Bump sqlalchemy from 2.0.35 to 2.0.36

[dependabot]

Bumps sqlalchemy from 2.0.35 to 2.0.36.

Release notes

Sourced from sqlalchemy's releases.

2.0.36

Released: October 15, 2024

orm

• [orm] [usecase] Added new parameter _orm.mapped_column.hash to ORM constructs such as _orm.mapped_column(), _orm.relationship(), etc., which is interpreted for ORM Native Dataclasses in the same way as other dataclass-specific field parameters.

  References: #11923

• [orm] [bug] Fixed bug in ORM bulk update/delete where using RETURNING with bulk update/delete in combination with populate_existing would fail to accommodate the populate_existing option.

  References: #11912

• [orm] [bug] Continuing from #11912, columns marked with mapped_column.onupdate, mapped_column.server_onupdate, or Computed are now refreshed in ORM instances when running an ORM enabled UPDATE with WHERE criteria, even if the statement does not use RETURNING or populate_existing.

  References: #11917

• [orm] [bug] Fixed regression caused by fixes to joined eager loading in #11449 released in 2.0.31, where a particular joinedload case could not be asserted correctly. We now have an example of that case so the assertion has been repaired to allow for it.

  References: #11965

• [orm] [bug] Improved the error message emitted when trying to map as dataclass a class while also manually providing the __table__ attribute. This usage is currently not supported.

  References: #11973

• [orm] [bug] Refined the check which the ORM lazy loader uses to detect "this would be loading by primary key and the primary key is NULL, skip loading" to take into account the current setting for the orm.Mapper.allow_partial_pks parameter. If this parameter is False, then a composite PK value that has partial NULL elements should also be skipped. This can apply to some composite overlapping foreign key configurations.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The code changes in this pull request involve updating the SQLAlchemy library from version 2.0.35 to 2.0.36 in the requirements.txt file, which is used as a Celery broker transport for asynchronous task processing, and the update does not appear to address any known security vulnerabilities.

Expand for full summary

Summary:

The code changes in this pull request involve updating the SQLAlchemy library from version 2.0.35 to 2.0.36 in the requirements.txt file. SQLAlchemy is used as a Celery broker transport, which is a message queue system for asynchronous task processing. From a security perspective, the update to SQLAlchemy does not appear to be addressing any known security vulnerabilities, as SQLAlchemy is a widely used and maintained library, and version upgrades are generally recommended to ensure the use of the latest bug fixes and improvements.

However, it's important to note that any library updates should be thoroughly tested to ensure they do not introduce any regressions or breaking changes in the application. Additionally, it's a good practice to monitor the security advisories and release notes of the libraries used in the project to stay informed about any security-related updates or fixes. Overall, the code change seems to be a routine library update and does not raise any immediate security concerns, but it's essential to review the impact on the application's functionality and ensure that the update does not introduce any unintended consequences.

Files Changed:

• requirements.txt: The changes in this file update the SQLAlchemy library from version 2.0.35 to 2.0.36. SQLAlchemy is used as a Celery broker transport, which is a message queue system for asynchronous task processing.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved