sync: update dev from phase-8 by w7-mgfcode · Pull Request #53 · w7-mgfcode/ForecastLabAI

❌ Found 2 blocking security issues

Sourcery found 2 blocking security issues:

alembic/versions/c5d9e1f2g345_rag_dynamic_embedding_dimension.py:44-46 - Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.
alembic/versions/c5d9e1f2g345_rag_dynamic_embedding_dimension.py:71-73 - Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.