django-rest-framework/pull/9556)
 * Support Django 2.1+ test client JSON data automatically serialized in [#6511](https://github.com/encode/django-rest-framework/pull/6511) and fix a regression in [#9615](https://github.com/encode/django-rest-framework/pull/9615)
 
-## Bug fixes
+#### Bug fixes
 
 * Fix unique together validator to respect condition's fields from `UniqueConstraint` in [#9360](https://github.com/encode/django-rest-framework/pull/9360)
 * Fix raising on nullable fields part of `UniqueConstraint` in [#9531](https://github.com/encode/django-rest-framework/pull/9531)
@@ -62,19 +125,19 @@ This release is considered a significant release to improve upstream support wit
 * Fix noisy warning and accept integers as min/max values of `DecimalField` in [#9515](https://github.com/encode/django-rest-framework/pull/9515)
 * Fix usages of `open()` in `setup.py` in [#9661](https://github.com/encode/django-rest-framework/pull/9661)
 
-## Translations
+#### Translations
 
 * Add some missing Chinese translations in [#9505](https://github.com/encode/django-rest-framework/pull/9505)
 * Fix spelling mistakes in Farsi language were corrected in [#9521](https://github.com/encode/django-rest-framework/pull/9521)
 * Fixing and adding missing Brazilian Portuguese translations in [#9535](https://github.com/encode/django-rest-framework/pull/9535)
 
-## Removals
+#### Removals
 
 * Remove support for Python 3.8 in [#9670](https://github.com/encode/django-rest-framework/pull/9670)
 * Remove long deprecated code from request wrapper in [#9441](https://github.com/encode/django-rest-framework/pull/9441)
 * Remove deprecated `AutoSchema._get_reference` method in [#9525](https://github.com/encode/django-rest-framework/pull/9525)
 
-## Documentation and internal changes
+#### Documentation and internal changes
 
 * Provide tests for hashing of `OperandHolder` in [#9437](https://github.com/encode/django-rest-framework/pull/9437)
 * Update documentation: Add `adrf` third party package in [#9198](https://github.com/encode/django-rest-framework/pull/9198)
@@ -94,7 +157,7 @@ This release is considered a significant release to improve upstream support wit
 * Fix a number of typos in the test suite in the docs in [#9662](https://github.com/encode/django-rest-framework/pull/9662)
 * Add `django-pyoidc` as a third party authentication library in [#9667](https://github.com/encode/django-rest-framework/pull/9667)
 
-## New Contributors
+#### New Contributors
 
 * [`@maerteijn`](https://github.com/maerteijn) made their first contribution in [#9198](https://github.com/encode/django-rest-framework/pull/9198)
 * [`@FraCata00`](https://github.com/FraCata00) made their first contribution in [#9444](https://github.com/encode/django-rest-framework/pull/9444)

docs/community/third-party-packages.md

@@ -88,6 +88,7 @@ To submit new content, [create a pull request][drf-create-pr].
 * [djangorestframework-dataclasses][djangorestframework-dataclasses] - Serializer providing automatic field generation for Python dataclasses, like the built-in ModelSerializer does for models.
 * [django-restql][django-restql] - Turn your REST API into a GraphQL like API(It allows clients to control which fields will be sent in a response, uses GraphQL like syntax, supports read and write on both flat and nested fields).
 * [graphwrap][graphwrap] - Transform your REST API into a fully compliant GraphQL API with just two lines of code. Leverages [Graphene-Django](https://docs.graphene-python.org/projects/django/en/latest/) to dynamically build, at runtime, a GraphQL ObjectType for each view in your API.
+* [drf-shapeless-serializers][drf-shapeless-serializers] - Dynamically assemble, configure, and shape your Django Rest Framework serializers at runtime, much like connecting Lego bricks.
 
 ### Serializer fields
 
@@ -126,7 +127,7 @@ To submit new content, [create a pull request][drf-create-pr].
 * [djangorestframework-chain][djangorestframework-chain] - Allows arbitrary chaining of both relations and lookup filters.
 * [django-url-filter][django-url-filter] - Allows a safe way to filter data via human-friendly URLs. It is a generic library which is not tied to DRF but it provides easy integration with DRF.
 * [drf-url-filter][drf-url-filter] is a simple Django app to apply filters on drf `ModelViewSet`'s `Queryset` in a clean, simple and configurable way. It also supports validations on incoming query params and their values.
-* [django-rest-framework-guardian2][django-rest-framework-guardian2] - Provides integration with django-guardian, including the `DjangoObjectPermissionsFilter` previously found in DRF.
+* [django-rest-framework-guardian][django-rest-framework-guardian] - Provides integration with django-guardian, including the `DjangoObjectPermissionsFilter` previously found in DRF.
 
 ### Misc
 
@@ -172,12 +173,12 @@ To submit new content, [create a pull request][drf-create-pr].
 [pypi-register]: https://pypi.org/account/register/
 [semver]: https://semver.org/
 [tox-docs]: https://tox.readthedocs.io/en/latest/
-[drf-compat]: https://github.com/encode/django-rest-framework/blob/master/rest_framework/compat.py
+[drf-compat]: https://github.com/encode/django-rest-framework/blob/main/rest_framework/compat.py
 [rest-framework-grid]: https://www.djangopackages.com/grids/g/django-rest-framework/
 [drf-create-pr]: https://github.com/encode/django-rest-framework/compare
 [authentication]: ../api-guide/authentication.md
 [permissions]: ../api-guide/permissions.md
-[third-party-packages]: ../topics/third-party-packages/#existing-third-party-packages
+[third-party-packages]: #existing-third-party-packages
 [discussion-group]: https://groups.google.com/forum/#!forum/django-rest-framework
 [djangorestframework-digestauth]: https://github.com/juanriaza/django-rest-framework-digestauth
 [django-oauth-toolkit]: https://github.com/evonove/django-oauth-toolkit
@@ -242,7 +243,7 @@ To submit new content, [create a pull request][drf-create-pr].
 [djangorestframework-dataclasses]: https://github.com/oxan/djangorestframework-dataclasses
 [django-restql]: https://github.com/yezyilomo/django-restql
 [djangorestframework-mvt]: https://github.com/corteva/djangorestframework-mvt
-[django-rest-framework-guardian2]: https://github.com/johnthagen/django-rest-framework-guardian2
+[django-rest-framework-guardian]: https://github.com/rpkilby/django-rest-framework-guardian
 [drf-viewset-profiler]: https://github.com/fvlima/drf-viewset-profiler
 [djangorestframework-features]: https://github.com/cloudcode-hungary/django-rest-framework-features/
 [django-elasticsearch-dsl-drf]: https://github.com/barseghyanartur/django-elasticsearch-dsl-drf
@@ -259,3 +260,4 @@ To submit new content, [create a pull request][drf-create-pr].
 [drf-redesign]: https://github.com/youzarsiph/drf-redesign
 [drf-material]: https://github.com/youzarsiph/drf-material
 [django-pyoidc]: https://github.com/makinacorpus/django_pyoidc
+[drf-shapeless-serializers]: https://github.com/khaledsukkar2/drf-shapeless-serializers

docs/topics/internationalization.md

@@ -106,7 +106,7 @@ For API clients the most appropriate of these will typically be to use the `Acce
 [django-translation]: https://docs.djangoproject.com/en/stable/topics/i18n/translation
 [custom-exception-handler]: ../api-guide/exceptions.md#custom-exception-handling
 [transifex-project]: https://explore.transifex.com/django-rest-framework-1/django-rest-framework/
-[django-po-source]: https://raw.githubusercontent.com/encode/django-rest-framework/master/rest_framework/locale/en_US/LC_MESSAGES/django.po
+[django-po-source]: https://raw.githubusercontent.com/encode/django-rest-framework/main/rest_framework/locale/en_US/LC_MESSAGES/django.po
 [django-language-preference]: https://docs.djangoproject.com/en/stable/topics/i18n/translation/#how-django-discovers-language-preference
 [django-locale-paths]: https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-LOCALE_PATHS
 [django-locale-name]: https://docs.djangoproject.com/en/stable/topics/i18n/#term-locale-name

docs/tutorial/5-relationships-and-hyperlinked-apis.md

@@ -94,6 +94,22 @@ Notice that we've also added a new `'highlight'` field.  This field is of the sa
 
 Because we've included format suffixed URLs such as `'.json'`, we also need to indicate on the `highlight` field that any format suffixed hyperlinks it returns should use the `'.html'` suffix.
 
+---
+
+**Note:**
+
+When you are manually instantiating these serializers inside your views (e.g., in `SnippetDetail` or `SnippetList`), you **must** pass `context={'request': request}` so the serializer knows how to build absolute URLs. For example, instead of:
+
+    serializer = SnippetSerializer(snippet)
+
+You must write:
+
+    serializer = SnippetSerializer(snippet, context={'request': request})
+
+If your view is a subclass of `GenericAPIView`, you may use the `get_serializer_context()` as a convenience method.
+
+---
+
 ## Making sure our URL patterns are named
 
 If we're going to have a hyperlinked API, we need to make sure we name our URL patterns.  Let's take a look at which URL patterns we need to name.

docs_theme/main.html

@@ -110,7 +110,7 @@
             {% block content %}
               {% if page.meta.source %}
                 {% for filename in page.meta.source %}
-                  <a class="github" href="https://github.com/encode/django-rest-framework/tree/master/rest_framework/{{ filename }}">
+                  <a class="github" href="https://github.com/encode/django-rest-framework/tree/main/rest_framework/{{ filename }}">
                     <span class="label label-info">{{ filename }}</span>
                   </a>
                 {% endfor %}

docs_theme/nav.html

@@ -1,7 +1,7 @@
     <div class="navbar navbar-inverse navbar-fixed-top">
       <div class="navbar-inner">
         <div class="container-fluid">
-          <a class="repo-link btn btn-primary btn-small" href="https://github.com/encode/django-rest-framework/tree/master">GitHub</a>
+          <a class="repo-link btn btn-primary btn-small" href="https://github.com/encode/django-rest-framework">GitHub</a>
           <a class="repo-link btn btn-inverse btn-small {% if not page.next_page %}disabled{% endif %}" rel="next" {% if page.next_page %}href="{{ page.next_page.url|url }}"{% endif %}>
             Next <i class="icon-arrow-right icon-white"></i>
           </a>

pyproject.toml

@@ -0,0 +1,76 @@
+[build-system]
+build-backend = "setuptools.build_meta"
+requires = [ "setuptools>=77.0.3" ]
+
+[project]
+name = "djangorestframework"
+description = "Web APIs for Django, made easy."
+readme = "README.md"
+license = "BSD-3-Clause"
+authors = [ { name = "Tom Christie", email = "tom@tomchristie.com" } ]
+requires-python = ">=3.9"
+classifiers = [
+  "Development Status :: 5 - Production/Stable",
+  "Environment :: Web Environment",
+  "Framework :: Django",
+  "Framework :: Django :: 4.2",
+  "Framework :: Django :: 5.0",
+  "Framework :: Django :: 5.1",
+  "Framework :: Django :: 5.2",
+  "Intended Audience :: Developers",
+  "Operating System :: OS Independent",
+  "Programming Language :: Python",
+  "Programming Language :: Python :: 3 :: Only",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Programming Language :: Python :: 3.13",
+  "Topic :: Internet :: WWW/HTTP",
+]
+dynamic = [ "version" ]
+
+dependencies = [ "django>=4.2" ]
+urls.Changelog = "https://www.django-rest-framework.org/community/release-notes/"
+urls.Funding = "https://fund.django-rest-framework.org/topics/funding/"
+urls.Homepage = "https://www.django-rest-framework.org"
+urls.Source = "https://github.com/encode/django-rest-framework"
+
+[tool.setuptools]
+
+[tool.setuptools.dynamic]
+version = { attr = "rest_framework.__version__" }
+
+[tool.setuptools.packages.find]
+include = [ "rest_framework*" ]
+
+[tool.isort]
+skip = [ ".tox" ]
+atomic = true
+multi_line_output = 5
+extra_standard_library = [ "types" ]
+known_third_party = [ "pytest", "_pytest", "django", "pytz", "uritemplate" ]
+known_first_party = [ "rest_framework", "tests" ]
+
+[tool.codespell]
+# Ref: https://github.com/codespell-project/codespell#using-a-config-file
+skip = "*/kickstarter-announcement.md,*.js,*.map,*.po"
+ignore-words-list = "fo,malcom,ser"
+
+[tool.pytest.ini_options]
+addopts = "--tb=short --strict-markers -ra"
+testpaths = [ "tests" ]
+filterwarnings = [ "ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF317Warning" ]
+
+[tool.coverage.run]
+# NOTE: source is ignored with pytest-cov (but uses the same).
+source = [ "." ]
+include = [ "rest_framework/*", "tests/*" ]
+branch = true
+
+[tool.coverage.report]
+include = [ "rest_framework/*", "tests/*" ]
+exclude_lines = [
+  "pragma: no cover",
+  "raise NotImplementedError",
+]

requirements/requirements-testing.txt

@@ -5,3 +5,4 @@ pytest-django>=4.5.2,<5.0
 importlib-metadata<5.0
 # temporary pin of attrs
 attrs==22.1.0
+pytz  # Remove when dropping support for Django<5.0

rest_framework/__init__.py

@@ -8,7 +8,7 @@ ______ _____ _____ _____    __
 """
 
 __title__ = 'Django REST framework'
-__version__ = '3.16.0'
+__version__ = '3.16.1'
 __author__ = 'Tom Christie'
 __license__ = 'BSD 3-Clause'
 __copyright__ = 'Copyright 2011-2023 Encode OSS Ltd'
@@ -21,6 +21,7 @@ HTTP_HEADER_ENCODING = 'iso-8859-1'
 
 # Default datetime input and output formats
 ISO_8601 = 'iso-8601'
+DJANGO_DURATION_FORMAT = 'django'
 
 
 class RemovedInDRF317Warning(PendingDeprecationWarning):

rest_framework/authtoken/models.py

@@ -1,5 +1,4 @@
-import binascii
-import os
+import secrets
 
 from django.conf import settings
 from django.db import models
@@ -28,13 +27,22 @@ class Token(models.Model):
         verbose_name_plural = _("Tokens")
 
     def save(self, *args, **kwargs):
+        """
+        Save the token instance.
+
+        If no key is provided, generates a cryptographically secure key.
+        For new tokens, ensures they are inserted as new (not updated).
+        """
         if not self.key:
             self.key = self.generate_key()
+            # For new objects, force INSERT to prevent overwriting existing tokens
+            if self._state.adding:
+                kwargs['force_insert'] = True
         return super().save(*args, **kwargs)
 
     @classmethod
     def generate_key(cls):
-        return binascii.hexlify(os.urandom(20)).decode()
+        return secrets.token_hex(20)
 
     def __str__(self):
         return self.key

rest_framework/decorators.py

@@ -70,6 +70,15 @@ def api_view(http_method_names=None):
         WrappedAPIView.permission_classes = getattr(func, 'permission_classes',
                                                     APIView.permission_classes)
 
+        WrappedAPIView.content_negotiation_class = getattr(func, 'content_negotiation_class',
+                                                           APIView.content_negotiation_class)
+
+        WrappedAPIView.metadata_class = getattr(func, 'metadata_class',
+                                                APIView.metadata_class)
+
+        WrappedAPIView.versioning_class = getattr(func, "versioning_class",
+                                                  APIView.versioning_class)
+
         WrappedAPIView.schema = getattr(func, 'schema',
                                         APIView.schema)
 
@@ -113,6 +122,27 @@ def permission_classes(permission_classes):
     return decorator
 
 
+def content_negotiation_class(content_negotiation_class):
+    def decorator(func):
+        func.content_negotiation_class = content_negotiation_class
+        return func
+    return decorator
+
+
+def metadata_class(metadata_class):
+    def decorator(func):
+        func.metadata_class = metadata_class
+        return func
+    return decorator
+
+
+def versioning_class(versioning_class):
+    def decorator(func):
+        func.versioning_class = versioning_class
+        return func
+    return decorator
+
+
 def schema(view_inspector):
     def decorator(func):
         func.schema = view_inspector

rest_framework/fields.py

@@ -24,7 +24,7 @@ from django.utils import timezone
 from django.utils.dateparse import (
     parse_date, parse_datetime, parse_duration, parse_time
 )
-from django.utils.duration import duration_string
+from django.utils.duration import duration_iso_string, duration_string
 from django.utils.encoding import is_protected_type, smart_str
 from django.utils.formats import localize_input, sanitize_separators
 from django.utils.ipv6 import clean_ipv6_address
@@ -35,7 +35,7 @@ try:
 except ImportError:
     pytz = None
 
-from rest_framework import ISO_8601
+from rest_framework import DJANGO_DURATION_FORMAT, ISO_8601
 from rest_framework.compat import ip_address_validators
 from rest_framework.exceptions import ErrorDetail, ValidationError
 from rest_framework.settings import api_settings
@@ -1351,9 +1351,22 @@ class DurationField(Field):
         'overflow': _('The number of days must be between {min_days} and {max_days}.'),
     }
 
-    def __init__(self, **kwargs):
+    def __init__(self, *, format=empty, **kwargs):
         self.max_value = kwargs.pop('max_value', None)
         self.min_value = kwargs.pop('min_value', None)
+        if format is not empty:
+            if format is None or (isinstance(format, str) and format.lower() in (ISO_8601, DJANGO_DURATION_FORMAT)):
+                self.format = format
+            elif isinstance(format, str):
+                raise ValueError(
+                    f"Unknown duration format provided, got '{format}'"
+                    " while expecting 'django', 'iso-8601' or `None`."
+                )
+            else:
+                raise TypeError(
+                    "duration format must be either str or `None`,"
+                    f" not {type(format).__name__}"
+                )
         super().__init__(**kwargs)
         if self.max_value is not None:
             message = lazy_format(self.error_messages['max_value'], max_value=self.max_value)
@@ -1376,7 +1389,26 @@ class DurationField(Field):
         self.fail('invalid', format='[DD] [HH:[MM:]]ss[.uuuuuu]')
 
     def to_representation(self, value):
-        return duration_string(value)
+        output_format = getattr(self, 'format', api_settings.DURATION_FORMAT)
+
+        if output_format is None:
+            return value
+
+        if isinstance(output_format, str):
+            if output_format.lower() == ISO_8601:
+                return duration_iso_string(value)
+
+            if output_format.lower() == DJANGO_DURATION_FORMAT:
+                return duration_string(value)
+
+            raise ValueError(
+                f"Unknown duration format provided, got '{output_format}'"
+                " while expecting 'django', 'iso-8601' or `None`."
+            )
+        raise TypeError(
+            "duration format must be either str or `None`,"
+            f" not {type(output_format).__name__}"
+        )
 
 
 # Choice types...

rest_framework/locale/es/LC_MESSAGES/django.po

@@ -10,12 +10,13 @@
 # Miguel Gonzalez <migonzalvar@gmail.com>, 2016
 # Miguel Gonzalez <migonzalvar@gmail.com>, 2015-2016
 # Sergio Infante <rsinfante@gmail.com>, 2015
+# Federico Bond <federicobond@gmail.com>, 2025
 msgid ""
 msgstr ""
 "Project-Id-Version: Django REST framework\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-10-13 21:45+0200\n"
-"PO-Revision-Date: 2020-10-13 19:45+0000\n"
+"PO-Revision-Date: 2025-05-19 00:05+1000\n"
 "Last-Translator: Xavier Ordoquy <xordoquy@linovia.com>\n"
 "Language-Team: Spanish (http://www.transifex.com/django-rest-framework-1/django-rest-framework/language/es/)\n"
 "MIME-Version: 1.0\n"
@@ -107,7 +108,7 @@ msgstr "Se ha producido un error en el servidor."
 
 #: exceptions.py:142
 msgid "Invalid input."
-msgstr ""
+msgstr "Entrada inválida."
 
 #: exceptions.py:161
 msgid "Malformed request."
@@ -150,12 +151,12 @@ msgstr "Solicitud fue regulada (throttled)."
 #: exceptions.py:224
 #, python-brace-format
 msgid "Expected available in {wait} second."
-msgstr ""
+msgstr "Se espera que esté disponible en {wait} segundo."
 
 #: exceptions.py:225
 #, python-brace-format
 msgid "Expected available in {wait} seconds."
-msgstr ""
+msgstr "Se espera que esté disponible en {wait} segundos."
 
 #: fields.py:316 relations.py:245 relations.py:279 validators.py:90
 #: validators.py:183
@@ -168,11 +169,11 @@ msgstr "Este campo no puede ser nulo."
 
 #: fields.py:701
 msgid "Must be a valid boolean."
-msgstr ""
+msgstr "Debe ser un booleano válido."
 
 #: fields.py:766
 msgid "Not a valid string."
-msgstr ""
+msgstr "No es una cadena válida."
 
 #: fields.py:767
 msgid "This field may not be blank."
@@ -204,9 +205,8 @@ msgstr "Introduzca un \"slug\" válido consistente en letras, números, guiones
 
 #: fields.py:839
 msgid ""
-"Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, "
-"or hyphens."
-msgstr ""
+"Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, or hyphens."
+msgstr "Introduzca un “slug” válido compuesto por letras Unicode, números, guiones bajos o medios."
 
 #: fields.py:854
 msgid "Enter a valid URL."
@@ -214,7 +214,7 @@ msgstr "Introduzca una URL válida."
 
 #: fields.py:867
 msgid "Must be a valid UUID."
-msgstr ""
+msgstr "Debe ser un UUID válido."
 
 #: fields.py:903
 msgid "Enter a valid IPv4 or IPv6 address."
@@ -272,11 +272,11 @@ msgstr "Se esperaba un fecha/hora en vez de una fecha."
 #: fields.py:1150
 #, python-brace-format
 msgid "Invalid datetime for the timezone \"{timezone}\"."
-msgstr ""
+msgstr "Fecha y hora inválida para la zona horaria \"{timezone}\"."
 
 #: fields.py:1151
 msgid "Datetime value out of range."
-msgstr ""
+msgstr "Valor de fecha y hora fuera de rango."
 
 #: fields.py:1236
 #, python-brace-format
@@ -357,12 +357,12 @@ msgstr "Esta lista no puede estar vacía."
 #: fields.py:1605
 #, python-brace-format
 msgid "Ensure this field has at least {min_length} elements."
-msgstr ""
+msgstr "Asegúrese de que este campo tiene al menos {min_length} elementos."
 
 #: fields.py:1606
 #, python-brace-format
 msgid "Ensure this field has no more than {max_length} elements."
-msgstr ""
+msgstr "Asegúrese de que este campo no tiene más de {max_length} elementos."
 
 #: fields.py:1682
 #, python-brace-format
@@ -371,7 +371,7 @@ msgstr "Se esperaba un diccionario de elementos en vez del tipo \"{input_type}\"
 
 #: fields.py:1683
 msgid "This dictionary may not be empty."
-msgstr ""
+msgstr "Este diccionario no debe estar vacío."
 
 #: fields.py:1755
 msgid "Value must be valid JSON."
@@ -383,7 +383,7 @@ msgstr "Buscar"
 
 #: filters.py:50
 msgid "A search term."
-msgstr ""
+msgstr "Un término de búsqueda."
 
 #: filters.py:180 templates/rest_framework/filters/ordering.html:3
 msgid "Ordering"
@@ -391,7 +391,7 @@ msgstr "Ordenamiento"
 
 #: filters.py:181
 msgid "Which field to use when ordering the results."
-msgstr ""
+msgstr "Qué campo usar para ordenar los resultados."
 
 #: filters.py:287
 msgid "ascending"
@@ -403,11 +403,11 @@ msgstr "descendiente"
 
 #: pagination.py:174
 msgid "A page number within the paginated result set."
-msgstr ""
+msgstr "Un número de página dentro del conjunto de resultados paginado."
 
 #: pagination.py:179 pagination.py:372 pagination.py:590
 msgid "Number of results to return per page."
-msgstr ""
+msgstr "Número de resultados a devolver por página."
 
 #: pagination.py:189
 msgid "Invalid page."
@@ -415,11 +415,11 @@ msgstr "Página inválida."
 
 #: pagination.py:374
 msgid "The initial index from which to return the results."
-msgstr ""
+msgstr "El índice inicial a partir del cual devolver los resultados."
 
 #: pagination.py:581
 msgid "The pagination cursor value."
-msgstr ""
+msgstr "El valor del cursor de paginación."
 
 #: pagination.py:583
 msgid "Invalid cursor"
@@ -463,20 +463,20 @@ msgstr "Valor inválido."
 
 #: schemas/utils.py:32
 msgid "unique integer value"
-msgstr ""
+msgstr "valor de entero único"
 
 #: schemas/utils.py:34
 msgid "UUID string"
-msgstr ""
+msgstr "Cadena UUID"
 
 #: schemas/utils.py:36
 msgid "unique value"
-msgstr ""
+msgstr "valor único"
 
 #: schemas/utils.py:38
 #, python-brace-format
 msgid "A {value_type} identifying this {name}."
-msgstr ""
+msgstr "Un {value_type} que identifique este {name}."
 
 #: serializers.py:337
 #, python-brace-format
@@ -486,7 +486,7 @@ msgstr "Datos inválidos. Se esperaba un diccionario pero es un {datatype}."
 #: templates/rest_framework/admin.html:116
 #: templates/rest_framework/base.html:136
 msgid "Extra Actions"
-msgstr ""
+msgstr "Acciones extras"
 
 #: templates/rest_framework/admin.html:130
 #: templates/rest_framework/base.html:150

rest_framework/locale/fr/LC_MESSAGES/django.po

@@ -6,16 +6,16 @@
 # Erwann Mest <m+transifex@kud.io>, 2019
 # Etienne Desgagné <etienne.desgagne@evimbec.ca>, 2015
 # Martin Maillard <martin.maillard@gmail.com>, 2015
-# Martin Maillard <martin.maillard@gmail.com>, 2015
 # Stéphane Raimbault <stephane.raimbault@gmail.com>, 2019
 # Xavier Ordoquy <xordoquy@linovia.com>, 2015-2016
+# Sébastien Corbin <seb.corbin@gmail.com>, 2025
 msgid ""
 msgstr ""
 "Project-Id-Version: Django REST framework\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-10-13 21:45+0200\n"
-"PO-Revision-Date: 2020-10-13 19:45+0000\n"
-"Last-Translator: Xavier Ordoquy <xordoquy@linovia.com>\n"
+"PO-Revision-Date: 2025-08-17 20:30+0200\n"
+"Last-Translator: Sébastien Corbin <seb.corbin@gmail.com>\n"
 "Language-Team: French (http://www.transifex.com/django-rest-framework-1/django-rest-framework/language/fr/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -52,8 +52,7 @@ msgid "Invalid token header. Token string should not contain spaces."
 msgstr "En-tête « token » non valide. Un token ne doit pas contenir d'espaces."
 
 #: authentication.py:193
-msgid ""
-"Invalid token header. Token string should not contain invalid characters."
+msgid "Invalid token header. Token string should not contain invalid characters."
 msgstr "En-tête « token » non valide. Un token ne doit pas contenir de caractères invalides."
 
 #: authentication.py:203
@@ -106,11 +105,11 @@ msgstr "Une erreur du serveur est survenue."
 
 #: exceptions.py:142
 msgid "Invalid input."
-msgstr ""
+msgstr "Entrée invalide."
 
 #: exceptions.py:161
 msgid "Malformed request."
-msgstr "Requête malformée"
+msgstr "Requête malformée."
 
 #: exceptions.py:167
 msgid "Incorrect authentication credentials."
@@ -149,12 +148,12 @@ msgstr "Requête ralentie."
 #: exceptions.py:224
 #, python-brace-format
 msgid "Expected available in {wait} second."
-msgstr ""
+msgstr "Disponible à nouveau dans {wait} seconde."
 
 #: exceptions.py:225
 #, python-brace-format
 msgid "Expected available in {wait} seconds."
-msgstr ""
+msgstr "Disponible à nouveau dans {wait} secondes."
 
 #: fields.py:316 relations.py:245 relations.py:279 validators.py:90
 #: validators.py:183
@@ -167,11 +166,11 @@ msgstr "Ce champ ne peut être nul."
 
 #: fields.py:701
 msgid "Must be a valid boolean."
-msgstr ""
+msgstr "Doit être un booléen valide."
 
 #: fields.py:766
 msgid "Not a valid string."
-msgstr ""
+msgstr "Chaîne de charactère invalide."
 
 #: fields.py:767
 msgid "This field may not be blank."
@@ -196,16 +195,12 @@ msgid "This value does not match the required pattern."
 msgstr "Cette valeur ne satisfait pas le motif imposé."
 
 #: fields.py:838
-msgid ""
-"Enter a valid \"slug\" consisting of letters, numbers, underscores or "
-"hyphens."
+msgid "Enter a valid \"slug\" consisting of letters, numbers, underscores or hyphens."
 msgstr "Ce champ ne doit contenir que des lettres, des nombres, des tirets bas _ et des traits d'union."
 
 #: fields.py:839
-msgid ""
-"Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, "
-"or hyphens."
-msgstr ""
+msgid "Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, or hyphens."
+msgstr "Ce champ ne doit contenir que des lettres Unicode, des nombres, des tirets bas _ et des traits d'union."
 
 #: fields.py:854
 msgid "Enter a valid URL."
@@ -213,7 +208,7 @@ msgstr "Saisissez une URL valide."
 
 #: fields.py:867
 msgid "Must be a valid UUID."
-msgstr ""
+msgstr "Doit être un UUID valide."
 
 #: fields.py:903
 msgid "Enter a valid IPv4 or IPv6 address."
@@ -226,7 +221,7 @@ msgstr "Un nombre entier valide est requis."
 #: fields.py:932 fields.py:969 fields.py:1005 fields.py:1366
 #, python-brace-format
 msgid "Ensure this value is less than or equal to {max_value}."
-msgstr "Assurez-vous que cette valeur est inférieure ou égale à {max_value}."
+msgstr "Assurez-vous que cette valeur est inférieure ou égale à {max_value}."
 
 #: fields.py:933 fields.py:970 fields.py:1006 fields.py:1367
 #, python-brace-format
@@ -248,15 +243,12 @@ msgstr "Assurez-vous qu'il n'y a pas plus de {max_digits} chiffres au total."
 
 #: fields.py:1008
 #, python-brace-format
-msgid ""
-"Ensure that there are no more than {max_decimal_places} decimal places."
+msgid "Ensure that there are no more than {max_decimal_places} decimal places."
 msgstr "Assurez-vous qu'il n'y a pas plus de {max_decimal_places} chiffres après la virgule."
 
 #: fields.py:1009
 #, python-brace-format
-msgid ""
-"Ensure that there are no more than {max_whole_digits} digits before the "
-"decimal point."
+msgid "Ensure that there are no more than {max_whole_digits} digits before the decimal point."
 msgstr "Assurez-vous qu'il n'y a pas plus de {max_whole_digits} chiffres avant la virgule."
 
 #: fields.py:1148
@@ -271,11 +263,11 @@ msgstr "Attendait une date + heure mais a reçu une date."
 #: fields.py:1150
 #, python-brace-format
 msgid "Invalid datetime for the timezone \"{timezone}\"."
-msgstr ""
+msgstr "Date et heure non valides pour le fuseau horaire \"{timezone}\"."
 
 #: fields.py:1151
 msgid "Datetime value out of range."
-msgstr ""
+msgstr "Valeur de date et heure hors de l'intervalle."
 
 #: fields.py:1236
 #, python-brace-format
@@ -325,8 +317,7 @@ msgid "No file was submitted."
 msgstr "Aucun fichier n'a été soumis."
 
 #: fields.py:1515
-msgid ""
-"The submitted data was not a file. Check the encoding type on the form."
+msgid "The submitted data was not a file. Check the encoding type on the form."
 msgstr "La donnée soumise n'est pas un fichier. Vérifiez le type d'encodage du formulaire."
 
 #: fields.py:1516
@@ -339,14 +330,11 @@ msgstr "Le fichier soumis est vide."
 
 #: fields.py:1518
 #, python-brace-format
-msgid ""
-"Ensure this filename has at most {max_length} characters (it has {length})."
+msgid "Ensure this filename has at most {max_length} characters (it has {length})."
 msgstr "Assurez-vous que le nom de fichier comporte au plus {max_length} caractères (il en comporte {length})."
 
 #: fields.py:1566
-msgid ""
-"Upload a valid image. The file you uploaded was either not an image or a "
-"corrupted image."
+msgid "Upload a valid image. The file you uploaded was either not an image or a corrupted image."
 msgstr "Transférez une image valide. Le fichier que vous avez transféré n'est pas une image, ou il est corrompu."
 
 #: fields.py:1604 relations.py:486 serializers.py:571
@@ -356,12 +344,12 @@ msgstr "Cette liste ne peut pas être vide."
 #: fields.py:1605
 #, python-brace-format
 msgid "Ensure this field has at least {min_length} elements."
-msgstr ""
+msgstr "Vérifier que ce champ a au moins {min_length} éléments."
 
 #: fields.py:1606
 #, python-brace-format
 msgid "Ensure this field has no more than {max_length} elements."
-msgstr ""
+msgstr "Vérifier que ce champ n'a pas plus de {max_length} éléments."
 
 #: fields.py:1682
 #, python-brace-format
@@ -370,7 +358,7 @@ msgstr "Attendait un dictionnaire d'éléments mais a reçu « {input_type} »
 
 #: fields.py:1683
 msgid "This dictionary may not be empty."
-msgstr ""
+msgstr "Ce dictionnaire ne peut être vide."
 
 #: fields.py:1755
 msgid "Value must be valid JSON."
@@ -382,7 +370,7 @@ msgstr "Recherche"
 
 #: filters.py:50
 msgid "A search term."
-msgstr ""
+msgstr "Un terme de recherche."
 
 #: filters.py:180 templates/rest_framework/filters/ordering.html:3
 msgid "Ordering"
@@ -390,7 +378,7 @@ msgstr "Ordre"
 
 #: filters.py:181
 msgid "Which field to use when ordering the results."
-msgstr ""
+msgstr "Quel champ utiliser pour classer les résultats."
 
 #: filters.py:287
 msgid "ascending"
@@ -402,11 +390,11 @@ msgstr "décroissant"
 
 #: pagination.py:174
 msgid "A page number within the paginated result set."
-msgstr ""
+msgstr "Un numéro de page de l'ensemble des résultats."
 
 #: pagination.py:179 pagination.py:372 pagination.py:590
 msgid "Number of results to return per page."
-msgstr ""
+msgstr "Nombre de résultats à retourner par page."
 
 #: pagination.py:189
 msgid "Invalid page."
@@ -414,11 +402,11 @@ msgstr "Page non valide."
 
 #: pagination.py:374
 msgid "The initial index from which to return the results."
-msgstr ""
+msgstr "L'index initial depuis lequel retourner les résultats."
 
 #: pagination.py:581
 msgid "The pagination cursor value."
-msgstr ""
+msgstr "La valeur du curseur de pagination."
 
 #: pagination.py:583
 msgid "Invalid cursor"
@@ -454,7 +442,7 @@ msgstr "Type incorrect. Attendait une URL, a reçu {data_type}."
 #: relations.py:448
 #, python-brace-format
 msgid "Object with {slug_name}={value} does not exist."
-msgstr "L'object avec {slug_name}={value} n'existe pas."
+msgstr "L'objet avec {slug_name}={value} n'existe pas."
 
 #: relations.py:449
 msgid "Invalid value."
@@ -462,20 +450,20 @@ msgstr "Valeur non valide."
 
 #: schemas/utils.py:32
 msgid "unique integer value"
-msgstr ""
+msgstr "valeur entière unique"
 
 #: schemas/utils.py:34
 msgid "UUID string"
-msgstr ""
+msgstr "Chaîne UUID"
 
 #: schemas/utils.py:36
 msgid "unique value"
-msgstr ""
+msgstr "valeur unique"
 
 #: schemas/utils.py:38
 #, python-brace-format
 msgid "A {value_type} identifying this {name}."
-msgstr ""
+msgstr "Un(une) {value_type} identifiant ce(cette) {name}."
 
 #: serializers.py:337
 #, python-brace-format
@@ -485,7 +473,7 @@ msgstr "Donnée non valide. Attendait un dictionnaire, a reçu {datatype}."
 #: templates/rest_framework/admin.html:116
 #: templates/rest_framework/base.html:136
 msgid "Extra Actions"
-msgstr ""
+msgstr "Actions supplémentaires"
 
 #: templates/rest_framework/admin.html:130
 #: templates/rest_framework/base.html:150
@@ -494,27 +482,27 @@ msgstr "Filtres"
 
 #: templates/rest_framework/base.html:37
 msgid "navbar"
-msgstr ""
+msgstr "barre de navigation"
 
 #: templates/rest_framework/base.html:75
 msgid "content"
-msgstr ""
+msgstr "contenu"
 
 #: templates/rest_framework/base.html:78
 msgid "request form"
-msgstr ""
+msgstr "formulaire de requête"
 
 #: templates/rest_framework/base.html:157
 msgid "main content"
-msgstr ""
+msgstr "contenu principal"
 
 #: templates/rest_framework/base.html:173
 msgid "request info"
-msgstr ""
+msgstr "information de la requête"
 
 #: templates/rest_framework/base.html:177
 msgid "response info"
-msgstr ""
+msgstr "information de la réponse"
 
 #: templates/rest_framework/horizontal/radio.html:4
 #: templates/rest_framework/inline/radio.html:3
@@ -540,7 +528,7 @@ msgstr "Les champs {field_names} doivent former un ensemble unique."
 #: validators.py:171
 #, python-brace-format
 msgid "Surrogate characters are not allowed: U+{code_point:X}."
-msgstr ""
+msgstr "Les caractères de substitution ne sont pas autorisés : U+{code_point:X}."
 
 #: validators.py:243
 #, python-brace-format

rest_framework/locale/kk/LC_MESSAGES/django.po

@@ -0,0 +1,578 @@
+# This file is distributed under the same license as the Django REST framework package.
+# Translators:
+# Dulat Kushibayev <kushibayev@gmail.com>, 2025
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Django REST framework\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2025-06-01 23:03+0300\n"
+"PO-Revision-Date: 2025-06-01 20:03+0000\n"
+"Last-Translator: Dulat Kushibayev <kushibayev@gmail.com>\n"
+"Language-Team: \n"
+"Language: kk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+#: authentication.py:70
+msgid "Invalid basic header. No credentials provided."
+msgstr "Негізгі тақырыптама дұрыс емес. Тіркелгі деректері берілмеген."
+
+#: authentication.py:73
+msgid "Invalid basic header. Credentials string should not contain spaces."
+msgstr "Негізгі тақырыптама дұрыс емес. Тіркелгі деректері бос орындарсыз болуы керек."
+
+#: authentication.py:84
+msgid "Invalid basic header. Credentials not correctly base64 encoded."
+msgstr "Негізгі тақырыптама дұрыс емес. Тіркелгі деректері base64 форматында дұрыс кодталмаған."
+
+#: authentication.py:101
+msgid "Invalid username/password."
+msgstr "Қате пайдаланушы аты немесе құпиясөз."
+
+#: authentication.py:104 authentication.py:206
+msgid "User inactive or deleted."
+msgstr "Пайдаланушы өшірулі немесе жойылған."
+
+#: authentication.py:184
+msgid "Invalid token header. No credentials provided."
+msgstr "Токен тақырыптамасы дұрыс емес. Тіркелгі деректері берілмеген."
+
+#: authentication.py:187
+msgid "Invalid token header. Token string should not contain spaces."
+msgstr "Токен тақырыптамасы дұрыс емес. Токен жолында бос орын болмауы керек."
+
+#: authentication.py:193
+msgid ""
+"Invalid token header. Token string should not contain invalid characters."
+msgstr "Токен тақырыптамасы дұрыс емес. Токен құрамында жарамсыз таңбалар болмауы керек."
+
+#: authentication.py:203
+msgid "Invalid token."
+msgstr "Жарамсыз токен."
+
+#: authtoken/admin.py:28 authtoken/serializers.py:9
+msgid "Username"
+msgstr "Пайдаланушы аты"
+
+#: authtoken/apps.py:7
+msgid "Auth Token"
+msgstr "Аутентификация токені"
+
+#: authtoken/models.py:13
+msgid "Key"
+msgstr "Кілт"
+
+#: authtoken/models.py:16
+msgid "User"
+msgstr "Пайдаланушы"
+
+#: authtoken/models.py:18
+msgid "Created"
+msgstr "Құрылған"
+
+#: authtoken/models.py:27 authtoken/models.py:54 authtoken/serializers.py:19
+msgid "Token"
+msgstr "Токен"
+
+#: authtoken/models.py:28 authtoken/models.py:55
+msgid "Tokens"
+msgstr "Токендер"
+
+#: authtoken/serializers.py:13
+msgid "Password"
+msgstr "Құпиясөз"
+
+#: authtoken/serializers.py:35
+msgid "Unable to log in with provided credentials."
+msgstr "Берілген тіркелгі деректерімен кіру мүмкін емес."
+
+#: authtoken/serializers.py:38
+msgid "Must include \"username\" and \"password\"."
+msgstr "\"username\" мен \"password\" енгізілуі керек."
+
+#: exceptions.py:105
+msgid "A server error occurred."
+msgstr "Серверде қате орын алды."
+
+#: exceptions.py:145
+msgid "Invalid input."
+msgstr "Қате енгізу деректері."
+
+#: exceptions.py:166
+msgid "Malformed request."
+msgstr "Сұраныс дұрыс құрылмаған."
+
+#: exceptions.py:172
+msgid "Incorrect authentication credentials."
+msgstr "Аутентификация деректері қате."
+
+#: exceptions.py:178
+msgid "Authentication credentials were not provided."
+msgstr "Аутентификация деректері берілмеген."
+
+#: exceptions.py:184
+msgid "You do not have permission to perform this action."
+msgstr "Бұл әрекетті орындауға рұқсатыңыз жоқ."
+
+#: exceptions.py:190
+msgid "Not found."
+msgstr "Табылмады."
+
+#: exceptions.py:196
+#, python-brace-format
+msgid "Method \"{method}\" not allowed."
+msgstr "\"{method}\" әдісіне рұқсат етілмейді."
+
+#: exceptions.py:207
+msgid "Could not satisfy the request Accept header."
+msgstr "Сұраныстағы Accept тақырыбын қанағаттандыру мүмкін емес."
+
+#: exceptions.py:217
+#, python-brace-format
+msgid "Unsupported media type \"{media_type}\" in request."
+msgstr "Сұраныстағы \"{media_type}\" медиа түрі қолдау көрсетілмейді."
+
+#: exceptions.py:228
+msgid "Request was throttled."
+msgstr "Сұраныс жиілігі шектелді."
+
+#: exceptions.py:229
+#, python-brace-format
+msgid "Expected available in {wait} second."
+msgstr "{wait} секундтан кейін қайта қолжетімді болады."
+
+#: exceptions.py:230
+#, python-brace-format
+msgid "Expected available in {wait} seconds."
+msgstr "{wait} секундтан кейін қайта қолжетімді болады."
+
+#: fields.py:292 relations.py:240 relations.py:276 validators.py:112
+#: validators.py:238
+msgid "This field is required."
+msgstr "Бұл мән міндетті."
+
+#: fields.py:293
+msgid "This field may not be null."
+msgstr "Бұл мән null болмауы керек."
+
+#: fields.py:661
+msgid "Must be a valid boolean."
+msgstr "Дұрыс логикалық мән болуы керек."
+
+#: fields.py:724
+msgid "Not a valid string."
+msgstr "Мәтін дұрыс емес."
+
+#: fields.py:725
+msgid "This field may not be blank."
+msgstr "Бұл мән бос болмауы керек."
+
+#: fields.py:726 fields.py:1881
+#, python-brace-format
+msgid "Ensure this field has no more than {max_length} characters."
+msgstr "Бұл мән ең көбі {max_length} таңбадан аспауы керек."
+
+#: fields.py:727
+#, python-brace-format
+msgid "Ensure this field has at least {min_length} characters."
+msgstr "Бұл мән кемінде {min_length} таңба болуы керек."
+
+#: fields.py:774
+msgid "Enter a valid email address."
+msgstr "Дұрыс электрондық пошта енгізіңіз."
+
+#: fields.py:785
+msgid "This value does not match the required pattern."
+msgstr "Бұл мән қажетті үлгіге сәйкес келмейді."
+
+#: fields.py:796
+msgid ""
+"Enter a valid \"slug\" consisting of letters, numbers, underscores or "
+"hyphens."
+msgstr "Әріптерден, сандардан, астын сызу және сызықшалардан тұратын дұрыс \"slug\" енгізіңіз."
+
+#: fields.py:797
+msgid ""
+"Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, "
+"or hyphens."
+msgstr "Юникод әріптері, сандар, астын сызу және сызықшалардан тұратын дұрыс \"slug\" енгізіңіз."
+
+#: fields.py:812
+msgid "Enter a valid URL."
+msgstr "Дұрыс URL енгізіңіз."
+
+#: fields.py:825
+msgid "Must be a valid UUID."
+msgstr "Дұрыс UUID болуы керек."
+
+#: fields.py:861
+msgid "Enter a valid IPv4 or IPv6 address."
+msgstr "Дұрыс IPv4 немесе IPv6 адрес енгізіңіз."
+
+#: fields.py:889
+msgid "A valid integer is required."
+msgstr "Дұрыс бүтін сан енгізілуі қажет."
+
+#: fields.py:890 fields.py:927 fields.py:966 fields.py:1349
+#, python-brace-format
+msgid "Ensure this value is less than or equal to {max_value}."
+msgstr "Бұл мән {max_value} немесе одан аз болуы керек."
+
+#: fields.py:891 fields.py:928 fields.py:967 fields.py:1350
+#, python-brace-format
+msgid "Ensure this value is greater than or equal to {min_value}."
+msgstr "Бұл мән кемінде {min_value} болуы керек."
+
+#: fields.py:892 fields.py:929 fields.py:971
+msgid "String value too large."
+msgstr "Жолдың мәні тым үлкен."
+
+#: fields.py:926 fields.py:965
+msgid "A valid number is required."
+msgstr "Дұрыс сан енгізілуі керек."
+
+#: fields.py:930
+msgid "Integer value too large to convert to float"
+msgstr "Бүтін сан тым үлкен - қалқымалы санға айналдыру мүмкін емес."
+
+#: fields.py:968
+#, python-brace-format
+msgid "Ensure that there are no more than {max_digits} digits in total."
+msgstr "Барлығы {max_digits} саннан аспауы керек."
+
+#: fields.py:969
+#, python-brace-format
+msgid "Ensure that there are no more than {max_decimal_places} decimal places."
+msgstr "Ондық бөлшектер саны ең көбі {max_decimal_places} болуы керек."
+
+#: fields.py:970
+#, python-brace-format
+msgid ""
+"Ensure that there are no more than {max_whole_digits} digits before the "
+"decimal point."
+msgstr "Ондық нүктеге дейінгі сандар саны ең көбі {max_whole_digits} болуы керек."
+
+#: fields.py:1129
+#, python-brace-format
+msgid "Datetime has wrong format. Use one of these formats instead: {format}."
+msgstr "Datetime пішімі дұрыс емес. Осы пішімдердің бірін пайдаланыңыз: {format}."
+
+#: fields.py:1130
+msgid "Expected a datetime but got a date."
+msgstr "Күтілгені - datetime, берілгені - date."
+
+#: fields.py:1131
+#, python-brace-format
+msgid "Invalid datetime for the timezone \"{timezone}\"."
+msgstr "\"{timezone}\" уақыт белдеуі үшін күн мен уақыт дұрыс емес."
+
+#: fields.py:1132
+msgid "Datetime value out of range."
+msgstr "Datetime мәні рұқсат етілген ауқымнан тыс."
+
+#: fields.py:1219
+#, python-brace-format
+msgid "Date has wrong format. Use one of these formats instead: {format}."
+msgstr "Date пішімі дұрыс емес. Осы пішімдердің бірін пайдаланыңыз: {format}."
+
+#: fields.py:1220
+msgid "Expected a date but got a datetime."
+msgstr "Күтілгені - date, берілгені - datetime."
+
+#: fields.py:1286
+#, python-brace-format
+msgid "Time has wrong format. Use one of these formats instead: {format}."
+msgstr "Уақыт пішімі дұрыс емес. Осы пішімдердің бірін пайдаланыңыз: {format}."
+
+#: fields.py:1348
+#, python-brace-format
+msgid "Duration has wrong format. Use one of these formats instead: {format}."
+msgstr "Ұзақтық пішімі дұрыс емес. Осы пішімдердің бірін пайдаланыңыз: {format}."
+
+#: fields.py:1351
+#, python-brace-format
+msgid "The number of days must be between {min_days} and {max_days}."
+msgstr "Күндер саны {min_days} бен {max_days} аралығында болуы керек."
+
+#: fields.py:1386 fields.py:1446
+#, python-brace-format
+msgid "\"{input}\" is not a valid choice."
+msgstr "\"{input}\" - дұрыс таңдау емес."
+
+#: fields.py:1389
+#, python-brace-format
+msgid "More than {count} items..."
+msgstr "{count} элементтен артық..."
+
+#: fields.py:1447 fields.py:1596 relations.py:486 serializers.py:595
+#, python-brace-format
+msgid "Expected a list of items but got type \"{input_type}\"."
+msgstr "Элементтер тізімі күтілді, бірақ \"{input_type}\" түрі берілген."
+
+#: fields.py:1448
+msgid "This selection may not be empty."
+msgstr "Бұл таңдау бос болмауы керек."
+
+#: fields.py:1487
+#, python-brace-format
+msgid "\"{input}\" is not a valid path choice."
+msgstr "\"{input}\" - дұрыс жол таңдауы емес."
+
+#: fields.py:1507
+msgid "No file was submitted."
+msgstr "Файл жіберілмеді."
+
+#: fields.py:1508
+msgid "The submitted data was not a file. Check the encoding type on the form."
+msgstr "Жіберілген деректер файл емес. Формадағы кодтау түрін тексеріңіз."
+
+#: fields.py:1509
+msgid "No filename could be determined."
+msgstr "Файл атауы анықталмады."
+
+#: fields.py:1510
+msgid "The submitted file is empty."
+msgstr "Жіберілген файл бос."
+
+#: fields.py:1511
+#, python-brace-format
+msgid ""
+"Ensure this filename has at most {max_length} characters (it has {length})."
+msgstr "Файл атауы {max_length} таңбадан аспауы керек (қазір - {length})."
+
+#: fields.py:1559
+msgid ""
+"Upload a valid image. The file you uploaded was either not an image or a "
+"corrupted image."
+msgstr "Дұрыс кескін жүктеңіз. Жүктелген файл кескін емес немесе бүлінген."
+
+#: fields.py:1597 relations.py:487 serializers.py:596
+msgid "This list may not be empty."
+msgstr "Бұл тізім бос болмауы керек."
+
+#: fields.py:1598 serializers.py:598
+#, python-brace-format
+msgid "Ensure this field has at least {min_length} elements."
+msgstr "Бұл мәнде кемінде {min_length} элемент болуы керек."
+
+#: fields.py:1599 serializers.py:597
+#, python-brace-format
+msgid "Ensure this field has no more than {max_length} elements."
+msgstr "Бұл мәнде {max_length} элементтен көп болмауы керек."
+
+#: fields.py:1677
+#, python-brace-format
+msgid "Expected a dictionary of items but got type \"{input_type}\"."
+msgstr "Элементтер жиыны ретінде сөздік күтілді, бірақ \"{input_type}\" түрі берілген."
+
+#: fields.py:1678
+msgid "This dictionary may not be empty."
+msgstr "Бұл сөздік бос болмауы керек."
+
+#: fields.py:1750
+msgid "Value must be valid JSON."
+msgstr "Мән дұрыс JSON пішімінде болуы керек."
+
+#: filters.py:72 templates/rest_framework/filters/search.html:2
+#: templates/rest_framework/filters/search.html:8
+msgid "Search"
+msgstr "Іздеу"
+
+#: filters.py:73
+msgid "A search term."
+msgstr "Іздеу сөзі."
+
+#: filters.py:224 templates/rest_framework/filters/ordering.html:3
+msgid "Ordering"
+msgstr "Реттеу"
+
+#: filters.py:225
+msgid "Which field to use when ordering the results."
+msgstr "Нәтижелерді реттеу үшін қай мән пайдалану керектігін көрсетеді."
+
+#: filters.py:341
+msgid "ascending"
+msgstr "өсу ретімен"
+
+#: filters.py:342
+msgid "descending"
+msgstr "кему ретімен"
+
+#: pagination.py:180
+msgid "A page number within the paginated result set."
+msgstr "Беттелген нәтиже жиынындағы бет нөмірі."
+
+#: pagination.py:185 pagination.py:382 pagination.py:599
+msgid "Number of results to return per page."
+msgstr "Әр бетте қайтарылатын нәтиже саны."
+
+#: pagination.py:195
+msgid "Invalid page."
+msgstr "Қате бет нөмірі."
+
+#: pagination.py:384
+msgid "The initial index from which to return the results."
+msgstr "Нәтижелер қайтарылатын бастапқы индекс."
+
+#: pagination.py:590
+msgid "The pagination cursor value."
+msgstr "Нәтижелерді беттеуге арналған курсор мәні."
+
+#: pagination.py:592
+msgid "Invalid cursor"
+msgstr "Қате курсор"
+
+#: relations.py:241
+#, python-brace-format
+msgid "Invalid pk \"{pk_value}\" - object does not exist."
+msgstr "Қате pk \"{pk_value}\" - нысан табылмады."
+
+#: relations.py:242
+#, python-brace-format
+msgid "Incorrect type. Expected pk value, received {data_type}."
+msgstr "Дерек түрі дұрыс емес. Күтілгені - pk мәні, берілгені - {data_type}."
+
+#: relations.py:277
+msgid "Invalid hyperlink - No URL match."
+msgstr "Қате гиперсілтеме - URL сәйкестігі жоқ."
+
+#: relations.py:278
+msgid "Invalid hyperlink - Incorrect URL match."
+msgstr "Қате гиперсілтеме - URL сәйкестігі дұрыс емес."
+
+#: relations.py:279
+msgid "Invalid hyperlink - Object does not exist."
+msgstr "Қате гиперсілтеме - нысан табылмады."
+
+#: relations.py:280
+#, python-brace-format
+msgid "Incorrect type. Expected URL string, received {data_type}."
+msgstr "Дерек түрі дұрыс емес. Күтілгені - URL жолы, берілгені - {data_type}"
+
+#: relations.py:445
+#, python-brace-format
+msgid "Object with {slug_name}={value} does not exist."
+msgstr "{slug_name}={value} параметрі бар нысан табылмады."
+
+#: relations.py:446
+msgid "Invalid value."
+msgstr "Қате мән."
+
+#: schemas/utils.py:32
+msgid "unique integer value"
+msgstr "бірегей бүтін сан мәні"
+
+#: schemas/utils.py:34
+msgid "UUID string"
+msgstr "UUID жолы"
+
+#: schemas/utils.py:36
+msgid "unique value"
+msgstr "бірегей мән"
+
+#: schemas/utils.py:38
+#, python-brace-format
+msgid "A {value_type} identifying this {name}."
+msgstr "{name} нысанын анықтайтын {value_type}."
+
+#: serializers.py:342
+#, python-brace-format
+msgid "Invalid data. Expected a dictionary, but got {datatype}."
+msgstr "Деректер қате. Күтілгені - сөздік түрі, берілгені - {datatype}."
+
+#: templates/rest_framework/admin.html:116
+#: templates/rest_framework/base.html:136
+msgid "Extra Actions"
+msgstr "Қосымша әрекеттер"
+
+#: templates/rest_framework/admin.html:130
+#: templates/rest_framework/base.html:150
+msgid "Filters"
+msgstr "Сүзгілер"
+
+#: templates/rest_framework/base.html:37
+msgid "navbar"
+msgstr "навигация панелі"
+
+#: templates/rest_framework/base.html:75
+msgid "content"
+msgstr "мазмұн"
+
+#: templates/rest_framework/base.html:78
+msgid "request form"
+msgstr "сұрау формасы"
+
+#: templates/rest_framework/base.html:157
+msgid "main content"
+msgstr "негізгі бөлім"
+
+#: templates/rest_framework/base.html:173
+msgid "request info"
+msgstr "сұрау ақпараты"
+
+#: templates/rest_framework/base.html:177
+msgid "response info"
+msgstr "жауап ақпараты"
+
+#: templates/rest_framework/horizontal/radio.html:4
+#: templates/rest_framework/inline/radio.html:3
+#: templates/rest_framework/vertical/radio.html:3
+msgid "None"
+msgstr "Ешқайсысы"
+
+#: templates/rest_framework/horizontal/select_multiple.html:4
+#: templates/rest_framework/inline/select_multiple.html:3
+#: templates/rest_framework/vertical/select_multiple.html:3
+msgid "No items to select."
+msgstr "Таңдайтын элементтер жоқ."
+
+#: validators.py:52
+msgid "This field must be unique."
+msgstr "Бұл енгізу жолы бірегей болуы керек."
+
+#: validators.py:111
+#, python-brace-format
+msgid "The fields {field_names} must make a unique set."
+msgstr "{field_names} енгізу жолдары бірегей жинақ құрауы тиіс."
+
+#: validators.py:219
+#, python-brace-format
+msgid "Surrogate characters are not allowed: U+{code_point:X}."
+msgstr "Суррогат таңбалар рұқсат етілмейді: U+{code_point:X}."
+
+#: validators.py:309
+#, python-brace-format
+msgid "This field must be unique for the \"{date_field}\" date."
+msgstr "\"{date_field}\" күніне бұл енгізу жолы бірегей болуы керек."
+
+#: validators.py:324
+#, python-brace-format
+msgid "This field must be unique for the \"{date_field}\" month."
+msgstr "\"{date_field}\" айына бұл енгізу жолы бірегей болуы керек."
+
+#: validators.py:337
+#, python-brace-format
+msgid "This field must be unique for the \"{date_field}\" year."
+msgstr "\"{date_field}\" жылына бұл енгізу жолы бірегей болуы керек."
+
+#: versioning.py:40
+msgid "Invalid version in \"Accept\" header."
+msgstr "\"Accept\" тақырыбында нұсқа дұрыс көрсетілмеген."
+
+#: versioning.py:71
+msgid "Invalid version in URL path."
+msgstr "URL жолында нұсқа қате көрсетілген."
+
+#: versioning.py:118
+msgid "Invalid version in URL path. Does not match any version namespace."
+msgstr "URL жолында нұсқа дұрыс көрсетілмеген. Ешбір нұсқа кеңістігімен сәйкес келмейді."
+
+#: versioning.py:150
+msgid "Invalid version in hostname."
+msgstr "Хост атауында нұсқа қате көрсетілген."
+
+#: versioning.py:172
+msgid "Invalid version in query parameter."
+msgstr "Сұраныс параметрінде нұсқа қате көрсетілген."

rest_framework/locale/tr/LC_MESSAGES/django.po

@@ -11,6 +11,7 @@
 # Murat Çorlu <muratcorlu@me.com>, 2015
 # Recep KIRMIZI <rkirmizi@gmail.com>, 2015
 # Ülgen Sarıkavak <ulgensrkvk@gmail.com>, 2015
+# Sezer BOZKIR <natgho@hotmail.com>, 2025
 msgid ""
 msgstr ""
 "Project-Id-Version: Django REST framework\n"
@@ -108,7 +109,7 @@ msgstr "Sunucu hatası oluştu."
 
 #: exceptions.py:142
 msgid "Invalid input."
-msgstr ""
+msgstr "Geçersiz girdi."
 
 #: exceptions.py:161
 msgid "Malformed request."
@@ -151,12 +152,12 @@ msgstr "Üst üste çok fazla istek yapıldı."
 #: exceptions.py:224
 #, python-brace-format
 msgid "Expected available in {wait} second."
-msgstr ""
+msgstr "{wait} saniye içinde erişilebilir olması bekleniyor."
 
 #: exceptions.py:225
 #, python-brace-format
 msgid "Expected available in {wait} seconds."
-msgstr ""
+msgstr "{wait} saniye içinde erişilebilir olması bekleniyor."
 
 #: fields.py:316 relations.py:245 relations.py:279 validators.py:90
 #: validators.py:183
@@ -169,11 +170,11 @@ msgstr "Bu alan boş bırakılmamalı."
 
 #: fields.py:701
 msgid "Must be a valid boolean."
-msgstr ""
+msgstr "Geçerli bir boolean olmalı."
 
 #: fields.py:766
 msgid "Not a valid string."
-msgstr ""
+msgstr "Geçerli bir string değil."
 
 #: fields.py:767
 msgid "This field may not be blank."
@@ -215,7 +216,7 @@ msgstr "Geçerli bir URL girin."
 
 #: fields.py:867
 msgid "Must be a valid UUID."
-msgstr ""
+msgstr "Geçerli bir UUID olmalı."
 
 #: fields.py:903
 msgid "Enter a valid IPv4 or IPv6 address."
@@ -273,11 +274,11 @@ msgstr "Datetime değeri bekleniyor, ama date değeri geldi."
 #: fields.py:1150
 #, python-brace-format
 msgid "Invalid datetime for the timezone \"{timezone}\"."
-msgstr ""
+msgstr "\"{timezone}\" zaman dilimi için geçersiz datetime."
 
 #: fields.py:1151
 msgid "Datetime value out of range."
-msgstr ""
+msgstr "Datetime değeri aralığın dışında."
 
 #: fields.py:1236
 #, python-brace-format
@@ -358,12 +359,12 @@ msgstr "Bu liste boş olmamalı."
 #: fields.py:1605
 #, python-brace-format
 msgid "Ensure this field has at least {min_length} elements."
-msgstr ""
+msgstr "Bu alanın en az {min_length} eleman içerdiğinden emin olun."
 
 #: fields.py:1606
 #, python-brace-format
 msgid "Ensure this field has no more than {max_length} elements."
-msgstr ""
+msgstr "Bu alanın en fazla {max_length} eleman içerdiğinden emin olun."
 
 #: fields.py:1682
 #, python-brace-format
@@ -372,7 +373,7 @@ msgstr "Sözlük tipi bir değişken beklenirken \"{input_type}\" tipi bir deği
 
 #: fields.py:1683
 msgid "This dictionary may not be empty."
-msgstr ""
+msgstr "Bu sözlük boş olmamalı."
 
 #: fields.py:1755
 msgid "Value must be valid JSON."
@@ -384,7 +385,7 @@ msgstr "Arama"
 
 #: filters.py:50
 msgid "A search term."
-msgstr ""
+msgstr "Bir arama terimi."
 
 #: filters.py:180 templates/rest_framework/filters/ordering.html:3
 msgid "Ordering"
@@ -392,23 +393,23 @@ msgstr "Sıralama"
 
 #: filters.py:181
 msgid "Which field to use when ordering the results."
-msgstr ""
+msgstr "Sonuçların sıralanmasında kullanılacak alan."
 
 #: filters.py:287
 msgid "ascending"
-msgstr ""
+msgstr "artan"
 
 #: filters.py:288
 msgid "descending"
-msgstr ""
+msgstr "azalan"
 
 #: pagination.py:174
 msgid "A page number within the paginated result set."
-msgstr ""
+msgstr "Sayfalanmış sonuç kümesinde bir sayfa numarası."
 
 #: pagination.py:179 pagination.py:372 pagination.py:590
 msgid "Number of results to return per page."
-msgstr ""
+msgstr "Her sayfada döndürülecek sonuç sayısı."
 
 #: pagination.py:189
 msgid "Invalid page."
@@ -416,11 +417,11 @@ msgstr "Geçersiz sayfa."
 
 #: pagination.py:374
 msgid "The initial index from which to return the results."
-msgstr ""
+msgstr "Döndürülecek sonuçların başlangıç indeksi."
 
 #: pagination.py:581
 msgid "The pagination cursor value."
-msgstr ""
+msgstr "Sayfalandırma imleci değeri."
 
 #: pagination.py:583
 msgid "Invalid cursor"
@@ -464,20 +465,20 @@ msgstr "Geçersiz değer."
 
 #: schemas/utils.py:32
 msgid "unique integer value"
-msgstr ""
+msgstr "benzersiz tamsayı değeri"
 
 #: schemas/utils.py:34
 msgid "UUID string"
-msgstr ""
+msgstr "UUID metni"
 
 #: schemas/utils.py:36
 msgid "unique value"
-msgstr ""
+msgstr "benzersiz değer"
 
 #: schemas/utils.py:38
 #, python-brace-format
 msgid "A {value_type} identifying this {name}."
-msgstr ""
+msgstr "Bir {name} öğesini tanımlayan {value_type}."
 
 #: serializers.py:337
 #, python-brace-format
@@ -487,7 +488,7 @@ msgstr "Geçersiz veri. Sözlük bekleniyordu fakat {datatype} geldi. "
 #: templates/rest_framework/admin.html:116
 #: templates/rest_framework/base.html:136
 msgid "Extra Actions"
-msgstr ""
+msgstr "Ekstra Eylemler"
 
 #: templates/rest_framework/admin.html:130
 #: templates/rest_framework/base.html:150
@@ -496,27 +497,27 @@ msgstr "Filtreler"
 
 #: templates/rest_framework/base.html:37
 msgid "navbar"
-msgstr ""
+msgstr "navigasyon çubuğu"
 
 #: templates/rest_framework/base.html:75
 msgid "content"
-msgstr ""
+msgstr "içerik"
 
 #: templates/rest_framework/base.html:78
 msgid "request form"
-msgstr ""
+msgstr "istek formu"
 
 #: templates/rest_framework/base.html:157
 msgid "main content"
-msgstr ""
+msgstr "ana içerik"
 
 #: templates/rest_framework/base.html:173
 msgid "request info"
-msgstr ""
+msgstr "istek bilgisi"
 
 #: templates/rest_framework/base.html:177
 msgid "response info"
-msgstr ""
+msgstr "cevap bilgisi"
 
 #: templates/rest_framework/horizontal/radio.html:4
 #: templates/rest_framework/inline/radio.html:3
@@ -542,7 +543,7 @@ msgstr "{field_names} hep birlikte eşsiz bir küme oluşturmalılar."
 #: validators.py:171
 #, python-brace-format
 msgid "Surrogate characters are not allowed: U+{code_point:X}."
-msgstr ""
+msgstr "Yerine konulmuş karakterlere izin verilmiyor: U+{code_point:X}."
 
 #: validators.py:243
 #, python-brace-format
@@ -569,7 +570,7 @@ msgstr "URL dizininde geçersiz versiyon."
 
 #: versioning.py:116
 msgid "Invalid version in URL path. Does not match any version namespace."
-msgstr ""
+msgstr "Geçersiz versiyon URL dizininde. Hiçbir versiyon ad alanı ile eşleşmiyor."
 
 #: versioning.py:148
 msgid "Invalid version in hostname."

rest_framework/schemas/openapi.py

@@ -428,7 +428,7 @@ class AutoSchema(ViewInspector):
             }
 
         # "Formats such as "email", "uuid", and so on, MAY be used even though undefined by this specification."
-        # see: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#data-types
+        # see: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#data-types
         # see also: https://swagger.io/docs/specification/data-models/data-types/#string
         if isinstance(field, serializers.EmailField):
             return {
@@ -555,7 +555,7 @@ class AutoSchema(ViewInspector):
         """
         for v in field.validators:
             # "Formats such as "email", "uuid", and so on, MAY be used even though undefined by this specification."
-            # https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#data-types
+            # https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#data-types
             if isinstance(v, EmailValidator):
                 schema['format'] = 'email'
             if isinstance(v, URLValidator):

rest_framework/serializers.py

@@ -1469,12 +1469,13 @@ class ModelSerializer(Serializer):
                                         model_field.unique_for_year}
 
         unique_constraint_names -= {None}
+        model_fields_names = set(model_fields.keys())
 
         # Include each of the `unique_together` and `UniqueConstraint` field names,
         # so long as all the field names are included on the serializer.
         for unique_together_list, queryset, condition_fields, condition in self.get_unique_together_constraints(model):
             unique_together_list_and_condition_fields = set(unique_together_list) | set(condition_fields)
-            if set(field_names).issuperset(unique_together_list_and_condition_fields):
+            if model_fields_names.issuperset(unique_together_list_and_condition_fields):
                 unique_constraint_names |= unique_together_list_and_condition_fields
 
         # Now we have all the field names that have uniqueness constraints

rest_framework/settings.py

@@ -24,7 +24,7 @@ from django.conf import settings
 from django.core.signals import setting_changed
 from django.utils.module_loading import import_string
 
-from rest_framework import ISO_8601
+from rest_framework import DJANGO_DURATION_FORMAT, ISO_8601
 
 DEFAULTS = {
     # Base API policies
@@ -109,6 +109,8 @@ DEFAULTS = {
     'TIME_FORMAT': ISO_8601,
     'TIME_INPUT_FORMATS': [ISO_8601],
 
+    'DURATION_FORMAT': DJANGO_DURATION_FORMAT,
+
     # Encoding
     'UNICODE_JSON': True,
     'COMPACT_JSON': True,

rest_framework/validators.py

@@ -189,7 +189,12 @@ class UniqueTogetherValidator:
             ]
 
         condition_sources = (serializer.fields[field_name].source for field_name in self.condition_fields)
-        condition_kwargs = {source: attrs[source] for source in condition_sources}
+        condition_kwargs = {
+            source: attrs[source]
+            if source in attrs
+            else getattr(serializer.instance, source)
+            for source in condition_sources
+        }
         if checked_values and None not in checked_values and qs_exists_with_condition(queryset, self.condition, condition_kwargs):
             field_names = ', '.join(self.fields)
             message = self.message.format(field_names=field_names)

setup.cfg

@@ -1,36 +1,3 @@
-[metadata]
-license_files = LICENSE.md
-
-[tool:pytest]
-addopts=--tb=short --strict-markers -ra
-testpaths = tests
-filterwarnings = ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF317Warning
-
 [flake8]
 ignore = E501,W503,W504
 banned-modules = json = use from rest_framework.utils import json!
-
-[isort]
-skip=.tox
-atomic=true
-multi_line_output=5
-extra_standard_library=types
-known_third_party=pytest,_pytest,django,pytz,uritemplate
-known_first_party=rest_framework,tests
-
-[coverage:run]
-# NOTE: source is ignored with pytest-cov (but uses the same).
-source = .
-include = rest_framework/*,tests/*
-branch = 1
-
-[coverage:report]
-include = rest_framework/*,tests/*
-exclude_lines =
-    pragma: no cover
-    raise NotImplementedError
-
-[codespell]
-# Ref: https://github.com/codespell-project/codespell#using-a-config-file
-skip = */kickstarter-announcement.md,*.js,*.map,*.po
-ignore-words-list = fo,malcom,ser

setup.py

@@ -1,119 +0,0 @@
-import os
-import re
-import shutil
-import sys
-
-from setuptools import find_packages, setup
-
-CURRENT_PYTHON = sys.version_info[:2]
-REQUIRED_PYTHON = (3, 9)
-
-# This check and everything above must remain compatible with Python 2.7.
-if CURRENT_PYTHON < REQUIRED_PYTHON:
-    sys.stderr.write("""
-==========================
-Unsupported Python version
-==========================
-
-This version of Django REST Framework requires Python {}.{}, but you're trying
-to install it on Python {}.{}.
-
-This may be because you are using a version of pip that doesn't
-understand the python_requires classifier. Make sure you
-have pip >= 9.0 and setuptools >= 24.2, then try again:
-
-    $ python -m pip install --upgrade pip setuptools
-    $ python -m pip install djangorestframework
-
-This will install the latest version of Django REST Framework which works on
-your version of Python. If you can't upgrade your pip (or Python), request
-an older version of Django REST Framework:
-
-    $ python -m pip install "djangorestframework<3.10"
-""".format(*(REQUIRED_PYTHON + CURRENT_PYTHON)))
-    sys.exit(1)
-
-
-def read(f):
-    with open(f, encoding='utf-8') as file:
-        return file.read()
-
-
-def get_version(package):
-    """
-    Return package version as listed in `__version__` in `init.py`.
-    """
-    init_py = open(os.path.join(package, '__init__.py')).read()
-    return re.search("__version__ = ['\"]([^'\"]+)['\"]", init_py).group(1)
-
-
-version = get_version('rest_framework')
-
-
-if sys.argv[-1] == 'publish':
-    if os.system("pip freeze | grep twine"):
-        print("twine not installed.\nUse `pip install twine`.\nExiting.")
-        sys.exit()
-    os.system("python setup.py sdist bdist_wheel")
-    if os.system("twine check dist/*"):
-        print("twine check failed. Packages might be outdated.")
-        print("Try using `pip install -U twine wheel`.\nExiting.")
-        sys.exit()
-    os.system("twine upload dist/*")
-    print("You probably want to also tag the version now:")
-    print("  git tag -a %s -m 'version %s'" % (version, version))
-    print("  git push --tags")
-    shutil.rmtree('dist')
-    shutil.rmtree('build')
-    shutil.rmtree('djangorestframework.egg-info')
-    sys.exit()
-
-
-setup(
-    name='djangorestframework',
-    version=version,
-    url='https://www.django-rest-framework.org/',
-    license='BSD',
-    description='Web APIs for Django, made easy.',
-    long_description=read('README.md'),
-    long_description_content_type='text/markdown',
-    author='Tom Christie',
-    author_email='tom@tomchristie.com',  # SEE NOTE BELOW (*)
-    packages=find_packages(exclude=['tests*']),
-    include_package_data=True,
-    install_requires=["django>=4.2"],
-    python_requires=">=3.9",
-    zip_safe=False,
-    classifiers=[
-        'Development Status :: 5 - Production/Stable',
-        'Environment :: Web Environment',
-        'Framework :: Django',
-        'Framework :: Django :: 4.2',
-        'Framework :: Django :: 5.0',
-        'Framework :: Django :: 5.1',
-        'Framework :: Django :: 5.2',
-        'Intended Audience :: Developers',
-        'License :: OSI Approved :: BSD License',
-        'Operating System :: OS Independent',
-        'Programming Language :: Python',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.9',
-        'Programming Language :: Python :: 3.10',
-        'Programming Language :: Python :: 3.11',
-        'Programming Language :: Python :: 3.12',
-        'Programming Language :: Python :: 3.13',
-        'Programming Language :: Python :: 3 :: Only',
-        'Topic :: Internet :: WWW/HTTP',
-    ],
-    project_urls={
-        'Funding': 'https://fund.django-rest-framework.org/topics/funding/',
-        'Source': 'https://github.com/encode/django-rest-framework',
-        'Changelog': 'https://www.django-rest-framework.org/community/release-notes/',
-    },
-)
-
-# (*) Please direct queries to the discussion group, rather than to me directly
-#     Doing so helps ensure your question is helpful to other users.
-#     Queries directly to my email are likely to receive a canned response.
-#
-#     Many thanks for your understanding.

tests/authentication/test_authentication.py

@@ -81,6 +81,7 @@ urlpatterns = [
 @override_settings(ROOT_URLCONF=__name__)
 class BasicAuthTests(TestCase):
     """Basic authentication"""
+
     def setUp(self):
         self.csrf_client = APIClient(enforce_csrf_checks=True)
         self.username = 'john'
@@ -198,6 +199,7 @@ class BasicAuthTests(TestCase):
 @override_settings(ROOT_URLCONF=__name__)
 class SessionAuthTests(TestCase):
     """User session authentication"""
+
     def setUp(self):
         self.csrf_client = APIClient(enforce_csrf_checks=True)
         self.non_csrf_client = APIClient(enforce_csrf_checks=False)
@@ -418,6 +420,41 @@ class TokenAuthTests(BaseTokenAuthTests, TestCase):
         key = self.model.generate_key()
         assert isinstance(key, str)
 
+    def test_generate_key_returns_valid_format(self):
+        """Ensure generate_key returns a valid token format"""
+        key = self.model.generate_key()
+        assert len(key) == 40
+        # Should contain only valid hexadecimal characters
+        assert all(c in '0123456789abcdef' for c in key)
+
+    def test_generate_key_produces_unique_values(self):
+        """Ensure generate_key produces unique values across multiple calls"""
+        keys = set()
+        for _ in range(100):
+            key = self.model.generate_key()
+            assert key not in keys, f"Duplicate key generated: {key}"
+            keys.add(key)
+
+    def test_generate_key_collision_resistance(self):
+        """Test collision resistance with reasonable sample size"""
+        keys = set()
+        for _ in range(500):
+            key = self.model.generate_key()
+            assert key not in keys, f"Collision found: {key}"
+            keys.add(key)
+        assert len(keys) == 500, f"Expected 500 unique keys, got {len(keys)}"
+
+    def test_generate_key_randomness_quality(self):
+        """Test basic randomness properties of generated keys"""
+        keys = [self.model.generate_key() for _ in range(10)]
+        # Consecutive keys should be different
+        for i in range(len(keys) - 1):
+            assert keys[i] != keys[i + 1], "Consecutive keys should be different"
+        # Keys should not follow obvious patterns
+        for key in keys:
+            # Should not be all same character
+            assert not all(c == key[0] for c in key), f"Key has all same characters: {key}"
+
     def test_token_login_json(self):
         """Ensure token login view using JSON POST works."""
         client = APIClient(enforce_csrf_checks=True)
@@ -480,6 +517,7 @@ class IncorrectCredentialsTests(TestCase):
         authentication should run and error, even if no permissions
         are set on the view.
         """
+
         class IncorrectCredentialsAuth(BaseAuthentication):
             def authenticate(self, request):
                 raise exceptions.AuthenticationFailed('Bad credentials')
@@ -571,6 +609,7 @@ class BasicAuthenticationUnitTests(TestCase):
 
         class MockUser:
             is_active = False
+
         old_authenticate = authentication.authenticate
         authentication.authenticate = lambda **kwargs: MockUser()
         try:

tests/test_authtoken.py

@@ -5,6 +5,7 @@ import pytest
 from django.contrib.admin import site
 from django.contrib.auth.models import User
 from django.core.management import CommandError, call_command
+from django.db import IntegrityError
 from django.test import TestCase, modify_settings
 
 from rest_framework.authtoken.admin import TokenAdmin
@@ -48,6 +49,45 @@ class AuthTokenTests(TestCase):
         self.user.save()
         assert AuthTokenSerializer(data=data).is_valid()
 
+    def test_token_creation_collision_raises_integrity_error(self):
+        user2 = User.objects.create_user('user2', 'user2@example.com', 'p')
+        existing_token = Token.objects.create(user=user2)
+
+        # Try to create another token with the same key
+        with self.assertRaises(IntegrityError):
+            Token.objects.create(key=existing_token.key, user=self.user)
+
+    def test_key_generated_on_save_when_cleared(self):
+        # Create a new user for this test to avoid conflicts with setUp token
+        user2 = User.objects.create_user('test_user2', 'test2@example.com', 'password')
+
+        # Create a token without a key - it should generate one automatically
+        token = Token(user=user2)
+        token.key = ""  # Explicitly clear the key
+        token.save()
+
+        # Verify the key was generated
+        self.assertEqual(len(token.key), 40)
+        self.assertEqual(token.user, user2)
+
+    def test_clearing_key_on_existing_token_raises_integrity_error(self):
+        """Test that clearing the key on an existing token raises IntegrityError."""
+        user = User.objects.create_user('test_user3', 'test3@example.com', 'password')
+        token = Token.objects.create(user=user)
+        token.key = ""
+
+        # This should raise IntegrityError because:
+        # 1. We're trying to update a record with an empty primary key
+        # 2. The OneToOneField constraint would be violated
+        with self.assertRaises(Exception):  # Could be IntegrityError or DatabaseError
+            token.save()
+
+    def test_saving_existing_token_without_changes_does_not_alter_key(self):
+        original_key = self.token.key
+
+        self.token.save()
+        self.assertEqual(self.token.key, original_key)
+
 
 class AuthTokenCommandTests(TestCase):
 

tests/test_decorators.py

@@ -6,9 +6,11 @@ from django.test import TestCase
 from rest_framework import status
 from rest_framework.authentication import BasicAuthentication
 from rest_framework.decorators import (
-    action, api_view, authentication_classes, parser_classes,
-    permission_classes, renderer_classes, schema, throttle_classes
+    action, api_view, authentication_classes, content_negotiation_class,
+    metadata_class, parser_classes, permission_classes, renderer_classes,
+    schema, throttle_classes, versioning_class
 )
+from rest_framework.negotiation import BaseContentNegotiation
 from rest_framework.parsers import JSONParser
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.renderers import JSONRenderer
@@ -16,6 +18,7 @@ from rest_framework.response import Response
 from rest_framework.schemas import AutoSchema
 from rest_framework.test import APIRequestFactory
 from rest_framework.throttling import UserRateThrottle
+from rest_framework.versioning import QueryParameterVersioning
 from rest_framework.views import APIView
 
 
@@ -150,6 +153,43 @@ class DecoratorTestCase(TestCase):
         response = view(request)
         assert response.status_code == status.HTTP_429_TOO_MANY_REQUESTS
 
+    def test_versioning_class(self):
+        @api_view(["GET"])
+        @versioning_class(QueryParameterVersioning)
+        def view(request):
+            return Response({"version": request.version})
+
+        request = self.factory.get("/?version=1.2.3")
+        response = view(request)
+        assert response.data == {"version": "1.2.3"}
+
+    def test_metadata_class(self):
+        # From TestMetadata.test_none_metadata()
+        @api_view()
+        @metadata_class(None)
+        def view(request):
+            return Response({})
+
+        request = self.factory.options('/')
+        response = view(request)
+        assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED
+        assert response.data == {'detail': 'Method "OPTIONS" not allowed.'}
+
+    def test_content_negotiation(self):
+        class CustomContentNegotiation(BaseContentNegotiation):
+            def select_renderer(self, request, renderers, format_suffix):
+                assert request.META['HTTP_ACCEPT'] == 'custom/type'
+                return (renderers[0], renderers[0].media_type)
+
+        @api_view(["GET"])
+        @content_negotiation_class(CustomContentNegotiation)
+        def view(request):
+            return Response({})
+
+        request = self.factory.get('/', HTTP_ACCEPT='custom/type')
+        response = view(request)
+        assert response.status_code == status.HTTP_200_OK
+
     def test_schema(self):
         """
         Checks CustomSchema class is set on view

tests/test_fields.py

@@ -9,13 +9,9 @@ from enum import auto
 from unittest.mock import patch
 from zoneinfo import ZoneInfo
 
+import django
 import pytest
-
-try:
-    import pytz
-except ImportError:
-    pytz = None
-
+import pytz
 from django.core.exceptions import ValidationError as DjangoValidationError
 from django.db.models import IntegerChoices, TextChoices
 from django.http import QueryDict
@@ -1624,7 +1620,10 @@ class TestCustomTimezoneForDateTimeField(TestCase):
         assert rendered_date == rendered_date_in_timezone
 
 
-@pytest.mark.skipif(pytz is None, reason="Django 5.0 has removed pytz; this test should eventually be able to get removed.")
+@pytest.mark.skipif(
+    condition=django.VERSION >= (5,),
+    reason="Django 5.0 has removed pytz; this test should eventually be able to get removed.",
+)
 class TestPytzNaiveDayLightSavingTimeTimeZoneDateTimeField(FieldValues):
     """
     Invalid values for `DateTimeField` with datetime in DST shift (non-existing or ambiguous) and timezone with DST.
@@ -1638,16 +1637,15 @@ class TestPytzNaiveDayLightSavingTimeTimeZoneDateTimeField(FieldValues):
     }
     outputs = {}
 
-    if pytz:
-        class MockTimezone(pytz.BaseTzInfo):
-            @staticmethod
-            def localize(value, is_dst):
-                raise pytz.InvalidTimeError()
+    class MockTimezone(pytz.BaseTzInfo):
+        @staticmethod
+        def localize(value, is_dst):
+            raise pytz.InvalidTimeError()
 
-            def __str__(self):
-                return 'America/New_York'
+        def __str__(self):
+            return 'America/New_York'
 
-        field = serializers.DateTimeField(default_timezone=MockTimezone())
+    field = serializers.DateTimeField(default_timezone=MockTimezone())
 
 
 @patch('rest_framework.utils.timezone.datetime_ambiguous', return_value=True)
@@ -1772,9 +1770,69 @@ class TestDurationField(FieldValues):
     }
     field = serializers.DurationField()
 
+    def test_invalid_format(self):
+        with pytest.raises(ValueError) as exc_info:
+            serializers.DurationField(format='unknown')
+        assert str(exc_info.value) == (
+            "Unknown duration format provided, got 'unknown'"
+            " while expecting 'django', 'iso-8601' or `None`."
+        )
+        with pytest.raises(TypeError) as exc_info:
+            serializers.DurationField(format=123)
+        assert str(exc_info.value) == (
+            "duration format must be either str or `None`, not int"
+        )
+
+    def test_invalid_format_in_config(self):
+        field = serializers.DurationField()
+
+        with override_settings(REST_FRAMEWORK={'DURATION_FORMAT': 'unknown'}):
+            with pytest.raises(ValueError) as exc_info:
+                field.to_representation(datetime.timedelta(days=1))
+
+        assert str(exc_info.value) == (
+            "Unknown duration format provided, got 'unknown'"
+            " while expecting 'django', 'iso-8601' or `None`."
+        )
+        with override_settings(REST_FRAMEWORK={'DURATION_FORMAT': 123}):
+            with pytest.raises(TypeError) as exc_info:
+                field.to_representation(datetime.timedelta(days=1))
+        assert str(exc_info.value) == (
+            "duration format must be either str or `None`, not int"
+        )
+
+
+class TestNoOutputFormatDurationField(FieldValues):
+    """
+    Values for `DurationField` with a no output format.
+    """
+    valid_inputs = {}
+    invalid_inputs = {}
+    outputs = {
+        datetime.timedelta(1): datetime.timedelta(1)
+    }
+    field = serializers.DurationField(format=None)
+
+
+class TestISOOutputFormatDurationField(FieldValues):
+    """
+    Values for `DurationField` with a custom output format.
+    """
+    valid_inputs = {
+        '13': datetime.timedelta(seconds=13),
+        'P3DT08H32M01.000123S': datetime.timedelta(days=3, hours=8, minutes=32, seconds=1, microseconds=123),
+        'PT8H1M': datetime.timedelta(hours=8, minutes=1),
+        '-P999999999D': datetime.timedelta(days=-999999999),
+        'P999999999D': datetime.timedelta(days=999999999)
+    }
+    invalid_inputs = {}
+    outputs = {
+        datetime.timedelta(days=3, hours=8, minutes=32, seconds=1, microseconds=123): 'P3DT08H32M01.000123S'
+    }
+    field = serializers.DurationField(format='iso-8601')
+
 
 # Choice types...
-
 class TestChoiceField(FieldValues):
     """
     Valid and invalid values for `ChoiceField`.

tests/test_testing.py

@@ -17,6 +17,7 @@ from rest_framework.response import Response
 from rest_framework.test import (
     APIClient, APIRequestFactory, URLPatternsTestCase, force_authenticate
 )
+from rest_framework.views import APIView
 
 
 @api_view(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'])
@@ -294,6 +295,28 @@ class TestAPIRequestFactory(TestCase):
         assert response.status_code == 403
         assert response.data == expected
 
+    def test_transform_factory_django_request_to_drf_request(self):
+        """
+        ref: GH-3608, GH-4440 & GH-6488.
+        """
+
+        factory = APIRequestFactory()
+
+        class DummyView(APIView):  # Your custom view.
+            ...
+
+        request = factory.get('/', {'demo': 'test'})
+        drf_request = DummyView().initialize_request(request)
+        assert drf_request.query_params == {'demo': ['test']}
+
+        assert hasattr(drf_request, 'accepted_media_type') is False
+        DummyView().initial(drf_request)
+        assert drf_request.accepted_media_type == 'application/json'
+
+        request = factory.post('/', {'example': 'test'})
+        drf_request = DummyView().initialize_request(request)
+        assert drf_request.data.get('example') == 'test'
+
     def test_invalid_format(self):
         """
         Attempting to use a format that is not configured will raise an

tests/test_validators.py

@@ -516,6 +516,43 @@ class TestUniquenessTogetherValidation(TestCase):
         validator.filter_queryset(attrs=data, queryset=queryset, serializer=serializer)
         assert queryset.called_with == {'race_name': 'bar', 'position': 1}
 
+    def test_uniq_together_validation_uses_model_fields_method_field(self):
+        class TestSerializer(serializers.ModelSerializer):
+            position = serializers.SerializerMethodField()
+
+            def get_position(self, obj):
+                return obj.position or 0
+
+            class Meta:
+                model = NullUniquenessTogetherModel
+                fields = ['race_name', 'position']
+
+        serializer = TestSerializer()
+        expected = dedent("""
+            TestSerializer():
+                race_name = CharField(max_length=100)
+                position = SerializerMethodField()
+        """)
+        assert repr(serializer) == expected
+
+    def test_uniq_together_validation_uses_model_fields_with_source_field(self):
+        class TestSerializer(serializers.ModelSerializer):
+            pos = serializers.IntegerField(source='position')
+
+            class Meta:
+                model = NullUniquenessTogetherModel
+                fields = ['race_name', 'pos']
+
+        serializer = TestSerializer()
+        expected = dedent("""
+            TestSerializer():
+                race_name = CharField(max_length=100, required=True)
+                pos = IntegerField(source='position')
+                class Meta:
+                    validators = [<UniqueTogetherValidator(queryset=NullUniquenessTogetherModel.objects.all(), fields=('race_name', 'pos'))>]
+        """)
+        assert repr(serializer) == expected
+
 
 class UniqueConstraintModel(models.Model):
     race_name = models.CharField(max_length=100)
@@ -552,6 +589,21 @@ class UniqueConstraintModel(models.Model):
         ]
 
 
+class UniqueConstraintReadOnlyFieldModel(models.Model):
+    state = models.CharField(max_length=100, default="new")
+    position = models.IntegerField()
+    something = models.IntegerField()
+
+    class Meta:
+        constraints = [
+            models.UniqueConstraint(
+                name="unique_constraint_%(class)s",
+                fields=("position", "something"),
+                condition=models.Q(state="new"),
+            ),
+        ]
+
+
 class UniqueConstraintNullableModel(models.Model):
     title = models.CharField(max_length=100)
     age = models.IntegerField(null=True)
@@ -701,6 +753,31 @@ class TestUniqueConstraintValidation(TestCase):
         )
         assert serializer.is_valid()
 
+    def test_uniq_constraint_condition_read_only_create(self):
+        class UniqueConstraintReadOnlyFieldModelSerializer(serializers.ModelSerializer):
+            class Meta:
+                model = UniqueConstraintReadOnlyFieldModel
+                read_only_fields = ("state",)
+                fields = ("position", "something", *read_only_fields)
+        serializer = UniqueConstraintReadOnlyFieldModelSerializer(
+            data={"position": 1, "something": 1}
+        )
+        assert serializer.is_valid()
+
+    def test_uniq_constraint_condition_read_only_partial(self):
+        class UniqueConstraintReadOnlyFieldModelSerializer(serializers.ModelSerializer):
+            class Meta:
+                model = UniqueConstraintReadOnlyFieldModel
+                read_only_fields = ("state",)
+                fields = ("position", "something", *read_only_fields)
+        instance = UniqueConstraintReadOnlyFieldModel.objects.create(position=1, something=1)
+        serializer = UniqueConstraintReadOnlyFieldModelSerializer(
+            instance=instance,
+            data={"position": 1, "something": 1},
+            partial=True
+        )
+        assert serializer.is_valid()
+
 
 # Tests for `UniqueForDateValidator`
 # ----------------------------------

tox.ini

@@ -1,8 +1,8 @@
 [tox]
 envlist =
        {py39}-{django42}
-       {py310}-{django42,django51,django52,djangomain}
-       {py311}-{django42,django51,django52,djangomain}
+       {py310}-{django42,django51,django52}
+       {py311}-{django42,django51,django52}
        {py312}-{django42,django51,django52,djangomain}
        {py313}-{django51,django52,djangomain}
        base
@@ -45,12 +45,6 @@ deps =
        -rrequirements/requirements-testing.txt
        -rrequirements/requirements-documentation.txt
 
-[testenv:py310-djangomain]
-ignore_outcome = true
-
-[testenv:py311-djangomain]
-ignore_outcome = true
-
 [testenv:py312-djangomain]
 ignore_outcome = true