Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore: Bump sqlparse to 0.4.4 #24045

Merged
merged 5 commits into from
May 23, 2023
Merged

chore: Bump sqlparse to 0.4.4 #24045

merged 5 commits into from
May 23, 2023

Conversation

EugeneTorap
Copy link
Contributor

@EugeneTorap EugeneTorap commented May 12, 2023
edited
Loading

SUMMARY

Bump sqlparse from 0.4.3 to 0.4.4
Fixes #23896 - CVE-2023-30608
Resolves #23742
#23771 have been superseded by this PR

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

github-advanced-security[bot]
github-advanced-security bot found potential problems May 12, 2023
View reviewed changes
@codecov
Copy link

codecov bot commented May 19, 2023
edited
Loading

Codecov Report

Merging #24045 (a3703af) into master (97482c5) will decrease coverage by 0.04%.
The diff coverage is 75.09%.

❗ Current head a3703af differs from pull request most recent head d787999. Consider uploading reports for the commit d787999 to get more accurate results

@@            Coverage Diff             @@
##           master   #24045      +/-   ##
==========================================
- Coverage   68.22%   68.18%   -0.04%     
==========================================
  Files        1941     1955      +14     
  Lines       75261    75456     +195     
  Branches     8168     8215      +47     
==========================================
+ Hits        51344    51451     +107     
- Misses      21828    21899      +71     
- Partials     2089     2106      +17
Flag Coverage Δ
hive ?
mysql 78.95% <74.64%> (+0.01%) ⬆️
postgres 79.03% <74.64%> (+0.01%) ⬆️
presto 53.24% <41.07%> (+0.14%) ⬆️
python 82.65% <81.07%> (-0.14%) ⬇️
sqlite 77.56% <73.21%> (+0.02%) ⬆️
unit 53.33% <48.57%> (+0.28%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...i-core/src/color/colorSchemes/sequential/common.ts 100.00% <ø> (ø)
...set-ui-core/src/ui-overrides/ExtensionsRegistry.ts 100.00% <ø> (ø)
...ackages/superset-ui-core/src/utils/featureFlags.ts 100.00% <ø> (ø)
...plugins/legacy-preset-chart-deckgl/src/factory.tsx 0.00% <ø> (ø)
...preset-chart-deckgl/src/layers/Heatmap/Heatmap.tsx 0.00% <0.00%> (ø)
...d/plugins/legacy-preset-chart-deckgl/src/preset.js 100.00% <ø> (ø)
...hart-echarts/src/MixedTimeseries/transformProps.ts 0.00% <0.00%> (ø)
...lugin-chart-echarts/src/Timeseries/transformers.ts 56.95% <ø> (-0.29%) ⬇️
...n-chart-handlebars/src/plugin/controls/columns.tsx 15.78% <0.00%> (+0.78%) ⬆️
...frontend/src/SqlLab/components/ResultSet/index.tsx 63.05% <ø> (+0.39%) ⬆️
... and 144 more

... and 4 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@sebastianliebscher
Copy link
Contributor

This PR should resolve #23742 too

@EugeneTorap EugeneTorap mentioned this pull request May 23, 2023
Closed
9 tasks
villebro
villebro approved these changes May 23, 2023
View reviewed changes
Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the bump and cleaning this up 👍

@villebro villebro merged commit a7f9c66 into apache:master May 23, 2023
@EugeneTorap EugeneTorap deleted the chore/bump-sqlparse-lib branch May 23, 2023 08:39
@michael-s-molina michael-s-molina mentioned this pull request Jul 10, 2023
Closed
@sebastianliebscher sebastianliebscher mentioned this pull request Jul 19, 2023
Closed
eschutho pushed a commit that referenced this pull request Dec 2, 2023
@EugeneTorap @sebastianliebscher @eschutho
chore: Bump sqlparse to 0.4.4 (#24045)
056c598 
Co-authored-by: sebastianliebscher <liebscher.sebastian@protonmail.ch>
@mistercrunch mistercrunch added 🍒 2.1.3 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 3.0.0 labels Mar 8, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@villebro villebro villebro approved these changes

Assignees
No one assigned
Labels
2.1.3 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/S v2.1 🍒 2.1.3 🚢 3.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2023-30608 superset db upgrade not working due to removal of FLAGS variable in sqlparse/kewords.py
5 participants
@EugeneTorap @sebastianliebscher @villebro @mistercrunch @eschutho