This is a security fix release. We strongly recommend people upgrade.
Security fixes:
Fixed SQL injection issue in MySQL
Fixed SQL injection issues in MySQL when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)
Fixed malformed SQL for PostgreSQL and SQLite when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)
Other changes:
Added support for partial models:
To create a partial model, one can do a .only(<fieldnames-as-strings>) as part of the QuerySet.
This will create model instances that only have those values fetched.
Persisting changes on the model is allowed only when:
All the fields you want to update is specified in <model>.save(update_fields=[...])
You included the Model primary key in the `.only(...)``
To protect against common mistakes we ensure that errors get raised:
If you access a field that is not specified, you will get an AttributeError.
If you do a <model>.save() a IncompleteInstanceError will be raised as the model is, as requested, incomplete.
If you do a <model>.save(update_fields=[...]) and you didn't include the primary key in the .only(...),
then IncompleteInstanceError will be raised indicating that updates can't be done without the primary key being known.
If you do a <model>.save(update_fields=[...]) and one of the fields in update_fields was not in the .only(...),
then IncompleteInstanceError as that field is not available to be updated.
Fixed bad SQL generation when doing a .values() query over a Foreign Key
Added <model>.update_from_dict({...}) that will mass update values safely from a dictionary
Fixed processing URL encoded password in connection string
v0.16.5
Bugfixes
Fix for generate_schemas param being ignored in tortoise.contrib.quart.register_tortoise
Fix join query with source_field param
Changed
Moved Tortoise.describe_model(<MODEL>, ...) to <MODEL>.describe(...)
Deprecated Tortoise.describe_model()
v0.16.4
More consistent escaping of db columns, fixes using SQL reserved keywords as field names with a function.
Fix the aggregates using the wrong side of the join when doing a self-referential aggregation.
Fix F funtions wrapped forgetting about distinct=True
v0.16.3
Fixed invalid var IN () SQL generated using __in= and __not_in filters.
This is a security fix release. We recommend everyone update.
Security fixes
^^^^^^^^^^^^^^
Fixed SQL injection issue in MySQL
Fixed SQL injection issues in MySQL when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)
Fixed malformed SQL for PostgreSQL and SQLite when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)
Other changes
^^^^^^^^^^^^^
Added support for partial models:
To create a partial model, one can do a .only(<fieldnames-as-strings>) as part of the QuerySet.
This will create model instances that only have those values fetched.
Persisting changes on the model is allowed only when:
All the fields you want to update is specified in <model>.save(update_fields=[...])
You included the Model primary key in the .only(...)
To protect against common mistakes we ensure that errors get raised:
If you access a field that is not specified, you will get an AttributeError.
If you do a <model>.save() a IncompleteInstanceError will be raised as the model is, as requested, incomplete.
If you do a <model>.save(update_fields=[...]) and you didn't include the primary key in the .only(...),
then IncompleteInstanceError will be raised indicating that updates can't be done without the primary key being known.
If you do a <model>.save(update_fields=[...]) and one of the fields in update_fields was not in the .only(...),
then IncompleteInstanceError as that field is not available to be updated.
Fixed bad SQL generation when doing a .values() query over a Foreign Key
Added <model>.update_from_dict({...}) that will mass update values safely from a dictionary
Fixed processing URL encoded password in connection string
0.16.5
Moved Tortoise.describe_model(<MODEL>, ...) to <MODEL>.describe(...)
Deprecated Tortoise.describe_model()
Fix for generate_schemas param being ignored in tortoise.contrib.quart.register_tortoise
Fix join query with source_field param
0.16.4
More consistent escaping of db columns, fixes using SQL reserved keywords as field names with a function.
Fix the aggregates using the wrong side of the join when doing a self-referential aggregation.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bbedward/graham_discord_bot/network/alerts).
Bumps tortoise-orm from 0.16.0 to 0.16.6.
Release notes
Sourced from tortoise-orm's releases.
Changelog
Sourced from tortoise-orm's changelog.
Commits
50bf708
v0.16.6e45d414
Process URL encoded password in connection string (#356)91c3640
Fixed various SQL generation issues816ff00
Added <model>.update_from_dict({...}) that will mass update values safely fro...8866768
Fixed bad SQL generation when doing a .values() query over a Foreign Key(#351)42adca3
Remove unnesecary SQL casts for string comparisons733eaf3
Updated deps & fixed new darglint messages945e24a
Partial model .only(...) support (#350)5d03e2f
v0.16.51ee6d73
fix join query with source_field param (#349)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bbedward/graham_discord_bot/network/alerts).