Skip to content

Replace certifi upper version constraint with inequality #1063

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Replace certifi upper version constraint with inequality #1063

wants to merge 2 commits into from

Conversation

maresb
Copy link
Contributor

@maresb maresb commented May 5, 2025
edited
Loading

resolves #1036, improving on #1027

Problem

It's pretty important to keep CAs up-to-date, so the current upper bound definitely isn't sustainable. People may pin the current version of dbt-snowflake without noticing the certifi upper-bound, and as a result they will eventually end up with connection issues and/or not recognizing revoked certificates.

Solution

Replace < with != to block only the problematic version and not future versions.

Checklist

  • I have read the contributing guide and understand what's expected of me
  • I have run this code in development and it appears to resolve the stated issue
  • This PR includes tests, or tests are not required/relevant for this PR
  • This PR has no interface changes (e.g. macros, cli, logs, json artifacts, config files, adapter interface, etc) or this PR has already received feedback and approval from Product or DX

@maresb
Don't indefinitely block certifi updates
52b45f2 
It's pretty important to keep CAs up-to-date, so this definitely isn't sustainable. People may pin the current version of `dbt-snowflake` without noticing the `certifi` upper-bound, and as a result they will eventually end up with connection issues and/or not recognizing revoked certificates.
@maresb maresb requested a review from a team as a code owner May 5, 2025 07:24
@cla-bot cla-bot bot added the cla:yes The PR author has signed the CLA label May 5, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 5, 2025

Thank you for your pull request! We could not find a changelog entry for this change in the dbt-snowflake package. For details on how to document a change, see the Contributing Guide.

@maresb maresb mentioned this pull request May 5, 2025
Closed
3 tasks
@maresb maresb temporarily deployed to dbt-snowflake May 5, 2025 07:39 — with GitHub Actions Inactive
lpillmann pushed a commit to lpillmann/dbt-adapters that referenced this pull request May 6, 2025
@VersusFacit @dwreeves
Adap 953/merge agate lazy load (dbt-labs#1063)
a4e22b0 
* lazy load agate

* Add test and documentation.

* Fix test.

* Fix test.

* Don't need a test for this.

---------

Co-authored-by: dwreeves <[email protected]>
Co-authored-by: Mila Page <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla:yes The PR author has signed the CLA
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Regression] latest PyPI release v1.9.3 hinders security updates
1 participant
@maresb