Scheduled monthly dependency update for October

[pyup-bot]

Update sqlalchemy from 1.2.8 to 1.2.12.

Changelog

1.2.12

:released: September 19, 2018

 .. change::
     :tags: bug, postgresql
     :tickets: 4325

     Fixed bug in PostgreSQL dialect where compiler keyword arguments such as
     ``literal_binds=True`` were not being propagated to a DISTINCT ON
     expression.

 .. change::
     :tags: bug, ext
     :tickets: 4328

     Fixed issue where :class:`.BakedQuery` did not include the specific query
     class used by the :class:`.Session` as part of the cache key, leading to
     incompatibilities when using custom query classes, in particular the
     :class:`.ShardedQuery` which has some different argument signatures.

 .. change::
     :tags: bug, postgresql
     :tickets: 4324

     Fixed the :func:`.postgresql.array_agg` function, which is a slightly
     altered version of the usual :func:`.functions.array_agg` function, to also
     accept an incoming "type" argument without forcing an ARRAY around it,
     essentially the same thing that was fixed for the generic function in 1.1
     in :ticket:`4107`.

 .. change::
     :tags: bug, postgresql
     :tickets: 4323

     Fixed bug in PostgreSQL ENUM reflection where a case-sensitive, quoted name
     would be reported by the query including quotes, which would not match a
     target column during table reflection as the quotes needed to be stripped
     off.


 .. change::
    :tags: bug, orm

    Added a check within the weakref cleanup for the :class:`.InstanceState`
    object to check for the presence of the ``dict`` builtin, in an effort to
    reduce error messages generated when these cleanups occur during interpreter
    shutdown.  Pull request courtesy Romuald Brunet.

 .. change::
     :tags: bug, orm, declarative
     :tickets: 4326

     Fixed bug where the declarative scan for attributes would receive the
     expression proxy delivered by a hybrid attribute at the class level, and
     not the hybrid attribute itself, when receiving the descriptor via the
     ``declared_attr`` callable on a subclass of an already-mapped class. This
     would lead to an attribute that did not report itself as a hybrid when
     viewed within :attr:`.Mapper.all_orm_descriptors`.


 .. change::
     :tags: bug, orm
     :tickets: 4334
     :versions: 1.3.0b1

     Fixed bug where use of :class:`.Lateral` construct in conjunction with
     :meth:`.Query.join` as well as :meth:`.Query.select_entity_from` would not
     apply clause adaption to the right side of the join.   "lateral" introduces
     the use case of the right side of a join being correlatable.  Previously,
     adaptation of this clause wasn't considered.   Note that in 1.2 only,
     a selectable introduced by :meth:`.Query.subquery` is still not adapted
     due to :ticket:`4304`; the selectable needs to be produced by the
     :func:`.select` function to be the right side of the "lateral" join.

 .. change::
    :tags: bug, oracle
    :tickets: 4335

    Fixed issue for cx_Oracle 7.0 where the behavior of Oracle param.getvalue()
    now returns a list, rather than a single scalar value, breaking
    autoincrement logic throughout the Core and ORM. The dml_ret_array_val
    compatibility flag is used for cx_Oracle 6.3 and 6.4 to establish compatible
    behavior with 7.0 and forward, for cx_Oracle 6.2.1 and prior a version
    number check falls back to the old logic.


 .. change::
     :tags: bug, orm
     :tickets: 4327

     Fixed 1.2 regression caused by :ticket:`3472` where the handling of an
     "updated_at" style column within the context of a post-update operation
     would also occur for a row that is to be deleted following the update,
     meaning both that a column with a Python-side value generator would show
     the now-deleted value that was emitted for the UPDATE before the DELETE
     (which was not the previous behavor), as well as that a SQL- emitted value
     generator would have the attribute expired, meaning the previous value
     would be unreachable due to the row having been deleted and the object
     detached from the session.The "postfetch" logic that was added as part of
     :ticket:`3472` is now skipped entirely for an object that ultimately is to
     be deleted.

.. changelog::

1.2.11

:released: August 20, 2018

 .. change::
     :tags: bug, py3k

     Started importing "collections" from "collections.abc" under Python 3.3 and
     greater for Python 3.8 compatibility.  Pull request courtesy Nathaniel
     Knight.

 .. change::
     :tag: bug, sqlite

     Fixed issue where the "schema" name used for a SQLite database within table
     reflection would not quote the schema name correctly.  Pull request
     courtesy Phillip Cloud.

 .. change::
     :tags: bug, sql
     :tickets: 4320

     Fixed issue that is closely related to :ticket:`3639` where an expression
     rendered in a boolean context on a non-native boolean backend would
     be compared to 1/0 even though it is already an implcitly boolean
     expression, when :meth:`.ColumnElement.self_group` were used.  While this
     does not affect the user-friendly backends (MySQL, SQLite) it was not
     handled by Oracle (and possibly SQL Server).   Whether or not the
     expression is implicitly boolean on any database is now determined
     up front as an additional check to not generate the integer comparison
     within the compliation of the statement.

 .. change::
     :tags: bug, oracle
     :tickets: 4309

     For cx_Oracle, Integer datatypes will now be bound to "int", per advice
     from the cx_Oracle developers.  Previously, using cx_Oracle.NUMBER caused a
     loss in precision within the cx_Oracle 6.x series.


 .. change::
     :tags: bug, orm, declarative
     :tickets: 4321

     Fixed issue in previously untested use case, allowing a declarative mapped
     class to inherit from a classically-mapped class outside of the declarative
     base, including that it accommodates for unmapped intermediate classes. An
     unmapped intermediate class may specify ``__abstract__``, which is now
     interpreted correctly, or the intermediate class can remain unmarked, and
     the classically mapped base class will be detected within the hierarchy
     regardless. In order to anticipate existing scenarios which may be mixing
     in classical mappings into existing declarative hierarchies, an error is
     now raised if multiple mapped bases are detected for a given class.

 .. change::
     :tags: bug, sql
     :tickets: 4322

     Added missing window function parameters
     :paramref:`.WithinGroup.over.range_` and :paramref:`.WithinGroup.over.rows`
     parameters to the :meth:`.WithinGroup.over` and
     :meth:`.FunctionFilter.over` methods, to correspond to the range/rows
     feature added to the "over" method of SQL functions as part of
     :ticket:`3049` in version 1.1.

 .. change::
     :tags: bug, sql
     :tickets: 4313

     Fixed bug where the multi-table support for UPDATE and DELETE statements
     did not consider the additional FROM elements as targets for correlation,
     when a correlated SELECT were also combined with the statement.  This
     change now includes that a SELECT statement in the WHERE clause for such a
     statement will try to auto-correlate back to these additional tables in the
     parent UPDATE/DELETE or unconditionally correlate if
     :meth:`.Select.correlate` is used.  Note that auto-correlation raises an
     error if the SELECT statement would have no FROM clauses as a result, which
     can now occur if the parent UPDATE/DELETE specifies the same tables in its
     additional set of tables; specify :meth:`.Select.correlate` explicitly to
     resolve.

.. changelog::

1.2.10

:released: July 13, 2018

 .. change::
     :tags: bug, sql
     :tickets: 4300

     Fixed bug where a :class:`.Sequence` would be dropped explicitly before any
     :class:`.Table` that refers to it, which breaks in the case when the
     sequence is also involved in a server-side default for that table, when
     using :meth:`.MetaData.drop_all`.   The step which processes sequences
     to be dropped via non server-side column default functions is now invoked
     after the table itself is dropped.

 .. change::
     :tags: bug, orm
     :tickets: 4295

     Fixed bug in :class:`.Bundle` construct where placing two columns of the
     same name would be de-duplicated, when the :class:`.Bundle` were used as
     part of the rendered SQL, such as in the ORDER BY or GROUP BY of the statement.


 .. change::
     :tags: bug, orm
     :tickets: 4298

     Fixed regression in 1.2.9 due to :ticket:`4287` where using a
     :class:`.Load` option in conjunction with a string wildcard would result
     in a TypeError.

.. changelog::

1.2.9

:released: June 29, 2018

 .. change::
     :tags: bug, mysql

     Fixed percent-sign doubling in mysql-connector-python dialect, which does
     not require de-doubling of percent signs.   Additionally, the  mysql-
     connector-python driver is inconsistent in how it passes the column names
     in cursor.description, so a workaround decoder has been added to
     conditionally decode these randomly-sometimes-bytes values to unicode only
     if needed.  Also improved test support for mysql-connector-python, however
     it should be noted that this driver still has issues with unicode that
     continue to be unresolved as of yet.


 .. change::
     :tags: bug, mssql
     :tickets: 4288

     Fixed bug in MSSQL reflection where when two same-named tables in different
     schemas had same-named primary key constraints, foreign key constraints
     referring to one of the tables would have their columns doubled, causing
     errors.   Pull request courtesy Sean Dunn.

 .. change::
     :tags: bug, sql
     :tickets: 4279

     Fixed regression in 1.2 due to :ticket:`4147` where a :class:`.Table` that
     has had some of its indexed columns redefined with new ones, as would occur
     when overriding columns during reflection or when using
     :paramref:`.Table.extend_existing`, such that the :meth:`.Table.tometadata`
     method would fail when attempting to copy those indexes as they still
     referred to the replaced column.   The copy logic now accommodates for this
     condition.


 .. change::
     :tags: bug, mysql
     :tickets: 4293

     Fixed bug in index reflection where on MySQL 8.0 an index that includes
     ASC or DESC in an indexed column specfication would not be correctly
     reflected, as MySQL 8.0 introduces support for returning this information
     in a table definition string.

 .. change::
     :tags: bug, orm
     :tickets: 3505

     Fixed issue where chaining multiple join elements inside of
     :meth:`.Query.join` might not correctly adapt to the previous left-hand
     side, when chaining joined inheritance classes that share the same base
     class.

 .. change::
     :tags: bug, orm
     :tickets: 4287

     Fixed bug in cache key generation for baked queries which could cause a
     too-short cache key to be generated for the case of eager loads across
     subclasses.  This could in turn cause the eagerload query to be cached in
     place of a non-eagerload query, or vice versa, for a polymorhic "selectin"
     load, or possibly for lazy loads or selectin loads as well.

 .. change::
     :tags: bug, sqlite

     Fixed issue in test suite where SQLite 3.24 added a new reserved word that
     conflicted with a usage in TypeReflectionTest.  Pull request courtesy Nils
     Philippsen.

 .. change::
     :tags: feature, oracle
     :tickets: 4290
     :versions: 1.3.0b1

     Added a new event currently used only by the cx_Oracle dialect,
     :meth:`.DialectEvents.setiputsizes`.  The event passes a dictionary of
     :class:`.BindParameter` objects to DBAPI-specific type objects that will be
     passed, after conversion to parameter names, to the cx_Oracle
     ``cursor.setinputsizes()`` method.  This allows both visibility into the
     setinputsizes process as well as the ability to alter the behavior of what
     datatypes are passed to this method.

     .. seealso::

         :ref:`cx_oracle_setinputsizes`

 .. change::
     :tags: bug, orm
     :tickets: 4286

     Fixed bug in new polymorphic selectin loading where the BakedQuery used
     internally would be mutated by the given loader options, which would both
     inappropriately mutate the subclass query as well as carry over the effect
     to subsequent queries.

 .. change::
     :tags: bug, py3k
     :tickets: 4291

     Replaced the usage of inspect.formatargspec() with a vendored version
     copied from the Python standard library, as inspect.formatargspec()
     is deprecated and as of Python 3.7.0 is emitting a warning.

 .. change::
     :tags: feature, ext
     :tickets: 4243
     :versions: 1.3.0b1

     Added new attribute :attr:`.Query.lazy_loaded_from` which is populated
     with an :class:`.InstanceState` that is using this :class:`.Query` in
     order to lazy load a relationship.  The rationale for this is that
     it serves as a hint for the horizontal sharding feature to use, such that
     the identity token of the state can be used as the default identity token
     to use for the query within id_chooser().

 .. change::
     :tags: bug, mysql
     :tickets: 4283

     Fixed bug in MySQLdb dialect and variants such as PyMySQL where an
     additional "unicode returns" check upon connection makes explicit use of
     the "utf8" character set, which in MySQL 8.0 emits a warning that utf8mb4
     should be used.  This is now replaced with a utf8mb4 equivalent.
     Documentation is also updated for the MySQL dialect to specify utf8mb4 in
     all examples.  Additional changes have been made to the test suite to use
     utf8mb3 charsets and databases (there seem to be collation issues in some
     edge cases with utf8mb4), and to support configuration default changes made
     in MySQL 8.0 such as explicit_defaults_for_timestamp as well as new errors
     raised for invalid MyISAM indexes.



 .. change::
     :tags: bug, mysql
     :tickets: 3645

     The :class:`.Update` construct now accommodates a :class:`.Join` object
     as supported by MySQL for UPDATE..FROM.  As the construct already
     accepted an alias object for a similar purpose, the feature of UPDATE
     against a non-table was already implied so this has been added.

 .. change::
     :tags: bug, mssql, py3k
     :tickets: 4273

     Fixed issue within the SQL Server dialect under Python 3 where when running
     against a non-standard SQL server database that does not contain either the
     "sys.dm_exec_sessions" or "sys.dm_pdw_nodes_exec_sessions" views, leading
     to a failure to fetch the isolation level, the error raise would fail due
     to an UnboundLocalError.



 .. change::
     :tags: bug, orm
     :tickets: 4269

     Fixed regression caused by :ticket:`4256` (itself a regression fix for
     :ticket:`4228`) which breaks an undocumented behavior which converted for a
     non-sequence of entities passed directly to the :class:`.Query` constructor
     into a single-element sequence.  While this behavior was never supported or
     documented, it's already in use so has been added as a behavioral contract
     to :class:`.Query`.

 .. change::
     :tags: bug, orm
     :tickets: 4270

     Fixed an issue that was both a performance regression in 1.2 as well as an
     incorrect result regarding the "baked" lazy loader, involving the
     generation of cache keys from the original :class:`.Query` object's loader
     options.  If the loader options were built up in a "branched" style using
     common base elements for multiple options, the same options would be
     rendered into the cache key repeatedly, causing both a performance issue as
     well as generating the wrong cache key.  This is fixed, along with a
     performance improvement when such "branched" options are applied via
     :meth:`.Query.options` to prevent the same option objects from being
     applied repeatedly.

 .. change::
     :tags: bug, oracle, mysql
     :tickets: 4275

     Fixed INSERT FROM SELECT with CTEs for the Oracle and MySQL dialects, where
     the CTE was being placed above the entire statement as is typical with
     other databases, however Oracle and MariaDB 10.2 wants the CTE underneath
     the "INSERT" segment. Note that the Oracle and MySQL dialects don't yet
     work when a CTE is applied to a subquery inside of an UPDATE or DELETE
     statement, as the CTE is still applied to the top rather than inside the
     subquery.


.. changelog::

Links

• PyPI: https://pypi.org/project/sqlalchemy
• Changelog: https://pyup.io/changelogs/sqlalchemy/
• Homepage: http://www.sqlalchemy.org

Update alembic from 0.9.9 to 1.0.0.

Changelog

1.0.0

:released: July 13, 2018
 :released: July 13, 2018
 :released: July 13, 2018

 .. change::
     :tags: feature, general
     :tickets: 491

     For Alembic 1.0, Python 2.6 / 3.3 support is being dropped, allowing a
     fixed setup.py to be built as well as universal wheels.  Pull request
     courtesy Hugo.




 .. change::
     :tags: feature, general

     With the 1.0 release, Alembic's minimum SQLAlchemy support version
     moves to 0.9.0, previously 0.7.9.

 .. change::
     :tags: bug, batch
     :tickets: 502

     Fixed issue in batch where dropping a primary key column, then adding it
     back under the same name but without the primary_key flag, would not remove
     it from the existing PrimaryKeyConstraint.  If a new PrimaryKeyConstraint
     is added, it is used as-is, as was the case before.

.. changelog::

0.9.10

:released: June 29, 2018

 .. change::
     :tags: bug, autogenerate

     The "op.drop_constraint()" directive will now render using ``repr()`` for
     the schema name, in the same way that "schema" renders for all the other op
     directives.  Pull request courtesy Denis Kataev.

 .. change::
     :tags: bug, autogenerate
     :tickets: 494

     Added basic capabilities for external dialects to support rendering of
     "nested" types, like arrays, in a manner similar to that of the Postgresql
     dialect.

 .. change::
     :tags: bug, autogenerate

     Fixed issue where "autoincrement=True" would not render for a column that
     specified it, since as of SQLAlchemy 1.1 this is no longer the default
     value for "autoincrement".  Note the behavior only takes effect against the
     SQLAlchemy 1.1.0 and higher; for pre-1.1 SQLAlchemy, "autoincrement=True"
     does not render as was the case before. Pull request courtesy  Elad Almos.

.. changelog::

Links

• PyPI: https://pypi.org/project/alembic
• Changelog: https://pyup.io/changelogs/alembic/
• Repo: http://bitbucket.org/zzzeek/alembic
• Docs: https://pythonhosted.org/alembic/

Update colander from 1.4.0 to 1.5.

Changelog

1.5.0

==================

- Drop Python 3.3 support. Add PyPy3 and Python 3.7 as allowed failures.
See https://github.com/Pylons/colander/pull/309

- Fix email validation to not allow all ASCII characters between + and /.
This prevents email addresses like 'foo1,foo2bar.baz' from being validated,
which would be handled as multiple email addresses by subsequent tools.
See https://github.com/Pylons/colander/pull/315

- Add support for ``enum.Enum`` objects.
See https://github.com/Pylons/colander/pull/305

- Recompiled language translations and updated ``de`` and ``el`` locales.
See https://github.com/Pylons/colander/pull/284 and
https://github.com/Pylons/colander/pull/314

Links

• PyPI: https://pypi.org/project/colander
• Changelog: https://pyup.io/changelogs/colander/
• Homepage: https://docs.pylonsproject.org/projects/colander/en/latest/

Update dogpile.cache from 0.6.5 to 0.6.7.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/dogpile.cache
• Repo: http://bitbucket.org/zzzeek/dogpile.cache
• Docs: https://pythonhosted.org/dogpile.cache/

Update bleach from 2.1.3 to 2.1.4.

Changelog

2.1.4

---------------------------------

**Security fixes**

None

**Backwards incompatible changes**

* Dropped support for Python 3.3. (328)

**Features**

None

**Bug fixes**

* Handle ambiguous ampersands in correctly. (359)

Links

• PyPI: https://pypi.org/project/bleach
• Changelog: https://pyup.io/changelogs/bleach/
• Repo: http://github.com/mozilla/bleach
• Docs: https://pythonhosted.org/bleach/

[coveralls]

Coverage remained the same at 100.0% when pulling be64f9b on pyup-scheduled-update-2018-10-01 into eb1f654 on master.

[pyup-bot]

Closing this in favor of #453