diff options
| author | Trevor Gamblin <tgamblin@baylibre.com> | 2023-07-25 15:09:43 -0400 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2023-07-25 12:46:19 -0700 |
| commit | 74e70284acb2eb2f2a47a1ab1aa5ee0928d46344 (patch) | |
| tree | 8c63a764f2cff30cbefaf4095e7691895e312097 /meta-python/recipes-devtools/python/python3-sqlparse/run-ptest | |
| parent | 7fc427838dde831b2fcea167ab76fc2811d633e0 (diff) | |
| download | meta-openembedded-74e70284acb2eb2f2a47a1ab1aa5ee0928d46344.tar.gz | |
python3-sqlparse: upgrade 0.4.3 -> 0.4.4
- Use python_flit_core instead of setuptools3
- Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4
- Remove CVE-2023-30608.patch since it's now upstream:
[tgamblin@megalith sqlparse]$ git tag --contains c457abd
0.4.4
Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG):
Release 0.4.4 (Apr 18, 2023)
----------------------------
Notable Changes
* IMPORTANT: This release fixes a security vulnerability in the
parser where a regular expression vulnerable to ReDOS (Regular
Expression Denial of Service) was used. See the security advisory
for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
The vulnerability was discovered by @erik-krogh from GitHub
Security Lab (GHSL). Thanks for reporting!
Bug Fixes
* Revert a change from 0.4.0 that changed IN to be a comparison (issue694).
The primary expectation is that IN is treated as a keyword and not as a
comparison operator. That also follows the definition of reserved keywords
for the major SQL syntax definitions.
* Fix regular expressions for string parsing.
Other
* sqlparse now uses pyproject.toml instead of setup.cfg (issue685).
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse/run-ptest')
0 files changed, 0 insertions, 0 deletions