Skip to content

Update dependency sqlparse to v0.4.2#8

Open
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/sqlparse-0.x
Open

Update dependency sqlparse to v0.4.2#8
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/sqlparse-0.x

Conversation

@mend-for-github-com

@mend-for-github-com mend-for-github-com Bot commented Dec 21, 2022
edited
Loading

Copy link
Copy Markdown

This PR contains the following updates:

Package Update Change
sqlparse (changelog) patch ==0.4.1==0.4.2

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
High High 7.5 WS-2021-0369

Release Notes

andialbrecht/sqlparse (sqlparse)

v0.4.2

Compare Source

Notable Changes

  • IMPORTANT: This release fixes a security vulnerability in the
    strip comments filter. In this filter a regular expression that was
    vulnerable to ReDOS (Regular Expression Denial of Service) was
    used. See the security advisory for details: GHSA-p5w8-wqhj-9hhf
    The vulnerability was discovered by @​erik-krogh and @​yoff from
    GitHub Security Lab (GHSL). Thanks for reporting!

Enhancements

  • Add ELSIF as keyword (issue584).
  • Add CONFLICT and ON_ERROR_STOP keywords (pr595, by j-martin).

Bug Fixes

  • Fix parsing of backticks (issue588).
  • Fix parsing of scientific number (issue399).
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com Bot added the security fix Security fix generated by Mend label Dec 21, 2022
@mend-for-github-com mend-for-github-com Bot changed the title Update dependency sqlparse to v0.4.2 chore(deps): update dependency sqlparse to v0.4.2 Jan 29, 2023
@mend-for-github-com mend-for-github-com Bot changed the title chore(deps): update dependency sqlparse to v0.4.2 chore(deps): update dependency sqlparse to v0.4.4 Oct 2, 2023
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/sqlparse-0.x branch from f5a01c7 to cee0605 Compare October 2, 2023 18:11
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/sqlparse-0.x branch from cee0605 to 4d53631 Compare May 1, 2024 12:17
@mend-for-github-com mend-for-github-com Bot changed the title chore(deps): update dependency sqlparse to v0.4.4 chore(deps): update dependency sqlparse to v0.5.0 May 1, 2024
@mend-for-github-com mend-for-github-com Bot changed the title chore(deps): update dependency sqlparse to v0.5.0 chore(deps): update dependency sqlparse to v0.4.2 Jul 30, 2025
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/sqlparse-0.x branch from 4d53631 to 5b91741 Compare July 30, 2025 18:11
@mend-for-github-com mend-for-github-com Bot changed the title chore(deps): update dependency sqlparse to v0.4.2 Update dependency sqlparse to v0.4.2 May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants