Skip to content

fix(snowflake): update snowflake-sdk #18005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
WikiRik wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

fix(snowflake): update snowflake-sdk #18005

WikiRik wants to merge 2 commits into from
+543 −104

Conversation

@WikiRik
Copy link
Member

@WikiRik WikiRik commented Oct 10, 2025
edited by coderabbitai bot
Loading

Pull Request Checklist

  • Have you added new tests to prevent regressions?
  • If a documentation update is necessary, have you opened a PR to the documentation repository?
  • Did you update the typescript typings accordingly (if applicable)?
  • Does the description below contain a link to an existing issue (Closes #[issue]) or a description of the issue you are solving?
  • Does the name of your PR follow our conventions?

Description of Changes

Updates snowflake-sdk

Summary by CodeRabbit

  • New Features

    • Expanded Snowflake connection options: new OAuth fields (auth/token URLs, client credentials, scope, redirect/challenge), workload identity settings, certificate revocation controls, OCSP proxy usage, external browser callback, and query tagging.

  • Refactor

    • Removed the oauthHttpAllowed option from the public connection options.

  • Chores

    • Updated Snowflake SDK dependency to ^2.3.1.

  • Tests

    • Adjusted test configuration globals for SDK compatibility.

@WikiRik WikiRik requested a review from a team as a code owner October 10, 2025 14:24
@WikiRik WikiRik requested review from ephys and sdepold October 10, 2025 14:24
@coderabbitai
Copy link

coderabbitai bot commented Oct 10, 2025
edited
Loading

Walkthrough

Dependency snowflake-sdk updated to ^2.3.1. The Snowflake connection options surface changed: oauthHttpAllowed was removed from the exported type and many OAuth/workload-identity/CRL/OCSP/queryTag-related option names were added to the dialect’s recognized configuration keys. Mocha globals gained awslambda. No runtime control-flow changes.

Changes

Cohort / File(s) Summary
Dependency bump
packages/snowflake/package.json		 Updated dependency: snowflake-sdk ^2.1.0 → ^2.3.1.
Connection options typing
packages/snowflake/src/connection-manager.ts		 SnowflakeConnectionOptions now omits oauthHttpAllowed from SnowflakeSdk.ConnectionOptions (type-surface change only).
Dialect recognized option keys
packages/snowflake/src/dialect.ts		 Added recognition for connection option names: oauthAuthorizationUrl, oauthClientId, oauthClientSecret, oauthEnableSingleUseRefreshTokens, oauthTokenRequestUrl, oauthScope, oauthRedirectUri, oauthChallengeMethod, workloadIdentityProvider, workloadIdentityImpersonationPath, workloadIdentityAzureEntraIdResource, workloadIdentityAzureClientId, certRevocationCheckMode, crlAllowCertificatesWithoutCrlURL, crlInMemoryCache, crlOnDiskCache, useConnectionConfigProxyForOCSP, openExternalBrowserCallback, queryTag. Public dialect options type unchanged.
Test config globals
.mocharc.jsonc		 Added "awslambda" to the globals array for Mocha (compatibility with snowflake-sdk).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

I thump my paws—new keys appear,
OAuth winds whisper in my ear.
One flag retires, fresh paths unfurl,
Tests gain a flag, dependencies whirl.
Hops of change—this rabbit’s cheer! 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title “fix(snowflake): update snowflake-sdk” succinctly describes the core change of bumping the snowflake-sdk dependency, follows conventional commit style, and gives reviewers a clear understanding of the primary update in this PR.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch WikiRik/snowflake-deps
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c94f055 and b4c9525.

📒 Files selected for processing (1)
  • .mocharc.jsonc (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Upload install and build artifact (Node 18)
  • GitHub Check: Upload install and build artifact (Node 20)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 10, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
packages/snowflake/src/dialect.ts (1)

78-96: Consider adding inline documentation for the new connection options.

The 19 new connection options lack inline documentation explaining their purpose. While the options themselves may be documented in the Snowflake SDK, adding brief JSDoc comments would improve developer experience when using these options through Sequelize.

Example approach:

+  /** OAuth authorization URL for external authentication */
   oauthAuthorizationUrl: undefined,
+  /** OAuth client identifier */
   oauthClientId: undefined,
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 94578e0 and c94f055.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (3)
  • packages/snowflake/package.json (1 hunks)
  • packages/snowflake/src/connection-manager.ts (1 hunks)
  • packages/snowflake/src/dialect.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
packages/*/src/dialect.ts

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

When adding a dialect feature, update packages/{dialect}/src/dialect.ts to declare feature support flags

Files:

  • packages/snowflake/src/dialect.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Upload install and build artifact (Node 20)
  • GitHub Check: Upload install and build artifact (Node 18)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: Analyze (actions)
🔇 Additional comments (2)
packages/snowflake/package.json (1)

42-42: Confirm snowflake-sdk version and compatibility
[email protected] is published and not affected by any known NPM advisories; please verify that the new connection options in dialect.ts align with the Snowflake SDK’s supported API.

packages/snowflake/src/connection-manager.ts (1)

37-38: Remove incorrect deprecation note for oauthHttpAllowed The Snowflake SDK docs and release notes contain no reference to this option; remove or clarify its origin.

Likely an incorrect or invalid review comment.

packages/snowflake/src/dialect.ts
Comment on lines +78 to +96
oauthAuthorizationUrl: undefined,
oauthClientId: undefined,
oauthClientSecret: undefined,
oauthEnableSingleUseRefreshTokens: undefined,
oauthTokenRequestUrl: undefined,
oauthScope: undefined,
oauthRedirectUri: undefined,
oauthChallengeMethod: undefined,
workloadIdentityProvider: undefined,
workloadIdentityImpersonationPath: undefined,
workloadIdentityAzureEntraIdResource: undefined,
workloadIdentityAzureClientId: undefined,
certRevocationCheckMode: undefined,
crlAllowCertificatesWithoutCrlURL: undefined,
crlInMemoryCache: undefined,
crlOnDiskCache: undefined,
useConnectionConfigProxyForOCSP: undefined,
openExternalBrowserCallback: undefined,
queryTag: undefined,
Copy link

@coderabbitai coderabbitai bot Oct 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify that the new connection options exist in snowflake-sdk v2.3.1.

Ensure these options are actually supported in the target SDK version to prevent runtime errors.

🏁 Script executed:

#!/bin/bash
# Description: Verify new connection options exist in snowflake-sdk v2.3.1 ConnectionOptions type

# Search for OAuth-related option definitions in node_modules type definitions
fd -e d.ts -x rg -l "oauthAuthorizationUrl|workloadIdentityProvider|certRevocationCheckMode|queryTag" {} \; | head -5

Length of output: 0

🏁 Script executed:

#!/bin/bash
# Download and inspect [email protected] type definitions
npm pack [email protected]
tar -xzf snowflake-sdk-2.3.1.tgz
rg -n "oauthAuthorizationUrl|oauthClientId|oauthClientSecret|oauthEnableSingleUseRefreshTokens|oauthTokenRequestUrl|oauthScope|oauthRedirectUri|oauthChallengeMethod|workloadIdentityProvider|workloadIdentityImpersonationPath|workloadIdentityAzureEntraIdResource|workloadIdentityAzureClientId|certRevocationCheckMode|crlAllowCertificatesWithoutCrlURL|crlInMemoryCache|crlOnDiskCache|useConnectionConfigProxyForOCSP|openExternalBrowserCallback|queryTag" -g '*.d.ts' package

Length of output: 14144

Revert unsupported Snowflake connection options or upgrade the snowflake-sdk dependency
Verified v2.3.1 only defines openExternalBrowserCallback, useConnectionConfigProxyForOCSP and queryTag; all other newly added options aren’t in the SDK’s types and will be undefined at runtime.

🤖 Prompt for AI Agents 
In packages/snowflake/src/dialect.ts around lines 78 to 96, several Snowflake
connection options were added that the installed snowflake-sdk v2.3.1 does not
support (only openExternalBrowserCallback, useConnectionConfigProxyForOCSP and
queryTag exist); revert/remove the unsupported option properties
(oauthAuthorizationUrl, oauthClientId, oauthClientSecret,
oauthEnableSingleUseRefreshTokens, oauthTokenRequestUrl, oauthScope,
oauthRedirectUri, oauthChallengeMethod, workloadIdentityProvider,
workloadIdentityImpersonationPath, workloadIdentityAzureEntraIdResource,
workloadIdentityAzureClientId, certRevocationCheckMode,
crlAllowCertificatesWithoutCrlURL, crlInMemoryCache, crlOnDiskCache) or
alternatively upgrade the snowflake-sdk dependency and its types to a version
that exposes those fields and then update the type definitions accordingly so
runtime and typings match.

@WikiRik WikiRik marked this pull request as draft October 10, 2025 16:57
@WikiRik WikiRik marked this pull request as ready for review October 11, 2025 11:02
@sequelize-bot sequelize-bot bot added the conflicted This PR has merge conflicts and will not be present in the list of PRs to review label Oct 11, 2025
@WikiRik WikiRik marked this pull request as draft November 11, 2025 15:35
@WikiRik
Copy link
Member Author

WikiRik commented Nov 11, 2025

Putting this in draft, I will fix the merge conflicts when the other PRs have been merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@sdepold sdepold sdepold approved these changes

@ephys ephys Awaiting requested review from ephys ephys is a code owner automatically assigned from sequelize/code-reviewers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

conflicted This PR has merge conflicts and will not be present in the list of PRs to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@WikiRik @sdepold