[Security] Bump djangorestframework from 3.6.2 to 3.11.2

[dependabot-preview]

Bumps djangorestframework from 3.6.2 to 3.11.2. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Cross-site Scripting (XSS) in Django REST Framework A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious

Affected versions: < 3.11.2

Release notes

Sourced from djangorestframework's releases.

Version 3.9.3

This is the last Django REST Framework release that will support Python 2. Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10.

• Adjusted the compat check for django-guardian to allow the last guardian version (v1.4.9) compatible with Python 2. #6613

Version 3.9.2

See Release Notes for details.

Version 3.9.1

Change Notes: https://www.django-rest-framework.org/community/release-notes/#39x-series

Verision 3.9.0

Release announcement: https://www.django-rest-framework.org/community/3.9-announcement/

Change Notes: https://www.django-rest-framework.org/community/release-notes/#39x-series

Version 3.8.2

Point release for 3.8.x series

• Fix read_only + default unique_together validation. #5922
• authtoken.views import coreapi from rest_framework.compat, not directly. #5921
• Docs: Add missing argument 'detail' to Route #5920

Version 3.8.1

• Use old url_name behavior in route decorators #5915

  For list_route and detail_route maintain the old behavior of url_name, basing it on the url_path instead of the function name.

Version 3.8

• Release Announcement

• 3.8.0 Milestone

• Breaking Change: Alter read_only plus default behaviour. #5886

  read_only fields will now always be excluded from writable fields.

  Previously read_only fields with a default value would use the default for create and update operations.

  In order to maintain the old behaviour you may need to pass the value of read_only fields when calling save() in the view:

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)
  

... (truncated)

Commits

• 4121b01 Deprecate urlize_quoted_links in favor of Django's built-in urlize
• f3d9d68 Version 3.11.1
• eb2c4c2 Version 3.11.1
• de497a9 Version 3.11 (#7083)
• 3c1428f Fix NotImplementedError for Field.to_internal_value and Field.to_representati...
• b8c369c Fix serializer multiple inheritance bug (#6980)
• 7c54596 Declare Django versions in install_requires (#7063)
• 236667b Fix UniqueTogetherValidator with field sources (#7086)
• f744da7 Improve the docstring on @action (#6951)
• de9f1d5 Followup to set_context removal (#7076)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)