Merge pull request #55 from dbt-labs/qmalcolm--CVE-2024-22195-exclude-Jinja2-3.1.2-new

QMalcolm · web-flow · commit 9b13827913b2 · 2024-03-20T10:48:46.000-07:00
Upgrade Jinja2 dependency version specification to address CVE-2024-22195
diff --git a/requirements.in b/requirements.in
@@ -2,10 +2,10 @@
 duckcli>=0.2.1
 
 # Database adapter
-dbt-duckdb>=1.3.1
+dbt-duckdb>=1.7.3,<1.8.0
 
-# dbt Core 1.3
-dbt-core>=1.3.0
+# dbt Core 1.
+dbt-core>=1.7.9,<1.8.0
 
 # extra features
-sqlfluff~=1.2.1
+sqlfluff>=2.3.5,<3
diff --git a/requirements.txt b/requirements.txt
@@ -1,32 +1,37 @@
 #
-# This file is autogenerated by pip-compile with python 3.8
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.8
+# by the following command:
 #
 #    pip-compile
 #
-agate==1.7.0
+agate==1.7.1
     # via dbt-core
+annotated-types==0.6.0
+    # via pydantic
 appdirs==1.4.4
     # via sqlfluff
-attrs==23.1.0
-    # via jsonschema
-babel==2.12.1
+attrs==23.2.0
+    # via
+    #   jsonschema
+    #   referencing
+babel==2.14.0
     # via agate
-certifi==2022.12.7
+certifi==2024.2.2
     # via requests
-cffi==1.15.1
+cffi==1.16.0
     # via dbt-core
-chardet==5.1.0
+chardet==5.2.0
     # via
     #   diff-cover
     #   sqlfluff
-charset-normalizer==3.1.0
+charset-normalizer==3.3.2
     # via requests
-cli-helpers[styles]==2.3.0
+cli-helpers[styles]==2.3.1
     # via duckcli
-click==8.1.3
+click==8.1.7
     # via
     #   dbt-core
+    #   dbt-semantic-interfaces
     #   duckcli
     #   sqlfluff
 colorama==0.4.6
@@ -37,151 +42,175 @@ configobj==5.0.8
     # via
     #   cli-helpers
     #   duckcli
-dbt-core==1.5.0
+dbt-core==1.7.9
     # via
     #   -r requirements.in
     #   dbt-duckdb
-dbt-duckdb==1.5.0
+dbt-duckdb==1.7.3
     # via -r requirements.in
-dbt-extractor==0.4.1
+dbt-extractor==0.5.1
+    # via dbt-core
+dbt-semantic-interfaces==0.4.4
     # via dbt-core
-diff-cover==7.5.0
+diff-cover==8.0.3
     # via sqlfluff
 duckcli==0.2.1
     # via -r requirements.in
-duckdb==0.7.1
+duckdb==0.10.0
     # via
     #   dbt-duckdb
     #   duckcli
-exceptiongroup==1.1.1
+exceptiongroup==1.2.0
     # via pytest
-future==0.18.3
-    # via parsedatetime
-hologram==0.0.16
-    # via dbt-core
-idna==3.4
+idna==3.6
     # via
     #   dbt-core
     #   requests
-importlib-resources==5.12.0
-    # via jsonschema
+importlib-metadata==6.11.0
+    # via dbt-semantic-interfaces
+importlib-resources==6.1.3
+    # via
+    #   jsonschema
+    #   jsonschema-specifications
+    #   sqlfluff
 iniconfig==2.0.0
     # via pytest
 isodate==0.6.1
     # via
     #   agate
     #   dbt-core
-jinja2==3.1.2
+jinja2==3.1.3
     # via
     #   dbt-core
+    #   dbt-semantic-interfaces
     #   diff-cover
     #   sqlfluff
-jsonschema==4.17.3
-    # via hologram
-leather==0.3.4
+jsonschema==4.21.1
+    # via
+    #   dbt-core
+    #   dbt-semantic-interfaces
+jsonschema-specifications==2023.12.1
+    # via jsonschema
+leather==0.4.0
     # via agate
 logbook==1.5.3
     # via dbt-core
-markupsafe==2.1.2
-    # via
-    #   jinja2
-    #   werkzeug
-mashumaro[msgpack]==3.6
+markupsafe==2.1.5
+    # via jinja2
+mashumaro[msgpack]==3.12
     # via dbt-core
 minimal-snowplow-tracker==0.0.2
     # via dbt-core
-msgpack==1.0.5
+more-itertools==10.2.0
+    # via dbt-semantic-interfaces
+msgpack==1.0.8
     # via mashumaro
-networkx==2.8.8
+networkx==3.1
     # via dbt-core
-packaging==23.1
+packaging==24.0
     # via
     #   dbt-core
     #   pytest
-parsedatetime==2.4
+parsedatetime==2.6
     # via agate
-pathspec==0.11.1
+pathspec==0.11.2
     # via
     #   dbt-core
     #   sqlfluff
 pkgutil-resolve-name==1.3.10
     # via jsonschema
-pluggy==1.0.0
+pluggy==1.4.0
     # via
     #   diff-cover
     #   pytest
-prompt-toolkit==3.0.38
+prompt-toolkit==3.0.43
     # via duckcli
-protobuf==4.22.3
+protobuf==4.25.3
     # via dbt-core
 pycparser==2.21
     # via cffi
-pygments==2.15.1
+pydantic==2.6.3
+    # via dbt-semantic-interfaces
+pydantic-core==2.16.3
+    # via pydantic
+pygments==2.17.2
     # via
     #   cli-helpers
     #   diff-cover
     #   duckcli
-pyrsistent==0.19.3
-    # via jsonschema
-pytest==7.3.1
+pytest==8.1.1
     # via sqlfluff
-python-dateutil==2.8.2
-    # via hologram
-python-slugify==8.0.1
+python-dateutil==2.9.0.post0
+    # via dbt-semantic-interfaces
+python-slugify==8.0.4
     # via agate
 pytimeparse==1.1.8
     # via agate
-pytz==2023.3
+pytz==2024.1
     # via
     #   babel
     #   dbt-core
-pyyaml==6.0
+pyyaml==6.0.1
     # via
     #   dbt-core
+    #   dbt-semantic-interfaces
     #   sqlfluff
-regex==2023.3.23
+referencing==0.33.0
+    # via
+    #   jsonschema
+    #   jsonschema-specifications
+regex==2023.12.25
     # via sqlfluff
-requests==2.29.0
+requests==2.31.0
     # via
     #   dbt-core
     #   minimal-snowplow-tracker
+rpds-py==0.18.0
+    # via
+    #   jsonschema
+    #   referencing
 six==1.16.0
     # via
     #   configobj
     #   isodate
-    #   leather
     #   minimal-snowplow-tracker
     #   python-dateutil
-sqlfluff==1.2.1
+sqlfluff==2.3.5
     # via -r requirements.in
-sqlparse==0.4.3
+sqlparse==0.4.4
     # via
     #   dbt-core
     #   duckcli
 tabulate[widechars]==0.9.0
     # via cli-helpers
-tblib==1.7.0
+tblib==3.0.0
     # via sqlfluff
 text-unidecode==1.3
     # via python-slugify
 toml==0.10.2
     # via sqlfluff
 tomli==2.0.1
     # via pytest
-tqdm==4.65.0
+tqdm==4.66.2
     # via sqlfluff
-typing-extensions==4.5.0
+typing-extensions==4.10.0
     # via
+    #   annotated-types
     #   dbt-core
+    #   dbt-semantic-interfaces
     #   mashumaro
+    #   pydantic
+    #   pydantic-core
     #   sqlfluff
-urllib3==1.26.15
-    # via requests
-wcwidth==0.2.6
+urllib3==1.26.18
+    # via
+    #   dbt-core
+    #   requests
+wcwidth==0.2.13
     # via
     #   prompt-toolkit
     #   tabulate
-werkzeug==2.3.1
-    # via dbt-core
-zipp==3.15.0
-    # via importlib-resources
+zipp==3.17.0
+    # via
+    #   importlib-metadata
+    #   importlib-resources
