Bump wagtail from 7.0.1 to 7.0.7

[dependabot]

Bumps wagtail from 7.0.1 to 7.0.7.

Release notes

Sourced from wagtail's releases.

7.0.7

• Security fix: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
• Security fix: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
• Security fix: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
• Security fix: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
• Security fix: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
• Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
• Fix: Correctly escape the sizes attribute in responsive image template tags (Jake Howard)
• Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
• Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)

7.0.6

• Fix: CVE-2026-28222: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes (Guan Chenxian, Matt Westcott)
• Fix: CVE-2026-28223: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface (Guan Chenxian, Matt Westcott)

7.0.5

• Remove upper bound on Pillow dependency (Kunal Hemnani)

7.0.4

• Fix: Prevent error on custom generic create and edit views without a header icon (Sage Abdullah)
• Fix: CVE-2026-25517: Improper permission handling on admin preview endpoints (thxtech, Matt Westcott, Jake Howard)

7.0.3

• Fix: Prevent crash when previewing a form page with an empty field type (Sage Abdullah)

7.0.2

• Fix: Prevent error when restoring scroll position for cross-domain preview iframe (Sage Abdullah)
• Fix: Remove ngram parser on MySQL that prevented autocomplete search from returning results (Vince Salvino)
• Fix: Ensure the editing of translation alias pages correctly shows links to the source page if the alias was created from a draft (Dan Braghis)

Changelog

Sourced from wagtail's changelog.

7.0.7 (05.05.2026)

 * Fix: CVE-2026-44197: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
 * Fix: CVE-2026-44198: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
 * Fix: CVE-2026-44199: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
 * Fix: CVE-2026-44200: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
 * Fix: CVE-2026-44201: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
 * Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
 * Fix: Correctly escape the `sizes` attribute in responsive image template tags (Jake Howard)
 * Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
 * Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)
7.0.6 (03.03.2026)

• Fix: CVE-2026-28222: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes (Guan Chenxian, Matt Westcott)
• Fix: CVE-2026-28223: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface (Guan Chenxian, Matt Westcott)

7.0.5 (12.02.2026)

 * Remove upper bound on Pillow dependency (Kunal Hemnani)
7.0.4 (03.02.2026)

• Fix: Prevent error on custom generic create and edit views without a header icon (Sage Abdullah)
• Fix: CVE-2026-25517: Improper permission handling on admin preview endpoints (thxtech, Matt Westcott, Jake Howard)

7.0.3 (28.08.2025)

 * Fix: Prevent crash when previewing a form page with an empty field type (Sage Abdullah)
7.0.2 (24.07.2025)

• Fix: Prevent error when restoring scroll position for cross-domain preview iframe (Sage Abdullah)
• Fix: Remove ngram parser on MySQL that prevented autocomplete search from returning results (Vince Salvino)
• Fix: Ensure the editing of translation alias pages correctly shows links to the source page if the alias was created from a draft (Dan Braghis)

Commits

• cb3ed5a ruff format
• 195962f Version bump to 7.0.7 final
• 3da9b74 Release notes for security fixes in 7.0.7
• c75351b Fix permission check on creating alias
• c731322 Fix permission handling on page copy
• 052caa0 Exclude view-restricted collections from document and images API
• 2aa9694 Only support deleting form submissions for the chosen page
• bdfb723 Add test
• 585cb02 Check object permissions in PageHistoryView
• d8e88bd Change permission test to edit or publish
• Additional commits viewable in compare view