... in section ModelSerializer 'fields' and 'exclude'

Deprecate the built-in `rest_framework.filters.DjangoFilterBackend` in favour of the third-party `django_filters.rest_framework.DjangoFilterBackend`.

Fixed minor sentence in Filter.py filter_queryset() Comment

* installation for django added in requirements.txt
* added line to install django first in contributing.md

* added line to install django first in contributing.md and CONTRIBUTING.md

Handle ModelSerializer case for relationships to models with custom pk.

When HTML form input is used with JSONField, treat the input as a JSON encoded string, not a JSON primative. (#4565)

Add error codes to `APIException`

Corrected `artist` and `album_name` typo in docs

`The Roots` are the band: https://en.wikipedia.org/wiki/The_Roots

`Undun` is their album: https://en.wikipedia.org/wiki/Undun

* Start test case

* Added 'requests' test client

* Address typos

* Graceful fallback if requests is not installed.

* Add cookie support

* Tests for auth and CSRF

* Py3 compat

* py3 compat

* py3 compat

* Add get_requests_client

* Added SchemaGenerator.should_include_link

* add settings for html cutoff on related fields

* Router doesn't work if prefix is blank, though project urls.py handles prefix

* Fix Django 1.10 to-many deprecation

* Add django.core.urlresolvers compatibility

* Update django-filter & django-guardian

* Check for empty router prefix; adjust URL accordingly

It's easiest to fix this issue after we have made the regex.  To try
to fix it before would require doing something different for List vs
Detail, which means we'd have to know which type of url we're
constructing before acting accordingly.

* Fix misc django deprecations

* Use TOC extension instead of header

* Fix deprecations for py3k

* Add py3k compatibility to is_simple_callable

* Add is_simple_callable tests

* Drop python 3.2 support (EOL, Dropped by Django)

* schema_renderers= should *set* the renderers, not append to them.

* API client (#4424)

* Fix release notes

* Add note about 'User account is disabled.' vs 'Unable to log in'

* Clean up schema generation (#4527)

* Handle multiple methods on custom action (#4529)

* RequestsClient, CoreAPIClient

* exclude_from_schema

* Added 'get_schema_view()' shortcut

* Added schema descriptions

* Better descriptions for schemas

* Add type annotation to schema generation

* Coerce schema 'pk' in path to actual field name

* Deprecations move into assertion errors

* Use get_schema_view in tests

* Updte CoreJSON media type

* Handle schema structure correctly when path prefixs exist. Closes #4401

* Add PendingDeprecation to Router schema generation.

* Added SCHEMA_COERCE_PATH_PK and SCHEMA_COERCE_METHOD_NAMES

* Renamed and documented 'get_schema_fields' interface.

* Fix rest_framework.filters.OrderingFilter doesn't pass context to serializers #4541

* #4541 Additional fix for remove_invalid_fields()

Update Django security release 1.10.2

- enabling validtions on incoming query params with the ease of adding new filters as easy as adding a new key in a dict.

Update Django security releases 1.9.10 and 1.8.15