Skip to content

chore(deps)(deps): bump the production-dependencies group across 1 directory with 7 updates#99

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-e7fea3d351
Open

chore(deps)(deps): bump the production-dependencies group across 1 directory with 7 updates#99
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-e7fea3d351

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 7 updates in the / directory:

Package From To
graphql-core 3.2.3 3.2.11
openpyxl 3.1.2 3.1.5
xlrd 2.0.1 2.0.2
sqlalchemy 2.0.39 2.0.51
drf-yasg 1.21.7 1.21.15
tenacity 9.1.2 9.1.4
sentencepiece 0.2.1 0.2.2

Updates graphql-core from 3.2.3 to 3.2.11

Release notes

Sourced from graphql-core's releases.

v3.2.11

Patch-release GraphQL-core v3.2.11, based on GraphQL.js v16.14.1.

This patch-release supports Python 3.7 to 3.14.

Notable changes:

  • Allow configuration of the ofType introspection depth
  • Add support for directives on directive definitions
  • Restore variable own-property checks in value_from_ast
  • Remove unused variable-definition tracking in ValuesOfCorrectTypeRule

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

v3.2.10

Patch-release GraphQL-core v3.2.10, based on GraphQL.js v16.13.0.

This patch-release supports Python 3.7 to 3.14.

New features:

  • Add support for schema coordinates (parsing and resolving)
  • Support descriptions on executable definitions (e.g. variable definitions)
  • Add a max_coercion_errors option

Bug fixes:

  • Fix incorrect validation errors when variable descriptions are used
  • Don't add sibling errors after null propagation has occurred
  • Remove erroneous oneOf validation from the "values of correct type" rule
  • Validate that nullable variables aren't passed to oneOf input object fields (per spec)
  • Catch unhandled exceptions during abstract type resolution

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

v3.2.9

Patch-release GraphQL-core v3.2.9, based on GraphQL.js v16.10.0.

This patch-release supports Python 3.7 to 3.14.

Notable changes:

  • Fix OverlappingFieldsCanBeMergedRule to catch field-merge conflicts hidden behind nested fragments
  • Fix handling of empty selection sets
  • Correctly type extensions in GraphQLFormattedError
  • Add kind to the introspection query/mutation/subscription root types
  • Expose token_count on DocumentNode
  • Preserve schema and input-field properties (e.g. descriptions) when sorting

Thanks to @​kathychurch and @​arichberg for reporting the sorting issue.

... (truncated)

Commits
  • d5a5464 Bump version
  • 6d7c4dd docs: fix inline examples, deprecation descriptions, type category
  • 456fa2c Allow configuration of the ofType introspection depth
  • 672281d Add support for directives on directive definitions
  • 1922ab7 Restore variable own-property checks in valueFromAST
  • 0ccc1a5 Use Object.create(null) to avoid prototype issues
  • 12bcb49 Bump version
  • 4070240 Incorrect validation errors when variable descriptions are used
  • 66adfb4 Sibling errors should not be added after propagation
  • 20de4b0 Schema coordinates
  • Additional commits viewable in compare view

Updates openpyxl from 3.1.2 to 3.1.5

Updates xlrd from 2.0.1 to 2.0.2

Changelog

Sourced from xlrd's changelog.

2.0.2 (14 June 2025)

  • Fix bug reading sheets containing invalid formulae.

Thanks to sanshi42 for the fix!

Commits
  • 3a19d22 Prepare for 2.0.2 release
  • f3521c8 Merge pull request #380 from sanshi42/master
  • 99270dd Improve test coverage for invalid formula handling
  • 18e314e bugfix: Fix an occasional compatibility issue when using Excel formulas
  • 0c4e80b Update README.rst
  • f45f630 emboldening breaks RTD rendering, and likely won't help :-(
  • b37d159 embolden for the hard of thinking
  • 58ccbb1 admit defeat
  • See full diff in compare view

Updates sqlalchemy from 2.0.39 to 2.0.51

Release notes

Sourced from sqlalchemy's releases.

2.0.51

Released: June 15, 2026

orm

  • [orm] [bug] Fixed issue where _orm.subqueryload() combined with PropComparator.of_type() and PropComparator.and_() would silently drop the additional filter criteria, causing all related objects to be loaded instead of only those matching the filter. The LoaderCriteriaOption was being constructed against the base entity rather than the effective entity indicated by PropComparator.of_type(). Pull request courtesy Arya Rizky.

    References: #13207

  • [orm] [bug] Fixed bug where a failure during tpc_prepare() within _orm.Session.commit() for a two-phase session would raise IllegalStateChangeError instead of the original database exception. The internal _prepare_impl() method's error handler was unable to invoke _orm.SessionTransaction.rollback() due to a state-change guard, preventing proper cleanup and masking the underlying error.

    References: #13356

engine

  • [engine] [bug] Fixed issue where Result.freeze() would lose track of ambiguous column names present in the original CursorResult, causing key-based access on the thawed result to silently return a value instead of raising InvalidRequestError. The SimpleResultMetaData now accepts and propagates ambiguous key information so that frozen, thawed, and pickled results raise consistently for duplicate column names. Pull request courtesy Saurabh Kohli.

    References: #9427

sql

  • [sql] [bug] Fixed issue where _sql.StatementLambdaElement would proxy attribute access through the cached "expected" expression rather than the resolved expression, causing stale closure-bound parameter values to be used when a lambda statement was extended with non-lambda criteria such as an additional .where() clause. Courtesy cjc0013.

    References: #10827

... (truncated)

Commits

Updates drf-yasg from 1.21.7 to 1.21.15

Release notes

Sourced from drf-yasg's releases.

1.21.15

IMPROVED: Use Python's native dict instead of OrderedDict (#954) FIXED: Fix Python 3.12 type parameter syntax with from __future__ import annotations (#921)

1.21.14

FIXED: Fix missing swagger-ui sourcemaps (#950)

1.21.12

FIXED: Bring the bundled swagger ui up to date (#944) IMPROVED: Update the logout button to use a POST request. (#945) ADDED: Add a live demo domain (#946) ADDED: Handle annotations that are not available at runtime (#941)

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (#917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (#916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (#926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (#922) IMPROVED: Remove usage of pkg_resources (#928) FIXED: Fix call_view_method warning to include the method name again (#923) ADDED: Add a hide download button option (#848) ADDED: Add ruff linters (#903)

1.21.10

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (#840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (#911) FIXED: Fix lint errors when comparing types with == instead of is (#868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (#904)

1.21.9

ADDED: Added support for zoneinfo object fields (#908)

1.21.8

ADDED: Python 3.11 and 3.12 support (#891) FIXED: Fix pkg_resources version lookups for Python 3.9+ (#891)

Changelog

Sourced from drf-yasg's changelog.

######### Changelog #########


1.21.15


IMPROVED: Use Python's native dict instead of OrderedDict (:pr:954) FIXED: Fix Python 3.12 type parameter syntax with from __future__ import annotations (:pr:921)


1.21.14



1.21.13


FIXED: Fix missing swagger-ui sourcemaps (:pr:950)


1.21.12


FIXED: Bring the bundled swagger ui up to date (:pr:944) IMPROVED: Update the logout button to use a POST request. (:pr:945) ADDED: Add a live demo domain (:pr:946) ADDED: Handle annotations that are not available at runtime (:pr:941)


1.21.11


FIXED: Fix list views with parameters in last path segment not named "list" views (:pr:917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (:pr:916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (:pr:926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (:pr:922) IMPROVED: Remove usage of pkg_resources (:pr:928) FIXED: Fix call_view_method warning to include the method name again (:pr:923) ADDED: Add a hide download button option (:pr:848) ADDED: Add ruff linters (:pr:903)


1.21.10


FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (:pr:840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (:pr:911) FIXED: Fix lint errors when comparing types with == instead of is (:pr:868)

... (truncated)

Commits
  • d40c97f Add version 1.21.15 details to the changelog (#956)
  • 2e37afd Modernise and add .DS_Store to the .gitignore (#955)
  • 76a138a Use Python's native dict instead of OrderedDict (#954)
  • b55ba0f fix Python 3.12 type parameter syntax with ``from future import annotatio...
  • 7dceb27 Add version 1.21.14 details to the changelog (#952)
  • 763cdd6 Add version 1.21.13 details to the changelog (#951)
  • a0559fc Add missing swagger-ui sourcemaps (#950)
  • 2bf74d0 Add version 1.21.12 details to the changelog (#948)
  • b421e89 swagger ui fix (#944)
  • 40fee2b Add live demo domain and environment variables (#946)
  • Additional commits viewable in compare view

Updates tenacity from 9.1.2 to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

Full Changelog: jd/tenacity@9.1.3...9.1.4

9.1.3

What's Changed

New Contributors

Full Changelog: jd/tenacity@9.1.2...9.1.3

Commits
  • d4e868d Fix retry() annotations with async sleep= function (#555)
  • 24415eb support async sleep for sync fn (#551)
  • 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
  • 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
  • 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
  • ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
  • c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
  • e792bba ci: fix mypy (#546)
  • 0f55245 ci: remove reno requirements (#542)
  • 815c34f feat(wait): add wait_exception strategy (#541)
  • Additional commits viewable in compare view

Updates sentencepiece from 0.2.1 to 0.2.2

Release notes

Sourced from sentencepiece's releases.

v0.2.2

Release Notes v0.2.2

This release contains major updates, including the migration of the Python wrapper to pybind11, native NumPy support, enhanced offset mapping, performance optimizations, security hardening, and internal code modernization.

1. Python Wrapper (pybind11 Migration & Features)

  • SWIG to pybind11 Migration: Fully migrated the Python wrapper from SWIG to pybind11, enabling better performance, safer memory management, and cleaner code integration (#1266, Commit 528dc9e).
  • Native NumPy Support:
    • direct encode/decoder from/to numpy object
  • Enhanced Offset Mapping:
    • Added new offset mapping features supporting both Unicode character offsets and raw byte offsets.
    • Added bounds checking to prevent OOB reads in offset mapping (Commit c5b0ce0).
    • Fixed crash issues and OOB spans in alignment conversions (#1231, #1211).
  • Type Stubs (PEP 561): Added inline type stubs (.pyi files) and packaged PEP 561 marker to provide auto-completion and static type safety in IDEs (#1258, Commit 8b7f97b).
  • Parallel Encoding API: Introduced parallel_encode and ThreadPool APIs, allowing Python users to tokenize single large documents across multiple CPU cores in parallel (#1254, Commit 3c37c39).
  • Direct Proto Loading: Added support for loading processors and normalizers directly from in-memory Proto instances (Commit 12788ba).
  • Concurrency Enhancements: Added GIL release during C++ execution to improve multi-threaded Python performance (#1251, Commit 0a044ae).
  • BOS/EOS Behavior Hardening: Aligned BOS/EOS adding behavior with C++ constraints, raising explicit ValueError instead of silent failures or crashes (Commit 780618a).

2. Performance Optimizations

  • BPE Training Optimization: Ported O(log n) lazy priority queue update optimization to BPE trainer to speed up training (Commit 8db9878).
  • Encode/Decode Optimizations: Decoding/Encoding optimization for integer/string input case by skipping SentencePieceText conversion, resulting in ~2x speedup (Commit 4b9231b).
  • Unigram Pruning: Improved unigram pruning using token-normalized frequency calculations (#1135, Commit 1cd0c59).

3. Security & Hardening

  • Trie Validation at Load: Added verification of darts-clone trie offsets when loading models to prevent segfaults on corrupted or malicious model files (#1224, Commit 6b2f05d).
  • Bounds Checking in Maps: Added bounds checks to piece accessors and validated value offsets in DecompileCharsMap (#1265, Commit 82b7c6d).
  • Crash Prevention: Replaced internal CHECK macros with DCHECK or returned errors to prevent host application crashes on invalid inputs (Commit 66b2587).
  • Null Character Disallowment: Explicitly disallow vocabulary pieces containing null characters (Commit eb3ba49).
  • NBest Timeout: Implemented a global timeout for NBest A* search to prevent hangs on pathological inputs (Commit ba57749).

4. C++ API & Internals Modernization

  • Abseil Migration: Extensively migrated from custom utilities to Abseil primitives (#1270
  • Normalizer Maps: Supported loading normalizer from raw maps in C++ (#1273, Commit e476e5e).

5. Build & Packaging

  • Deprecate Win32 Wheels: Stopped support and distribution of 32-bit Windows wheels (win32) (Commit 24fd00c).
  • Modernized Python builds: Switched from calling setup.py directly to the standard pypa/build PEP 517 frontend (#1167, Commit f300c7d).
  • PEP 639 License: Added PEP 639 license metadata to pyproject.toml (#1173).

6. Documentation

  • API Cheat Sheet: Added comparison tables, zero-copy, and sampling comparison guides.
  • Refactored Options: Fully reorganized options.md and special_symbols.md with verified code examples.
Commits
  • e0cce7d Merge pull request #1279 from google/dependabot/github_actions/github-actions...
  • a9e2b5e Bump the github-actions group with 2 updates
  • 20ab5fb Fix Unigram float score overflow and NaN/Inf corruption
  • 1f1483c Add use_reserved_id_map parameter and control token merge tests
  • 69d8562 Add performance benchmark suite and reports
  • 24fd00c Stop support for Win32 wheels
  • 4b9231b Optimize Decode/Encode paths using absl::Span and add benchmarks
  • b91b764 Merge pull request #1277 from google/new_doc
  • e93413b Update documentation: Modernize README and merge CLI/Build guides
  • 7ce7669 Merge pull request #1276 from kkew3/fix-dockerfile-20260620
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…rectory with 7 updates

Bumps the production-dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [graphql-core](https://github.com/graphql-python/graphql-core) | `3.2.3` | `3.2.11` |
| [openpyxl](https://openpyxl.readthedocs.io) | `3.1.2` | `3.1.5` |
| [xlrd](https://github.com/python-excel/xlrd) | `2.0.1` | `2.0.2` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.39` | `2.0.51` |
| [drf-yasg](https://github.com/axnsan12/drf-yasg) | `1.21.7` | `1.21.15` |
| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |
| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.1` | `0.2.2` |



Updates `graphql-core` from 3.2.3 to 3.2.11
- [Release notes](https://github.com/graphql-python/graphql-core/releases)
- [Commits](graphql-python/graphql-core@v3.2.3...v3.2.11)

Updates `openpyxl` from 3.1.2 to 3.1.5

Updates `xlrd` from 2.0.1 to 2.0.2
- [Changelog](https://github.com/python-excel/xlrd/blob/master/CHANGELOG.rst)
- [Commits](python-excel/xlrd@2.0.1...2.0.2)

Updates `sqlalchemy` from 2.0.39 to 2.0.51
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `drf-yasg` from 1.21.7 to 1.21.15
- [Release notes](https://github.com/axnsan12/drf-yasg/releases)
- [Changelog](https://github.com/axnsan12/drf-yasg/blob/master/docs/changelog.rst)
- [Commits](axnsan12/drf-yasg@1.21.7...1.21.15)

Updates `tenacity` from 9.1.2 to 9.1.4
- [Release notes](https://github.com/jd/tenacity/releases)
- [Commits](jd/tenacity@9.1.2...9.1.4)

Updates `sentencepiece` from 0.2.1 to 0.2.2
- [Release notes](https://github.com/google/sentencepiece/releases)
- [Commits](google/sentencepiece@v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: graphql-core
  dependency-version: 3.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: openpyxl
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: xlrd
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: drf-yasg
  dependency-version: 1.21.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: tenacity
  dependency-version: 9.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: sentencepiece
  dependency-version: 0.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants