Skip to content

Commit

Permalink
update sqlparse to be in line with dbt-core (#768)
Browse files Browse the repository at this point in the history
* update sqlparse requirement to be in parity with dbt-core

* add changelog

* allow verify tests to pass (will need to patch)

* pin core, update changelong, add ref to core security issue

* revert core pin as not in pypi

* update changelong to match core, reapply core new bound

* pushing bound back up to be in line of what new core will be after b3 release
  • Loading branch information
McKnight-42 authored Apr 18, 2024
1 parent fdad756 commit 663b8ed
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
6 changes: 6 additions & 0 deletions .changes/unreleased/Security-20240416-195919.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
kind: Security
body: Bump sqlparse to >=0.5.0, <0.6.0 to address GHSA-2m57-hf25-phgg along with dbt-core
time: 2024-04-16T19:59:19.233806-05:00
custom:
Author: McKnight-42
PR: "768"
4 changes: 2 additions & 2 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,9 @@ def _plugin_version_trim() -> str:
# Pin to the patch or minor version, and bump in each new minor version of dbt-redshift.
"redshift-connector<2.0.918,>=2.0.913,!=2.0.914",
# add dbt-core to ensure backwards compatibility of installation, this is not a functional dependency
"dbt-core>=1.8.0a1",
"dbt-core>=1.8.0b3",
# installed via dbt-core but referenced directly; don't pin to avoid version conflicts with dbt-core
"sqlparse>=0.2.3,<0.5",
"sqlparse>=0.5.0,<0.6.0",
"agate",
],
zip_safe=False,
Expand Down

0 comments on commit 663b8ed

Please sign in to comment.