chore(deps): bump the poetry group across 3 directories with 46 updates

[dependabot]

Bumps the poetry group with 46 updates in the / directory:

Package	From	To
pydantic	2.11.3	2.12.5
sqlalchemy	2.0.40	2.0.46
alembic	1.15.2	1.18.3
asyncpg	0.30.0	0.31.0
pyjwt	2.10.1	2.11.0
tenacity	9.1.2	9.1.4
kubernetes	31.0.0	33.1.0
python-ulid	3.0.0	3.1.0
python-gitlab	5.6.0	8.0.0
psycopg	3.2.6	3.3.2
urllib3	2.6.0	2.6.3
authlib	1.6.0	1.6.7
marshmallow	3.26.2	4.2.2
escapism	1.0.1	1.1.0
sentry-sdk	2.26.1	2.52.0
authzed	1.21.1	1.24.2
cryptography	44.0.2	46.0.4
setuptools	75.9.1	82.0.0
kr8s	0.20.7	0.20.15
werkzeug	3.1.3	3.1.5
aiofiles	24.1.0	25.1.0
protobuf	5.29.4	6.33.5
poetry	2.1.2	2.3.2
parsy	2.1	2.2
posthog	3.25.0	7.8.3
markdown-code-runner	2.2.0	2.7.0
bandit	1.8.3	1.9.3
mypy	1.15.0	1.19.1
pytest	8.3.5	8.4.2
pytest-cov	6.1.1	7.0.0
pre-commit	4.2.0	4.5.1
aiosqlite	0.20.0	0.22.1
types-pyyaml	6.0.12.20250402	6.0.12.20250915
schemathesis	3.39.7	4.10.0
pytest-asyncio	0.21.2	1.3.0
pytest-postgresql	6.1.1	8.0.0
ruff	0.8.6	0.15.0
debugpy	1.8.14	1.8.20
pytest-xdist	3.6.1	3.8.0
types-requests	2.32.0.20250328	2.32.4.20260107
types-aiofiles	24.1.0.20250326	25.1.0.20251011
pytest-mock	3.14.0	3.15.1
uvloop	0.21.0	0.22.1
syrupy	4.9.1	5.1.0
ruamel-yaml	0.18.14	0.19.1
datamodel-code-generator	0.28.5	0.53.0

Bumps the poetry group with 25 updates in the /projects/renku_data_service directory:

Package	From	To
pydantic	2.11.3	2.12.5
sqlalchemy	2.0.40	2.0.46
alembic	1.15.2	1.18.3
asyncpg	0.30.0	0.31.0
pyjwt	2.10.1	2.11.0
tenacity	9.1.2	9.1.4
kubernetes	31.0.0	35.0.0
python-ulid	3.0.0	3.1.0
python-gitlab	5.6.0	8.0.0
psycopg	3.2.6	3.3.2
urllib3	2.6.2	2.6.3
authlib	1.6.0	1.6.7
marshmallow	3.26.2	4.2.2
escapism	1.0.1	1.1.0
sentry-sdk	2.26.1	2.52.0
authzed	1.21.1	1.24.2
cryptography	44.0.2	46.0.4
setuptools	75.9.1	82.0.0
kr8s	0.20.7	0.20.15
werkzeug	3.1.3	3.1.5
aiofiles	24.1.0	25.1.0
protobuf	5.29.4	6.33.5
parsy	2.1	2.2
posthog	3.25.0	7.8.3
markdown-code-runner	2.2.0	2.7.0

Bumps the poetry group with 25 updates in the /projects/secrets_storage directory:

Package	From	To
pydantic	2.11.3	2.12.5
sqlalchemy	2.0.40	2.0.46
alembic	1.15.2	1.18.3
asyncpg	0.30.0	0.31.0
pyjwt	2.10.1	2.11.0
tenacity	9.1.2	9.1.4
kubernetes	31.0.0	35.0.0
python-ulid	3.0.0	3.1.0
python-gitlab	5.6.0	8.0.0
psycopg	3.2.6	3.3.2
urllib3	2.6.2	2.6.3
authlib	1.6.0	1.6.7
marshmallow	3.26.1	4.2.2
escapism	1.0.1	1.1.0
sentry-sdk	2.26.1	2.52.0
authzed	1.21.1	1.24.2
cryptography	44.0.2	46.0.4
setuptools	75.9.1	82.0.0
kr8s	0.20.7	0.20.15
werkzeug	3.1.3	3.1.5
aiofiles	24.1.0	25.1.0
protobuf	5.29.4	6.33.5
parsy	2.1	2.2
posthog	3.25.0	7.8.3
markdown-code-runner	2.2.0	2.7.0

Updates pydantic from 2.11.3 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

• Fix issue with forward references in parent TypedDict classes by @​Viicos in #12427.

  This issue is only relevant on Python 3.14 and greater.

• Exclude fields with exclude_if from JSON Schema required fields by @​Viicos in #12430

• Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @​davidhewitt in pydantic-core#1833.

  This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

• Add type inference for IP address types by @​davidhewitt in pydantic-core#1868.

  The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

• Avoid getting default values from defaultdict by @​davidhewitt in pydantic-core#1853.

  This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

• Fix issue with field serializers on nested typed dictionaries by @​davidhewitt in pydantic-core#1879.

• Add more pydantic-core builds for the three-threaded version of Python 3.14 by @​davidhewitt in pydantic-core#1864.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

• Fix issue with forward references in parent TypedDict classes by @​Viicos in #12427.

  This issue is only relevant on Python 3.14 and greater.

• Exclude fields with exclude_if from JSON Schema required fields by @​Viicos in #12430

• Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @​davidhewitt in pydantic-core#1833.

  This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

• Add type inference for IP address types by @​davidhewitt in pydantic-core#1868.

  The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

• Avoid getting default values from defaultdict by @​davidhewitt in pydantic-core#1853.

  This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

• Fix issue with field serializers on nested typed dictionaries by @​davidhewitt in pydantic-core#1879.

• Add more pydantic-core builds for the three-threaded version of Python 3.14 by @​davidhewitt in pydantic-core#1864.

v2.12.3 (2025-10-17)

GitHub release

... (truncated)

Commits

• bd2d0dd Prepare release v2.12.5
• 7d0302e Document security implications when using create_model()
• e9ef980 Fix typo in Standard Library Types documentation
• f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
• a76c1aa Update documentation about JSON Schema
• 8cbc72c Add documentation about custom __init__()
• 99eba59 Add additional test for FieldInfo.get_default()
• c710769 Special case MISSING sentinel in smart_deepcopy()
• 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
• c86515a Update parts of the model and revalidate_instances documentation
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.40 to 2.0.46

Release notes

Sourced from sqlalchemy's releases.

2.0.46

Released: January 21, 2026

typing

• [typing] [bug] Fixed typing issues where ORM mapped classes and aliased entities could not be used as keys in result row mappings or as join targets in select statements. Patterns such as row._mapping[User], row._mapping[aliased(User)], row._mapping[with_polymorphic(...)] (rejected by both mypy and Pylance), and .join(aliased(User)) (rejected by Pylance) are documented and fully supported at runtime but were previously rejected by type checkers. The type definitions for _KeyType and _FromClauseArgument have been updated to accept these ORM entity types.

  References: #13075

postgresql

• [postgresql] [bug] Fixed issue where PostgreSQL JSONB operators _postgresql.JSONB.Comparator.path_match() and _postgresql.JSONB.Comparator.path_exists() were applying incorrect VARCHAR casts to the right-hand side operand when used with newer PostgreSQL drivers such as psycopg. The operators now indicate the right-hand type as JSONPATH, which currently results in no casting taking place, but is also compatible with explicit casts if the implementation were require it at a later point.

  References: #13059

• [postgresql] [bug] Fixed regression in PostgreSQL dialect where JSONB subscription syntax would generate incorrect SQL for cast() expressions returning JSONB, causing syntax errors. The dialect now properly wraps cast expressions in parentheses when using the [] subscription syntax, generating (CAST(...))[index] instead of CAST(...)[index] to comply with PostgreSQL syntax requirements. This extends the fix from #12778 which addressed the same issue for function calls.

  References: #13067

• [postgresql] [bug] Improved the foreign key reflection regular expression pattern used by the PostgreSQL dialect to be more permissive in matching identifier characters, allowing it to correctly handle unicode characters in table and column names. This change improves compatibility with PostgreSQL variants such as CockroachDB that may use different quoting patterns in combination with unicode characters in their identifiers. Pull request courtesy Gord Thompson.

... (truncated)

Commits

• See full diff in compare view

Updates alembic from 1.15.2 to 1.18.3

Release notes

Sourced from alembic's releases.

1.18.3

Released: January 29, 2026

bug

• [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

  The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

  The fix creates placeholder Table objects for foreign key targets that are not reflected, allowing the autogenerate comparison to proceed without error while maintaining the performance improvement from #1771. When multiple foreign keys reference different columns in the same filtered table, the placeholder table accumulates all necessary columns. These placeholder tables may be visible when using the EnvironmentContext.configure.include_object callable to inspect ForeignKeyConstraint objects; they will have the name, schema and basic column information for the relevant columns present.

  References: #1787

• [bug] [general] Fixed regression caused by #1669 which requires SQLAlchemy objects to support generic type subscripting; for the older SQLAlchemy 1.4 series, this requires version 1.4.23. Changed the minimum requirements to require version 1.4.23 rather than 1.4.0.

  References: #1788

1.18.2

Released: January 28, 2026

usecase

• [usecase] [operations] The primary_key parameter on Column is now honored when Operations.add_column() is used, and will emit the "PRIMARY KEY" keyword inline within the ADD COLUMN directive. This is strictly a syntax

... (truncated)

Commits

• See full diff in compare view

Updates asyncpg from 0.30.0 to 0.31.0

Release notes

Sourced from asyncpg's releases.

v0.31.0

Enable Python 3.14 with experimental subinterpreter/freethreading support.

Improvements

• Add Python 3.14 support, experimental subinterpreter/freethreading support (#1279) (by @​elprans in 9e42642b)

• Avoid performing type introspection on known types (#1243) (by @​elprans in 5c9986c4)

• Make prepare() not use named statements by default when cache is disabled (#1245) (by @​elprans in 5b14653e)

• Implement connection service file functionality (#1223) (by @​AndrewJackson2020 in 1d63bb15)

Fixes

• Fix multi port connection string issue (#1222) (by @​AndrewJackson2020 in 01c0db7b)

• Avoid leaking connections if _can_use_connection fails (#1269) (by @​yuliy-openai in e94302d2)

Other

• Drop support for EOL Python 3.8 (#1281) (by @​elprans in 6c2c4904)

Commits

• 71775a6 asyncpg v0.31.0
• 508cae6 Test on PostgreSQL 18 (#1290)
• e534e5f Bump cibuildwheel
• 07fe512 Bump pgproto
• 648b35f Bump Cython to 3.2.1 (#1288)
• 9e42642 Add Python 3.14 support, experimental subinterpreter/freethreading support (#...
• 6fe1c49 Move development deps away from extras and into dependency groups (#1280)
• 7a54816 Fix a couple of missed Python version guards
• 6c2c490 Drop support for EOL Python 3.8 (#1281)
• 4c60ae8 Bump version to 0.31.0.dev0
• Additional commits viewable in compare view

Updates pyjwt from 2.10.1 to 2.11.0

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

• Fixed type error in comment by @​shuhaib-aot in jpadilla/pyjwt#1026
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1018
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1033
• Make note of use of leeway with nbf by @​djw8605 in jpadilla/pyjwt#1034
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1035
• Fixes #964: Validate key against allowed types for Algorithm family by @​pachewise in jpadilla/pyjwt#985
• Feat #1024: Add iterator for PyJWKSet by @​pachewise in jpadilla/pyjwt#1041
• Fixes #1039: Add iss, issuer type checks by @​pachewise in jpadilla/pyjwt#1040
• Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @​pachewise in jpadilla/pyjwt#1045
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1042
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1052
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1053
• Fix #1022: Map algorithm=None to "none" by @​qqii in jpadilla/pyjwt#1056
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1055
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1058
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1060
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1061
• Fixes #1047: Correct PyJWKClient.get_signing_key_from_jwt annotation by @​khvn26 in jpadilla/pyjwt#1048
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1062
• Fixed doc string typo in _validate_jti() function #1063 by @​kuldeepkhatke in jpadilla/pyjwt#1064
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1065
• Update SECURITY.md by @​auvipy in jpadilla/pyjwt#1057
• Typing fix: use float instead of int for lifespan and timeout by @​nikitagashkov in jpadilla/pyjwt#1068
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1067
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1071
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1076
• Fix TYP header documentation by @​fobiasmog in jpadilla/pyjwt#1046
• doc: Document claims sub and jti by @​cleder in jpadilla/pyjwt#1088
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1077
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1089
• Bump actions/stale from 8 to 10 by @​dependabot[bot] in jpadilla/pyjwt#1090
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in jpadilla/pyjwt#1083
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1091
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1093
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1096
• Resolve package build warnings by @​kurtmckee in jpadilla/pyjwt#1105
• Support Python 3.14, and test against PyPy 3.10+ by @​kurtmckee in jpadilla/pyjwt#1104
• Fix a SyntaxWarning caused by invalid escape sequences by @​kurtmckee in jpadilla/pyjwt#1103
• Standardize CHANGELOG links to PRs by @​kurtmckee in jpadilla/pyjwt#1110
• Migrate from pep517, which is deprecated, to build by @​kurtmckee in jpadilla/pyjwt#1108
• Fix incorrectly-named test suite function by @​kurtmckee in jpadilla/pyjwt#1116
• Fix Read the Docs builds by @​kurtmckee in jpadilla/pyjwt#1111
• Bump actions/download-artifact from 4 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1118
• Escalate test suite warnings to errors by @​kurtmckee in jpadilla/pyjwt#1107
• Add pyupgrade as a pre-commit hook by @​kurtmckee in jpadilla/pyjwt#1109
• Simplify the test suite decorators by @​kurtmckee in jpadilla/pyjwt#1113
• Improve coverage config and eliminate unused test suite code by @​kurtmckee in jpadilla/pyjwt#1115
• Build a shared wheel once in the test suite by @​kurtmckee in jpadilla/pyjwt#1114

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed

- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__
Added

• Support Python 3.14, and test against PyPy 3.10 and 3.11 by @​kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__
• Development: Migrate to build to test package building in CI by @​kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__
• Development: Improve coverage config and eliminate unused test suite code by @​kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__
• Docs: Standardize CHANGELOG links to PRs by @​kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__
• Docs: Fix Read the Docs builds by @​kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__
• Docs: Add example of using leeway with nbf by @​djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__
• Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
• Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__
• Development: Add pyupgrade as a pre-commit hook by @​kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__
• Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.
• Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.

Commits

• 697344d bump up version
• e4d0aec fix: pre-commit
• df9a6a0 fix: failing test
• 2b2e53c fix: docs
• 635c8d8 fix: failing mypy
• 96ae356 feat: add minimum key length validation for HMAC and RSA
• 5b86227 fix: enforce ECDSA curve validation per RFC 7518 Section 3.4
• 04947d7 Bump actions/download-artifact from 6 to 7 (#1125)
• dd44834 Fix leeway value in usage documentation (#1124)
• 407f0bd Thoroughly test type annotations, and resolve errors (#1112)
• Additional commits viewable in compare view

Updates tenacity from 9.1.2 to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

• Fix retry() annotations with async sleep= function by @​Zac-HD in jd/tenacity#555

Full Changelog: jd/tenacity@9.1.3...9.1.4

9.1.3

What's Changed

• Apply formatting to num seconds in before_sleep_log by @​aguinane in jd/tenacity#489
• Support Python 3.14 by @​sandrobonazzola in jd/tenacity#528
• Typing: Accept non-standard logger in helpers logging something by @​k4nar in jd/tenacity#540
• feat(wait): add wait_exception strategy by @​capitan-davide in jd/tenacity#541
• docs: fix syntax error in wait_chain docstring example by @​VedantMadane in jd/tenacity#548
• chore: drop Python 3.9 support (EOL) by @​Zac-HD in jd/tenacity#552
• Support async sleep for sync fn-to-retry by @​Zac-HD in jd/tenacity#551

New Contributors

• @​aguinane made their first contribution in jd/tenacity#489
• @​sandrobonazzola made their first contribution in jd/tenacity#528
• @​k4nar made their first contribution in jd/tenacity#540
• @​capitan-davide made their first contribution in jd/tenacity#541
• @​VedantMadane made their first contribution in jd/tenacity#548
• @​Zac-HD made their first contribution in jd/tenacity#552

Full Changelog: jd/tenacity@9.1.2...9.1.3

Commits

• d4e868d Fix retry() annotations with async sleep= function (#555)
• 24415eb support async sleep for sync fn (#551)
• 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
• 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
• 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
• ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
• c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
• e792bba ci: fix mypy (#546)
• 0f55245 ci: remove reno requirements (#542)
• 815c34f feat(wait): add wait_exception strategy (#541)
• Additional commits viewable in compare view

Updates kubernetes from 31.0.0 to 33.1.0

Release notes

Sourced from kubernetes's releases.

Kubernetes Python Client v33.1.0 Stable Release

Getting started:

pip install --pre --upgrade kubernetes

Or from source, download attached zip file, then

unzip client-python-v33.1.0.zip
cd client-python-v33.1.0
python setup.py install

Then follow examples in https://github.com/kubernetes-client/python/tree/release-33.0/examples

Changelog: https://github.com/kubernetes-client/python/blob/release-33.0/CHANGELOG.md

Kubernetes Python Client v33.1.0 Beta 1 Release

Getting started:

pip install --pre --upgrade kubernetes

Or from source, download attached zip file, then

unzip client-python-v33.1.0b1.zip
cd client-python-v33.1.0b1
python setup.py install

Then follow examples in https://github.com/kubernetes-client/python/tree/release-33.0/examples

Changelog: https://github.com/kubernetes-client/python/blob/release-33.0/CHANGELOG.md

Kubernetes Python Client v33.1.0 Alpha 1 Release

Getting started:

pip install --pre --upgrade kubernetes

Or from source, download attached zip file, then

unzip client-python-v33.1.0a1.zip
cd client-python-v33.1.0a1
</tr></table> 

... (truncated)

Changelog

Sourced from kubernetes's changelog.

v33.1.0

Kubernetes API Version: v1.33.1

v33.1.0b1

Kubernetes API Version: v1.33.1

v33.1.0a1

Kubernetes API Version: v1.33.1

API Change

• A new alpha feature gate, MutableCSINodeAllocatableCount, has been introduced.

  When this feature gate is enabled, the CSINode.Spec.Drivers[*].Allocatable.Count field becomes mutable, and a new field, NodeAllocatableUpdatePeriodSeconds, is available in the CSIDriver object. This allows periodic updates to a node's reported allocatable volume capacity, preventing stateful pods from becoming stuck due to outdated information that kube-scheduler relies on. (kubernetes/kubernetes#130007, @​torredil) [SIG Apps, Node, Scheduling and Storage]

• Added feature gate DRAPartitionableDevices, when enabled, Dynamic Resource Allocation support partitionable devices allocation. (kubernetes/kubernetes#130764, @​cici37) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing]

• Added DRA support for a "one-of" prioritized list of selection criteria to satisfy a device request in a resource claim. (kubernetes/kubernetes#128586, @​mortent) [SIG API Machinery, Apps, Etcd, Node, Scheduling and Testing]

• Added a /flagz endpoint for kubelet endpoint (kubernetes/kubernetes#128857, @​zhifei92) [SIG Architecture, Instrumentation and Node]

• Added a new tolerance field to HorizontalPodAutoscaler, overriding the cluster-wide default. Enabled via the HPAConfigurableTolerance alpha feature gate. (kubernetes/kubernetes#130797, @​jm-franc) [SIG API Machinery, Apps, Autoscaling, Etcd, Node, Scheduling and Testing]

• Added support for configuring custom stop signals with a new StopSignal container lifecycle (kubernetes/kubernetes#130556, @​sreeram-venkitesh) [SIG API Machinery, Apps, Node and Testing]

• Added support for in-place vertical scaling of Pods with sidecars (containers defined within initContainers where the restartPolicy is set to Always). (kubernetes/kubernetes#128367, @​vivzbansal) [SIG API Machinery, Apps, CLI, Node, Scheduling and Testing]

• CPUManager Policy Options support is GA (kubernetes/kubernetes#130535, @​ffromani) [SIG API Machinery, Node and Testing]

• Changed the Pod API to support hugepage resources at spec level for pod-level resources. (kubernetes/kubernetes#130577, @​KevinTMtz) [SIG Apps, CLI, Node, Scheduling, Storage and Testing]

• DRA API: The maximum number of pods that can use the same ResourceClaim is now 256 instead of 32. Downgrading a cluster where this relaxed limit is in use to Kubernetes 1.32.0 is not supported, as version 1.32.0 would refuse to update ResourceClaims with more than 32 entries in the status.reservedFor field. (kubernetes/kubernetes#129543, @​pohly) [SIG API Machinery, Node and Testing]

• DRA: CEL expressions using attribute strings exceeded the cost limit because their cost estimation was incomplete. (kubernetes/kubernetes#129661, @​pohly) [SIG Node]

• DRA: Device taints enable DRA drivers or admins to mark device as unusable, which prevents allocating them. Pods may also get evicted at runtime if a device becomes unusable, depending on the severity of the taint and whether the claim tolerates the taint. (kubernetes/kubernetes#130447, @​pohly) [SIG API Machinery, Apps, Architecture, Auth, Etcd, Instrumentation, Node, Scheduling and Testing]

• DRA: Starting Kubernetes 1.33, only users with access to an admin namespace with the kubernetes.io/dra-admin-access label are authorized to create ResourceClaim or ResourceClaimTemplate objects with the adminAccess field in this admin namespace if they want to and only they can reference these ResourceClaims or ResourceClaimTemplates in their pod or deployment specs. (kubernetes/kubernetes#130225, @​ritazh) [SIG API Machinery, Apps, Auth, Node and Testing]

• DRA: when asking for "All" devices on a node, Kubernetes <= 1.32 proceeded to schedule pods onto nodes with no devices by not allocating any devices for those pods. Kubernetes 1.33 changes that to only picking nodes which have at least one device. Users who want the "proceed with scheduling also without devices" semantic can use the upcoming prioritized list feature with one sub-request for "all" devices and a second alternative with "count: 0". (kubernetes/kubernetes#129560, @​bart0sh) [SIG API Machinery and Node]

• Expanded the on-disk kubelet credential provider configuration to allow an optional tokenAttribute field to be configured. When it is set, the kubelet will provision a token with the given audience bound to the current pod and its service account. This KSA token along with required annotations on the KSA defined in configuration will be sent to the credential provider plugin via its standard input (along with the image information that is already sent today). The KSA annotations to be sent are configurable in the kubelet credential provider configuration. (kubernetes/kubernetes#128372, @​aramase) [SIG API Machinery, Auth, Node and Testing]

• Fixed the example validation rule in godoc:

  When configuring a JWT authenticator:

  If username.expression uses 'claims.email', then 'claims.email_verified' must be used in username.expression or extra[].valueExpression or claimValidationRules[].expression. An example claim validation rule expression that matches the validation automatically applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true) == true'. By explicitly comparing the value to true, we let type-checking see the result will be a boolean, and to make sure a non-boolean email_verified claim will be caught at runtime. (kubernetes/kubernetes#130875, @​aramase) [SIG Auth and Release]

• For the InPlacePodVerticalScaling feature, the API server will no longer set the resize status to Proposed upon receiving a resize request. (kubernetes/kubernetes#130574,

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.