fix(deps): update dependency django-guardian to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
django-guardian (changelog)	^2.4.0 -> ^3.0.0

---

Release Notes

django-guardian/django-guardian (django-guardian)

v3.0.0: Version 3.0.0 - "The phoenix" 🐦‍🔥

Compare Source

🐦‍🔥This release

This is the culmination of more than FIVE YEARS of commits by various dedicated people, and a lot of wrangling to resurrect django-guardian from the dead. It aims to bring guardian up to date with a new team of maintainers and hit reset on the project going forward - it also encompasses updates to be compatible with the latest, greatest versions of django.

📚 Documentation and ⌨️ Typing

Guardian now has static typing, plus check out the new-look docs 🤩
... thanks @​dpgraham4401 for some substantive contributions here!

🚀 Performance

There are numerous upgrades to performance that are included here. The majority of users should find performance to be neutral or upgraded 🐎🥇.

⚠️⚠️⚠️⚠️⚠️ WARNING ⚠️⚠️⚠️⚠️⚠️ Some alterations have been made that may affect performance. All were done for good reasons, all were reviewed carefully by the maintainers at the time. But frustratingly we have only a rudimentary benchmarks suite. This PR discusses one such possible scenario.

• If you are running large scale, mission critical apps, then you should probably benchmark your application with this new version (or at the very least update just this, making it an easy rollback).
• Your support to create a benchmarks suite is very welcome!

🔧 Why a Major version?

We're reasonably sure that this major version does not actually constitute any breaking changes. However, there's been a complete turnover of the maintenance team, and we're releasing some features which we didn't touch, review or participate in in any way (although all commits have been doubly reviewed when they were merged).

I've gone over to review this entire release as best as I can but without many days of deep introspection, it's realistically possible to miss some changes that have implications deemed "breaking".

Sensible app developers should be pinning their dependencies like >2, <3 (or tighter) so in most cases, the update to this version (v3) will be a conscious choice as opposed to automatic update. It's therefore much safer for us to make a major version release (then possibly have to update the release notes!), than it is to do a minor version release which risks breaking people's systems.

To further mitigate this risk we'll first issue Release Candidate versions which people can install and give feedback on.

In the past, (eg the 2.0.0 release), removal of old django versions (which we have done in this release) was seen to be a breaking change. With modern dependency resolvers like uv and poetry this should no longer break people's installs (simply prevent them from using newer versions) so in future this will not be deemed a breaking change.

What's Changed

• Update tested Django versions to latest patch releases by @​johnthagen in https://github.com/django-guardian/django-guardian/pull/749
• Optimize get_objects_for_* if klass is a queryset by @​TauPan in https://github.com/django-guardian/django-guardian/pull/569
• Security bugfix: GuardedModelAdminMixin did not check for guardian pe… by @​areyal in https://github.com/django-guardian/django-guardian/pull/757
• Revert "Security bugfix: GuardedModelAdminMixin did not check for guardian pe…" by @​ad-m in https://github.com/django-guardian/django-guardian/pull/764
• Add support for Python 3.10 by @​johnthagen in https://github.com/django-guardian/django-guardian/pull/763
• Add Django 4.0 support by @​johnthagen in https://github.com/django-guardian/django-guardian/pull/772
• union users and groups for better perf by @​qeternity in https://github.com/django-guardian/django-guardian/pull/768
• "Fix" performance enhancement related to #​811 by @​cmaggiulli in https://github.com/django-guardian/django-guardian/pull/812
• Fix failing checks by @​BonaFideIT in https://github.com/django-guardian/django-guardian/pull/827
• Add security.md by @​thclark in https://github.com/django-guardian/django-guardian/pull/832
• docs: Fix a few typos by @​timgates42 in https://github.com/django-guardian/django-guardian/pull/782
• Upating save() function for better performance by @​Muditalbet in https://github.com/django-guardian/django-guardian/pull/790
• Add support for newer Django versions, up to 5.0 by @​ZbigniewRA in https://github.com/django-guardian/django-guardian/pull/816
• Add workflow for publishing and releasing package by @​cortadocodes in https://github.com/django-guardian/django-guardian/pull/835
• Release flow by @​thclark in https://github.com/django-guardian/django-guardian/pull/840
• Bugfix/custom user doc fix by @​zesameri in https://github.com/django-guardian/django-guardian/pull/795
• get_groups_with_perms bug by @​okaluk in https://github.com/django-guardian/django-guardian/pull/838
• Update shortcuts.py by @​idiomaticrefactoring in https://github.com/django-guardian/django-guardian/pull/769
• Add cache for ContentType by @​sevdog in https://github.com/django-guardian/django-guardian/pull/806
• Use shortcuts.assign_perm in example by @​ad-m in https://github.com/django-guardian/django-guardian/pull/767
• feat: added message for PermissionRequiredMixin by @​Rainshaw in https://github.com/django-guardian/django-guardian/pull/731
• Respect GUARDIAN_GET_CONTENT_TYPE during ctype match check in guardian.shortcuts.get_objects_for_user by @​markedwards in https://github.com/django-guardian/django-guardian/pull/728
• Add GuardianGroupMixin to support custom group models by @​BonaFideIT in https://github.com/django-guardian/django-guardian/pull/825
• Support Python 3.13 and Django 5.1 by @​johnthagen in https://github.com/django-guardian/django-guardian/pull/844
• Replace Restructured Text with Markdown by @​dpgraham4401 in https://github.com/django-guardian/django-guardian/pull/845
• Remove EOL python 3.8 by @​thclark in https://github.com/django-guardian/django-guardian/pull/850
• Fix readthedocs search text contrast by @​dpgraham4401 in https://github.com/django-guardian/django-guardian/pull/849
• Move to uv and pyproject.toml by @​thclark in https://github.com/django-guardian/django-guardian/pull/846
• Add initial static type annotations by @​dpgraham4401 in https://github.com/django-guardian/django-guardian/pull/858
• Release 3.0.0 by @​thclark in https://github.com/django-guardian/django-guardian/pull/841

New Contributors

• @​TauPan made their first contribution in https://github.com/django-guardian/django-guardian/pull/569
• @​areyal made their first contribution in https://github.com/django-guardian/django-guardian/pull/757
• @​cmaggiulli made their first contribution in https://github.com/django-guardian/django-guardian/pull/812
• @​BonaFideIT made their first contribution in https://github.com/django-guardian/django-guardian/pull/827
• @​Muditalbet made their first contribution in https://github.com/django-guardian/django-guardian/pull/790
• @​ZbigniewRA made their first contribution in https://github.com/django-guardian/django-guardian/pull/816
• @​cortadocodes made their first contribution in https://github.com/django-guardian/django-guardian/pull/835
• @​zesameri made their first contribution in https://github.com/django-guardian/django-guardian/pull/795
• @​okaluk made their first contribution in https://github.com/django-guardian/django-guardian/pull/838
• @​idiomaticrefactoring made their first contribution in https://github.com/django-guardian/django-guardian/pull/769
• @​sevdog made their first contribution in https://github.com/django-guardian/django-guardian/pull/806
• @​markedwards made their first contribution in https://github.com/django-guardian/django-guardian/pull/728
• @​dpgraham4401 made their first contribution in https://github.com/django-guardian/django-guardian/pull/845 and https://github.com/django-guardian/django-guardian/pull/851

Full Changelog: django-guardian/django-guardian@v2.4.0...3.0.0

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.