Skip to content

Bump google-auth from 2.55.1 to 2.55.2#2142

Merged
JSv4 merged 1 commit into
mainfrom
dependabot/pip/google-auth-2.55.2
Jul 12, 2026
Merged

Bump google-auth from 2.55.1 to 2.55.2#2142
JSv4 merged 1 commit into
mainfrom
dependabot/pip/google-auth-2.55.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps google-auth from 2.55.1 to 2.55.2.

Release notes

Sourced from google-auth's releases.

google-auth: v2.55.2

2.55.2 (2026-07-07)

Bug Fixes

  • auth: Agentic Identites mTLS gaps fix _is_mtls and SslCredentials. (#17387) (7bfa41a)
  • auth: align mTLS discovery and enforce fail-fast transport configuration. (#17470) (f492d3d)
  • auth: handle PermissionError on workload certificates to avoid startup hang and crash (#17568) (f538ad8)
Commits
  • fc6b861 chore: release main (#17600)
  • 9638879 feat: update googleapis and regenerate (#17635)
  • 6a49390 chore: update goldens (#17632)
  • 32862f0 docs(logging): fix StructuredLogHandler docstring parameter name (#17625)
  • d68c11d chore(deps): Bump Pillow version constraint in google-cloud-documentai-toolbo...
  • adf7d27 test(spanner): await database calls in async snippets (#17627)
  • 247e2ad refactor(auth): replace pyOpenSSL with standard ssl and cryptography (#16976)
  • fd0e4b6 chore(spanner): remove unused asyncio import in samples (#17620)
  • f538ad8 fix(auth): handle PermissionError on workload certificates to avoid startup h...
  • 0f4bfed fix: bump gdal from 3.13.0 to 3.13.1 in /packages/bigframes (#17609)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [google-auth](https://github.com/googleapis/google-cloud-python) from 2.55.1 to 2.55.2.
- [Release notes](https://github.com/googleapis/google-cloud-python/releases)
- [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-documentai/CHANGELOG.md)
- [Commits](googleapis/google-cloud-python@google-auth-v2.55.1...google-auth-v2.55.2)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-version: 2.55.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 8, 2026
@claude

claude Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review

This is a routine Dependabot patch bump: google-auth 2.55.1 → 2.55.2, touching a single line in requirements/production.txt.

Assessment:

  • Scope: Minimal, single-dependency version pin change — no application code touched.
  • Release notes: 2.55.2 is a bug-fix-only patch release (mTLS discovery/_is_mtls/SslCredentials fixes, and a fix for a PermissionError on workload certificates causing startup hangs/crashes). No breaking API changes noted upstream.
  • Consistency: google-auth is only pinned in requirements/production.txt (not duplicated in base.txt/local.txt), so there's no risk of version drift between requirement files.
  • Security: This is a safe-direction bump (patch fixing a startup-crash bug), not a downgrade, and doesn't appear tied to a CVE per the PR description — no security concerns.
  • Tests: No test coverage needed for a transitive auth-library patch bump; standard CI should be sufficient to catch any incompatibility (e.g. with google-cloud-* packages that depend on google-auth).

No issues found. Safe to merge if CI passes.

@JSv4 JSv4 merged commit 4896de1 into main Jul 12, 2026
6 checks passed
@JSv4 JSv4 deleted the dependabot/pip/google-auth-2.55.2 branch July 12, 2026 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant