Update snowflake-python-connector dependency to address security risk

airbytehq / PyAirbyte

PyAirbyte brings the power of Airbyte to every Python developer.

https://docs.airbyte.com/pyairbyte

Other

178 stars 20 forks source link

Update snowflake-python-connector dependency to address security risk #221

Closed BarSimovich closed 1 month ago

BarSimovich commented 1 month ago

PyAirbyte currently has a dependency on snowflake-python-connector==3.6.0, which in turn depends on an outdated version of the cryptography library (<4.2). This outdated version poses a security risk.

To mitigate this risk, it's recommended to update the snowflake-python-connector dependency to a version that uses a more recent cryptography version (>=4.2).

Please consider updating the dependency to ensure a secure environment for PyAirbyte users.

aaronsteers commented 1 month ago

@BarSimovich - Thanks very much for raising this. ~~A PR is welcome - and otherwise we'll try to get to this in the current iteration.~~

PR Ready to go:

https://github.com/airbytehq/PyAirbyte/pull/234

aaronsteers commented 1 month ago

@BarSimovich - This has merged and will be released in PyAirbyte 0.11.0, ETA later today or tomorrow.