Skip to content

chore(deps)(deps): bump the production-dependencies group across 1 directory with 7 updates #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps)(deps): bump the production-dependencies group across 1 directory with 7 updates #33

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 3, 2025

Bumps the production-dependencies group with 7 updates in the / directory:

Package From To
graphql-core 3.2.3 3.2.7
openpyxl 3.1.2 3.1.5
xlrd 2.0.1 2.0.2
pyecharts 2.0.3 2.0.9
sqlalchemy 2.0.39 2.0.44
drf-yasg 1.21.7 1.21.11
drf-yasg[validation] 1.21.7 1.21.11

Updates graphql-core from 3.2.3 to 3.2.7

Release notes

Sourced from graphql-core's releases.

v3.2.7

Patch-release GraphQL-core v3.2.7, based on GraphQL.js v16.9.0.

This patch-release supports Python 3.7 to 3.14.

The following changes have been backported from the v3.3 branch:

  • Keep extensions when sorting schemas
  • Introduce "recommended" validation rules
  • Implement OneOf Input Objects via @​oneOf directive
  • Values can now be passed to GraphQLEnumType as a thunk
  • Solved issues with pickled schemas

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

v3.2.6

Patch-release GraphQL-core v3.2.6, based on GraphQL.js v16.8.2.

This patch-release supports Python 3.6 to 3.13. Notable fixes:

  • Transform input objects used as default values (#206)
  • Allow deep copy of schema with directive with args of custom type (#210)

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

v3.2.5

Patch-release GraphQL-core v3.2.5, based on GraphQL.js v16.8.2.

This patch-release supports Python 3.6 to 3.13.

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

v3.2.4

Patch-release GraphQL-core v3.2.4, based on GraphQL.js v16.8.2.

This patch-release supports Python 3.6 to 3.12 and includes these changes:

  • Fix invalid original_error propagation in custom scalars
  • Fix performance degradation in OverlappingFieldsCanBeMergedRule
  • Support fourfold nested lists in introspection
  • Avoid various deprecation warnings with newer Python versions

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

Commits
  • 42328a6 backport: Solve issues with pickled schemas (#173)
  • dd4d5a1 Bump JavaScript version
  • ba6b6e4 backport: Enable passing values configuration to GraphQLEnumType as a thunk
  • 6687245 backport: Add @​oneOf support to introspection query (#241)
  • 18df18e backport: Implement OneOf Input Objects via @​oneOf directive
  • a4d66f5 backport: Introduce "recommended" validation rules
  • c25eee4 De-support Python 3.6
  • b1a0d7c Support Python 3.14
  • 4af4286 fix: don't loose extensions when sorting schemas
  • e1ccf45 Fix typo
  • Additional commits viewable in compare view

Updates openpyxl from 3.1.2 to 3.1.5

Updates xlrd from 2.0.1 to 2.0.2

Changelog

Sourced from xlrd's changelog.

2.0.2 (14 June 2025)

  • Fix bug reading sheets containing invalid formulae.

Thanks to sanshi42 for the fix!

Commits
  • 3a19d22 Prepare for 2.0.2 release
  • f3521c8 Merge pull request #380 from sanshi42/master
  • 99270dd Improve test coverage for invalid formula handling
  • 18e314e bugfix: Fix an occasional compatibility issue when using Excel formulas
  • 0c4e80b Update README.rst
  • f45f630 emboldening breaks RTD rendering, and likely won't help :-(
  • b37d159 embolden for the hard of thinking
  • 58ccbb1 admit defeat
  • See full diff in compare view

Updates pyecharts from 2.0.3 to 2.0.9

Release notes

Sourced from pyecharts's releases.

Version 2.0.9

⚠️ Attention

这个版本是 Echarts 5.x 的最后支持版本。在下一个版本中,将开始支持 Echarts 6.x. This version is the last support for Echarts 5.x. In the next version, it will start with Echarts 6.x.

📝 ChangeLog

Updated

  • 更新 Table 类参数添加方式,加入参数 **kwargs,扩展 Table 对接 prettytable 的其他参数。
  • 更新 MarkPointOptsMarkPointItemOpts 以及 LabelOpts
  • 更新 Line,加入参数 end_label_opts 适配。

Fixed

  • 修复 Grid 图场景下,chart_id 不生效的问题。
  • 修复 Grid 图场景下,datazoomvisualmap 在生成的 HTML 文件中的配置重复问题。
  • 修复 Grid 图场景下若干索引问题。
  • 修复 Pagecss_libs 被异常覆盖。

Updated

  • Update the way parameters are added to the Table class by adding the parameter **kwargs to expand other parameters for Table to interface with prettytable.
  • Update MarkPointOptsMarkPointItemOpts and LabelOpts.
  • Update Line parameter end_label_opts

Fixed

  • Fix the problem that chart_id is not effective in the Grid chart scenario.
  • Fix the duplicate configuration problem of datazoom and visualmap in the generated HTML file in the Grid chart scenario.
  • Fix several index issues in the Grid chart scenario.
  • Fix the abnormal override of css_libs in Page chart.

🧑‍🤝‍🧑 Contributor

👏 Thanks to many contributors below:

@​jiangyangcreate @​GOKORURI007 @​Feikoritsema

Version 2.0.8

Added

  • 增加对于谷歌地图 GMap 的兼容,使用方式参考 AMap
  • 增加对于 Leaflet 地图 LMap 的兼容,使用方式参考 AMap
  • 增加对于 Echarts Stat 统计插件的兼容

... (truncated)

Commits
  • 64ba867 🚀 Prepare for version 2.0.9【Last support version for Echarts 5.x】 (#2420)
  • 5228492 update _version.py
  • 0fbbcf9 Prepare for version 2.0.8 (#2393)
  • 8ef2ae3 Merge pull request #2383 from pyecharts/dev
  • bde68fd update version and setup
  • d50cbb7 add AMap support like BMap (Baidu Map)
  • 14e079e add animation_opts in AxisOpts; fix AnimationOpts wrong type-hints; add is_va...
  • 910fdb8 update test_engine.py
  • 8636954 update test code and workflow
  • f37241a update test code
  • Additional commits viewable in compare view

Updates sqlalchemy from 2.0.39 to 2.0.44

Release notes

Sourced from sqlalchemy's releases.

2.0.44

Released: October 10, 2025

platform

  • [platform] [bug] Unblocked automatic greenlet installation for Python 3.14 now that there are greenlet wheels on pypi for python 3.14.

orm

  • [orm] [usecase] The way ORM Annotated Declarative interprets Python PEP 695 type aliases in Mapped[] annotations has been refined to expand the lookup scheme. A PEP 695 type can now be resolved based on either its direct presence in _orm.registry.type_annotation_map or its immediate resolved value, as long as a recursive lookup across multiple PEP 695 types is not required for it to resolve. This change reverses part of the restrictions introduced in 2.0.37 as part of #11955, which deprecated (and disallowed in 2.1) the ability to resolve any PEP 695 type that was not explicitly present in _orm.registry.type_annotation_map. Recursive lookups of PEP 695 types remains deprecated in 2.0 and disallowed in version 2.1, as do implicit lookups of NewType types without an entry in _orm.registry.type_annotation_map.

    Additionally, new support has been added for generic PEP 695 aliases that refer to PEP 593 Annotated constructs containing _orm.mapped_column() configurations. See the sections below for examples.

    References: #12829

  • [orm] [bug] Fixed a caching issue where _orm.with_loader_criteria() would incorrectly reuse cached bound parameter values when used with _sql.CompoundSelect constructs such as _sql.union(). The issue was caused by the cache key for compound selects not including the execution options that are part of the _sql.Executable base class, which _orm.with_loader_criteria() uses to apply its criteria dynamically. The fix ensures that compound selects and other executable constructs properly include execution options in their cache key traversal.

    References: #12905

engine

  • [engine] [bug] Implemented initial support for free-threaded Python by adding new tests and reworking the test harness to include Python 3.13t and Python 3.14t in

... (truncated)

Commits

Updates drf-yasg from 1.21.7 to 1.21.11

Release notes

Sourced from drf-yasg's releases.

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (#917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (#916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (#926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (#922) IMPROVED: Remove usage of pkg_resources (#928) FIXED: Fix call_view_method warning to include the method name again (#923) ADDED: Add a hide download button option (#848) ADDED: Add ruff linters (#903)

1.21.10

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (#840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (#911) FIXED: Fix lint errors when comparing types with == instead of is (#868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (#904)

1.21.9

ADDED: Added support for zoneinfo object fields (#908)

1.21.8

ADDED: Python 3.11 and 3.12 support (#891) FIXED: Fix pkg_resources version lookups for Python 3.9+ (#891)

Changelog

Sourced from drf-yasg's changelog.

######### Changelog #########

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (:pr:917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (:pr:916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (:pr:926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (:pr:922) IMPROVED: Remove usage of pkg_resources (:pr:928) FIXED: Fix call_view_method warning to include the method name again (:pr:923) ADDED: Add a hide download button option (:pr:848) ADDED: Add ruff linters (:pr:903)

1.21.10

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (:pr:840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (:pr:911) FIXED: Fix lint errors when comparing types with == instead of is (:pr:868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (:pr:904)

1.21.9

ADDED: Added support for zoneinfo object fields (:pr:908)

1.21.8

ADDED: Python 3.11 and 3.12 support (:pr:891) FIXED: Fix pkg_resources version lookups for Python 3.9+ (:pr:891)

1.21.7

Release date: Jul 20, 2023

ADDED: Added drf_yasg.inspectors.query.DrfAPICompatInspector (:pr:857) ADDED: Added DrfAPICompatInspector to serve as a replacement CoreAPICompatInspector (:pr:857) ADDED: Allow DEFAULT_SPEC_RENDERERS default renderers to be overriden in the settings (:pr:857) FIXED: Fixed redoc source mapping (:pr:859)

... (truncated)

Commits
  • f8cb2db Add version 1.21.11 details to the changelog (#939)
  • 0c6d08d Update the ruff lint rules (#920)
  • 055a74d Bump actions/setup-python from 5 to 6 in the github-actions group (#937)
  • a8813ac Bump actions/checkout from 4 to 5 in the github-actions group (#936)
  • 9f4b449 Restore the live demo and replace heroku with apprunner (#935)
  • 2983251 fix list views with parameters in last path segment not named "list" views (#...
  • a746893 allow overriding produces/consumes with @​swagger_auto_schema decorator (#916)
  • e747ad6 Fixes issue with filter parameters not appearing in Swagger after upgrading t...
  • ee3c871 update Python, Django, and DRF versions & packaging configuration (#922)
  • be6eeed Remove usage of pkg_resources (#928)
  • Additional commits viewable in compare view

Updates drf-yasg[validation] from 1.21.7 to 1.21.11

Release notes

Sourced from drf-yasg[validation]'s releases.

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (#917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (#916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (#926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (#922) IMPROVED: Remove usage of pkg_resources (#928) FIXED: Fix call_view_method warning to include the method name again (#923) ADDED: Add a hide download button option (#848) ADDED: Add ruff linters (#903)

1.21.10

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (#840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (#911) FIXED: Fix lint errors when comparing types with == instead of is (#868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (#904)

1.21.9

ADDED: Added support for zoneinfo object fields (#908)

1.21.8

ADDED: Python 3.11 and 3.12 support (#891) FIXED: Fix pkg_resources version lookups for Python 3.9+ (#891)

Changelog

Sourced from drf-yasg[validation]'s changelog.

######### Changelog #########

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (:pr:917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (:pr:916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (:pr:926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (:pr:922) IMPROVED: Remove usage of pkg_resources (:pr:928) FIXED: Fix call_view_method warning to include the method name again (:pr:923) ADDED: Add a hide download button option (:pr:848) ADDED: Add ruff linters (:pr:903)

1.21.10

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (:pr:840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (:pr:911) FIXED: Fix lint errors when comparing types with == instead of is (:pr:868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (:pr:904)

1.21.9

ADDED: Added support for zoneinfo object fields (:pr:908)

1.21.8

ADDED: Python 3.11 and 3.12 support (:pr:891) FIXED: Fix pkg_resources version lookups for Python 3.9+ (:pr:891)

1.21.7

Release date: Jul 20, 2023

ADDED: Added drf_yasg.inspectors.query.DrfAPICompatInspector (:pr:857) ADDED: Added DrfAPICompatInspector to serve as a replacement CoreAPICompatInspector (:pr:857) ADDED: Allow DEFAULT_SPEC_RENDERERS default renderers to be overriden in the settings (:pr:857) FIXED: Fixed redoc source mapping (:pr:859)

... (truncated)

Commits
  • f8cb2db Add version 1.21.11 details to the changelog (#939)
  • 0c6d08d Update the ruff lint rules (#920)
  • 055a74d Bump actions/setup-python from 5 to 6 in the github-actions group (#937)
  • a8813ac Bump actions/checkout from 4 to 5 in the github-actions group (#936)
  • 9f4b449 Restore the live demo and replace heroku with apprunner (#935)
  • 2983251 fix list views with parameters in last path segment not named "list" views (#...
  • a746893 allow overriding produces/consumes with @​swagger_auto_schema decorator (#916)
  • e747ad6 Fixes issue with filter parameters not appearing in Swagger after upgrading t...
  • ee3c871 update Python, Django, and DRF versions & packaging configuration (#922)
  • be6eeed Remove usage of pkg_resources (#928)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the production-dependencies group across 1 di…
b9ca617 
…rectory with 7 updates

Bumps the production-dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [graphql-core](https://github.com/graphql-python/graphql-core) | `3.2.3` | `3.2.7` |
| [openpyxl](https://openpyxl.readthedocs.io) | `3.1.2` | `3.1.5` |
| [xlrd](https://github.com/python-excel/xlrd) | `2.0.1` | `2.0.2` |
| [pyecharts](https://github.com/pyecharts/pyecharts) | `2.0.3` | `2.0.9` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.39` | `2.0.44` |
| [drf-yasg](https://github.com/axnsan12/drf-yasg) | `1.21.7` | `1.21.11` |
| [drf-yasg[validation]](https://github.com/axnsan12/drf-yasg) | `1.21.7` | `1.21.11` |



Updates `graphql-core` from 3.2.3 to 3.2.7
- [Release notes](https://github.com/graphql-python/graphql-core/releases)
- [Commits](graphql-python/graphql-core@v3.2.3...v3.2.7)

Updates `openpyxl` from 3.1.2 to 3.1.5

Updates `xlrd` from 2.0.1 to 2.0.2
- [Changelog](https://github.com/python-excel/xlrd/blob/master/CHANGELOG.rst)
- [Commits](python-excel/xlrd@2.0.1...2.0.2)

Updates `pyecharts` from 2.0.3 to 2.0.9
- [Release notes](https://github.com/pyecharts/pyecharts/releases)
- [Commits](pyecharts/pyecharts@v2.0.3...v2.0.9)

Updates `sqlalchemy` from 2.0.39 to 2.0.44
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `drf-yasg` from 1.21.7 to 1.21.11
- [Release notes](https://github.com/axnsan12/drf-yasg/releases)
- [Changelog](https://github.com/axnsan12/drf-yasg/blob/master/docs/changelog.rst)
- [Commits](axnsan12/drf-yasg@1.21.7...1.21.11)

Updates `drf-yasg[validation]` from 1.21.7 to 1.21.11
- [Release notes](https://github.com/axnsan12/drf-yasg/releases)
- [Changelog](https://github.com/axnsan12/drf-yasg/blob/master/docs/changelog.rst)
- [Commits](axnsan12/drf-yasg@1.21.7...1.21.11)

---
updated-dependencies:
- dependency-name: graphql-core
  dependency-version: 3.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: openpyxl
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: xlrd
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: pyecharts
  dependency-version: 2.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: drf-yasg
  dependency-version: 1.21.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: drf-yasg[validation]
  dependency-version: 1.21.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies python security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant