search

SpamExperts / OrangeAssassin

OrangeAssassin
https://orangeassassin.org
Apache License 2.0
60 stars 19 forks source link

Bump sqlalchemy from 1.4.29 to 2.0.9 #471

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps sqlalchemy from 1.4.29 to 2.0.9.

Release notes

Sourced from sqlalchemy's releases.

2.0.9

Released: April 5, 2023

orm

  • [orm] [bug] Fixed endless loop which could occur when using "relationship to aliased class" feature and also indicating a recursive eager loader such as lazy="selectinload" in the loader, in combination with another eager loader on the opposite side. The check for cycles has been fixed to include aliased class relationships.

    This change is also backported to: 1.4.48

    References: #9590

mariadb

  • [mariadb] [bug] Added row_number as reserved word in MariaDb.

    References: #9588

mssql

  • [mssql] [bug] Due to a critical bug identified in SQL Server, the SQLAlchemy "insertmanyvalues" feature which allows fast INSERT of many rows while also supporting RETURNING unfortunately needs to be disabled for SQL Server. SQL Server is apparently unable to guarantee that the order of rows inserted matches the order in which they are sent back by OUTPUT inserted when table-valued rows are used with INSERT in conjunction with OUTPUT inserted. We are trying to see if Microsoft is able to confirm this undocumented behavior however there is no known workaround, other than it's not safe to use table-valued expressions with OUTPUT inserted for now.

    References: #9603

  • [mssql] [bug] Changed the bulk INSERT strategy used for SQL Server "executemany" with pyodbc when fast_executemany is set to True by using fast_executemany / cursor.executemany() for bulk INSERT that does not include RETURNING, restoring the same behavior as was used in SQLAlchemy 1.4 when this parameter is set.

    New performance details from end users have shown that fast_executemany is still much faster for very large datasets as it uses ODBC commands that can receive all rows in a single round trip, allowing for much larger datasizes than the batches that can be sent by "insertmanyvalues" as was implemented for SQL Server.

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
jbnable commented 1 year ago

Logo Checkmarx One – Scan Summary & Details68f1be11-b0db-495b-bc8d-e16143f437b9

No New Or Fixed Issues Found

dependabot[bot] commented 1 year ago

Superseded by #478.