mssql-cli icon indicating copy to clipboard operation
mssql-cli copied to clipboard

Published 20 hours ago verified publisher icon dbcli

Please update the pip package dependencies

Open eabase opened this issue 2 years ago • 3 comments

Many of the core python packages used in this package are outdated, and breaking ~~most~~ all new python 3.10 installations.

Please update the requirements and the related python code.

# pip list --outdated
Package        Version Latest Type
-------------- ------- ------ -----
cli-helpers    0.2.3   2.2.1  wheel
Click          7.0     8.1.0  wheel
prompt-toolkit 2.0.10  3.0.28 wheel
sqlparse       0.2.4   0.4.2  wheel

Related issues: #531 #484

eabase avatar Mar 30 '22 10:03 eabase

Running pip install --upgrade cli-helpers after pip install mssqli-cli is how I was able to use mssql-cli on Python 3.10

cwegener avatar Apr 05 '22 11:04 cwegener

I can't even use this because of the dependency issue. Is there a fork or a PR for this yet?

ggt-steven-combs avatar Apr 21 '22 03:04 ggt-steven-combs

It would be great if the deps could be updated due to the security vulnerability of the sqlparse version

We take a dependence on this package and our governed repositories scans for violations. dependency sqlparse==0.2.4 as a security violation.

StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments.

Recommendation

Upgrade to version sqlparse - 0.4.2

swells avatar May 13 '22 22:05 swells