Skip to content

NO-SNOW: Suppress snyk warning in connector version #4060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sfc-gh-mayliu merged 1 commit into from
Jan 27, 2026
Merged

NO-SNOW: Suppress snyk warning in connector version #4060

sfc-gh-mayliu merged 1 commit into from
Jan 27, 2026

Conversation

@sfc-gh-mayliu
Copy link
Collaborator

@sfc-gh-mayliu sfc-gh-mayliu commented Jan 27, 2026

  1. Which Jira issue is this PR addressing? Make sure that there is an accompanying issue to your PR.

    Fixes SNOW-NNNNNNN

  2. Fill out the following pre-review checklist:

    • I am adding a new automated test(s) to verify correctness of my new code
      • If this test skips Local Testing mode, I'm requesting review from @snowflakedb/local-testing
    • I am adding new logging messages
    • I am adding a new telemetry message
    • I am adding new credentials
    • I am adding a new dependency
    • If this is a new feature/behavior, I'm adding the Local Testing parity changes.
    • I acknowledge that I have ensured my changes to be thread-safe. Follow the link for more information: Thread-safe Developer Guidelines
    • If adding any arguments to public Snowpark APIs or creating new public Snowpark APIs, I acknowledge that I have ensured my changes include AST support. Follow the link for more information: AST Support Guidelines

  3. Please describe how your code solves the related issue.

Snyk complains:
https://app.snyk.io/org/snowflakedb-sca-scanning-public-repo/project/773f470d-2a57-4aa9-b797-101b0b098f6c#issue-SNYK-PYTHON-SNOWFLAKECONNECTORPYTHON-13803382

Detailed paths and remediation
Introduced through: [email protected][email protected]
Fix: Upgrade snowflake-connector-python to version 4.0.0

@sfc-gh-mayliu sfc-gh-mayliu requested a review from a team as a code owner January 27, 2026 20:02
sfc-gh-joshi
sfc-gh-joshi approved these changes Jan 27, 2026
View reviewed changes
Copy link
Contributor

@sfc-gh-joshi sfc-gh-joshi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a changelog entry since we're bumping a dependency floor?

@sfc-gh-mayliu
Copy link
Collaborator Author

sfc-gh-mayliu commented Jan 27, 2026
edited
Loading

Can you add a changelog entry since we're bumping a dependency floor?

@sfc-gh-joshi This PR does not actually bump the dependency floor, it merely serves to suppress the security warning issued from snyk, so changelog does not need to be updated
https://app.snyk.io/org/snowflakedb-sca-scanning-public-repo/project/773f470d-2a57-4aa9-b797-101b0b098f6c#issue-SNYK-PYTHON-SNOWFLAKECONNECTORPYTHON-13803382

@sfc-gh-joshi
Copy link
Contributor

sfc-gh-joshi commented Jan 27, 2026

Can you add a changelog entry since we're bumping a dependency floor?

@sfc-gh-joshi This PR does not actually bump the dependency floor, it merely serves to suppress the security warning issued from snyk, so changelog does not need to be updated https://app.snyk.io/org/snowflakedb-sca-scanning-public-repo/project/773f470d-2a57-4aa9-b797-101b0b098f6c#issue-SNYK-PYTHON-SNOWFLAKECONNECTORPYTHON-13803382

Got it. Should we be bumping the actual dependency in setup.py though, given that it's a potential security issue?

@sfc-gh-mayliu sfc-gh-mayliu merged commit e7fa517 into main Jan 27, 2026
49 of 53 checks passed
@sfc-gh-mayliu sfc-gh-mayliu deleted the NO-SNOW-bump-snyk-requirements branch January 27, 2026 23:35
@github-actions github-actions bot locked and limited conversation to collaborators Jan 27, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@sfc-gh-aling sfc-gh-aling sfc-gh-aling approved these changes

@sfc-gh-joshi sfc-gh-joshi sfc-gh-joshi approved these changes

@sfc-gh-jdu sfc-gh-jdu Awaiting requested review from sfc-gh-jdu sfc-gh-jdu is a code owner automatically assigned from snowflakedb/snowpark-python-api-reviewers

@sfc-gh-bkogan sfc-gh-bkogan Awaiting requested review from sfc-gh-bkogan sfc-gh-bkogan is a code owner automatically assigned from snowflakedb/snowpark-python-api-reviewers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sfc-gh-mayliu @sfc-gh-joshi @sfc-gh-aling