Bump sqlparse from 0.4.4 to 0.5.0 in /src (#285)

* Bump sqlparse from 0.4.4 to 0.5.0 in /src Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.4 to 0.5.0. - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](andialbrecht/sqlparse@0.4.4...0.5.0) --- updated-dependencies: - dependency-name: sqlparse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Require sqlparse>=0.5.0 in requirements.in --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Romaniello <aromaniello@ntia.gov>
NTIA · May 10, 2024 · b02ac0b · b02ac0b
1 parent 25582a6
commit b02ac0b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
@@ -335,7 +335,7 @@ six==1.16.0
     #   sigmf
 smart-open==6.4.0
     # via ray
-sqlparse==0.4.4
+sqlparse==0.5.0
     # via
     #   -r requirements.txt
     #   django

diff --git a/src/requirements.in b/src/requirements.in
@@ -17,6 +17,7 @@ scos_tekrsa @ git+https://github.com/NTIA/scos-tekrsa@6.0.0
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
 idna>=3.7             # CVE-2024-3651
-pyyaml>=5.4.0         # CVE-2020-14343
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
+pyyaml>=5.4.0         # CVE-2020-14343
+sqlparse>=0.5.0       # CVE-2024-4340
 urllib3>=1.26.18      # CVE-2023-45803
diff --git a/src/requirements.txt b/src/requirements.txt
@@ -163,8 +163,10 @@ six==1.16.0
     #   python-dateutil
     #   requests-mock
     #   sigmf
-sqlparse==0.4.4
-    # via django
+sqlparse==0.5.0
+    # via
+    #   -r requirements.in
+    #   django
 tekrsa-api-wrap==1.3.2
     # via scos-tekrsa
 typing-extensions==4.8.0