chore(deps): update dependency sqlparse to v0.4.4 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sqlparse (changelog)	==0.4.2 -> ==0.4.4

GitHub Vulnerability Alerts

CVE-2023-30608

Impact

The SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The vulnerability may lead to Denial of Service (DoS).

Patches

This issues has been fixed in sqlparse 0.4.4.

Workarounds

None.

References

This issue was discovered and reported by GHSL team member @​erik-krogh (Erik Krogh Kristensen).

• Commit that introduced the vulnerability: e75e35869473832a1eb67772b1adfee2db11b85a

---

Release Notes

andialbrecht/sqlparse

v0.4.4

Compare Source

Notable Changes

• IMPORTANT: This release fixes a security vulnerability in the
  parser where a regular expression vulnerable to ReDOS (Regular
  Expression Denial of Service) was used. See the security advisory
  for details: GHSA-rrm6-wvj7-cwh2
  The vulnerability was discovered by @​erik-krogh from GitHub
  Security Lab (GHSL). Thanks for reporting!

Bug Fixes

• Revert a change from 0.4.0 that changed IN to be a comparison (issue694).
  The primary expectation is that IN is treated as a keyword and not as a
  comparison operator. That also follows the definition of reserved keywords
  for the major SQL syntax definitions.
• Fix regular expressions for string parsing.

Other

• sqlparse now uses pyproject.toml instead of setup.cfg (issue685).

v0.4.3

Compare Source

Enhancements

• Add support for DIV operator (pr664, by chezou).
• Add support for additional SPARK keywords (pr643, by mrmasterplan).
• Avoid tokens copy (pr622, by living180).
• Add REGEXP as a comparision (pr647, by PeterSandwich).
• Add DISTINCTROW keyword for MS Access (issue677).
• Improve parsing of CREATE TABLE AS SELECT (pr662, by chezou).

Bug Fixes

• Fix spelling of INDICATOR keyword (pr653, by ptld).
• Fix formatting error in EXTRACT function (issue562, issue670, pr676, by ecederstrand).
• Fix bad parsing of create table statements that use lower case (issue217, pr642, by mrmasterplan).
• Handle backtick as valid quote char (issue628, pr629, by codenamelxl).
• Allow any unicode character as valid identifier name (issue641).

Other

• Update github actions to test on Python 3.10 as well (pr661, by cclaus).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.