Bump thrift to 0.23.0#796
Open
leoromanovsky wants to merge 1 commit into
Open
Conversation
Widen the thrift runtime dependency to >=0.22.0,<0.24.0 so downstream consumers can resolve thrift 0.23.0. Fixes: databricks#783 Signed-off-by: Leo Romanovsky <leo.romanovsky@datadoghq.com>
leoromanovsky
force-pushed
the
fix/thrift-0.23.0
branch
from
e25bd04 to
812558e
Compare
There was a problem hiding this comment.
Pull request overview
This PR widens the Apache Thrift runtime dependency constraint so downstream consumers can resolve thrift==0.23.0 (and the 0.23.x line) to pick up upstream security fixes, while still keeping 0.22.0 compatible installs valid.
Changes:
- Relax
thriftdependency from~=0.22.0to>=0.22.0,<0.24.0inpyproject.toml. - Regenerate
poetry.lockto selectthrift==0.23.0and update its extras metadata.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pyproject.toml | Widens the allowed Thrift version range to include 0.23.x while excluding 0.24+. |
| poetry.lock | Updates locked Thrift version to 0.23.0 and refreshes lock metadata accordingly. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
databricks-sql-connectorcurrently constrains thrift with~=0.22.0, which prevents downstream consumers from resolvingthrift 0.23.0. Issue #783 requests allowing thrift 0.23.0 so consumers can pick up the latest thrift security fixes.Fixes #783.
cc @Korijn @jprakash-db
Changes
>=0.22.0,<0.24.0.poetry.lockso the lockfile selectsthrift 0.23.0and includes the updated thrift extras metadata.Decisions
0.22.0as the lower bound so existing compatible installs remain valid.<0.24.0to allow the 0.23.x line without automatically accepting a future thrift minor release.Validation
uvx --from poetry==2.3.1 poetry check --lockpasses with existing Poetry deprecation warnings.poetry install -E pyarrowinstallsthrift 0.23.0,pyarrow 22.0.0, and the current project.poetry run python -c 'from importlib.metadata import version; print(version("thrift"))'reports0.23.0.PYTHONPATH=src poetry run python -c 'import thrift.transport.THttpClient; import thrift.protocol.TBinaryProtocol; from databricks.sql.backend.thrift_backend import ThriftDatabricksClient; print("ok")'passes.poetry run python -m pytest tests/unit/test_thrift_backend.py -rspasses: 66 passed in 6.92s.poetry run python -m pytest tests/unitpasses: 742 passed, 4 skipped in 103.76s.poetry build -f wheelsucceeds; inspected wheel metadata containsRequires-Dist: thrift (>=0.22.0,<0.24.0).