search

evidence-dev / evidence

Business intelligence as code: build fast, interactive data visualizations in pure SQL and markdown
https://evidence.dev
MIT License
3.44k stars 167 forks source link

Bump @databricks/sql from 1.7.1 to 1.8.4 #1979

Closed dependabot[bot] closed 6 days ago

dependabot[bot] commented 1 week ago

Bumps @databricks/sql from 1.7.1 to 1.8.4.

Release notes

Sourced from @​databricks/sql's releases.

1.8.4

  • databricks/databricks-sql-nodejs#241
  • Improve Array.at/TypedArray.atdatabricks/databricks-sql-nodejs#242@​barelyhuman)
  • databricks/databricks-sql-nodejs#247
  • UC Volume ingestion: improve behavior on SQL REMOVEdatabricks/databricks-sql-nodejs#249
  • databricks/databricks-sql-nodejs#250
  • Make lz4databricks/databricks-sql-nodejs#246

Full diff: 1.8.3...1.8.4

1.8.3

  • databricks/databricks-sql-nodejs#230
  • databricks/databricks-sql-nodejs#239

Full diff: 1.8.2...1.8.3

1.8.2

databricks/databricks-sql-nodejs#232

Full diff: 1.8.1...1.8.2

1.8.1

This is a security release which addresses issues with library dependencies

https://github.com/databricks/databricks-sql-nodejs/security/dependabot/34

An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.

1.8.0

  • databricks/databricks-sql-nodejs#211
  • databricks/databricks-sql-nodejs#219
  • databricks/databricks-sql-nodejs#223@​jackyhu-db
  • databricks/databricks-sql-nodejs#224
  • databricks/databricks-sql-nodejs#216
  • databricks/databricks-sql-nodejs#228

Full diff: 1.7.1...1.8.0

OAuth on Azure

Some Azure instances now support Databricks native OAuth flow (in addition to AAD OAuth). For a backward compatibility, library will continue using AAD OAuth flow by default. To use Databricks native OAuth, pass useDatabricksOAuthInAzure: true to client.connect():

client.connect({
  // other options - host, port, etc.
</tr></table>

... (truncated)

Changelog

Sourced from @​databricks/sql's changelog.

1.8.4

  • databricks/databricks-sql-nodejs#241
  • Improve Array.at/TypedArray.atdatabricks/databricks-sql-nodejs#242@​barelyhuman)
  • databricks/databricks-sql-nodejs#247
  • UC Volume ingestion: improve behavior on SQL REMOVEdatabricks/databricks-sql-nodejs#249
  • databricks/databricks-sql-nodejs#250
  • Make lz4databricks/databricks-sql-nodejs#246

1.8.3

  • databricks/databricks-sql-nodejs#230
  • databricks/databricks-sql-nodejs#239

1.8.2

databricks/databricks-sql-nodejs#232

1.8.1

Security fixes:

An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.

1.8.0

Highlights

  • databricks/databricks-sql-nodejs#211
  • databricks/databricks-sql-nodejs#219
  • databricks/databricks-sql-nodejs#223
  • databricks/databricks-sql-nodejs#224
  • databricks/databricks-sql-nodejs#216
  • databricks/databricks-sql-nodejs#228

OAuth on Azure

Some Azure instances now support Databricks native OAuth flow (in addition to AAD OAuth). For a backward compatibility, library will continue using AAD OAuth flow by default. To use Databricks native OAuth, pass useDatabricksOAuthInAzure: true to client.connect():

client.connect({
  // other options - host, port, etc.
  authType: 'databricks-oauth',
  useDatabricksOAuthInAzure: true,
  // other OAuth options if needed
</tr></table>

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
changeset-bot[bot] commented 1 week ago

⚠️ No Changeset found

Latest commit: 137cdd2dcd136501990e429e09d4eb5b88c321f7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

netlify[bot] commented 1 week ago

Deploy Preview for evidence-development-workspace ready!

Name Link
Latest commit 137cdd2dcd136501990e429e09d4eb5b88c321f7
Latest deploy log https://app.netlify.com/sites/evidence-development-workspace/deploys/663bd270c46f010009c530e0
Deploy Preview https://deploy-preview-1979--evidence-development-workspace.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify[bot] commented 1 week ago

Deploy Preview for next-docs-evidence ready!

Name Link
Latest commit 137cdd2dcd136501990e429e09d4eb5b88c321f7
Latest deploy log https://app.netlify.com/sites/next-docs-evidence/deploys/663bd2705e4b2400075ee977
Deploy Preview https://deploy-preview-1979--next-docs-evidence.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify[bot] commented 1 week ago

Deploy Preview for evidence-test-env ready!

Name Link
Latest commit 137cdd2dcd136501990e429e09d4eb5b88c321f7
Latest deploy log https://app.netlify.com/sites/evidence-test-env/deploys/663bd270c855d100082fde11
Deploy Preview https://deploy-preview-1979--evidence-test-env.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

dependabot[bot] commented 6 days ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.