universql icon indicating copy to clipboard operation
universql copied to clipboard
verified publisher icon buremba

Bump snowflake-connector-python from 3.13.0 to 3.15.0

Open dependabot[bot] opened this issue 7 months ago • 2 comments

Bumps snowflake-connector-python from 3.13.0 to 3.15.0.

Release notes

Sourced from snowflake-connector-python's releases.

3.15.0

  • v3.15.0(Apr 29,2025)
    • Bumped up min boto and botocore version to 1.24.
    • OCSP: terminate certificates chain traversal if a trusted certificate already reached.
    • Added new authentication methods support for programmatic access tokens (PATs), OAuth 2.0 Authorization Code Flow, OAuth 2.0 Client Credentials Flow, and OAuth Token caching.
      • For OAuth 2.0 Authorization Code Flow:
        • Added the oauth_client_id, oauth_client_secret, oauth_authorization_url, oauth_token_request_url, oauth_redirect_uri, oauth_scope, oauth_disable_pkce, oauth_enable_refresh_tokens and oauth_enable_single_use_refresh_tokens parameters.
        • Added the OAUTH_AUTHORIZATION_CODE value for the parameter authenticator.
      • For OAuth 2.0 Client Credentials Flow:
        • Added the oauth_client_id, oauth_client_secret, oauth_token_request_url, and oauth_scope parameters.
        • Added the OAUTH_CLIENT_CREDENTIALS value for the parameter authenticator.
      • For OAuth Token caching: Passing a username to driver configuration is required, and the client_store_temporary_credential property is to be set to true.

3.14.1

  • v3.14.1(April 21, 2025)
    • Added support for Python 3.13.
      • NOTE: Windows 64 support is still experimental and should not yet be used for production environments.
    • Dropped support for Python 3.8.
    • Added basic decimal floating-point type support.
    • Added experimental authentication methods.
    • Added support of GCS regional endpoints.
    • Added support of GCS virtual urls. See more: https://cloud.google.com/storage/docs/request-endpoints#xml-api
    • Added client_fetch_threads experimental parameter to better utilize threads for fetching query results.
    • Added check_arrow_conversion_error_on_every_column connection property that can be set to False to restore previous behaviour in which driver will ignore errors until it occurs in the last column. This flag's purpose is to unblock workflows that may be impacted by the bugfix and will be removed in later releases.
    • Lowered log levels from info to debug for some of the messages to make the output easier to follow.
    • Allowed the connector to inherit a UUID4 generated upstream, provided in statement parameters (field: requestId), rather than automatically generate a UUID4 to use for the HTTP Request ID.
    • Improved logging in urllib3, boto3, botocore - assured data masking even after migration to the external owned library in the future.
    • Improved error message for client-side query cancellations due to timeouts.
    • Improved security and robustness for the temporary credentials cache storage.
    • Fixed a bug that caused driver to fail silently on TO_DATE arrow to python conversion when invalid date was followed by the correct one.
    • Fixed expired S3 credentials update and increment retry when expired credentials are found.
    • Deprecated insecure_mode connection property and replaced it with disable_ocsp_checks with the same behavior as the former property.

3.14.0

  • v3.14.0(March 03, 2025)
    • Bumped pyOpenSSL dependency upper boundary from <25.0.0 to <26.0.0.
    • Added a <19.0.0 pin to pyarrow as a workaround to a bug affecting Azure Batch.
    • Optimized distribution package lookup to speed up import.
    • Fixed a bug where privatelink OCSP Cache url could not be determined if privatelink account name was specified in uppercase.
    • Added support for iceberg tables to write_pandas.
    • Fixed base64 encoded private key tests.
    • Fixed a bug where file permission check happened on Windows.
    • Added support for File types.
    • Added unsafe_file_write connection parameter that restores the previous behaviour of saving files downloaded with GET with 644 permissions.

3.13.2

  • v3.13.2(January 29, 2025)
    • Changed not to use scoped temporary objects.

3.13.1

... (truncated)

Commits
  • 15efed3 SNOW-2057797 Update requirements files (#2305)
  • 98381ae SNOW-2057797 Minor python connector version bump (#2302)
  • fd574d3 SNOW-2068668 Move OAuth out of PrPr flag (#2301)
  • 60493f3 SNOW-2057503 allow only whitelisted schemes for OAuth url parameters (#2292)
  • 2431336 SNOW-2067577 OCSP: stop certificates chain traversal as soon as a trusted one...
  • 03928bf SNOW-2061664 flatten OAuth refresh_token and pkce parameters (#2298)
  • f80d83e SNOW-2055494 fix proper boto min versions (#2295)
  • 640cf6c Support client-side opt-in of Refresh Token Rotation in Snowflake OAuth (#2294)
  • ce85800 SNOW-2026002: Change invalid TLD to be RFC compliant (#2288)
  • 4d76968 SNOW-1993520 update tested_reqs for 3.14.1 release (#2287)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar May 05 '25 23:05 dependabot[bot]

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

cla-assistant[bot] avatar May 05 '25 23:05 cla-assistant[bot]

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

cla-assistant[bot] avatar May 05 '25 23:05 cla-assistant[bot]

Superseded by #55.

dependabot[bot] avatar Jul 08 '25 01:07 dependabot[bot]