Skip to content

chore(deps): Upgrade snowflake connector to prevent security issues#1067

Open
ohadmata wants to merge 2 commits into
airbytehq:mainfrom
ohadmata:upgrade-snowflake-connector
Open

chore(deps): Upgrade snowflake connector to prevent security issues#1067
ohadmata wants to merge 2 commits into
airbytehq:mainfrom
ohadmata:upgrade-snowflake-connector

Conversation

@ohadmata

@ohadmata ohadmata commented Jul 7, 2026

Copy link
Copy Markdown

The existing Snowflake connector specified in the pyproject file (<4.0) uses an old cryptography/OpenSSL packages that has some security issues:

https://nvd.nist.gov/vuln/detail/CVE-2026-34073
https://nvd.nist.gov/vuln/detail/CVE-2026-26007
GHSA-537c-gmf6-5ccf

The idea is to allow snowflake-connector < 5 To prevent these issues

Summary by CodeRabbit

  • Chores
    • Expanded the supported version range for the Snowflake connector, allowing compatibility with newer releases while keeping the current minimum version unchanged.

@github-actions github-actions Bot added the community PRs from community contributors label Jul 7, 2026
@octavia-bot octavia-bot Bot marked this pull request as draft July 7, 2026 07:23
@octavia-bot

octavia-bot Bot commented Jul 7, 2026

Copy link
Copy Markdown

Note

📝 PR Converted to Draft

More info...

Thank you for creating this PR. As a policy to protect our engineers' time, Airbyte requires all PRs to be created first in draft status. Your PR has been automatically converted to draft status in respect for this policy.

As soon as your PR is ready for formal review, you can proceed to convert the PR to "ready for review" status by clicking the "Ready for review" button at the bottom of the PR page.

To skip draft status in future PRs, please include [ready] in your PR title or add the skip-draft-status label when creating your PR.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

💡 Show Tips and Tricks

Testing This PyAirbyte Version

You can test this version of PyAirbyte using the following:

# Run PyAirbyte CLI from this branch:
uvx --from 'git+https://github.com/airbytehq/PyAirbyte.git@upgrade-snowflake-connector' pyairbyte --help

# Install PyAirbyte from this branch for development:
pip install 'git+https://github.com/airbytehq/PyAirbyte.git@upgrade-snowflake-connector'

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

  • /fix-pr - Fixes most formatting and linting issues
  • /uv-lock - Updates uv.lock file
  • /test-pr - Runs tests with the updated PyAirbyte
  • /prerelease - Builds and publishes a prerelease version to PyPI
📚 Show Repo Guidance

Helpful Resources

Community Support

Questions? Join the #pyairbyte channel in our Slack workspace.

📝 Edit this welcome message.

@ohadmata ohadmata changed the title upgrade snowflake connector Upgrade snowflake connector to prevent security issues Jul 7, 2026
@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The pull request updates the snowflake-connector-python dependency constraint in pyproject.toml, widening the allowed upper version bound from <4.0 to <5.0, while the lower bound remains unchanged.

Changes

Dependency Constraint Update

Layer / File(s) Summary
Widen snowflake-connector-python upper bound
pyproject.toml
Upper version bound for snowflake-connector-python raised from <4.0 to <5.0, allowing newer major versions to be installed.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested labels: dependencies

Suggested reviewers: Would it make sense to loop in someone familiar with the Snowflake connector integration to confirm compatibility with v4.x, wdyt?


A tiny bump, a version set free,
From four to five, more room to be —
One line in toml, quiet and small,
Yet opens doors for updates all. 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: widening the Snowflake connector dependency to address security issues.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pyproject.toml`:
- Line 39: The dependency bound for snowflake-connector-python was widened in
pyproject.toml, but the lockfile still keeps the older <4.0 pin and resolved
version. Regenerate uv.lock after updating the specifier so the locked
resolution matches the new range; use the existing dependency entry for
snowflake-connector-python in the lockfile and sync it with the updated package
constraint.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 57b16807-7a7a-40ef-9893-697a24f5b6e4

📥 Commits

Reviewing files that changed from the base of the PR and between 15ca9ab and b50e7de.

📒 Files selected for processing (1)
  • pyproject.toml

Comment thread pyproject.toml
@ohadmata ohadmata marked this pull request as ready for review July 7, 2026 07:48
@ohadmata ohadmata changed the title Upgrade snowflake connector to prevent security issues chore(deps): Upgrade snowflake connector to prevent security issues Jul 7, 2026
@ohadmata

ohadmata commented Jul 7, 2026

Copy link
Copy Markdown
Author

It looks like I need some permissions from the Airbyte team to deploy the Vercel app:

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

community PRs from community contributors

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant