chore(deps): bump snowflake-connector-python from 4.4.0 to 4.6.0

[dependabot]

Bumps snowflake-connector-python from 4.4.0 to 4.6.0.

Release notes

Sourced from snowflake-connector-python's releases.

4.6.0

• v4.6.0(May 28,2026)
  • Dropped support for Python 3.9. The minimum supported version is now Python 3.10.
  • Fixed sdist to only install the minicore binary matching the current platform (SNOW-3526469). Previous 4.x releases copied every platform's minicore .so/.dylib/.dll into the install prefix, breaking downstream packagers (e.g. Homebrew) whose audits reject foreign-arch binaries.
  • Added one in-band telemetry record per successful login describing which connection-identifier fields the user supplied (account_provided, account_with_region, account_org_provided, region_provided, host_provided). No hostname or account value is included. This is gated by the existing server-side CLIENT_TELEMETRY_ENABLED parameter and can additionally be disabled locally by setting SF_TELEMETRY_DISABLE_CONNECTION_SHAPE=true. The telemetry collection is time-boxed and will be removed in a future release.
  • Bumped up vendored urllib3 to 2.7.0

4.5.0

• v4.5.0(May 12,2026)
  • Fixed write_pandas temp stage name collisions (SNOW-3481510). The old PRNG could produce identical name sequences in forked processes (e.g. Notebook kernels), causing CREATE TEMPORARY STAGE to fail with "Object already exists".
  • Fixed a security bug in Okta SAML authentication where _is_prefix_equal() compared url1's port against itself instead of url2's port, allowing an attacker to redirect credentials to a different port on the same hostname. Also fixed the default port fallback to use int instead of str for correct comparison when one URL omits the port.
  • Fixed executemany with paramstyle="pyformat" to correctly locate the VALUES clause using a balanced-parentheses parser instead of a greedy regex. This fixes incorrect behaviour with nested function calls such as SQLAlchemy @compiles VARIANT patterns (e.g. PARSE_JSON(%(col)s)) and subquery-form INSERTs (SNOW-298756).
  • Added ECDSA key support (ES256, ES384, ES512) for key-pair authentication.
  • Added HTTP 307/308 redirect status codes to the retryable set as defense-in-depth, with redirect-aware logging in both sync and async paths.
  • Consolidated keyring token cache to use a single service name with hashed account keys, reducing macOS Keychain password prompts. Legacy entries are auto-migrated on first read.
  • Added support for AWS outbound JWT token attestation for Workload Identity Federation (WIF). This can be enabled by setting the SNOWFLAKE_ENABLE_AWS_WIF_OUTBOUND_TOKEN environment variable to true. Note: This environment variable will be removed in a future release.
  • Removed dynamic class deserialization from the OCSP response validation cache to prevent arbitrary code execution via crafted cache files (SNOW-2439940). The SNOWFLAKE_ENABLE_CUSTOM_REVOCATION_ERRORS environment variable is now a no-op.
  • Updated SPCS token injection to gate on SNOWFLAKE_RUNNING_INSIDE_SPCS environment variable, trim whitespace, and remove configurable token path.
  • GCP WIF attestation now uses hostname metadata.google.internal instead of the IPv4 link-local address, so it works on IPv6-only GCP VMs.
  • Fixed a bug where write_pandas() with auto_create_table=False and overwrite=True would execute CREATE TABLE IF NOT EXISTS, which required unnecessary OWNERSHIP privilege on the table. Now only TRUNCATE TABLE is executed in this case. Note: users who relied on the table being implicitly created despite auto_create_table=False should set auto_create_table=True instead.
  • Added validation of the account connection parameter so malformed identifiers (for example path-like values or labels outside letters, digits, _, and -) are rejected with ProgrammingError before login (SNOW-1902886).
  • Added support for Azure Workload Identity Federation impersonation, allowing a managed identity to authenticate as a service principal.

Commits

• 9f72374 Bump up version to 4.6.0 (#2890)
• 0b1d9ce SNOW-3569023: bump vendored urllib3 to 2.7.0 (#2888)
• 0708614 NO-SNOW: drop EOL Python 3.9 support (#2889)
• 714448d SNOW-3351450: emit client_connection_identifier_shape in-band telemetry (#2877)
• c1b03e1 SNOW-3420102: drop stage object on prober cleanup, migrate image to ubuntu (#...
• 52f175c PRODSEC-4321: [supply-chain] Replace third-party URLs with Artifactory (#2868)
• c5d9915 SNOW-3526469: move minicore pruning note to Upcoming Release (#2873)
• 3f14392 SNOW-3526469: prune foreign-arch minicore binaries at build_py (#2871)
• c2b2ba7 Bump up version to 4.5.0 (#2867)
• 0bf4f41 Fix flaky QCC integration test by mocking server response (#2866)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

uv.lock

Package	Version	License	Issue Type
snowflake-connector-python	4.6.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/snowflake-connector-python	4.6.0	Unknown	Unknown

Scanned Files

• uv.lock

[overcut-ai]

Completed Working on "Code Review"

✅ Code review complete. No issues found - all changes look good! ✅

✅ Workflow completed successfully.

---

👉 View complete log