chore(deps): Upgrade snowflake connector to prevent security issues#1067
chore(deps): Upgrade snowflake connector to prevent security issues#1067ohadmata wants to merge 2 commits into
Conversation
|
Note 📝 PR Converted to Draft More info...Thank you for creating this PR. As a policy to protect our engineers' time, Airbyte requires all PRs to be created first in draft status. Your PR has been automatically converted to draft status in respect for this policy. As soon as your PR is ready for formal review, you can proceed to convert the PR to "ready for review" status by clicking the "Ready for review" button at the bottom of the PR page. To skip draft status in future PRs, please include |
👋 Greetings, Airbyte Team Member!Here are some helpful tips and reminders for your convenience. 💡 Show Tips and TricksTesting This PyAirbyte VersionYou can test this version of PyAirbyte using the following: # Run PyAirbyte CLI from this branch:
uvx --from 'git+https://github.com/airbytehq/PyAirbyte.git@upgrade-snowflake-connector' pyairbyte --help
# Install PyAirbyte from this branch for development:
pip install 'git+https://github.com/airbytehq/PyAirbyte.git@upgrade-snowflake-connector'PR Slash CommandsAirbyte Maintainers can execute the following slash commands on your PR:
📚 Show Repo GuidanceHelpful ResourcesCommunity SupportQuestions? Join the #pyairbyte channel in our Slack workspace. |
📝 WalkthroughWalkthroughThe pull request updates the ChangesDependency Constraint Update
Estimated code review effort: 1 (Trivial) | ~2 minutes Suggested labels: dependencies Suggested reviewers: Would it make sense to loop in someone familiar with the Snowflake connector integration to confirm compatibility with v4.x, wdyt? A tiny bump, a version set free, 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pyproject.toml`:
- Line 39: The dependency bound for snowflake-connector-python was widened in
pyproject.toml, but the lockfile still keeps the older <4.0 pin and resolved
version. Regenerate uv.lock after updating the specifier so the locked
resolution matches the new range; use the existing dependency entry for
snowflake-connector-python in the lockfile and sync it with the updated package
constraint.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes

The existing Snowflake connector specified in the pyproject file (<4.0) uses an old cryptography/OpenSSL packages that has some security issues:
https://nvd.nist.gov/vuln/detail/CVE-2026-34073
https://nvd.nist.gov/vuln/detail/CVE-2026-26007
GHSA-537c-gmf6-5ccf
The idea is to allow snowflake-connector < 5 To prevent these issues
Summary by CodeRabbit