From 483a4e8deb9a6470ca56e9ccdd1fb3052aed16a4 Mon Sep 17 00:00:00 2001
From: Emily Rockman <emily.rockman@dbtlabs.com>
Date: Thu, 18 Apr 2024 12:04:59 -0500
Subject: [PATCH] [BACKPORT 1.7] bump sqlparse (#9965)

* bump sqlparse to 0.5 (#9951)

* bump sqlparse

* changelog
# Conflicts:
#	core/setup.py

* fix change kind (#9964)

* Update .changes/unreleased/Security-20240417-141316.yaml
---
 .changes/unreleased/Security-20240417-141316.yaml | 6 ++++++
 core/setup.py                                     | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 .changes/unreleased/Security-20240417-141316.yaml

diff --git a/.changes/unreleased/Security-20240417-141316.yaml b/.changes/unreleased/Security-20240417-141316.yaml
new file mode 100644
index 00000000000..16d8d572f89
--- /dev/null
+++ b/.changes/unreleased/Security-20240417-141316.yaml
@@ -0,0 +1,6 @@
+kind: Security
+body: Bump sqlparse to >=0.5.0, <0.6.0 to address GHSA-2m57-hf25-phgg
+time: 2024-04-17T14:13:16.896353-05:00
+custom:
+  Author: emmoop
+  PR: "9951"
diff --git a/core/setup.py b/core/setup.py
index a0878141a38..696e12cc6fb 100644
--- a/core/setup.py
+++ b/core/setup.py
@@ -68,7 +68,7 @@
         "pathspec>=0.9,<0.12",
         "isodate>=0.6,<0.7",
         # ----
-        "sqlparse>=0.2.3,<0.5",
+        "sqlparse>=0.5.0,<0.6.0",
         # ----
         # These are major-version-0 packages also maintained by dbt-labs. Accept patches.
         "dbt-extractor~=0.5.0",