fix(deps): update all non-major dependencies (!49) · Merge requests · Information Services / DevOps / Django Libraries / API Gateway Auth

This MR contains the following updates:

Package	Change	Type	Update
cachecontrol	`0.14.3` -> `0.14.4`	dependencies	patch
coverage	`7.11.0` -> `7.12.0`	dev	minor
django (changelog)	`4.2.25` -> `4.2.27`	dependencies	patch
editorconfig-checker/editorconfig-checker.python	`3.4.0` -> `3.6.0`	repository	minor
geddit	`2.1.0` -> `2.1.1`	dependencies	patch
google-auth	`2.41.1` -> `2.43.0`	dependencies	minor
pre-commit	`4.3.0` -> `4.5.0`	dev	minor
pre-commit/mirrors-mypy	`v1.18.2` -> `v1.19.0`	repository	minor
ucam-identitylib	`3.4.0` -> `3.4.1`	dependencies	patch
uis/devops/continuous-delivery/ci-templates	`v7.19.2` -> `v7.23.1`	repository	minor

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

psf/cachecontrol (cachecontrol)

`v0.14.4`

Compare Source

What's Changed

build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 in the actions group by @dependabot[bot] in #382
build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 in the actions group by @dependabot[bot] in #383
build(deps): bump astral-sh/setup-uv from 6.0.1 to 6.1.0 in the actions group by @dependabot[bot] in #385
chore(ci): cleanup, add Python 3.14 by @woodruffw in #392
fix typo by @zackzack38 in #388
chore: prepare for 0.14.4 by @woodruffw in #394

New Contributors

@zackzack38 made their first contribution in #388

Full Changelog: https://github.com/psf/cachecontrol/compare/v0.14.3...v0.14.4

coveragepy/coveragepy (coverage)

`v7.12.0`

Compare Source

The HTML report now shows separate coverage totals for statements and branches, as well as the usual combined coverage percentage. Thanks to Ryuta Otsuka for the discussion <issue 2081_>_ and the implementation <pull 2085_>_.
The JSON report now includes separate coverage totals for statements and branches, thanks to Ryuta Otsuka <pull 2090_>_.
Fix: except* clauses were not handled properly under the "sysmon" measurement core, causing KeyError exceptions as described in issue 2086_. This is now fixed.
Fix: we now defend against aggressive mocking of open() that could cause errors inside coverage.py. An example of a failure is in issue 2083_.
Fix: in unusual cases where a test suite intentionally exhausts the system's file descriptors to test handling errors in open(), coverage.py would fail when trying to open source files, as described in issue 2091_. This is now fixed.
A small tweak to the HTML report: file paths now use thin spaces around slashes to make them easier to read.

.. _issue 2081: #2081 .. _issue 2083: #2083 .. _pull 2085: #2085 .. _issue 2086: #2086 .. _pull 2090: #2090 .. _issue 2091: #2091

.. _changes_7-11-3:

`v7.11.3`

Compare Source

Fix: the 7.11.1 changes meant that conflicts between a requested measurement core and other settings would raise an error. This was a breaking change from previous behavior, as reported in issue 2076_ and issue 2078_.

The previous behavior has been restored: when the requested core conflicts with other settings, another core is used instead, and a warning is issued.
For contributors: the repo has moved from Ned's nedbat GitHub account_ to the coveragepy GitHub organization_. The default branch has changed from master to main.

.. _issue 2076: #2076 .. _issue 2078: #2078 .. _nedbat GitHub account: https://github.com/nedbat .. _coveragepy GitHub organization: https://github.com/coveragepy

.. _changes_7-11-2:

`v7.11.2`

Compare Source

Fix: using the "sysmon" measurement core in 7.11.1, if Python code was claimed to come from a non-Python file, a NotPython exception could be raised. This could happen for example with Jinja templates compiled to Python, as reported in issue 2077_. This is now fixed.
Doc: corrected the first entry in the 7.11.1 changelog.

.. _issue 2077: #2077

.. _changes_7-11-1:

`v7.11.1`

Compare Source

Fix: some chanages to details of how the measurement core is chosen, and how conflicting settings are handled. The "sysmon" core cannot be used with some conurrency settings, with dynamic context, and in Python 3.12/3.13, with branch measurement.
- If the core is not specified and defaults to "sysmon" (Python 3.14+), but other settings conflict with sysmon, then the "ctrace" core will be used instead with no warning. For concurrency conflicts, this used to produce an error, as described in issue 2064_.
- If the "sysmon" core is explicitly requested in your configuration, but other settings conflict, an error is now raised. This used to produce a warning.
Fix: some multi-line case clauses or for loops (and probably other constructs) could cause incorrect claims of missing branches with the sys.monitoring core, as described in issue 2070_. This is now fixed.
Fix: when running in pytest under coverage, a breakpoint() would stop in the wrong frame, one level down from where it should, as described in issue 1420_. This was due to a coverage change in v6.4.1 that seemed to give a slight performance improvement, but I couldn't reproduce the performance gain, so it's been reverted, fixing the debugger problem.
A new debug option --debug=core shows which core is in use and why.
Split sqlite debugging information out of the sys :ref:coverage debug <cmd_debug> and :ref:cmd_run_debug options since it's bulky and not very useful.
Updated the :ref:howitworks page to better describe the three different measurement cores.

.. _issue 1420: #1420 .. _issue 2064: #2064 .. _issue 2070: #2070

.. _changes_7-11-0:

django/django (django)

`v4.2.27`

Compare Source

`v4.2.26`

Compare Source

editorconfig-checker/editorconfig-checker.python (editorconfig-checker/editorconfig-checker.python)

googleapis/google-auth-library-python (google-auth)

`v2.43.0`

Compare Source

Features

Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#1859) Add public wrapper for check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected. Also, fix check_use_client_cert to return boolean value. Change #1848 added the check_use_client_cert method that helps know if client cert should be used for mTLS connection. However, that was in a private class, thus, created a public wrapper of the same function so that it can be used by python Client Libraries. Also, updated check_use_client_cert to return a boolean value instead of existing string value for better readability and future scope. --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#1848) The Python SDK will use a hybrid approach for mTLS enablement:

If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set (either true or false), the SDK will respect that setting. This is necessary for test scenarios and users who need to explicitly control mTLS behavior.
If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not set, the SDK will automatically enable mTLS only if it detects Managed Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF) certificate sources. In other cases where the variable is not set, mTLS will remain disabled. ** This change also adds the helper method check_use_client_cert and it's unit test, which will be used for checking the criteria for setting the mTLS to true ** This change is only for Auth-Library, other changes will be created for Client-Library use-cases. --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

onboard google-auth to librarian (#1838) This MR onboards google-auth library to the Librarian system. Wait for #1819. (c503eaa511357d7a76cc1e1f1d3a3be2dabd5bca)

`v2.42.1`

Compare Source

Bug Fixes

Catch ValueError for json.loads() (#1842) (b074cad)

`v2.42.0`

Compare Source

Features

Add trust boundary support for external accounts. (#1809) (36ecb1d)

Bug Fixes

Read scopes from ADC json for impersoanted cred (#1820) (62c0fc8)

pre-commit/pre-commit (pre-commit)

`v4.5.0`

Compare Source

==================

Features

Add pre-commit hazmat.
- #3585 MR by @asottile.

`v4.4.0`

Compare Source

==================

Features

Add --fail-fast option to pre-commit run.
- #3528 MR by @JulianMaurin.
Upgrade ruby-build / rbenv.
- #3566 MR by @asottile.
- #3565 issue by @MRigal.
Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
- #3577 MR by @asottile.
Add support docker-in-docker detection for cgroups v2.
- #3535 MR by @br-rhrbacek.
- #3360 issue by @JasonAlt.

Fixes

Handle when docker gives SecurityOptions: null.
- #3537 MR by @asottile.
- #3514 issue by @jenstroeger.
Fix error context for invalid stages in .pre-commit-config.yaml.
- #3576 MR by @asottile.