Bump followthemoney from 4.6.0 to 4.8.0

[dependabot]

Bumps followthemoney from 4.6.0 to 4.8.0.

Release notes

Sourced from followthemoney's releases.

v4.8.0

Dataset query DSL

New query language for filtering datasets by name, collection, or tag. Supports both a dict-based AST and a compact string syntax with | (or), & (and), - (not) operators and parentheses:

(#issuer.west | #list.sanction) - lt_fiu

The DSL is exposed via evaluate_query(), parse_query(), and match_datasets() from followthemoney.dataset. The sieve CLI command gains -d/--datasets to filter entity streams using this syntax.

Schema changes

• Person.biography — new text property for biographical descriptions.
• Vehicle is now matchable — vehicles can be used in entity matching/deduplication (fixes opensanctions/yente#1066).
• Thing.wikipediaUrl excluded from matching — Wikipedia URLs are no longer considered when comparing entities, reducing false positives.

CLI: migrate from EntityProxy to ValueEntity

All CLI commands that read JSONL entity streams (aggregate, sorted-aggregate, sieve, map, map-csv) now deserialize as ValueEntity instead of EntityProxy. This fixes incorrect merging of temporal metadata and dataset/referent fields during aggregation.

• map / map-csv accept -d/--dataset to set dataset metadata on emitted entities.
• Breaking: the legacy import-vis command has been removed.

Other changes

• Code style aligned with explicit emptiness checks (len(x) == 0 instead of if not x) in compare.py.
• Significant new test coverage for CLI commands, ValueEntity, dataset queries, address types, and mapping.
• Python 3.11 compatibility fix.
• Dependency updates: banal, CI actions, Jackson (Java), npm packages. Node.js 24 adopted for JS builds.

Full Changelog: opensanctions/followthemoney@v4.7.0...v4.8.0

v4.7.0

• Schema changes around PEP (Occupancy, topics)
• Crypto intel from @​nvmbrasserie

Full Changelog: opensanctions/followthemoney@v4.6.2...v4.7.0

v4.6.2

Rename role.pep label to PEP. Also try to fix JS build but fail miserably.

What's Changed

• Bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0 in /java by @​dependabot[bot] in opensanctions/followthemoney#240
• Bump @​rollup/plugin-commonjs from 29.0.1 to 29.0.2 in /js by @​dependabot[bot] in opensanctions/followthemoney#243
• Bump eslint from 10.0.2 to 10.0.3 in /js by @​dependabot[bot] in opensanctions/followthemoney#241
• Bump @​types/node from 25.3.3 to 25.3.5 in /js by @​dependabot[bot] in opensanctions/followthemoney#242
• Re-name role.pep to PEP by @​pudo in opensanctions/followthemoney#244

Full Changelog: opensanctions/followthemoney@v4.6.0...v4.6.2

Commits

• 4f574cc Bump version: 4.7.0 → 4.8.0
• 65e05e1 make the deps stack up again
• cb4c3b5 up banal dep
• 97efc83 aaaargh
• 9d27668 py 3.11 fix
• b03f37a banal and other infra fixes
• 856320c Add Person:biography prop
• 8ad798b Emit ValueEntity from mapping, add dataset filtering to sieve
• 79b47a1 Merge pull request #272 from opensanctions/pudo/dataset-dsl
• 441f571 Review thoughts
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)