Skip to content

Bump datacontract-cli from 0.11.7 to 1.0.1#1255

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/datacontract-cli-1.0.1
Closed

Bump datacontract-cli from 0.11.7 to 1.0.1#1255
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/datacontract-cli-1.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown

Bumps datacontract-cli from 0.11.7 to 1.0.1.

Release notes

Sourced from datacontract-cli's releases.

v1.0.1

[1.0.1] - 2026-06-10

Added

  • Environment variables (e.g., credentials for datacontract test) are now also loaded from a .env file in the current working directory, walking up parent directories until one is found. Already-set environment variables take precedence over .env values, so exported variables and CI secrets keep working unchanged. (#1295)
  • datacontract edit <file> opens a local data contract file in the Data Contract Editor (web UI). Starts a local web server (default port 4243, requires the api extra) that serves the editor, writes saves directly back to the file, and doubles as the editor's test runner: "Run test" in the editor executes the data contract tests locally via the server's own /test endpoint. The editor is bundled with the CLI and works offline; --editor-version loads a specific editor version from the CDN instead, --editor-assets-url a self-hosted build. If the file does not exist, the command offers to initialize a new data contract (same template as datacontract init). Saving gives feedback in the editor and on the console.

Fixed

  • datacontract test no longer fails with Compilation rule for RegexSearch operation is not defined when a contract uses logicalTypeOptions.pattern (or pattern) against SQL Server. SQL Server has no native regex operator, so the ibis mssql backend cannot compile re_search; pattern checks now fall back to a PATINDEX(...) > 0 LIKE match, restoring the behaviour of the former soda-core engine. Patterns that use real regex syntax (anchors, quantifiers, groups, .) cannot be expressed as a T-SQL LIKE pattern and now raise a clear error instead of failing cryptically. (#1284)

v1.0.0

[1.0.0] - 2026-06-04

Breaking Changes

  • Replaced the Soda Core quality/test engine with ibis. datacontract test now compiles schema and quality checks into ibis expressions (dialect-correct SQL per backend via sqlglot, local/remote files via DuckDB) instead of generating SodaCL. Install extras now pull ibis-framework[<backend>] instead of soda-core-*. Check semantics and pass/fail results are preserved for the supported sources (postgres, redshift, mysql, snowflake, bigquery, databricks, sqlserver, oracle, trino, athena, impala, kafka/dataframe via the ibis Spark backend, and local/S3/GCS/Azure files).
  • Raw SodaCL custom quality checks (quality.type: custom with engine: soda) are no longer executed and now report a warning. Migrate them to quality.type: sql or a library metric (e.g. metric: rowCount).

Added

  • Python 3.13 and 3.14 support (requires-python now allows 3.10–3.14). On 3.13/3.14 the Spark-backed extras resolve to PySpark 4.0 (Spark 3.5 has no 3.13+ build); the Kafka/Avro connector jars already adapt to the runtime Spark/Scala version. create_spark_session now pins PYSPARK_PYTHON/PYSPARK_DRIVER_PYTHON to the running interpreter so Spark's Python workers match the driver.
  • datacontract test against Databricks now supports more authentication methods beyond the personal access token (DATACONTRACT_DATABRICKS_TOKEN): an OAuth service principal for machine-to-machine auth (DATACONTRACT_DATABRICKS_CLIENT_ID + DATACONTRACT_DATABRICKS_CLIENT_SECRET), a local config profile via the Databricks SDK unified auth (DATACONTRACT_DATABRICKS_PROFILE, also covers Azure CLI/MSI), and an explicit connector auth type (DATACONTRACT_DATABRICKS_AUTH_TYPE, e.g. databricks-oauth for the interactive browser flow).
  • datacontract test now records structured diagnostics on each check explaining why it passed or failed: the metric, measured value, threshold, and (for "bad row" metrics) the total row count and failed fraction. invalid_count checks also report the validity rule they enforced (e.g. {"max_length": 20}, {"pattern": "^.+@.+$"}). The diagnostics surface in the JSON output and the JUnit failure text. This replaces the Soda-specific diagnostics payload that the ibis migration had left unpopulated.
  • datacontract test now honors ODCS quality.unit: percent on the count-of-bad-rows library metrics (nullValues, missingValues, invalidValues). The threshold is then compared against the failed fraction (0–100) of the model row count instead of an absolute count, so e.g. metric: nullValues, unit: percent, mustBeLessThan: 5 passes when fewer than 5% of rows are null. Percent on metrics where a row fraction has no meaning (rowCount, duplicateValues) logs a warning and falls back to the absolute count. The measured percent is added to the check diagnostics.
  • datacontract test now honors ODCS quality.severity: a non-blocking severity (info, warning, low, minor, trivial) downgrades a failing quality check to a warning instead of a failed, so it no longer fails the run. Any other severity (or none) still fails. The severity is recorded in the check diagnostics.
  • datacontract test --include-failed-samples collects a small sample of the rows that failed each missing/invalid/duplicate check (off by default). Each sample is restricted to the contract's identifier columns (unique / primaryKey fields) plus the offending column; duplicate checks report the duplicated key values and their counts. Columns whose ODCS classification marks them sensitive (pii, personal, confidential, restricted, sensitive, secret) are omitted. Samples are capped at 5 rows per check and surface on Check.failed_samples in the JSON output and in the JUnit failure text. This is local-only and needs no Soda Cloud (soda-core itself collects failed-row samples only via Soda Cloud).

Changed

  • MySQL is tested through DuckDB's mysql extension instead of ibis's native MySQL backend, so the mysql extra stays pure-pip (no mysqlclient C build / system MySQL client libraries required).
  • Bumped DuckDB to the 1.5.x line (from 1.0.x) with the bundled duckdb-extension-* wheels (httpfs/aws/azure) pinned in lockstep. The 1.5.x extension wheels publish arm64 Linux builds, so air-gapped installs on arm64 Linux are now supported (the previous platform skip markers were removed).
  • The Kafka/Avro Spark connector jars are now derived from the installed PySpark at runtime (Spark version + Scala binary version), so both PySpark 3.5.x (Scala 2.12) and 4.x (Scala 2.13) work. The kafka and databricks extras allow pyspark<5.0.
  • import protobuf now uses the pure-Python proto-schema-parser instead of the protoc system binary. The protobuf extra no longer requires protoc (or the protobuf runtime), so .proto import works out of the box, including transitive imports across subdirectories.
  • Container image is now based on Docker Hardened Images: signed, ships SBOM/VEX, and has tighter CVE patch SLAs than upstream Debian. Runs as nonroot (uid 65532) instead of root. pip / uv installs at build time are routed through Socket Firewall Free, which blocks malicious dependencies. (#1275, #1277)
  • Container image now ships Eclipse Temurin JRE 17, so PySpark-backed engines (Kafka, Spark) actually run inside the image — previously they failed at SparkSession startup because the base image had no JVM. End users pulling datacontract/cli are unaffected by the build-side changes. (#1277)

Fixed

  • DuckDB S3 secret creation no longer fails (Secret Validation Failure) on DuckDB ≥1.5: explicit KEY_ID/SECRET now use the default config provider instead of CREDENTIAL_CHAIN.
  • import csv no longer fails with a DuckDB binder error on DuckDB ≥1.5 (the uniqueness probe now uses count(DISTINCT ...) via SQL).

Removed

  • The soda-core runtime dependency and all soda-core-* install extras, plus the setuptools runtime shim they required. The sodacl export format (datacontract export sodacl) is unchanged and is now generated independently of any Soda runtime.
  • The unused details field on test-result checks (Run.checks[].details). It was a Soda-era placeholder that was never populated; the new structured diagnostics field replaces it. The JUnit failure text no longer prints a Details: line.

v0.12.5

[0.12.5] - 2026-05-30

Added

  • Resolve authoritativeDefinitions[type=definition] on schema properties, filling fields the contract author left unset (#1261)
    • Breaking: Per default, any resolution failure of authoritativeDefinitions[type in {definition, semantics}] now rejects the contract on lint, test, ci, export, and changelog. (#1261)
    • Resolve authoritativeDefinitions[type=semantics] (and the legacy type=semantic) the same way. A url: that points at the configured entropy-data host is fetched directly; a url: that's an IRI (host doesn't match) is routed through GET /api/semantics?iri=... on the configured host, which uses the API key's organization to resolve. (#1262)
    • --no-inline-references flag to skip the HTTP fetch (#1261)
  • When --json-schema points at a custom JSON Schema, the ODCS Pydantic step now accepts extra top-level fields the schema allows (#1266)

... (truncated)

Changelog

Sourced from datacontract-cli's changelog.

[1.0.1] - 2026-06-10

Added

  • Environment variables (e.g., credentials for datacontract test) are now also loaded from a .env file in the current working directory, walking up parent directories until one is found. Already-set environment variables take precedence over .env values, so exported variables and CI secrets keep working unchanged. (#1295)
  • datacontract edit <file> opens a local data contract file in the Data Contract Editor (web UI). Starts a local web server (default port 4243, requires the api extra) that serves the editor, writes saves directly back to the file, and doubles as the editor's test runner: "Run test" in the editor executes the data contract tests locally via the server's own /test endpoint. The editor is bundled with the CLI and works offline; --editor-version loads a specific editor version from the CDN instead, --editor-assets-url a self-hosted build. If the file does not exist, the command offers to initialize a new data contract (same template as datacontract init). Saving gives feedback in the editor and on the console.

Fixed

  • datacontract test no longer fails with Compilation rule for RegexSearch operation is not defined when a contract uses logicalTypeOptions.pattern (or pattern) against SQL Server. SQL Server has no native regex operator, so the ibis mssql backend cannot compile re_search; pattern checks now fall back to a PATINDEX(...) > 0 LIKE match, restoring the behaviour of the former soda-core engine. Patterns that use real regex syntax (anchors, quantifiers, groups, .) cannot be expressed as a T-SQL LIKE pattern and now raise a clear error instead of failing cryptically. (#1284)

[1.0.0] - 2026-06-04

Breaking Changes

  • Replaced the Soda Core quality/test engine with ibis. datacontract test now compiles schema and quality checks into ibis expressions (dialect-correct SQL per backend via sqlglot, local/remote files via DuckDB) instead of generating SodaCL. Install extras now pull ibis-framework[<backend>] instead of soda-core-*. Check semantics and pass/fail results are preserved for the supported sources (postgres, redshift, mysql, snowflake, bigquery, databricks, sqlserver, oracle, trino, athena, impala, kafka/dataframe via the ibis Spark backend, and local/S3/GCS/Azure files).
  • Raw SodaCL custom quality checks (quality.type: custom with engine: soda) are no longer executed and now report a warning. Migrate them to quality.type: sql or a library metric (e.g. metric: rowCount).

Added

  • Python 3.13 and 3.14 support (requires-python now allows 3.10–3.14). On 3.13/3.14 the Spark-backed extras resolve to PySpark 4.0 (Spark 3.5 has no 3.13+ build); the Kafka/Avro connector jars already adapt to the runtime Spark/Scala version. create_spark_session now pins PYSPARK_PYTHON/PYSPARK_DRIVER_PYTHON to the running interpreter so Spark's Python workers match the driver.
  • datacontract test against Databricks now supports more authentication methods beyond the personal access token (DATACONTRACT_DATABRICKS_TOKEN): an OAuth service principal for machine-to-machine auth (DATACONTRACT_DATABRICKS_CLIENT_ID + DATACONTRACT_DATABRICKS_CLIENT_SECRET), a local config profile via the Databricks SDK unified auth (DATACONTRACT_DATABRICKS_PROFILE, also covers Azure CLI/MSI), and an explicit connector auth type (DATACONTRACT_DATABRICKS_AUTH_TYPE, e.g. databricks-oauth for the interactive browser flow).
  • datacontract test now records structured diagnostics on each check explaining why it passed or failed: the metric, measured value, threshold, and (for "bad row" metrics) the total row count and failed fraction. invalid_count checks also report the validity rule they enforced (e.g. {"max_length": 20}, {"pattern": "^.+@.+$"}). The diagnostics surface in the JSON output and the JUnit failure text. This replaces the Soda-specific diagnostics payload that the ibis migration had left unpopulated.
  • datacontract test now honors ODCS quality.unit: percent on the count-of-bad-rows library metrics (nullValues, missingValues, invalidValues). The threshold is then compared against the failed fraction (0–100) of the model row count instead of an absolute count, so e.g. metric: nullValues, unit: percent, mustBeLessThan: 5 passes when fewer than 5% of rows are null. Percent on metrics where a row fraction has no meaning (rowCount, duplicateValues) logs a warning and falls back to the absolute count. The measured percent is added to the check diagnostics.
  • datacontract test now honors ODCS quality.severity: a non-blocking severity (info, warning, low, minor, trivial) downgrades a failing quality check to a warning instead of a failed, so it no longer fails the run. Any other severity (or none) still fails. The severity is recorded in the check diagnostics.
  • datacontract test --include-failed-samples collects a small sample of the rows that failed each missing/invalid/duplicate check (off by default). Each sample is restricted to the contract's identifier columns (unique / primaryKey fields) plus the offending column; duplicate checks report the duplicated key values and their counts. Columns whose ODCS classification marks them sensitive (pii, personal, confidential, restricted, sensitive, secret) are omitted. Samples are capped at 5 rows per check and surface on Check.failed_samples in the JSON output and in the JUnit failure text. This is local-only and needs no Soda Cloud (soda-core itself collects failed-row samples only via Soda Cloud).

Changed

  • MySQL is tested through DuckDB's mysql extension instead of ibis's native MySQL backend, so the mysql extra stays pure-pip (no mysqlclient C build / system MySQL client libraries required).
  • Bumped DuckDB to the 1.5.x line (from 1.0.x) with the bundled duckdb-extension-* wheels (httpfs/aws/azure) pinned in lockstep. The 1.5.x extension wheels publish arm64 Linux builds, so air-gapped installs on arm64 Linux are now supported (the previous platform skip markers were removed).
  • The Kafka/Avro Spark connector jars are now derived from the installed PySpark at runtime (Spark version + Scala binary version), so both PySpark 3.5.x (Scala 2.12) and 4.x (Scala 2.13) work. The kafka and databricks extras allow pyspark<5.0.
  • import protobuf now uses the pure-Python proto-schema-parser instead of the protoc system binary. The protobuf extra no longer requires protoc (or the protobuf runtime), so .proto import works out of the box, including transitive imports across subdirectories.
  • Container image is now based on Docker Hardened Images: signed, ships SBOM/VEX, and has tighter CVE patch SLAs than upstream Debian. Runs as nonroot (uid 65532) instead of root. pip / uv installs at build time are routed through Socket Firewall Free, which blocks malicious dependencies. (#1275, #1277)
  • Container image now ships Eclipse Temurin JRE 17, so PySpark-backed engines (Kafka, Spark) actually run inside the image — previously they failed at SparkSession startup because the base image had no JVM. End users pulling datacontract/cli are unaffected by the build-side changes. (#1277)

Fixed

  • DuckDB S3 secret creation no longer fails (Secret Validation Failure) on DuckDB ≥1.5: explicit KEY_ID/SECRET now use the default config provider instead of CREDENTIAL_CHAIN.
  • import csv no longer fails with a DuckDB binder error on DuckDB ≥1.5 (the uniqueness probe now uses count(DISTINCT ...) via SQL).

Removed

  • The soda-core runtime dependency and all soda-core-* install extras, plus the setuptools runtime shim they required. The sodacl export format (datacontract export sodacl) is unchanged and is now generated independently of any Soda runtime.
  • The unused details field on test-result checks (Run.checks[].details). It was a Soda-era placeholder that was never populated; the new structured diagnostics field replaces it. The JUnit failure text no longer prints a Details: line.

[0.12.5] - 2026-05-30

Added

  • Resolve authoritativeDefinitions[type=definition] on schema properties, filling fields the contract author left unset (#1261)
    • Breaking: Per default, any resolution failure of authoritativeDefinitions[type in {definition, semantics}] now rejects the contract on lint, test, ci, export, and changelog. (#1261)
    • Resolve authoritativeDefinitions[type=semantics] (and the legacy type=semantic) the same way. A url: that points at the configured entropy-data host is fetched directly; a url: that's an IRI (host doesn't match) is routed through GET /api/semantics?iri=... on the configured host, which uses the API key's organization to resolve. (#1262)
    • --no-inline-references flag to skip the HTTP fetch (#1261)
  • When --json-schema points at a custom JSON Schema, the ODCS Pydantic step now accepts extra top-level fields the schema allows (#1266)

Changed

  • JSON Schema validation errors now identify the offending schema and property by name instead of array indices (#1255 @​dmaresma)

... (truncated)

Commits
  • 002e534 Release v1.0.1
  • d9e86eb feat: datacontract edit — open a local file in the Data Contract Editor (di...
  • 7a3b863 feat: load environment variables from a .env file (#1295)
  • ac1e5a3 fix: support logicalTypeOptions.pattern on SQL Server via PATINDEX (#1284) (#...
  • abb3877 improve error message on missing postgres extra
  • d6e71a5 update help texts
  • f00af9c Make agent instructions vendor-agnostic via AGENTS.md (#1285)
  • 25716f5 chore(deps-dev): update snowflake-connector-python requirement (#1274)
  • 1ad97d1 chore(deps-dev): update uvicorn requirement (#1288)
  • ae14997 chore(deps-dev): bump moto from 5.2.1 to 5.2.2 (#1287)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [datacontract-cli](https://github.com/datacontract/datacontract-cli) from 0.11.7 to 1.0.1.
- [Release notes](https://github.com/datacontract/datacontract-cli/releases)
- [Changelog](https://github.com/datacontract/datacontract-cli/blob/main/CHANGELOG.md)
- [Commits](datacontract/datacontract-cli@v0.11.7...v1.0.1)

---
updated-dependencies:
- dependency-name: datacontract-cli
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 18, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 18, 2026 03:24
@dependabot dependabot Bot requested review from grusin-db and removed request for a team June 18, 2026 03:24
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 18, 2026
@codecov

codecov Bot commented Jun 18, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.02%. Comparing base (9980c98) to head (a6c7608).

❗ There is a different number of reports uploaded between BASE (9980c98) and HEAD (a6c7608). Click for more details.

HEAD has 9 uploads less than BASE
Flag BASE (9980c98) HEAD (a6c7608)
unit 2 1
anomaly 2 0
anomaly-serverless 2 0
integration-serverless 2 0
integration 2 0
Additional details and impacted files
@@             Coverage Diff             @@
##             main    #1255       +/-   ##
===========================================
- Coverage   92.56%   57.02%   -35.55%     
===========================================
  Files         102      102               
  Lines       10075    10075               
===========================================
- Hits         9326     5745     -3581     
- Misses        749     4330     +3581     
Flag Coverage Δ
anomaly ?
anomaly-serverless ?
integration ?
integration-serverless ?
unit 57.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Author

Superseded by #1258.

@dependabot dependabot Bot closed this Jun 19, 2026
@dependabot dependabot Bot deleted the dependabot/uv/datacontract-cli-1.0.1 branch June 19, 2026 03:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants