RepoJournal
Django

@django

Python's batteries-included web framework

Pick a date

  1. Tue 5 may
  2. Wed 6 may
  3. Thu 7 may
  4. Fri 8 may
  5. Sat 9 may
  6. Sun 10 may
  7. Mon 11 may
  8. Tue 12 may
  9. Wed 13 may
  10. Thu 14 may
  11. Fri 15 may
  12. Sat 16 may
  13. Sun 17 may
  14. Mon 18 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

DJANGO CLEANS UP BUILD DEPENDENCIES WHILE FIXING CUSTOM USER MODEL EDGE CASES

By RepoJournal · Filed · About Django

Django core removed a mistaken puppeteer direct dependency that was supposed to be managed through npm overrides, while simultaneously fixing createsuperuser to handle custom user models without natural keys.

The build pipeline got lighter today with the removal of an unnecessary puppeteer dependency [1] that was added in error. The original intent was to pin versions through npm overrides, not direct dependencies, creating duplicate package entries that npm ls flagged. Meanwhile, on the user model front, Django fixed a critical issue where createsuperuser would fail against custom user implementations that lack a natural_key method [2] [3]. This matters because nullable username fields are a documented and supported configuration, yet the command's uniqueness check was hardcoded to call get_by_natural_key(), breaking legitimate setups. The djangoproject.com team also tightened security release checklists by eliminating severity duplication in notifications [4] [5]. Previously, announcing five low-severity fixes would read as 'low, low, low, low, and low' - now it collapses cleanly. Code of Conduct expanded its scope to include Djangonaut Space as an affiliated program [7], formalized in updated documentation [6] [8].

Action items

References

  1. [1] Removed unnecessary direct dev dependency on puppeteer. django/django
  2. [2] Fixed #36225 - Made implementation of natural_key optional on User Model Manager ↗ django/django
  3. [3] Fixed #36225 -- Coped with lack of get_by_natural_key() in createsuperuser. django/django
  4. [4] [checklists] Ensure that issue severity is not duplicated in prenotification django/djangoproject.com
  5. [5] [checklists] Remove severity duplication in security release checklist ↗ django/djangoproject.com
  6. [6] Update changelog ↗ django/code-of-conduct
  7. [7] Add Djangonaut Space as an affiliated program ↗ django/code-of-conduct
  8. [8] Merge pull request #107 from django/changelog-update-14 django/code-of-conduct

FAQ

What changed in Django on May 29, 2026?
Django core removed a mistaken puppeteer direct dependency that was supposed to be managed through npm overrides, while simultaneously fixing createsuperuser to handle custom user models without natural keys.
What should Django teams do about it?
Pull the latest django/django main if you maintain custom user models • Review your npm build output to verify no duplicate puppeteer entries remain
Which Django repositories shipped on May 29, 2026?
django/django, django/djangoproject.com, django/code-of-conduct

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.