Bump the minor-patch group in /backend with 5 updates

[dependabot]

Bumps the minor-patch group in /backend with 5 updates:

Package	From	To
alembic	1.13.2	1.13.3
apispec-webframeworks	1.1.0	1.2.0
prometheus-client	0.20.0	0.21.0
sqlalchemy	2.0.32	2.0.35
pytz	2024.1	2024.2

Updates alembic from 1.13.2 to 1.13.3

Release notes

Sourced from alembic's releases.

1.13.3

Released: September 23, 2024

usecase

• [usecase] [autogenerate] Render if_exists and if_not_exists parameters in CreateTableOp, CreateIndexOp, DropTableOp and DropIndexOp in an autogenerate context. While Alembic does not set these parameters during an autogenerate run, they can be enabled using a custom Rewriter in the env.py file, where they will now be part of the rendered Python code in revision files. Pull request courtesy of Louis-Amaury Chaib (@​lachaib).

• [usecase] [environment] Enhance version_locations parsing to handle paths containing newlines.

  References: #1509

• [usecase] [operations] Added support for Operations.create_table.if_not_exists and Operations.drop_table.if_exists, adding similar functionality to render IF [NOT] EXISTS for table operations in a similar way as with indexes. Pull request courtesy Aaron Griffin.

  References: #1520

misc

• [change] [general] The pin for setuptools<69.3 in pyproject.toml has been removed. This pin was to prevent a sudden change to PEP 625 in setuptools from taking place which changes the file name of SQLAlchemy's source distribution on pypi to be an all lower case name, and the change was extended to all SQLAlchemy projects to prevent any further surprises. However, the presence of this pin is now holding back environments that otherwise want to use a newer setuptools, so we've decided to move forward with this change, with the assumption that build environments will have largely accommodated the setuptools change by now.

Commits

• See full diff in compare view

Updates apispec-webframeworks from 1.1.0 to 1.2.0

Changelog

Sourced from apispec-webframeworks's changelog.

1.2.0 (2024-09-16) ++++++++++++++++++

Features:

• TornadoPlugin: Ensure consistent ordering for HTTP path keys (:pr:159). Thanks :user:bhperry for the PR.

Commits

• ebf43f1 Bump version and update changelog
• e26e463 Consistent ordering for HTTP path keys (#159)
• abcb590 [pre-commit.ci] pre-commit autoupdate
• 377fe6b [pre-commit.ci] pre-commit autoupdate (#157)
• bda9880 [pre-commit.ci] pre-commit autoupdate (#156)
• b5940fa [pre-commit.ci] pre-commit autoupdate
• 6c7f164 [pre-commit.ci] pre-commit autoupdate (#154)
• 7326a3f [pre-commit.ci] pre-commit autoupdate (#153)
• 9da3882 [pre-commit.ci] pre-commit autoupdate
• 1db8ed9 [pre-commit.ci] pre-commit autoupdate (#151)
• Additional commits viewable in compare view

Updates prometheus-client from 0.20.0 to 0.21.0

Release notes

Sourced from prometheus-client's releases.

0.21.0 / 2024-09-20

What's Changed

[CHANGE] Reject invalid (not GET or OPTION) HTTP methods. #1019 [ENHANCEMENT] Allow writing metrics when holding a lock for the metric in the same thread. #1014 [BUGFIX] Check for and error on None label values. #1012 [BUGFIX] Fix timestamp comparison. #1038

Commits

• 3b183b4 Release 0.21.0
• 0014e97 Use re-entrant lock. (#1014)
• 7c45f84 Reject invalid HTTP methods and resources (#1019)
• 09a5ae3 Fix timestamp comparison (#1038)
• e364a96 Fix a typo in ASGI docs (#1036)
• eeec421 Pin python 3.8 and 3.9 at patch level (#1024)
• 7bc8cdd docs: correct link to multiprocessing docs (#1023)
• 4535ce0 Add sanity check for label value (#1012)
• See full diff in compare view

Updates sqlalchemy from 2.0.32 to 2.0.35

Release notes

Sourced from sqlalchemy's releases.

2.0.35

Released: September 16, 2024

orm

• [orm] [bug] [typing] Fixed issue where it was not possible to use typing.Literal with Mapped[] on Python 3.8 and 3.9. Pull request courtesy Frazer McLean.

  References: #11820

• [orm] [bug] Fixed issue in ORM evaluator where two datatypes being evaluated with the SQL concatenator operator would not be checked for UnevaluatableError based on their datatype; this missed the case of _postgresql.JSONB values being used in a concatenate operation which is supported by PostgreSQL as well as how SQLAlchemy renders the SQL for this operation, but does not work at the Python level. By implementing UnevaluatableError for this combination, ORM update statements will now fall back to "expire" when a concatenated JSON value used in a SET clause is to be synchronized to a Python object.

  References: #11849

• [orm] [bug] An warning is emitted if _orm.joinedload() or _orm.subqueryload() are used as a top level option against a statement that is not a SELECT statement, such as with an insert().returning(). There are no JOINs in INSERT statements nor is there a "subquery" that can be repurposed for subquery eager loading, and for UPDATE/DELETE joinedload does not support these either, so it is never appropriate for this use to pass silently.

  References: #11853

• [orm] [bug] Fixed issue where using loader options such as _orm.selectinload() with additional criteria in combination with ORM DML such as _sql.insert() with RETURNING would not correctly set up internal contexts required for caching to work correctly, leading to incorrect results.

  References: #11855

mysql

• [mysql] [bug] Fixed issue in mariadbconnector dialect where query string arguments that weren't checked integer or boolean arguments would be ignored, such as string arguments like unix_socket, etc. As part of this change, the argument parsing for particular elements such as client_flags, compress, local_infile has been made more consistent across all

... (truncated)

Commits

• See full diff in compare view

Updates pytz from 2024.1 to 2024.2

Commits

• 3944f75 Bump version numbers to 2024.2 / 2024b
• 640c9bd IANA 2024b
• 382ca0c Squashed 'tz/' changes from 380c07cef..923e54bae
• 96a1e88 Stop testing unavailable and EOL Python 3.5
• 68186b6 Add support for Python 3.13
• e994058 Run other jobs if one fails
• 2326f9f Bump GitHub Actions
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions