diff --git a/.changes/unreleased/Security-20240417-141316.yaml b/.changes/unreleased/Security-20240417-141316.yaml new file mode 100644 index 00000000000..16d8d572f89 --- /dev/null +++ b/.changes/unreleased/Security-20240417-141316.yaml @@ -0,0 +1,6 @@ +kind: Security +body: Bump sqlparse to >=0.5.0, <0.6.0 to address GHSA-2m57-hf25-phgg +time: 2024-04-17T14:13:16.896353-05:00 +custom: + Author: emmoop + PR: "9951" diff --git a/core/setup.py b/core/setup.py index a0878141a38..696e12cc6fb 100644 --- a/core/setup.py +++ b/core/setup.py @@ -68,7 +68,7 @@ "pathspec>=0.9,<0.12", "isodate>=0.6,<0.7", # ---- - "sqlparse>=0.2.3,<0.5", + "sqlparse>=0.5.0,<0.6.0", # ---- # These are major-version-0 packages also maintained by dbt-labs. Accept patches. "dbt-extractor~=0.5.0",