Changelog
### 8.3.0
```
------------------
- Use snprintf instead of sprintf. CVE-2021-34552 5567
[radarhere]
- Limit TIFF strip size when saving with LibTIFF 5514
[kmilos]
- Allow ICNS save on all operating systems 4526
[baletu, radarhere, newpanjing, hugovk]
- De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables 4989
[gofr, radarhere]
- Replaced xml.etree.ElementTree 5565
[radarhere]
- Moved CVE image to pillow-depends 5561
[radarhere]
- Added tag data for IFD groups 5554
[radarhere]
- Improved ImagePalette 5552
[radarhere]
- Add DDS saving 5402
[radarhere]
- Improved getxmp() 5455
[radarhere]
- Convert to float for comparison with float in IFDRational __eq__ 5412
[radarhere]
- Allow getexif() to access TIFF tag_v2 data 5416
[radarhere]
- Read FITS image mode and size 5405
[radarhere]
- Merge parallel horizontal edges in ImagingDrawPolygon 5347
[radarhere, hrdrq]
- Use transparency behind first GIF frame and when disposing to background 5557
[radarhere, zewt]
- Avoid unstable nature of qsort in Quant.c 5367
[radarhere]
- Copy palette to new images in ImageOps expand 5551
[radarhere]
- Ensure palette string matches RGB mode 5549
[radarhere]
- Do not modify EXIF of original image instance in exif_transpose() 5547
[radarhere]
- Fixed default numresolution for small JPEG2000 images 5540
[radarhere]
- Added DDS BC5 reading 5501
[radarhere]
- Raise an error if ImageDraw.textbbox is used without a TrueType font 5510
[radarhere]
- Added ICO saving in BMP format 5513
[radarhere]
- Ensure PNG seeks to end of previous chunk at start of load_end 5493
[radarhere]
- Do not allow TIFF to seek to a past frame 5473
[radarhere]
- Avoid race condition when displaying images with eog 5507
[mconst]
- Added specific error messages when ink has incorrect number of bands 5504
[radarhere]
- Allow converting an image to a numpy array to raise errors 5379
[radarhere]
- Removed DPI rounding from BMP, JPEG, PNG and WMF loading 5476, 5470
[radarhere]
- Remove spikes when drawing thin pieslices 5460
[xtsm]
- Updated default value for SAMPLESPERPIXEL TIFF tag 5452
[radarhere]
- Removed TIFF DPI rounding 5446
[radarhere, hugovk]
- Include code in WebP error 5471
[radarhere]
- Do not alter pixels outside mask when drawing text on an image with transparency 5434
[radarhere]
- Reset handle when seeking backwards in TIFF 5443
[radarhere]
- Replace sys.stdout with sys.stdout.buffer when saving 5437
[radarhere]
- Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip 5426
[radarhere]
- Fixed bug when checking FreeType2 version if it is not installed 5445
[radarhere]
- Do not round dimensions when saving PDF 5459
[radarhere]
- Added ImageOps contain() 5417
[radarhere, hugovk]
- Changed WebP default "method" value to 4 5450
[radarhere]
- Switched to saving 1-bit PDFs with DCTDecode 5430
[radarhere]
- Use bpp from ICO header 5429
[radarhere]
- Corrected JPEG APP14 transform value 5408
[radarhere]
- Changed TIFF tag 33723 length to 1 5425
[radarhere]
- Changed ImageMorph incorrect mode errors to ValueError 5414
[radarhere]
- Add EXIF tags specified in EXIF 2.32 5419
[gladiusglad]
- Treat previous contents of first GIF frame as transparent 5391
[radarhere]
- For special image modes, revert default resize resampling to NEAREST 5411
[radarhere]
- JPEG2000: Support decoding subsampled RGB and YCbCr images 4996
[nulano, radarhere]
- Stop decoding BC1 punchthrough alpha in BC2&3 4144
[jansol]
- Use zero if GIF background color index is missing 5390
[radarhere]
- Fixed ensuring that GIF previous frame was loaded 5386
[radarhere]
- Valgrind fixes 5397
[wiredfool]
- Round down the radius in rounded_rectangle 5382
[radarhere]
- Fixed reading uncompressed RGB data from DDS 5383
[radarhere]
```
Links
- PyPI: https://pypi.org/project/pillow
- Changelog: https://pyup.io/changelogs/pillow/
- Homepage: https://python-pillow.org
Changelog
### 2.9.1
```
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Fix regression with named `sql.Placeholder` (:ticket:`1291`).
```
### 2.9
```
-------------------------
- ``with connection`` starts a transaction on autocommit transactions too
(:ticket:`941`).
- Timezones with fractional minutes are supported on Python 3.7 and following
(:ticket:`1272`).
- Escape table and column names in `~cursor.copy_from()` and
`~cursor.copy_to()`.
- Connection exceptions with sqlstate ``08XXX`` reclassified as
`~psycopg2.OperationalError` (a subclass of the previously used
`~psycopg2.DatabaseError`) (:ticket:`1148`).
- Include library dirs required from libpq to work around MacOS build problems
(:ticket:`1200`).
Other changes:
- Dropped support for Python 2.7, 3.4, 3.5 (:tickets:`1198, 1000, 1197`).
- Dropped support for mx.DateTime.
- Use `datetime.timezone` objects by default in datetime objects instead of
`~psycopg2.tz.FixedOffsetTimezone`.
- The `psycopg2.tz` module is deprecated and scheduled to be dropped in the
next major release.
- Provide :pep:`599` wheels packages (manylinux2014 tag) for i686 and x86_64
platforms.
- Provide :pep:`600` wheels packages (manylinux_2_24 tag) for aarch64 and
ppc64le platforms.
- Wheel package compiled against OpenSSL 1.1.1k and PostgreSQL 13.3.
- Build system for Linux/MacOS binary packages moved to GitHub Actions.
```
### 2.8.7
```
^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Accept empty params as `~psycopg2.connect()` (:ticket:`1250`).
- Fix attributes refcount in `Column` initialisation (:ticket:`1252`).
- Allow re-initialisation of static variables in the C module (:ticket:`1267`).
```
Links
- PyPI: https://pypi.org/project/psycopg2
- Changelog: https://pyup.io/changelogs/psycopg2/
- Homepage: https://psycopg.org/
Changelog
### 1.4.20
```
:released: June 28, 2021
.. change::
:tags: bug, regression, orm
:tickets: 6680
Fixed regression in ORM regarding an internal reconstitution step for the
:func:`_orm.with_polymorphic` construct, when the user-facing object is
garbage collected as the query is processed. The reconstitution was not
ensuring the sub-entities for the "polymorphic" case were handled, leading
to an ``AttributeError``.
.. change::
:tags: usecase, sql
:tickets: 6646
Add a impl parameter to :class:`_types.PickleType` constructor, allowing
any arbitary type to be used in place of the default implementation of
:class:`_types.LargeBinary`. Pull request courtesy jason3gb.
.. change::
:tags: bug, engine
:tickets: 5348
Fixed an issue in the C extension for the :class:`_result.Row` class which
could lead to a memory leak in the unlikely case of a :class:`_result.Row`
object which referred to an ORM object that then was mutated to refer back
to the ``Row`` itself, creating a cycle. The Python C APIs for tracking GC
cycles has been added to the native :class:`_result.Row` implementation to
accommodate for this case.
.. change::
:tags: bug, engine
:tickets: 6665
Fixed old issue where a :func:`_sql.select()` made against the token "*",
which then yielded exactly one column, would fail to correctly organize the
``cursor.description`` column name into the keys of the result object.
.. change::
:tags: usecase, mysql
:tickets: 6659
Made a small adjustment in the table reflection feature of the MySQL
dialect to accommodate for alternate MySQL-oriented databases such as TiDB
which include their own "comment" directives at the end of a constraint
directive within "CREATE TABLE" where the format doesn't have the
additional space character after the comment, in this case the TiDB
"clustered index" feature. Pull request courtesy Daniël van Eeden.
.. change::
:tags: bug, schema
:tickets: 6685
Fixed issue where passing ``None`` for the value of
:paramref:`_schema.Table.prefixes` would not store an empty list, but
rather the constant ``None``, which may be unexpected by third party
dialects. The issue is revealed by a usage in recent versions of Alembic
that are passing ``None`` for this value. Pull request courtesy Kai
Mueller.
.. change::
:tags: bug, regression, ext
:tickets: 6679
Fixed regression in :mod:`sqlalchemy.ext.automap` extension such that the
use case of creating an explicit mapped class to a table that is also the
:paramref:`_orm.relationship.secondary` element of a
:func:`_orm.relationship` that automap will be generating would emit the
"overlaps" warnings introduced in 1.4 and discussed at :ref:`error_qzyx`.
While generating this case from automap is still subject to the same
caveats that the "overlaps" warning refers towards, as automap is intended
for more ad-hoc use cases, the condition which produces the warning is
disabled when a many-to-many relationship with this particular pattern is
generated.
.. change::
:tags: bug, regression, orm
:tickets: 6678
Adjusted :meth:`_orm.Query.union` and similar set operations to be
correctly compatible with the new capabilities just added in
:ticket:`6661`, with SQLAlchemy 1.4.19, such that the SELECT statements
rendered as elements of the UNION or other set operation will include
directly mapped columns that are mapped as deferred; this both fixes a
regression involving unions with multiple levels of nesting that would
produce a column mismatch, and also allows the :func:`_orm.undefer` option
to be used at the top level of such a :class:`_orm.Query` without having to
apply the option to each of the elements within the UNION.
.. change::
:tags: bug, sql, orm
:tickets: 6668
Fixed the class hierarchy for the :class:`_schema.Sequence` and the more
general :class:`_schema.DefaultGenerator` base, as these are "executable"
as statements they need to include :class:`_sql.Executable` in their
hierarchy, not just :class:`_roles.StatementRole` as was applied
arbitrarily to :class:`_schema.Sequence` previously. The fix allows
:class:`_schema.Sequence` to work in all ``.execute()`` methods including
with :meth:`_orm.Session.execute` which was not working in the case that a
:meth:`_orm.SessionEvents.do_orm_execute` handler was also established.
.. change::
:tags: bug, orm
:tickets: 6538
Adjusted the check in the mapper for a callable object that is used as a
``validates`` validator function or a ``reconstructor`` reconstruction
function, to check for "callable" more liberally such as to accommodate
objects based on fundamental attributes like ``__func__`` and
``__call___``, rather than testing for ``MethodType`` / ``FunctionType``,
allowing things like cython functions to work properly. Pull request
courtesy Miłosz Stypiński.
.. changelog::
```
### 1.4.19
```
:released: June 22, 2021
.. change::
:tags: bug, mssql
:tickets: 6658
Fixed bug where the "schema_translate_map" feature would fail to function
correctly in conjunction with an INSERT into a table that has an IDENTITY
column, where the value of the IDENTITY column were specified in the values
of the INSERT thus triggering SQLAlchemy's feature of setting IDENTITY
INSERT to "on"; it's in this directive where the schema translate map would
fail to be honored.
.. change::
:tags: bug, sql
:tickets: 6663
Fixed issue in CTE constructs mostly relevant to ORM use cases where a
recursive CTE against "anonymous" labels such as those seen in ORM
``column_property()`` mappings would render in the
``WITH RECURSIVE xyz(...)`` section as their raw internal label and not a
cleanly anonymized name.
.. change::
:tags: mssql, change
:tickets: 6503, 6253
Made improvements to the server version regexp used by the pymssql dialect
to prevent a regexp overflow in case of an invalid version string.
.. change::
:tags: bug, orm, regression
:tickets: 6503, 6253
Fixed further regressions in the same area as that of :ticket:`6052` where
loader options as well as invocations of methods like
:meth:`_orm.Query.join` would fail if the left side of the statement for
which the option/join depends upon were replaced by using the
:meth:`_orm.Query.with_entities` method, or when using 2.0 style queries
when using the :meth:`_sql.Select.with_only_columns` method. A new set of
state has been added to the objects which tracks the "left" entities that
the options / join were made against which is memoized when the lead
entities are changed.
.. change::
:tags: bug, asyncio, postgresql
:tickets: 6652
Fixed bug in asyncio implementation where the greenlet adaptation system
failed to propagate ``BaseException`` subclasses, most notably including
``asyncio.CancelledError``, to the exception handling logic used by the
engine to invalidate and clean up the connection, thus preventing
connections from being correctly disposed when a task was cancelled.
.. change::
:tags: usecase, asyncio
:tickets: 6583
Implemented :class:`_asyncio.async_scoped_session` to address some
asyncio-related incompatibilities between :class:`_orm.scoped_session` and
:class:`_asyncio.AsyncSession`, in which some methods (notably the
:meth:`_asyncio.async_scoped_session.remove` method) should be used with
the ``await`` keyword.
.. seealso::
:ref:`asyncio_scoped_session`
.. change::
:tags: usecase, mysql
:tickets: 6132
Added new construct :class:`_mysql.match`, which provides for the full
range of MySQL's MATCH operator including multiple column support and
modifiers. Pull request courtesy Anton Kovalevich.
.. seealso::
:class:`_mysql.match`
.. change::
:tags: bug, postgresql, oracle
:tickets: 6649
Fixed issue where the ``INTERVAL`` datatype on PostgreSQL and Oracle would
produce an ``AttributeError`` when used in the context of a comparison
operation against a ``timedelta()`` object. Pull request courtesy
MajorDallas.
.. change::
:tags: bug, mypy
:tickets: 6476
Fixed issue in mypy plugin where class info for a custom declarative base
would not be handled correctly on a cached mypy pass, leading to an
AssertionError being raised.
.. change::
:tags: bug, orm
:tickets: 6661
Refined the behavior of ORM subquery rendering with regards to deferred
columns and column properties to be more compatible with that of 1.3 while
also providing for 1.4's newer features. As a subquery in 1.4 does not make
use of loader options, including :func:`_orm.undefer`, a subquery that is
against an ORM entity with deferred attributes will now render those
deferred attributes that refer directly to mapped table columns, as these
are needed in the outer SELECT if that outer SELECT makes use of these
columns; however a deferred attribute that refers to a composed SQL
expression as we normally do with :func:`_orm.column_property` will not be
part of the subquery, as these can be selected explicitly if needed in the
subquery. If the entity is being SELECTed from this subquery, the column
expression can still render on "the outside" in terms of the derived
subquery columns. This produces essentially the same behavior as when
working with 1.3. However in this case the fix has to also make sure that
the ``.selected_columns`` collection of an ORM-enabled :func:`_sql.select`
also follows these rules, which in particular allows recursive CTEs to
render correctly in this scenario, which were previously failing to render
correctly due to this issue.
.. change::
:tags: bug, postgresql
:tickets: 6621
Fixed issue where the pool "pre ping" feature would implicitly start a
transaction, which would then interfere with custom transactional flags
such as PostgreSQL's "read only" mode when used with the psycopg2 driver.
.. changelog::
```
### 1.4.18
```
:released: June 10, 2021
.. change::
:tags: bug, orm
:tickets: 6072, 6487
Clarified the current purpose of the
:paramref:`_orm.relationship.bake_queries` flag, which in 1.4 is to enable
or disable "lambda caching" of statements within the "lazyload" and
"selectinload" loader strategies; this is separate from the more
foundational SQL query cache that is used for most statements.
Additionally, the lazy loader no longer uses its own cache for many-to-one
SQL queries, which was an implementation quirk that doesn't exist for any
other loader scenario. Finally, the "lru cache" warning that the lazyloader
and selectinloader strategies could emit when handling a wide array of
class/relationship combinations has been removed; based on analysis of some
end-user cases, this warning doesn't suggest any significant issue. While
setting ``bake_queries=False`` for such a relationship will remove this
cache from being used, there's no particular performance gain in this case
as using no caching vs. using a cache that needs to refresh often likely
still wins out on the caching being used side.
.. change::
:tags: bug, asyncio
:tickets: 6575
Fixed an issue that presented itself when using the :class:`_pool.NullPool`
or the :class:`_pool.StaticPool` with an async engine. This mostly affected
the aiosqlite dialect.
.. change::
:tags: bug, sqlite, regression
:tickets: 6586
The fix for pysqlcipher released in version 1.4.3 :ticket:`5848` was
unfortunately non-working, in that the new ``on_connect_url`` hook was
erroneously not receiving a ``URL`` object under normal usage of
:func:`_sa.create_engine` and instead received a string that was unhandled;
the test suite failed to fully set up the actual conditions under which
this hook is called. This has been fixed.
.. change::
:tags: bug, postgresql, regression
:tickets: 6581
Fixed regression where using the PostgreSQL "INSERT..ON CONFLICT" structure
would fail to work with the psycopg2 driver if it were used in an
"executemany" context along with bound parameters in the "SET" clause, due
to the implicit use of the psycopg2 fast execution helpers which are not
appropriate for this style of INSERT statement; as these helpers are the
default in 1.4 this is effectively a regression. Additional checks to
exclude this kind of statement from that particular extension have been
added.
.. change::
:tags: bug, orm, regression
:tickets: 6285
Adjusted the means by which classes such as :class:`_orm.scoped_session`
and :class:`_asyncio.AsyncSession` are generated from the base
:class:`_orm.Session` class, such that custom :class:`_orm.Session`
subclasses such as that used by Flask-SQLAlchemy don't need to implement
positional arguments when they call into the superclass method, and can
continue using the same argument styles as in previous releases.
.. change::
:tags: bug, orm, regression
:tickets: 6595
Fixed issue where query production for joinedload against a complex left
hand side involving joined-table inheritance could fail to produce a
correct query, due to a clause adaption issue.
.. change::
:tags: bug, orm, regression, performance
:tickets: 6596
Fixed regression involving how the ORM would resolve a given mapped column
to a result row, where under cases such as joined eager loading, a slightly
more expensive "fallback" could take place to set up this resolution due to
some logic that was removed since 1.3. The issue could also cause
deprecation warnings involving column resolution to be emitted when using a
1.4 style query with joined eager loading.
.. change::
:tags: bug, orm
:tickets: 6591
Fixed issue in experimental "select ORM objects from INSERT/UPDATE" use
case where an error was raised if the statement were against a
single-table-inheritance subclass.
.. change::
:tags: bug, asyncio
:tickets: 6592
Added ``asyncio.exceptions.TimeoutError``,
``asyncio.exceptions.CancelledError`` as so-called "exit exceptions", a
class of exceptions that include things like ``GreenletExit`` and
``KeyboardInterrupt``, which are considered to be events that warrant
considering a DBAPI connection to be in an unusable state where it should
be recycled.
.. change::
:tags: bug, orm
:tickets: 6400
The warning that's emitted for :func:`_orm.relationship` when multiple
relationships would overlap with each other as far as foreign key
attributes written towards, now includes the specific "overlaps" argument
to use for each warning in order to silence the warning without changing
the mapping.
.. change::
:tags: usecase, asyncio
:tickets: 6319
Implemented a new registry architecture that allows the ``Async`` version
of an object, like ``AsyncSession``, ``AsyncConnection``, etc., to be
locatable given the proxied "sync" object, i.e. ``Session``,
``Connection``. Previously, to the degree such lookup functions were used,
an ``Async`` object would be re-created each time, which was less than
ideal as the identity and state of the "async" object would not be
preserved across calls.
From there, new helper functions :func:`_asyncio.async_object_session`,
:func:`_asyncio.async_session` as well as a new :class:`_orm.InstanceState`
attribute :attr:`_orm.InstanceState.async_session` have been added, which
are used to retrieve the original :class:`_asyncio.AsyncSession` associated
with an ORM mapped object, a :class:`_orm.Session` associated with an
:class:`_asyncio.AsyncSession`, and an :class:`_asyncio.AsyncSession`
associated with an :class:`_orm.InstanceState`, respectively.
This patch also implements new methods
:meth:`_asyncio.AsyncSession.in_nested_transaction`,
:meth:`_asyncio.AsyncSession.get_transaction`,
:meth:`_asyncio.AsyncSession.get_nested_transaction`.
.. changelog::
```
Links
- PyPI: https://pypi.org/project/sqlalchemy
- Changelog: https://pyup.io/changelogs/sqlalchemy/
- Homepage: http://www.sqlalchemy.org
Changelog
### 2.12.1
```
-------------------
* Changed the `toml` requirement to be always be directly required (instead of being required through a coverage extra).
This fixes issues with pip-compile (`pip-tools1300 <https://github.com/jazzband/pip-tools/issues/1300>`_).
Contributed by Sorin Sbarnea in `472 <https://github.com/pytest-dev/pytest-cov/pull/472>`_.
* Documented ``show_contexts``.
Contributed by Brian Rutledge in `473 <https://github.com/pytest-dev/pytest-cov/pull/473>`_.
```
Links
- PyPI: https://pypi.org/project/pytest-cov
- Changelog: https://pyup.io/changelogs/pytest-cov/
- Repo: https://github.com/pytest-dev/pytest-cov
Update dnspython from 1.16.0 to 2.1.0.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/dnspython - Homepage: http://www.dnspython.orgUpdate Pillow from 8.2.0 to 8.3.0.
Changelog
### 8.3.0 ``` ------------------ - Use snprintf instead of sprintf. CVE-2021-34552 5567 [radarhere] - Limit TIFF strip size when saving with LibTIFF 5514 [kmilos] - Allow ICNS save on all operating systems 4526 [baletu, radarhere, newpanjing, hugovk] - De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables 4989 [gofr, radarhere] - Replaced xml.etree.ElementTree 5565 [radarhere] - Moved CVE image to pillow-depends 5561 [radarhere] - Added tag data for IFD groups 5554 [radarhere] - Improved ImagePalette 5552 [radarhere] - Add DDS saving 5402 [radarhere] - Improved getxmp() 5455 [radarhere] - Convert to float for comparison with float in IFDRational __eq__ 5412 [radarhere] - Allow getexif() to access TIFF tag_v2 data 5416 [radarhere] - Read FITS image mode and size 5405 [radarhere] - Merge parallel horizontal edges in ImagingDrawPolygon 5347 [radarhere, hrdrq] - Use transparency behind first GIF frame and when disposing to background 5557 [radarhere, zewt] - Avoid unstable nature of qsort in Quant.c 5367 [radarhere] - Copy palette to new images in ImageOps expand 5551 [radarhere] - Ensure palette string matches RGB mode 5549 [radarhere] - Do not modify EXIF of original image instance in exif_transpose() 5547 [radarhere] - Fixed default numresolution for small JPEG2000 images 5540 [radarhere] - Added DDS BC5 reading 5501 [radarhere] - Raise an error if ImageDraw.textbbox is used without a TrueType font 5510 [radarhere] - Added ICO saving in BMP format 5513 [radarhere] - Ensure PNG seeks to end of previous chunk at start of load_end 5493 [radarhere] - Do not allow TIFF to seek to a past frame 5473 [radarhere] - Avoid race condition when displaying images with eog 5507 [mconst] - Added specific error messages when ink has incorrect number of bands 5504 [radarhere] - Allow converting an image to a numpy array to raise errors 5379 [radarhere] - Removed DPI rounding from BMP, JPEG, PNG and WMF loading 5476, 5470 [radarhere] - Remove spikes when drawing thin pieslices 5460 [xtsm] - Updated default value for SAMPLESPERPIXEL TIFF tag 5452 [radarhere] - Removed TIFF DPI rounding 5446 [radarhere, hugovk] - Include code in WebP error 5471 [radarhere] - Do not alter pixels outside mask when drawing text on an image with transparency 5434 [radarhere] - Reset handle when seeking backwards in TIFF 5443 [radarhere] - Replace sys.stdout with sys.stdout.buffer when saving 5437 [radarhere] - Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip 5426 [radarhere] - Fixed bug when checking FreeType2 version if it is not installed 5445 [radarhere] - Do not round dimensions when saving PDF 5459 [radarhere] - Added ImageOps contain() 5417 [radarhere, hugovk] - Changed WebP default "method" value to 4 5450 [radarhere] - Switched to saving 1-bit PDFs with DCTDecode 5430 [radarhere] - Use bpp from ICO header 5429 [radarhere] - Corrected JPEG APP14 transform value 5408 [radarhere] - Changed TIFF tag 33723 length to 1 5425 [radarhere] - Changed ImageMorph incorrect mode errors to ValueError 5414 [radarhere] - Add EXIF tags specified in EXIF 2.32 5419 [gladiusglad] - Treat previous contents of first GIF frame as transparent 5391 [radarhere] - For special image modes, revert default resize resampling to NEAREST 5411 [radarhere] - JPEG2000: Support decoding subsampled RGB and YCbCr images 4996 [nulano, radarhere] - Stop decoding BC1 punchthrough alpha in BC2&3 4144 [jansol] - Use zero if GIF background color index is missing 5390 [radarhere] - Fixed ensuring that GIF previous frame was loaded 5386 [radarhere] - Valgrind fixes 5397 [wiredfool] - Round down the radius in rounded_rectangle 5382 [radarhere] - Fixed reading uncompressed RGB data from DDS 5383 [radarhere] ```Links
- PyPI: https://pypi.org/project/pillow - Changelog: https://pyup.io/changelogs/pillow/ - Homepage: https://python-pillow.orgUpdate psycopg2 from 2.8.6 to 2.9.1.
Changelog
### 2.9.1 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Fix regression with named `sql.Placeholder` (:ticket:`1291`). ``` ### 2.9 ``` ------------------------- - ``with connection`` starts a transaction on autocommit transactions too (:ticket:`941`). - Timezones with fractional minutes are supported on Python 3.7 and following (:ticket:`1272`). - Escape table and column names in `~cursor.copy_from()` and `~cursor.copy_to()`. - Connection exceptions with sqlstate ``08XXX`` reclassified as `~psycopg2.OperationalError` (a subclass of the previously used `~psycopg2.DatabaseError`) (:ticket:`1148`). - Include library dirs required from libpq to work around MacOS build problems (:ticket:`1200`). Other changes: - Dropped support for Python 2.7, 3.4, 3.5 (:tickets:`1198, 1000, 1197`). - Dropped support for mx.DateTime. - Use `datetime.timezone` objects by default in datetime objects instead of `~psycopg2.tz.FixedOffsetTimezone`. - The `psycopg2.tz` module is deprecated and scheduled to be dropped in the next major release. - Provide :pep:`599` wheels packages (manylinux2014 tag) for i686 and x86_64 platforms. - Provide :pep:`600` wheels packages (manylinux_2_24 tag) for aarch64 and ppc64le platforms. - Wheel package compiled against OpenSSL 1.1.1k and PostgreSQL 13.3. - Build system for Linux/MacOS binary packages moved to GitHub Actions. ``` ### 2.8.7 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Accept empty params as `~psycopg2.connect()` (:ticket:`1250`). - Fix attributes refcount in `Column` initialisation (:ticket:`1252`). - Allow re-initialisation of static variables in the C module (:ticket:`1267`). ```Links
- PyPI: https://pypi.org/project/psycopg2 - Changelog: https://pyup.io/changelogs/psycopg2/ - Homepage: https://psycopg.org/Update SQLAlchemy from 1.4.17 to 1.4.20.
Changelog
### 1.4.20 ``` :released: June 28, 2021 .. change:: :tags: bug, regression, orm :tickets: 6680 Fixed regression in ORM regarding an internal reconstitution step for the :func:`_orm.with_polymorphic` construct, when the user-facing object is garbage collected as the query is processed. The reconstitution was not ensuring the sub-entities for the "polymorphic" case were handled, leading to an ``AttributeError``. .. change:: :tags: usecase, sql :tickets: 6646 Add a impl parameter to :class:`_types.PickleType` constructor, allowing any arbitary type to be used in place of the default implementation of :class:`_types.LargeBinary`. Pull request courtesy jason3gb. .. change:: :tags: bug, engine :tickets: 5348 Fixed an issue in the C extension for the :class:`_result.Row` class which could lead to a memory leak in the unlikely case of a :class:`_result.Row` object which referred to an ORM object that then was mutated to refer back to the ``Row`` itself, creating a cycle. The Python C APIs for tracking GC cycles has been added to the native :class:`_result.Row` implementation to accommodate for this case. .. change:: :tags: bug, engine :tickets: 6665 Fixed old issue where a :func:`_sql.select()` made against the token "*", which then yielded exactly one column, would fail to correctly organize the ``cursor.description`` column name into the keys of the result object. .. change:: :tags: usecase, mysql :tickets: 6659 Made a small adjustment in the table reflection feature of the MySQL dialect to accommodate for alternate MySQL-oriented databases such as TiDB which include their own "comment" directives at the end of a constraint directive within "CREATE TABLE" where the format doesn't have the additional space character after the comment, in this case the TiDB "clustered index" feature. Pull request courtesy Daniël van Eeden. .. change:: :tags: bug, schema :tickets: 6685 Fixed issue where passing ``None`` for the value of :paramref:`_schema.Table.prefixes` would not store an empty list, but rather the constant ``None``, which may be unexpected by third party dialects. The issue is revealed by a usage in recent versions of Alembic that are passing ``None`` for this value. Pull request courtesy Kai Mueller. .. change:: :tags: bug, regression, ext :tickets: 6679 Fixed regression in :mod:`sqlalchemy.ext.automap` extension such that the use case of creating an explicit mapped class to a table that is also the :paramref:`_orm.relationship.secondary` element of a :func:`_orm.relationship` that automap will be generating would emit the "overlaps" warnings introduced in 1.4 and discussed at :ref:`error_qzyx`. While generating this case from automap is still subject to the same caveats that the "overlaps" warning refers towards, as automap is intended for more ad-hoc use cases, the condition which produces the warning is disabled when a many-to-many relationship with this particular pattern is generated. .. change:: :tags: bug, regression, orm :tickets: 6678 Adjusted :meth:`_orm.Query.union` and similar set operations to be correctly compatible with the new capabilities just added in :ticket:`6661`, with SQLAlchemy 1.4.19, such that the SELECT statements rendered as elements of the UNION or other set operation will include directly mapped columns that are mapped as deferred; this both fixes a regression involving unions with multiple levels of nesting that would produce a column mismatch, and also allows the :func:`_orm.undefer` option to be used at the top level of such a :class:`_orm.Query` without having to apply the option to each of the elements within the UNION. .. change:: :tags: bug, sql, orm :tickets: 6668 Fixed the class hierarchy for the :class:`_schema.Sequence` and the more general :class:`_schema.DefaultGenerator` base, as these are "executable" as statements they need to include :class:`_sql.Executable` in their hierarchy, not just :class:`_roles.StatementRole` as was applied arbitrarily to :class:`_schema.Sequence` previously. The fix allows :class:`_schema.Sequence` to work in all ``.execute()`` methods including with :meth:`_orm.Session.execute` which was not working in the case that a :meth:`_orm.SessionEvents.do_orm_execute` handler was also established. .. change:: :tags: bug, orm :tickets: 6538 Adjusted the check in the mapper for a callable object that is used as a ``validates`` validator function or a ``reconstructor`` reconstruction function, to check for "callable" more liberally such as to accommodate objects based on fundamental attributes like ``__func__`` and ``__call___``, rather than testing for ``MethodType`` / ``FunctionType``, allowing things like cython functions to work properly. Pull request courtesy Miłosz Stypiński. .. changelog:: ``` ### 1.4.19 ``` :released: June 22, 2021 .. change:: :tags: bug, mssql :tickets: 6658 Fixed bug where the "schema_translate_map" feature would fail to function correctly in conjunction with an INSERT into a table that has an IDENTITY column, where the value of the IDENTITY column were specified in the values of the INSERT thus triggering SQLAlchemy's feature of setting IDENTITY INSERT to "on"; it's in this directive where the schema translate map would fail to be honored. .. change:: :tags: bug, sql :tickets: 6663 Fixed issue in CTE constructs mostly relevant to ORM use cases where a recursive CTE against "anonymous" labels such as those seen in ORM ``column_property()`` mappings would render in the ``WITH RECURSIVE xyz(...)`` section as their raw internal label and not a cleanly anonymized name. .. change:: :tags: mssql, change :tickets: 6503, 6253 Made improvements to the server version regexp used by the pymssql dialect to prevent a regexp overflow in case of an invalid version string. .. change:: :tags: bug, orm, regression :tickets: 6503, 6253 Fixed further regressions in the same area as that of :ticket:`6052` where loader options as well as invocations of methods like :meth:`_orm.Query.join` would fail if the left side of the statement for which the option/join depends upon were replaced by using the :meth:`_orm.Query.with_entities` method, or when using 2.0 style queries when using the :meth:`_sql.Select.with_only_columns` method. A new set of state has been added to the objects which tracks the "left" entities that the options / join were made against which is memoized when the lead entities are changed. .. change:: :tags: bug, asyncio, postgresql :tickets: 6652 Fixed bug in asyncio implementation where the greenlet adaptation system failed to propagate ``BaseException`` subclasses, most notably including ``asyncio.CancelledError``, to the exception handling logic used by the engine to invalidate and clean up the connection, thus preventing connections from being correctly disposed when a task was cancelled. .. change:: :tags: usecase, asyncio :tickets: 6583 Implemented :class:`_asyncio.async_scoped_session` to address some asyncio-related incompatibilities between :class:`_orm.scoped_session` and :class:`_asyncio.AsyncSession`, in which some methods (notably the :meth:`_asyncio.async_scoped_session.remove` method) should be used with the ``await`` keyword. .. seealso:: :ref:`asyncio_scoped_session` .. change:: :tags: usecase, mysql :tickets: 6132 Added new construct :class:`_mysql.match`, which provides for the full range of MySQL's MATCH operator including multiple column support and modifiers. Pull request courtesy Anton Kovalevich. .. seealso:: :class:`_mysql.match` .. change:: :tags: bug, postgresql, oracle :tickets: 6649 Fixed issue where the ``INTERVAL`` datatype on PostgreSQL and Oracle would produce an ``AttributeError`` when used in the context of a comparison operation against a ``timedelta()`` object. Pull request courtesy MajorDallas. .. change:: :tags: bug, mypy :tickets: 6476 Fixed issue in mypy plugin where class info for a custom declarative base would not be handled correctly on a cached mypy pass, leading to an AssertionError being raised. .. change:: :tags: bug, orm :tickets: 6661 Refined the behavior of ORM subquery rendering with regards to deferred columns and column properties to be more compatible with that of 1.3 while also providing for 1.4's newer features. As a subquery in 1.4 does not make use of loader options, including :func:`_orm.undefer`, a subquery that is against an ORM entity with deferred attributes will now render those deferred attributes that refer directly to mapped table columns, as these are needed in the outer SELECT if that outer SELECT makes use of these columns; however a deferred attribute that refers to a composed SQL expression as we normally do with :func:`_orm.column_property` will not be part of the subquery, as these can be selected explicitly if needed in the subquery. If the entity is being SELECTed from this subquery, the column expression can still render on "the outside" in terms of the derived subquery columns. This produces essentially the same behavior as when working with 1.3. However in this case the fix has to also make sure that the ``.selected_columns`` collection of an ORM-enabled :func:`_sql.select` also follows these rules, which in particular allows recursive CTEs to render correctly in this scenario, which were previously failing to render correctly due to this issue. .. change:: :tags: bug, postgresql :tickets: 6621 Fixed issue where the pool "pre ping" feature would implicitly start a transaction, which would then interfere with custom transactional flags such as PostgreSQL's "read only" mode when used with the psycopg2 driver. .. changelog:: ``` ### 1.4.18 ``` :released: June 10, 2021 .. change:: :tags: bug, orm :tickets: 6072, 6487 Clarified the current purpose of the :paramref:`_orm.relationship.bake_queries` flag, which in 1.4 is to enable or disable "lambda caching" of statements within the "lazyload" and "selectinload" loader strategies; this is separate from the more foundational SQL query cache that is used for most statements. Additionally, the lazy loader no longer uses its own cache for many-to-one SQL queries, which was an implementation quirk that doesn't exist for any other loader scenario. Finally, the "lru cache" warning that the lazyloader and selectinloader strategies could emit when handling a wide array of class/relationship combinations has been removed; based on analysis of some end-user cases, this warning doesn't suggest any significant issue. While setting ``bake_queries=False`` for such a relationship will remove this cache from being used, there's no particular performance gain in this case as using no caching vs. using a cache that needs to refresh often likely still wins out on the caching being used side. .. change:: :tags: bug, asyncio :tickets: 6575 Fixed an issue that presented itself when using the :class:`_pool.NullPool` or the :class:`_pool.StaticPool` with an async engine. This mostly affected the aiosqlite dialect. .. change:: :tags: bug, sqlite, regression :tickets: 6586 The fix for pysqlcipher released in version 1.4.3 :ticket:`5848` was unfortunately non-working, in that the new ``on_connect_url`` hook was erroneously not receiving a ``URL`` object under normal usage of :func:`_sa.create_engine` and instead received a string that was unhandled; the test suite failed to fully set up the actual conditions under which this hook is called. This has been fixed. .. change:: :tags: bug, postgresql, regression :tickets: 6581 Fixed regression where using the PostgreSQL "INSERT..ON CONFLICT" structure would fail to work with the psycopg2 driver if it were used in an "executemany" context along with bound parameters in the "SET" clause, due to the implicit use of the psycopg2 fast execution helpers which are not appropriate for this style of INSERT statement; as these helpers are the default in 1.4 this is effectively a regression. Additional checks to exclude this kind of statement from that particular extension have been added. .. change:: :tags: bug, orm, regression :tickets: 6285 Adjusted the means by which classes such as :class:`_orm.scoped_session` and :class:`_asyncio.AsyncSession` are generated from the base :class:`_orm.Session` class, such that custom :class:`_orm.Session` subclasses such as that used by Flask-SQLAlchemy don't need to implement positional arguments when they call into the superclass method, and can continue using the same argument styles as in previous releases. .. change:: :tags: bug, orm, regression :tickets: 6595 Fixed issue where query production for joinedload against a complex left hand side involving joined-table inheritance could fail to produce a correct query, due to a clause adaption issue. .. change:: :tags: bug, orm, regression, performance :tickets: 6596 Fixed regression involving how the ORM would resolve a given mapped column to a result row, where under cases such as joined eager loading, a slightly more expensive "fallback" could take place to set up this resolution due to some logic that was removed since 1.3. The issue could also cause deprecation warnings involving column resolution to be emitted when using a 1.4 style query with joined eager loading. .. change:: :tags: bug, orm :tickets: 6591 Fixed issue in experimental "select ORM objects from INSERT/UPDATE" use case where an error was raised if the statement were against a single-table-inheritance subclass. .. change:: :tags: bug, asyncio :tickets: 6592 Added ``asyncio.exceptions.TimeoutError``, ``asyncio.exceptions.CancelledError`` as so-called "exit exceptions", a class of exceptions that include things like ``GreenletExit`` and ``KeyboardInterrupt``, which are considered to be events that warrant considering a DBAPI connection to be in an unusable state where it should be recycled. .. change:: :tags: bug, orm :tickets: 6400 The warning that's emitted for :func:`_orm.relationship` when multiple relationships would overlap with each other as far as foreign key attributes written towards, now includes the specific "overlaps" argument to use for each warning in order to silence the warning without changing the mapping. .. change:: :tags: usecase, asyncio :tickets: 6319 Implemented a new registry architecture that allows the ``Async`` version of an object, like ``AsyncSession``, ``AsyncConnection``, etc., to be locatable given the proxied "sync" object, i.e. ``Session``, ``Connection``. Previously, to the degree such lookup functions were used, an ``Async`` object would be re-created each time, which was less than ideal as the identity and state of the "async" object would not be preserved across calls. From there, new helper functions :func:`_asyncio.async_object_session`, :func:`_asyncio.async_session` as well as a new :class:`_orm.InstanceState` attribute :attr:`_orm.InstanceState.async_session` have been added, which are used to retrieve the original :class:`_asyncio.AsyncSession` associated with an ORM mapped object, a :class:`_orm.Session` associated with an :class:`_asyncio.AsyncSession`, and an :class:`_asyncio.AsyncSession` associated with an :class:`_orm.InstanceState`, respectively. This patch also implements new methods :meth:`_asyncio.AsyncSession.in_nested_transaction`, :meth:`_asyncio.AsyncSession.get_transaction`, :meth:`_asyncio.AsyncSession.get_nested_transaction`. .. changelog:: ```Links
- PyPI: https://pypi.org/project/sqlalchemy - Changelog: https://pyup.io/changelogs/sqlalchemy/ - Homepage: http://www.sqlalchemy.orgUpdate SQLAlchemy-Utils from 0.37.6 to 0.37.8.
Changelog
### 0.37.8 ``` ^^^^^^^^^^^^^^^^^^^ - Added 'zoneinfo' backend to TimezoneType (510, pull request courtesy of huonw) ``` ### 0.37.7 ``` ^^^^^^^^^^^^^^^^^^^ - Added identifier quoting for view functions and constructs - Added literal processor for UUIDType ```Links
- PyPI: https://pypi.org/project/sqlalchemy-utils - Changelog: https://pyup.io/changelogs/sqlalchemy-utils/ - Repo: https://github.com/kvesteri/sqlalchemy-utilsUpdate pytest-cov from 2.12.0 to 2.12.1.
Changelog
### 2.12.1 ``` ------------------- * Changed the `toml` requirement to be always be directly required (instead of being required through a coverage extra). This fixes issues with pip-compile (`pip-tools1300 <https://github.com/jazzband/pip-tools/issues/1300>`_). Contributed by Sorin Sbarnea in `472 <https://github.com/pytest-dev/pytest-cov/pull/472>`_. * Documented ``show_contexts``. Contributed by Brian Rutledge in `473 <https://github.com/pytest-dev/pytest-cov/pull/473>`_. ```Links
- PyPI: https://pypi.org/project/pytest-cov - Changelog: https://pyup.io/changelogs/pytest-cov/ - Repo: https://github.com/pytest-dev/pytest-cov