Workflow

PyPi: Dbt-Snowflake

CVE-2024-26130

Transitive

Safety vulnerability ID: 67468

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 21, 2024 Updated at Dec 10, 2024
Scan your Python projects for vulnerabilities →

Advisory

Dbt-snowflake 1.8.0b2 updates its cryptography requirement to version 42.0.4 or newer, addressing security concerns highlighted by CVE-2024-26130.

Affected package

dbt-snowflake

Latest version: 1.9.0

The Snowflake adapter plugin for dbt

Affected versions

Fixed versions

Vulnerability changelog

Features

- Add new workflow for internal patch releases ([38](https://github.com/dbt-labs/dbt-snowflake/issues/38))

Fixes

- Acknowledge `send_anonymous_usage_stats` setting for python models ([830](https://github.com/dbt-labs/dbt-snowflake/issues/830))
- modify metadata queries to take into account object type of BASE TABLE being assigned to dynamic tables when was null previously ([934](https://github.com/dbt-labs/dbt-snowflake/issues/934))
- remove `private_key_path` from connection keys ([949](https://github.com/dbt-labs/dbt-snowflake/issues/949))

Under the Hood

- Add unit test for transaction semantics. ([912](https://github.com/dbt-labs/dbt-snowflake/issues/912))

Dependencies

- hard pin ddtrace to 2.3.0 ([932](https://github.com/dbt-labs/dbt-snowflake/pull/932))
- bump cryptography to 42.0.4 or higher for security callouts ([938](https://github.com/dbt-labs/dbt-snowflake/pull/938))
- Add `dbt-core` as a dependency to preserve backwards compatibility for installation ([964](https://github.com/dbt-labs/dbt-snowflake/pull/964))

Security

- Pin `black>=24.3` in `dev-requirements.txt` ([959](https://github.com/dbt-labs/dbt-snowflake/pull/959))

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application