Skip to content

Bump apache-airflow-providers-fab from 1.5.3 to 3.6.4#7873

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/apache-airflow-providers-fab-3.6.4
Open

Bump apache-airflow-providers-fab from 1.5.3 to 3.6.4#7873
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/apache-airflow-providers-fab-3.6.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps apache-airflow-providers-fab from 1.5.3 to 3.6.4.

Release notes

Sourced from apache-airflow-providers-fab's releases.

Apache Airflow 3.2.2

📦 PyPI: https://pypi.org/project/apache-airflow/3.2.2/ 📚 Docs: https://airflow.apache.org/docs/apache-airflow/3.2.2/ 🛠 Release Notes: https://airflow.apache.org/docs/apache-airflow/3.2.2/release_notes.html 🐳 Docker Image: "docker pull apache/airflow:3.2.2" 🚏 Constraints: https://github.com/apache/airflow/tree/constraints-3.2.2

Significant Changes

  • The SMTP STARTTLS upgrade performed by airflow.utils.email.send_email now validates the SMTP server's certificate against the system's trusted CA bundle by default. Previously the starttls() call was made without an SSL context, so any certificate was accepted. Deployments that intentionally point Airflow at an SMTP server with a self-signed or otherwise non-validating certificate and need to preserve the previous behaviour must set email.ssl_context = "none" in airflow.cfg. The "default" value (now also the default when the option is unset) uses :func:ssl.create_default_context. Previously this option applied only to the SMTP_SSL path; it now applies to the STARTTLS path as well. (#65346)

  • In #64963, the Airflow UI switched from full-match *_pattern REST API query parameters to the new index-friendly *_prefix_pattern parameters on list endpoints. This is a behavioral change for search-as-you-type filters in the UI: matches are prefix-based (LIKE 'term%' via a range scan) instead of substring-based (ILIKE '%term%'), which means the database can use B-tree indexes and search stays fast on large deployments. The REST API itself keeps both forms: existing *_pattern parameters still behave exactly as before. In #66015, a per-search-bar "Match anywhere" toggle was added so users who relied on the previous substring behavior can opt back into it from the UI. Each search input and each text filter pill now has a small regex-icon toggle next to the value; flipping it on switches that input from *_prefix_pattern to *_pattern. (#66015)

  • Fix triggerer race condition and deadlock that caused deferred tasks to stall indefinitely

    Triggers that call synchronous SDK methods (e.g. get_task_states used by safe_to_cancel in several Google provider operators) could crash the triggerer's internal subprocess. The triggerer would then continue to heartbeat normally — appearing healthy to the scheduler — while silently processing zero triggers, causing every deferred task to time out. This was first reported in issue #64620; a partial fix shipped in Airflow 3.2.1 (#64882) but introduced a new deadlock with the same visible symptom under load.

    Both issues are fixed by replacing the lock-based serialization with response multiplexing: each request now carries a unique ID and the response is routed back to the correct caller, so concurrent requests from trigger threads no longer contend or deadlock regardless of how many triggers are running or what SDK methods they call.

    New: triggerer subprocess watchdog

    Even with the race fixed, a trigger that blocks the event loop (e.g. by calling time.sleep() or performing blocking I/O directly in async def run()) would previously leave the triggerer appearing healthy indefinitely.

    A new [triggerer] runner_health_check_threshold config option (default: 30 seconds) adds a watchdog: if the triggerer subprocess goes silent for longer than the threshold, the parent process stops updating the heartbeat so the scheduler can detect the hang and reassign triggers rather than waiting for them to individually time out. Set the option to 0 to disable the watchdog. (#66412)

  • Tighten [core] allowed_deserialization_classes_regexp to require full-string matches

    Patterns in [core] allowed_deserialization_classes_regexp are now matched against the entire classname using re.fullmatch() instead of re.match(). Previously a pattern such as airflow\.models\.Variable admitted not only the intended class but also names that started with it (e.g. airflow.models.Variable_Malicious), because re.match only anchors at the start of the string.

... (truncated)

Commits
  • 954b303 Prepare providers release 2026-05-19 (#67137)
  • b28681f Apply requires_access_event_log to GET /eventLogs list endpoint (#67185)
  • b81e335 [helm chart] Go Template Error: Cannot Compare Slice to nil using eq (#64032)
  • f5fd3bc Add eslint-no-duplicate-imports (#67201)
  • 41df5a9 Add BundleVersion dataclass and version_data persistence to DagVersion (#66491)
  • 173c2a1 Recover stuck TIs when direct terminal-state API call fails (#66574)
  • f9faf65 Regenerate Edge worker OpenAPI spec after #67093 env upgrade (#67188)
  • 3a86142 UI: Use local Monaco editor module instead of CDN (#66647)
  • 2747837 Upgrade icons, spacing, and default component themes (#66569)
  • 0a324ba Add BedrockCreateEvaluationJobOperator (#66722)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [apache-airflow-providers-fab](https://github.com/apache/airflow) from 1.5.3 to 3.6.4.
- [Release notes](https://github.com/apache/airflow/releases)
- [Changelog](https://github.com/apache/airflow/blob/main/docker-stack-docs/changelog.rst)
- [Commits](apache/airflow@providers-fab/1.5.3...providers-fab/3.6.4)

---
updated-dependencies:
- dependency-name: apache-airflow-providers-fab
  dependency-version: 3.6.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 30, 2026
@keerthanakadiri keerthanakadiri self-assigned this Jul 1, 2026
@keerthanakadiri keerthanakadiri removed the request for review from vkarampudi July 1, 2026 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant