Week ending 2025-05-18 (Week 20)

Triaged

• https://code.djangoproject.com/ticket/36385 - Simplify implementation of filtering in QuerySet. (accepted)
• https://code.djangoproject.com/ticket/36391 - Document RawSQL on “Performing raw SQL queries” page (accepted)
• https://code.djangoproject.com/ticket/36397 - Syndication Feed Server ignores ‘Last-Modified’ date (Debian#926074) (invalid)

Reviewed

• https://github.com/django/django/pull/19458 - Fixed #36383 – Improved migration serialization of partial objects.
• https://github.com/django/django/pull/19428 - Update contributing docs for new feature ideas
• https://github.com/django/django/pull/18914 - Fixed #35829 – Updated admin icons using Font Awesome Free version 6.7.2.
• https://github.com/django/django/pull/19467 - Fixed incorrect spacing in docs/ref/contrib/postgres/fields.txt.
• https://github.com/django/django/pull/19450 - Refs #34488 – Fixed file path for ClearableFileInput selenium tests.
• https://github.com/django/django/pull/19456 - Refs #35784 – Extended RedirectView to preserve the original HTTP method with status codes 307 and 308.
• https://github.com/django/django/pull/19470 - Refs #35844 – Skipped selenium and geoip2 requirement in Windows for Python 3.14+.
• https://github.com/django/django/pull/18494 – Fixed #25706 – Removed inline JS from openlayers templates.
  • This is a soft prerequisite for the CSP work.

Authored

• https://github.com/django/django/pull/19462 - Refs #35844 – Skipped argon2-cffi requirement in Windows for Python 3.14+.

Other/Misc

• Security reports analysis and triage.
• Monthly Ops call.
• Represented Django in application for GitHub Secure Open Source Fund.
• Started my deep dive on CSP, with the goal to merge this new feature in 6.0 in the incoming weeks. Thank you Rob for your patience!
  • Read various discussions (Proposal to merge django-csp into contrib, GSOC 2023 Discussion on Security: Bring CORS and CSP into core).
  • Investigated related tickets (Move JavaScript calls out of HTML to fix JavaScript “no-script-eval” warnings, Support CSP default-src ‘self’ on Django Admin GIS)
  • Reviewed related but closed PRs (https://github.com/django/django/pull/3550, https://github.com/django/django/pull/5776, https://github.com/django/django/pull/16864)