{"name": "Snowflake Connector for QGIS", "package_name": "qgis-snowflake-connector", "version": "1.0.16", "experimental": false, "qgis_min": "3.34.1", "qgis_max": "4.99.0", "downloads": 75, "uploaded_by": "snow", "upload_datetime": "2026-07-06T12:04:23.642588", "changelog": "Added\r\nCost attribution / telemetry - every plugin-issued query is tagged\r\nwith a QUERY_TAG describing the operation and target layer, so usage\r\nis filterable in QUERY_HISTORY.\r\nTemporal animation - Snowflake layers auto-detect a timestamp column,\r\nenable temporal properties, and seed the controller with the column's\r\nreal MIN/MAX range.\r\nCooperative query cancellation - long-running queries can be\r\ninterrupted instead of blocking.\r\nNon-geometry tables in the browser - plain tables now appear under a\r\n\"Tables (no geometry)\" group, with clear feedback for empty schemas.\r\n\r\nFixed\r\nPlugin fails to load - resolved the QgsSqlExpressionCompiler import\r\ncrash by reimplementing the filter/subset compiler as a pure-Python\r\nexpression walker.\r\nLayer load/render crash (ModuleNotFoundError in SFFeatureSource) -\r\nremoved a stray sys.path entry that loaded the plugin's modules under\r\ntwo names.\r\nAuth-config leak - connections now reuse the existing stored QGIS auth\r\nconfig instead of creating a new one on every layer load.\r\nField/type crashes - QgsField construction is now\r\nQGIS-version-compatible (works on 3.34 through 3.44); fixed a bad\r\ndefault for unknown Snowflake type codes.\r\nFeature iterator - expression state is always initialized (no more\r\nunset-attribute errors), server-side cursors are released on close,\r\nand errors are logged instead of printed/swallowed.\r\nSpatial filter pushdown - skipped when the map extent is outside valid\r\nlon/lat range, avoiding Snowflake \"Invalid Lng/Lat pair\" errors.\r\nProvider cache - reloads reset feature/count/extent caches while\r\npreserving column order, and edits refresh the attribute table without\r\nreopening the layer.\r\n\r\nSecurity\r\nSQL injection hardening - all identifiers, literals, and table names\r\nroute through centralized quoting; malicious quoted identifiers are\r\nneutralized; backslash/quote breakouts in literals are escaped; JSON\r\npayloads use safe $$ quoting.\r\nPredicate / expression safety - free-text WHERE clauses are rejected\r\nwhen they contain comments, statement terminators, or set operators;\r\nQGIS filter/subset expressions are compiled (fail-closed to none)\r\nrather than passed through raw.\r\nUntrusted project files - values restored from .qgs/.qgz are\r\nre-validated; edit capabilities are withheld for unordered/row-capped\r\nresult sets and re-check primary-key uniqueness before allowing edits.\r\nCredential protection - cleartext passwords are never written (and\r\nstale ones removed) when using encrypted auth; connection aliases are\r\nhidden behind redacted authcfg= tokens in persisted URIs.\r\nContent-injection hardening - server-controlled table names render as\r\nplain text (no SMB/UNC leak), and ad-hoc SQL execution requires\r\nexplicit confirmation.", "external_deps": null, "download_url": "https://plugins.qgis.org/plugins/qgis-snowflake-connector/version/1.0.16/download/"}