Skip to content

chore(security): update vulnerable packages#324

Merged
Ryuk-me merged 1 commit into
datachecks:mainfrom
Ryuk-me:neeraj/dcs-1196-dcs-core-dependabot-isues-2
Sep 2, 2025
Merged

chore(security): update vulnerable packages#324
Ryuk-me merged 1 commit into
datachecks:mainfrom
Ryuk-me:neeraj/dcs-1196-dcs-core-dependabot-isues-2

Conversation

@Ryuk-me

@Ryuk-me Ryuk-me commented Sep 2, 2025

Copy link
Copy Markdown
Member

PR Type

Other


Description

  • Update Python version requirement from 3.9+ to 3.10+

  • Add snowflake-connector-python dependency for Snowflake support

  • Fix nanoid package version formatting in UI


Diagram Walkthrough

flowchart LR
  A["Python 3.9+ requirement"] --> B["Python 3.10+ requirement"]
  C["Snowflake extras"] --> D["Add snowflake-connector-python"]
  E["nanoid version"] --> F["Fix formatting"]
Loading

File Walkthrough

Relevant files
Dependencies
pyproject.toml
Update Python version and Snowflake dependencies                 

pyproject.toml

  • Update Python version requirement from >=3.9 to >=3.10
  • Add snowflake-connector-python as optional dependency
  • Update snowflake extras to include new connector package
+3/-2     
Formatting
package.json
Fix nanoid package version formatting                                       

ui/package.json

  • Fix nanoid package version formatting by removing newline character
+1/-1     

Summary by CodeRabbit

  • New Features

    • Added optional Snowflake connector support; Snowflake-related installation options now include the connector.
  • Chores

    • Raised minimum supported Python version to 3.10.
  • Bug Fixes

    • Corrected a dependency version string formatting issue in the UI package to prevent install/parsing problems.

@coderabbitai

coderabbitai Bot commented Sep 2, 2025

Copy link
Copy Markdown

Caution

Review failed

The pull request is closed.

Walkthrough

Updated Python version requirement to >=3.10,<3.13 and added optional dependency snowflake-connector-python. Expanded snowflake and all extras to include this connector. In ui/package.json, corrected the nanoid version string by removing an unintended newline character.

Changes

Cohort / File(s) Summary of Changes
Python packaging updates
pyproject.toml
Bumped Python requirement from >=3.9,<3.13 to >=3.10,<3.13; added optional dependency snowflake-connector-python ^3.17.2; updated extras: snowflake and all now include snowflake-connector-python.
UI dependency string fix
ui/package.json
Removed stray newline from the nanoid version string: "^3.3.8\n" → "^3.3.8".

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I thump my paws—new flakes in tow,
Python hops to 3.10, ready to go.
Extras bundled, connectors aligned,
UI’s tidy—no newline to find.
In the burrow of builds, I cheer,
Snowy queries near, carrots dear. 🥕❄️


📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0631d48 and eed7c81.

⛔ Files ignored due to path filters (2)
  • poetry.lock is excluded by !**/*.lock
  • ui/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (2)
  • pyproject.toml (3 hunks)
  • ui/package.json (1 hunks)
✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@qodo-code-review

Copy link
Copy Markdown

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Metadata Mismatch

The classifiers still include Python 3.9 while the dependency constraint now requires >=3.10. Ensure classifiers reflect supported versions throughout to avoid confusion on PyPI.

classifiers = [
    "Intended Audience :: Developers",
    "Intended Audience :: Information Technology",
    "Intended Audience :: System Administrators",
    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
    "Programming Language :: Python :: 3.11",
    "Development Status :: 3 - Alpha",
    "Environment :: Console",
    "Topic :: Database :: Database Engines/Servers",
    "Typing :: Typed"
]
Optional Dependency Naming

Verify the extras group 'snowflake' mirrors the optional dependencies; ensure 'snowflake-connector-python' being optional is correctly resolved when extra is selected and that dependency versions are compatible with 'snowflake-sqlalchemy'.

opensearch = ["opensearch-py"]
bigquery = ["sqlalchemy-bigquery"]
databricks = ["databricks-sql-connector"]
elasticsearch = ["elasticsearch"]
snowflake = ["snowflake-sqlalchemy","snowflake-connector-python"]
spark = ["pyspark"]
oracle = ["oracledb"]
db2 = ["ibm-db","ibm-db-sa"]

@qodo-code-review

Copy link
Copy Markdown

PR Code Suggestions ✨

No code suggestions found for the PR.

@Ryuk-me Ryuk-me merged commit ad4ef09 into datachecks:main Sep 2, 2025
2 of 5 checks passed
@Ryuk-me Ryuk-me deleted the neeraj/dcs-1196-dcs-core-dependabot-isues-2 branch September 2, 2025 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants