Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency sqlparse to v0.4.4 #788

Merged
merged 1 commit into from
Apr 18, 2023
Merged

chore(deps): update dependency sqlparse to v0.4.4 #788

merged 1 commit into from
Apr 18, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 18, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sqlparse (changelog) ==0.4.3 -> ==0.4.4 age adoption passing confidence

Release Notes

andialbrecht/sqlparse

v0.4.4

Compare Source

Notable Changes

  • IMPORTANT: This release fixes a security vulnerability in the
    parser where a regular expression vulnerable to ReDOS (Regular
    Expression Denial of Service) was used. See the security advisory
    for details: GHSA-rrm6-wvj7-cwh2
    The vulnerability was discovered by @​erik-krogh from GitHub
    Security Lab (GHSL). Thanks for reporting!

Bug Fixes

  • Revert a change from 0.4.0 that changed IN to be a comparison (issue694).
    The primary expectation is that IN is treated as a keyword and not as a
    comparison operator. That also follows the definition of reserved keywords
    for the major SQL syntax definitions.
  • Fix regular expressions for string parsing.

Other

  • sqlparse now uses pyproject.toml instead of setup.cfg (issue685).

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added automerge dependencies Pull requests that update a dependency file labels Apr 18, 2023
@codecov
Copy link

codecov bot commented Apr 18, 2023

Codecov Report

Merging #788 (43c3417) into main (8c77069) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #788   +/-   ##
=======================================
  Coverage   99.77%   99.77%           
=======================================
  Files           9        9           
  Lines         894      894           
=======================================
  Hits          892      892           
  Misses          2        2

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@jackton1 jackton1 merged commit 2cfd0d3 into main Apr 18, 2023
31 of 32 checks passed
@jackton1 jackton1 deleted the renovate/sqlparse-0.x branch April 18, 2023 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jackton1 jackton1 jackton1 approved these changes

Assignees

@jackton1 jackton1

Labels
automerge dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jackton1