You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A clear and concise description of what the bug is. What command did you run? What happened?
Hi, we are trying to keep our dependencies up to date with security updates and I see that in the docker dependencies dbt has fixed version of cryptography 3.2 but in the snowflake plugin, it is still required cryptography version less than 3. The new snowflake connector library versions starting from 2.3.5 are supporting fixed cryptography version. Can we update those in dbt-snowflake plugin requirements too?
Steps To Reproduce
In as much detail as possible, please provide steps to reproduce the issue. Sample data that triggers the issue, example model code, etc is all very helpful here.
You can try to install with pip dbt with dbt-snowflake plugin along side with new cryptography and snowflake client versions
Expected behavior
A clear and concise description of what you expected to happen.
Pip installs in the same virtual env cryptography version >= 3.2 along side with dbt-snowflake and snowfalke-connector version >= 2.3.5
Screenshots and log output
If applicable, add screenshots or log output to help explain your problem.
log output:
15:59:22 dbt-snowflake 0.17.0 requires cryptography<3,>=2, but you'll have cryptography 3.2 which is incompatible.
15:59:22 dbt-snowflake 0.17.0 requires snowflake-connector-python==2.2.1, but you'll have snowflake-connector-python 2.3.5 which is incompatible.
System information
Which database are you using dbt with?
postgres
redshift
bigquery
snowflake
other (specify: ____________)
The output of dbt --version:
installed version: 0.17.0
latest version: 0.18.1
Your version of dbt is out of date! You can find instructions for upgrading here:
https://docs.getdbt.com/docs/installation
Plugins:
- bigquery: 0.17.0
- snowflake: 0.17.0
- redshift: 0.17.0
- postgres: 0.17.0
Even though we still use 0.17.0 in the current latest master I still see vulnerable cryptography version
The operating system you're using:
MacOs and Linux
The output of python --version:
Python 3.6.5
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
Hi, bumping the version of cryptography would not only bring the package up-to-date, but avoid known vulnerabilities for versions <3.2. Check out https://snyk.io/vuln/pip:cryptography.
Bumping the version will also help avoid dependency conflicts with libraries that have upgraded cryptography because of the vulnerability.
I'd welcome a PR that upgrades both. We're very defensive with version requirements of snowflake-connector-python, because we have previously experienced breaking changes from minor and patch releases.
Describe the bug
A clear and concise description of what the bug is. What command did you run? What happened?
Hi, we are trying to keep our dependencies up to date with security updates and I see that in the docker dependencies dbt has fixed version of cryptography 3.2 but in the snowflake plugin, it is still required cryptography version less than 3. The new snowflake connector library versions starting from 2.3.5 are supporting fixed cryptography version. Can we update those in dbt-snowflake plugin requirements too?
Steps To Reproduce
In as much detail as possible, please provide steps to reproduce the issue. Sample data that triggers the issue, example model code, etc is all very helpful here.
You can try to install with pip dbt with dbt-snowflake plugin along side with new cryptography and snowflake client versions
Expected behavior
A clear and concise description of what you expected to happen.
Pip installs in the same virtual env cryptography version >= 3.2 along side with dbt-snowflake and snowfalke-connector version >= 2.3.5
Screenshots and log output
If applicable, add screenshots or log output to help explain your problem.
log output:
System information
Which database are you using dbt with?
The output of
dbt --version
:Even though we still use 0.17.0 in the current latest master I still see vulnerable cryptography version
The operating system you're using:
MacOs and Linux
The output of
python --version
:Python 3.6.5
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: