Bump sqlparse from 0.4.4 to 0.5.0

[dependabot]

Bumps sqlparse from 0.4.4 to 0.5.0.

Changelog

Sourced from sqlparse's changelog.

Release 0.5.0 (Apr 13, 2024)

Notable Changes

• Drop support for Python 3.5, 3.6, and 3.7.
• Python 3.12 is now supported (pr725, by hugovk).
• IMPORTANT: Fixes a potential denial of service attack (DOS) due to recursion error for deeply nested statements. Instead of recursion error a generic SQLParseError is raised. See the security advisory for details: GHSA-2m57-hf25-phgg The vulnerability was discovered by @​uriyay-jfrog. Thanks for reporting!

Enhancements

• Splitting statements now allows to remove the semicolon at the end. Some database backends love statements without semicolon (issue742).
• Support TypedLiterals in get_parameters (pr749, by Khrol).
• Improve splitting of Transact SQL when using GO keyword (issue762).
• Support for some JSON operators (issue682).
• Improve formatting of statements containing JSON operators (issue542).
• Support for BigQuery and Snowflake keywords (pr699, by griffatrasgo).
• Support parsing of OVER clause (issue701, pr768 by r33s3n6).

Bug Fixes

• Ignore dunder attributes when creating Tokens (issue672).
• Allow operators to precede dollar-quoted strings (issue763).
• Fix parsing of nested order clauses (issue745, pr746 by john-bodley).
• Thread-safe initialization of Lexer class (issue730).
• Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on pr719 by josuc1, thanks for bringing this up!).
• Fix parsing of PRIMARY KEY (issue740).

Other

• Optimize performance of matching function (pr799, by admachainz).

Commits

• ddbd0ec Bump version.
• 29f2e0a Raise recursion limit for tests.
• b4a39d9 Raise SQLParseError instead of RecursionError.
• f1bcf2f Update AUHTORS and Changelog.
• e03b74e Fix Function.get_parameters(), add Funtion.get_window()
• 617b8f6 Add OVER clause, and group it into Function (fixes #701)
• d8f8147 Update AUHTORS and Changelog.
• 012c9f1 Optimize sqlparse.utils.imt().
• 46971e5 Fix parsing of PRIMARY KEY (fixes #740).
• fc4b0be Code cleanup.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by Sourcery

Update sqlparse to 0.5.0.

Bug Fixes:

• Fix a potential denial of service attack due to recursion error for deeply nested statements.

Enhancements:

• Add support for Python 3.12.
• Drop support for Python 3.5, 3.6, and 3.7.
• Allow removal of semicolons at the end of statements when splitting.
• Add support for TypedLiterals in get_parameters.
• Improve splitting of Transact SQL when using the GO keyword.
• Add support for some JSON operators.
• Improve formatting of statements containing JSON operators.
• Add support for BigQuery and Snowflake keywords.
• Add support for parsing the OVER clause.
• Optimize performance of the matching function.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request bumps the sqlparse dependency from version 0.4.4 to 0.5.0. This addresses a potential denial of service vulnerability and introduces several enhancements and bug fixes. Support for Python 3.5, 3.6, and 3.7 is dropped, while Python 3.12 is now supported.

Sequence diagram for SQL parsing with DOS protection

sequenceDiagram
    participant Client
    participant SQLParser
    participant ErrorHandler

    Client->>SQLParser: Parse SQL statement
    alt Normal parsing
        SQLParser->>SQLParser: Process statement
        SQLParser-->>Client: Parsed result
    else Deeply nested statement
        SQLParser->>ErrorHandler: Detect deep nesting
        ErrorHandler-->>Client: SQLParseError
    end

Loading

State diagram for sqlparse version upgrade changes

stateDiagram-v2
    [*] --> sqlparse_0.4.4
    sqlparse_0.4.4 --> sqlparse_0.5.0
    state sqlparse_0.5.0 {
        state "Security Improvements" as si
        state "Python Support" as ps
        state "Feature Enhancements" as fe
        si: Fix DOS vulnerability
        ps: + Python 3.12
        ps: - Python 3.5/3.6/3.7
        fe: + JSON operators
        fe: + OVER clause
        fe: + Thread-safe Lexer
    }
    sqlparse_0.5.0 --> [*]

Loading

File-Level Changes

Change	Details	Files
Upgrade sqlparse package	Bumped sqlparse version from 0.4.4 to 0.5.0 in requirements.txt	requirements.txt

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.