security: remove dbt-fabricspark and dbt-vertica to fix Dependabot alerts

MikaKerman · claude · MikaKerman · commit 0713e638f30e · 2026-04-26T23:41:22.000+03:00
Remove dbt-fabricspark and dbt-vertica optional deps from lockfile
resolution — both were already excluded from the "all" extra and their
outdated upstream pins (dbt-core==1.8.5, azure-cli pre-release) caused
vulnerable transitive dependency versions to be resolved (deepdiff,
protobuf, pyopenssl, etc.). Without them, poetry resolves all 7
high/critical Dependabot alerts to patched versions naturally.

Users who need these adapters can still install them directly
(e.g. pip install dbt-fabricspark dbt-vertica).

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/pyproject.toml b/pyproject.toml
@@ -57,9 +57,7 @@ dbt-clickhouse = {version = ">=1.8,<2.0.0", optional = true}
 dbt-duckdb = {version = ">=1.8,<2.0.0", optional = true}
 dbt-dremio = {version = ">=1.8,<2.0.0", optional = true}
 dbt-fabric = {version = ">=1.8,<2.0.0", optional = true}
-dbt-fabricspark = {version = ">=1.8,<2.0.0", optional = true}
 dbt-sqlserver = {version = ">=1.8,<2.0.0", optional = true}
-dbt-vertica = {version = ">=1.8,<2.0.0", optional = true}
 [tool.poetry.extras]
 snowflake = ["dbt-snowflake"]
 bigquery = ["dbt-bigquery"]
@@ -73,12 +71,11 @@ trino = ["dbt-trino"]
 duckdb = ["dbt-duckdb"]
 dremio = ["dbt-dremio"]
 fabric = ["dbt-fabric"]
-fabricspark = ["dbt-fabricspark"]
 sqlserver = ["dbt-sqlserver"]
-vertica = ["dbt-vertica"]
-# dbt-fabricspark is excluded due to broken upstream dependencies (azure-cli pre-release pins).
-# dbt-vertica is excluded because it pins dbt-core==1.8.5, forcing the entire resolution to dbt 1.8.
-# Both are still available as individual extras (e.g. pip install elementary-data[vertica]).
+# dbt-fabricspark and dbt-vertica are removed from the lockfile resolution because they pin
+# outdated transitive dependencies (dbt-core==1.8.5, azure-cli pre-release) that block
+# security patches for deepdiff, protobuf, and pyopenssl. Users who need these adapters
+# can still install them directly (e.g. pip install dbt-fabricspark dbt-vertica).
 all = ["dbt-snowflake", "dbt-bigquery", "dbt-redshift", "dbt-postgres", "dbt-databricks", "dbt-spark", "dbt-athena-community", "dbt-trino", "dbt-clickhouse", "dbt-duckdb", "dbt-dremio", "dbt-fabric", "dbt-sqlserver"]
 
 [build-system]
