Skip to content

chore(deps): bump hotdata from 0.2.5 to 0.4.1#24

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/hotdata-0.4.1
Closed

chore(deps): bump hotdata from 0.2.5 to 0.4.1#24
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/hotdata-0.4.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps hotdata from 0.2.5 to 0.4.1.

Release notes

Sourced from hotdata's releases.

hotdata 0.4.1

Changed

  • Configuration now defaults to a retry policy that transparently retries pre-response connection resets (stale pooled keep-alive connections, e.g. ProtocolError('Connection aborted.', ConnectionResetError)) on every method, including POST. Such a reset happens before the request reaches the server, so retrying on a fresh connection cannot double-execute. Read timeouts and status retries stay idempotent-only. Pass an explicit retries to override (#118).
  • chore: make api doc language end-user focused

hotdata 0.4.0

Added

  • hotdata.query.QueryApi: enhanced query client that transparently retries HTTP 429 (OVERLOADED) admission shedding honoring Retry-After, and auto-follows truncated results to materialize the full row set, guarded by configurable max_auto_rows (default 1M) and max_auto_bytes (default 64 MiB) ceilings (#688).
  • ResultError base class for the result-lifecycle exceptions (ResultFailedError, ResultTimeoutError, ResultTooLargeError, ResultIncompleteError, ResultUnavailableError) so callers can catch them with a single except.

Changed

  • from hotdata import QueryApi / ResultsApi now resolve to the enhanced clients (429 retry + truncation auto-follow; Arrow IPC fetch) instead of the bare generated classes, so the default happy path gets the safe behavior the query contract needs. The raw generated classes remain importable from hotdata.api.query_api / hotdata.api.results_api.

hotdata 0.3.1

Security

  • Raised dependency floors to patched releases: pyarrow >= 14.0.1 (CVE-2023-47248, RCE via unsafe deserialization) and pydantic >= 2.4.0 (CVE-2024-3772, regex denial of service).

hotdata 0.3.0

Added

  • Transparent API-token → JWT exchange: the client now exchanges an opaque API token for a short-lived JWT on first use and keeps it refreshed, so the wire always carries a current token. Credentials already shaped like a JWT pass through unchanged. Set HOTDATA_DISABLE_JWT_EXCHANGE to an affirmative value (1, true, yes, on) as a hard escape hatch.
  • Managed-catalog editing endpoints: add_managed_schema and add_managed_table on ConnectionsApi and DatabasesApi, with new models AddManagedSchemaRequest, AddManagedTableDecl, AddManagedTableRequest, ManagedSchemaResponse, and ManagedTableResponse.
  • Typed x_database_id parameter on SavedQueriesApi.execute_saved_query (required) and DatasetsApi.create_dataset, scoping execution to a database the same way QueryApi.query does — no more _headers override.
  • database_id field on QueryRequest as a body-level alternative to the X-Database-Id header.
  • storage_backend field on CreateDatabaseRequest to select the default catalog's physical backend (parquet or ducklake).
  • default_catalog field on CreateDatabaseRequest to name the database's auto-created default catalog within its query scope, surfaced on CreateDatabaseResponse, DatabaseDetailResponse, and DatabaseSummary.

hotdata 0.2.6

Added

... (truncated)

Changelog

Sourced from hotdata's changelog.

[0.4.1] - 2026-06-19

Changed

  • Configuration now defaults to a retry policy that transparently retries pre-response connection resets (stale pooled keep-alive connections, e.g. ProtocolError('Connection aborted.', ConnectionResetError)) on every method, including POST. Such a reset happens before the request reaches the server, so retrying on a fresh connection cannot double-execute. Read timeouts and status retries stay idempotent-only. Pass an explicit retries to override (#118).
  • chore: make api doc language end-user focused

[0.4.0] - 2026-06-16

Added

  • hotdata.query.QueryApi: enhanced query client that transparently retries HTTP 429 (OVERLOADED) admission shedding honoring Retry-After, and auto-follows truncated results to materialize the full row set, guarded by configurable max_auto_rows (default 1M) and max_auto_bytes (default 64 MiB) ceilings (#688).
  • ResultError base class for the result-lifecycle exceptions (ResultFailedError, ResultTimeoutError, ResultTooLargeError, ResultIncompleteError, ResultUnavailableError) so callers can catch them with a single except.

Changed

  • from hotdata import QueryApi / ResultsApi now resolve to the enhanced clients (429 retry + truncation auto-follow; Arrow IPC fetch) instead of the bare generated classes, so the default happy path gets the safe behavior the query contract needs. The raw generated classes remain importable from hotdata.api.query_api / hotdata.api.results_api.

[0.3.4] - 2026-06-15

Changed

  • feat(queries): add preview and total row count fields

[0.3.3] - 2026-06-10

Changed

  • chore: regenerate client, drop orphaned sandbox files

[0.3.1] - 2026-06-06

Security

... (truncated)

Commits
  • 8d67148 chore: release hotdata v0.4.1 (#120)
  • f89af03 feat(retry): retry pre-response connection resets on all methods (#118) (#119)
  • 9a239b2 chore: make api doc language end-user focused (#116)
  • 9cb237c ci(publish): post to #deploy on PyPI publish (#115)
  • 6790ab1 fix(release): collapse double blank line after Unreleased heading (#114)
  • 27133b5 chore: release hotdata v0.4.0 (#112)
  • b37b379 feat(query): 429 retry + truncation auto-follow (#688) (#111)
  • 5c785ba feat(queries): add preview and total row count fields (#110)
  • b597d18 chore: regenerate client, drop orphaned sandbox files (#109)
  • 6a6ba04 ci: harden client regeneration (#108)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [hotdata](https://github.com/hotdata-dev/sdk-python) from 0.2.5 to 0.4.1.
- [Release notes](https://github.com/hotdata-dev/sdk-python/releases)
- [Changelog](https://github.com/hotdata-dev/sdk-python/blob/main/CHANGELOG.md)
- [Commits](hotdata-dev/sdk-python@v0.2.5...v0.4.1)

---
updated-dependencies:
- dependency-name: hotdata
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 19, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 19, 2026 19:44
@eddietejeda

Copy link
Copy Markdown
Contributor

Superseded by #25, which performs the same hotdata 0.2.5→0.4.1 bump and additionally refreshes uv.lock and updates tests for the 0.4.1 API. Closing as redundant.

auto-merge was automatically disabled June 22, 2026 18:31

Pull request was closed

@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/uv/hotdata-0.4.1 branch June 22, 2026 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant