Skip to content

chore(deps): bump snowflake-connector-python from 4.4.0 to 4.6.0#599

Closed
dependabot[bot] wants to merge 1 commit into
stagingfrom
dependabot/uv/staging/snowflake-connector-python-4.6.0
Closed

chore(deps): bump snowflake-connector-python from 4.4.0 to 4.6.0#599
dependabot[bot] wants to merge 1 commit into
stagingfrom
dependabot/uv/staging/snowflake-connector-python-4.6.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 7, 2026

Copy link
Copy Markdown
Contributor

Bumps snowflake-connector-python from 4.4.0 to 4.6.0.

Release notes

Sourced from snowflake-connector-python's releases.

4.6.0

  • v4.6.0(May 28,2026)
    • Dropped support for Python 3.9. The minimum supported version is now Python 3.10.
    • Fixed sdist to only install the minicore binary matching the current platform (SNOW-3526469). Previous 4.x releases copied every platform's minicore .so/.dylib/.dll into the install prefix, breaking downstream packagers (e.g. Homebrew) whose audits reject foreign-arch binaries.
    • Added one in-band telemetry record per successful login describing which connection-identifier fields the user supplied (account_provided, account_with_region, account_org_provided, region_provided, host_provided). No hostname or account value is included. This is gated by the existing server-side CLIENT_TELEMETRY_ENABLED parameter and can additionally be disabled locally by setting SF_TELEMETRY_DISABLE_CONNECTION_SHAPE=true. The telemetry collection is time-boxed and will be removed in a future release.
    • Bumped up vendored urllib3 to 2.7.0

4.5.0

  • v4.5.0(May 12,2026)
    • Fixed write_pandas temp stage name collisions (SNOW-3481510). The old PRNG could produce identical name sequences in forked processes (e.g. Notebook kernels), causing CREATE TEMPORARY STAGE to fail with "Object already exists".
    • Fixed a security bug in Okta SAML authentication where _is_prefix_equal() compared url1's port against itself instead of url2's port, allowing an attacker to redirect credentials to a different port on the same hostname. Also fixed the default port fallback to use int instead of str for correct comparison when one URL omits the port.
    • Fixed executemany with paramstyle="pyformat" to correctly locate the VALUES clause using a balanced-parentheses parser instead of a greedy regex. This fixes incorrect behaviour with nested function calls such as SQLAlchemy @compiles VARIANT patterns (e.g. PARSE_JSON(%(col)s)) and subquery-form INSERTs (SNOW-298756).
    • Added ECDSA key support (ES256, ES384, ES512) for key-pair authentication.
    • Added HTTP 307/308 redirect status codes to the retryable set as defense-in-depth, with redirect-aware logging in both sync and async paths.
    • Consolidated keyring token cache to use a single service name with hashed account keys, reducing macOS Keychain password prompts. Legacy entries are auto-migrated on first read.
    • Added support for AWS outbound JWT token attestation for Workload Identity Federation (WIF). This can be enabled by setting the SNOWFLAKE_ENABLE_AWS_WIF_OUTBOUND_TOKEN environment variable to true. Note: This environment variable will be removed in a future release.
    • Removed dynamic class deserialization from the OCSP response validation cache to prevent arbitrary code execution via crafted cache files (SNOW-2439940). The SNOWFLAKE_ENABLE_CUSTOM_REVOCATION_ERRORS environment variable is now a no-op.
    • Updated SPCS token injection to gate on SNOWFLAKE_RUNNING_INSIDE_SPCS environment variable, trim whitespace, and remove configurable token path.
    • GCP WIF attestation now uses hostname metadata.google.internal instead of the IPv4 link-local address, so it works on IPv6-only GCP VMs.
    • Fixed a bug where write_pandas() with auto_create_table=False and overwrite=True would execute CREATE TABLE IF NOT EXISTS, which required unnecessary OWNERSHIP privilege on the table. Now only TRUNCATE TABLE is executed in this case. Note: users who relied on the table being implicitly created despite auto_create_table=False should set auto_create_table=True instead.
    • Added validation of the account connection parameter so malformed identifiers (for example path-like values or labels outside letters, digits, _, and -) are rejected with ProgrammingError before login (SNOW-1902886).
    • Added support for Azure Workload Identity Federation impersonation, allowing a managed identity to authenticate as a service principal.
Commits
  • 9f72374 Bump up version to 4.6.0 (#2890)
  • 0b1d9ce SNOW-3569023: bump vendored urllib3 to 2.7.0 (#2888)
  • 0708614 NO-SNOW: drop EOL Python 3.9 support (#2889)
  • 714448d SNOW-3351450: emit client_connection_identifier_shape in-band telemetry (#2877)
  • c1b03e1 SNOW-3420102: drop stage object on prober cleanup, migrate image to ubuntu (#...
  • 52f175c PRODSEC-4321: [supply-chain] Replace third-party URLs with Artifactory (#2868)
  • c5d9915 SNOW-3526469: move minicore pruning note to Upcoming Release (#2873)
  • 3f14392 SNOW-3526469: prune foreign-arch minicore binaries at build_py (#2871)
  • c2b2ba7 Bump up version to 4.5.0 (#2867)
  • 0bf4f41 Fix flaky QCC integration test by mocking server response (#2866)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [snowflake-connector-python](https://github.com/snowflakedb/snowflake-connector-python) from 4.4.0 to 4.6.0.
- [Release notes](https://github.com/snowflakedb/snowflake-connector-python/releases)
- [Commits](snowflakedb/snowflake-connector-python@v4.4.0...v4.6.0)

---
updated-dependencies:
- dependency-name: snowflake-connector-python
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 7, 2026
@github-actions

github-actions Bot commented Jun 7, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

uv.lock

PackageVersionLicenseIssue Type
snowflake-connector-python4.6.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/snowflake-connector-python 4.6.0 UnknownUnknown

Scanned Files

  • uv.lock

@overcut-ai

overcut-ai Bot commented Jun 7, 2026

Copy link
Copy Markdown

Completed Working on "Code Review"

✅ Code review complete. No issues found - all changes look good! ✅

✅ Workflow completed successfully.


👉 View complete log

barakb added a commit that referenced this pull request Jul 9, 2026
…connector-python 4.6, playwright 1.60, pytest-asyncio 1.4)

Consolidates dependabot PRs #600, #598, #599, #596, #597, #592.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@barakb

barakb commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Consolidated into #622, which has been merged into staging. Closing as superseded.

@barakb barakb closed this Jul 9, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/uv/staging/snowflake-connector-python-4.6.0 branch July 9, 2026 07:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant