Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CT-2112: bump snowflake connector python #476

Merged
merged 33 commits into from
Mar 8, 2023
Merged

CT-2112: bump snowflake connector python #476

merged 33 commits into from
Mar 8, 2023

Conversation

mikealfare
Copy link
Contributor

@mikealfare mikealfare commented Feb 17, 2023
edited
Loading

resolves #469, #393, #371

Description

Patches snowflake-connector-python vulnerability https://www.cve.org/CVERecord?id=CVE-2022-42965.

  • Update snowflake-connector-python to 3.0
  • Remove explicit dependencies on cryptography and requests; these are covered in dbt-core and snowflake-connector-python -> reduces potential for version conflicts
  • Add several docker files for development purposes to troubleshoot failed tests
  • Fixed test case that was failing due to failed teardown

Note: This will need to be backported into 1.4.latest, 1.3.latest, 1.2.latest, and 1.1.latest

We suspect this will also resolve issue #393 as that was tied back to an older version of snowflake-connector-python. The priority is to resolve the vulnerability, but testing will be done for this issue as well. If there is additional work to be done for #393, a new PR will be opened to cover the gap.

Checklist

@cla-bot cla-bot bot added the cla:yes label Feb 17, 2023
@mikealfare mikealfare marked this pull request as draft February 17, 2023 17:38
dbeatty10
dbeatty10 reviewed Feb 17, 2023
View reviewed changes
.changes/unreleased/Dependencies-20230216-093128.yaml Outdated Show resolved Hide resolved
setup.py Outdated Show resolved Hide resolved
dbeatty10
dbeatty10 requested changes Feb 17, 2023
View reviewed changes
Copy link
Contributor

@dbeatty10 dbeatty10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to finalize the upper and lower bounds before merging.

Adding this blocking comment so we can be extra certain the merged PR has the upper and lower bounds that align with the final decision.

dbeatty10
dbeatty10 reviewed Feb 17, 2023
View reviewed changes
setup.py Outdated Show resolved Hide resolved
mikealfare and others added 15 commits February 22, 2023 15:09
@mikealfare
created ubuntu-py38 image for local integration testing, added makefi…
adba22c 
…le instructions for easy deployment
@mikealfare
added debian image
dce899f
@mikealfare
added docker dev-environment image
da070d0
@mikealfare
added additional python versions in ubuntu and debian containers, add…
b785921 
…ed warning readme file
@mikealfare
added additional python versions in ubuntu and debian containers, add…
e569941 
…ed warning readme file
@mikealfare
added additional python versions in ubuntu and debian containers, add…
0753169 
…ed warning readme file
@mikealfare
updated build requirements, added py311
d1812c1
@mikealfare
Merge branch 'main' into dbeatty/bump-snowflake-connector-python
8a886b6
@mikealfare
Merge remote-tracking branch 'origin/dbeatty/bump-snowflake-connector…
2aa5484 
…-python' into dbeatty/bump-snowflake-connector-python
@mikealfare
pinned snowflake-connector-python to 2.9 to check if other requirem…
c6a29e1 
…ents updates helped this
@mikealfare
Merge branch 'main' into dbeatty/bump-snowflake-connector-python
0fedeef
@mikealfare
Merge remote-tracking branch 'origin/dbeatty/bump-snowflake-connector…
99f9e2c 
…-python' into dbeatty/bump-snowflake-connector-python
@mikealfare
Merge branch 'main' into dbeatty/bump-snowflake-connector-python
664127f
@mikealfare
pinned snowflake-connector-python to 2.8.1 to verify that tests run…
3503bd8 
… as expected, but on the vulnerable version
@mikealfare
Merge remote-tracking branch 'origin/dbeatty/bump-snowflake-connector…
355594c 
…-python' into dbeatty/bump-snowflake-connector-python
@mikealfare mikealfare self-assigned this Mar 4, 2023
This was linked to issues Mar 4, 2023
[CT-1813] [CT-1378] [Bug] Python models not picking up custom schema #393
Closed
[CT-1707] [Bug] Testing locally is slow, and hangs #371
Closed
This was referenced Mar 6, 2023
Closed
Closed
dbeatty10
dbeatty10 approved these changes Mar 8, 2023
View reviewed changes
Copy link
Contributor

@dbeatty10 dbeatty10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version range for snowflake-connector-python looks good 👍

Nice that you were also able to:

  • Remove explicit dependencies for cryptography and requests
  • Greatly simplify test_simple_seed.py

@mikealfare mikealfare merged commit 967a8e9 into main Mar 8, 2023
@mikealfare mikealfare deleted the dbeatty/bump-snowflake-connector-python branch March 8, 2023 15:11
mikealfare added a commit that referenced this pull request Mar 8, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476)
efa6b4a 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry
* updated changelog to show specific version
* added changelog for updated build dependencies

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
mikealfare added a commit that referenced this pull request Mar 8, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476)
2c8ab30 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry
* Update .changes/unreleased/Dependencies-20230216-093128.yaml
* updated changelog to show specific version
* added changelog for updated build dependencies

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
mikealfare added a commit that referenced this pull request Mar 8, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476)
870b8b0 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry
* Update .changes/unreleased/Dependencies-20230216-093128.yaml
* updated changelog to show specific version
* added changelog for updated build dependencies

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
mikealfare added a commit that referenced this pull request Mar 8, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476)
756e206 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry
* Update .changes/unreleased/Dependencies-20230216-093128.yaml
* created ubuntu-py38 image for local integration testing, added makefile instructions for easy deployment
* added debian image
* added docker dev-environment image
* added additional python versions in ubuntu and debian containers, added warning readme file
* resolved five of seven failing tests
* resolved TestSimpleBigSeedBatched.test_big_batched_seed() test failure
* updated changelog to show specific version
* added changelog for updated build dependencies

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476) (#509)
cdafe97 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476) (#508)
699d8bd 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476) (#507)
9fa3b22 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare @dbeatty10
CT-2112: bump snowflake connector python (#476) (#506)
a31a0ec 
* Raise the upper bound to be the next major version of `snowflake-connector-python`
* Changelog entry

---------

Co-authored-by: Doug Beatty <[email protected]>
Co-authored-by: Doug Beatty <[email protected]>
@mikealfare mikealfare mentioned this pull request Mar 9, 2023
Merged
6 tasks
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511)
8a33683 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511)
a7c9d83 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511)
bae5570 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511)
89d9770 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511)
98c5c97 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511) (#515)
c8adb36 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511) (#514)
1334593 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511) (#513)
638a106 
* updated changelog entry
* updated changelog entry file name
mikealfare added a commit that referenced this pull request Mar 9, 2023
@mikealfare
Fix change log entry for #476 (#511) (#512)
72ee1f4 
* updated changelog entry
* updated changelog entry file name
@dataders dataders mentioned this pull request Jul 11, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbeatty10 dbeatty10 dbeatty10 approved these changes

@nssalian nssalian nssalian approved these changes

@colin-rogers-dbt colin-rogers-dbt Awaiting requested review from colin-rogers-dbt colin-rogers-dbt is a code owner automatically assigned from dbt-labs/adapters

Assignees

@mikealfare mikealfare

Labels
cla:yes
Projects
None yet
Milestone
No milestone
3 participants
@mikealfare @nssalian @dbeatty10