Bump sqlfluff from 4.1.0 to 4.2.0 in /sqlfluff

[dependabot]

Bumps sqlfluff from 4.1.0 to 4.2.0.

Release notes

Sourced from sqlfluff's releases.

[4.2.0] - 2026-05-13

Highlights

This minor release contains four particular changes of note:

• The default render_variant_limit is now 5 instead of 1, so SQLFluff may report new linting violations from templated branches that were previously not inspected in Jinja and dbt projects. Documentation for the feature is now also available in Template Variant Rendering.
• This release drops support for Python 3.9, which reached end of life at the end of October 2025.
• Security improvements that protect against resource exhaustion through malicious queries by limiting total parsed nodes. Users can configure the new max_parse_nodes config setting to enable parsing of larger files in their project if necessary.
• A new AL10 rule requires aliases on FROM subqueries, because omitting them causes parse errors in most major dialects.

Beyond that, there are parser improvements for T-SQL, PostgreSQL, Snowflake, BigQuery, DuckDB, ClickHouse, Oracle, Hive/SparkSQL, Databricks, DB2, Athena, Trino, MariaDB/MySQL, StarRocks, Teradata, and Greenplum. There are also rule fixes for ST06, ST11, LT02, and LT09, better handling for placeholder and dbt/Jinja rendering edge cases, and a new option to fail when files are skipped for size.

This release also includes first-time contributions from twenty new contributors. Thank you all for your contributions. 🏆

What’s Changed

• fix(postgres): support CORRELATION in CREATE STATISTICS and IF EXISTS in ALTER STATISTICS (#7831) @​jonasboos
• TSQL: allow set expressions in DECLARE ... CURSOR FOR (#7812) @copilot-swe-agent[bot]
• fix: Ensure pool.join() is called in ParallelRunner (#7686) @​peterbud
• fix(clickhouse): allow WHERE/PREWHERE after ARRAY JOIN (#7837) @​Cayan
• fix(postgres): parse \crosstabview as query buffer terminator (#7833) @​SAY-5
• Add max_parse_nodes parser limit (#7816) @​alanmcruickshank
• fix(athena): allow START as identifier (not reserved for SELECT) (#7834) @​SAY-5
• TSQL: parse ALTER TABLE ... ENABLE|DISABLE TRIGGER (#7811) @copilot-swe-agent[bot]
• Support Teradata CAST character set phrases (#7766) @copilot-swe-agent[bot]
• Oracle: add support for MULTISET operators (#7711) @​saulotoledo
• TSQL: Parse issues DatatypeMethodSeg in TableRef and TableExp for Merge using (#7802) @​dpurfield
• Enable multi-branch linting by default (#7808) @​alanmcruickshank
• fix(tsql): parse SET DATEFORMAT canonical Microsoft syntax (#7819) @​Booyaka101
• add regression test for issue 7543 (#7797) @​rotempasharel1
• fix: prevent placeholder templater from suppressing lint violations (#7818) @​ben-duivenvoorden
• TSQL: Add CONTAINSTABLE support (#7814) @​peterbud
• fix(duckdb): tokenize != as a single token to avoid factorial collision (#7742) @​barry3406
• fix(tsql): allow Unicode letters in @​parameter names (#7810) @​Booyaka101
• Drop support for python 3.9 (#7341) @​annebelleo
• Add DB2 support for trailing read-only and isolation clauses on SELECT (#7768) @copilot-swe-agent[bot]
• Handle shorthand-casted aggregates correctly in ST06 column ordering (#7792) @copilot-swe-agent[bot]
• Hive: parse SET configs and ${...} parameter references (#7767) @copilot-swe-agent[bot]
• Preserve mocked dbt var() placeholders under Jinja subscripting (#7793) @copilot-swe-agent[bot]
• fix: ST11 false positive on struct/nested field access (#7795) @​sebastien-irco
• Snowflake: support CREATE OR ALTER for FILE FORMAT, FUNCTION, PROCEDURE, EXTERNAL FUNCTION, AUTHENTICATION POLICY, TAG (#7799) @​stevebeck89
• Reject trailing commas after the final CTE in WITH clauses (#7761) @copilot-swe-agent[bot]
• Support colon-delimited json_object() pairs in Trino and Athena (#7764) @copilot-swe-agent[bot]
• feat: Add BigLake syntax support for BigQuery dialect (#7794) @​sebastien-irco
• Fix typo: remove duplicate 'the' in documentation (#7782) @​Jah-yee
• test: add LT02 autofix fixtures for MERGE INSERT VALUES indentation (ansi, bigquery, sparksql) (#7791) @​Scolliq
• Rust: Fix sequence terminators (#7787) @​keraion
• fix: Support compound statements in BigQuery WHILE body (#7789) @​sebastien-irco
• feat: Support function calls in MERGE USING clause (#7788) @​sebastien-irco
• build(deps): bump rustls-webpki from 0.103.10 to 0.103.13 in /sqlfluffrs (#7790) @dependabot[bot]

... (truncated)

Changelog

Sourced from sqlfluff's changelog.

[4.2.0] - 2026-05-13

Highlights

This minor release contains four particular changes of note:

• The default render_variant_limit is now 5 instead of 1, so SQLFluff may report new linting violations from templated branches that were previously not inspected in Jinja and dbt projects. Documentation for the feature is now also available in Template Variant Rendering.
• This release drops support for Python 3.9, which reached end of life at the end of October 2025.
• Security improvements that protect against resource exhaustion through malicious queries by limiting total parsed nodes. Users can configure the new max_parse_nodes config setting to enable parsing of larger files in their project if necessary.
• A new AL10 rule requires aliases on FROM subqueries, because omitting them causes parse errors in most major dialects.

Beyond that, there are parser improvements for T-SQL, PostgreSQL, Snowflake, BigQuery, DuckDB, ClickHouse, Oracle, Hive/SparkSQL, Databricks, DB2, Athena, Trino, MariaDB/MySQL, StarRocks, Teradata, and Greenplum. There are also rule fixes for ST06, ST11, LT02, and LT09, better handling for placeholder and dbt/Jinja rendering edge cases, and a new option to fail when files are skipped for size.

This release also includes first-time contributions from twenty new contributors. Thank you all for your contributions. 🏆

What’s Changed

• fix(postgres): support CORRELATION in CREATE STATISTICS and IF EXISTS in ALTER STATISTICS #7831 @​jonasboos
• TSQL: allow set expressions in DECLARE ... CURSOR FOR #7812 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))
• fix: Ensure pool.join() is called in ParallelRunner #7686 @​peterbud
• fix(clickhouse): allow WHERE/PREWHERE after ARRAY JOIN #7837 @​Cayan
• fix(postgres): parse \crosstabview as query buffer terminator #7833 @​SAY-5
• Add max_parse_nodes parser limit #7816 @​alanmcruickshank
• fix(athena): allow START as identifier (not reserved for SELECT) #7834 @​SAY-5
• TSQL: parse ALTER TABLE ... ENABLE|DISABLE TRIGGER #7811 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))
• Support Teradata CAST character set phrases #7766 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))
• Oracle: add support for MULTISET operators #7711 @​saulotoledo
• TSQL: Parse issues DatatypeMethodSeg in TableRef and TableExp for Merge using #7802 @​dpurfield
• Enable multi-branch linting by default #7808 @​alanmcruickshank
• fix(tsql): parse SET DATEFORMAT canonical Microsoft syntax #7819 @​Booyaka101
• add regression test for issue 7543 #7797 @​rotempasharel1
• fix: prevent placeholder templater from suppressing lint violations #7818 @​ben-duivenvoorden
• TSQL: Add CONTAINSTABLE support #7814 @​peterbud
• fix(duckdb): tokenize != as a single token to avoid factorial collision #7742 @​barry3406
• fix(tsql): allow Unicode letters in @​parameter names #7810 @​Booyaka101
• Drop support for python 3.9 #7341 @​annebelleo
• Add DB2 support for trailing read-only and isolation clauses on SELECT #7768 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))

... (truncated)

Commits

• 406f9ef Prep version 4.2.0 (#7838)
• ce634cd fix(postgres): support CORRELATION in CREATE STATISTICS and IF EXISTS in ALTE...
• 72f1654 TSQL: allow set expressions in DECLARE ... CURSOR FOR (#7812)
• 048591f fix: Ensure pool.join() is called in ParallelRunner (#7686)
• a276af1 fix(clickhouse): allow WHERE/PREWHERE after ARRAY JOIN (#7837)
• aa1535c fix(postgres): parse \crosstabview as query buffer terminator (#7833)
• 6832161 Add max_parse_nodes parser limit (#7816)
• 4649341 fix(athena): allow START as identifier (not reserved for SELECT) (#7834)
• b0b2a69 TSQL: parse ALTER TABLE ... ENABLE|DISABLE TRIGGER (#7811)
• 20f81d5 Support Teradata CAST character set phrases (#7766)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.54%. Comparing base (02a98b1) to head (9ae22b0).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2422   +/-   ##
=======================================
  Coverage   93.54%   93.54%           
=======================================
  Files         301      301           
  Lines        3826     3826           
  Branches      491      491           
=======================================
  Hits         3579     3579           
  Misses        246      246           
  Partials        1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[slifty]

This required some changes to how we do things!

[github-actions]

🔎 A preview deployment of this pull request is available at https://utilities.philanthropydatacommons.org/pdc-service-preview-2422-mgz6e/ (and upstream https://pdc-service-preview-2422-mgz6e.ondigitalocean.app) assuming this PR is still open. 🔍