chore(deps): bump hotdata from 0.2.5 to 0.4.0

[dependabot]

Bumps hotdata from 0.2.5 to 0.4.0.

Release notes

Sourced from hotdata's releases.

hotdata 0.4.0

Added

• hotdata.query.QueryApi: enhanced query client that transparently retries HTTP 429 (OVERLOADED) admission shedding honoring Retry-After, and auto-follows truncated results to materialize the full row set, guarded by configurable max_auto_rows (default 1M) and max_auto_bytes (default 64 MiB) ceilings (#688).
• ResultError base class for the result-lifecycle exceptions (ResultFailedError, ResultTimeoutError, ResultTooLargeError, ResultIncompleteError, ResultUnavailableError) so callers can catch them with a single except.

Changed

• from hotdata import QueryApi / ResultsApi now resolve to the enhanced clients (429 retry + truncation auto-follow; Arrow IPC fetch) instead of the bare generated classes, so the default happy path gets the safe behavior the query contract needs. The raw generated classes remain importable from hotdata.api.query_api / hotdata.api.results_api.

hotdata 0.3.1

Security

• Raised dependency floors to patched releases: pyarrow >= 14.0.1 (CVE-2023-47248, RCE via unsafe deserialization) and pydantic >= 2.4.0 (CVE-2024-3772, regex denial of service).

hotdata 0.3.0

Added

• Transparent API-token → JWT exchange: the client now exchanges an opaque API token for a short-lived JWT on first use and keeps it refreshed, so the wire always carries a current token. Credentials already shaped like a JWT pass through unchanged. Set HOTDATA_DISABLE_JWT_EXCHANGE to an affirmative value (1, true, yes, on) as a hard escape hatch.
• Managed-catalog editing endpoints: add_managed_schema and add_managed_table on ConnectionsApi and DatabasesApi, with new models AddManagedSchemaRequest, AddManagedTableDecl, AddManagedTableRequest, ManagedSchemaResponse, and ManagedTableResponse.
• Typed x_database_id parameter on SavedQueriesApi.execute_saved_query (required) and DatasetsApi.create_dataset, scoping execution to a database the same way QueryApi.query does — no more _headers override.
• database_id field on QueryRequest as a body-level alternative to the X-Database-Id header.
• storage_backend field on CreateDatabaseRequest to select the default catalog's physical backend (parquet or ducklake).
• default_catalog field on CreateDatabaseRequest to name the database's auto-created default catalog within its query scope, surfaced on CreateDatabaseResponse, DatabaseDetailResponse, and DatabaseSummary.

hotdata 0.2.6

Added

• default_catalog and default_schema fields on QueryRequest to control how unqualified table references resolve within an X-Database-Id scope.

Changelog

Sourced from hotdata's changelog.

[0.4.0] - 2026-06-16

Added

• hotdata.query.QueryApi: enhanced query client that transparently retries HTTP 429 (OVERLOADED) admission shedding honoring Retry-After, and auto-follows truncated results to materialize the full row set, guarded by configurable max_auto_rows (default 1M) and max_auto_bytes (default 64 MiB) ceilings (#688).
• ResultError base class for the result-lifecycle exceptions (ResultFailedError, ResultTimeoutError, ResultTooLargeError, ResultIncompleteError, ResultUnavailableError) so callers can catch them with a single except.

Changed

• from hotdata import QueryApi / ResultsApi now resolve to the enhanced clients (429 retry + truncation auto-follow; Arrow IPC fetch) instead of the bare generated classes, so the default happy path gets the safe behavior the query contract needs. The raw generated classes remain importable from hotdata.api.query_api / hotdata.api.results_api.

[0.3.4] - 2026-06-15

Changed

• feat(queries): add preview and total row count fields

[0.3.3] - 2026-06-10

Changed

• chore: regenerate client, drop orphaned sandbox files

[0.3.1] - 2026-06-06

Security

• Raised dependency floors to patched releases: pyarrow >= 14.0.1 (CVE-2023-47248, RCE via unsafe deserialization) and pydantic >= 2.4.0 (CVE-2024-3772, regex denial of service).

[0.3.0] - 2026-06-05

Added

• Transparent API-token → JWT exchange: the client now exchanges an opaque API token for a short-lived JWT on first use and keeps it refreshed, so the wire always carries a current token. Credentials already shaped like a JWT pass through unchanged. Set HOTDATA_DISABLE_JWT_EXCHANGE to an affirmative value (1, true, yes, on) as a hard escape hatch.
• Managed-catalog editing endpoints: add_managed_schema and add_managed_table on ConnectionsApi and DatabasesApi, with new models AddManagedSchemaRequest, AddManagedTableDecl, AddManagedTableRequest, ManagedSchemaResponse, and ManagedTableResponse.
• Typed x_database_id parameter on SavedQueriesApi.execute_saved_query (required) and DatasetsApi.create_dataset, scoping execution to a database the same way QueryApi.query does — no more _headers override.
• database_id field on QueryRequest as a body-level alternative to the X-Database-Id header.
• storage_backend field on CreateDatabaseRequest to select the default catalog's physical backend (parquet or ducklake).
• default_catalog field on CreateDatabaseRequest to name the database's auto-created default catalog within its query scope, surfaced on CreateDatabaseResponse, DatabaseDetailResponse, and DatabaseSummary.

... (truncated)

Commits

• 27133b5 chore: release hotdata v0.4.0 (#112)
• b37b379 feat(query): 429 retry + truncation auto-follow (#688) (#111)
• 5c785ba feat(queries): add preview and total row count fields (#110)
• b597d18 chore: regenerate client, drop orphaned sandbox files (#109)
• 6a6ba04 ci: harden client regeneration (#108)
• 0e8a6eb feat(api): add list-indexes endpoint, exclude internal migrate-backend (#107)
• 34e04c4 chore: release v0.3.1 (#105)
• 17e4f7a fix: patch pyarrow and pydantic CVEs, harden release workflow (#104)
• 0fca84b chore: own packaging files, add dep drift check (#103)
• e01d7fc test(integration): run arrow scenarios in CI instead of skipping (#102)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)