Skip to content

chore(deps): bump hotdata from 0.2.5 to 0.3.1#22

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/hotdata-0.3.1
Closed

chore(deps): bump hotdata from 0.2.5 to 0.3.1#22
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/hotdata-0.3.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps hotdata from 0.2.5 to 0.3.1.

Release notes

Sourced from hotdata's releases.

hotdata 0.3.1

Security

  • Raised dependency floors to patched releases: pyarrow >= 14.0.1 (CVE-2023-47248, RCE via unsafe deserialization) and pydantic >= 2.4.0 (CVE-2024-3772, regex denial of service).

hotdata 0.3.0

Added

  • Transparent API-token → JWT exchange: the client now exchanges an opaque API token for a short-lived JWT on first use and keeps it refreshed, so the wire always carries a current token. Credentials already shaped like a JWT pass through unchanged. Set HOTDATA_DISABLE_JWT_EXCHANGE to an affirmative value (1, true, yes, on) as a hard escape hatch.
  • Managed-catalog editing endpoints: add_managed_schema and add_managed_table on ConnectionsApi and DatabasesApi, with new models AddManagedSchemaRequest, AddManagedTableDecl, AddManagedTableRequest, ManagedSchemaResponse, and ManagedTableResponse.
  • Typed x_database_id parameter on SavedQueriesApi.execute_saved_query (required) and DatasetsApi.create_dataset, scoping execution to a database the same way QueryApi.query does — no more _headers override.
  • database_id field on QueryRequest as a body-level alternative to the X-Database-Id header.
  • storage_backend field on CreateDatabaseRequest to select the default catalog's physical backend (parquet or ducklake).
  • default_catalog field on CreateDatabaseRequest to name the database's auto-created default catalog within its query scope, surfaced on CreateDatabaseResponse, DatabaseDetailResponse, and DatabaseSummary.

hotdata 0.2.6

Added

  • default_catalog and default_schema fields on QueryRequest to control how unqualified table references resolve within an X-Database-Id scope.
Changelog

Sourced from hotdata's changelog.

[0.3.1] - 2026-06-06

Security

  • Raised dependency floors to patched releases: pyarrow >= 14.0.1 (CVE-2023-47248, RCE via unsafe deserialization) and pydantic >= 2.4.0 (CVE-2024-3772, regex denial of service).

[0.3.0] - 2026-06-05

Added

  • Transparent API-token → JWT exchange: the client now exchanges an opaque API token for a short-lived JWT on first use and keeps it refreshed, so the wire always carries a current token. Credentials already shaped like a JWT pass through unchanged. Set HOTDATA_DISABLE_JWT_EXCHANGE to an affirmative value (1, true, yes, on) as a hard escape hatch.
  • Managed-catalog editing endpoints: add_managed_schema and add_managed_table on ConnectionsApi and DatabasesApi, with new models AddManagedSchemaRequest, AddManagedTableDecl, AddManagedTableRequest, ManagedSchemaResponse, and ManagedTableResponse.
  • Typed x_database_id parameter on SavedQueriesApi.execute_saved_query (required) and DatasetsApi.create_dataset, scoping execution to a database the same way QueryApi.query does — no more _headers override.
  • database_id field on QueryRequest as a body-level alternative to the X-Database-Id header.
  • storage_backend field on CreateDatabaseRequest to select the default catalog's physical backend (parquet or ducklake).
  • default_catalog field on CreateDatabaseRequest to name the database's auto-created default catalog within its query scope, surfaced on CreateDatabaseResponse, DatabaseDetailResponse, and DatabaseSummary.

[0.2.6] - 2026-05-29

Added

  • default_catalog and default_schema fields on QueryRequest to control how unqualified table references resolve within an X-Database-Id scope.
Commits
  • 34e04c4 chore: release v0.3.1 (#105)
  • 17e4f7a fix: patch pyarrow and pydantic CVEs, harden release workflow (#104)
  • 0fca84b chore: own packaging files, add dep drift check (#103)
  • e01d7fc test(integration): run arrow scenarios in CI instead of skipping (#102)
  • 5aee4b4 ci: migrate create-github-app-token to client-id (#101)
  • 3fc2cdd test(integration): cover category-A scenarios from #207 (#99)
  • 1cb6338 chore: release v0.3.0 (#98)
  • 9fe8bd3 chore: ignore .DS_Store and local Claude Code state (#97)
  • 41418a8 chore: regenerate client from updated OpenAPI spec (#96)
  • 5989242 chore: regenerate client from OpenAPI spec (#95)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [hotdata](https://github.com/hotdata-dev/sdk-python) from 0.2.5 to 0.3.1.
- [Release notes](https://github.com/hotdata-dev/sdk-python/releases)
- [Changelog](https://github.com/hotdata-dev/sdk-python/blob/main/CHANGELOG.md)
- [Commits](hotdata-dev/sdk-python@v0.2.5...v0.3.1)

---
updated-dependencies:
- dependency-name: hotdata
  dependency-version: 0.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 8, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 8, 2026 19:46
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #23.

@dependabot dependabot Bot closed this Jun 16, 2026
auto-merge was automatically disabled June 16, 2026 19:44

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/uv/hotdata-0.3.1 branch June 16, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants