encode
diff --git a/‎.github/workflows/main.yml
Lines changed: 11 additions & 5 deletions b/‎.github/workflows/main.yml
Lines changed: 11 additions & 5 deletions
diff --git a/‎.github/workflows/pre-commit.yml
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/pre-commit.yml
Lines changed: 5 additions & 5 deletions
diff --git a/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion b/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md
Lines changed: 1 addition & 1 deletion b/‎README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/api-guide/authentication.md
Lines changed: 1 addition & 1 deletion b/‎docs/api-guide/authentication.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/api-guide/exceptions.md
Lines changed: 2 additions & 3 deletions b/‎docs/api-guide/exceptions.md
Lines changed: 2 additions & 3 deletions
diff --git a/‎docs/api-guide/fields.md
Lines changed: 4 additions & 4 deletions b/‎docs/api-guide/fields.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎docs/api-guide/filtering.md
Lines changed: 2 additions & 2 deletions b/‎docs/api-guide/filtering.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/api-guide/pagination.md
Lines changed: 2 additions & 2 deletions b/‎docs/api-guide/pagination.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/api-guide/parsers.md
Lines changed: 1 addition & 1 deletion b/‎docs/api-guide/parsers.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/api-guide/permissions.md
Lines changed: 5 additions & 4 deletions b/‎docs/api-guide/permissions.md
Lines changed: 5 additions & 4 deletions
diff --git a/‎docs/api-guide/reverse.md
Lines changed: 2 additions & 2 deletions b/‎docs/api-guide/reverse.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/api-guide/routers.md
Lines changed: 14 additions & 1 deletion b/‎docs/api-guide/routers.md
Lines changed: 14 additions & 1 deletion
diff --git a/‎docs/api-guide/serializers.md
Lines changed: 3 additions & 3 deletions b/‎docs/api-guide/serializers.md
Lines changed: 3 additions & 3 deletions
@@ -24,7 +24,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-    - uses: actions/setup-python@v3
+    - uses: actions/setup-python@v4
       with:
         python-version: ${{ matrix.python-version }}
         cache: 'pip'
@@ -34,18 +34,24 @@ jobs:
       run: python -m pip install --upgrade pip setuptools virtualenv wheel
 
     - name: Install dependencies
-      run: python -m pip install --upgrade codecov tox tox-py
+      run: python -m pip install --upgrade codecov tox
+
+    - name: Install tox-py
+      if: ${{ matrix.python-version == '3.6' }}
+      run: python -m pip install --upgrade tox-py
+
+    - name: Run tox targets for ${{ matrix.python-version }}
+      if: ${{ matrix.python-version != '3.6' }}
+      run: tox run -f py$(echo ${{ matrix.python-version }} | tr -d .)
 
     - name: Run tox targets for ${{ matrix.python-version }}
+      if: ${{ matrix.python-version == '3.6' }}
       run: tox --py current
 
     - name: Run extra tox targets
       if: ${{ matrix.python-version == '3.9' }}
       run: |
-        python setup.py bdist_wheel
-        rm -r djangorestframework.egg-info  # see #6139
         tox -e base,dist,docs
-        tox -e dist --installpkg ./dist/djangorestframework-*.whl
 
     - name: Upload coverage
       run: |
 
@@ -8,17 +8,17 @@ on:
 
 jobs:
   pre-commit:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: "3.10"
 
-      - uses: pre-commit/action@v2.0.0
+      - uses: pre-commit/action@v3.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -9,7 +9,7 @@ repos:
   - id: check-symlinks
   - id: check-toml
 - repo: https://github.com/pycqa/isort
-  rev: 5.8.0
+  rev: 5.12.0
   hooks:
   - id: isort
 - repo: https://github.com/PyCQA/flake8
 
@@ -55,7 +55,7 @@ There is a live example API for testing purposes, [available here][sandbox].
 # Requirements
 
 * Python 3.6+
-* Django 4.1, 4.0, 3.2, 3.1, 3.0
+* Django 4.2, 4.1, 4.0, 3.2, 3.1, 3.0
 
 We **highly recommend** and only officially support the latest patch release of
 each Python and Django series.
 
@@ -414,7 +414,7 @@ The [HawkREST][hawkrest] library builds on the [Mohawk][mohawk] library to let y
 
 ## HTTP Signature Authentication
 
-HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a way to achieve origin authentication and message integrity for HTTP messages. Similar to [Amazon's HTTP Signature scheme][amazon-http-signature], used by many of its services, it permits stateless, per-request authentication. [Elvio Toccalino][etoccalino] maintains the [djangorestframework-httpsignature][djangorestframework-httpsignature] (outdated) package which provides an easy to use HTTP Signature Authentication mechanism. You can use the updated fork version of [djangorestframework-httpsignature][djangorestframework-httpsignature], which is [drf-httpsig][drf-httpsig].
+HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a way to achieve origin authentication and message integrity for HTTP messages. Similar to [Amazon's HTTP Signature scheme][amazon-http-signature], used by many of its services, it permits stateless, per-request authentication. [Elvio Toccalino][etoccalino] maintains the [djangorestframework-httpsignature][djangorestframework-httpsignature] (outdated) package which provides an easy-to-use HTTP Signature Authentication mechanism. You can use the updated fork version of [djangorestframework-httpsignature][djangorestframework-httpsignature], which is [drf-httpsig][drf-httpsig].
 
 ## Djoser
 
 
@@ -179,7 +179,7 @@ By default this exception results in a response with the HTTP status code "403 F
 
 **Signature:** `NotFound(detail=None, code=None)`
 
-Raised when a resource does not exists at the given URL. This exception is equivalent to the standard `Http404` Django exception.
+Raised when a resource does not exist at the given URL. This exception is equivalent to the standard `Http404` Django exception.
 
 By default this exception results in a response with the HTTP status code "404 Not Found".
 
@@ -217,11 +217,10 @@ By default this exception results in a response with the HTTP status code "429 T
 
 ## ValidationError
 
-**Signature:** `ValidationError(detail, code=None)`
+**Signature:** `ValidationError(detail=None, code=None)`
 
 The `ValidationError` exception is slightly different from the other `APIException` classes:
 
-* The `detail` argument is mandatory, not optional.
 * The `detail` argument may be a list or dictionary of error details, and may also be a nested data structure. By using a dictionary, you can specify field-level errors while performing object-level validation in the `validate()` method of a serializer. For example. `raise serializers.ValidationError({'name': 'Please enter a valid name.'})`
 * By convention you should import the serializers module and use a fully qualified `ValidationError` style, in order to differentiate it from Django's built-in validation error. For example. `raise serializers.ValidationError('This field must be an integer value.')`
 
 
@@ -251,7 +251,7 @@ Corresponds to `django.forms.fields.IPAddressField` and `django.forms.fields.Gen
 
 **Signature**: `IPAddressField(protocol='both', unpack_ipv4=False, **options)`
 
-* `protocol` Limits valid inputs to the specified protocol. Accepted values are 'both' (default), 'IPv4' or 'IPv6'. Matching is case insensitive.
+* `protocol` Limits valid inputs to the specified protocol. Accepted values are 'both' (default), 'IPv4' or 'IPv6'. Matching is case-insensitive.
 * `unpack_ipv4` Unpacks IPv4 mapped addresses like ::ffff:192.0.2.1. If this option is enabled that address would be unpacked to 192.0.2.1. Default is disabled. Can only be used when protocol is set to 'both'.
 
 ---
@@ -294,7 +294,7 @@ Corresponds to `django.db.models.fields.DecimalField`.
 * `max_value` Validate that the number provided is no greater than this value.
 * `min_value` Validate that the number provided is no less than this value.
 * `localize` Set to `True` to enable localization of input and output based on the current locale. This will also force `coerce_to_string` to `True`. Defaults to `False`. Note that data formatting is enabled if you have set `USE_L10N=True` in your settings file.
-* `rounding` Sets the rounding mode used when quantising to the configured precision. Valid values are [`decimal` module rounding modes][python-decimal-rounding-modes]. Defaults to `None`.
+* `rounding` Sets the rounding mode used when quantizing to the configured precision. Valid values are [`decimal` module rounding modes][python-decimal-rounding-modes]. Defaults to `None`.
 * `normalize_output` Will normalize the decimal value when serialized. This will strip all trailing zeroes and change the value's precision to the minimum required precision to be able to represent the value without loosing data. Defaults to `False`.
 
 #### Example usage
@@ -321,13 +321,13 @@ Corresponds to `django.db.models.fields.DateTimeField`.
 
 * `format` - A string representing the output format. If not specified, this defaults to the same value as the `DATETIME_FORMAT` settings key, which will be `'iso-8601'` unless set. Setting to a format string indicates that `to_representation` return values should be coerced to string output. Format strings are described below. Setting this value to `None` indicates that Python `datetime` objects should be returned by `to_representation`. In this case the datetime encoding will be determined by the renderer.
 * `input_formats` - A list of strings representing the input formats which may be used to parse the date.  If not specified, the `DATETIME_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
-* `default_timezone` - A `tzinfo` subclass (`zoneinfo` or `pytz`) prepresenting the timezone. If not specified and the `USE_TZ` setting is enabled, this defaults to the [current timezone][django-current-timezone]. If `USE_TZ` is disabled, then datetime objects will be naive.
+* `default_timezone` - A `tzinfo` subclass (`zoneinfo` or `pytz`) representing the timezone. If not specified and the `USE_TZ` setting is enabled, this defaults to the [current timezone][django-current-timezone]. If `USE_TZ` is disabled, then datetime objects will be naive.
 
 #### `DateTimeField` format strings.
 
 Format strings may either be [Python strftime formats][strftime] which explicitly specify the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style datetimes should be used. (eg `'2013-01-29T12:34:56.000000Z'`)
 
-When a value of `None` is used for the format `datetime` objects will be returned by `to_representation` and the final output representation will determined by the renderer class.
+When a value of `None` is used for the format `datetime` objects will be returned by `to_representation` and the final output representation will be determined by the renderer class.
 
 #### `auto_now` and `auto_now_add` model fields.
 
 
@@ -253,7 +253,7 @@ The `OrderingFilter` class supports simple query parameter controlled ordering o
 
 ![Ordering Filter](../img/ordering-filter.png)
 
-By default, the query parameter is named `'ordering'`, but this may by overridden with the `ORDERING_PARAM` setting.
+By default, the query parameter is named `'ordering'`, but this may be overridden with the `ORDERING_PARAM` setting.
 
 For example, to order users by username:
 
@@ -269,7 +269,7 @@ Multiple orderings may also be specified:
 
 ### Specifying which fields may be ordered against
 
-It's recommended that you explicitly specify which fields the API should allowing in the ordering filter.  You can do this by setting an `ordering_fields` attribute on the view, like so:
+It's recommended that you explicitly specify which fields the API should allow in the ordering filter.  You can do this by setting an `ordering_fields` attribute on the view, like so:
 
     class UserListView(generics.ListAPIView):
         queryset = User.objects.all()
 
@@ -240,7 +240,7 @@ Suppose we want to replace the default pagination output style with a modified f
                 'results': data
             })
 
-We'd then need to setup the custom class in our configuration:
+We'd then need to set up the custom class in our configuration:
 
     REST_FRAMEWORK = {
         'DEFAULT_PAGINATION_CLASS': 'my_project.apps.core.pagination.CustomPagination',
@@ -262,7 +262,7 @@ API responses for list endpoints will now include a `Link` header, instead of in
 
 ![Link Header][link-header]
 
-*A custom pagination style, using the 'Link' header'*
+*A custom pagination style, using the 'Link' header*
 
 ---
 
 
@@ -11,7 +11,7 @@ sending more complex data than simple forms
 >
 > &mdash; Malcom Tredinnick, [Django developers group][cite]
 
-REST framework includes a number of built in Parser classes, that allow you to accept requests with various media types.  There is also support for defining your own custom parsers, which gives you the flexibility to design the media types that your API accepts.
+REST framework includes a number of built-in Parser classes, that allow you to accept requests with various media types.  There is also support for defining your own custom parsers, which gives you the flexibility to design the media types that your API accepts.
 
 ## How the parser is determined
 
 
@@ -165,19 +165,20 @@ This permission is suitable if you want your API to only be accessible to a subs
 
 ## IsAuthenticatedOrReadOnly
 
-The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any request.  Requests for unauthorised users will only be permitted if the request method is one of the "safe" methods; `GET`, `HEAD` or `OPTIONS`.
+The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any request.  Requests for unauthenticated users will only be permitted if the request method is one of the "safe" methods; `GET`, `HEAD` or `OPTIONS`.
 
 This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.
 
 ## DjangoModelPermissions
 
 This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  This permission must only be applied to views that have a `.queryset` property or `get_queryset()` method. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned. The appropriate model is determined by checking `get_queryset().model` or `queryset.model`.
 
+* `GET` requests require the user to have the `view` or `change` permission on the model
 * `POST` requests require the user to have the `add` permission on the model.
 * `PUT` and `PATCH` requests require the user to have the `change` permission on the model.
 * `DELETE` requests require the user to have the `delete` permission on the model.
 
-The default behavior can also be overridden to support custom model permissions.  For example, you might want to include a `view` model permission for `GET` requests.
+The default behaviour can also be overridden to support custom model permissions.
 
 To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property.  Refer to the source code for details.
 
@@ -201,7 +202,7 @@ As with `DjangoModelPermissions` you can use custom model permissions by overrid
 
 ---
 
-**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests and are using django-guardian for your object-level permissions backend, you'll want to consider using the `DjangoObjectPermissionsFilter` class provided by the [`djangorestframework-guardian` package][django-rest-framework-guardian]. It ensures that list endpoints only return results including objects for which the user has appropriate view permissions.
+**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests and are using django-guardian for your object-level permissions backend, you'll want to consider using the `DjangoObjectPermissionsFilter` class provided by the [`djangorestframework-guardian2` package][django-rest-framework-guardian2]. It ensures that list endpoints only return results including objects for which the user has appropriate view permissions.
 
 ---
 
@@ -356,6 +357,6 @@ The [Django Rest Framework PSQ][drf-psq] package is an extension that gives supp
 [rest-framework-roles]: https://github.com/Pithikos/rest-framework-roles
 [djangorestframework-api-key]: https://florimondmanca.github.io/djangorestframework-api-key/
 [django-rest-framework-role-filters]: https://github.com/allisson/django-rest-framework-role-filters
-[django-rest-framework-guardian]: https://github.com/rpkilby/django-rest-framework-guardian
+[django-rest-framework-guardian2]: https://github.com/johnthagen/django-rest-framework-guardian2
 [drf-access-policy]: https://github.com/rsinger86/drf-access-policy
 [drf-psq]: https://github.com/drf-psq/drf-psq
@@ -54,5 +54,5 @@ As with the `reverse` function, you should **include the request as a keyword ar
     api_root = reverse_lazy('api-root', request=request)
 
 [cite]: https://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm#sec_5_1_5
-[reverse]: https://docs.djangoproject.com/en/stable/topics/http/urls/#reverse
-[reverse-lazy]: https://docs.djangoproject.com/en/stable/topics/http/urls/#reverse-lazy
+[reverse]: https://docs.djangoproject.com/en/stable/ref/urlresolvers/#reverse
+[reverse-lazy]: https://docs.djangoproject.com/en/stable/ref/urlresolvers/#reverse-lazy
@@ -167,12 +167,23 @@ This behavior can be modified by setting the `trailing_slash` argument to `False
 
 Trailing slashes are conventional in Django, but are not used by default in some other frameworks such as Rails.  Which style you choose to use is largely a matter of preference, although some javascript frameworks may expect a particular routing style.
 
-The router will match lookup values containing any characters except slashes and period characters.  For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset.  For example, you can limit the lookup to valid UUIDs:
+By default the URLs created by `SimpleRouter` use regular expressions. This behavior can be modified by setting the `use_regex_path` argument to `False` when instantiating the router, in this case [path converters][path-converters-topic-reference] are used. For example:
+
+    router = SimpleRouter(use_regex_path=False)
+
+**Note**: `use_regex_path=False` only works with Django 2.x or above, since this feature was introduced in 2.0.0. See [release note][simplified-routing-release-note]
+
+
+The router will match lookup values containing any characters except slashes and period characters.  For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset or `lookup_value_converter` if using path converters.  For example, you can limit the lookup to valid UUIDs:
 
     class MyModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet):
         lookup_field = 'my_model_id'
         lookup_value_regex = '[0-9a-f]{32}'
 
+    class MyPathModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet):
+        lookup_field = 'my_model_uuid'
+        lookup_value_converter = 'uuid'
+
 ## DefaultRouter
 
 This router is similar to `SimpleRouter` as above, but additionally includes a default API root view, that returns a response containing hyperlinks to all the list views.  It also generates routes for optional `.json` style format suffixes.
@@ -340,3 +351,5 @@ The [`DRF-extensions` package][drf-extensions] provides [routers][drf-extensions
 [drf-extensions-customizable-endpoint-names]: https://chibisov.github.io/drf-extensions/docs/#controller-endpoint-name
 [url-namespace-docs]: https://docs.djangoproject.com/en/4.0/topics/http/urls/#url-namespaces
 [include-api-reference]: https://docs.djangoproject.com/en/4.0/ref/urls/#include
+[simplified-routing-release-note]: https://docs.djangoproject.com/en/2.0/releases/2.0/#simplified-url-routing-syntax
+[path-converters-topic-reference]: https://docs.djangoproject.com/en/2.0/topics/http/urls/#path-converters
@@ -226,7 +226,7 @@ Individual fields on a serializer can include validators, by declaring them on t
             raise serializers.ValidationError('Not a multiple of ten')
 
     class GameRecord(serializers.Serializer):
-        score = IntegerField(validators=[multiple_of_ten])
+        score = serializers.IntegerField(validators=[multiple_of_ten])
         ...
 
 Serializer classes can also include reusable validators that are applied to the complete set of field data. These validators are included by declaring them on an inner `Meta` class, like so:
@@ -758,11 +758,11 @@ This is `True` by default, but can be set to `False` if you want to disallow emp
 
 ### `max_length`
 
-This is `None` by default, but can be set to a positive integer if you want to validates that the list contains no more than this number of elements.
+This is `None` by default, but can be set to a positive integer if you want to validate that the list contains no more than this number of elements.
 
 ### `min_length`
 
-This is `None` by default, but can be set to a positive integer if you want to validates that the list contains no fewer than this number of elements.
+This is `None` by default, but can be set to a positive integer if you want to validate that the list contains no fewer than this number of elements.
 
 ### Customizing `ListSerializer` behavior
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ sending more complex data than simple forms`
`11`	`11`	`>`
`12`	`12`	`> — Malcom Tredinnick, [Django developers group][cite]`
`13`	`13`
`14`		`-REST framework includes a number of built in Parser classes, that allow you to accept requests with various media types. There is also support for defining your own custom parsers, which gives you the flexibility to design the media types that your API accepts.`
	`14`	`+REST framework includes a number of built-in Parser classes, that allow you to accept requests with various media types. There is also support for defining your own custom parsers, which gives you the flexibility to design the media types that your API accepts.`
`15`	`15`
`16`	`16`	`## How the parser is determined`
`17`	`17`