Bump dataset from 1.6.2 to 2.0.0

[dependabot]

Bumps dataset from 1.6.2 to 2.0.0.

Release notes

Sourced from dataset's releases.

dataset 2.0.0

SQLAlchemy 2.x

• Full support for SQLAlchemy 2.0+ with backward compatibility to 1.4.0
• Fixed autobegin semantics and DDL lock contention
• Updated SQLAlchemy constraint to allow versions up to 3.0.0
• Connection pool leak fix: thread connections are now released after transactions end (#425)

Type annotations

• Full mypy --strict compliance across all modules
• Added py.typed marker for downstream type checking (PEP 561)
• Exported OutRow, RowFactory, QueryError for downstream use
• row_type parameter typed as Callable[[Iterable[tuple[str, Any]]], OutRow]
• primary_type parameter typed as ColumnType (SQLAlchemy TypeEngine)
• insert/insert_ignore/upsert return type changed to Any (primary keys can be any type)

Security

• Fixed LIKE metacharacter injection in startswith/endswith filters

Breaking changes

• Requires Python 3.10+
• Removed banal dependency (replaced with internal ensure_strings)
• QueryError is now raised for invalid filter values (e.g., wrong type for startswith, between)
• update_many no longer mutates input rows — rows are copied before modification

Build & tooling

• Migrated from setuptools to pyproject.toml with Hatchling (PEP 621)
• Replaced flake8 with ruff
• Added mypy to dev dependencies and make lint
• Switched from nose to pytest
• Updated GitHub Actions (checkout@v4, setup-python@v5)
• Development status changed from Alpha to Production/Stable

Changelog

Sourced from dataset's changelog.

dataset ChangeLog

The changelog has only been started with version 0.3.12, previous changes must be reconstructed from revision history.

• 2.0.0: Major modernization and type annotations
  • Type annotations: Full mypy --strict compliance across all modules
  • PEP 561: Added py.typed marker for downstream type checking
  • New types: Exported OutRow, RowFactory, QueryError for downstream use
  • RowFactory: The row_type parameter is now typed as Callable[[Iterable[tuple[str, Any]]], OutRow] instead of type
  • QueryError: New exception subclass of DatasetError for invalid filter operations
  • primary_type: Changed from Types to ColumnType (SQLAlchemy TypeEngine) — the actual accepted type
  • insert/insert_ignore/upsert: Return type changed from int | bool to Any (primary keys can be any type)
  • Removed banal dependency: Replaced ensure_list with typed ensure_strings utility
  • update_many: Fixed mutation of input rows — rows are now copied before modification
  • Dev tooling: Added mypy to dev dependencies, make lint now runs both ruff and mypy
  • Build system: Migrated from setuptools to modern pyproject.toml with Hatchling (PEP 621)
  • Linting: Replaced flake8 with ruff for faster, more comprehensive linting
  • CI/CD: Updated GitHub Actions to use modern action versions (checkout@v4, setup-python@v5)
  • SQLAlchemy 2.x: Full support for SQLAlchemy 2.0+ with backward compatibility to 1.4.0
  • Transaction handling: Fixed autobegin semantics and DDL lock contention for SQLAlchemy 2.x
  • Testing: Switched from nose to pytest, improved test fixtures and cleanup
  • Database support: Added lock timeout configurations for PostgreSQL and MySQL in CI
  • Python support: Now requires Python 3.10+, tested on 3.10-3.13
  • Documentation: Updated installation instructions, copyright year, and added comprehensive CLAUDE.md
  • Metadata: Changed development status from Alpha to Production/Stable
  • License: Renamed LICENSE.txt to LICENSE for standard convention
  • Dependencies: Updated SQLAlchemy constraint to allow versions up to 3.0.0

Commits

• ec9658b Bump version: 1.6.2 → 2.0.0
• e24c2f5 Document close() and add missing public members to API docs
• 4a6bf5f Release thread connections after transaction ends, fixes #425
• 3cbef3b Fix a SQL injection issue reported by HunSec
• 7834324 Update docs links for SQL, fixes #407.
• 4b1c4f5 Document SQLAlchemy queries support
• 08c0c1b do typechecks
• 92a76eb Update docs configuration
• 0bc8604 Wrap up type annotation work
• 7be6e85 Lots of typing, continued
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[ansemjo]

Probably just needs a bump to the sqlalchemy dependency as well:

created directory: '/data'
Traceback (most recent call last):
  File "/opt/speedtest-plotter/speedtest-plotter", line 7, in <module>
    import dataset
  File "/usr/lib/python3.12/site-packages/dataset/__init__.py", line 5, in <module>
    from dataset.database import Database
  File "/usr/lib/python3.12/site-packages/dataset/database.py", line 8, in <module>
    from sqlalchemy import Connection, Engine, create_engine, event, inspect
ImportError: cannot import name 'Connection' from 'sqlalchemy' (/usr/lib/python3.12/site-packages/sqlalchemy/__init__.py)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.