Conversation
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
#65) Before you open a pull request, note that this repository is forked from [here](https://github.com/docascode/sphinx-docfx-yaml/). Unless the issue you're trying to solve is unique to this specific repository, please file an issue and/or send changes upstream to the original as well. __________________________________________________________________ Python-api-core is another repo that is not using templated Noxfile.py for various reasons (see discussion on googleapis/python-api-core#219), and we'll need to update it manually when we need Sphinx version updates. > It's a good idea to open an issue first for discussion. - [x] Tests pass - [ ] Appropriate changes to README are included in PR
* chore: allow testing plugin without running nox * chore: update comment * chore: Update .kokoro/generate-docs.sh Co-authored-by: Tyler Bui-Palsulich <26876514+tbpg@users.noreply.github.com> Co-authored-by: Tyler Bui-Palsulich <26876514+tbpg@users.noreply.github.com>
* feat: add short snippet for missing summary * feat: add summary for index pages
* feat: deduplicate all entry names in yaml_data * test: update unittest for disambiguate_toc_name
Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com>
* feat: add subPackage types * fix: update type in summary and use markdown to highlight names * fix: use short and disambiguated names * nit: update to f string for single-line string
* feat: add subclasses to children and reference * chore: lint * nit: update comment to clarify confusion
Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com>
* accept change from upstream * feat: add full support for xrefs * test: update test case * fix: expand xref format for proper processing * test: update unit test * fix: handle xrefs for other products in the future
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* fix: allow bracketed xref to work * test: update unit test * test: update to include xref checking in unit test
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* fix: parse xrefs differently with new xref format * fix: update Docstring parser * test: update unit test * fix: move error catching to another block * test: update unittest to include error scenarios * fix: clean up messy formatting
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Source-Link: googleapis/synthtool@facee4c Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:9743664022bd63a8084be67f144898314c7ca12f0a03e422ac17c733c129d803 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
* fix: recover lost arguments to functions * fix: add default argument types * fix: work for None type arguments * fix: omit variables without types * chore: update comment about default arguments * chore: fix to make comment more readable
* feat: group left-nav entries by versions * fix: remove uid from package groups, fix index * fix: disambiguate only on index and not on toc * chore: add unit test
* fix: retrieve file name as much as possible * fix: use default return when there are duplicates
* feat: add markdown page support * feat: add sphinx-markdown-builder in the plugin * chore: add docuploader to setup.py * test: skip running markdown builder for unittest * chore: fix Kokoro * test: run Kokoro test against head of the branch only * chore: update comments * fix: address comments from PR * fix: lint updates * test: add unit test coverage for new function added * revert(test): revert testing only against HEAD * chore: update comment with issues referenced inline * test: add test case with space after the hashtag
* fix: use the uid when applicalbe for toc entries * test: use latest build for Kokoro * test: revert kokoro setting * test: update test case * fix: remove check_name_with_uid function * chore: lint update
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Bumps [h11](https://github.com/python-hyper/h11) from 0.14.0 to 0.16.0. - [Commits](python-hyper/h11@v0.14.0...v0.16.0) --- updated-dependencies: - dependency-name: h11 dependency-version: 0.16.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: add support for formatting broken argspec entities * test: add unit test * test: update unit test
Bumps [django](https://github.com/django/django) from 4.2.18 to 4.2.25. - [Commits](django/django@4.2.18...4.2.25) --- updated-dependencies: - dependency-name: django dependency-version: 4.2.25 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Daniel Sanche <d.sanche14@gmail.com> Co-authored-by: Daniel Sanche <sanche@google.com>
* chore: cleanup string.format to f-strings * chore: fix cases where fstrings are not possible
* chore: add type hints and docstrings * chore: fix minor adjustments * test: revert unintended changes
Source-Link: googleapis/synthtool@6702a34 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:fbbc8db67afd8b7d71bf694c5081a32da0c528eba166fbcffb3b6e56ddf907d5 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Lingqing Gan <lingqing.gan@gmail.com>
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.6</h2> <p>This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.6/">https://pypi.org/project/Jinja2/3.1.6/</a> Changes: <a href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6">https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <a href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7">https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.6</h2> <p>Released 2025-03-05</p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:<code>cpwx-vrp4-4pq7</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679"><code>1520688</code></a> release version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"><code>90457bb</code></a> Merge commit from fork</li> <li><a href="https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7"><code>065334d</code></a> attr filter uses env.getattr</li> <li><a href="https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145"><code>033c200</code></a> start version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35"><code>bc68d4e</code></a> use global contributing guide (<a href="https://redirect.github.com/pallets/jinja/issues/2070">#2070</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486"><code>247de5e</code></a> use global contributing guide</li> <li><a href="https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f"><code>ab8218c</code></a> use project advisory link instead of global</li> <li><a href="https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2"><code>b4ffc8f</code></a> release version 3.1.5 (<a href="https://redirect.github.com/pallets/jinja/issues/2066">#2066</a>)</li> <li>See full diff in <a href="https://github.com/pallets/jinja/compare/3.1.5...3.1.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/googleapis/sphinx-docfx-yaml/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victor Chudnovsky <vchudnov@google.com>
Bug ID: b/479543683
Replace old teams (dkp, onramp) with dkp-team. b/478003109
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://redirect.github.com/psf/black) ([changelog](https://redirect.github.com/psf/black/blob/main/CHANGES.md)) | `==25.9.0` → `==26.3.1` |  |  | ### GitHub Vulnerability Alerts #### [CVE-2026-32274](https://redirect.github.com/psf/black/security/advisories/GHSA-3936-cmfr-pm3m) ### Impact Black writes a cache file, the name of which is computed from various formatting options. The value of the `--python-cell-magics` option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. ### Patches Fixed in Black 26.3.1. ### Workarounds Do not allow untrusted user input into the value of the `--python-cell-magics` option. --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.3.1`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2631) [Compare Source](https://redirect.github.com/psf/black/compare/26.3.0...26.3.1) ##### Stable style - Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely ([#​5038](https://redirect.github.com/psf/black/issues/5038)) ##### Configuration - Always hash cache filename components derived from `--python-cell-magics` so custom magic names cannot affect cache paths ([#​5038](https://redirect.github.com/psf/black/issues/5038)) ##### *Blackd* - Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure ([#​5039](https://redirect.github.com/psf/black/issues/5039)) ### [`v26.3.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2630) [Compare Source](https://redirect.github.com/psf/black/compare/26.1.0...26.3.0) ##### Stable style - Don't double-decode input, causing non-UTF-8 files to be corrupted ([#​4964](https://redirect.github.com/psf/black/issues/4964)) - Fix crash on standalone comment in lambda default arguments ([#​4993](https://redirect.github.com/psf/black/issues/4993)) - Preserve parentheses when `# type: ignore` comments would be merged with other comments on the same line, preventing AST equivalence failures ([#​4888](https://redirect.github.com/psf/black/issues/4888)) ##### Preview style - Fix bug where `if` guards in `case` blocks were incorrectly split when the pattern had a trailing comma ([#​4884](https://redirect.github.com/psf/black/issues/4884)) - Fix `string_processing` crashing on unassigned long string literals with trailing commas (one-item tuples) ([#​4929](https://redirect.github.com/psf/black/issues/4929)) - Simplify implementation of the power operator "hugging" logic ([#​4918](https://redirect.github.com/psf/black/issues/4918)) ##### Packaging - Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments ([#​4930](https://redirect.github.com/psf/black/issues/4930)) ##### Performance - Introduce winloop for windows as an alternative to uvloop ([#​4996](https://redirect.github.com/psf/black/issues/4996)) - Remove deprecated function `uvloop.install()` in favor of `uvloop.new_event_loop()` ([#​4996](https://redirect.github.com/psf/black/issues/4996)) - Rename `maybe_install_uvloop` function to `maybe_use_uvloop` to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop ([#​4996](https://redirect.github.com/psf/black/issues/4996)) ##### Output - Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch ([#​4983](https://redirect.github.com/psf/black/issues/4983)) ##### *Blackd* - Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. ([#​4996](https://redirect.github.com/psf/black/issues/4996)) ##### Integrations - Remove unused gallery script ([#​5030](https://redirect.github.com/psf/black/issues/5030)) - Harden parsing of `black` requirements in the GitHub Action when `use_pyproject` is enabled so that only version specifiers are accepted and direct references such as `black @​ https://...` are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using `psf/black@stable`, and is independent of the version of Black installed by the action. ([#​5031](https://redirect.github.com/psf/black/issues/5031)) ##### Documentation - Expand preview style documentation with detailed examples for `wrap_comprehension_in`, `simplify_power_operator_hugging`, and `wrap_long_dict_values_in_parens` features ([#​4987](https://redirect.github.com/psf/black/issues/4987)) - Add detailed documentation for formatting Jupyter Notebooks ([#​5009](https://redirect.github.com/psf/black/issues/5009)) ### [`v26.1.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](https://redirect.github.com/psf/black/compare/25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#​4892](https://redirect.github.com/psf/black/issues/4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#​4489](https://redirect.github.com/psf/black/issues/4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#​4800](https://redirect.github.com/psf/black/issues/4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#​4764](https://redirect.github.com/psf/black/issues/4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#​4777](https://redirect.github.com/psf/black/issues/4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#​1879](https://redirect.github.com/psf/black/issues/1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#​4710](https://redirect.github.com/psf/black/issues/4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#​4720](https://redirect.github.com/psf/black/issues/4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#​4865](https://redirect.github.com/psf/black/issues/4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#​4645](https://redirect.github.com/psf/black/issues/4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#​4253](https://redirect.github.com/psf/black/issues/4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#​4958](https://redirect.github.com/psf/black/issues/4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#​4952](https://redirect.github.com/psf/black/issues/4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#​4611](https://redirect.github.com/psf/black/issues/4611)) ### [`v25.12.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#25120) [Compare Source](https://redirect.github.com/psf/black/compare/25.11.0...25.12.0) ##### Highlights - Black no longer supports running with Python 3.9 ([#​4842](https://redirect.github.com/psf/black/issues/4842)) ##### Stable style - Fix bug where comments preceding `# fmt: off`/`# fmt: on` blocks were incorrectly removed, particularly affecting Jupytext's `# %% [markdown]` comments ([#​4845](https://redirect.github.com/psf/black/issues/4845)) - Fix crash when multiple `# fmt: skip` comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines ([#​4872](https://redirect.github.com/psf/black/issues/4872)) - Fix possible crash when `fmt: ` directives aren't on the top level ([#​4856](https://redirect.github.com/psf/black/issues/4856)) ##### Preview style - Fix `fmt: skip` skipping the line after instead of the line it's on ([#​4855](https://redirect.github.com/psf/black/issues/4855)) - Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#​4865](https://redirect.github.com/psf/black/issues/4865)) - Fix `fix_fmt_skip_in_one_liners` crashing on `with` statements ([#​4853](https://redirect.github.com/psf/black/issues/4853)) - Fix `fix_fmt_skip_in_one_liners` crashing on annotated parameters ([#​4854](https://redirect.github.com/psf/black/issues/4854)) - Fix new lines being added after imports with `# fmt: skip` on them ([#​4894](https://redirect.github.com/psf/black/issues/4894)) ##### Packaging - Releases now include arm64 Windows binaries and wheels ([#​4814](https://redirect.github.com/psf/black/issues/4814)) ##### Integrations - Add `output-file` input to GitHub Action `psf/black` to write formatter output to a file for artifact capture and log cleanliness ([#​4824](https://redirect.github.com/psf/black/issues/4824)) ### [`v25.11.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#25110) [Compare Source](https://redirect.github.com/psf/black/compare/25.9.0...25.11.0) ##### Highlights - Enable base 3.14 support ([#​4804](https://redirect.github.com/psf/black/issues/4804)) - Add support for the new Python 3.14 t-string syntax introduced by PEP 750 ([#​4805](https://redirect.github.com/psf/black/issues/4805)) ##### Stable style - Fix bug where comments between `# fmt: off` and `# fmt: on` were reformatted ([#​4811](https://redirect.github.com/psf/black/issues/4811)) - Comments containing fmt directives now preserve their exact formatting instead of being normalized ([#​4811](https://redirect.github.com/psf/black/issues/4811)) ##### Preview style - Move `multiline_string_handling` from `--unstable` to `--preview` ([#​4760](https://redirect.github.com/psf/black/issues/4760)) - Fix bug where module docstrings would be treated as normal strings if preceded by comments ([#​4764](https://redirect.github.com/psf/black/issues/4764)) - Fix bug where python 3.12 generics syntax split line happens weirdly ([#​4777](https://redirect.github.com/psf/black/issues/4777)) - Standardize type comments to form `# type: <value>` ([#​4645](https://redirect.github.com/psf/black/issues/4645)) - Fix `fix_fmt_skip_in_one_liners` preview feature to respect `# fmt: skip` for compound statements with semicolon-separated bodies ([#​4800](https://redirect.github.com/psf/black/issues/4800)) ##### Configuration - Add `no_cache` option to control caching behavior. ([#​4803](https://redirect.github.com/psf/black/issues/4803)) ##### Packaging - Releases now include arm64 Linux binaries ([#​4773](https://redirect.github.com/psf/black/issues/4773)) ##### Output - Write unchanged content to stdout when excluding formatting from stdin using pipes ([#​4610](https://redirect.github.com/psf/black/issues/4610)) ##### *Blackd* - Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd ([#​4774](https://redirect.github.com/psf/black/issues/4774)) ##### Integrations - Enable 3.14 base CI ([#​4804](https://redirect.github.com/psf/black/issues/4804)) - Enhance GitHub Action `psf/black` to support the `required-version` major-version-only "stability" format when using pyproject.toml ([#​4770](https://redirect.github.com/psf/black/issues/4770)) - Improve error message for vim plugin users. It now handles independently vim version - Vim: Warn on unsupported Vim and Python versions independently ([#​4772](https://redirect.github.com/psf/black/issues/4772)) - Vim: Print the import paths when importing black fails ([#​4675](https://redirect.github.com/psf/black/issues/4675)) - Vim: Fix handling of virtualenvs that have a different Python version ([#​4675](https://redirect.github.com/psf/black/issues/4675)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/sphinx-docfx-yaml). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Bumps [django](https://github.com/django/django) from 4.2.25 to 4.2.29. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/django/django/commit/f2ec75efbcf4d1ed63f135e5f8ff5f0463175312"><code>f2ec75e</code></a> [4.2.x] Bumped version for 4.2.29 release.</li> <li><a href="https://github.com/django/django/commit/54b50bf7d6dcbf02d4c01f853627cc9299d4934d"><code>54b50bf</code></a> [4.2.x] Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions o...</li> <li><a href="https://github.com/django/django/commit/b3e8ec8cc310489fe80174b14b11edb970d682ea"><code>b3e8ec8</code></a> [4.2.x] Fixed CVE-2026-25673 -- Simplified URLField scheme detection.</li> <li><a href="https://github.com/django/django/commit/e52ff00856cce3a2b05d244ee98dc2b8d9fcf3a9"><code>e52ff00</code></a> [4.2.x] Added stub release notes and release date for 4.2.29.</li> <li><a href="https://github.com/django/django/commit/e0896dfe83cce33b5cae3fcf0bbbef89e92b4bc6"><code>e0896df</code></a> [4.2.x] Added CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, C...</li> <li><a href="https://github.com/django/django/commit/609d5526f0c4f8904ffabbce96cdb31953ffa92f"><code>609d552</code></a> [4.2.x] Post-release version bump.</li> <li><a href="https://github.com/django/django/commit/20c71f6b91324cf401056c72136c14e0ec2bf7bf"><code>20c71f6</code></a> [4.2.x] Bumped version for 4.2.28 release.</li> <li><a href="https://github.com/django/django/commit/881ff2c4830f95fa844d8de5977c06205d45368f"><code>881ff2c</code></a> [4.2.x] Refs CVE-2026-1312 -- Raised ValueError when FilteredRelation aliases...</li> <li><a href="https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314"><code>90f5b10</code></a> [4.2.x] Fixed CVE-2026-1312 -- Protected order_by() from SQL injection via al...</li> <li><a href="https://github.com/django/django/commit/f75f8f3597e1ce351d5ac08b6ba7ebd9dadd9b5d"><code>f75f8f3</code></a> [4.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column alia...</li> <li>Additional commits viewable in <a href="https://github.com/django/django/compare/4.2.25...4.2.29">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/googleapis/sphinx-docfx-yaml/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.19 to 2.6.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](urllib3/urllib3#3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](urllib3/urllib3#3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](urllib3/urllib3#3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](urllib3/urllib3#3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move "v2.0 Migration Guide" to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.19...2.6.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/googleapis/sphinx-docfx-yaml/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p> <blockquote> <h2>2.12.0</h2> <h2>Security</h2> <ul> <li>Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by <a href="https://github.com/dmbs335"><code>@dmbs335</code></a> in <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f">GHSA-752w-5fwx-jx9f</a></li> </ul> <h2>What's Changed</h2> <ul> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1132">jpadilla/pyjwt#1132</a></li> <li>chore(docs): fix docs build by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li>Annotate PyJWKSet.keys for pyright by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1134">jpadilla/pyjwt#1134</a></li> <li>fix: close HTTPError to prevent ResourceWarning on Python 3.14 by <a href="https://github.com/veeceey"><code>@veeceey</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> <li>chore: remove superfluous constants by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1136">jpadilla/pyjwt#1136</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1135">jpadilla/pyjwt#1135</a></li> <li>chore(tests): enable mypy by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1138">jpadilla/pyjwt#1138</a></li> <li>Bump actions/download-artifact from 7 to 8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1142">jpadilla/pyjwt#1142</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1141">jpadilla/pyjwt#1141</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1145">jpadilla/pyjwt#1145</a></li> <li>fix: do not store reference to algorithms dict on PyJWK by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1143">jpadilla/pyjwt#1143</a></li> <li>Use PyJWK algorithm when encoding without explicit algorithm by <a href="https://github.com/jpadilla"><code>@jpadilla</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1148">jpadilla/pyjwt#1148</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tamird"><code>@tamird</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li><a href="https://github.com/veeceey"><code>@veeceey</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0">https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0</a></p> <h2>2.11.0</h2> <h2>What's Changed</h2> <ul> <li>Fixed type error in comment by <a href="https://github.com/shuhaib-aot"><code>@shuhaib-aot</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1026">jpadilla/pyjwt#1026</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1018">jpadilla/pyjwt#1018</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1033">jpadilla/pyjwt#1033</a></li> <li>Make note of use of leeway with nbf by <a href="https://github.com/djw8605"><code>@djw8605</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1034">jpadilla/pyjwt#1034</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1035">jpadilla/pyjwt#1035</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/964">#964</a>: Validate key against allowed types for Algorithm family by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/985">jpadilla/pyjwt#985</a></li> <li>Feat <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1024">#1024</a>: Add iterator for PyJWKSet by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1041">jpadilla/pyjwt#1041</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1039">#1039</a>: Add iss, issuer type checks by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1040">jpadilla/pyjwt#1040</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/660">#660</a>: Improve typing/logic for <code>options</code> in decode, decode_complete; Improve docs by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1045">jpadilla/pyjwt#1045</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1042">jpadilla/pyjwt#1042</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1052">jpadilla/pyjwt#1052</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1053">jpadilla/pyjwt#1053</a></li> <li>Fix <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1022">#1022</a>: Map <code>algorithm=None</code> to "none" by <a href="https://github.com/qqii"><code>@qqii</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1056">jpadilla/pyjwt#1056</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1055">jpadilla/pyjwt#1055</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1058">jpadilla/pyjwt#1058</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1060">jpadilla/pyjwt#1060</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1061">jpadilla/pyjwt#1061</a></li> <li>Fixes <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1047">#1047</a>: Correct <code>PyJWKClient.get_signing_key_from_jwt</code> annotation by <a href="https://github.com/khvn26"><code>@khvn26</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1048">jpadilla/pyjwt#1048</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1062">jpadilla/pyjwt#1062</a></li> <li>Fixed doc string typo in _validate_jti() function <a href="https://redirect.github.com/jpadilla/pyjwt/issues/1063">#1063</a> by <a href="https://github.com/kuldeepkhatke"><code>@kuldeepkhatke</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1064">jpadilla/pyjwt#1064</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1065">jpadilla/pyjwt#1065</a></li> <li>Update SECURITY.md by <a href="https://github.com/auvipy"><code>@auvipy</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1057">jpadilla/pyjwt#1057</a></li> <li>Typing fix: use <code>float</code> instead of <code>int</code> for <code>lifespan</code> and <code>timeout</code> by <a href="https://github.com/nikitagashkov"><code>@nikitagashkov</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1068">jpadilla/pyjwt#1068</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1067">jpadilla/pyjwt#1067</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0></code>__</h2> <p>Fixed</p> <pre><code> - Annotate PyJWKSet.keys for pyright by @tamird in `[#1134](jpadilla/pyjwt#1134) <https://github.com/jpadilla/pyjwt/pull/1134>`__ - Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @veeceey in `[#1133](jpadilla/pyjwt#1133) <https://github.com/jpadilla/pyjwt/pull/1133>`__ - Do not keep ``algorithms`` dict in PyJWK instances by @akx in `[#1143](jpadilla/pyjwt#1143) <https://github.com/jpadilla/pyjwt/pull/1143>`__ - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__ - Use PyJWK algorithm when encoding without explicit algorithm in `[#1148](jpadilla/pyjwt#1148) <https://github.com/jpadilla/pyjwt/pull/1148>`__ <p>Added </code></pre></p> <ul> <li>Docs: Add <code>PyJWKClient</code> API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).</li> </ul> <h2><code>v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0></code>__</h2> <p>Fixed</p> <pre><code> - Enforce ECDSA curve validation per RFC 7518 Section 3.4. - Fix build system warnings by @kurtmckee in `[#1105](jpadilla/pyjwt#1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__ - Validate key against allowed types for Algorithm family in `[#964](jpadilla/pyjwt#964) <https://github.com/jpadilla/pyjwt/pull/964>`__ - Add iterator for JWKSet in `[#1041](jpadilla/pyjwt#1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__ - Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](jpadilla/pyjwt#1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__ - Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](jpadilla/pyjwt#1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__ - Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](jpadilla/pyjwt#1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__ - Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](jpadilla/pyjwt#1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__ - Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](jpadilla/pyjwt#1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__ - Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in `[#1112](jpadilla/pyjwt#1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__ <p>Added </code></pre></p> <ul> <li>Support Python 3.14, and test against PyPy 3.10 and 3.11 by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1104](jpadilla/pyjwt#1104) <https://github.com/jpadilla/pyjwt/pull/1104></code>__</li> <li>Development: Migrate to <code>build</code> to test package building in CI by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1108](jpadilla/pyjwt#1108) <https://github.com/jpadilla/pyjwt/pull/1108></code>__</li> <li>Development: Improve coverage config and eliminate unused test suite code by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1115](jpadilla/pyjwt#1115) <https://github.com/jpadilla/pyjwt/pull/1115></code>__</li> <li>Docs: Standardize CHANGELOG links to PRs by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1110](jpadilla/pyjwt#1110) <https://github.com/jpadilla/pyjwt/pull/1110></code>__</li> <li>Docs: Fix Read the Docs builds by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1111](jpadilla/pyjwt#1111) <https://github.com/jpadilla/pyjwt/pull/1111></code>__</li> <li>Docs: Add example of using leeway with nbf by <a href="https://github.com/djw8605"><code>@djw8605</code></a> in <code>[#1034](jpadilla/pyjwt#1034) <https://github.com/jpadilla/pyjwt/pull/1034></code>__</li> <li>Docs: Refactored docs with <code>autodoc</code>; added <code>PyJWS</code> and <code>jwt.algorithms</code> docs by <a href="https://github.com/pachewise"><code>@pachewise</code></a> in <code>[#1045](jpadilla/pyjwt#1045) <https://github.com/jpadilla/pyjwt/pull/1045></code>__</li> <li>Docs: Documentation improvements for "sub" and "jti" claims by <a href="https://github.com/cleder"><code>@cleder</code></a> in <code>[#1088](jpadilla/pyjwt#1088) <https://github.com/jpadilla/pyjwt/pull/1088></code>__</li> <li>Development: Add pyupgrade as a pre-commit hook by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <code>[#1109](jpadilla/pyjwt#1109) <https://github.com/jpadilla/pyjwt/pull/1109></code>__</li> <li>Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via <code>InsecureKeyLengthWarning</code> when keys are below</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2"><code>bd9700c</code></a> Use PyJWK algorithm when encoding without explicit algorithm (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1148">#1148</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92"><code>051ea34</code></a> Merge commit from fork</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1451d70eca2059bc472703692f0bb0777bc0fe93"><code>1451d70</code></a> fix: do not store reference to algorithms dict on PyJWK (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1143">#1143</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/f3ba74c106df9ce10e272dfaad96acb4ab3ef5a5"><code>f3ba74c</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1145">#1145</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/0318ffa7b156b01600376e38952bf961382e0724"><code>0318ffa</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1141">#1141</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/a52753db3c1075ac01337fa8b7cc92b13a19ac09"><code>a52753d</code></a> Bump actions/download-artifact from 7 to 8 (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1142">#1142</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/b85050f1d444c6828bb4618ee764443b0a3f5d18"><code>b85050f</code></a> chore(tests): enable mypy (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1138">#1138</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1272b264779717cc481c8341f321a7fc8b3aaba6"><code>1272b26</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1135">#1135</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/99a87287c26cb97c94399084ee4186ee52207a7f"><code>99a8728</code></a> chore: remove superfluous constants (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1136">#1136</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/412cb67a93363812ae4029d6a95f5d4d40ab2609"><code>412cb67</code></a> fix: close HTTPError to prevent ResourceWarning on Python 3.14 (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1133">#1133</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.4.0...2.12.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/googleapis/sphinx-docfx-yaml/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Lee <71398022+dandhlee@users.noreply.github.com>
…n' into migration.sphinx-docfx-yaml.migration.2026-03-25_00-16-05.migrate
Contributor
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request consolidates the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request migrates the gcp-sphinx-docfx-yaml package to a new monorepo structure, involving extensive updates across GitHub configurations, Kokoro build scripts, and project metadata files. Key changes include updating CODEOWNERS, issue templates, CI/CD workflows, and dependency management. The review highlights several critical issues: f-string syntax errors in docfx_yaml/extension.py, outdated repository paths in Kokoro configurations, and incorrect URLs in .repo-metadata.json, CHANGELOG.md, and bug_report.md. Additionally, there's a typo in an error message and suggestions to improve logging practices by directing error/warning messages to sys.stderr and using consistent command substitution syntax in shell scripts.
I am having trouble creating individual review comments. Click here to see my feedback.
packages/gcp-sphinx-docfx-yaml/docfx_yaml/extension.py (600-601)
The f-string for this ValueError is split across two lines, which will result in a SyntaxError. It should be combined into a single line.
raise ValueError(f"Content in the block should be indented.Please check the docstring: \n{summary}")packages/gcp-sphinx-docfx-yaml/docfx_yaml/extension.py (625-626)
The f-string for this ValueError is split across two lines, which will result in a SyntaxError. It should be combined into a single line.
raise ValueError("Content in the block should be indented."f"Please check the docstring: \n{summary}")packages/gcp-sphinx-docfx-yaml/.kokoro/continuous/common.cfg (17-26)
The paths for build_file and TRAMPOLINE_BUILD_FILE seem to refer to the old repository structure (sphinx-docfx-yaml). Since the code is being migrated to packages/gcp-sphinx-docfx-yaml, these paths might need to be updated to reflect the new location within the monorepo (e.g., packages/gcp-sphinx-docfx-yaml/.kokoro/trampoline.sh). This same issue appears to be present in docs/common.cfg and presubmit/common.cfg as well. Please verify that these paths are correct for the new repository structure.
packages/gcp-sphinx-docfx-yaml/.repo-metadata.json (4-9)
The URLs for product_documentation, client_documentation, issue_tracker, and the repo field appear to point to the old repository (googleapis/sphinx-docfx-yaml). Since this PR is migrating the code, these values should be updated to reflect the new location.
packages/gcp-sphinx-docfx-yaml/.github/ISSUE_TEMPLATE/bug_report.md (13)
This link points to the old repository's issues. It should be updated to point to the new issue tracker for this package. This value is likely derived from .repo-metadata.json, which also seems to contain outdated information.
packages/gcp-sphinx-docfx-yaml/.kokoro/generate-docs.sh (91)
For consistency and to avoid potential issues with nesting, it's better to use $(...) for command substitution instead of backticks.
GITHUB_TAGS=$(git describe --tags $(git rev-list --tags --max-count=1))
packages/gcp-sphinx-docfx-yaml/CHANGELOG.md (7)
The links in the changelog, such as the one on this line, point to the old repository googleapis/sphinx-docfx-yaml. These should be updated to reflect the new repository structure.
packages/gcp-sphinx-docfx-yaml/docfx_yaml/extension.py (80-81)
It's a best practice to write error messages to sys.stderr rather than sys.stdout. This allows for better separation of standard output and error streams. You'll need to import the sys module.
print(Bcolors.FAIL + 'can not import conf.py! ' 'you should have a conf.py in working project folder' + Bcolors.ENDC, file=sys.stderr)packages/gcp-sphinx-docfx-yaml/docfx_yaml/extension.py (432)
There is a typo in the error message. "enoucntered" should be "encountered".
raise ValueError(f"Wrong formatting encountered for \n{line}")
packages/gcp-sphinx-docfx-yaml/docfx_yaml/extension.py (1475)
This error message should be printed to sys.stderr instead of sys.stdout for better error handling and stream separation. You'll need to import the sys module.
print(f"Could not format the given code: \n{e})", file=sys.stderr)
packages/gcp-sphinx-docfx-yaml/docfx_yaml/writer.py (1157)
System message warnings should be printed to sys.stderr to separate them from standard output. You'll need to import the sys module.
print(bcolors.WARNING + "System message warnings: %s" % node.astext() + bcolors.ENDC, file=sys.stderr)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See #15998.
This PR should be merged with a merge-commit, not a squash-commit, in order to preserve the git history.