Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump piccolo from 0.119.0 to 1.1.1 in /backend #1156

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 12, 2023

Bumps piccolo from 0.119.0 to 1.1.1.

Release notes

Sourced from piccolo's releases.

1.1.1

Piccolo allows the user to specify savepoint names which are used in transactions. For example:

async with DB.transaction() as transaction:
    await Band.insert(Band(name='Pythonistas'))
# Passing in a savepoint name is optional:
savepoint_1 = await transaction.savepoint('savepoint_1')
await Band.insert(Band(name='Terrible band'))
Oops, I made a mistake!
await savepoint_1.rollback_to()

Postgres doesn't allow us to parameterise savepoint names, which means there's a small chance of SQL injection, if for some reason the savepoint names were generated from end-user input. Even though the likelihood is very low, it's best to be safe. We now validate the savepoint name, to make sure it can only contain certain safe characters. Thanks to @​Skelmis for making this change.

1.1.0

Added support for Python 3.12.

Modified create_pydantic_model, so additional information is returned in the JSON schema to distinguish between Timestamp and Timestamptz columns. This will be used for future Piccolo Admin enhancements.

1.0.0

Piccolo v1 is now available!

We migrated to Pydantic v2, and also migrated Piccolo Admin to Vue 3, which puts the project in a good place moving forward.

We don't anticipate any major issues for people who are upgrading. If you encounter any bugs let us know.

Make sure you have v1 of Piccolo, Piccolo API, and Piccolo Admin.

1.0a3

Namespaced all custom values we add to Pydantic's JSON schema for easier maintenance.

1.0a2

All of the changes from 0.120.0 merged into the v1 branch.

1.0a1

Initial alpha release of Piccolo v1, with Pydantic v2 support (thanks to @​sinisaos for helping with this).

0.121.0

Modified the BaseUser.login logic so all code paths take the same time. Thanks to @​Skelmis for this.

0.120.0

Highlights

Improved how ModelBuilder generates JSON data.

The number of password hash iterations used in BaseUser has been increased to keep pace with the latest guidance from OWASP - thanks to @​Skelmis for this.

... (truncated)

Changelog

Sourced from piccolo's changelog.

1.1.1

Piccolo allows the user to specify savepoint names which are used in transactions. For example:

.. code-block:: python

async with DB.transaction() as transaction:
    await Band.insert(Band(name='Pythonistas'))
# Passing in a savepoint name is optional:
savepoint_1 = await transaction.savepoint('savepoint_1')

await Band.insert(Band(name='Terrible band'))

Oops, I made a mistake!

await savepoint_1.rollback_to()

Postgres doesn't allow us to parameterise savepoint names, which means there's a small chance of SQL injection, if for some reason the savepoint names were generated from end-user input. Even though the likelihood is very low, it's best to be safe. We now validate the savepoint name, to make sure it can only contain certain safe characters. Thanks to @​Skelmis for making this change.


1.1.0

Added support for Python 3.12.

Modified create_pydantic_model, so additional information is returned in the JSON schema to distinguish between Timestamp and Timestamptz columns. This will be used for future Piccolo Admin enhancements.


1.0.0

Piccolo v1 is now available!

We migrated to Pydantic v2, and also migrated Piccolo Admin to Vue 3, which puts the project in a good place moving forward.

We don't anticipate any major issues for people who are upgrading. If you encounter any bugs let us know.

Make sure you have v1 of Piccolo, Piccolo API, and Piccolo Admin.

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 12, 2023
Copy link

vercel bot commented Nov 12, 2023

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
munro ✅ Ready (Inspect) Visit Preview 💬 Add feedback Dec 5, 2023 10:28pm

Bumps [piccolo](https://github.com/piccolo-orm/piccolo) from 0.119.0 to 1.1.1.
- [Release notes](https://github.com/piccolo-orm/piccolo/releases)
- [Changelog](https://github.com/piccolo-orm/piccolo/blob/master/CHANGES.rst)
- [Commits](piccolo-orm/piccolo@0.119.0...1.1.1)

---
updated-dependencies:
- dependency-name: piccolo
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 1, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/pip/backend/piccolo-1.1.1 branch November 1, 2024 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant