From e58c70cb2bc075a99f9d31cd601b2a8b0d4a0f2c1a79e405c4c745b7c715eedc Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 27 Jan 2026 16:07:26 +0000 Subject: [PATCH 1/2] - update to 0.5.5: * Fix DoS protection to raise SQLParseError instead of silently returning None * when grouping limits are exceeded (issue827). * Fix splitting of BEGIN TRANSACTION statements (issue826). * Add support for Python 3.14. * Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools * Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an `--in-place` flag for in-place editing (issue537). * Add `ATTACH` and `DETACH` to PostgreSQL keywords (pr808). * Add `INTERSECT` to close keywords in WHERE clause (pr820). * Support `REGEXP BINARY` comparison operator (pr817). * Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits * MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements. * Remove shebang from cli.py and remove executable flag * Fix strip_comments not removing all comments when input contains only comments (issue801, pr803 by stropysh). * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks (issue812). * Fix splitting on semicolons inside BEGIN...END blocks (issue809). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-sqlparse?expand=0&rev=44 --- python-sqlparse.changes | 34 ++++++++++++++++++++++++++++++++++ python-sqlparse.spec | 4 ++-- sqlparse-0.5.3.tar.gz | 3 --- sqlparse-0.5.5.tar.gz | 3 +++ 4 files changed, 39 insertions(+), 5 deletions(-) delete mode 100644 sqlparse-0.5.3.tar.gz create mode 100644 sqlparse-0.5.5.tar.gz diff --git a/python-sqlparse.changes b/python-sqlparse.changes index b2efc41..9ceef6e 100644 --- a/python-sqlparse.changes +++ b/python-sqlparse.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Tue Jan 27 16:06:23 UTC 2026 - Dirk Müller + +- update to 0.5.5: + * Fix DoS protection to raise SQLParseError instead of silently + returning None + * when grouping limits are exceeded (issue827). + * Fix splitting of BEGIN TRANSACTION statements (issue826). + * Add support for Python 3.14. + * Add type annotations to top-level API functions and include + py.typed marker for PEP 561 compliance, enabling type checking + with mypy and other tools + * Add pre-commit hook support. sqlparse can now be used as a + pre-commit hook to automatically format SQL files. The CLI now + supports multiple files and an `--in-place` flag for in-place + editing (issue537). + * Add `ATTACH` and `DETACH` to PostgreSQL keywords (pr808). + * Add `INTERSECT` to close keywords in WHERE clause (pr820). + * Support `REGEXP BINARY` comparison operator (pr817). + * Add additional protection against denial of service attacks + when parsing very large lists of tuples. This enhances the + existing recursion protections with configurable limits for + token processing to prevent DoS through algorithmic complexity + attacks. The new limits + * MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by + setting to None) if needed for legitimate large SQL statements. + * Remove shebang from cli.py and remove executable flag + * Fix strip_comments not removing all comments when input + contains only comments (issue801, pr803 by stropysh). + * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside + BEGIN...END blocks (issue812). + * Fix splitting on semicolons inside BEGIN...END blocks + (issue809). + ------------------------------------------------------------------- Mon Aug 25 13:52:31 UTC 2025 - Markéta Machová diff --git a/python-sqlparse.spec b/python-sqlparse.spec index 4f47cb2..b26573d 100644 --- a/python-sqlparse.spec +++ b/python-sqlparse.spec @@ -1,7 +1,7 @@ # # spec file for package python-sqlparse # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %endif %{?sle15_python_module_pythons} Name: python-sqlparse -Version: 0.5.3 +Version: 0.5.5 Release: 0 Summary: Non-validating SQL parser License: BSD-3-Clause diff --git a/sqlparse-0.5.3.tar.gz b/sqlparse-0.5.3.tar.gz deleted file mode 100644 index 1ed8329..0000000 --- a/sqlparse-0.5.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:09f67787f56a0b16ecdbde1bfc7f5d9c3371ca683cfeaa8e6ff60b4807ec9272 -size 84999 diff --git a/sqlparse-0.5.5.tar.gz b/sqlparse-0.5.5.tar.gz new file mode 100644 index 0000000..63c46d2 --- /dev/null +++ b/sqlparse-0.5.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e20d4a9b0b8585fdf63b10d30066c7c94c5d7a7ec47c889a2d83a3caa93ff28e +size 120815 From 936b1ae44d903cfcd9508b0febdcbefabd4a1286f408f20107625534d120e3bd Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 27 Jan 2026 16:07:39 +0000 Subject: [PATCH 2/2] returning None when grouping limits are exceeded (issue827). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-sqlparse?expand=0&rev=45 --- python-sqlparse.changes | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/python-sqlparse.changes b/python-sqlparse.changes index 9ceef6e..0f0d209 100644 --- a/python-sqlparse.changes +++ b/python-sqlparse.changes @@ -3,8 +3,7 @@ Tue Jan 27 16:06:23 UTC 2026 - Dirk Müller - update to 0.5.5: * Fix DoS protection to raise SQLParseError instead of silently - returning None - * when grouping limits are exceeded (issue827). + returning None when grouping limits are exceeded (issue827). * Fix splitting of BEGIN TRANSACTION statements (issue826). * Add support for Python 3.14. * Add type annotations to top-level API functions and include