diff --git a/.changes/unreleased/Security-20240416-195919.yaml b/.changes/unreleased/Security-20240416-195919.yaml new file mode 100644 index 000000000..af8fb6f1d --- /dev/null +++ b/.changes/unreleased/Security-20240416-195919.yaml @@ -0,0 +1,6 @@ +kind: Security +body: Bump sqlparse to >=0.5.0, <0.6.0 to address GHSA-2m57-hf25-phgg along with dbt-core +time: 2024-04-16T19:59:19.233806-05:00 +custom: + Author: McKnight-42 + PR: "768" diff --git a/setup.py b/setup.py index 4673657b8..dbb3913b9 100644 --- a/setup.py +++ b/setup.py @@ -66,9 +66,9 @@ def _plugin_version_trim() -> str: # Pin to the patch or minor version, and bump in each new minor version of dbt-redshift. "redshift-connector<2.0.918,>=2.0.913,!=2.0.914", # add dbt-core to ensure backwards compatibility of installation, this is not a functional dependency - "dbt-core>=1.8.0a1", + "dbt-core>=1.8.0b3", # installed via dbt-core but referenced directly; don't pin to avoid version conflicts with dbt-core - "sqlparse>=0.2.3,<0.5", + "sqlparse>=0.5.0,<0.6.0", "agate", ], zip_safe=False,