From bc1f7f28a5d0a01608b07883c7dcfb2ebaaa0df8 Mon Sep 17 00:00:00 2001 From: Quigley Malcolm Date: Mon, 11 Mar 2024 11:55:12 -0700 Subject: [PATCH 1/2] Update requirements.in to operate on dbt-core 1.7 We wanted to move this project to the latest dbt-core version to ensure it operates on a version of dbt-core that has addressed the security issue (CVE-2024-22195) with Jinja2. By association we also had to upgrade the version of dbt-duckdb being used. Tangentially we also upgraded the version of sqlfluff. --- requirements.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements.in b/requirements.in index 46400d21..a598d6b6 100644 --- a/requirements.in +++ b/requirements.in @@ -2,10 +2,10 @@ duckcli>=0.2.1 # Database adapter -dbt-duckdb>=1.3.1 +dbt-duckdb>=1.7.3,<1.8.0 -# dbt Core 1.3 -dbt-core>=1.3.0 +# dbt Core 1. +dbt-core>=1.7.9,<1.8.0 # extra features -sqlfluff~=1.2.1 +sqlfluff>=2.3.5,<3 From 479a5d56b870998ced69d93b269404213beea446 Mon Sep 17 00:00:00 2001 From: Quigley Malcolm Date: Mon, 11 Mar 2024 12:10:35 -0700 Subject: [PATCH 2/2] Regenerate `requirements.txt` to use dbt-core 1.7 and related dependencies The `requirements.txt` was regenerated by first deleting the existing `requirements.txt` and then running `$ pip-compile`. --- requirements.txt | 161 ++++++++++++++++++++++++++++------------------- 1 file changed, 95 insertions(+), 66 deletions(-) diff --git a/requirements.txt b/requirements.txt index 15846075..9d6852ba 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,32 +1,37 @@ # -# This file is autogenerated by pip-compile with python 3.8 -# To update, run: +# This file is autogenerated by pip-compile with Python 3.8 +# by the following command: # # pip-compile # -agate==1.7.0 +agate==1.7.1 # via dbt-core +annotated-types==0.6.0 + # via pydantic appdirs==1.4.4 # via sqlfluff -attrs==23.1.0 - # via jsonschema -babel==2.12.1 +attrs==23.2.0 + # via + # jsonschema + # referencing +babel==2.14.0 # via agate -certifi==2022.12.7 +certifi==2024.2.2 # via requests -cffi==1.15.1 +cffi==1.16.0 # via dbt-core -chardet==5.1.0 +chardet==5.2.0 # via # diff-cover # sqlfluff -charset-normalizer==3.1.0 +charset-normalizer==3.3.2 # via requests -cli-helpers[styles]==2.3.0 +cli-helpers[styles]==2.3.1 # via duckcli -click==8.1.3 +click==8.1.7 # via # dbt-core + # dbt-semantic-interfaces # duckcli # sqlfluff colorama==0.4.6 @@ -37,130 +42,148 @@ configobj==5.0.8 # via # cli-helpers # duckcli -dbt-core==1.5.0 +dbt-core==1.7.9 # via # -r requirements.in # dbt-duckdb -dbt-duckdb==1.5.0 +dbt-duckdb==1.7.3 # via -r requirements.in -dbt-extractor==0.4.1 +dbt-extractor==0.5.1 + # via dbt-core +dbt-semantic-interfaces==0.4.4 # via dbt-core -diff-cover==7.5.0 +diff-cover==8.0.3 # via sqlfluff duckcli==0.2.1 # via -r requirements.in -duckdb==0.7.1 +duckdb==0.10.0 # via # dbt-duckdb # duckcli -exceptiongroup==1.1.1 +exceptiongroup==1.2.0 # via pytest -future==0.18.3 - # via parsedatetime -hologram==0.0.16 - # via dbt-core -idna==3.4 +idna==3.6 # via # dbt-core # requests -importlib-resources==5.12.0 - # via jsonschema +importlib-metadata==6.11.0 + # via dbt-semantic-interfaces +importlib-resources==6.1.3 + # via + # jsonschema + # jsonschema-specifications + # sqlfluff iniconfig==2.0.0 # via pytest isodate==0.6.1 # via # agate # dbt-core -jinja2==3.1.2 +jinja2==3.1.3 # via # dbt-core + # dbt-semantic-interfaces # diff-cover # sqlfluff -jsonschema==4.17.3 - # via hologram -leather==0.3.4 +jsonschema==4.21.1 + # via + # dbt-core + # dbt-semantic-interfaces +jsonschema-specifications==2023.12.1 + # via jsonschema +leather==0.4.0 # via agate logbook==1.5.3 # via dbt-core -markupsafe==2.1.2 - # via - # jinja2 - # werkzeug -mashumaro[msgpack]==3.6 +markupsafe==2.1.5 + # via jinja2 +mashumaro[msgpack]==3.12 # via dbt-core minimal-snowplow-tracker==0.0.2 # via dbt-core -msgpack==1.0.5 +more-itertools==10.2.0 + # via dbt-semantic-interfaces +msgpack==1.0.8 # via mashumaro -networkx==2.8.8 +networkx==3.1 # via dbt-core -packaging==23.1 +packaging==24.0 # via # dbt-core # pytest -parsedatetime==2.4 +parsedatetime==2.6 # via agate -pathspec==0.11.1 +pathspec==0.11.2 # via # dbt-core # sqlfluff pkgutil-resolve-name==1.3.10 # via jsonschema -pluggy==1.0.0 +pluggy==1.4.0 # via # diff-cover # pytest -prompt-toolkit==3.0.38 +prompt-toolkit==3.0.43 # via duckcli -protobuf==4.22.3 +protobuf==4.25.3 # via dbt-core pycparser==2.21 # via cffi -pygments==2.15.1 +pydantic==2.6.3 + # via dbt-semantic-interfaces +pydantic-core==2.16.3 + # via pydantic +pygments==2.17.2 # via # cli-helpers # diff-cover # duckcli -pyrsistent==0.19.3 - # via jsonschema -pytest==7.3.1 +pytest==8.1.1 # via sqlfluff -python-dateutil==2.8.2 - # via hologram -python-slugify==8.0.1 +python-dateutil==2.9.0.post0 + # via dbt-semantic-interfaces +python-slugify==8.0.4 # via agate pytimeparse==1.1.8 # via agate -pytz==2023.3 +pytz==2024.1 # via # babel # dbt-core -pyyaml==6.0 +pyyaml==6.0.1 # via # dbt-core + # dbt-semantic-interfaces # sqlfluff -regex==2023.3.23 +referencing==0.33.0 + # via + # jsonschema + # jsonschema-specifications +regex==2023.12.25 # via sqlfluff -requests==2.29.0 +requests==2.31.0 # via # dbt-core # minimal-snowplow-tracker +rpds-py==0.18.0 + # via + # jsonschema + # referencing six==1.16.0 # via # configobj # isodate - # leather # minimal-snowplow-tracker # python-dateutil -sqlfluff==1.2.1 +sqlfluff==2.3.5 # via -r requirements.in -sqlparse==0.4.3 +sqlparse==0.4.4 # via # dbt-core # duckcli tabulate[widechars]==0.9.0 # via cli-helpers -tblib==1.7.0 +tblib==3.0.0 # via sqlfluff text-unidecode==1.3 # via python-slugify @@ -168,20 +191,26 @@ toml==0.10.2 # via sqlfluff tomli==2.0.1 # via pytest -tqdm==4.65.0 +tqdm==4.66.2 # via sqlfluff -typing-extensions==4.5.0 +typing-extensions==4.10.0 # via + # annotated-types # dbt-core + # dbt-semantic-interfaces # mashumaro + # pydantic + # pydantic-core # sqlfluff -urllib3==1.26.15 - # via requests -wcwidth==0.2.6 +urllib3==1.26.18 + # via + # dbt-core + # requests +wcwidth==0.2.13 # via # prompt-toolkit # tabulate -werkzeug==2.3.1 - # via dbt-core -zipp==3.15.0 - # via importlib-resources +zipp==3.17.0 + # via + # importlib-metadata + # importlib-resources