Bump djangorestframework from 0.2.3 to 3.9.1

[dependabot]

Bumps djangorestframework from 0.2.3 to 3.9.1.

Release notes

Sourced from djangorestframework's releases.

Version 3.9.1

Change Notes:
https://www.django-rest-framework.org/community/release-notes/#39x-series

Verision 3.9.0

Release announcement:
https://www.django-rest-framework.org/community/3.9-announcement/

Change Notes:
https://www.django-rest-framework.org/community/release-notes/#39x-series

Version 3.8.2

Point release for 3.8.x series

• Fix read_only + default unique_together validation. #5922
• authtoken.views import coreapi from rest_framework.compat, not directly. #5921
• Docs: Add missing argument 'detail' to Route #5920

Version 3.8.1

• Use old url_name behavior in route decorators #5915

  For list_route and detail_route maintain the old behavior of url_name,
  basing it on the url_path instead of the function name.

Version 3.8

• Release Announcement

• 3.8.0 Milestone

• Breaking Change: Alter read_only plus default behaviour. #5886

  read_only fields will now always be excluded from writable fields.

  Previously read_only fields with a default value would use the default for create and update operations.

  In order to maintain the old behaviour you may need to pass the value of read_only fields when calling save() in
  the view:

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)
  

  Alternatively you may override save() or create() or update() on the serialiser as appropriate.

• Correct allow_null behaviour when required=False #5888

  Without an explicit default, allow_null implies a default of null for outgoing serialisation. Previously such
  fields were being skipped when read-only or otherwise not required.

  Possible backwards compatibility break if you were relying on such fields being excluded from the outgoing
  representation. In order to restore the old behaviour you can override data to exclude the field when None.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #7.