Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade sqlparse to 0.4.4 #180

Closed
ArgusLi opened this issue May 2, 2023 · 0 comments · Fixed by #181
Closed

Upgrade sqlparse to 0.4.4 #180

ArgusLi opened this issue May 2, 2023 · 0 comments · Fixed by #181
Assignees
@ArgusLi
Labels
dependencies Pull requests that update a dependency file

Comments

@ArgusLi
Copy link
Contributor

ArgusLi commented May 2, 2023

Describe the enhancement requested

Upgrade sqlparse to 0.4.4.

Justification for this enhancement

This release fixes a security vulnerability in the parser where a regular expression vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: GHSA-rrm6-wvj7-cwh2 The vulnerability was discovered by @erik-krogh from GitHub Security Lab (GHSL). Thanks for reporting!

Source: https://sqlparse.readthedocs.io/en/latest/changes/#release-0-4-4-apr-18-2023
@ArgusLi ArgusLi added the dependencies Pull requests that update a dependency file label May 2, 2023
@ArgusLi ArgusLi self-assigned this May 2, 2023
@ArgusLi ArgusLi linked a pull request May 3, 2023 that will close this issue
Update dev_requirements.txt and THIRD_PARTY_LICENSES.txt for sqlparse… #181
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ArgusLi ArgusLi

Labels
dependencies Pull requests that update a dependency file
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update dev_requirements.txt and THIRD_PARTY_LICENSES.txt for sqlparse… dremio/dbt-dremio
1 participant
@ArgusLi