From 663b8edfb1d1f36e5014e9a2e9455dc771bdb722 Mon Sep 17 00:00:00 2001 From: Matthew McKnight <91097623+McKnight-42@users.noreply.github.com> Date: Thu, 18 Apr 2024 13:55:21 -0500 Subject: [PATCH] update sqlparse to be in line with dbt-core (#768) * update sqlparse requirement to be in parity with dbt-core * add changelog * allow verify tests to pass (will need to patch) * pin core, update changelong, add ref to core security issue * revert core pin as not in pypi * update changelong to match core, reapply core new bound * pushing bound back up to be in line of what new core will be after b3 release --- .changes/unreleased/Security-20240416-195919.yaml | 6 ++++++ setup.py | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 .changes/unreleased/Security-20240416-195919.yaml diff --git a/.changes/unreleased/Security-20240416-195919.yaml b/.changes/unreleased/Security-20240416-195919.yaml new file mode 100644 index 000000000..af8fb6f1d --- /dev/null +++ b/.changes/unreleased/Security-20240416-195919.yaml @@ -0,0 +1,6 @@ +kind: Security +body: Bump sqlparse to >=0.5.0, <0.6.0 to address GHSA-2m57-hf25-phgg along with dbt-core +time: 2024-04-16T19:59:19.233806-05:00 +custom: + Author: McKnight-42 + PR: "768" diff --git a/setup.py b/setup.py index 4673657b8..dbb3913b9 100644 --- a/setup.py +++ b/setup.py @@ -66,9 +66,9 @@ def _plugin_version_trim() -> str: # Pin to the patch or minor version, and bump in each new minor version of dbt-redshift. "redshift-connector<2.0.918,>=2.0.913,!=2.0.914", # add dbt-core to ensure backwards compatibility of installation, this is not a functional dependency - "dbt-core>=1.8.0a1", + "dbt-core>=1.8.0b3", # installed via dbt-core but referenced directly; don't pin to avoid version conflicts with dbt-core - "sqlparse>=0.2.3,<0.5", + "sqlparse>=0.5.0,<0.6.0", "agate", ], zip_safe=False,