aio-libs / aiohttp-security

auth and permissions for aiohttp
Apache License 2.0
229 stars 68 forks source link

Bump sqlalchemy from 1.4.46 to 2.0.18 #626

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps sqlalchemy from 1.4.46 to 2.0.18.

Release notes

Sourced from sqlalchemy's releases.

2.0.18

Released: July 5, 2023

engine

  • [engine] [bug] Adjusted the _sa.create_engine.schema_translate_map feature such that all schema names in the statement are now tokenized, regardless of whether or not a specific name is in the immediate schema translate map given, and to fallback to substituting the original name when the key is not in the actual schema translate map at execution time. These two changes allow for repeated use of a compiled object with schema schema_translate_maps that include or dont include various keys on each run, allowing cached SQL constructs to continue to function at runtime when schema translate maps with different sets of keys are used each time. In addition, added detection of schema_translate_map dictionaries which gain or lose a None key across calls for the same statement, which affects compilation of the statement and is not compatible with caching; an exception is raised for these scenarios.

    References: #10025

sql

  • [sql] [bug] Fixed issue where the _sql.ColumnOperators.regexp_match() when using "flags" would not produce a "stable" cache key, that is, the cache key would keep changing each time causing cache pollution. The same issue existed for _sql.ColumnOperators.regexp_replace() with both the flags and the actual replacement expression. The flags are now represented as fixed modifier strings rendered as safestrings rather than bound parameters, and the replacement expression is established within the primary portion of the "binary" element so that it generates an appropriate cache key.

    Note that as part of this change, the _sql.ColumnOperators.regexp_match.flags and _sql.ColumnOperators.regexp_replace.flags have been modified to render as literal strings only, whereas previously they were rendered as full SQL expressions, typically bound parameters. These parameters should always be passed as plain Python strings and not as SQL expression constructs; it's not expected that SQL expression constructs were used in practice for this parameter, so this is a backwards-incompatible change.

    The change also modifies the internal structure of the expression generated, for _sql.ColumnOperators.regexp_replace() with or without flags, and for _sql.ColumnOperators.regexp_match() with flags. Third party dialects which may have implemented regexp implementations of their own (no such dialects could be located in a search, so impact is expected

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #629.