search

dongweiming / lyanna

My Blog Using Sanic
http://www.dongwm.com
GNU General Public License v3.0
637 stars 173 forks source link

Bump tortoise-orm from 0.15.4 to 0.15.23 #51

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps tortoise-orm from 0.15.4 to 0.15.23.

Release notes

Sourced from tortoise-orm's releases.

v0.15.23

This is a security fix release. We strongly recommend everyone upgrade.

  • Fixed SQL injection issue in MySQL
  • Fixed SQL injection issues in MySQL when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)
  • Fixed malformed SQL for PostgreSQL and SQLite when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)

v0.15.22

  • Fix the aggregates using the wrong side of the join when doing a self-referential aggregation.
  • Fix for generate_schemas param being ignored in tortoise.contrib.quart.register_tortoise

v0.15.21 (legacy)

  • Fixed invalid var IN () SQL generated using __in= and __not_in filters.
  • Fix bug with order_by on nested fields
  • Fix joining with self by reverse-foreign-key for filtering and annotation

v0.15.20 (legacy)

  • Default values() & values_list() now includes annotations.
  • Annotations over joins now work correctly with values() & values_list()
  • Ensure GROUP BY precedes HAVING to ensure that filtering by aggregates work correctly.
  • Cast BooleanField values correctly on SQLite & MySQL

v0.15.19

0.15 series is now pseudo LTS (until May), as it is the last version to support Python3.6.

  • Fix Function with source_field option. (#311)

v0.15.18

  • Install on Windows does not require a C compiler any more.
  • Fix IntegrityError with unique field and get_or_create

v0.15.17

  • Now get_or_none(...), classmethod of Model class, works in the same way as queryset (#299)

v0.15.16

  • get_or_none(...) now raises MultipleObjectsReturned if multiple object fetched. (#298)

v0.15.15

  • Add ability to suppply a to_field= parameter for FK/O2O to a non-PK but still uniquely indexed remote field. (#287)

v0.15.14

  • add F expression support in queryset.update() - This allows for atomic updates of data in the database. (#294)

v0.15.13

  • Applies default ordering on related queries
  • Fix post-ManyToMany related queries not being evaluated correctly
  • Ordering is now preserved on ManyToMany related fetches
  • Fix aggregate function on joined table to use correct primary key (#292)
  • Fix filtering by backwards FK to use correct primary key
... (truncated)
Changelog

Sourced from tortoise-orm's changelog.

0.15.23

  • Fixed SQL injection issue in MySQL
  • Fixed SQL injection issues in MySQL when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)
  • Fixed malformed SQL for PostgreSQL and SQLite when using contains, starts_with or ends_with filters (and their case-insensitive counterparts)

0.15.22

  • Fix the aggregates using the wrong side of the join when doing a self-referential aggregation.
  • Fix for generate_schemas param being ignored in tortoise.contrib.quart.register_tortoise

0.15.21

  • Fixed invalid var IN () SQL generated using __in= and __not_in filters.
  • Fix bug with order_by on nested fields
  • Fix joining with self by reverse-foreign-key for filtering and annotation

0.15.20

  • Default values() & values_list() now includes annotations.
  • Annotations over joins now work correctly with values() & values_list()
  • Ensure GROUP BY precedes HAVING to ensure that filtering by aggregates work correctly.
  • Cast BooleanField values correctly on SQLite & MySQL

0.15.19

  • Fix Function with source_field option. (#311)

0.15.18

  • Install on Windows does not require a C compiler any more.
  • Fix IntegrityError with unique field and get_or_create

0.15.17

  • Now get_or_none(...), classmethod of Model class, works in the same way as queryset

0.15.16

  • get_or_none(...) now raises MultipleObjectsReturned if multiple object fetched. (#298)

0.15.15

  • Add ability to suppply a to_field= parameter for FK/O2O to a non-PK but still uniquely indexed remote field. (#287)

0.15.14

  • add F expression support in queryset.update() - This allows for atomic updates of data in the database. (#294)

0.15.13

... (truncated)
Commits
  • d9b0c2d v0.15.23
  • 75e41ca Fixed various SQL generation issues
  • 115b7b7 v0.15.22
  • 1821abb Fix for generate_schemas param being ignored in tortoise.contrib.quart.regist...
  • 4963753 Fix the aggregates using the wrong side of the join when doing a self-referen...
  • 71a91e6 v0.15.21
  • f80afb9 Fix joining with self by reverse-foreign-key for filtering and annotation (#333)
  • 7a10e27 Nested order_by path + unittest (#330)
  • fc13a19 Correctness fix of previous hotfix
  • 8ad8e19 hotfix filter function with postgres
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dongweiming/lyanna/network/alerts).