You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Upgrading the sqlparse dependency will allow dependent projects to use the patched version.
Describe alternatives you've considered
I don't think there are any real alternatives to upgrading sqlparse, since using a non-patched version would be problematic for many of the developers and organizations who use dbt.
Who will this benefit?
All users and organizations who want to use the patched version of sqlparse.
Are you interested in contributing this feature?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered:
We will be releasing this fix in 1.8.0b3 (today) and back porting it to v1.7 and v1.6 (planned to release today).
Unfortunately, fixing this issue isn't straightforward for us for dbt-core v1.5.
While we'd love to update sqlparse to a safer version, it no longer supports Python 3.7, and dbt-core v1.5 relies on Python 3.7 compatibility. That means if we update sqlparse, we would break compatibility with our supported Python version.
Is this your first time submitting a feature request?
Describe the feature
sqlparse
< 0.5.0 contains a high severity vulnerability: GHSA-2m57-hf25-phgg.dbt-core currently pins
sqlparse
to < 0.50, see https://github.com/dbt-labs/dbt-core/blob/ee74a60082b34c3a3d0df8a0d5d5cbfd7ec5ed6a/core/setup.py#L70C9-L70C31.Upgrading the
sqlparse
dependency will allow dependent projects to use the patched version.Describe alternatives you've considered
I don't think there are any real alternatives to upgrading
sqlparse
, since using a non-patched version would be problematic for many of the developers and organizations who use dbt.Who will this benefit?
All users and organizations who want to use the patched version of
sqlparse
.Are you interested in contributing this feature?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: