Added important note about using url() on older versions of django, but switched the examples to re_path as to comply with Django docs for 2.0 and later.
Currently queries executed in the hooks don't run in the transaction
with the page deletion query and it's harder to write hook without
copying the whole view if you want to keep queries running in the hooks
integral with page deletion.
These were added in #3478 to ensure that numeric object IDs would not be affected by local number formatting; however, within widget templates, attrs.id refers to a string identifier, not a numeric ID.
According to a google search I just did, it seems a lot of people have forgotten to add ``Disallow: /admin`` in their robots.txt (or forgot to add robots.txt) at all.
Adding this meta tag into the head of all admin pages should prevent any admin pages being indexed even if this was missed.
The behaviour of `has_usable_password` has changed in Django 2.1, such that `None` is no longer considered a 'non-usable' password: https://docs.djangoproject.com/en/2.1/ref/contrib/auth/#django.contrib.auth.models.User.has_usable_password
As a consequence of the fix applied in Django https://code.djangoproject.com/ticket/28718 , Wagtail users created without a password will now be able to complete the password reset process to gain access to Wagtail. Sites that do not want this behaviour (e.g. because those users should be using an LDAP login instead) should disable password changes via WAGTAIL_PASSWORD_MANAGEMENT_ENABLED and WAGTAIL_PASSWORD_RESET_ENABLED.
In this case we just ignore the renderer; blocks have their own separate rendering mechanism, so it's not meaningful for that to be controlled by Django widget renderer classes.
* Upgrade gulp-sass to 4.0.1 and rebuild package-lock.json with npm 6
The only difference to the generated code appears to be in sourcemap data.
* Run npm audit to fix most vulnerable packages
Generated static files are unchanged by this update.
* Revert package-lock.json to npm 5 format
