Skip to content

chore(deps)(deps): bump the production-dependencies group across 1 directory with 6 updates#85

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-7407d10e5b
Open

chore(deps)(deps): bump the production-dependencies group across 1 directory with 6 updates#85
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-7407d10e5b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 6 updates in the / directory:

Package From To
graphql-core 3.2.3 3.2.11
openpyxl 3.1.2 3.1.5
xlrd 2.0.1 2.0.2
sqlalchemy 2.0.39 2.0.51
drf-yasg 1.21.7 1.21.15
tenacity 9.1.2 9.1.4

Updates graphql-core from 3.2.3 to 3.2.11

Release notes

Sourced from graphql-core's releases.

v3.2.11

Patch-release GraphQL-core v3.2.11, based on GraphQL.js v16.14.1.

This patch-release supports Python 3.7 to 3.14.

Notable changes:

  • Allow configuration of the ofType introspection depth
  • Add support for directives on directive definitions
  • Restore variable own-property checks in value_from_ast
  • Remove unused variable-definition tracking in ValuesOfCorrectTypeRule

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

v3.2.10

Patch-release GraphQL-core v3.2.10, based on GraphQL.js v16.13.0.

This patch-release supports Python 3.7 to 3.14.

New features:

  • Add support for schema coordinates (parsing and resolving)
  • Support descriptions on executable definitions (e.g. variable definitions)
  • Add a max_coercion_errors option

Bug fixes:

  • Fix incorrect validation errors when variable descriptions are used
  • Don't add sibling errors after null propagation has occurred
  • Remove erroneous oneOf validation from the "values of correct type" rule
  • Validate that nullable variables aren't passed to oneOf input object fields (per spec)
  • Catch unhandled exceptions during abstract type resolution

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

v3.2.9

Patch-release GraphQL-core v3.2.9, based on GraphQL.js v16.10.0.

This patch-release supports Python 3.7 to 3.14.

Notable changes:

  • Fix OverlappingFieldsCanBeMergedRule to catch field-merge conflicts hidden behind nested fragments
  • Fix handling of empty selection sets
  • Correctly type extensions in GraphQLFormattedError
  • Add kind to the introspection query/mutation/subscription root types
  • Expose token_count on DocumentNode
  • Preserve schema and input-field properties (e.g. descriptions) when sorting

Thanks to @​kathychurch and @​arichberg for reporting the sorting issue.

... (truncated)

Commits
  • d5a5464 Bump version
  • 6d7c4dd docs: fix inline examples, deprecation descriptions, type category
  • 456fa2c Allow configuration of the ofType introspection depth
  • 672281d Add support for directives on directive definitions
  • 1922ab7 Restore variable own-property checks in valueFromAST
  • 0ccc1a5 Use Object.create(null) to avoid prototype issues
  • 12bcb49 Bump version
  • 4070240 Incorrect validation errors when variable descriptions are used
  • 66adfb4 Sibling errors should not be added after propagation
  • 20de4b0 Schema coordinates
  • Additional commits viewable in compare view

Updates openpyxl from 3.1.2 to 3.1.5

Updates xlrd from 2.0.1 to 2.0.2

Updates sqlalchemy from 2.0.39 to 2.0.51

Release notes

Sourced from sqlalchemy's releases.

2.0.51

Released: June 15, 2026

orm

  • [orm] [bug] Fixed issue where _orm.subqueryload() combined with PropComparator.of_type() and PropComparator.and_() would silently drop the additional filter criteria, causing all related objects to be loaded instead of only those matching the filter. The LoaderCriteriaOption was being constructed against the base entity rather than the effective entity indicated by PropComparator.of_type(). Pull request courtesy Arya Rizky.

    References: #13207

  • [orm] [bug] Fixed bug where a failure during tpc_prepare() within _orm.Session.commit() for a two-phase session would raise IllegalStateChangeError instead of the original database exception. The internal _prepare_impl() method's error handler was unable to invoke _orm.SessionTransaction.rollback() due to a state-change guard, preventing proper cleanup and masking the underlying error.

    References: #13356

engine

  • [engine] [bug] Fixed issue where Result.freeze() would lose track of ambiguous column names present in the original CursorResult, causing key-based access on the thawed result to silently return a value instead of raising InvalidRequestError. The SimpleResultMetaData now accepts and propagates ambiguous key information so that frozen, thawed, and pickled results raise consistently for duplicate column names. Pull request courtesy Saurabh Kohli.

    References: #9427

sql

  • [sql] [bug] Fixed issue where _sql.StatementLambdaElement would proxy attribute access through the cached "expected" expression rather than the resolved expression, causing stale closure-bound parameter values to be used when a lambda statement was extended with non-lambda criteria such as an additional .where() clause. Courtesy cjc0013.

    References: #10827

... (truncated)

Commits

Updates drf-yasg from 1.21.7 to 1.21.15

Release notes

Sourced from drf-yasg's releases.

1.21.15

IMPROVED: Use Python's native dict instead of OrderedDict (#954) FIXED: Fix Python 3.12 type parameter syntax with from __future__ import annotations (#921)

1.21.14

FIXED: Fix missing swagger-ui sourcemaps (#950)

1.21.12

FIXED: Bring the bundled swagger ui up to date (#944) IMPROVED: Update the logout button to use a POST request. (#945) ADDED: Add a live demo domain (#946) ADDED: Handle annotations that are not available at runtime (#941)

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (#917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (#916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (#926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (#922) IMPROVED: Remove usage of pkg_resources (#928) FIXED: Fix call_view_method warning to include the method name again (#923) ADDED: Add a hide download button option (#848) ADDED: Add ruff linters (#903)

1.21.10

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (#840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (#911) FIXED: Fix lint errors when comparing types with == instead of is (#868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (#904)

1.21.9

ADDED: Added support for zoneinfo object fields (#908)

1.21.8

ADDED: Python 3.11 and 3.12 support (#891) FIXED: Fix pkg_resources version lookups for Python 3.9+ (#891)

Changelog

Sourced from drf-yasg's changelog.

######### Changelog #########


1.21.15


IMPROVED: Use Python's native dict instead of OrderedDict (:pr:954) FIXED: Fix Python 3.12 type parameter syntax with from __future__ import annotations (:pr:921)


1.21.14



1.21.13


FIXED: Fix missing swagger-ui sourcemaps (:pr:950)


1.21.12


FIXED: Bring the bundled swagger ui up to date (:pr:944) IMPROVED: Update the logout button to use a POST request. (:pr:945) ADDED: Add a live demo domain (:pr:946) ADDED: Handle annotations that are not available at runtime (:pr:941)


1.21.11


FIXED: Fix list views with parameters in last path segment not named "list" views (:pr:917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (:pr:916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (:pr:926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (:pr:922) IMPROVED: Remove usage of pkg_resources (:pr:928) FIXED: Fix call_view_method warning to include the method name again (:pr:923) ADDED: Add a hide download button option (:pr:848) ADDED: Add ruff linters (:pr:903)


1.21.10


FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (:pr:840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (:pr:911) FIXED: Fix lint errors when comparing types with == instead of is (:pr:868)

... (truncated)

Commits
  • d40c97f Add version 1.21.15 details to the changelog (#956)
  • 2e37afd Modernise and add .DS_Store to the .gitignore (#955)
  • 76a138a Use Python's native dict instead of OrderedDict (#954)
  • b55ba0f fix Python 3.12 type parameter syntax with ``from future import annotatio...
  • 7dceb27 Add version 1.21.14 details to the changelog (#952)
  • 763cdd6 Add version 1.21.13 details to the changelog (#951)
  • a0559fc Add missing swagger-ui sourcemaps (#950)
  • 2bf74d0 Add version 1.21.12 details to the changelog (#948)
  • b421e89 swagger ui fix (#944)
  • 40fee2b Add live demo domain and environment variables (#946)
  • Additional commits viewable in compare view

Updates tenacity from 9.1.2 to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

Full Changelog: jd/tenacity@9.1.3...9.1.4

9.1.3

What's Changed

New Contributors

Full Changelog: jd/tenacity@9.1.2...9.1.3

Commits
  • d4e868d Fix retry() annotations with async sleep= function (#555)
  • 24415eb support async sleep for sync fn (#551)
  • 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
  • 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
  • 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
  • ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
  • c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
  • e792bba ci: fix mypy (#546)
  • 0f55245 ci: remove reno requirements (#542)
  • 815c34f feat(wait): add wait_exception strategy (#541)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…rectory with 6 updates

Bumps the production-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [graphql-core](https://github.com/graphql-python/graphql-core) | `3.2.3` | `3.2.11` |
| [openpyxl](https://openpyxl.readthedocs.io) | `3.1.2` | `3.1.5` |
| [xlrd](http://www.python-excel.org/) | `2.0.1` | `2.0.2` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.39` | `2.0.51` |
| [drf-yasg](https://github.com/axnsan12/drf-yasg) | `1.21.7` | `1.21.15` |
| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |



Updates `graphql-core` from 3.2.3 to 3.2.11
- [Release notes](https://github.com/graphql-python/graphql-core/releases)
- [Commits](graphql-python/graphql-core@v3.2.3...v3.2.11)

Updates `openpyxl` from 3.1.2 to 3.1.5

Updates `xlrd` from 2.0.1 to 2.0.2

Updates `sqlalchemy` from 2.0.39 to 2.0.51
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `drf-yasg` from 1.21.7 to 1.21.15
- [Release notes](https://github.com/axnsan12/drf-yasg/releases)
- [Changelog](https://github.com/axnsan12/drf-yasg/blob/master/docs/changelog.rst)
- [Commits](axnsan12/drf-yasg@1.21.7...1.21.15)

Updates `tenacity` from 9.1.2 to 9.1.4
- [Release notes](https://github.com/jd/tenacity/releases)
- [Commits](jd/tenacity@9.1.2...9.1.4)

---
updated-dependencies:
- dependency-name: graphql-core
  dependency-version: 3.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: openpyxl
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: xlrd
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: drf-yasg
  dependency-version: 1.21.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: tenacity
  dependency-version: 9.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants