Closed sfc-gh-twhite closed 11 months ago
This creates an inconsistency between the README line.
I will be PRing soon to adjust this.
Now more pressing to upgrade, given this security advisory.
Workaround in my requirements.txt
:
# Using a fork (hopefully temporarily) to support v3.0.2 of the connector, in order to address this security issue:
# https://community.snowflake.com/s/article/Snowflake-Drivers-Security-Advisory
# https://github.com/Snowflake-Labs/schemachange/pull/166
schemachange @ git+https://github.com/IndexSeek/schemachange@a96689298b15ab992ccd463ae81050baad7413dc
snowflake-connector-python>=3.0.2
Using a fork from @IndexSeek's (changing the user/organization name in the GitHub URL) to be safe.
This should be resolved with version 3.5.3, which was just released.
schemachange version 3.5.2 is has the requirement snowflake-connector-python~=2.8. Since the 2.8 versions, a few upgrades have been documented in the release notes here.
I discovered this by running the following:
pip install -U streamlit streamlit-option-menu streamlit-aggrid schemachange watchdog "snowflake-connector-python[secure-local-storage,pandas]"
. I encounteredERROR: schemachange 3.5.2 has requirement snowflake-connector-python~=2.8, but you'll have snowflake-connector-python 3.0.1 which is incompatible.
Attempting to correct, I ran
pip install snowflake-connector-python~=2.8
and then received a new error:ERROR: pyopenssl 22.1.0 has requirement cryptography<39,>=38.0.0, but you'll have cryptography 39.0.2 which is incompatible.
I will test for compatibility with the newer version and propose that we add a larger requirement range for this package to ensure availability to more users.