Bump sqlalchemy from 1.4.29 to 2.0.17

[dependabot[bot]]

Bumps sqlalchemy from 1.4.29 to 2.0.17.

Release notes

Sourced from sqlalchemy's releases.

2.0.17

Released: June 23, 2023

orm

• [orm] [bug] [regression] Fixed regression in the 2.0 series where a query that used undefer_group() with _orm.selectinload() or _orm.subqueryload() would raise an AttributeError. Pull request courtesy of Matthew Martin.

  References: #9870

• [orm] [bug] Fixed issue in ORM Annotated Declarative which prevented a _orm.declared_attr from being used on a mixin which did not return a Mapped datatype, and instead returned a supplemental ORM datatype such as AssociationProxy. The Declarative runtime would erroneously try to interpret this annotation as needing to be Mapped and raise an error.

  References: #9957

• [orm] [bug] [typing] Fixed typing issue where using the AssociationProxy return type from a _orm.declared_attr function was disallowed.

  References: #9957

• [orm] [bug] [regression] Fixed regression introduced in 2.0.16 by #9879 where passing a callable to the _orm.mapped_column.default parameter of _orm.mapped_column while also setting init=False would interpret this value as a Dataclass default value which would be assigned directly to new instances of the object directly, bypassing the default generator taking place as the _schema.Column.default value generator on the underlying _schema.Column. This condition is now detected so that the previous behavior is maintained, however a deprecation warning for this ambiguous use is emitted; to populate the default generator for a _schema.Column, the _orm.mapped_column.insert_default parameter should be used, which disambiguates from the _orm.mapped_column.default parameter whose name is fixed as per pep-681.

  References: #9936

• [orm] [bug] Additional hardening and documentation for the ORM _orm.Session "state change" system, which detects concurrent use of _orm.Session and _asyncio.AsyncSession objects; an additional check is added within the process to acquire connections from the underlying engine, which is a critical section with regards to internal connection management.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[jbnable]

Checkmarx One – Scan Summary & Details – fc85c5d7-f901-4713-840c-3ffdaa17076e

No New Or Fixed Issues Found

[dependabot[bot]]

Superseded by #499.