Skip to content

chore(deps): bump wagtail from 7.2.3 to 7.3.2 in /requirements#217

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/requirements/wagtail-7.3.2
Open

chore(deps): bump wagtail from 7.2.3 to 7.3.2 in /requirements#217
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/requirements/wagtail-7.3.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps wagtail from 7.2.3 to 7.3.2.

Release notes

Sourced from wagtail's releases.

7.3.2

  • Security fix: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
  • Security fix: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
  • Security fix: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
  • Security fix: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
  • Security fix: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
  • Fix: Use protocol-relative URLs in the userbar for compatibility with environments where Django does not detect the protocol (Sage Abdullah)
  • Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
  • Fix: Avoid creating a new editing session when updating UI elements after an autosave (Sage Abdullah)
  • Fix: Group audit log entries for autosave operations in page history view (Sage Abdullah)
  • Fix: Retain page explorer header buttons when searching or filtering (Sage Abdullah)
  • Fix: Correctly escape the sizes attribute in responsive image template tags (Jake Howard)
  • Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
  • Fix: Pause SessionController pings during autosave to prevent conflict notification with own session (Sage Abdullah)
  • Fix: Ensure live preview does not get stuck when edits occur during an in-progress update (Aniket Singh)
  • Fix: Ensure only one autosave request can happen at a time to prevent incorrect conflict notifications with the current session (Sage Abdullah)
  • Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)

7.3.1

  • Fix: CVE-2026-28222: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes (Guan Chenxian, Matt Westcott)
  • Fix: CVE-2026-28223: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface (Guan Chenxian, Matt Westcott)
  • Fix: Update dependencies to allow django-modelsearch 1.2 and django-tasks 0.11
  • Fix: Fix duplicate inline panel items when editing snippets with autosave enabled (Sage Abdullah)
  • Fix: Prevent dropdowns from closing after a successful autosave (Sage Abdullah)
  • Fix: Show placeholder image icons when image upload previews fail (Collins Kubu)
  • Fix: Ensure that 'create' form within choosers is not hidden on validation errors (Ankit Chaudhary)
  • Maintenance: Update semgrep to 1.150.0 (Pravin Kamble)

7.3

  • Add support for Django 6.0
  • Resize overly large avatar images on upload (Harshit Ranjan)
  • Add natural keys for Page and Collection models (Samya Aggarwal)
  • Add Loom oEmbed provider (Nick Ivons)
  • Add ModelViewSet.pk_path_converter with defaults for IntegerField and UUIDField primary keys (Seb Corbin)
  • Improve accessibility for sidebar menu with visual active (expanded) menu item indicators (Vignesh Shivhare)
  • Add before_edit_setting / after_edit_setting hooks (Baptiste Mispelon)
  • Lower default AVIF encoding quality from 80 to 73 (Thibaud Colas)
  • Provide a structured rendering of StreamBlock in comparison view (Taras Panasiuk)
  • Add support for settings and custom block layouts for StructBlock (Sage Abdullah)
  • Add llms.txt versions of the developer documentation and Wagtail user guide (Thibaud Colas)
  • Lower default JPEG and AVIF image quality settings to provide consistent perceptual quality between formats (Thibaud Colas)
  • Add support for custom content checks with client-side registration (Thibaud Colas)
  • Initial support for autosave (Matt Westcott, Sage Abdullah)
  • Fix: Do not try to resolve locale during fixture load (Jake Howard, Seb Corbin)
  • Fix: Gracefully handle oEmbed responses with a non-200 status or missing type (Shivam Kumar, Bhavesh Sharma)
  • Fix: Keep action button labelled as "Publish" rather than "Schedule to publish" if go-live date has passed (Vishrut Ramraj)
  • Fix: Pass accumulated icons to each register_icons hook (Joey Jurjens, Sage Abdullah)
  • Fix: Skip revisions that are missing the specified field in StreamField migrations (Joshua Munn)
  • Fix: Preserve listing search and filter parameters when redirecting from bulk actions (Sage Abdullah)
  • Fix: Ensure that object references within TypedTableBlock are counted in the reference index (Aman Bora)

... (truncated)

Changelog

Sourced from wagtail's changelog.

7.3.2 (05.05.2026)


 * Fix: CVE-2026-44197: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
 * Fix: CVE-2026-44198: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
 * Fix: CVE-2026-44199: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
 * Fix: CVE-2026-44200: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
 * Fix: CVE-2026-44201: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
 * Fix: Use protocol-relative URLs in the userbar for compatibility with environments where Django does not detect the protocol (Sage Abdullah)
 * Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
 * Fix: Avoid creating a new editing session when updating UI elements after an autosave (Sage Abdullah)
 * Fix: Group audit log entries for autosave operations in page history view (Sage Abdullah)
 * Fix: Retain page explorer header buttons when searching or filtering (Sage Abdullah)
 * Fix: Correctly escape the `sizes` attribute in responsive image template tags (Jake Howard)
 * Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
 * Fix: Pause SessionController pings during autosave to prevent conflict notification with own session (Sage Abdullah)
 * Fix: Ensure live preview does not get stuck when edits occur during an in-progress update (Aniket Singh)
 * Fix: Ensure only one autosave request can happen at a time to prevent incorrect conflict notifications with the current session (Sage Abdullah)
 * Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)

7.3.1 (03.03.2026)

  • Fix: CVE-2026-28222: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes (Guan Chenxian, Matt Westcott)
  • Fix: CVE-2026-28223: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface (Guan Chenxian, Matt Westcott)
  • Fix: Update dependencies to allow django-modelsearch 1.2 and django-tasks 0.11
  • Fix: Fix duplicate inline panel items when editing snippets with autosave enabled (Sage Abdullah)
  • Fix: Prevent dropdowns from closing after a successful autosave (Sage Abdullah)
  • Fix: Show placeholder image icons when image upload previews fail (Collins Kubu)
  • Fix: Ensure that 'create' form within choosers is not hidden on validation errors (Ankit Chaudhary)
  • Maintenance: Update semgrep to 1.150.0 (Pravin Kamble)

7.3 (03.02.2026)


 * Add support for Django 6.0
 * Resize overly large avatar images on upload (Harshit Ranjan)
 * Add natural keys for `Page` and `Collection` models (Samya Aggarwal)
 * Add Loom oEmbed provider (Nick Ivons)
 * Add `ModelViewSet.pk_path_converter` with defaults for `IntegerField` and `UUIDField` primary keys (Seb Corbin)
 * Improve accessibility for sidebar menu with visual active (expanded) menu item indicators (Vignesh Shivhare)
 * Add `before_edit_setting` / `after_edit_setting` hooks (Baptiste Mispelon)
 * Lower default AVIF encoding quality from 80 to 73 (Thibaud Colas)
 * Provide a structured rendering of `StreamBlock` in comparison view (Taras Panasiuk)
 * Add support for settings and custom block layouts for StructBlock (Sage Abdullah)
 * Add llms.txt versions of the developer documentation and Wagtail user guide (Thibaud Colas)
 * Lower default JPEG and AVIF image quality settings to provide consistent perceptual quality between formats (Thibaud Colas)
 * Add support for custom content checks with client-side registration (Thibaud Colas)
 * Initial support for autosave (Matt Westcott, Sage Abdullah)
</tr></table>

... (truncated)

Commits
  • e6a58de Update Wagtail dependency in project template
  • 9934e4c ruff format
  • 1c74ccc Version bump to 7.3.2 final
  • 7683d65 Release notes for security fixes in 7.3.2
  • 44cbc72 Fix permission check on creating alias
  • 6245866 Fix permission handling on page copy
  • adbe3b3 Exclude view-restricted collections from document and images API
  • 8613e18 Only support deleting form submissions for the chosen page
  • 195f0cf Add test
  • 37b0be8 Check object permissions in PageHistoryView
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump wagtail from 7.2.3 to 7.3.2 in /requirements
8bcfabe 
Bumps [wagtail](https://github.com/wagtail/wagtail) from 7.2.3 to 7.3.2.
- [Release notes](https://github.com/wagtail/wagtail/releases)
- [Changelog](https://github.com/wagtail/wagtail/blob/main/CHANGELOG.txt)
- [Commits](wagtail/wagtail@v7.2.3...v7.3.2)

---
updated-dependencies:
- dependency-name: wagtail
  dependency-version: 7.3.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants