Safety CI > laowantong/paroxython

pyup-update-sqlparse-0.4.3-to-0.5.4

1 day, 19 hours ago

635a6e06

Update sqlparse from 0.4.3 to 0.5.4

regex 2022.9.13 has known security vulnerabilities.

Package	Installed	Affected	Info
regex	2022.9.13	<2025.2.10	show Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion.

Package

Installed

Affected

Info

regex

2022.9.13

<2025.2.10

show

Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion.

pyup-update-pytest-7.1.3-to-9.0.1

2 weeks, 2 days ago

d0130b24

Update pytest from 7.1.3 to 9.0.1

sqlparse 0.4.3 and regex 2022.9.13 have known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.3	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.3	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.
sqlparse	0.4.3	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
regex	2022.9.13	<2025.2.10	show Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion.

pyup-update-pytest-7.1.3-to-9.0.0

2 weeks, 6 days ago

884c7667

Update pytest from 7.1.3 to 9.0.0

sqlparse 0.4.3 and regex 2022.9.13 have known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.3	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.3	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.
sqlparse	0.4.3	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
regex	2022.9.13	<2025.2.10	show Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion.

pyup-update-regex-2022.9.13-to-2025.11.3

3 weeks, 4 days ago

80140e6f

Update regex from 2022.9.13 to 2025.11.3

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-regex-2022.9.13-to-2025.10.23

1 month, 1 week ago

1eceda98

Update regex from 2022.9.13 to 2025.10.23

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-regex-2022.9.13-to-2025.9.18

2 months, 1 week ago

bf78547d

Update regex from 2022.9.13 to 2025.9.18

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-pytest-7.1.3-to-8.4.2

2 months, 3 weeks ago

05c1b8ac

Update pytest from 7.1.3 to 8.4.2

sqlparse 0.4.3 and regex 2022.9.13 have known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.3	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.3	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.
sqlparse	0.4.3	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
regex	2022.9.13	<2025.2.10	show Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion.

pyup-update-regex-2022.9.13-to-2025.9.1

2 months, 4 weeks ago

5805278b

Update regex from 2022.9.13 to 2025.9.1

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-regex-2022.9.13-to-2025.8.29

3 months ago

c1f4a87d

Update regex from 2022.9.13 to 2025.8.29

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-typing-extensions-4.4.0-to-4.15.0

3 months ago

6fd9296f

Update typing-extensions from 4.4.0 to 4.15.0

sqlparse 0.4.3 and regex 2022.9.13 have known security vulnerabilities.

Package	Installed	Affected	Info
sqlparse	0.4.3	<0.5.4	show Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts. Note: This issue is due to an incomplete fix for CVE-2024-4340.
sqlparse	0.4.3	<0.5.0	show Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.
sqlparse	0.4.3	>=0.1.15,<0.4.4	show Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service). https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
regex	2022.9.13	<2025.2.10	show Affected versions of this package are potentially vulnerable to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking in the V1 engine when processing patterns that combine full‑casefolding with the [\s\S]* quantifier. The engine’s AnyAll node fails to prevent nested quantifier backtracking, leading to infinite loops and CPU exhaustion.

pyup-update-regex-2022.9.13-to-2025.7.34

4 months ago

800d13c6

Update regex from 2022.9.13 to 2025.7.34

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-regex-2022.9.13-to-2025.7.33

4 months ago

f1cb644b

Update regex from 2022.9.13 to 2025.7.33

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-regex-2022.9.13-to-2025.7.31

4 months ago

fb7d6739

Update regex from 2022.9.13 to 2025.7.31

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-regex-2022.9.13-to-2025.7.29

4 months ago

8519d17e

Update regex from 2022.9.13 to 2025.7.29

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2

pyup-update-typing-extensions-4.4.0-to-4.14.1

4 months, 4 weeks ago

2da009f5

Update typing-extensions from 4.4.0 to 4.14.1

sqlparse 0.4.3 has known security vulnerabilities.

Package

Installed

Affected

Info

sqlparse

0.4.3

<0.5.4

show

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to Algorithmic Complexity. The SQL parser fails to enforce limits when processing deeply nested tuples and large token sequences, leading to excessive resource consumption through crafted SQL statements with extreme nesting depth or token counts.

**Note:** This issue is due to an incomplete fix for CVE-2024-4340.

sqlparse

0.4.3

<0.5.0

show

Sqlparse 0.5.0 addresses a potential denial of service (DoS) vulnerability related to recursion errors in deeply nested SQL statements. To mitigate this issue, the update replaces recursion errors with a general SQLParseError, improving the resilience and stability of the parsing process.

sqlparse

0.4.3

>=0.1.15,<0.4.4

show

Sqlparse 0.4.4 includes a fix for CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service).
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2