Skip to content

chore(deps): bump hotdata from 0.2.5 to 0.4.0#23

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/hotdata-0.4.0
Closed

chore(deps): bump hotdata from 0.2.5 to 0.4.0#23
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/hotdata-0.4.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps hotdata from 0.2.5 to 0.4.0.

Release notes

Sourced from hotdata's releases.

hotdata 0.4.0

Added

  • hotdata.query.QueryApi: enhanced query client that transparently retries HTTP 429 (OVERLOADED) admission shedding honoring Retry-After, and auto-follows truncated results to materialize the full row set, guarded by configurable max_auto_rows (default 1M) and max_auto_bytes (default 64 MiB) ceilings (#688).
  • ResultError base class for the result-lifecycle exceptions (ResultFailedError, ResultTimeoutError, ResultTooLargeError, ResultIncompleteError, ResultUnavailableError) so callers can catch them with a single except.

Changed

  • from hotdata import QueryApi / ResultsApi now resolve to the enhanced clients (429 retry + truncation auto-follow; Arrow IPC fetch) instead of the bare generated classes, so the default happy path gets the safe behavior the query contract needs. The raw generated classes remain importable from hotdata.api.query_api / hotdata.api.results_api.

hotdata 0.3.1

Security

  • Raised dependency floors to patched releases: pyarrow >= 14.0.1 (CVE-2023-47248, RCE via unsafe deserialization) and pydantic >= 2.4.0 (CVE-2024-3772, regex denial of service).

hotdata 0.3.0

Added

  • Transparent API-token → JWT exchange: the client now exchanges an opaque API token for a short-lived JWT on first use and keeps it refreshed, so the wire always carries a current token. Credentials already shaped like a JWT pass through unchanged. Set HOTDATA_DISABLE_JWT_EXCHANGE to an affirmative value (1, true, yes, on) as a hard escape hatch.
  • Managed-catalog editing endpoints: add_managed_schema and add_managed_table on ConnectionsApi and DatabasesApi, with new models AddManagedSchemaRequest, AddManagedTableDecl, AddManagedTableRequest, ManagedSchemaResponse, and ManagedTableResponse.
  • Typed x_database_id parameter on SavedQueriesApi.execute_saved_query (required) and DatasetsApi.create_dataset, scoping execution to a database the same way QueryApi.query does — no more _headers override.
  • database_id field on QueryRequest as a body-level alternative to the X-Database-Id header.
  • storage_backend field on CreateDatabaseRequest to select the default catalog's physical backend (parquet or ducklake).
  • default_catalog field on CreateDatabaseRequest to name the database's auto-created default catalog within its query scope, surfaced on CreateDatabaseResponse, DatabaseDetailResponse, and DatabaseSummary.

hotdata 0.2.6

Added

  • default_catalog and default_schema fields on QueryRequest to control how unqualified table references resolve within an X-Database-Id scope.
Changelog

Sourced from hotdata's changelog.

[0.4.0] - 2026-06-16

Added

  • hotdata.query.QueryApi: enhanced query client that transparently retries HTTP 429 (OVERLOADED) admission shedding honoring Retry-After, and auto-follows truncated results to materialize the full row set, guarded by configurable max_auto_rows (default 1M) and max_auto_bytes (default 64 MiB) ceilings (#688).
  • ResultError base class for the result-lifecycle exceptions (ResultFailedError, ResultTimeoutError, ResultTooLargeError, ResultIncompleteError, ResultUnavailableError) so callers can catch them with a single except.

Changed

  • from hotdata import QueryApi / ResultsApi now resolve to the enhanced clients (429 retry + truncation auto-follow; Arrow IPC fetch) instead of the bare generated classes, so the default happy path gets the safe behavior the query contract needs. The raw generated classes remain importable from hotdata.api.query_api / hotdata.api.results_api.

[0.3.4] - 2026-06-15

Changed

  • feat(queries): add preview and total row count fields

[0.3.3] - 2026-06-10

Changed

  • chore: regenerate client, drop orphaned sandbox files

[0.3.1] - 2026-06-06

Security

  • Raised dependency floors to patched releases: pyarrow >= 14.0.1 (CVE-2023-47248, RCE via unsafe deserialization) and pydantic >= 2.4.0 (CVE-2024-3772, regex denial of service).

[0.3.0] - 2026-06-05

Added

  • Transparent API-token → JWT exchange: the client now exchanges an opaque API token for a short-lived JWT on first use and keeps it refreshed, so the wire always carries a current token. Credentials already shaped like a JWT pass through unchanged. Set HOTDATA_DISABLE_JWT_EXCHANGE to an affirmative value (1, true, yes, on) as a hard escape hatch.
  • Managed-catalog editing endpoints: add_managed_schema and add_managed_table on ConnectionsApi and DatabasesApi, with new models AddManagedSchemaRequest, AddManagedTableDecl, AddManagedTableRequest, ManagedSchemaResponse, and ManagedTableResponse.
  • Typed x_database_id parameter on SavedQueriesApi.execute_saved_query (required) and DatasetsApi.create_dataset, scoping execution to a database the same way QueryApi.query does — no more _headers override.
  • database_id field on QueryRequest as a body-level alternative to the X-Database-Id header.
  • storage_backend field on CreateDatabaseRequest to select the default catalog's physical backend (parquet or ducklake).
  • default_catalog field on CreateDatabaseRequest to name the database's auto-created default catalog within its query scope, surfaced on CreateDatabaseResponse, DatabaseDetailResponse, and DatabaseSummary.

... (truncated)

Commits
  • 27133b5 chore: release hotdata v0.4.0 (#112)
  • b37b379 feat(query): 429 retry + truncation auto-follow (#688) (#111)
  • 5c785ba feat(queries): add preview and total row count fields (#110)
  • b597d18 chore: regenerate client, drop orphaned sandbox files (#109)
  • 6a6ba04 ci: harden client regeneration (#108)
  • 0e8a6eb feat(api): add list-indexes endpoint, exclude internal migrate-backend (#107)
  • 34e04c4 chore: release v0.3.1 (#105)
  • 17e4f7a fix: patch pyarrow and pydantic CVEs, harden release workflow (#104)
  • 0fca84b chore: own packaging files, add dep drift check (#103)
  • e01d7fc test(integration): run arrow scenarios in CI instead of skipping (#102)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [hotdata](https://github.com/hotdata-dev/sdk-python) from 0.2.5 to 0.4.0.
- [Release notes](https://github.com/hotdata-dev/sdk-python/releases)
- [Changelog](https://github.com/hotdata-dev/sdk-python/blob/main/CHANGELOG.md)
- [Commits](hotdata-dev/sdk-python@v0.2.5...v0.4.0)

---
updated-dependencies:
- dependency-name: hotdata
  dependency-version: 0.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 16, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 16, 2026 19:44
@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #24.

@dependabot dependabot Bot closed this Jun 19, 2026
auto-merge was automatically disabled June 19, 2026 19:43

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/uv/hotdata-0.4.0 branch June 19, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants