Regression was introduced by fff5186 but was due a long standing issue.
AggregateQuery was abusing Query.subquery: bool by stashing its
compiled inner query's SQL for later use in its compiler which made
select_format checks for Query.subquery wrongly assume the provide
query was a subquery.
This patch prevents that from happening by using a dedicated
inner_query attribute which is compiled at a later time by
SQLAggregateCompiler.
Moving the inner query's compilation to SQLAggregateCompiler.compile
had the side effect of addressing a long standing issue with
aggregation subquery pushdown which prevented converters from being
run. This is now fixed as the aggregation_regress adjustments
demonstrate.
Refs #25367.
Thanks Eran Keydar for the report.
When env is passed to subprocess.run() we should pass all existing
environment variables. This fixes crash on Windows:
Fatal Python error: failed to get random numbers to initialize Python
Fatal Python error: _Py_HashRandomization_Init: failed to get random
numbers to initialize Python
Python runtime state: preinitialized
With an error in the loop above (e.g. using query without args), this
would trigger a busy loop. While this was caused due to changes to the
loop itself, it seems to be just good practice to protect against this.
Changes in behavior include:
- Accepting iteration over empty sequences, updating nothing.
- Accepting iterable of 2-tuples providing key-value pairs.
- Failing with the same or comparable exceptions for invalid input.
Notably this replaces the previous attempt to catch TypeError which was
unreachable as the call to .items() resulted in AttributeError on
non-dict objects.
If the warning provided was an instance of Exception, then it would be
used as-is. In practice this is untested, unused and ImmutableList is
an undocumented internal datastructure.
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.
Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.
Thanks Charlie Denton for reporting the issue to the security team.
Refs #24999.
As mentioned in the pre-existing split_exclude() docstring EXISTS is
easier to optimize for query planers and circumvents the IN (NULL)
handling issue.
On CockroachDB, primary key values stored in these fields are larger
than they accept. Fixes:
queries.test_bulk_update.BulkUpdateNoteTests.test_multiple_fields,
queries.test_bulk_update.BulkUpdateNoteTests.test_inherited_fields, and
queries.tests.RelatedLookupTypeTests.test_values_queryset_lookup.
Christopher Keith
Christopher Wang
Artur Beltsov
christa
Carlton Gibson
Simon Charette
Tim Graham
Mariusz Felisiak
Patrick Arminio
Claude Paroz
Sicong
David-Wobrock
Vitaliy Yelnik
Nikita Sobolev
Carlton Gibson
Daniel Hahler
Hasan Ramezani
Nick Pope
Mads Jensen
Christian Klus
Caio Ariede
Martin Thoma
Jon Dufresne
Gagan Deep
alvinshaita
Josh Santos
Nguyen You
Hannes Ljungberg