Skip to content

chore(deps): bump net.snowflake:snowflake-jdbc from 4.1.0 to 4.2.0#901

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/net.snowflake-snowflake-jdbc-4.2.0
Open

chore(deps): bump net.snowflake:snowflake-jdbc from 4.1.0 to 4.2.0#901
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/net.snowflake-snowflake-jdbc-4.2.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Bumps net.snowflake:snowflake-jdbc from 4.1.0 to 4.2.0.

Release notes

Sourced from net.snowflake:snowflake-jdbc's releases.

v4.2.0

Changelog

Sourced from net.snowflake:snowflake-jdbc's changelog.

For all official JDBC Release Notes please refer to https://docs.snowflake.com/en/release-notes/clients-drivers/jdbc

Changelog

  • v4.2.1-SNAPSHOT

    • Fixed Connection.isValid() silently swallowing thread interruption: when the underlying heartbeat is interrupted, the connection's interrupt flag is now restored via Thread.currentThread().interrupt()snowflakedb/snowflake-jdbc#2314
    • Fixed non-retryable HTTP 400 response bodies always being logged as "Failed to read content due to exception: Attempted read from closed stream". The response entity is now buffered before RestRequest#checkForDPoPNonceError and SnowflakeUtil#logResponseDetailssnowflakedb/snowflake-jdbc#2631
    • snowflakedb/snowflake-jdbc#2623
    • Fixed path traversal via server-controlled filenames in SnowflakeFileTransferAgentsnowflakedb/snowflake-jdbc#2622
    • Further changes regarding auto-configuration (jdbc:snowflake:autosnowflakedb/snowflake-jdbc#2625
      • Fixed bug leading to 'Connection property specified more than once: DB' error, when both connections.toml (database) and JDBC URL (db) defined database
      • Enhancement: now parameters passed as Properties() are also considered when building connection. For conflicting items defined in multiple places, priority is: Properties > JDBC URL > connections.toml
      • Enhancement (supportability): added provenance tracking for config keys and log them once per connection on debug level
    • snowflakedb/snowflake-jdbc#2617
    • Fixed auto-config debug log messages (provenance, TOML parsing) not appearing in client_config_filesnowflakedb/snowflake-jdbc#2632
    • The AWS S3 client now reuses a per-session shared Netty SdkEventLoopGroup, torn down once at session close, eliminating Netty's 2 s shutdownGracefullysnowflakedb/snowflake-jdbc#2620

  • v4.2.0

    • Extended the SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION environment variable to also bypass permission verification on the connections.toml config file and on the credential cache file (credential_cache_v1.jsonsnowflakedb/snowflake-jdbc#2614
    • Fixed NPE in RestRequest.sendIBHttpErrorEvent when SFSession.getTelemetryClient() returns null because the session URL is not yet set; a NoOpTelemetryClientsnowflakedb/snowflake-jdbc#2610
    • Added support for attaching the SPCS service-identifier token (SPCS_TOKEN) to login requests when the driver is running inside an SPCS container (gated on the SNOWFLAKE_RUNNING_INSIDE_SPCS environment variable; token read from /snowflake/session/spcs_tokensnowflakedb/snowflake-jdbc#2603
    • Added libc family and version detection (LIBC_FAMILY, LIBC_VERSION) to the CLIENT_ENVIRONMENTsnowflakedb/snowflake-jdbc#2596
    • Fixed NPE in SFTrustManager.validateRevocationStatusMain when the OCSP cache contains a non-SUCCESSFUL response (e.g. unauthorized(6)); the response is now surfaced as an SFOCSPExceptionsnowflakedb/snowflake-jdbc#2597
    • snowflakedb/snowflake-jdbc#2586
      • GCP WIF attestation now uses hostname metadata.google.internal instead of the IPv4 link-local address.
      • EC2 instance detection probes the IPv4 and IPv6 IMDS endpoints ([fd00:ec2::254]) in parallel so detection succeeds on IPv6-only instances without doubling the detection budget on dual-stack hosts.
    • Added enableCopyResultSet connection property (default false): when true, Statement.execute() exposes the COPY INTO per-file metadata result set via getResultSet()snowflakedb/snowflake-jdbc#2592
    • snowflakedb/snowflake-jdbc#2578
    • snowflakedb/snowflake-jdbc#2572
    • snowflakedb/snowflake-jdbc#2591
      • now defaulting to port 443 instead of 80 when neither port nor protocol is specified
      • config coming from the JDBC connection string are no longer ignored when auto-configuration sourced items also present (when both present, direct connection config takes precedence)
    • snowflakedb/snowflake-jdbc#2585
    • snowflakedb/snowflake-jdbc#2600
    • snowflakedb/snowflake-jdbc#2600
    • snowflakedb/snowflake-jdbc#2602
    • snowflakedb/snowflake-jdbc#2593
    • Added workloadIdentityAwsExternalIdsnowflakedb/snowflake-jdbc#2565
    • snowflakedb/snowflake-jdbc#2611

  • v4.1.0

    • snowflakedb/snowflake-jdbc#2556
    • snowflakedb/snowflake-jdbc#2545
    • snowflakedb/snowflake-jdbc#2559
    • snowflakedb/snowflake-jdbc#2561
    • snowflakedb/snowflake-jdbc#2564
    • snowflakedb/snowflake-jdbc#2563
    • snowflakedb/snowflake-jdbc#2563
    • snowflakedb/snowflake-jdbc#2568
    • snowflakedb/snowflake-jdbc#2566
    • snowflakedb/snowflake-jdbc#2570

... (truncated)

Commits
  • 42fd80c NO-SNOW: Prepare v4.2.0 release (#2618)
  • 1f48f61 SNOW-3445811 migrate nodes to snowos, remove default tag (#2613)
  • 2081ac3 SNOW-3350278: Honor SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION for connections....
  • 6bbe33f NO-SNOW: dependency bump: netty 4.1.132.Final -> 4.1.133.Final, grpc-java 1.8...
  • 56fa127 SNOW-3463039: fix NPE in TelemetryClient operations when session is null for ...
  • cffbc1d SNOW-3313736 ExternalId Support for AWS WIF Impersonation (#2565)
  • 076ff68 SNOW-3445438: bouncycastle.version 1.82 -> 1.84 (also maven-shade-plugin to 3...
  • 1f23b6b NO-SNOW: Add repo-local graphite-pr-workflow skill with mvn format + checksty...
  • 70c48fe NO-SNOW: Remove ALLOW_LARGE_LOBS_IN_EXTERNAL_SCAN from LobSizeLatestIT (#2605)
  • da2e018 SNOW-3428785: add shutdown to executorService in s3 transfers (#2602)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependency-upgrade Dependency upgrade is needed label May 12, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

🧪 Java Unit Tests

TestsPassed ✅Skipped ⚠️FailedTime ⏱
Java Tests Report309 ran256 ✅53 ⚠️0 ❌9m 50s 934ms

📦 Artifacts

Name Size Updated Expiration
jar 403.1 MB May 15, 26, 7:30:00 AM UTC May 22, 26, 7:29:46 AM UTC

🛡 Trivy

Vulnerability in: Java

Vulnerability Severity Package Installed Version Fixed Version
GHSA-72hv-8253-57qq MEDIUM com.fasterxml.jackson.core:jackson-core 2.21.0 2.21.1, 2.18.6
CVE-2025-53864 MEDIUM com.nimbusds:nimbus-jose-jwt 9.40 10.0.2, 9.37.4
CVE-2025-48924 MEDIUM commons-lang:commons-lang 2.4
CVE-2026-42583 HIGH io.netty:netty-codec-compression 4.2.12.Final 4.2.13.Final
CVE-2026-42583 HIGH io.netty:netty-codec-compression 4.2.12.Final 4.2.13.Final
CVE-2026-42583 HIGH io.netty:netty-codec-compression 4.2.9.Final 4.2.13.Final
CVE-2026-42579 HIGH io.netty:netty-codec-dns 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42579 HIGH io.netty:netty-codec-dns 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42584 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42584 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-41417 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-41417 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42580 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42580 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42581 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42581 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42585 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42585 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-33870 HIGH io.netty:netty-codec-http 4.2.9.Final 4.1.132.Final, 4.2.10.Final
CVE-2026-42584 HIGH io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-41417 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42580 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42581 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42585 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http2 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-33871 HIGH io.netty:netty-codec-http2 4.2.9.Final 4.1.132.Final, 4.2.11.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http2 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42578 LOW io.netty:netty-handler-proxy 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42578 LOW io.netty:netty-handler-proxy 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42578 LOW io.netty:netty-handler-proxy 4.2.9.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42577 HIGH io.netty:netty-transport-native-epoll 4.2.12.Final 4.2.13.Final
CVE-2026-42577 HIGH io.netty:netty-transport-native-epoll 4.2.12.Final 4.2.13.Final
CVE-2024-57699 HIGH net.minidev:json-smart 2.5.1 2.5.2
CVE-2026-34479 MEDIUM org.apache.logging.log4j:log4j-1.2-api 2.25.3 2.25.4
CVE-2026-34477 MEDIUM org.apache.logging.log4j:log4j-core 2.25.3 2.25.4
CVE-2026-34478 MEDIUM org.apache.logging.log4j:log4j-core 2.25.3 2.25.4
CVE-2026-34480 MEDIUM org.apache.logging.log4j:log4j-core 2.25.3 2.25.4
CVE-2026-40490 MEDIUM org.asynchttpclient:async-http-client 3.0.7 3.0.9, 2.14.5

🔁 Unreleased Commits

✅ No unreleased commits found.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

Tests report quick summary:

success ✅ > tests: 309, success: 256, skipped: 53, failed: 0

unfold for details
Project Status Success Skipped Failed
plugin-jdbc success ✅ 37 0 0
plugin-jdbc-access success ✅ 9 0 0
plugin-jdbc-actianvector success ✅ 7 0 0
plugin-jdbc-as400 success ✅ 1 0 0
plugin-jdbc-clickhouse success ✅ 17 0 0
plugin-jdbc-db2 success ✅ 10 0 0
plugin-jdbc-druid success ✅ 4 0 0
plugin-jdbc-duckdb success ✅ 28 0 0
plugin-jdbc-hana skipped ⏭️ 0 3 0
plugin-jdbc-mariadb success ✅ 18 0 0
plugin-jdbc-mysql success ✅ 34 0 0
plugin-jdbc-oracle success ✅ 26 0 0
plugin-jdbc-pinot success ✅ 5 0 0
plugin-jdbc-postgres success ✅ 30 0 0
plugin-jdbc-redshift success ✅ 4 0 0
plugin-jdbc-snowflake success ✅ 17 0 0
plugin-jdbc-sqlite success ✅ 17 0 0
plugin-jdbc-sqlserver success ✅ 22 0 0
plugin-jdbc-sybase success ✅ 6 0 0
plugin-jdbc-trino success ✅ 4 0 0
plugin-jdbc-vertica success ✅ 10 0 0

@fdelbrayelle
Copy link
Copy Markdown
Member

fdelbrayelle commented May 15, 2026

@dependabot rebase

@dependabot
chore(deps): bump net.snowflake:snowflake-jdbc from 4.1.0 to 4.2.0
f625073 
Bumps [net.snowflake:snowflake-jdbc](https://github.com/snowflakedb/snowflake-jdbc) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/snowflakedb/snowflake-jdbc/releases)
- [Changelog](https://github.com/snowflakedb/snowflake-jdbc/blob/master/CHANGELOG.md)
- [Commits](snowflakedb/snowflake-jdbc@v4.1.0...v4.2.0)

---
updated-dependencies:
- dependency-name: net.snowflake:snowflake-jdbc
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/net.snowflake-snowflake-jdbc-4.2.0 branch from 4ae0084 to f625073 Compare May 15, 2026 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependency-upgrade Dependency upgrade is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fdelbrayelle