feat(django): Upgrade to 5.0 (#10409)

* feat(django): Upgrade to 5.0

* Remove obsolete code

* Fix RemovedInDjango60Warning for FORMS_URLFIELD_ASSUME_HTTPS

* fix(multiselectfield): Use original repo

* Upgrade to 5.0.8

dojo/settings/.settings.dist.py.sha256sum

@@ -1 +1 @@
-4483a2efbe3cf1bf1c96c333f9bfc65ffe82a2fb20ed86eb4c4f6726cf41fa94
+81ef49c46f69020055ab669af49da8926b2a5e6d65d6355b98a8f51d53a7713b

dojo/settings/settings.dist.py

@@ -1748,11 +1748,21 @@ def saml2_attrib_map_format(dict):
 warnings.filterwarnings("ignore", message="polymorphic.base.ManagerInheritanceWarning.*")
 warnings.filterwarnings("ignore", message="PolymorphicModelBase._default_manager.*")
 
-# This setting is here to override default renderer of forms (use div-based, instred of table-based).
-# It has effect only on templates that use "{{ form }}" in the body. Only "Delete forms" now.
-# The setting is here to avoid RemovedInDjango50Warning. It is here only for transition period.
-# TODO - Remove this setting in Django 5.0 because DjangoDivFormRenderer will become deprecated and the same class will be used by default DjangoTemplates.
-# More info:
-# - https://docs.djangoproject.com/en/4.1/ref/forms/renderers/#django.forms.renderers.DjangoTemplates
-# - https://docs.djangoproject.com/en/5.0/ref/forms/renderers/#django.forms.renderers.DjangoTemplates
-FORM_RENDERER = "django.forms.renderers.DjangoDivFormRenderer"
+
+# The setting is here to avoid RemovedInDjango60Warning. It is here only for transition period.
+# TODO - Remove this setting in Django 6.0
+# TODO More info:
+# Context:
+# uwsgi-1  |   File "/app/dojo/forms.py", line 515, in ImportScanForm
+# uwsgi-1  |     source_code_management_uri = forms.URLField(max_length=600, required=False, help_text="Resource link to source code")
+# uwsgi-1  |                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+# uwsgi-1  |   File "/usr/local/lib/python3.11/site-packages/django/forms/fields.py", line 769, in __init__
+# uwsgi-1  |     warnings.warn(
+# uwsgi-1  | django.utils.deprecation.RemovedInDjango60Warning: The default scheme will be changed from 'http' to 'https' in Django 6.0. Pass the forms.URLField.assume_scheme argument to silence this warning, or set the FORMS_URLFIELD_ASSUME_HTTPS transitional setting to True to opt into using 'https' as the new default scheme.
+# +
+# uwsgi-1  |   File "/usr/local/lib/python3.11/site-packages/django/conf/__init__.py", line 214, in __init__
+# uwsgi-1  |     warnings.warn(
+# uwsgi-1  | django.utils.deprecation.RemovedInDjango60Warning: The FORMS_URLFIELD_ASSUME_HTTPS transitional setting is deprecated.
+warnings.filterwarnings("ignore", "The FORMS_URLFIELD_ASSUME_HTTPS transitional setting is deprecated.")
+FORMS_URLFIELD_ASSUME_HTTPS = True
+# Inspired by https://adamj.eu/tech/2023/12/07/django-fix-urlfield-assume-scheme-warnings/

requirements.txt

@@ -21,7 +21,7 @@ django-slack==5.19.0
 git+https://github.com/DefectDojo/django-tagging@develop#egg=django-tagging
 django-watson==1.6.3
 django-prometheus==2.3.1
-Django==4.2.14
+Django==5.0.8
 djangorestframework==3.15.2
 html2text==2024.2.26
 humanize==4.10.0