chore: bump sqlfluff to 4.1.0

[mckornfield]

📋 Summary

• Bumps to a newer version of sqlfluff to avoid a CVE
• Fixes Fix sqlfluff vuln #704

🧪 Testing

• make test passes
• Unit tests added/updated
• E2E tests added/updated (if applicable)

✅ Checklist

• Follows commit message conventions
• Commits are signed off (DCO)
• Architecture docs updated (if applicable)

[github-actions]

All contributors have signed the DCO ✍️ ✅
_{Posted by the DCO Assistant Lite bot.}

[mckornfield]

I have read the DCO document and I hereby sign the DCO.

[greptile-apps]

Greptile Summary

Bumps sqlfluff from the 3.x line to >=4.1.0,<5 (resolving to 4.2.1 in the lock file) to address a CVE, with corresponding test updates for the breaking keyword-casing changes in sqlfluff 4.x.

• Dependency bump: pyproject.toml and uv.lock move sqlfluff from 3.5.0 → 4.2.1; sqlfluff's unusual pytest runtime dependency is also dropped in the new release.
• Test updates: The single valid-ANSI-SQL test is replaced with a parametrized test across six SQL dialects, and SQL keywords are uppercased (as → AS) to satisfy sqlfluff 4.x's stricter keyword-casing rules.

Confidence Score: 5/5

Safe to merge — this is a targeted dependency version bump with well-scoped test updates.

The change is a straightforward version constraint update (sqlfluff 3.x → 4.x) motivated by a CVE fix. The test suite was updated consistently with sqlfluff 4.x's keyword-casing enforcement, coverage was expanded across six SQL dialects, and the lock file resolves cleanly to 4.2.1. No logic or behavioral changes to application code are introduced.

No files require special attention.

Important Files Changed

Filename	Overview
packages/data-designer-engine/pyproject.toml	Bumps sqlfluff version constraint from >=3.2.0,<4 to >=4.1.0,<5 to address a CVE.
packages/data-designer-engine/tests/engine/validators/test_sql.py	Expands the single ANSI SQL valid-code test into a parametrized test covering 6 dialects; updates as to AS to comply with sqlfluff 4.x keyword-casing enforcement.
uv.lock	Lock file updated to resolve sqlfluff 4.2.1 (within the new >=4.1.0,<5 range); also drops the unusual pytest runtime dependency that sqlfluff 3.x carried.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[SQLValidator.run_validation] --> B{sqlfluff.lint}
    B -->|No violations| C[is_valid = True
error_messages = '']
    B -->|Violations found| D[is_valid = False
error_messages = violation list]
    B -->|RuntimeError| E[is_valid = False
error_messages = 'Exception during SQL parsing']
    C --> F[Return ValidationResult]
    D --> F
    E --> F

Loading

_{Reviews (4): Last reviewed commit: "Merge branch 'main' into sqlfluff-bump" | Re-trigger Greptile}

[github-actions]

Issue #704 has been triaged. The linked issue check is being re-evaluated.