Closed fadi-circleci closed 1 year ago
Hey @fadi-circleci !
This is actually behaving as expected -- we intend for dbt-snowflake==1.5.0a1
to require dbt-core>=1.5.0a1,<1.6.0
.
So to install dbt-snowflake from hash ce23a989cbc4eff7bdb8e438b8c3eff9415b9ea2
, you'd also need to install a compatible hash from dbt-core (maybe c952d44ec5c2506995fbad75320acbae49125d3d
? 🤷 )
More generally, dbt-snowflake 1.x
requires dbt-core 1.x
also, and the same goes for all the adapters we maintain (dbt-postgres, dbt-redshfit, dbt-snowflake, and dbt-spark).
We are planning on releasing a 1.4.x release that will include the cryptography>= 39.0.0
that you are seeking, but I don't know the date for it yet.
In the meantime, there's a multiple different ideas you could try, but they are all a bit tricky.
Install dbt-snowflake==1.4.1
& force upgrade to cryptography>= 39.0.0
as a post step. I didn't try the following at all, but maybe something like this 🤷:
poetry install
poetry shell
python -m pip install cryptography>=39.0.0
Fork dbt-snowflake==1.4.1
and patch setup.py
here. Then install your fork.
While I understand that this might not meet your short-term needs, the only option we can explicitly support is for you to wait for us to publish dbt-snowflake==1.4.2
. Everything else is just a creative idea that should not be interpreted as a recommendation.
Since we have a patch release of dbt-snowflake planned, and we aren't planning to change our approach to version compatibility between dbt-snowflake and dbt-core, I'm going to close this as wontfix
.
Is this a new bug in dbt-core?
Current Behavior
In order to resolve some security vulnerabilities we have pointed to this commit https://github.com/dbt-labs/dbt-snowflake/commit/ce23a989cbc4eff7bdb8e438b8c3eff9415b9ea2 as our version in our pyproject.toml.
In order to resolve this dependency poetry attempts to install dbt-core >=1.5.0a1,<1.6.0 which it can not find.
Because dbt-snowflake (1.5.0a1) @ git+https://github.com/dbt-labs/dbt-snowflake@ce23a989cbc4eff7bdb8e438b8c3eff9415b9ea2 depends on dbt-core (>=1.5.0a1,<1.6.0) which doesn't match any versions, dbt-snowflake is forbidden. So, because dbt-data-modeling depends on dbt-snowflake (1.5.0a1) @ git+https://github.com/dbt-labs/dbt-snowflake@ce23a989cbc4eff7bdb8e438b8c3eff9415b9ea2, version solving failed.
Expected Behavior
Expected behavior is that 1.4.x would allow flexibility on which version of dbt-snowflake it can use OR wheels be made available for 1.5.0a1. The upgrade here is needed in order to patch a security vulnerability in the cyrptography package.
Steps To Reproduce
[tool.poetry] description = "Where the Data Platform maintained core data models live." name = "dbt_data_modeling" version = "0.0.1"
[tool.poetry.scripts] model = "dbt_data_modeling.main:program.run"
[tool.poetry.dependencies] datadog = "^0.39"
magicinvoke = "^2.4" python = "^3.8" rollbar = "^0.15" boto3 = "^1.20" snowflake-connector-python = {version = "*", extras = ["secure-local-storage"]} dbt-snowflake = {git = "https://github.com/dbt-labs/dbt-snowflake", rev = "ce23a989cbc4eff7bdb8e438b8c3eff9415b9ea2"} typed-ast = "^1.5" cryptography = "^39.0.0" dbt-core = "^1.4.1" lkml = "^1.3.1" looker-sdk = "^22.20.0" re-data = "^0.10.7"`
Relevant log output
Environment
Which database adapter are you using with dbt?
snowflake
Additional Context
No response