Skip to content

Update apache-airflow requirement from <3,>=2.8 to >=2.8,<4#182

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/apache-airflow-gte-2.8-and-lt-4
Closed

Update apache-airflow requirement from <3,>=2.8 to >=2.8,<4#182
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/apache-airflow-gte-2.8-and-lt-4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on apache-airflow to permit the latest version.

Release notes

Sourced from apache-airflow's releases.

Apache Airflow 3.2.2

📦 PyPI: https://pypi.org/project/apache-airflow/3.2.2/ 📚 Docs: https://airflow.apache.org/docs/apache-airflow/3.2.2/ 🛠 Release Notes: https://airflow.apache.org/docs/apache-airflow/3.2.2/release_notes.html 🐳 Docker Image: "docker pull apache/airflow:3.2.2" 🚏 Constraints: https://github.com/apache/airflow/tree/constraints-3.2.2

Significant Changes

  • The SMTP STARTTLS upgrade performed by airflow.utils.email.send_email now validates the SMTP server's certificate against the system's trusted CA bundle by default. Previously the starttls() call was made without an SSL context, so any certificate was accepted. Deployments that intentionally point Airflow at an SMTP server with a self-signed or otherwise non-validating certificate and need to preserve the previous behaviour must set email.ssl_context = "none" in airflow.cfg. The "default" value (now also the default when the option is unset) uses :func:ssl.create_default_context. Previously this option applied only to the SMTP_SSL path; it now applies to the STARTTLS path as well. (#65346)

  • In #64963, the Airflow UI switched from full-match *_pattern REST API query parameters to the new index-friendly *_prefix_pattern parameters on list endpoints. This is a behavioral change for search-as-you-type filters in the UI: matches are prefix-based (LIKE 'term%' via a range scan) instead of substring-based (ILIKE '%term%'), which means the database can use B-tree indexes and search stays fast on large deployments. The REST API itself keeps both forms: existing *_pattern parameters still behave exactly as before. In #66015, a per-search-bar "Match anywhere" toggle was added so users who relied on the previous substring behavior can opt back into it from the UI. Each search input and each text filter pill now has a small regex-icon toggle next to the value; flipping it on switches that input from *_prefix_pattern to *_pattern. (#66015)

  • Fix triggerer race condition and deadlock that caused deferred tasks to stall indefinitely

    Triggers that call synchronous SDK methods (e.g. get_task_states used by safe_to_cancel in several Google provider operators) could crash the triggerer's internal subprocess. The triggerer would then continue to heartbeat normally — appearing healthy to the scheduler — while silently processing zero triggers, causing every deferred task to time out. This was first reported in issue #64620; a partial fix shipped in Airflow 3.2.1 (#64882) but introduced a new deadlock with the same visible symptom under load.

    Both issues are fixed by replacing the lock-based serialization with response multiplexing: each request now carries a unique ID and the response is routed back to the correct caller, so concurrent requests from trigger threads no longer contend or deadlock regardless of how many triggers are running or what SDK methods they call.

    New: triggerer subprocess watchdog

    Even with the race fixed, a trigger that blocks the event loop (e.g. by calling time.sleep() or performing blocking I/O directly in async def run()) would previously leave the triggerer appearing healthy indefinitely.

    A new [triggerer] runner_health_check_threshold config option (default: 30 seconds) adds a watchdog: if the triggerer subprocess goes silent for longer than the threshold, the parent process stops updating the heartbeat so the scheduler can detect the hang and reassign triggers rather than waiting for them to individually time out. Set the option to 0 to disable the watchdog. (#66412)

  • Tighten [core] allowed_deserialization_classes_regexp to require full-string matches

    Patterns in [core] allowed_deserialization_classes_regexp are now matched against the entire classname using re.fullmatch() instead of re.match(). Previously a pattern such as airflow\.models\.Variable admitted not only the intended class but also names that started with it (e.g. airflow.models.Variable_Malicious), because re.match only anchors at the start of the string.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [apache-airflow](https://github.com/apache/airflow) to permit the latest version.
- [Release notes](https://github.com/apache/airflow/releases)
- [Changelog](https://github.com/apache/airflow/blob/main/docker-stack-docs/changelog.rst)
- [Commits](https://github.com/apache/airflow/commits/3.2.2)

---
updated-dependencies:
- dependency-name: apache-airflow
  dependency-version: 3.2.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added lang: python PRs or issues related to Python part: dependencies PRs or issues related to dependencies labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Test Results

261 tests  ±0   255 ✅ ±0   7s ⏱️ -1s
  1 suites ±0     6 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 5163c8e. ± Comparison against base commit 2ca3ffa.

@timkpaine timkpaine closed this Jul 1, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@timkpaine timkpaine deleted the dependabot/pip/apache-airflow-gte-2.8-and-lt-4 branch July 1, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lang: python PRs or issues related to Python part: dependencies PRs or issues related to dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant