Scheduled weekly dependency update for week 46

[pyup-bot]

Update requests from 2.27.1 to 2.32.3.

Changelog

2.32.3

-------------------

**Bugfixes**
- Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (6716)
- Fixed issue where Requests started failing to run on Python versions compiled
without the `ssl` module. (6724)

2.32.2

-------------------

**Deprecations**
- To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed `_get_connection` to
a new public API, `get_connection_with_tls_context`. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
`get_connection` is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (6710)

2.32.1

-------------------

**Bugfixes**
- Add missing test certs to the sdist distributed on PyPI.

2.32.0

-------------------

**Security**
- Fixed an issue where setting `verify=False` on the first request from a
Session will cause subsequent requests to the _same origin_ to also ignore
cert verification, regardless of the value of `verify`.
(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

**Improvements**
- `verify=True` now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (6667)
- Requests now supports optional use of character detection
(`chardet` or `charset_normalizer`) when repackaged or vendored.
This enables `pip` and other projects to minimize their vendoring
surface area. The `Response.text()` and `apparent_encoding` APIs
will default to `utf-8` if neither library is present. (6702)

**Bugfixes**
- Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (6589)
- Fixed deserialization bug in JSONDecodeError. (6629)
- Fixed bug where an extra leading `/` (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (6644)

**Deprecations**

- Requests has officially added support for CPython 3.12 (6503)
- Requests has officially added support for PyPy 3.9 and 3.10 (6641)
- Requests has officially dropped support for CPython 3.7 (6642)
- Requests has officially dropped support for PyPy 3.7 and 3.8 (6641)

**Documentation**
- Various typo fixes and doc improvements.

**Packaging**
- Requests has started adopting some modern packaging practices.
The source files for the projects (formerly `requests`) is now located
in `src/requests` in the Requests sdist. (6506)
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
using `hatchling`. This should not impact the average user, but extremely old
versions of packaging utilities may have issues with the new packaging format.

2.31.0

-------------------

**Security**
- Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of `Proxy-Authorization` headers to destination servers when
following HTTPS redirects.

When proxies are defined with user info (`https://user:passproxy:8080`), Requests
will construct a `Proxy-Authorization` header that is attached to the request to
authenticate with the proxy.

In cases where Requests receives a redirect response, it previously reattached
the `Proxy-Authorization` header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are *strongly* encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.

Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.

Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q)
and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681).

2.30.0

-------------------

**Dependencies**
- ⚠️ Added support for urllib3 2.0. ⚠️

This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.

Users who wish to stay on urllib3 1.x can pin to `urllib3<2`.

2.29.0

-------------------

**Improvements**

- Requests now defers chunked requests to the urllib3 implementation to improve
standardization. (6226)
- Requests relaxes header component requirements to support bytes/str subclasses. (6356)

2.28.2

-------------------

**Dependencies**

- Requests now supports charset\_normalizer 3.x. (6261)

**Bugfixes**

- Updated MissingSchema exception to suggest https scheme rather than http. (6188)

2.28.1

-------------------

**Improvements**

- Speed optimization in `iter_content` with transition to `yield from`. (6170)

**Dependencies**

- Added support for chardet 5.0.0 (6179)
- Added support for charset-normalizer 2.1.0 (6169)

2.28.0

-------------------

**Deprecations**

- ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (6091)
- Requests has officially dropped support for Python 3.6 (including pypy3.6). (6091)

**Improvements**

- Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
an encoding to make `json()` API consistent. (6097)
- Parse header components consistently, raising an InvalidHeader error in
all invalid cases. (6154)
- Added provisional 3.11 support with current beta build. (6155)
- Requests got a makeover and we decided to paint it black. (6095)

**Bugfixes**

- Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable
cert verification. All Requests 2.x versions before 2.28.0 are affected. (6074)
- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with
`requests.exceptions.SSLError` for `content` and `iter_content`. (6057)
- Fixed issue where invalid Windows registry entries caused proxy resolution
to raise an exception rather than ignoring the entry. (6149)
- Fixed issue where entire payload could be included in the error message for
JSONDecodeError. (6036)

Links

• PyPI: https://pypi.org/project/requests
• Changelog: https://data.safetycli.com/changelogs/requests/
• Docs: https://requests.readthedocs.io

Update setproctitle from 1.2.2 to 1.3.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/setproctitle
• Repo: https://github.com/dvarrazzo/py-setproctitle

Update tqdm from 4.62.3 to 4.67.0.

Changelog

4.67.0

- `contrib.discord`: replace `disco-py` with `requests` (1536)

4.66.6

- cli: zip-safe `--manpath`, `--comppath` (1627)
- misc framework updates (1627)
+ fix `pytest` `DeprecationWarning`
+ fix `snapcraft` build
+ fix `nbval` `DeprecationWarning`
+ update & tidy workflows
+ bump pre-commit
+ docs: update URLs

4.66.5

- support `ncols` auto-detection on FreeBSD (1602 <- https://github.com/casperdcl/git-fame/issues/98)
- fix Python 3.13 CLI (1594 <- 1585)
- fix Python 3.13 tests (1595 <- https://github.com/python/cpython/issues/117536#issuecomment-2036883124)
- misc framework updates (1602)
+ add official Python 3.12 support
+ bump deps (https://github.com/NiklasRosenstein/pydoc-markdown/issues/329, https://github.com/tikitu/jsmin/pull/44)

4.66.4

- `rich`: fix completion (1395 <- 1306)
- minor framework updates & code tidy (1578)

4.66.3

- `cli`: `eval` safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

4.66.2

- `pandas`: add `DataFrame.progress_map` (1549)
- `notebook`: fix HTML padding (1506)
- `keras`: fix resuming training when `verbose>=2` (1508)
- fix `format_num` negative fractions missing leading zero (1548)
- fix Python 3.12 `DeprecationWarning` on `import` (1519)
- linting: use f-strings (1549)
- update tests (1549)
+ fix `pandas` warnings
+ fix `asv` (https://github.com/airspeed-velocity/asv/issues/1323)
+ fix macos `notebook` docstring indentation
- CI: bump actions (1549)

4.66.1

- fix `utils.envwrap` types (1493 <- 1491, 1320 <- 966, 1319)
+ e.g. cloudwatch & kubernetes workaround: `export TQDM_POSITION=-1`
- drop mentions of unsupported Python versions

4.66.0

- environment variables to override defaults (`TQDM_*`) (1491 <- 1061, 950 <- 614, 1318, 619, 612, 370)
+ e.g. in CI jobs, `export TQDM_MININTERVAL=5` to avoid log spam
+ add tests & docs for `tqdm.utils.envwrap`
- fix & update CLI completion
- fix & update API docs
- minor code tidy: replace `os.path` => `pathlib.Path`
- fix docs image hosting
- release with CI bot account again (https://github.com/cli/cli/issues/6680)

4.65.2

- exclude `examples` from distributed wheel (1492)

4.65.1

- migrate `setup.{cfg,py}` => `pyproject.toml` (1490)
+ fix `asv` benchmarks
+ update docs
- fix snap build (1490)
- fix & update tests (1490)
+ fix flaky notebook tests
+ bump `pre-commit`
+ bump workflow actions

4.65.0

- add Python 3.11 and drop Python 3.6 support (1439, 1419, 502 <- 720, 620)
- misc code & docs tidy
- fix & update CI workflows & tests

4.64.1

- support `ipywidgets>=8`  (1366, 1361 <- 1310, 1359, 1360, 1364)
+ fix jupyter lab display
+ update notebook tests

4.64.0

- add `contrib.slack` (1313)

4.63.2

- `rich`: expose `options` kwargs (1282)
- `autonotebook`: re-enable VSCode (1309)
- misc docs typos (1301, 1299)
- update dev dependencies (1311)

4.63.1

- fix stderr/stdout missing `flush()` (1248 <- 1177)
- misc speed improvements/optimisations

4.63.0

- add `__reversed__()`
- add efficient `__contains__()`
- improve CLI startup time (replace `pkg_resources` => `importlib`)
- `tqdm.autonotebook` warning & `std` fallback on missing `ipywidgets` (1218 <- 1082, 1217)
- warn on positional CLI arguments
- misc build/test framework updates
+ enable `py3.10` tests
+ add `conda` dependencies
+ update pre-commit hooks
+ fix `pytest` config (`nbval`, `asyncio`)
+ fix dependencies & tests
+ fix site deployment

Links

• PyPI: https://pypi.org/project/tqdm
• Changelog: https://data.safetycli.com/changelogs/tqdm/

Update chardet from 4.0.0 to 5.2.0.

Changelog

5.2.0

Adds support for running chardet CLI via `python -m chardet` (0e9b7bc20366163efcc221281201baff4100fe19, dan-blanchard)

5.1.0

Features
- Add `should_rename_legacy` argument to most functions, which will rename older encodings to their more modern equivalents (e.g., `GB2312` becomes `GB18030`) (264, dan-blanchard)
- Add capital letter sharp S and ISO-8859-15 support (222, SimonWaldherr)
- Add a prober for MacRoman encoding (5 updated as c292b52a97e57c95429ef559af36845019b88b33, Rob Speer and dan-blanchard )
- Add `--minimal` flag to `chardetect` command (214, dan-blanchard)
- Add type annotations to the project and run mypy on CI (261, jdufresne)
- Add support for Python 3.11 (274, hugovk)

Fixes
- Clarify LGPL version in License trove classifier (255, musicinmybrain)
- Remove support for EOL Python 3.6 (260, jdufresne)
- Remove unnecessary guards for non-falsey values (259, jdufresne)

Misc changes
- Switch to Python 3.10 release in GitHub actions (257, jdufresne)
- Remove setup.py in favor of build package (262, jdufresne)
- Run tests on macos, Windows, and 3.11-dev (267, dan-blanchard)

5.0.0

⚠️ This release is the first release of chardet that no longer supports Python < 3.6 ⚠️

In addition to that change, it features the following user-facing changes:

- Added a prober for Johab Korean (207, grizlupo)
- Added a prober for UTF-16/32 BE/LE (109, 206, jpz) 
- Added test data for Croatian, Czech, Hungarian, Polish, Slovak, Slovene, Greek, and Turkish, which should help prevent future errors with those languages
- Improved XML tag filtering, which should improve accuracy for XML files (208)
- Tweaked `SingleByteCharSetProber` confidence to match latest uchardet (209)
- Made `detect_all` return child prober confidences (210)
- Updated examples in docs (223, domdfcoding)
- Documentation fixes (212, 224, 225, 226, 220, 221, 244 from too many to mention)
- Minor performance improvements (252, deedy5)
- Add support for Python 3.10 when testing (232, jdufresne)
- Lots of little development cycle improvements, mostly thanks to jdufresne

Links

• PyPI: https://pypi.org/project/chardet
• Changelog: https://data.safetycli.com/changelogs/chardet/
• Repo: https://github.com/chardet/chardet

Update pymysql from 1.0.2 to 1.1.1.

Changelog

1.1.1

Release date: 2024-05-21

> [!WARNING]
> This release fixes a vulnerability (CVE-2024-36039).
> All users are recommended to update to this version.
>
> If you can not update soon, check the input value from
> untrusted source has an expected type. Only dict input
> from untrusted source can be an attack vector.

* Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL
and might cause SQL injection. (CVE-2024-36039)
* Added ssl_key_password param. 1145

1.1.0

Release date: 2023-06-26

* Fixed SSCursor raising OperationalError for query timeouts on wrong statement (1032)
* Exposed `Cursor.warning_count` to check for warnings without additional query (1056)
* Make Cursor iterator (995)
* Support '_' in key name in my.cnf (1114)
* `Cursor.fetchall()` returns empty list instead of tuple (1115). Note that `Cursor.fetchmany()` still return empty tuple after reading all rows for compatibility with Django.
* Deprecate Error classes in Cursor class (1117)
* Add `Connection.set_character_set(charset, collation=None)`. This method is compatible with mysqlclient. (1119)
* Deprecate `Connection.set_charset(charset)` (1119)
* New connection always send "SET NAMES charset [COLLATE collation]" query. (1119)
Since collation table is vary on MySQL server versions, collation in handshake is fragile.
* Support `charset="utf8mb3"` option (1127)

1.0.3

Release date: 2023-03-28

* Dropped support of end of life MySQL version 5.6
* Dropped support of end of life MariaDB versions below 10.3
* Dropped support of end of life Python version 3.6
* Removed `_last_executed` because of duplication with `_executed` by rajat315315 in https://github.com/PyMySQL/PyMySQL/pull/948
* Fix generating authentication response with long strings by netch80 in https://github.com/PyMySQL/PyMySQL/pull/988
* update pymysql.constants.CR by Nothing4You in https://github.com/PyMySQL/PyMySQL/pull/1029
* Document that the ssl connection parameter can be an SSLContext by cakemanny in https://github.com/PyMySQL/PyMySQL/pull/1045
* Raise ProgrammingError on -np.inf in addition to np.inf by cdcadman in https://github.com/PyMySQL/PyMySQL/pull/1067
* Use Python 3.11 release instead of -dev in tests by Nothing4You in https://github.com/PyMySQL/PyMySQL/pull/1076

Links

• PyPI: https://pypi.org/project/pymysql
• Changelog: https://data.safetycli.com/changelogs/pymysql/

Update statsd from 3.3.0 to 4.0.1.

Changelog

4.0.1

Fixed

- Updated PyPI trove classifiers for current Python versions.

4.0

Added

- Updates support to Python 3.7 through 3.11.
- Added `close()` method to UDP-based `StatsClient`. (136)

Dropped

- Drops support for Python 2.

Fixed

- Using a timing decorator on an async function should now properly measure the
execution time, instead of counting immediately. See 119.

Links

• PyPI: https://pypi.org/project/statsd
• Changelog: https://data.safetycli.com/changelogs/statsd/

Update xxhash from 2.0.2 to 3.5.0.

Changelog

3.5.0

~~~~~~~~~~~~~~~~~

- Build wheels for Python 3.13

3.4.1

~~~~~~~~~~~~~~~~~

- Build wheels for Python 3.12
- Remove setuptools_scm

3.4.0

~~~~~~~~~~~~~~~~~

*Yanked* due to wheels building problem.

3.3.0

~~~~~~~~~~~~~~~~~

- Upgrade xxHash to v0.8.2
- Drop support for Python 3.6

3.2.0

~~~~~~~~~~~~~~~~~

This is the last version to support Python 3.6

- Build Python 3.11 wheels.
- Remove setup.py test_suites, call unittest directly

3.1.0

~~~~~~~~~~~~~~~~~

- Type annotations.
- Enabled muslinux wheels building.

3.0.0

~~~~~~~~~~~~~~~~~

- New set `algorithms_available` lists all implemented algorithms in `xxhash`
package.
- Upgrade xxHash to v0.8.1.
- Drop support for EOL Python versions, require python >= 3.6 from now on.
- Migrate to github actions and build arm64 wheels for macOS.
- Always release GIL.

Links

• PyPI: https://pypi.org/project/xxhash
• Changelog: https://data.safetycli.com/changelogs/xxhash/
• Repo: https://github.com/ifduyue/python-xxhash

Update objgraph from 3.5.0 to 3.6.2.

Changelog

3.6.2

------------------

- Add support for Python 3.13.

3.6.1

------------------

- Add support for Python 3.12.

3.6.0

------------------

- Add support for Python 3.9, 3.10, and 3.11.

- Drop support for Python 2.7 and 3.6.

Links

• PyPI: https://pypi.org/project/objgraph
• Changelog: https://data.safetycli.com/changelogs/objgraph/
• Homepage: https://mg.pov.lt/objgraph/

Update cssutils from 2.3.1 to 2.11.1.

Changelog

2.11.1

=======

Bugfixes
--------

- Consolidated license to simply LGPL 3. (52)

2.11.0

=======

Features
--------

- Reduced cyclomatic complexity in selector module. (47)

2.10.3

=======

Bugfixes
--------

- Fixed DeprecationWarning with cgi module.

2.10.2

=======

Bugfixes
--------

- Remove optional dependency only required on unsupported Python versions. (48)

2.10.1

=======

Bugfixes
--------

- Replace xunit-style setup with pytest fixtures. (45)

2.10.0

=======

Features
--------

- getPropertyValue now allows specifying a default value. (42)

2.9.0

======

Features
--------

- Made URL fetcher lenient to missing metadata.

2.8.0

======

Features
--------

- Require Python 3.8 or later.


Bugfixes
--------

- Made some unreachable tests reachable.

2.7.1

======

36: Refactored to restore docs builds without warning-errors.

2.7.0

======

35: Updated deprecated usage of ``cgi`` module.

34: Updated deprecated setup/teardown from ``nose`` in tests.

Other miscellaneous cleanup and packaging updates.

2.6.0

======

14: Added support for custom CSS variables with ``--`` prefix.

2.5.1

======

Some refactoring.

2.5.0

======

Substantial code refresh. Ported tests to native pytest.

Enrolled project with Tidelift.

2.4.2

======

24: Added Python 3.11 compatibility to tests.

2.4.1

======

22: Removed ``cssutils.tests.basetest.get_resource_filename``.
21: Cleaned up docs so they build without warnings.

2.4.0

======

Require Python 3.7.

Links

• PyPI: https://pypi.org/project/cssutils
• Changelog: https://data.safetycli.com/changelogs/cssutils/
• Docs: https://pythonhosted.org/cssutils/

Update tinycss2 from 1.1.1 to 1.4.0.

Changelog

1.4.0

* Support CSS Color Level 4

1.3.0

* Support CSS nesting
* Deprecate parse_declaration_list, use parse_blocks_contents instead

1.2.1

* Fix tests included in the source tarball

1.2.0

* Drop support of Python 3.6
* Fix serialization of nested functions with no parameters
* Don’t use pytest plugins by default

Links

• PyPI: https://pypi.org/project/tinycss2
• Changelog: https://data.safetycli.com/changelogs/tinycss2/

Update fontTools from 4.27.1 to 4.55.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/fonttools
• Repo: http://github.com/fonttools/fonttools

Update cachetools from 4.2.4 to 5.5.0.

Changelog

5.5.0

===================

- ``TTLCache.expire()`` returns iterable of expired ``(key, value)``
pairs.

- ``TLRUCache.expire()`` returns iterable of expired ``(key, value)``
pairs.

- Documentation improvements.

- Update CI environment.

5.4.0

===================

- Add the ``keys.typedmethodkey`` decorator.

- Deprecate ``MRUCache`` class.

- Deprecate ``func.mru_cache`` decorator.

- Update CI environment.

5.3.3

===================

- Documentation improvements.

- Update CI environment.

5.3.2

===================

- Add support for Python 3.12.

- Various documentation improvements.

5.3.1

===================

- Depend on Python >= 3.7.

5.3.0

===================

- Add ``cache_info()`` function to ``cached`` decorator.

5.2.1

===================

- Add support for Python 3.11.

- Correct version information in RTD documentation.

- ``badges/shields``: Change to GitHub workflow badge routes.

5.2.0

===================

- Add ``cachetools.keys.methodkey()``.

- Add ``cache_clear()`` function to decorators.

- Add ``src`` directory to ``sys.path`` for Sphinx autodoc.

- Modernize ``func`` wrappers.

5.1.0

===================

- Add cache decorator parameters as wrapper function attributes.

5.0.0

===================

- Require Python 3.7 or later (breaking change).

- Remove deprecated submodules (breaking change).

The ``cache``, ``fifo``, ``lfu``, ``lru``, ``mru``, ``rr`` and
``ttl`` submodules have been deleted.  Therefore, statements like

``from cachetools.ttl import TTLCache``

will no longer work. Use

``from cachetools import TTLCache``

instead.

- Pass ``self`` to ``cachedmethod`` key function (breaking change).

The ``key`` function passed to the ``cachedmethod`` decorator is
now called as ``key(self, *args, **kwargs)``.

The default key function has been changed to ignore its first
argument, so this should only affect applications using custom key
functions with the ``cachedmethod`` decorator.

- Change exact time of expiration in ``TTLCache`` (breaking change).

``TTLCache`` items now get expired if their expiration time is less
than *or equal to* ``timer()``.  For applications using the default
``timer()``, this should be barely noticeable, but it may affect the
use of custom timers with larger tick intervals.  Note that this
also implies that a ``TTLCache`` with ``ttl=0`` can no longer hold
any items, since they will expire immediately.

- Change ``Cache.__repr__()`` format (breaking change).

String representations of cache instances now use a more compact and
efficient format, e.g.

``LRUCache({1: 1, 2: 2}, maxsize=10, currsize=2)``

- Add TLRU cache implementation.

- Documentation improvements.

Links

• PyPI: https://pypi.org/project/cachetools
• Changelog: https://data.safetycli.com/changelogs/cachetools/
• Repo: https://github.com/tkem/cachetools/

Update bleach from 4.1.0 to 6.2.0.

Changelog

6.2.0

----------------------------------
**Backwards incompatible changes**

* Dropped support for Python 3.8. (737)

**Security fixes**

None

**Bug fixes**

* Add support for Python 3.13. (736)
* Remove six depdenncy. (618)
* Update known-good versions for tinycss2. (732)
* Fix additional < followed by characters and EOF issues. (728)

6.1.0

---------------------------------

**Backwards incompatible changes**

* Dropped support for Python 3.7. (709)

**Security fixes**

None

**Bug fixes**

* Add support for Python 3.12. (710)
* Fix linkify with arrays in querystring (436)
* Handle more cases with < followed by character data (705)
* Fix entities inside a tags in linkification (704)
* Update cap for tinycss2 to <1.3 (702)
* Updated Sphinx requirement
* Add dependabot for github actions and update github actions

6.0.0

----------------------------------

**Backwards incompatible changes**

* ``bleach.clean``, ``bleach.sanitizer.Cleaner``,
``bleach.html5lib_shim.BleachHTMLParser``: the ``tags`` and ``protocols``
arguments were changed from lists to sets.

Old pre-6.0.0:

.. code-block:: python

  bleach.clean(
      "some text",
      tags=["a", "p", "img"],
          ^               ^ list
      protocols=["http", "https"],
               ^               ^ list
  )


New 6.0.0 and later:

.. code-block:: python

  bleach.clean(
      "some text",
      tags={"a", "p", "img"},
          ^               ^ set
      protocols={"http", "https"},
               ^               ^ set
  )

* ``bleach.linkify``, ``bleach.linkifier.Linker``: the ``skip_tags`` and
``recognized_tags`` arguments were changed from lists to sets.

Old pre-6.0.0:

.. code-block:: python

  bleach.linkify(
      "some text",
      skip_tags=["pre"],
               ^     ^ list
  )

  linker = Linker(
      skip_tags=["pre"],
               ^     ^ list
      recognized_tags=html5lib_shim.HTML_TAGS + ["custom-element"],
                                             ^ ^                ^ list
                                             |
                                             | list concatenation
  )

New 6.0.0 and later:

.. code-block:: python

  bleach.linkify(
      "some text",
      skip_tags={"pre"},
               ^     ^ set
  )

  linker = Linker(
      skip_tags={"pre"},
               ^     ^ set
      recognized_tags=html5lib_shim.HTML_TAGS | {"custom-element"},
                                             ^ ^                ^ set
                                             |
                                             | union operator
  )

* ``bleach.sanitizer.BleachSanitizerFilter``: ``strip_allowed_elements`` is now
``strip_allowed_tags``. We now use "tags" everywhere rather than a mishmash
of "tags" in some places and "elements" in others.


**Security fixes**

None


**Bug fixes**

* Add support for Python 3.11. (675)

* Fix API weirness in ``BleachSanitizerFilter``. (649)

We're using "tags" instead of "elements" everywhere--no more weird
overloading of "elements" anymore.

Also, it no longer calls the superclass constructor.

* Add warning when ``css_sanitizer`` isn't set, but the ``style``
attribute is allowed. (676)

* Fix linkify handling of character entities. (501)

* Rework dev dependencies to use ``requirements-dev.txt`` and
``requirements-flake8.txt`` instead of extras.

* Fix project infrastructure to be tox-based so it's easier to have CI
run the same things we're running in development and with flake8
in an isolated environment.

* Update action versions in CI.

* Switch to f-strings where possible. Make tests parametrized to be
easier to read/maintain.

5.0.1

-------------------------------

**Security fixes**

None


**Bug fixes**

* Add missing comma to tinycss2 require. Thank you, shadchin!

* Add url parse tests based on wpt url tests. (688)

* Support scheme-less urls if "https" is in allow list. (662)

* Handle escaping ``<`` in edge cases where it doesn't start a tag. (544)

* Fix reference warnings in docs. (660)

* Correctly urlencode email address parts. Thank you, larseggert! (659)

5.0.0

-------------------------------

**Backwards incompatible changes**

* ``clean`` and ``linkify`` now preserve the order of HTML attributes. Thank
you, askoretskly! (566)

* Drop support for Python 3.6. Thank you, hugovk! (629)

* CSS sanitization in style tags is completely different now. If you're using
Bleach ``clean`` to sanitize css in style tags, you'll need to update your
code and you'll need to install the ``css`` extras::

   pip install 'bleach[css]'

See `the documentation on sanitizing CSS for how to do it
<https://bleach.readthedocs.io/en/latest/clean.html#sanitizing-css>`_. (633)

**Security fixes**

None

**Bug fixes**

* Rework dev dependencies. We no longer have
``requirements-dev.in``/``requirements-dev.txt``. Instead, we're using
``dev`` extras.

See `development docs <https://bleach.readthedocs.io/en/latest/dev.html>`_
for more details. (620)

* Add newline when dropping block-level tags. Thank you, jvanasco! (369)

Links

• PyPI: https://pypi.org/project/bleach
• Changelog: https://data.safetycli.com/changelogs/bleach/
• Repo: https://github.com/mozilla/bleach
• Docs: https://pythonhosted.org/bleach/

Update Jinja2 from 3.0.3 to 3.1.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/jinja2

Update cherrypy from 18.6.1 to 18.10.0.

Changelog

18.10.0

--------

* Removed the use of :mod:`cgi` deprecated in Python 3.11
-- by :user:`radez`.
* Various `changes <https://github.com/cherrypy/cherrypy/compare/v18.9.0...7104cfb3cfc6e6582f0773529142d777b1aff1bd>`_.

18.9.0

-------

* Various
`changes <https://github.com/cherrypy/cherrypy/compare/v18.8.0...v18.9.0>`_.

18.8.0

-------

* :issue:`1974`: Dangerous characters received in a host header
encoded using RFC 2047 are now elided by default. Currently,
dangerous characters are defined as CR and LF. The original
value is still available as ``cherrypy.request.headers['Host'].raw``
if needed.

18.7.0

-------

* :pr:`1923`: Drop support for Python 3.5.
* :pr:`1945`: Fixed compatibility on Python 3.11.

Links

• PyPI: https://pypi.org/project/cherrypy
• Changelog: https://data.safetycli.com/changelogs/cherrypy/
• Homepage: https://www.cherrypy.dev

Update msgpack from 0.6.2 to 1.1.0.

Changelog

1.1.0

=====

Release Date: 2024-09-10

* use ``PyLong_*`` instead of ``PyInt_*`` for compatibility with
future Cython. (620)

1.1.0rc2

========

Release Date: 2024-08-19

* Update Cython to 3.0.11 for better Python 3.13 support.
* Update cibuildwheel to 2.20.0 to build Python 3.13 wheels.

1.1.0rc1

========

Release Date: 2024-05-07

* Update Cython to 3.0.10 to reduce C warnings and future support for Python 3.13.
* Stop using C++ mode in Cython to reduce compile error on some compilers.
* ``Packer()`` has ``buf_size`` option to specify initial size of
internal buffer to reduce reallocation.
* The default internal buffer size of ``Packer()`` is reduced from
1MiB to 256KiB to optimize for common use cases. Use ``buf_size``
if you are packing large data.
* ``Timestamp.to_datetime()`` and ``Timestamp.from_datetime()`` become
more accurate by avoiding floating point calculations. (591)
* The Cython code for ``Unpacker`` has been slightly rewritten for maintainability.
* The fallback implementation of ``Packer()`` and ``Unpacker()`` now uses keyword-only
arguments to improve compatibility with the Cython implementation.

1.0.8

=====

Release Date: 2024-03-01

* Update Cython to 3.0.8. This fixes memory leak when iterating
``Unpacker`` object on Python 3.12.
* Do not include C/Cython files in binary wheels.

1.0.7

=====

Release Date: 2023-09-28

* Fix build error of extension module on Windows. (567)
* ``setup.py`` doesn't skip build error of extension module. (568)

1.0.6

=====

Release Date: 2023-09-21

.. note::
v1.0.6 Wheels for Windows don't contain extension module.
Please upgrade to v1.0.7 or newer.

* Add Python 3.12 wheels (517)
* Remove Python 2.7, 3.6, and 3.7 support

1.0.5

=====

Release Date: 2023-03-08

* Use ``__BYTE_ORDER__`` instead of ``__BYTE_ORDER`` for portability. (513, 514)
* Add Python 3.11 wheels (517)
* fallback: Fix packing multidimensional memoryview (527)

1.0.4

=====

Release Date: 2022-06-03

* Support Python 3.11 (beta).
* Don't define `__*_ENDIAN__` macro on Unix. by methane in https://github.com/msgpack/msgpack-python/pull/495
* Use PyFloat_Pack8() on Python 3.11a7 by vstinner in https://github.com/msgpack/msgpack-python/pull/499
* Fix Unpacker max_buffer_length handling by methane in https://github.com/msgpack/msgpack-python/pull/506

1.0.3

=====

Release Date: 2021-11-24 JST

* Fix Docstring (459)
* Fix error formatting (463)
* Improve error message about strict_map_key (485)

1.0.2

=====

* Fix year 2038 problem regression in 1.0.1. (451)

1.0.1

=====

* Add Python 3.9 and linux/arm64 wheels. (439)
* Fixed Unpacker.tell() after read_bytes() (426)
* Fixed unpacking datetime before epoch on Windows (433)
* Fixed fallback Packer didn't check DateTime.tzinfo (434)

1.0.0

=====

Release Date: 2020-02-17

* Remove Python 2 support from the ``msgpack/_cmsgpack``.
``msgpack/fallback`` still supports Python 2.
* Remove ``encoding`` option from the Packer and Unpacker.
* Unpacker: The default value of ``max_buffer_size`` is changed to 100MiB.
* Unpacker: ``strict_map_key`` is True by default now.
* Unpacker: String map keys are interned.
* Drop old buffer protocol support.
* Support Timestamp type.
* Support serializing and decerializing ``datetime`` object
with tzinfo.
* Unpacker: ``Fix Unpacker.read_bytes()`` in fallback implementation. (352)

Links

• PyPI: https://pypi.org/project/msgpack
• Changelog: https://data.safetycli.com/changelogs/msgpack/

Update psycopg2-binary from 2.9.3 to 2.9.10.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/psycopg2-binary
• Homepage: https://psycopg.org/

Update SQLAlchemy from 1.3.24 to 2.0.36.

Changelog

2.0.36

:released: October 15, 2024

 .. change::
     :tags: bug, schema
     :tickets: 11317

     Fixed bug where SQL functions passed to
     :paramref:`_schema.Column.server_default` would not be rendered with the
     particular form of parenthesization now required by newer versions of MySQL
     and MariaDB. Pull request courtesy of huuya.

 .. change::
     :tags: bug, orm
     :tickets: 11912

     Fixed bug in ORM bulk update/delete where using RETURNING with bulk
     update/delete in combination with ``populate_existing`` would fail to
     accommodate the ``populate_existing`` option.

 .. change::
     :tags: bug, orm
     :tickets: 11917

     Continuing from :ticket:`11912`, columns marked with
     :paramref:`.mapped_column.onupdate`,
     :paramref:`.mapped_column.server_onupdate`, or :class:`.Computed` are now
     refreshed in ORM instances when running an ORM enabled UPDATE with WHERE
     criteria, even if the statement does not use RETURNING or
     ``populate_existing``.

 .. change::
     :tags: usecase, orm
     :tickets: 11923

     Added new parameter :paramref:`_orm.mapped_column.hash` to ORM constructs
     such as :meth:`_orm.mapped_column`, :meth:`_orm.relationship`, etc.,
     which is interpreted for ORM Native Dataclasses in the same way as other
     dataclass-specific field parameters.

 .. change::
     :tags: bug, postgresql, reflection
     :tickets: 11961

     Fixed bug in reflection of table comments where unrelated text would be
     returned if an entry in the ``pg_description`` table happened to share the
     same oid (objoid) as the table being reflected.

 .. change::
     :tags: bug, orm
     :tickets: 11965

     Fixed regression caused by fixes to joined eager loading in :ticket:`11449`
     released in 2.0.31, where a particular joinedload case could not be
     asserted correctly.   We now have an example of that case so the assertion
     has been repaired to allow for it.


 .. change::
     :tags: orm, bug
     :tickets: 11973

     Improved the error message emitted when trying to map as dataclass a class
     while also manually providing the ``__table__`` attribute.
     This usage is currently not supported.

 .. change::
     :tags: mysql, performance
     :tickets: 11975

     Improved a query used for the MySQL 8 backend when reflecting foreign keys
     to be better optimized.   Previously, for a database that had millions of
     columns across all tables, the query could be prohibitively slow; the query
     has been reworked to take better advantage of existing indexes.

 .. change::
     :tags: usecase, sql
     :tickets: 11978

     Datatypes that are binary based such as :class:`.VARBINARY` will resolve to
     :class:`.LargeBinary` when the :meth:`.TypeEngine.as_generic()` method is
     called.

 .. change::
     :tags: postgresql, bug
     :tickets: 11994

     The :class:`.postgresql.JSON` and :class:`.postgresql.JSONB` datatypes will
     now render a "bind cast" in all cases for all PostgreSQL backends,
     including psycopg2, whereas previously it was only enabled for some
     backends.   This allows greater accuracy in allowing the database server to
     recognize when a string value is to be interpreted as JSON.

 .. change::
     :tags: bug, orm
     :tickets: 11995

     Refined the check which the ORM lazy loader uses to detect "this would be
     loading by primary key and the primary key is NULL, skip loading" to take
     into account the current setting for the
     :paramref:`.orm.Mapper.allow_partial_pks` parameter. If this parameter is
     ``False``, then a composite PK value that has partial NULL elements should
     also be skipped.   This can apply to some composite overlapping foreign key
     configurations.


 .. change::
     :tags: bug, orm
     :tickets: 11997

     Fixed bug in ORM "update with WHERE clause" feature where an explicit
     ``.returning()`` would interfere with the "fetch" synchronize strategy due
     to an assumption that the ORM mapped class featured the primary key columns
     in a specific position within the RETURNING.  This has been fixed to use
     appropriate ORM column targeting.

 .. change::
     :tags: bug, sql, regression
     :tickets: 12002

     Fixed regression from 1.4 where some datatypes such as those derived from
     :class:`.TypeDecorator` could not be pickled when they were part of a
     larger SQL expression composition due to internal supporting structures
     themselves not being pickleable.

.. changelog::

2.0.35

:released: September 16, 2024

 .. change::
     :tags: bug, orm, typing
     :tickets: 11820

     Fixed issue where it was not possible to use ``typing.Literal`` with
     ``Mapped[]`` on Python 3.8 and 3.9.  Pull request courtesy Frazer McLean.

 .. change::
     :tags: bug, sqlite, regression
     :tickets: 11840

     The changes made for SQLite CHECK constraint reflection in versions 2.0.33
     and 2.0.34 , :ticket:`11832` and :ticket:`11677`, have now been fully
     reverted, as users continued to identify existing use cases that stopped
     working after this change.   For the moment, because SQLite does not
     provide any consistent way of delivering information about CHECK
     constraints, SQLAlchemy is limited in what CHECK constraint syntaxes can be
     reflected, including that a CHECK constraint must be stated all on a
     single, independent line (or inline on a column definition)  without
     newlines, tabs in the constraint definition or unusual characters in the
     constraint name.  Overall, reflection for SQLite is tailored towards being
     able to reflect CREATE TABLE statements that were originally created by
     SQLAlchemy DDL constructs.  Long term work on a DDL parser that does not
     rely upon regular expressions may eventually improve upon this situation.
     A wide range of additional cross-dialect CHECK constraint reflection tests
     have been added as it was also a bug that these changes did not trip any
     existing tests.

 .. change::
     :tags: orm, bug
     :tickets: 11849

     Fixed issue in ORM evaluator where two datatypes being evaluated with the
     SQL concatenator operator would not be checked for
     :class:`.UnevaluatableError` based on their datatype; this missed the case
     of :class:`_postgresql.JSONB` values being used in a concatenate operation
     which is supported by PostgreSQL as well as how SQLAlchemy renders the SQL
     for this operation, but does not work at the Python level. By implementing
     :class:`.UnevaluatableError` for this combination, ORM update statements
     will now fall back to "expire" when a concatenated JSON value used in a SET
     clause is to be synchronized to a Python object.

 .. change::
     :tags: bug, orm
     :tickets: 11853

     An warning is emitted if :func:`_orm.joinedload` or
     :func:`_orm.subqueryload` are used as a top level option against a
     statement that is not a SELECT statement, such as with an
     ``insert().returning()``.   There are no JOINs in INSERT statements nor is
     there a "subquery" that can be repurposed for subquery eager loading, and
     for UPDATE/DELETE joinedload does not support these either, so it is never
     appropriate for this use to pass silently.

 .. change::
     :tags: bug, orm
     :tickets: 11855

     Fixed issue where using loader options such as :func:`_orm.selectinload`
     with additional criteria in combination with ORM DML such as
     :func:`_sql.insert` with RETURNING would not correctly set up internal
     contexts required for caching to work correctly, leading to incorrect
     results.

 .. change::
     :tags: bug, mysql
     :tickets: 11870

     Fixed issue in mariadbconnector dialect where query string arguments that
     weren't checked integer or boolean arguments would be ignored, such as
     string arguments like ``unix_socket``, etc.  As part of this change, the
     argument parsing for particular elements such as ``client_flags``,
     ``compress``, ``local_infile`` has been made more consistent across all
     MySQL / MariaDB dialect which accept each argument. Pull request courtesy
     Tobias Alex-Petersen.


.. changelog::

2.0.34

:released: September 4, 2024

 .. change::
     :tags: bug, orm
     :tickets: 11831

     Fixed regression caused by issue :ticket:`11814` which broke support for
     certain flavors of :pep:`593` ``Annotated`` in the type_annotation_map when
     builtin types such as ``list``, ``dict`` were used without an element type.
     While this is an incomplete style of typing, these types nonetheless
     previously would be located in the type_annotation_map correctly.

 .. change::
     :tags: bug, sqlite
     :tickets: 11832

     Fixed regression in SQLite reflection caused by :ticket:`11677` which
     interfered with reflection for CHECK constraints that were followed
     by other kinds of constraints within the same table definition.   Pull
     request courtesy Harutaka Kawamura.


.. changelog::

2.0.33

:released: September 3, 2024

 .. change::
     :tags: bug, sqlite
     :tickets: 11677

     Improvements to the regex used by the SQLite dialect to reflect the name
     and contents of a CHECK constraint.  Constraints with newline, tab, or
     space characters in either or both the constraint text and constraint name
     are now properly reflected.   Pull request courtesy Jeff Horemans.



 .. change::
     :tags: bug, engine
     :tickets: 11687

     Fixed issue in internal reflection cache where particular reflection
     scenarios regarding same-named quoted_name() constructs would not be
     correctly cached.  Pull request courtesy Felix Lüdin.

 .. change::
     :tags: bug, sql, regression
     :tickets: 11703

     Fixed regression in :meth:`_sql.Select.with_statement_hint` and others
     where the generative behavior of the method stopped producing a copy of the
     object.

 .. change::
     :tags: bug, mysql
     :tickets: 11731

     Fixed issue in MySQL dialect where using INSERT..FROM SELECT in combination
     with ON DUPLICATE KEY UPDATE would erroneously render on MySQL 8 and above
     the "AS new" clause, leading to syntax failures.  This clause is required
     on MySQL 8 to follow the VALUES clause if use of the "new" alias is
     present, however is not permitted to follow a FROM SELECT clause.


 .. change::
     :tags: bug, sqlite
     :tickets: 11746

     Improvements to the regex used by the SQLite dialect to reflect the name
     and contents of a UNIQUE constraint that is defined inline within a column
     definition inside of a SQLite CREATE TABLE statement, accommodating for tab
     characters present within the column / constraint line. Pull request
     courtesy John A Stevenson.




 .. change::
     :tags: bug, typing
     :tickets: 11782

     Fixed typing issue with :meth:`_sql.Select.with_only_columns`.

 .. change::
     :tags: bug, orm
     :tickets: 11788

     Correctly cleanup the internal top-level module registry when no
     inner modules or classes are registered into it.

 .. change::
     :tags: bug, schema
     :tickets: 11802

     Fixed bug where the ``metadata`` element of an ``Enum`` datatype would not
     be transferred to the new :class:`.MetaData` object when the type had been
     copied via a :meth:`.Table.to_metadata` operation, leading to inconsistent
     behaviors within create/drop sequences.

 .. change::
     :tags: bug, orm
     :tickets: 11814

     Improvements to the ORM annotated declarative type map lookup dealing with
     composed types such as ``dict[str, Any]`` linking to JSON (or others) with
     or without "future annotations" mode.



 .. change::
     :tags: change, general
     :tickets: 11818

     The pin for ``setuptools<69.3`` in ``pyproject.toml`` has been removed.
     This pin was to prevent a sudden change in setuptools to use :pep:`625`
     from taking place, which would change the file name of SQLAlchemy's source
     distribution on pypi to be an all lower case name, which is likely to cause
     problems with various build environments that expected the previous naming
     style.  However, the presence of this pin is holding back environments that
     otherwise want to use a newer setuptools, so we've decided to move forward
     with this change, with the assumption that build environments will have
     largely accommodated the setuptools change by now.



 .. change::
     :tags: bug, postgresql
     :tickets: 11821

     Revising the asyncpg ``terminate()`` fix first made in :ticket:`10717`
     which improved the resiliency of this call under all circumstances, adding
     ``asyncio.CancelledError`` to the list of exceptions that are intercepted
     as failing for a graceful ``.close()`` which will then proceed to call
     ``.terminate()``.

 .. change::
     :tags: bug, mssql
     :tickets: 11822

     Added error "The server failed to resume the transaction" to the list of
     error strings for the pymssql driver in determining a disconnect scenario,
     as observed by one user using pymssql under otherwise unknown conditions as
     leaving an unusable connection in the connection pool which fails to ping
     cleanly.

 .. change::
     :tags: bug, tests

     Added missing ``array_type`` property to the testing suite
     ``SuiteRequirements`` class.

.. changelog::

2.0.32

:released: August 5, 2024

 .. change::
     :tags: bug, examples
     :tickets: 10267

     Fixed issue in history_meta example where the "version" column in the
     versioned table needs to default to the most recent version number in the
     history table on INSERT, to suit the use case of a table where rows are
     deleted, and can then be replaced by new rows that re-use the same primary
     key identity.  This fix adds an additonal SELECT query per INSERT in the
     main table, which may be inefficient; for cases where primary keys are not
     re-used, the default function may be omitted.  Patch courtesy  Philipp H.
     v. Loewenfeld.

 .. change::
     :tags: bug, oracle
     :tickets: 11557

     Fixed table reflection on Oracle 10.2 and older where compression options
     are not supported.

 .. change::
     :tags: oracle, usecase
     :tickets: 10820

     Added API support for server-side cursors for the oracledb async dialect,
     allowing use of the :meth:`_asyncio.AsyncConnection.stream` and similar
     stream methods.

 .. change::
     :tags: bug, orm
     :tickets: 10834

     Fixed issue where using the :meth:`_orm.Query.enable_eagerloads` and
     :meth:`_orm.Query.yield_per` methods at the same time, in order to disable
     eager loading that's configured on the mapper directly, would be silently
     ignored, leading to errors or unexpected eager population of attributes.

 .. change::
     :tags: orm
     :tickets: 11163

     Added a warning noting when an
     :meth:`_engine.ConnectionEvents.engine_connect` event may be leaving
     a transaction open, which can alter the behavior of a
     :class:`_orm.Session` using such an engine as bind.
     On SQLAlchemy 2.1 :paramref:`_orm.Session.join_transaction_mode` will
     instead be ignored in all cases when the session bind is
     an :class:`_engine.Engine`.

 .. change::
     :tags: bug, general, regression
     :tickets: 11435

     Restored legacy class names removed from
     ``sqlalalchemy.orm.collections.*``, including
     :class:`_orm.MappedCollection`, :func:`_orm.mapped_collection`,
     :func:`_orm.column_mapped_collection`,
     :func:`_orm.attribute_mapped_collection`. Pull request courtesy Takashi
     Kajinami.

 .. change::
     :tags: bug, sql
     :tickets: 11471

     Follow up of :ticket:`11471` to fix caching issue where using the
     :meth:`.CompoundSelectState.add_cte` method of the
     :class:`.CompoundSelectState` construct would not set a correct cache key
     which distinguished between different CTE expressions. Also added tests
     that would detect issues similar to the one fixed in :ticket:`11544`.

 .. change::
     :tags: bug, mysql
     :tickets: 11479

     Fixed issue in MySQL dialect where ENUM values that contained percent signs
     were not properly escaped for the driver.


 .. change::
     :tags: usecase, oracle
     :tickets: 11480

     Implemented two-phase transactions for the oracledb dialect. Historically,
     this feature never worked with the cx_Oracle dialect, however recent
     improvements to the oracledb successor now allow this to be possible.  The
     two phase transaction API is available at the Core level via the
     :meth:`_engine.Connection.begin_twophase` method.

 .. change::
     :tags: bug, postgresql
     :tickets: 11522

     It is now considered a pool-invalidating disconnect event when psycopg2
     throws an "SSL SYSCALL error: Success" error message, which can occur when
     the SSL connection to Postgres is terminated abnormally.

 .. change::
     :tags: bug, schema
     :tickets: 11530

     Fixed additional issues in the event system triggered by unpickling of a
     :class:`.Enum` datatype, continuing from :ticket:`11365` and
     :ticket:`11360`,  where dynamically generated elements of the event
     structure would not be present when unpickling in a new process.

 .. change::
     :tags: bug, engine
     :tickets: 11532

     Fixed issue in "insertmanyvalues" feature where a particular call to
     ``cursor.fetchall()`` were not wrapped in SQLAlchemy's exception wrapper,
     which apparently can raise a database exception during fetch when using
     pyodbc.

 .. change::
     :tags: usecase, orm
     :tickets: 11575

     The :paramref:`_orm.aliased.name` parameter to :func:`_orm.aliased` may now
     be combined with the :paramref:`_orm.aliased.flat` parameter, producing
     per-table names based on a name-prefixed naming convention.  Pull request
     courtesy Eric Atkin.

 .. change::
     :tags: bug, postgresql
     :tickets: 11576

     Fixed issue where the :func:`_sql.collate` construct, which explicitly sets
     a collation for a given expression, would maintain collation settings for
     the underlying type object from the expression, causing SQL expressions to
     have both collations stated at once when used in further expressions for
     specific dialects that render explicit type casts, such as that of asyncpg.
     The :func:`_sql.collate` construct now assigns its own type to explicitly
     include the new collation, assuming it's a string type.

 .. change::
     :tags: bug, sql
     :tickets: 11592

     Fixed bug where the :meth:`.Operators.nulls_first()` and
     :meth:`.Operators.nulls_last()` modifiers would not be treated the same way
     as :meth:`.Operators.desc()` and :meth:`.Operators.asc()` when determining
     if an ORDER BY should be against a label name already in the statement. All
     four modifiers are now treated the same within ORDER BY.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11625

     Fixed regression appearing in 2.0.21 caused by :ticket:`10279` where using
     a :func:`_sql.delete` or :func:`_sql.update` against an ORM class that is
     the base of an inheritance hierarchy, while also specifying that subclasses
     should be loaded polymorphically, would leak the polymorphic joins into the
     UPDATE or DELETE statement as well creating incorrect SQL.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11661

     Fixed regression from version 1.4 in
     :meth:`_orm.Session.bulk_insert_mappings` where using the
     :paramref:`_orm.Session.bulk_insert_mappings.return_defaults` parameter
     would not populate the passed in dictionaries with newly generated primary
     key values.


 .. change::
     :tags: bug, oracle, sqlite
     :tickets: 11663

     Implemented bitwise operators for Oracle which was previously
     non-functional due to a non-standard syntax used by this database.
     Oracle's support for bitwise "or" and "xor" starts with server version 21.
     Additionally repaired the implementation of "xor" for SQLite.

     As part of this change, the dialect compliance test suite has been enhanced
     to include support for server-side bitwise tests; third party dialect
     authors should refer to new "supports_bitwise" methods in the
     requirements.py file to enable these tests.




 .. change::
     :tags: bug, typing

     Fixed internal typing issues to establish compatibility with mypy 1.11.0.
     Note that this does not include issues which have arisen with the
     deprecated mypy plugin used by SQLAlchemy 1.4-style code; see the addiional
     change note for this plugin indicating revised compatibility.

.. changelog::

2.0.31

:released: June 18, 2024

 .. change::
     :tags: usecase, reflection, mysql
     :tickets: 11285

     Added missing foreign key reflection option ``SET DEFAULT``
     in the MySQL and MariaDB dialects.
     Pull request courtesy of Quentin Roche.

 .. change::
     :tags: usecase, orm
     :tickets: 11361

     Added missing parameter :paramref:`_orm.with_polymorphic.name` that
     allows specifying the name of returned :class:`_orm.AliasedClass`.

 .. change::
     :tags: bug, orm
     :tickets: 11365

     Fixed issue where a :class:`.MetaData` collection would not be
     serializable, if an :class:`.Enum` or :class:`.Boolean` datatype were
     present which had been adapted. This specific scenario in turn could occur
     when using the :class:`.Enum` or :class:`.Boolean` within ORM Annotated
     Declarative form where type objects frequently get copied.

 .. change::
     :tags: schema, usecase
     :tickets: 11374

     Added :paramref:`_schema.Column.insert_default` as an alias of
     :paramref:`_schema.Column.default` for compatibility with
     :func:`_orm.mapped_column`.

 .. change::
     :tags: bug, general
     :tickets: 11417

     Set up full Python 3.13 support to the extent currently possible, repairing
     issues within internal language helpers as well as the serializer extension
     module.

 .. change::
     :tags: bug, sql
     :tickets: 11422

     Fixed issue when serializing an :func:`_sql.over` clause with
     unbounded range or rows.

 .. change::
     :tags: bug, sql
     :tickets: 11423

     Added missing methods :meth:`_sql.FunctionFilter.within_group`
     and :meth:`_sql.WithinGroup.filter`

 .. change::
     :tags: bug, sql
     :tickets: 11426

     Fixed bug in :meth:`_sql.FunctionFilter.filter` that would mutate
     the existing function in-place. It now behaves like the rest of the
     SQLAlchemy API, returning a new instance instead of mutating the
     original one.

 .. change::
     :tags: bug, orm
     :tickets: 11446

     Fixed issue where the :func:`_orm.selectinload` and
     :func:`_orm.subqueryload` loader options would fail to take effect when
     made against an inherited subclass that itself included a subclass-specific
     :paramref:`_orm.Mapper.with_polymorphic` setting.

 .. change::
     :tags: bug, orm
     :tickets: 11449

     Fixed very old issue involving the :paramref:`_orm.joinedload.innerjoin`
     parameter where making use of this parameter mixed into a query that also
     included joined eager loads along a self-referential or other cyclical
     relationship, along with complicating factors like inner joins added for
     secondary tables and such, would have the chance of splicing a particular
     inner join to the wrong part of the query.  Additional state has been added
     to the internal method that does this splice to make a better decision as
     to where splicing should proceed.

 .. change::
     :tags: bug, orm, regression
     :tickets: 11509

     Fixed bug in ORM Declarative where the ``__table__`` directive could not be
     declared as a class function with :func:`_orm.declared_attr` on a
     superclass, including an ``__abstract__`` class as well as coming from the
     declarative base itself.  This was a regression since 1.4 where this was
     working, and there were apparently no tests for this particular use case.

.. changelog::

2.0.30

:released: May 5, 2024

 .. change::
     :tags: bug, typing, regression
     :tickets: 11200

     Fixed typing regression caused by :ticket:`11055` in version 2.0.29 that
     added ``ParamSpec`` to the asyncio ``run_sync()`` methods, where using
     :meth:`_asyncio.AsyncConnection.run_sync` with
     :meth:`_schema.Met