Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump sqlalchemy from 1.4.29 to 2.0.18 #499

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 6, 2023

Bumps sqlalchemy from 1.4.29 to 2.0.18.

Release notes

Sourced from sqlalchemy's releases.

2.0.18

Released: July 5, 2023

engine

  • [engine] [bug] Adjusted the _sa.create_engine.schema_translate_map feature such that all schema names in the statement are now tokenized, regardless of whether or not a specific name is in the immediate schema translate map given, and to fallback to substituting the original name when the key is not in the actual schema translate map at execution time. These two changes allow for repeated use of a compiled object with schema schema_translate_maps that include or dont include various keys on each run, allowing cached SQL constructs to continue to function at runtime when schema translate maps with different sets of keys are used each time. In addition, added detection of schema_translate_map dictionaries which gain or lose a None key across calls for the same statement, which affects compilation of the statement and is not compatible with caching; an exception is raised for these scenarios.

    References: #10025

sql

  • [sql] [bug] Fixed issue where the _sql.ColumnOperators.regexp_match() when using "flags" would not produce a "stable" cache key, that is, the cache key would keep changing each time causing cache pollution. The same issue existed for _sql.ColumnOperators.regexp_replace() with both the flags and the actual replacement expression. The flags are now represented as fixed modifier strings rendered as safestrings rather than bound parameters, and the replacement expression is established within the primary portion of the "binary" element so that it generates an appropriate cache key.

    Note that as part of this change, the _sql.ColumnOperators.regexp_match.flags and _sql.ColumnOperators.regexp_replace.flags have been modified to render as literal strings only, whereas previously they were rendered as full SQL expressions, typically bound parameters. These parameters should always be passed as plain Python strings and not as SQL expression constructs; it's not expected that SQL expression constructs were used in practice for this parameter, so this is a backwards-incompatible change.

    The change also modifies the internal structure of the expression generated, for _sql.ColumnOperators.regexp_replace() with or without flags, and for _sql.ColumnOperators.regexp_match() with flags. Third party dialects which may have implemented regexp implementations of their own (no such dialects could be located in a search, so impact is expected

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.29 to 2.0.18.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 6, 2023
@jbnable
Copy link

jbnable commented Jul 6, 2023

Logo
Checkmarx One – Scan Summary & Detailse13b0128-682f-43e3-88dd-c207aa1fb2f3

No New Or Fixed Issues Found

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 17, 2023

Superseded by #502.

@dependabot dependabot bot closed this Jul 17, 2023
@dependabot dependabot bot deleted the dependabot/pip/sqlalchemy-2.0.18 branch July 17, 2023 05:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant