search

hasgeek / hasjob

Hasjob, the Hasgeek job board
https://hasjob.co
GNU Affero General Public License v3.0
235 stars 80 forks source link

Scheduled monthly dependency update for September #629

Closed pyup-bot closed 2 years ago

pyup-bot commented 2 years ago

Update bleach from 3.3.0 to 4.1.0.

Changelog ### 4.1.0 ``` --------------------------------- **Features** * Python 3.9 support **Bug fixes** * Update sanitizer clean to use vendored 3.6.14 stdlib urllib.parse to fix test failures on Python 3.9 536 ``` ### 4.0.0 ``` -------------------------------- **Backwards incompatible changes** * Drop support for unsupported Python versions <3.6 520 **Security fixes** None **Features** * fix attribute name in the linkify docs (thanks CheesyFeet!) ``` ### 3.3.1 ``` ------------------------------- **Security fixes** None **Features** * add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq * bump python version to 3.8 for tox doc, vendorverify, and lint targets * update bug report template tag * update vendorverify script to detect and fail when extra files are vendored * update release process docs to check vendorverify passes locally **Bug fixes** * remove extra vendored django present in the v3.3.0 whl 595 * duplicate h1 header doc fix (thanks Nguyễn Gia Phong / McSinyx!) ```
Links - PyPI: https://pypi.org/project/bleach - Changelog: https://pyup.io/changelogs/bleach/ - Repo: https://github.com/mozilla/bleach - Docs: https://pythonhosted.org/bleach/

Update Flask-Migrate from 3.0.1 to 3.1.0.

Changelog ### 3.1.0 ``` - Added list-templates command and support for custom templates ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/0f9094a750205c1db1fe178d0d037e529de403ae)) - Alembic templates for [aioflask](https://github.com/miguelgrinberg/aioflask) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/fbaaa3787d0e03f5aafaea6fd7c2956362a57c52)) - Improved project structure ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/074cbc9cae4b6ebb7d013adcec42e070be1ae6b3)) ```
Links - PyPI: https://pypi.org/project/flask-migrate - Changelog: https://pyup.io/changelogs/flask-migrate/ - Repo: https://github.com/miguelgrinberg/flask-migrate - Docs: https://pythonhosted.org/Flask-Migrate/

Update Pillow from 8.3.0 to 8.3.1.

Changelog ### 8.3.1 ``` ------------------ - Catch OSError when checking if fp is sys.stdout 5585 [radarhere] - Handle removing orientation from alternate types of EXIF data 5584 [radarhere] - Make Image.__array__ take optional dtype argument 5572 [t-vi, radarhere] ```
Links - PyPI: https://pypi.org/project/pillow - Changelog: https://pyup.io/changelogs/pillow/ - Homepage: https://python-pillow.org

Update premailer from 3.9.0 to 3.10.0.

Changelog ### 3.10.0 ``` ------ * New option ``session=None`` to provide the session used for making http requests. * Bug fix: inlined styles are no longer sorted alphabetically. This preserves the input rule order so that premailer does not break style precedence where order is significant, e.g. .. code-block:: css div { /* Padding on all sides is 10px. */ padding-left: 5px; padding: 10px; } div { /* Padding on the left side is 5px, on other sides is 10px. */ padding: 10px; padding-left: 5px; } Prior to this fix premailer would swap the rules in the first example to look like the second. ```
Links - PyPI: https://pypi.org/project/premailer - Changelog: https://pyup.io/changelogs/premailer/ - Repo: http://github.com/peterbe/premailer

Update SQLAlchemy from 1.4.20 to 1.4.23.

Changelog ### 1.4.23 ``` :released: August 18, 2021 .. change:: :tags: bug, sql :tickets: 6752 Fix issue in :class:`_sql.CTE` where new :meth:`_sql.HasCTE.add_cte` method added in version 1.4.21 / :ticket:`6752` failed to function correctly for "compound select" structures such as :func:`_sql.union`, :func:`_sql.union_all`, :func:`_sql.except`, etc. Pull request courtesy Eric Masseran. .. change:: :tags: orm, usecase :tickets: 6808 Added new attribute :attr:`_sql.Select.columns_clause_froms` that will retrieve the FROM list implied by the columns clause of the :class:`_sql.Select` statement. This differs from the old :attr:`_sql.Select.froms` collection in that it does not perform any ORM compilation steps, which necessarily deannotate the FROM elements and do things like compute joinedloads etc., which makes it not an appropriate candidate for the :meth:`_sql.Select.select_from` method. Additionally adds a new parameter :paramref:`_sql.Select.with_only_columns.maintain_column_froms` that transfers this collection to :meth:`_sql.Select.select_from` before replacing the columns collection. In addition, the :attr:`_sql.Select.froms` is renamed to :meth:`_sql.Select.get_final_froms`, to stress that this collection is not a simple accessor and is instead calculated given the full state of the object, which can be an expensive call when used in an ORM context. Additionally fixes a regression involving the :func:`_orm.with_only_columns` function to support applying criteria to column elements that were replaced with either :meth:`_sql.Select.with_only_columns` or :meth:`_orm.Query.with_entities` , which had broken as part of :ticket:`6503` released in 1.4.19. .. change:: :tags: bug, orm, sql :tickets: 6824 Fixed issue where a bound parameter object that was "cloned" would cause a name conflict in the compiler, if more than one clone of this parameter were used at the same time in a single statement. This could occur in particular with things like ORM single table inheritance queries that indicated the same "discriminator" value multiple times in one query. .. change:: :tags: bug, mssql, sql :tickets: 6863 Fixed issue where the ``literal_binds`` compiler flag, as used externally to render bound parameters inline, would fail to work when used with a certain class of parameters known as "literal_execute", which covers things like LIMIT and OFFSET values for dialects where the drivers don't allow a bound parameter, such as SQL Server's "TOP" clause. The issue locally seemed to affect only the MSSQL dialect. .. change:: :tags: bug, orm :tickets: 6869 Fixed issue in loader strategies where the use of the :meth:`_orm.Load.options` method, particularly when nesting multiple calls, would generate an overly long and more importantly non-deterministic cache key, leading to very large cache keys which were also not allowing efficient cache usage, both in terms of total memory used as well as number of entries used in the cache itself. .. change:: :tags: bug, sql :tickets: 6858 Fixed an issue in the ``CacheKey.to_offline_string()`` method used by the dogpile.caching example where attempting to create a proper cache key from the special "lambda" query generated by the lazy loader would fail to include the parameter values, leading to an incorrect cache key. .. change:: :tags: bug, orm :tickets: 6887 Revised the means by which the :attr:`_orm.ORMExecuteState.user_defined_options` accessor receives :class:`_orm.UserDefinedOption` and related option objects from the context, with particular emphasis on the "selectinload" on the loader strategy where this previously was not working; other strategies did not have this problem. The objects that are associated with the current query being executed, and not that of a query being cached, are now propagated unconditionally. This essentially separates them out from the "loader strategy" options which are explicitly associated with the compiled state of a query and need to be used in relation to the cached query. The effect of this fix is that a user-defined option, such as those used by the dogpile.caching example as well as for other recipes such as defining a "shard id" for the horizontal sharing extension, will be correctly propagated to eager and lazy loaders regardless of whether a cached query was ultimately invoked. .. change:: :tags: bug, sql :tickets: 6886 Adjusted the "from linter" warning feature to accommodate for a chain of joins more than one level deep where the ON clauses don't explicitly match up the targets, such as an expression such as "ON TRUE". This mode of use is intended to cancel the cartesian product warning simply by the fact that there's a JOIN from "a to b", which was not working for the case where the chain of joins had more than one element. .. change:: :tags: bug, postgresql :tickets: 6886 Added the "is_comparison" flag to the PostgreSQL "overlaps", "contained_by", "contains" operators, so that they work in relevant ORM contexts as well as in conjunction with the "from linter" feature. .. change:: :tags: bug, orm :tickets: 6812 Fixed issue where the unit of work would internally use a 2.0-deprecated SQL expression form, emitting a deprecation warning when SQLALCHEMY_WARN_20 were enabled. .. change:: :tags: bug, orm :tickets: 6881 Fixed issue in :func:`_orm.selectinload` where use of the new :meth:`_orm.PropComparator.and_` feature within options that were nested more than one level deep would fail to update bound parameter values that were in the nested criteria, as a side effect of SQL statement caching. .. change:: :tags: bug, general :tickets: 6136 The setup requirements have been modified such ``greenlet`` is a default requirement only for those platforms that are well known for ``greenlet`` to be installable and for which there is already a pre-built binary on pypi; the current list is ``x86_64 aarch64 ppc64le amd64 win32``. For other platforms, greenlet will not install by default, which should enable installation and test suite running of SQLAlchemy 1.4 on platforms that don't support ``greenlet``, excluding any asyncio features. In order to install with the ``greenlet`` dependency included on a machine architecture outside of the above list, the ``[asyncio]`` extra may be included by running ``pip install sqlalchemy[asyncio]`` which will then attempt to install ``greenlet``. Additionally, the test suite has been repaired so that tests can complete fully when greenlet is not installed, with appropriate skips for asyncio-related tests. .. change:: :tags: enum, schema :tickets: 6146 Unify behaviour :class:`_schema.Enum` in native and non-native implementations regarding the accepted values for an enum with aliased elements. When :paramref:`_schema.Enum.omit_aliases` is ``False`` all values, alias included, are accepted as valid values. When :paramref:`_schema.Enum.omit_aliases` is ``True`` only non aliased values are accepted as valid values. .. change:: :tags: bug, ext :tickets: 6816 Fixed issue where the horizontal sharding extension would not correctly accommodate for a plain textual SQL statement passed to :meth:`_orm.Session.execute`. .. change:: :tags: bug, orm :tickets: 6889, 6079 Adjusted ORM loader internals to no longer use the "lambda caching" system that was added in 1.4, as well as repaired one location that was still using the previous "baked query" system for a query. The lambda caching system remains an effective way to reduce the overhead of building up queries that have relatively fixed usage patterns. In the case of loader strategies, the queries used are responsible for moving through lots of arbitrary options and criteria, which is both generated and sometimes consumed by end-user code, that make the lambda cache concept not any more efficient than not using it, at the cost of more complexity. In particular the problems noted by :ticket:`6881` and :ticket:`6887` are made are made considerably less complicated by removing this feature internally. .. change:: :tags: bug, orm :tickets: 6889 Fixed an issue where the :class:`_orm.Bundle` construct would not create proper cache keys, leading to inefficient use of the query cache. This had some impact on the "selectinload" strategy and was identified as part of :ticket:`6889`. .. change:: :tags: usecase, mypy :tickets: 6804, 6759 Added support for SQLAlchemy classes to be defined in user code using "generic class" syntax as defined by ``sqlalchemy2-stubs``, e.g. ``Column[String]``, without the need for qualifying these constructs within a ``TYPE_CHECKING`` block by implementing the Python special method ``__class_getitem__()``, which allows this syntax to pass without error at runtime. .. change:: :tags: bug, sql Fixed issue in lambda caching system where an element of a query that produces no cache key, like a custom option or clause element, would still populate the expression in the "lambda cache" inappropriately. .. changelog:: ``` ### 1.4.22 ``` :released: July 21, 2021 .. change:: :tags: bug, sql :tickets: 6786 Fixed issue where use of the :paramref:`_sql.case.whens` parameter passing a dictionary positionally and not as a keyword argument would emit a 2.0 deprecation warning, referring to the deprecation of passing a list positionally. The dictionary format of "whens", passed positionally, is still supported and was accidentally marked as deprecated. .. change:: :tags: bug, orm :tickets: 6775 Fixed issue in new :meth:`_schema.Table.table_valued` method where the resulting :class:`_sql.TableValuedColumn` construct would not respond correctly to alias adaptation as is used throughout the ORM, such as for eager loading, polymorphic loading, etc. .. change:: :tags: bug, orm :tickets: 6769 Fixed issue where usage of the :meth:`_result.Result.unique` method with an ORM result that included column expressions with unhashable types, such as ``JSON`` or ``ARRAY`` using non-tuples would silently fall back to using the ``id()`` function, rather than raising an error. This now raises an error when the :meth:`_result.Result.unique` method is used in a 2.0 style ORM query. Additionally, hashability is assumed to be True for result values of unknown type, such as often happens when using SQL functions of unknown return type; if values are truly not hashable then the ``hash()`` itself will raise. For legacy ORM queries, since the legacy :class:`_orm.Query` object uniquifies in all cases, the old rules remain in place, which is to use ``id()`` for result values of unknown type as this legacy uniquing is mostly for the purpose of uniquing ORM entities and not column values. .. change:: :tags: orm, bug :tickets: 6771 Fixed an issue where clearing of mappers during things like test suite teardowns could cause a "dictionary changed size" warning during garbage collection, due to iteration of a weak-referencing dictionary. A ``list()`` has been applied to prevent concurrent GC from affecting this operation. .. change:: :tags: bug, sql :tickets: 6770 Fixed issue where type-specific bound parameter handlers would not be called upon in the case of using the :meth:`_sql.Insert.values` method with the Python ``None`` value; in particular, this would be noticed when using the :class:`_types.JSON` datatype as well as related PostgreSQL specific types such as :class:`_postgresql.JSONB` which would fail to encode the Python ``None`` value into JSON null, however the issue was generalized to any bound parameter handler in conjunction with this specific method of :class:`_sql.Insert`. .. change:: :tags: bug, engine :tickets: 6740 Added some guards against ``KeyError`` in the event system to accommodate the case that the interpreter is shutting down at the same time :meth:`_engine.Engine.dispose` is being called, which would cause stack trace warnings. .. change:: :tags: bug, orm, regression :tickets: 6793 Fixed critical caching issue where the ORM's persistence feature using INSERT..RETURNING would cache an incorrect query when mixing the "bulk save" and standard "flush" forms of INSERT. .. changelog:: ``` ### 1.4.21 ``` :released: July 14, 2021 .. change:: :tags: usecase, orm :tickets: 6708 Modified the approach used for history tracking of scalar object relationships that are not many-to-one, i.e. one-to-one relationships that would otherwise be one-to-many. When replacing a one-to-one value, the "old" value that would be replaced is no longer loaded immediately, and is instead handled during the flush process. This eliminates an historically troublesome lazy load that otherwise often occurs when assigning to a one-to-one attribute, and is particularly troublesome when using "lazy='raise'" as well as asyncio use cases. This change does cause a behavioral change within the :meth:`_orm.AttributeEvents.set` event, which is nonetheless currently documented, which is that the event applied to such a one-to-one attribute will no longer receive the "old" parameter if it is unloaded and the :paramref:`_orm.relationship.active_history` flag is not set. As is documented in :meth:`_orm.AttributeEvents.set`, if the event handler needs to receive the "old" value when the event fires off, the active_history flag must be established either with the event listener or with the relationship. This is already the behavior with other kinds of attributes such as many-to-one and column value references. The change additionally will defer updating a backref on the "old" value in the less common case that the "old" value is locally present in the session, but isn't loaded on the relationship in question, until the next flush occurs. If this causes an issue, again the normal :paramref:`_orm.relationship.active_history` flag can be set to ``True`` on the relationship. .. change:: :tags: usecase, sql :tickets: 6752 Added new method :meth:`_sql.HasCTE.add_cte` to each of the :func:`_sql.select`, :func:`_sql.insert`, :func:`_sql.update` and :func:`_sql.delete` constructs. This method will add the given :class:`_sql.CTE` as an "independent" CTE of the statement, meaning it renders in the WITH clause above the statement unconditionally even if it is not otherwise referenced in the primary statement. This is a popular use case on the PostgreSQL database where a CTE is used for a DML statement that runs against database rows independently of the primary statement. .. change:: :tags: bug, postgresql :tickets: 6755 Fixed issue in :meth:`_postgresql.Insert.on_conflict_do_nothing` and :meth:`_postgresql.Insert.on_conflict_do_update` where the name of a unique constraint passed as the ``constraint`` parameter would not be properly truncated for length if it were based on a naming convention that generated a too-long name for the PostgreSQL max identifier length of 63 characters, in the same way which occurs within a CREATE TABLE statement. .. change:: :tags: bug, sql :tickets: 6710 Fixed issue in CTE constructs where a recursive CTE that referred to a SELECT that has duplicate column names, which are typically deduplicated using labeling logic in 1.4, would fail to refer to the deduplicated label name correctly within the WITH clause. .. change:: :tags: bug, regression, mssql :tickets: 6697 Fixed regression where the special dotted-schema name handling for the SQL Server dialect would not function correctly if the dotted schema name were used within the ``schema_translate_map`` feature. .. change:: :tags: orm, regression :tickets: 6718 Fixed ORM regression where ad-hoc label names generated for hybrid properties and potentially other similar types of ORM-enabled expressions would usually be propagated outwards through subqueries, allowing the name to be retained in the final keys of the result set even when selecting from subqueries. Additional state is now tracked in this case that isn't lost when a hybrid is selected out of a Core select / subquery. .. change:: :tags: bug, postgresql :tickets: 6739 Fixed issue where the PostgreSQL ``ENUM`` datatype as embedded in the ``ARRAY`` datatype would fail to emit correctly in create/drop when the ``schema_translate_map`` feature were also in use. Additionally repairs a related issue where the same ``schema_translate_map`` feature would not work for the ``ENUM`` datatype in combination with a ``CAST``, that's also intrinsic to how the ``ARRAY(ENUM)`` combination works on the PostgreSQL dialect. .. change:: :tags: bug, sql, regression :tickets: 6735 Fixed regression where the :func:`_sql.tablesample` construct would fail to be executable when constructed given a floating-point sampling value not embedded within a SQL function. .. change:: :tags: bug, postgresql :tickets: 6696 Fixed issue in :meth:`_postgresql.Insert.on_conflict_do_nothing` and :meth:`_postgresql.Insert.on_conflict_do_update` where the name of a unique constraint passed as the ``constraint`` parameter would not be properly quoted if it contained characters which required quoting. .. change:: :tags: bug, regression, orm :tickets: 6698 Fixed regression caused in 1.4.19 due to :ticket:`6503` and related involving :meth:`_orm.Query.with_entities` where the new structure used would be inappropriately transferred to an enclosing :class:`_orm.Query` when making use of set operations such as :meth:`_orm.Query.union`, causing the JOIN instructions within to be applied to the outside query as well. .. change:: :tags: bug, orm, regression :tickets: 6762 Fixed regression which appeared in version 1.4.3 due to :ticket:`6060` where rules that limit ORM adaptation of derived selectables interfered with other ORM-adaptation based cases, in this case when applying adaptations for a :func:`_orm.with_polymorphic` against a mapping which uses a :func:`_orm.column_property` which in turn makes use of a scalar select that includes a :func:`_orm.aliased` object of the mapped table. .. changelog:: ```
Links - PyPI: https://pypi.org/project/sqlalchemy - Changelog: https://pyup.io/changelogs/sqlalchemy/ - Homepage: https://www.sqlalchemy.org

Update tldextract from 3.1.0 to 3.1.1.

Changelog ### 3.1.1 ``` * Bugfixes * Support Python 3.9 * Drop support for EOL Python 3.5 ```
Links - PyPI: https://pypi.org/project/tldextract - Changelog: https://pyup.io/changelogs/tldextract/ - Repo: https://github.com/john-kurkowski/tldextract

Update coveralls from 3.1.0 to 3.2.0.

Changelog ### 3.2.0 ``` Features * **api:** support officially documented generic CI env vars (300) ([ca1c6a47](ca1c6a47)) <a name="3.1.0"></a> ```
Links - PyPI: https://pypi.org/project/coveralls - Changelog: https://pyup.io/changelogs/coveralls/ - Repo: http://github.com/TheKevJames/coveralls-python

Update pytest from 6.2.4 to 6.2.5.

Changelog ### 6.2.5 ``` ========================= Trivial/Internal Changes ------------------------ - `8494 <https://github.com/pytest-dev/pytest/issues/8494>`_: Python 3.10 is now supported. - `9040 <https://github.com/pytest-dev/pytest/issues/9040>`_: Enable compatibility with ``pluggy 1.0`` or later. ```
Links - PyPI: https://pypi.org/project/pytest - Changelog: https://pyup.io/changelogs/pytest/ - Homepage: https://docs.pytest.org/en/latest/