dependabot[bot] opened a new pull request, #2966: URL: https://github.com/apache/iceberg-python/pull/2966
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.45 to 2.0.46. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sqlalchemy/sqlalchemy/releases";>sqlalchemy's releases</a>.</em></p> <blockquote> <h1>2.0.46</h1> <p>Released: January 21, 2026</p> <h2>typing</h2> <ul> <li> <p><strong>[typing] [bug]</strong> Fixed typing issues where ORM mapped classes and aliased entities could not be used as keys in result row mappings or as join targets in select statements. Patterns such as <code>row._mapping[User]</code>, <code>row._mapping[aliased(User)]</code>, <code>row._mapping[with_polymorphic(...)]</code> (rejected by both mypy and Pylance), and <code>.join(aliased(User))</code> (rejected by Pylance) are documented and fully supported at runtime but were previously rejected by type checkers. The type definitions for <code>_KeyType</code> and <code>_FromClauseArgument</code> have been updated to accept these ORM entity types.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13075";>#13075</a></p> </li> </ul> <h2>postgresql</h2> <ul> <li> <p><strong>[postgresql] [bug]</strong> Fixed issue where PostgreSQL JSONB operators <code>_postgresql.JSONB.Comparator.path_match()</code> and <code>_postgresql.JSONB.Comparator.path_exists()</code> were applying incorrect <code>VARCHAR</code> casts to the right-hand side operand when used with newer PostgreSQL drivers such as psycopg. The operators now indicate the right-hand type as <code>JSONPATH</code>, which currently results in no casting taking place, but is also compatible with explicit casts if the implementation were require it at a later point.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13059";>#13059</a></p> </li> <li> <p><strong>[postgresql] [bug]</strong> Fixed regression in PostgreSQL dialect where JSONB subscription syntax would generate incorrect SQL for <code>cast()</code> expressions returning JSONB, causing syntax errors. The dialect now properly wraps cast expressions in parentheses when using the <code>[]</code> subscription syntax, generating <code>(CAST(...))[index]</code> instead of <code>CAST(...)[index]</code> to comply with PostgreSQL syntax requirements. This extends the fix from <a href="https://www.sqlalchemy.org/trac/ticket/12778";>#12778</a> which addressed the same issue for function calls.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13067";>#13067</a></p> </li> <li> <p><strong>[postgresql] [bug]</strong> Improved the foreign key reflection regular expression pattern used by the PostgreSQL dialect to be more permissive in matching identifier characters, allowing it to correctly handle unicode characters in table and column names. This change improves compatibility with PostgreSQL variants such as CockroachDB that may use different quoting patterns in combination with unicode characters in their identifiers. Pull request courtesy Gord Thompson.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sqlalchemy/sqlalchemy/commits";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
