Skip to content

Bump snowflake-sqlalchemy from 1.10.2 to 1.11.0#1412

Merged
github-actions[bot] merged 1 commit into
developfrom
dependabot/pip/develop/snowflake-sqlalchemy-1.11.0
Jul 9, 2026
Merged

Bump snowflake-sqlalchemy from 1.10.2 to 1.11.0#1412
github-actions[bot] merged 1 commit into
developfrom
dependabot/pip/develop/snowflake-sqlalchemy-1.11.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps snowflake-sqlalchemy from 1.10.2 to 1.11.0.

Release notes

Sourced from snowflake-sqlalchemy's releases.

Release

  • v1.11.0 (July 7, 2026)

  • Sensitive connection parameters: We curated a set of connector kwargs (host, protocol, token_file_path, private_key_file, ocsp_response_cache_filename, connection_diag_log_path, crl_cache_dir, unsafe_file_write, unsafe_skip_file_permissions_check) that can no longer be supplied via the URL query string — pass them via connect_args= in create_engine() instead (applications already doing so are unaffected). If you encounter a possible behavioral change, set SNOWFLAKE_SQLALCHEMY_LEGACY_URL_PARAMS=1 and follow the instructions at Sensitive connection parameters.

  • Improve _url() helper and create_connect_args connection-parameter handling:

    • account and region values are now validated against an allowlist of DNS-safe characters (alphanumeric, -, ., _) before being interpolated into the connection URL, preventing URL-authority corruption from unexpected characters.
    • user values are percent-encoded before being placed in the URL userinfo component, preserving the original value delivered to the connector while preventing @, ?, and # from being misinterpreted as URL delimiters.
  • ClusterByOption now raises TypeError at DDL compile time when an expression element is neither a str nor a sqlalchemy.sql.expression.TextClause. Previously, such values were silently coerced via str(), which produced malformed DDL (e.g. bind-parameter placeholders like :id_1) for any expression beyond a bare column name. The accepted types match the documented constructor signature; code using only str or text(...) is unaffected.

  • Improve identifier quoting and string-literal escaping for caller-supplied values across the DDL compiler so they are rendered consistently with the rest of the dialect. Column keys in MERGE INTO (both the WHEN NOT MATCHED … INSERT list and WHEN MATCHED … SET targets), stage namespaces/names, format_name, and file_format are now routed through the identifier preparer, and a quote=False schema or column label is quoted when it contains characters that would otherwise require quoting instead of being emitted verbatim. Cloud-storage URIs, CREDENTIALS, and ENCRYPTION clauses (shared by COPY INTO and CREATE STAGE) and FILES=(…) entries now apply the dialect's standard literal escaping (''', \\\); CREATE STAGE builds its SQL from the container's fields rather than repr(container). Legal identifiers — including upper-case names that Snowflake folds — still render bare, so existing DDL is unchanged.

  • Improve escaping in CopyIntoStorage / CreateStage / CreateFileFormat and add secret redaction (SNOW-3656048):

    • FILE_FORMAT option string values (e.g. CSVFormatter().date_format(...), file_extension, timestamp_format) are now escaped before being embedded in the compiled SQL, improving single-quote escaping (SNOW-3649888).
    • repr() of AWSBucket, AzureContainer, GCSBucket (and, transitively, CopyIntoStorage) now masks cloud secrets — AWS_SECRET_KEY, AWS_KEY_ID, AWS_TOKEN, AZURE_SAS_TOKEN, MASTER_KEY are rendered as '***' (SNOW-3649782). Compiled SQL is unchanged.
    • Added an opt-in logging redactor for engine logs that contain inline credentials: SnowflakeSecretRedactionFilter, add_secret_redaction_filter(), and redact_secrets(). Prefer STORAGE_INTEGRATION to avoid putting secrets in SQL at all (SNOW-3649850).
  • Fix get_view_definition silently truncating or failing for view names that contain a single quote or backslash (e.g. o'brien). The name is now SQL-escaped (''', \\\) before being embedded in the SHOW VIEWS LIKE '...' literal, so such views are found correctly and no query manipulation is possible via a crafted view name.

  • Optimise single-table reflection (SNOW-3720548): reflecting one table no longer scans the entire schema, reducing latency and Snowflake credit usage for targeted Inspector calls.

Commits
  • 5a6f87f chore/release-1.11.0: release notes and version bump (#715)
  • d014de7 Snow 3720548 optimize reflection cache (#703)
  • 41f8696 Post-refactor cleanup: name utilities, quoting internals, and identifier tests
  • ed16ec5 Fix object type handling and repr object representation
  • fe74171 Fix view show like single quote escaping
  • e07ea74 Reflection name handling improvements
  • 2c33792 SNOW-3656098: enhance connection param handling
  • bf7d250 Snow 3656048 copy stage improvements
  • a198ed2 SNOW-3656026 identifiers and literal quoting
  • 35edf4d SNOW-3655930: improve escaping and rendering
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [snowflake-sqlalchemy](https://github.com/snowflakedb/snowflake-sqlalchemy) from 1.10.2 to 1.11.0.
- [Release notes](https://github.com/snowflakedb/snowflake-sqlalchemy/releases)
- [Commits](snowflakedb/snowflake-sqlalchemy@v1.10.2...v1.11.0)

---
updated-dependencies:
- dependency-name: snowflake-sqlalchemy
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 9, 2026
@github-actions
github-actions Bot merged commit 842f9e3 into develop Jul 9, 2026
3 of 4 checks passed
@dependabot
dependabot Bot deleted the dependabot/pip/develop/snowflake-sqlalchemy-1.11.0 branch July 9, 2026 01:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants