fix(deps): update all non-major dependencies (!13) · Merge requests · Information Services / DevOps / Identity and Access Management / Lookup (Ibis) / Institution Mapping Tool

This MR contains the following updates:

Package	Change	Type	Update
PyYAML (source)	`6.0.2` → `6.0.3`	dependencies	patch
google-auth	`2.40.3` → `2.48.0`	dependencies	minor
oracledb (changelog)	`3.3.0` → `3.4.2`	dependencies	minor
pydantic (changelog)	`1.10.23` → `1.10.26`	dependencies	patch
python	`>=3.10,<3.12` → `>=3.14,<3.15`	dependencies	minor
registry.gitlab.developers.cam.ac.uk/uis/devops/lib/ucam-faas-python	`0.17.2` → `0.21.0`	final	minor

Release Notes

yaml/pyyaml (PyYAML)

`v6.0.3`

Compare Source

What's Changed

Support for Python 3.14 and free-threading (experimental).

Full Changelog: https://github.com/yaml/pyyaml/compare/6.0.2...6.0.3

googleapis/google-auth-library-python (google-auth)

`v2.48.0`

Compare Source

Features

add cryptography as required dependency (#1929) (52558ae2881b1e6555f6f5c0d76365c15807ead9)
Support the mTLS IAM domain for Certificate based Access (#1938) (8dcf91a1b05c85fbbd0bcee78d66e498099102ab)
add configurable GCE Metadata Server retries (#1488) (454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37)
honor NO_GCE_CHECK environment variable (#1610) (383c9827536d9376e8248370ce4c2b83e468d027)

Bug Fixes

resolve circular imports (#1942) (25c1b064545702cbef087cfcd15fbbb6ef1af74f)
removes content-header from AWS IMDS get request (#1934) (97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc)
detect correct auth when ADC env var is set but empty (#1374) (bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2)
replace deprecated utcfromtimestamp (#1799) (e431f20cf73ccac71926a23ec454468cea92e053)
Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a24089c4ee6822d510de0db210b54260d873)

`v2.47.0`

Compare Source

Features

drop cachetools dependency in favor of simple local implementation (#1590) (5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4)

Bug Fixes

Python 3.8 support (#1918) (60dc20014a35ec4ba71e8065b9a33ecbdbeca97a)

`v2.46.0`

Compare Source

Documentation

update urllib3 docstrings for v2 compatibility (#1903) (3f1aeea2d1014ea1d244a4c3470e52d74d55404b)

Features

Recognize workload certificate config in has_default_client_cert_source for mTLS for Agentic Identities (#1907) (0b9107d573123e358c347ffa067637f992af61b4)

Bug Fixes

add types to default and verify_token and Request init based on comments in the source code. (#1588) (59a5f588f7793b59d923a4185c8c07738da618f7)
fix the document of secure_authorized_session (#1536) (5d0014707fc359782df5ccfcaa75fd372fe9dce3)
remove setup.cfg configuration for creating universal wheels (#1693) (c767531ce05a89002d109f595187aff1fcaacfb7)
use .read() instead of .content.read() in aiohttp transport (#1899) (12f4470f808809e8abf1141f98d88ab720c3899b)
raise RefreshError for missing token in impersonated credentials (#1897) (94d04e090fdfc61926dd32bc1d65f8820b9cede5)
Fix test coverage for mtls_helper (#1886) (02e71631fe275d93825c2e957e830773e75133f7)

`v2.45.0`

Compare Source

Features

Adding Agent Identity bound token support and handling certificate mismatches with retries (#1890) (b32c934e6b0d09b94c467cd432a0a635e8b05f5c)

`v2.44.0`

Compare Source

Features

support Python 3.14 (#1822) (0f7097e78f247665b6ef0287d482033f7be2ed6d)
add ecdsa p-384 support (#1872) (39c381a5f6881b590025f36d333d12eff8dc60fc)
MDS connections use mTLS (#1856) (0387bb95713653d47e846cad3a010eb55ef2db4c)
Implement token revocation in STS client and add revoke() metho… (#1849) (d5638986ca03ee95bfffa9ad821124ed7e903e63)
Add shlex to correctly parse executable commands with spaces (#1855) (cf6fc3cced78bc1362a7fe596c32ebc9ce03c26b)

Bug Fixes

Use public refresh method for source credentials in ImpersonatedCredentials (#1884) (e0c3296f471747258f6d98d2d9bfde636358ecde)
Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration (#1880) (78de7907b8bdb7b5510e3c6fa8a3f3721e2436d7)
Delegate workload cert and key default lookup to helper function (#1877) (b0993c7edaba505d0fb0628af28760c43034c959)

`v2.43.0`

Compare Source

Features

Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#1859) Add public wrapper for check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected. Also, fix check_use_client_cert to return boolean value. Change #1848 added the check_use_client_cert method that helps know if client cert should be used for mTLS connection. However, that was in a private class, thus, created a public wrapper of the same function so that it can be used by python Client Libraries. Also, updated check_use_client_cert to return a boolean value instead of existing string value for better readability and future scope. --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#1848) The Python SDK will use a hybrid approach for mTLS enablement:

If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set (either true or false), the SDK will respect that setting. This is necessary for test scenarios and users who need to explicitly control mTLS behavior.
If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not set, the SDK will automatically enable mTLS only if it detects Managed Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF) certificate sources. In other cases where the variable is not set, mTLS will remain disabled. ** This change also adds the helper method check_use_client_cert and it's unit test, which will be used for checking the criteria for setting the mTLS to true ** This change is only for Auth-Library, other changes will be created for Client-Library use-cases. --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

onboard google-auth to librarian (#1838) This MR onboards google-auth library to the Librarian system. Wait for #1819. (c503eaa511357d7a76cc1e1f1d3a3be2dabd5bca)

`v2.42.1`

Compare Source

Bug Fixes

Catch ValueError for json.loads() (#1842) (b074cad)

`v2.42.0`

Compare Source

Features

Add trust boundary support for external accounts. (#1809) (36ecb1d)

Bug Fixes

Read scopes from ADC json for impersoanted cred (#1820) (62c0fc8)

`v2.41.1`

Compare Source

Bug Fixes

Suppress deprecation warning for ADC (#1815) (751ce3f)

`v2.41.0`

Compare Source

Features

Add support for cachetools 6.0 (#1773) (af18060)
Add trust boundary support for service accounts and impersonation. (#1778) (99be2ce)

Bug Fixes

Deprecating load_credentials_from_dict (58b66ec)
Deprecating load_credentials_from_file (58b66ec)
Fix type error in credentials.py for python 3.7 and 3.8 (#1805) (c30a6a7)

Documentation

Update user guide to include x509 feature. (#1802) (2d89ab4)

oracle/python-oracledb (oracledb)

`v3.4.2`

Compare Source

python-oracledb 3.4.2 is now released. This release addresses a number of issues. See the full release notes for all of the details.

`v3.4.1`

Compare Source

python-oracledb 3.4.1 is now released. This release addresses a number of issues. See the full release notes for all of the details.

`v3.4.0`

Compare Source

python-oracledb 3.4.0 is now released. This release has the following highlights:

support for Direct Path Load in thin mode for fast data ingestion
support for data frames is no longer considered a pre-release
support for type mapping when querying with data frames
support for ingesting more Apache Arrow data types
support for ingesting Apache Arrow data frames containing multiple chunks
support for cursor.executemany() operating on large input data in batches
fine-grained control over LOB and number handling
new optional install dependencies for plugins

See the full release notes for all of the details.

pydantic/pydantic (pydantic)

`v1.10.26`: 2025-12-18

Compare Source

What's Changed

Fix syntax error under Python 3.7 by @Viicos in #12643

Full Changelog: https://github.com/pydantic/pydantic/compare/v1.10.25...v1.10.26

`v1.10.25`: 2025-12-18

Compare Source

What's Changed

Add minimal support for Python 3.14 by @Viicos in #12636

Full Changelog: https://github.com/pydantic/pydantic/compare/v1.10.24...v1.10.25

This is the final 2.12 release. It features the work of 20 external contributors and provides useful new features, along with initial Python 3.14 support. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

Note that Pydantic V1 is not compatible with Python 3.14 and greater.

Changes (see the alpha and beta releases for additional changes since 2.11):

Packaging

Update V1 copy to v1.10.24 by @Viicos in #12338

New Features

Add extra parameter to the validate functions by @anvilpete in #12233
Add exclude_computed_fields serialization option by @Viicos in #12334
Add preverse_empty_path URL options by @Viicos in #12336
Add union_format parameter to JSON Schema generation by @Viicos in #12147
Add __qualname__ parameter for create_model by @Atry in #12001

Fixes

Do not try to infer name from lambda definitions in pipelines API by @Viicos in #12289
Use proper namespace for functions in TypeAdapter by @Viicos in #12324
Use Any for context type annotation in TypeAdapter by @inducer in #12279
Expose FieldInfo in pydantic.fields.__all__ by @Viicos in #12339
Respect validation_alias in @validate_call by @Viicos in #12340
Use Any as context annotation in plugin API by @Viicos in #12341
Use proper stacklevel in warnings when possible by @Viicos in #12342