Bump sqlfluff from 3.4.0 to 4.2.0 in /plugins/sqlfluff-templater-dbt in the pip group across 1 directory

[dependabot]

Bumps the pip group with 1 update in the /plugins/sqlfluff-templater-dbt directory: sqlfluff.

Updates sqlfluff from 3.4.0 to 4.2.0

Release notes

Sourced from sqlfluff's releases.

[4.2.0] - 2026-05-13

Highlights

This minor release contains four particular changes of note:

• The default render_variant_limit is now 5 instead of 1, so SQLFluff may report new linting violations from templated branches that were previously not inspected in Jinja and dbt projects. Documentation for the feature is now also available in Template Variant Rendering.
• This release drops support for Python 3.9, which reached end of life at the end of October 2025.
• Security improvements that protect against resource exhaustion through malicious queries by limiting total parsed nodes. Users can configure the new max_parse_nodes config setting to enable parsing of larger files in their project if necessary.
• A new AL10 rule requires aliases on FROM subqueries, because omitting them causes parse errors in most major dialects.

Beyond that, there are parser improvements for T-SQL, PostgreSQL, Snowflake, BigQuery, DuckDB, ClickHouse, Oracle, Hive/SparkSQL, Databricks, DB2, Athena, Trino, MariaDB/MySQL, StarRocks, Teradata, and Greenplum. There are also rule fixes for ST06, ST11, LT02, and LT09, better handling for placeholder and dbt/Jinja rendering edge cases, and a new option to fail when files are skipped for size.

This release also includes first-time contributions from twenty new contributors. Thank you all for your contributions. 🏆

What’s Changed

• fix(postgres): support CORRELATION in CREATE STATISTICS and IF EXISTS in ALTER STATISTICS (#7831) @​jonasboos
• TSQL: allow set expressions in DECLARE ... CURSOR FOR (#7812) @copilot-swe-agent[bot]
• fix: Ensure pool.join() is called in ParallelRunner (#7686) @​peterbud
• fix(clickhouse): allow WHERE/PREWHERE after ARRAY JOIN (#7837) @​Cayan
• fix(postgres): parse \crosstabview as query buffer terminator (#7833) @​SAY-5
• Add max_parse_nodes parser limit (#7816) @​alanmcruickshank
• fix(athena): allow START as identifier (not reserved for SELECT) (#7834) @​SAY-5
• TSQL: parse ALTER TABLE ... ENABLE|DISABLE TRIGGER (#7811) @copilot-swe-agent[bot]
• Support Teradata CAST character set phrases (#7766) @copilot-swe-agent[bot]
• Oracle: add support for MULTISET operators (#7711) @​saulotoledo
• TSQL: Parse issues DatatypeMethodSeg in TableRef and TableExp for Merge using (#7802) @​dpurfield
• Enable multi-branch linting by default (#7808) @​alanmcruickshank
• fix(tsql): parse SET DATEFORMAT canonical Microsoft syntax (#7819) @​Booyaka101
• add regression test for issue 7543 (#7797) @​rotempasharel1
• fix: prevent placeholder templater from suppressing lint violations (#7818) @​ben-duivenvoorden
• TSQL: Add CONTAINSTABLE support (#7814) @​peterbud
• fix(duckdb): tokenize != as a single token to avoid factorial collision (#7742) @​barry3406
• fix(tsql): allow Unicode letters in @​parameter names (#7810) @​Booyaka101
• Drop support for python 3.9 (#7341) @​annebelleo
• Add DB2 support for trailing read-only and isolation clauses on SELECT (#7768) @copilot-swe-agent[bot]
• Handle shorthand-casted aggregates correctly in ST06 column ordering (#7792) @copilot-swe-agent[bot]
• Hive: parse SET configs and ${...} parameter references (#7767) @copilot-swe-agent[bot]
• Preserve mocked dbt var() placeholders under Jinja subscripting (#7793) @copilot-swe-agent[bot]
• fix: ST11 false positive on struct/nested field access (#7795) @​sebastien-irco
• Snowflake: support CREATE OR ALTER for FILE FORMAT, FUNCTION, PROCEDURE, EXTERNAL FUNCTION, AUTHENTICATION POLICY, TAG (#7799) @​stevebeck89
• Reject trailing commas after the final CTE in WITH clauses (#7761) @copilot-swe-agent[bot]
• Support colon-delimited json_object() pairs in Trino and Athena (#7764) @copilot-swe-agent[bot]
• feat: Add BigLake syntax support for BigQuery dialect (#7794) @​sebastien-irco
• Fix typo: remove duplicate 'the' in documentation (#7782) @​Jah-yee
• test: add LT02 autofix fixtures for MERGE INSERT VALUES indentation (ansi, bigquery, sparksql) (#7791) @​Scolliq
• Rust: Fix sequence terminators (#7787) @​keraion
• fix: Support compound statements in BigQuery WHILE body (#7789) @​sebastien-irco
• feat: Support function calls in MERGE USING clause (#7788) @​sebastien-irco
• build(deps): bump rustls-webpki from 0.103.10 to 0.103.13 in /sqlfluffrs (#7790) @dependabot[bot]

... (truncated)

Changelog

Sourced from sqlfluff's changelog.

[4.2.0] - 2026-05-13

Highlights

This minor release contains four particular changes of note:

• The default render_variant_limit is now 5 instead of 1, so SQLFluff may report new linting violations from templated branches that were previously not inspected in Jinja and dbt projects. Documentation for the feature is now also available in Template Variant Rendering.
• This release drops support for Python 3.9, which reached end of life at the end of October 2025.
• Security improvements that protect against resource exhaustion through malicious queries by limiting total parsed nodes. Users can configure the new max_parse_nodes config setting to enable parsing of larger files in their project if necessary.
• A new AL10 rule requires aliases on FROM subqueries, because omitting them causes parse errors in most major dialects.

Beyond that, there are parser improvements for T-SQL, PostgreSQL, Snowflake, BigQuery, DuckDB, ClickHouse, Oracle, Hive/SparkSQL, Databricks, DB2, Athena, Trino, MariaDB/MySQL, StarRocks, Teradata, and Greenplum. There are also rule fixes for ST06, ST11, LT02, and LT09, better handling for placeholder and dbt/Jinja rendering edge cases, and a new option to fail when files are skipped for size.

This release also includes first-time contributions from twenty new contributors. Thank you all for your contributions. 🏆

What’s Changed

• fix(postgres): support CORRELATION in CREATE STATISTICS and IF EXISTS in ALTER STATISTICS #7831 @​jonasboos
• TSQL: allow set expressions in DECLARE ... CURSOR FOR #7812 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))
• fix: Ensure pool.join() is called in ParallelRunner #7686 @​peterbud
• fix(clickhouse): allow WHERE/PREWHERE after ARRAY JOIN #7837 @​Cayan
• fix(postgres): parse \crosstabview as query buffer terminator #7833 @​SAY-5
• Add max_parse_nodes parser limit #7816 @​alanmcruickshank
• fix(athena): allow START as identifier (not reserved for SELECT) #7834 @​SAY-5
• TSQL: parse ALTER TABLE ... ENABLE|DISABLE TRIGGER #7811 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))
• Support Teradata CAST character set phrases #7766 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))
• Oracle: add support for MULTISET operators #7711 @​saulotoledo
• TSQL: Parse issues DatatypeMethodSeg in TableRef and TableExp for Merge using #7802 @​dpurfield
• Enable multi-branch linting by default #7808 @​alanmcruickshank
• fix(tsql): parse SET DATEFORMAT canonical Microsoft syntax #7819 @​Booyaka101
• add regression test for issue 7543 #7797 @​rotempasharel1
• fix: prevent placeholder templater from suppressing lint violations #7818 @​ben-duivenvoorden
• TSQL: Add CONTAINSTABLE support #7814 @​peterbud
• fix(duckdb): tokenize != as a single token to avoid factorial collision #7742 @​barry3406
• fix(tsql): allow Unicode letters in @​parameter names #7810 @​Booyaka101
• Drop support for python 3.9 #7341 @​annebelleo
• Add DB2 support for trailing read-only and isolation clauses on SELECT #7768 [@copilot-swe-agent[bot]](https://github.com/[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent))

... (truncated)

Commits

• 406f9ef Prep version 4.2.0 (#7838)
• ce634cd fix(postgres): support CORRELATION in CREATE STATISTICS and IF EXISTS in ALTE...
• 72f1654 TSQL: allow set expressions in DECLARE ... CURSOR FOR (#7812)
• 048591f fix: Ensure pool.join() is called in ParallelRunner (#7686)
• a276af1 fix(clickhouse): allow WHERE/PREWHERE after ARRAY JOIN (#7837)
• aa1535c fix(postgres): parse \crosstabview as query buffer terminator (#7833)
• 6832161 Add max_parse_nodes parser limit (#7816)
• 4649341 fix(athena): allow START as identifier (not reserved for SELECT) (#7834)
• b0b2a69 TSQL: parse ALTER TABLE ... ENABLE|DISABLE TRIGGER (#7811)
• 20f81d5 Support Teradata CAST character set phrases (#7766)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.