Skip to content

Bump snowflake-connector-python from 4.6.0 to 4.7.1#1425

Merged
github-actions[bot] merged 1 commit into
developfrom
dependabot/pip/develop/snowflake-connector-python-4.7.1
Jul 16, 2026
Merged

Bump snowflake-connector-python from 4.6.0 to 4.7.1#1425
github-actions[bot] merged 1 commit into
developfrom
dependabot/pip/develop/snowflake-connector-python-4.7.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps snowflake-connector-python from 4.6.0 to 4.7.1.

Release notes

Sourced from snowflake-connector-python's releases.

4.7.1

  • v4.7.1(Jul 15,2026)
    • Added support for Python 3.14t (free-threaded).
      • Note: Python 3.14t CI testing excludes win_arm64 (no cryptography wheels available) and mitmproxy proxy tests on all platforms (transitive dependencies aioquic/pylsqpack lack free-threaded-compatible wheels).
    • Improved verification of TLS connections (SNOW-3675579).
    • Fixed python-connector.log not rotating on Windows, and every record being logged twice, when easy logging is enabled via config.toml (SNOW-3680325).
      • Note: As part of this fix, easy logging no longer calls logging.basicConfig() and therefore no longer configures the root logger. python-connector.log now captures only the snowflake.connector, botocore, and boto3.
    • Improved URL validation reliability by replacing the hand-rolled regex in is_valid_url() with urllib.parse.urlparse (SNOW-3392651).
    • Fixed OAuth infinite loop when tokens expire by ensuring reauthenticate() calls _request_tokens() directly instead of looping through prepare(). Token cache is now read exactly once per connection, and _store_tokens() preserves macOS Keychain ACL by never calling remove(). The async OAuth reauthenticate() now runs the synchronous OAuth flow on a worker thread instead of blocking the event loop.
    • Fixed OAuth scope handling for Snowflake custom OAuth: when refresh tokens are enabled, the connector no longer appends the OIDC offline_access scope for token endpoints on *.snowflakecomputing.com or *.snowflakecomputing.cn, which caused invalid_scope errors. Snowflake custom OAuth expects refresh_token in scope instead. External IdP behavior is unchanged.
    • Fixed input validation for scale metadata in Arrow result set processing for TIME, TIMESTAMP_NTZ, TIMESTAMP_LTZ, and TIMESTAMP_TZ columns (SNOW-3388299).
    • Fixed S3 storage client to correctly handle 307/308 (method-preserving) and 301/302 (GET/HEAD only) redirects by disabling automatic redirect following and re-signing each request with AWS SigV4 credentials for the redirect target. The region is updated from the x-amz-bucket-region response header on each redirect. Redirects are capped at 5 hops.
    • Added native AKS (Azure Kubernetes Service) workload identity support. When running on AKS with workload identity configured, the connector automatically uses WorkloadIdentityCredential to authenticate via the injected service account credentials. OIDC backward compatibility is also supported.
    • Added the workload_identity_aws_use_outbound_token connection option (default false) to opt into AWS WIF JWT attestation via STS GetWebIdentityToken instead of the default SigV4 GetCallerIdentity method.
    • Fixed a bug where a fully-qualified DDL statement (e.g. CREATE VIEW db.schema.obj) on a session with no current schema would populate the connector's cached _schema/_database from the referenced object's namespace. This made get_current_schema() diverge from the server's CURRENT_SCHEMA() and mis-qualified Snowpark temp objects (SNOW-3665226).

4.7.0

  • v4.7.0(Jul 2,2026)
    • Fixed python-connector.log not rotating on Windows, and every record being logged twice, when easy logging is enabled via config.toml (SNOW-3680325).
      • Note: As part of this fix, easy logging no longer calls logging.basicConfig() and therefore no longer configures the root logger. python-connector.log now captures only the snowflake.connector, botocore, and boto3.
    • Improved URL validation reliability by replacing the hand-rolled regex in is_valid_url() with urllib.parse.urlparse (SNOW-3392651).
    • Fixed OAuth infinite loop when tokens expire by ensuring reauthenticate() calls _request_tokens() directly instead of looping through prepare(). Token cache is now read exactly once per connection, and _store_tokens() preserves macOS Keychain ACL by never calling remove(). The async OAuth reauthenticate() now runs the synchronous OAuth flow on a worker thread instead of blocking the event loop.
    • Fixed OAuth scope handling for Snowflake custom OAuth: when refresh tokens are enabled, the connector no longer appends the OIDC offline_access scope for token endpoints on *.snowflakecomputing.com or *.snowflakecomputing.cn, which caused invalid_scope errors. Snowflake custom OAuth expects refresh_token in scope instead. External IdP behavior is unchanged.
    • Fixed input validation for scale metadata in Arrow result set processing for TIME, TIMESTAMP_NTZ, TIMESTAMP_LTZ, and TIMESTAMP_TZ columns (SNOW-3388299).
    • Removed pandas upper bound dependency constraint on the [pandas] extra to allow installation of pandas 3.0.0 and later.
    • Fixed S3 storage client to correctly handle 307/308 (method-preserving) and 301/302 (GET/HEAD only) redirects by disabling automatic redirect following and re-signing each request with AWS SigV4 credentials for the redirect target. The region is updated from the x-amz-bucket-region response header on each redirect. Redirects are capped at 5 hops.
    • Added native AKS (Azure Kubernetes Service) workload identity support. When running on AKS with workload identity configured, the connector automatically uses WorkloadIdentityCredential to authenticate via the injected service account credentials. OIDC backward compatibility is also supported.
    • Added the workload_identity_aws_use_outbound_token connection option (default false) to opt into AWS WIF JWT attestation via STS GetWebIdentityToken instead of the default SigV4 GetCallerIdentity method.
    • Fixed a bug where a fully-qualified DDL statement (e.g. CREATE VIEW db.schema.obj) on a session with no current schema would populate the connector's cached _schema/_database from the referenced object's namespace. This made get_current_schema() diverge from the server's CURRENT_SCHEMA() and mis-qualified Snowpark temp objects (SNOW-3665226).
Commits
  • af8c392 Prepare release 4.7.1 (#2947)
  • 267d513 NO-SNOW: Use pandas 3+ on 3.14t testing pipelines (#2934)
  • 91b8290 Revert "Remove upper bound on pandas optional dependency (#2904)" (#2922)
  • 687341c SNOW-3753985, SNOW-3650888: slim prober image via multi-stage build o… (#2933)
  • e74bd38 Fix and enable 314t CI (#2929)
  • 218802b SNOW-3650888: fix prober image push failing due to ubuntu:26.04 multi-line la...
  • 9766894 Update 4.7.0 release date to Jul 2, 2026 (#2921)
  • 23a40af SNOW-3665226: fix FQN DDL cache test to assert unchanged instead of None (#2920)
  • 0d6bc48 SNOW-3665226: prevent fully-qualified DDL from polluting schema/database cach...
  • 449a6b3 Bump up version to 4.7.0 (#2919)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [snowflake-connector-python](https://github.com/snowflakedb/snowflake-connector-python) from 4.6.0 to 4.7.1.
- [Release notes](https://github.com/snowflakedb/snowflake-connector-python/releases)
- [Commits](snowflakedb/snowflake-connector-python@v4.6.0...v4.7.1)

---
updated-dependencies:
- dependency-name: snowflake-connector-python
  dependency-version: 4.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 16, 2026
@github-actions
github-actions Bot merged commit 5e394df into develop Jul 16, 2026
3 of 4 checks passed
@dependabot
dependabot Bot deleted the dependabot/pip/develop/snowflake-connector-python-4.7.1 branch July 16, 2026 01:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants