Update duckdb requirement from <=0.9.2 to <=0.10.2

dependabot[bot] commented 5 months ago

Updates the requirements on duckdb to permit the latest version.

Release notes

v0.10.2 Bugfix Release

This is a bug fix release for various issues discovered after we released 0.10.1. There are no new features, just bug fixes. Database files created by DuckDB v0.10.* or v0.9.* can be read by DuckDB v0.10.2.

SQL Modifications

This release has a number of bug fixes that change SQL semantics in a few edge cases:

Nested Boolean Comparisons now have consistent NULL comparison semantics - duckdb/duckdb#11496

Structs with non-matching keys require explicit casts when compared or combined - duckdb/duckdb#11396

What's Changed

Bump julia version & fix release script for sub-versions > 9 by @Mytherin in duckdb/duckdb#11225

Flatten Rewrite by @maiadegraaf in duckdb/duckdb#11223

ORDER BY ColumnNumber with Collations by @tiagokepe in duckdb/duckdb#11139

Fix differences to implementation for to_parquet, write_parquet, to_csv, write_csv, Expression.alias, DuckDBPyRelation.map by @binste in duckdb/duckdb#11135

Issue template: Ask for MWEs by @szarnyasg in duckdb/duckdb#11192

Cleaning up FSST: Remove unused AVX512 code by @hannes in duckdb/duckdb#11222

Fix #11211 - correctly fill in string_t padding for bit type by @Mytherin in duckdb/duckdb#11231

Fix #3391: Stop creating background threads if the thread constructor throws an exception by @Mytherin in duckdb/duckdb#11236

R_CMD_CHECK: Pin to duckdb/duckdb-r 0ed106a71c by @carlopi in duckdb/duckdb#11245

Add support for HEX(BLOB) by @Mytherin in duckdb/duckdb#11243

Remove no_vector_verification in Map Subscript Test by @maiadegraaf in duckdb/duckdb#11242

Update logos in README by @szarnyasg in duckdb/duckdb#11256

Ignore user defined parameters that change names or types of csv columns in sniffer's prompt. by @pdet in duckdb/duckdb#11257

[Python] Fix error caused by looking up a TypeCatalogEntry without an active transaction. by @Tishj in duckdb/duckdb#11255

[Fix] Fuzzer issue in list_select by @taniabogatsch in duckdb/duckdb#11248

[Parquet] Support for LZ4 Compression by @hannes in duckdb/duckdb#11220

Fix #11254: Add missing includes to terminal by @Mytherin in duckdb/duckdb#11265

Issue #10867: AsOf Predicate Pushdown by @hawkfish in duckdb/duckdb#11233

Fix plan cost runner regression script by @Tmonster in duckdb/duckdb#11129

Check if we need to throw any remaining errors at end of CSV scanning by @pdet in duckdb/duckdb#11276

Allow duplicate names in json objects when ignore_errors is true by @lnkuiper in duckdb/duckdb#11271

Do not surround JSON with quotes in sqlite shell output by @lnkuiper in duckdb/duckdb#11268

add TRIM support to virtual filesystem, and implementation on linux by @jkub in duckdb/duckdb#11258

Perform direct write operation if input data are larger than buffer size by @quentingodeau in duckdb/duckdb#11203

Fuzzer fixes by @lnkuiper in duckdb/duckdb#11286

Compile spatial also for rtools by @carlopi in duckdb/duckdb#11291

allow injecting custom BufferManager implementation by @jkub in duckdb/duckdb#11215

Default to RECORDS in JSON reader if more than one column is specified by @lnkuiper in duckdb/duckdb#11295

Add support for materialized CTEs in INSERT/UPDATE/DELETE statements by @kryonix in duckdb/duckdb#10878

Only throw exception if je_mallctl fails in DEBUG mode by @lnkuiper in duckdb/duckdb#11303

Fixing casting issue in generators by @hannes in duckdb/duckdb#11304

Rework FileSystem::OpenFile call, and add FILE_FLAGS_NULL_IF_NOT_EXISTS by @Mytherin in duckdb/duckdb#11297

Fix potential UB when list() aggregate is used in combination with other arena using aggregate functions by @Maxxen in duckdb/duckdb#11306

Fix #11293 - for ARRAY([subquery]) explicitly push the ORDER BY of the underlying subquery into the array aggregate by @Mytherin in duckdb/duckdb#11316

Fix #11281: explicitly select column types of information_schema tables for all columns, even if they are always NULL by @Mytherin in duckdb/duckdb#11317

Fixup py upload by @carlopi in duckdb/duckdb#11308

Issue #11279: TIMESTAMP => TIMESTAMPTZ by @hawkfish in duckdb/duckdb#11320

Fix null pointer exception when rolling back updates if the rollback was caused by an OOM by @Mytherin in duckdb/duckdb#11309

Fix #11283 - report consistent foreign key constraint name in information_schema by @Mytherin in duckdb/duckdb#11318

... (truncated)

Commits

44eb2b5 Merge pull request #11682 from Mytherin/shellutf8
e2bff34 Disable setting console pages by default, and add .utf8 setting
3c7ad70 Merge pull request #11671 from Mytherin/valgrindfix
69547d9 Merge pull request #11653 from pdet/adbc_py9
a885dac Fix uninitialized values
e778341 proper skip
9a3cc6a Merge pull request #11616 from pdet/multiple_nullstr
780f5e4 rmv skipped member from SQLLogicTest
f303d87 change unzip.test vector's and block's sizes and to require 64bit
496977a skip unzip tests in python - this functionality is not supported yet
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] commented 5 months ago

Dependabot tried to add @glenn-jocher as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/2lambda123/ultralytics-ultralytics/pulls/1/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the 2lambda123/ultralytics-ultralytics repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request

dependabot[bot] commented 5 months ago

The following labels could not be found: dependencies.

performance-testing-bot[bot] commented 5 months ago

Unable to locate .performanceTestingBot config file

cr-gpt[bot] commented 5 months ago

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

git-greetings[bot] commented 5 months ago

Thanks @dependabot[bot] for opening this PR!

For COLLABORATOR only :

To add labels, comment on the issue /label add label1,label2,label3
To remove labels, comment on the issue /label remove label1,label2,label3

code-companion-ai[bot] commented 5 months ago

Processing PR updates...

secure-code-warrior-for-github[bot] commented 5 months ago

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "sqli"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try a challenge in Secure Code Warrior

Helpful references

PHP SQL Injection Page - A detailed page on SQL injection in the online PHP manual.
OWASP SQL Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications.
OWASP SQL Injection - OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.
OWASP Query Parameterization Cheat Sheet - A derivative work of the OWASP SQL Injection Prevention Cheat Sheet focused on SQL query parameterization.
Preventing SQL Injection Attacks With Python - A tutorial on crafting parameterized queries, SQL composition and safe query execution in Python.

Micro-Learning Topic: External entity injection (Detected by phrase)

Matched on "xxe"

What is this? (2min video)

An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

Try a challenge in Secure Code Warrior

Helpful references

OWASP XML External Entity (XXE) Processing - OWASP community page with comprehensive information about XML external entity attacks, and links to various OWASP resources to help detect or prevent it.
MSDN Security Briefs - XML Denial of Service Attacks and Defenses - An MSDN Magazine article that goes into detail on XML entity attacks and how to defend against them.
OWASP XML External Entity Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing XML external entity flaws in your applications.

coderabbitai[bot] commented 5 months ago

[!IMPORTANT]

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

git-greetings[bot] commented 5 months ago

First PR by @dependabot[bot]

PR Details of @dependabot[bot] in ultralytics-ultralytics :	OPEN	CLOSED	TOTAL
1	0	1

cr-gpt[bot] commented 5 months ago

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

code-companion-ai[bot] commented 5 months ago

Processing PR updates...

codesyncapp[bot] commented 5 months ago

Check out the playback for this Pull Request here.

socket-security[bot] commented 5 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
pypi/duckdb@0.10.2	environment, eval, filesystem, network, shell, unsafe	`0`	109 MB	Mytherin, duckdb_admin, hfmuehleisen

View full report↗︎

2lambda123 / ultralytics-ultralytics