Skip to content

build(deps): Bump net.snowflake:snowflake-jdbc from 4.3.1 to 4.3.2#6304

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/net.snowflake-snowflake-jdbc-4.3.2
Open

build(deps): Bump net.snowflake:snowflake-jdbc from 4.3.1 to 4.3.2#6304
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/net.snowflake-snowflake-jdbc-4.3.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps net.snowflake:snowflake-jdbc from 4.3.1 to 4.3.2.

Release notes

Sourced from net.snowflake:snowflake-jdbc's releases.

v4.3.2

Changelog

Sourced from net.snowflake:snowflake-jdbc's changelog.

For all official JDBC Release Notes please refer to https://docs.snowflake.com/en/release-notes/clients-drivers/jdbc

Changelog

  • v4.3.3-SNAPSHOT

  • v4.3.2

    • Fixed RestRequest logging retryable, temporal non-200 responses as ERROR (now: WARN), and fixed SnowflakeChunkDownloader using flat, short jitter between retries (now uses DecorrelatedJitterBackoff(1 s, 16 s)snowflakedb/snowflake-jdbc#2693
    • Fixed GCS PUT operations not retrying on transient errors (e.g. HTTP 503) despite putGetMaxRetriessnowflakedb/snowflake-jdbc#2688
    • snowflakedb/snowflake-jdbc#2669snowflakedb/snowflake-jdbc#2690).
    • snowflakedb/snowflake-jdbc#2690
    • Fixed snowflake-jdbc writing a snowflake-minicore-* temp directory and loading the native library at driver class-load time even when the driver was never used (e.g. when present on the classpath only as a transitive dependency). Minicore now loads lazily when the first Snowflake connection is created (ConnectionFactory.createConnection) instead of during DriverInitializer.initialize()snowflakedb/snowflake-jdbc#2670
    • Restored GetCallerIdentity as the default AWS Workload Identity Federation attestation method to avoid breaking existing users who have not configured the ISSUER in their Snowflake WIF setup. The GetWebIdentityToken (outbound JWT) flow introduced in v4.3.0 is now opt-in via the new workloadIdentityAwsUseOutboundToken connection property.
    • Fixed flaky SnowflakeDriverIT.testDBMetadata: the SHOW-based getTables metadata lookup could transiently return no rows right after the test table was created (metadata cache lag on shared/loaded accounts), so the lookup is now retried until the table becomes visible, and on very slow CI runners where propagation exceeds the retry window the test is skipped rather than failed (the mapping is covered deterministically by DatabaseMetadataWiremockLatestITsnowflakedb/snowflake-jdbc#2673
    • Fixed flaky DatabaseMetaDataLatestIT.testUnderscoreInSchemaNamePatternForPrimaryAndForeignKeys[WithPatternSearchDisabled]: the SHOW-based getPrimaryKeys/getImportedKeyssnowflakedb/snowflake-jdbc#2673
    • Fixed flaky DatabaseMetaDataIT.testGetPrimarykeys and SnowflakeDriverIT.testConstraints (eventually-consistent PK/FK constraint metadata after DDL) by retrying the constraint metadata lookups until visible. Replaced the live, concurrent stress tests DatabaseMetaDataLatestIT.test[No]PatternSearchAllowedForPrimaryAndForeignKeys (which timed out on slow CI runners) with deterministic coverage in the new DatabaseMetadataWiremockLatestIT, which validates the getTables/getPrimaryKeys/getImportedKeys SHOW-result mapping and the enablePatternSearchsnowflakedb/snowflake-jdbc#2673
    • Fixed the Loader API (StreamLoader.setVectorColumns) throwing Loader$ConnectionError: ... Result set has been closed when the getColumns metadata lookup returned no rows. The result set returned by getColumns closes itself once next() runs out of matching rows, so the unchecked rs.next() followed by rs.getString(...) raised "Result set has been closed"; the result is now read only when rs.next() returns a row. This intermittently aborted concurrent loads (e.g. FlatfileReadMultithreadIT) when the SHOW COLUMNSsnowflakedb/snowflake-jdbc#2674
    • Fixed uploadStream/downloadStream failing with SQL compilation errors when the stage reference contains non-ASCII characters (e.g. Japanese schema names). Stage references in internally generated PUT/GET commands are now wrapped in single quotes when they contain characters that require quoting per Snowflake SQL syntax (SNOW-3713887).
    • Fixed authenticator=externalbrowser login crashing with StringIndexOutOfBoundsExceptionsnowflakedb/snowflake-jdbc#2687
    • Fixed a permanent HTTP connection pool slot leak in RestRequest.executeWithRetriessnowflakedb/snowflake-jdbc#2643
    • snowflakedb/snowflake-jdbc#2696
  • v4.3.1

    • Fixed GCS-backed internal stage PUT failing with opaque invalid_gcs_credentials in SPCS pods on GCP: the GCS SDK's Application Default Credentials (ADC) probe was reaching out to metadata.google.internal which is unreachable inside SPCS; explicit credentials are now always set when a GCS_ACCESS_TOKEN is present, suppressing the ADC probe entirely. Also fixed GCSAccessStrategyAwsSdk rejecting custom GCS endpoints that lack an https:// scheme prefix (e.g. bare storage.me-central2.rep.googleapis.com), mirroring the existing handling in GCSDefaultAccessStrategy. The catch-all in setupGCSClientsnowflakedb/snowflake-jdbc#2664
    • Fixed Azure PUT memory leak where each PUT instantiated a fresh BlobServiceClient whose underlying reactor-netty stack the SDK exposes no API to release; the Azure SDK HttpClient and its ConnectionProvidersnowflakedb/snowflake-jdbc#2658
    • Fixed SFResultJsonParser2Failed: invalid escaped unicode character when a chunked JSON result contained UTF-16 surrogate-pair \u escapes (e.g. emoji) and the read buffer happened to split exactly 9 bytes after \u; the off-by-one boundary guard in ResultJsonParserV2snowflakedb/snowflake-jdbc#2660
    • Fixed (by removing) stale com.amazonaws.util.Base16/Base64 bytecode references from the shaded JAR by excluding dead SFBinary and SFBinaryFormat classes from the bundled snowflake-common artifact. Security scanners shold no longer flag snowflake-jdbc-thinsnowflakedb/snowflake-jdbc#2665
    • snowflakedb/snowflake-jdbc#2663
  • v4.3.0

    • Bumped AWS SDK from 2.37.5 to 2.45.1, which transitively brings netty up to 4.1.133.Final and resolves a cluster of High/Medium netty CVEs (HTTP request smuggling, CRLF injection, data amplification, resource allocation) flagged by Snyk against netty-nio-client in thin_public_pom.xmlsnowflakedb/snowflake-jdbc#2654
    • Bumped jackson to 2.18.7 to address two High-severity resource-exhaustion CVEs in jackson-core 2.18.4.1, and added a .snyk policy file with justified ignores for the dual-licensed javax.servlet-api / javax.annotation-api findings and the tika-core XXE (SNYK-JAVA-ORGAPACHETIKA-14188255snowflakedb/snowflake-jdbc#2654
    • Fixed OAuth token requests sending scope=session:role:null when no scope is configured (or scope is empty/blank); the scopesnowflakedb/snowflake-jdbc#2646
    • Fixed Okta native SSO federated login sending malformed JSON to /api/v1/authn (HTTP 400 from Okta) when the username or password contained JSON-special characters such as double quotes or backslashes; the request body is now serialized with Jackson instead of string concatenation.
    • Added one in-band telemetry record per successful login describing which connection-identifier fields the user supplied (account_provided, account_with_region, account_org_provided, region_provided, host_provided). No hostname or account value is included. This is gated by the existing server-side CLIENT_TELEMETRY_ENABLED parameter and can additionally be disabled locally by setting SF_TELEMETRY_DISABLE_CONNECTION_SHAPE=true. The telemetry collection is time-boxed and will be removed in a future release.
    • Fixed SnowflakeChunkDownloader per-chunk metrics log misattributing the response body transfer to parseTime: getResultStreamProvider().getInputStream() returns once headers come back and streams the body lazily during the parser's read() calls, so the old code billed only HTTP/TLS setup to downloadTime and the entire body read+parse to parseTime. When the metrics logger is at FINE/debug level, the InputStream is now wrapped in a TimingInputStream that accumulates time blocked inside read(), so downloadTime reflects true network read time and parseTime reflects only CPU parse cost; at higher log levels the original stream is used unchanged to avoid the per-read()snowflakedb/snowflake-jdbc#2640
    • Fixed Connection.isValid() silently swallowing thread interruption: when the underlying heartbeat is interrupted, the connection's interrupt flag is now restored via Thread.currentThread().interrupt()snowflakedb/snowflake-jdbc#2314
    • Fixed non-retryable HTTP 400 response bodies always being logged as "Failed to read content due to exception: Attempted read from closed stream". The response entity is now buffered before RestRequest#checkForDPoPNonceError and SnowflakeUtil#logResponseDetailssnowflakedb/snowflake-jdbc#2631
    • snowflakedb/snowflake-jdbc#2623
    • Fixed path traversal via server-controlled filenames in SnowflakeFileTransferAgentsnowflakedb/snowflake-jdbc#2622
    • Further changes regarding auto-configuration (jdbc:snowflake:autosnowflakedb/snowflake-jdbc#2625
      • Fixed bug leading to 'Connection property specified more than once: DB' error, when both connections.toml (database) and JDBC URL (db) defined database
      • Enhancement: now parameters passed as Properties() are also considered when building connection. For conflicting items defined in multiple places, priority is: Properties > JDBC URL > connections.toml
      • Enhancement (supportability): added provenance tracking for config keys and log them once per connection on debug level
    • snowflakedb/snowflake-jdbc#2617
    • Fixed auto-config debug log messages (provenance, TOML parsing) not appearing in client_config_filesnowflakedb/snowflake-jdbc#2632
    • The AWS S3 client now reuses a per-session shared Netty SdkEventLoopGroup, torn down once at session close, eliminating Netty's 2 s shutdownGracefullysnowflakedb/snowflake-jdbc#2620
    • snowflakedb/snowflake-jdbc#2655
    • Fixed inverted null check in CredentialManager.updateInputWithTokenAndPublicKeysnowflakedb/snowflake-jdbc#2650
    • Fixed Connection.setCatalog and Connection.setSchema producing malformed SQL (or switching to an unintended database/schema) when the supplied name contained an embedded " character; the name is now escaped per the SQL-standard quoted-identifier rule before being interpolated into the USEsnowflakedb/snowflake-jdbc#2651
    • Switched AWS Workload Identity Federation attestation from a SigV4-presigned GetCallerIdentity request to STS GetWebIdentityTokensnowflakedb/snowflake-jdbc#2653

... (truncated)

Commits
  • 07fc508 NO-SNOW: Bump version to 4.3.2 (#2699)
  • e4df045 NO-SNOW: grpc-java to 1.82.2 (#2696)
  • 268fad8 Revert "NO-SNOW: Bump version to 4.3.2 (#2697)" (#2698)
  • 98d6a14 NO-SNOW: Bump version to 4.3.2 (#2697)
  • b53f4d0 Release HTTP connection on retry exhaustion in RestRequest.executeWithRetries...
  • e811462 SNOW-3772731: fix unconditional ERROR log in retriable situation + instead of...
  • d822abd SNOW-3704231: Fix externalbrowser auth crash on empty localhost callback sock...
  • c3a1b66 NO-SNOW: bump netty to 4.1.136.Final, jackson-databind to 2.18.9 (#2690)
  • 66bfc5d SNOW-3745081: fix retry in GCS storage client (#2688)
  • b448bd5 SNOW-3713887: Quote stage refs in uploadStream/downloadStream for non-ASCII n...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [net.snowflake:snowflake-jdbc](https://github.com/snowflakedb/snowflake-jdbc) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/snowflakedb/snowflake-jdbc/releases)
- [Changelog](https://github.com/snowflakedb/snowflake-jdbc/blob/master/CHANGELOG.md)
- [Commits](snowflakedb/snowflake-jdbc@v4.3.1...v4.3.2)

---
updated-dependencies:
- dependency-name: net.snowflake:snowflake-jdbc
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants