[PR #22023] [CLOSED] chore(deps): bump sqlalchemy from 2.0.46 to 2.0.47 #42046

New Issue

GiteaMirror · 2026-04-25T14:04:45-05:00

GiteaMirror commented

2026-04-25 14:04:45 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/22023
Author: @dependabot[bot]
Created: 3/1/2026
Status: ❌ Closed

Base: dev ← Head: dependabot/uv/dev/sqlalchemy-2.0.47

📝 Commits (1)

f0abb0a chore(deps): bump sqlalchemy from 2.0.46 to 2.0.47

📊 Changes

4 files changed (+1365 additions, -1010 deletions)

View changed files

📝 backend/requirements-min.txt (+1 -1)
📝 backend/requirements.txt (+1 -1)
📝 pyproject.toml (+1 -1)
📝 uv.lock (+1362 -1007)

📄 Description

Bumps sqlalchemy from 2.0.46 to 2.0.47.

Release notes

Sourced from sqlalchemy's releases.

2.0.47

Released: February 24, 2026

orm

[orm] [bug] Fixed issue when using ORM mappings with Python 3.14's PEP 649 feature that no longer requires "future annotations", where the ORM's introspection of the __init__ method of mapped classes would fail if non-present identifiers in annotations were present. The vendored getfullargspec() method has been amended to use Format.FORWARDREF under Python 3.14 to prevent resolution of names that aren't present.

References: #13104

engine

[engine] [usecase] The connection object returned by _engine.Engine.raw_connection() now supports the context manager protocol, automatically returning the connection to the pool when exiting the context.

References: #13116

postgresql

[postgresql] [bug] Fixed an issue in the PostgreSQL dialect where foreign key constraint reflection would incorrectly swap or fail to capture onupdate and ondelete values when these clauses appeared in a different order than expected in the constraint definition. This issue primarily affected PostgreSQL-compatible databases such as CockroachDB, which may return ON DELETE before ON UPDATE in the constraint definition string. The reflection logic now correctly parses both clauses regardless of their ordering.

References: #13105

[postgresql] [bug] Fixed issue in the engine_insertmanyvalues feature where using PostgreSQL's ON CONFLICT clause with _dml.Insert.returning.sort_by_parameter_order enabled would generate invalid SQL when the insert used an implicit sentinel (server-side autoincrement primary key). The generated SQL would incorrectly declare a sentinel counter column in the imp_sen table alias without providing corresponding values in the VALUES clause, leading to a ProgrammingError indicating column count mismatch. The fix allows batch execution mode when embed_values_counter is active, as the embedded counter provides the ordering capability needed even with upsert behaviors, rather than unnecessarily downgrading to row-at-a-time execution.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/22023 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 3/1/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `dependabot/uv/dev/sqlalchemy-2.0.47` --- ### 📝 Commits (1) - [`f0abb0a`](https://github.com/open-webui/open-webui/commit/f0abb0a4144fded374bfd413f154edbbb2153a04) chore(deps): bump sqlalchemy from 2.0.46 to 2.0.47 ### 📊 Changes **4 files changed** (+1365 additions, -1010 deletions) <details> <summary>View changed files</summary> 📝 `backend/requirements-min.txt` (+1 -1) 📝 `backend/requirements.txt` (+1 -1) 📝 `pyproject.toml` (+1 -1) 📝 `uv.lock` (+1362 -1007) </details> ### 📄 Description Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.46 to 2.0.47. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sqlalchemy/sqlalchemy/releases">sqlalchemy's releases</a>.</em></p> <blockquote> <h1>2.0.47</h1> <p>Released: February 24, 2026</p> <h2>orm</h2> <ul> <li> <p><strong>[orm] [bug]</strong> Fixed issue when using ORM mappings with Python 3.14's <a href="https://peps.python.org/pep-0649">PEP 649</a> feature that no longer requires "future annotations", where the ORM's introspection of the <code>__init__</code> method of mapped classes would fail if non-present identifiers in annotations were present. The vendored <code>getfullargspec()</code> method has been amended to use <code>Format.FORWARDREF</code> under Python 3.14 to prevent resolution of names that aren't present.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13104">#13104</a></p> </li> </ul> <h2>engine</h2> <ul> <li> <p><strong>[engine] [usecase]</strong> The connection object returned by <code>_engine.Engine.raw_connection()</code> now supports the context manager protocol, automatically returning the connection to the pool when exiting the context.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13116">#13116</a></p> </li> </ul> <h2>postgresql</h2> <ul> <li> <p><strong>[postgresql] [bug]</strong> Fixed an issue in the PostgreSQL dialect where foreign key constraint reflection would incorrectly swap or fail to capture <code>onupdate</code> and <code>ondelete</code> values when these clauses appeared in a different order than expected in the constraint definition. This issue primarily affected PostgreSQL-compatible databases such as CockroachDB, which may return <code>ON DELETE</code> before <code>ON UPDATE</code> in the constraint definition string. The reflection logic now correctly parses both clauses regardless of their ordering.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13105">#13105</a></p> </li> <li> <p><strong>[postgresql] [bug]</strong> Fixed issue in the <code>engine_insertmanyvalues</code> feature where using PostgreSQL's <code>ON CONFLICT</code> clause with <code>_dml.Insert.returning.sort_by_parameter_order</code> enabled would generate invalid SQL when the insert used an implicit sentinel (server-side autoincrement primary key). The generated SQL would incorrectly declare a sentinel counter column in the <code>imp_sen</code> table alias without providing corresponding values in the <code>VALUES</code> clause, leading to a <code>ProgrammingError</code> indicating column count mismatch. The fix allows batch execution mode when <code>embed_values_counter</code> is active, as the embedded counter provides the ordering capability needed even with upsert behaviors, rather than unnecessarily downgrading to row-at-a-time execution.</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sqlalchemy/sqlalchemy/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sqlalchemy&package-manager=uv&previous-version=2.0.46&new-version=2.0.47)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-25 14:04:45 -05:00

GiteaMirror closed this issue

2026-04-25 14:04:46 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#42046