Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump sqlparse from 0.4.4 to 0.5.0 in /integration/airflow #3792

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 15, 2024

Bumps sqlparse from 0.4.4 to 0.5.0.

Changelog

Sourced from sqlparse's changelog.

Release 0.5.0 (Apr 13, 2024)

Notable Changes

  • Drop support for Python 3.5, 3.6, and 3.7.
  • Python 3.12 is now supported (pr725, by hugovk).
  • IMPORTANT: Fixes a potential denial of service attack (DOS) due to recursion error for deeply nested statements. Instead of recursion error a generic SQLParseError is raised. See the security advisory for details: GHSA-2m57-hf25-phgg The vulnerability was discovered by @​uriyay-jfrog. Thanks for reporting!

Enhancements:

  • Splitting statements now allows to remove the semicolon at the end. Some database backends love statements without semicolon (issue742).
  • Support TypedLiterals in get_parameters (pr649, by Khrol).
  • Improve splitting of Transact SQL when using GO keyword (issue762).
  • Support for some JSON operators (issue682).
  • Improve formatting of statements containing JSON operators (issue542).
  • Support for BigQuery and Snowflake keywords (pr699, by griffatrasgo).
  • Support parsing of OVER clause (issue701, pr768 by r33s3n6).

Bug Fixes

  • Ignore dunder attributes when creating Tokens (issue672).
  • Allow operators to precede dollar-quoted strings (issue763).
  • Fix parsing of nested order clauses (issue745, pr746 by john-bodley).
  • Thread-safe initialization of Lexer class (issue730).
  • Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on pr719 by josuc1, thanks for bringing this up!).
  • Fix parsing of PRIMARY KEY (issue740).

Other

  • Optimize performance of matching function (pr799, by admachainz).
Commits
  • ddbd0ec Bump version.
  • 29f2e0a Raise recursion limit for tests.
  • b4a39d9 Raise SQLParseError instead of RecursionError.
  • f1bcf2f Update AUHTORS and Changelog.
  • e03b74e Fix Function.get_parameters(), add Funtion.get_window()
  • 617b8f6 Add OVER clause, and group it into Function (fixes #701)
  • d8f8147 Update AUHTORS and Changelog.
  • 012c9f1 Optimize sqlparse.utils.imt().
  • 46971e5 Fix parsing of PRIMARY KEY (fixes #740).
  • fc4b0be Code cleanup.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.4 to 0.5.0.
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.4.4...0.5.0)

---
updated-dependencies:
- dependency-name: sqlparse
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added th/dependencies Theme: Pertains to project dependencies, including libraries or frameworks lang/python Language: Issues related to Python programming labels Apr 15, 2024
Copy link
Contributor

coderabbitai bot commented Apr 15, 2024

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions github-actions bot enabled auto-merge (squash) April 15, 2024 23:38
@github-actions github-actions bot merged commit 2c1c2b9 into main Apr 27, 2024
15 checks passed
@github-actions github-actions bot deleted the dependabot/pip/integration/airflow/sqlparse-0.5.0 branch April 27, 2024 16:57
aronchick added a commit that referenced this pull request Apr 27, 2024
Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.4 to
0.5.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG">sqlparse's
changelog</a>.</em></p>
<blockquote>
<h2>Release 0.5.0 (Apr 13, 2024)</h2>
<p>Notable Changes</p>
<ul>
<li>Drop support for Python 3.5, 3.6, and 3.7.</li>
<li>Python 3.12 is now supported (pr725, by hugovk).</li>
<li>IMPORTANT: Fixes a potential denial of service attack (DOS) due to
recursion
error for deeply nested statements. Instead of recursion error a generic
SQLParseError is raised. See the security advisory for details:
<a
href="https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-2m57-hf25-phgg">https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-2m57-hf25-phgg</a>
The vulnerability was discovered by <a
href="https://github.com/uriyay-jfrog"><code>@​uriyay-jfrog</code></a>.
Thanks for reporting!</li>
</ul>
<p>Enhancements:</p>
<ul>
<li>Splitting statements now allows to remove the semicolon at the end.
Some database backends love statements without semicolon
(issue742).</li>
<li>Support TypedLiterals in get_parameters (pr649, by Khrol).</li>
<li>Improve splitting of Transact SQL when using GO keyword
(issue762).</li>
<li>Support for some JSON operators (issue682).</li>
<li>Improve formatting of statements containing JSON operators
(issue542).</li>
<li>Support for BigQuery and Snowflake keywords (pr699, by
griffatrasgo).</li>
<li>Support parsing of OVER clause (issue701, pr768 by r33s3n6).</li>
</ul>
<p>Bug Fixes</p>
<ul>
<li>Ignore dunder attributes when creating Tokens (issue672).</li>
<li>Allow operators to precede dollar-quoted strings (issue763).</li>
<li>Fix parsing of nested order clauses (issue745, pr746 by
john-bodley).</li>
<li>Thread-safe initialization of Lexer class (issue730).</li>
<li>Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on
pr719
by josuc1, thanks for bringing this up!).</li>
<li>Fix parsing of PRIMARY KEY (issue740).</li>
</ul>
<p>Other</p>
<ul>
<li>Optimize performance of matching function (pr799, by
admachainz).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/ddbd0ec3592545c914fe71e47118c04582d8bfb0"><code>ddbd0ec</code></a>
Bump version.</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/29f2e0a6609ddc1fa248faef1bc41616043c544e"><code>29f2e0a</code></a>
Raise recursion limit for tests.</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03"><code>b4a39d9</code></a>
Raise SQLParseError instead of RecursionError.</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/f1bcf2f8a7ddf6854c99990c56ff5394f4981d58"><code>f1bcf2f</code></a>
Update AUHTORS and Changelog.</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/e03b74e608b71dd06824c2cb42421c0d790248e3"><code>e03b74e</code></a>
Fix Function.get_parameters(), add Funtion.get_window()</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/617b8f6cd3c55bacf2c80130901508518753f7e1"><code>617b8f6</code></a>
Add OVER clause, and group it into Function (fixes <a
href="https://redirect.github.com/andialbrecht/sqlparse/issues/701">#701</a>)</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/d8f81471cfc2c39ac43128e2a0c8cc67c313cc40"><code>d8f8147</code></a>
Update AUHTORS and Changelog.</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/012c9f10c8ddfa47ccf17ead28122492155cf6fc"><code>012c9f1</code></a>
Optimize sqlparse.utils.imt().</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/46971e5a804b29e7dbd437155a8ceffab8ef1cd5"><code>46971e5</code></a>
Fix parsing of PRIMARY KEY (fixes <a
href="https://redirect.github.com/andialbrecht/sqlparse/issues/740">#740</a>).</li>
<li><a
href="https://github.com/andialbrecht/sqlparse/commit/fc4b0beab89c5598d556572cb6db0165affb017b"><code>fc4b0be</code></a>
Code cleanup.</li>
<li>Additional commits viewable in <a
href="https://github.com/andialbrecht/sqlparse/compare/0.4.4...0.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sqlparse&package-manager=pip&previous-version=0.4.4&new-version=0.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/bacalhau-project/bacalhau/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Aronchick <aronchick@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lang/python Language: Issues related to Python programming th/dependencies Theme: Pertains to project dependencies, including libraries or frameworks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant