chore(deps): update all dependencies

[renovate-bot]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
alembic (changelog)	==1.16.5 → ==1.18.4
certifi	==2025.10.5 → ==2026.2.25
charset-normalizer (changelog)	==3.4.3 → ==3.4.5
click (changelog)	==8.3.0 → ==8.3.1
geoalchemy2 (source)	==0.18.0 → ==0.18.4
google-api-core	==2.25.2 → ==2.30.0
google-auth	==2.41.1 → ==2.49.0
google-cloud-bigquery	==3.38.0 → ==3.40.1
google-cloud-core	==2.4.3 → ==2.5.0
google-cloud-testutils	==1.6.4 → ==1.7.0
google-crc32c	==1.7.1 → ==1.8.0
google-resumable-media	==2.7.2 → ==2.8.0
googleapis-common-protos (source)	==1.70.0 → ==1.73.0
greenlet (changelog)	==3.2.4 → ==3.3.2
grpcio	==1.75.1 → ==1.78.0
grpcio-status	==1.75.1 → ==1.78.0
idna (changelog)	==3.10 → ==3.11
iniconfig	==2.1.0 → ==2.3.0
packaging	==25.0 → ==26.0
proto-plus	==1.26.1 → ==1.27.1
pyparsing	==3.2.5 → ==3.3.2
pytz	==2025.2 → ==2026.1.post1

---

Release Notes

certifi/python-certifi (certifi)

v2026.2.25

Compare Source

v2026.1.4

Compare Source

v2025.11.12

Compare Source

jawah/charset_normalizer (charset-normalizer)

v3.4.5

Compare Source

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#​692)
• Logger level not restored correctly for empty byte sequences. (#​701)
• TypeError when passing bytearray to from_bytes. (#​703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

v3.4.4

Compare Source

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

pallets/click (click)

v8.3.1

Compare Source

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039
  :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through
  the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect
  behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters
  through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is
  empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to
  type_cast_value. :issue:3069 :pr:3090

geoalchemy/geoalchemy2 (geoalchemy2)

v0.18.4

Compare Source

• CI: Move to the official Coveralls action - @​pjonsson (#​592)
• Fix: fix setuptools deprecation warning - @​pjonsson (#​589)
• Fix: Fix shapely import - @​pjonsson (#​588)

v0.18.3

Compare Source

• Fix: Fix Shapely import - @​adrien-berchet (#​584)

v0.18.2

Compare Source

• Build: Fix package discovery - @​adrien-berchet (#​581)
• Chore: Add more type hints in from_shape module - @​adrien-berchet (#​580)
• Build: Upgrade packaging and formatting tools - @​adrien-berchet (#​576)

v0.18.1

Compare Source

• Fix: Allow scientific notation within WKT string - @​autermann (#​573)
• Fix (mysql): Fix failing test for MySQL dialect - @​adrien-berchet (#​567)

googleapis/google-cloud-python (google-api-core)

v2.30.0: google-api-core: v2.30.0

Bug Fixes

• preserve exception cause (c7fc19303e0f1d7357109a73c13f875a5ced7606)
• require Python ≥ 3.9, protobuf ≥ 4.25.8 (2d1aa4288c222b247fc49ea0da03c126c051e079)

v2.29.0

v2.28.1

v2.28.0

v2.27.0: google-cloud-texttospeech: v2.27.0

Features

• Support markup input for Cloud TTS Chirp 3: HD voice synthesis (c423602)
• Support pinyin/yomigana custom pronunciation encodings for cmn-cn/ja-jp (c423602)

v2.26.0: google-cloud-secret-manager 2.26.0

Features

• check Python and dependency versions in generated GAPICs (PiperOrigin-RevId: 8454486) (d2b35b25)

• auto-enable mTLS when supported certificates are detected (PiperOrigin-RevId: 8454486) (d2b35b25)

googleapis/google-auth-library-python (google-auth)

v2.48.0

Compare Source

Features

• add cryptography as required dependency (#​1929) (52558ae2881b1e6555f6f5c0d76365c15807ead9)
• Support the mTLS IAM domain for Certificate based Access (#​1938) (8dcf91a1b05c85fbbd0bcee78d66e498099102ab)
• add configurable GCE Metadata Server retries (#​1488) (454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37)
• honor NO_GCE_CHECK environment variable (#​1610) (383c9827536d9376e8248370ce4c2b83e468d027)

Bug Fixes

• resolve circular imports (#​1942) (25c1b064545702cbef087cfcd15fbbb6ef1af74f)
• removes content-header from AWS IMDS get request (#​1934) (97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc)
• detect correct auth when ADC env var is set but empty (#​1374) (bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2)
• replace deprecated utcfromtimestamp (#​1799) (e431f20cf73ccac71926a23ec454468cea92e053)
• Use user_verification=preferred for ReAuth WebAuthn challenge (#​1798) (3f88a24089c4ee6822d510de0db210b54260d873)

v2.47.0

Compare Source

Features

• drop cachetools dependency in favor of simple local implementation (#​1590) (5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4)

Bug Fixes

• Python 3.8 support (#​1918) (60dc20014a35ec4ba71e8065b9a33ecbdbeca97a)

v2.46.0

Compare Source

Documentation

• update urllib3 docstrings for v2 compatibility (#​1903) (3f1aeea2d1014ea1d244a4c3470e52d74d55404b)

Features

• Recognize workload certificate config in has_default_client_cert_source for mTLS for Agentic Identities (#​1907) (0b9107d573123e358c347ffa067637f992af61b4)

Bug Fixes

• add types to default and verify_token and Request init based on comments in the source code. (#​1588) (59a5f588f7793b59d923a4185c8c07738da618f7)
• fix the document of secure_authorized_session (#​1536) (5d0014707fc359782df5ccfcaa75fd372fe9dce3)
• remove setup.cfg configuration for creating universal wheels (#​1693) (c767531ce05a89002d109f595187aff1fcaacfb7)
• use .read() instead of .content.read() in aiohttp transport (#​1899) (12f4470f808809e8abf1141f98d88ab720c3899b)
• raise RefreshError for missing token in impersonated credentials (#​1897) (94d04e090fdfc61926dd32bc1d65f8820b9cede5)
• Fix test coverage for mtls_helper (#​1886) (02e71631fe275d93825c2e957e830773e75133f7)

v2.45.0

Compare Source

Features

• Adding Agent Identity bound token support and handling certificate mismatches with retries (#​1890) (b32c934e6b0d09b94c467cd432a0a635e8b05f5c)

v2.44.0

Compare Source

Features

• support Python 3.14 (#​1822) (0f7097e78f247665b6ef0287d482033f7be2ed6d)
• add ecdsa p-384 support (#​1872) (39c381a5f6881b590025f36d333d12eff8dc60fc)
• MDS connections use mTLS (#​1856) (0387bb95713653d47e846cad3a010eb55ef2db4c)
• Implement token revocation in STS client and add revoke() metho… (#​1849) (d5638986ca03ee95bfffa9ad821124ed7e903e63)
• Add shlex to correctly parse executable commands with spaces (#​1855) (cf6fc3cced78bc1362a7fe596c32ebc9ce03c26b)

Bug Fixes

• Use public refresh method for source credentials in ImpersonatedCredentials (#​1884) (e0c3296f471747258f6d98d2d9bfde636358ecde)
• Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration (#​1880) (78de7907b8bdb7b5510e3c6fa8a3f3721e2436d7)
• Delegate workload cert and key default lookup to helper function (#​1877) (b0993c7edaba505d0fb0628af28760c43034c959)

v2.43.0

Compare Source

Features

• Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#​1859) Add public wrapper for check_use_client_cert which enables mTLS if
  GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert
  sources detected. Also, fix check_use_client_cert to return boolean
  value.
  Change #​1848 added the check_use_client_cert method that helps know if
  client cert should be used for mTLS connection. However, that was in a
  private class, thus, created a public wrapper of the same function so
  that it can be used by python Client Libraries. Also, updated
  check_use_client_cert to return a boolean value instead of existing
  string value for better readability and future scope.
  --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
• Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#​1848) The Python SDK will use a hybrid approach for mTLS enablement:

• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set
  (either true or false), the SDK will respect that setting. This is
  necessary for test scenarios and users who need to explicitly control
  mTLS behavior.
• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not
  set, the SDK will automatically enable mTLS only if it detects Managed
  Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF)
  certificate sources. In other cases where the variable is not set, mTLS
  will remain disabled.
  ** This change also adds the helper method check_use_client_cert and
  it's unit test, which will be used for checking the criteria for setting
  the mTLS to true
  ** This change is only for Auth-Library, other changes will be created
  for Client-Library use-cases.
  --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

• onboard google-auth to librarian (#​1838) This PR onboards google-auth library to the Librarian system.
  Wait for
  #​1819. (c503eaa511357d7a76cc1e1f1d3a3be2dabd5bca)

v2.42.1

Compare Source

Bug Fixes

• Catch ValueError for json.loads() (#​1842) (b074cad)

v2.42.0

Compare Source

Features

• Add trust boundary support for external accounts. (#​1809) (36ecb1d)

Bug Fixes

• Read scopes from ADC json for impersoanted cred (#​1820) (62c0fc8)

googleapis/python-bigquery (google-cloud-bigquery)

v3.40.1

Compare Source

Documentation

• clarify that only jobs.query and jobs.getQueryResults are affec… (#​2349) (73228432a3c821db05d898ea4a4788adf15b033d)

Bug Fixes

• updates timeout/retry code to respect hanging server (#​2408) (24d45d0d5bf89762f253ba6bd6fdbee9d5993422)
• add timeout parameter to to_dataframe and to_arrow met… (#​2354) (4f67ba20b49159e81f645ed98e401b9bb1359c1a)

v3.40.0

Compare Source

Features

• support load_table and list_rows with picosecond timestamp (#​2351) (46764a59ca7a21ed14ad2c91eb7f98c302736c22)
• support timestamp_precision in table schema (#​2333) (8d5785aea50b9f9e5b13bd4c91e8a08d6dac7778)

v3.39.0

Compare Source

Documentation

• remove experimental annotations from GA features (#​2303) (1f1f9d41e8a2c9016198d848ad3f1cbb88cf77b0)

Features

• adds support for Python runtime 3.14 (#​2322) (6065e14c448cb430189982dd70025fa0575777ca)
• Add ExternalRuntimeOptions to BigQuery routine (#​2311) (fa76e310a16ea6cba0071ff1d767ca1c71514da7)

Bug Fixes

• include io.Base in the PathType (#​2323) (b11e09cb6ee32e451b37eda66bece2220b9ceaba)
• honor custom retry in job.result() (#​2302) (e118b029bbc89a5adbab83f39858c356c23665bf)
• remove ambiguous error codes from query retries (#​2308) (8bbd3d01026c493dfa5903b397d2b01c0e9bf43b)

googleapis/python-cloud-core (google-cloud-core)

v2.5.0

Compare Source

Features

• Add Python 3.14 support (#​333) (c26e587)

Bug Fixes

• Remove setup.cfg configuration for creating universal wheels (#​332) (78ce8a6)
• Resolve issue where pre-release versions of dependencies are installed (#​329) (ab9785d)

googleapis/python-test-utils (google-cloud-testutils)

v1.7.0

Compare Source

Features

• Add Python 3.14 support (#​284) (3cb8491)

googleapis/python-crc32c (google-crc32c)

v1.8.0

Compare Source

Features

• Add support for Python 3.14 (d3118d9)
• Support Python 3.14 (#​315) (49d0a36)

Bug Fixes

• Update toml file with setup.cfg content (#​319) (42e5268)

googleapis/google-resumable-media-python (google-resumable-media)

v2.8.0

Compare Source

Features

• Add support for Python 3.13 and 3.14 (#​485) (9937233ded26924179d717b69df7c76c93f8c133)

Bug Fixes

• remove setup.cfg configuration for creating universal wheels (#​484) (75dbecf8d140483da27dffc970e2e87338e71432)
• resolve issue where pre-release versions of dependencies are installed (#​481) (23dafcf3f216a090a0d0c6941048c7da13cbe496)

python-greenlet/greenlet (greenlet)

v3.3.2

Compare Source

==================

• Fix a crash on Python 3.10 if there are active greenlets during
  interpreter shutdown. See PR 495 <https://github.com/python-greenlet/greenlet/pull/495>_ by Nicolas
  Bouvrette.

v3.3.1

Compare Source

==================

• Publish Windows ARM binary wheels, where available.
• Fix compilation for 3.14t on Windows.
• Publish Windows 3.14t binary wheels for Intel.
• Switch from Appveyor for Windows to Github Actions.
• Fix compilation on MIPS with GCC 15 and binutils 2.45. See PR 487 by Rosen Penev <https://github.com/python-greenlet/greenlet/pull/487>_. Note that
  this is not a platform tested by this project's CI.
• Move most project metadata into the static pyproject.toml file.
  This updates licensing information to use the modern
  License-Expression field. See PR 480 by mrbean-bremen <https://github.com/python-greenlet/greenlet/pull/480/>_.

v3.3.0

Compare Source

==================

• Drop support for Python 3.9.

• Switch to distributing manylinux_2_28 wheels instead of
  manylinux2014 wheels. Likewise, switch from musllinux_1_1 to 1_2.

• Add initial support for free-threaded builds of CPython 3.14. Due to
  limitations, we do not distribute binary wheels for free-threaded
  CPython on Windows. (Free-threaded CPython 3.13 may work, but is
  untested and unsupported.)

  .. caution::

  Under some rare scenarios with free-threaded 3.14, the
  interpreter may crash on accessing a variable or attribute or
  when shutting down. If this happens, try disabling the
  thread-local bytecode cache. See the greenlet documentation for
  more details. See PR 472 by T. Wouters <https://github.com/python-greenlet/greenlet/pull/472>_ for the
  initial free-threaded support and a discussion of the current
  known issues.

v3.2.5

Compare Source

==================

.. note::

The 3.2.x series will be the last to support Python 3.9.

• Backport the changes from PR 495 in release 3.3.2 for Python 3.9.

.. note::

No Windows wheels will be published for this version.

grpc/grpc (grpcio)

v1.78.0

Compare Source

This is release 1.78.0 (gutsy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

C++

• adding address_sorting dep in naming test build. (#​41045)

Objective-C

• [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#​41358)

Python

• [python] aio: fix race condition causing asyncio.run() to hang forever during the shutdown process. (#​40989)
• [Python] Migrate to pyproject.toml build system from setup.py builds. (#​40833)
• [Python] Log error details when ExecuteBatchError occurs (at DEBUG level). (#​40921)
• [Python] Update setuptools min version to 77.0.1 . (#​40931)

Ruby

• [ruby] Fix version comparison for the ruby_abi_version symbol for ruby 4 compatibility. (#​41061)

v1.76.0

Compare Source

This is release 1.76.0 (genuine) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Prioritize system CA over bundled CA. (#​40583)
• [event_engine] Introduce a event_engine_poller_for_python experiment. (#​40243)
• [metrics] add grpc.lb.backend_service label. (#​40486)

C#

• [csharp tools] #​39374 Grpc.Tools can't process file Suffix name with Upper character. (#​40072)

Python

• [Python] gRPC AsyncIO: Improve CompletionQueue polling performance. (#​39993)

kjd/idna (idna)

v3.11

Compare Source

pytest-dev/iniconfig (iniconfig)

v2.3.0

Compare Source

=====

• add IniConfig.parse() classmethod with strip_inline_comments parameter (fixes #​55)
  • by default (strip_inline_comments=True), inline comments are properly stripped from values
  • set strip_inline_comments=False to preserve old behavior if needed
• IniConfig() constructor maintains backward compatibility (does not strip inline comments)
• users should migrate to IniConfig.parse() for correct comment handling
• add strip_section_whitespace parameter to IniConfig.parse() (regarding #​4)
  • opt-in parameter to strip Unicode whitespace from section names
  • when True, strips Unicode whitespace (U+00A0, U+2000, U+3000, etc.) from section names
  • when False (default), preserves existing behavior for backward compatibility
• clarify Unicode whitespace handling (regarding #​4)
  • since iniconfig 2.0.0 (Python 3 only), all strings are Unicode by default
  • Python 3's str.strip() has handled Unicode whitespace since Python 3.0 (2008)
  • iniconfig automatically benefits from this in all supported versions (Python >= 3.10)
  • key names and values have Unicode whitespace properly stripped using Python's built-in methods

v2.2.0

Compare Source

=====

• drop Python 3.8 and 3.9 support (now requires Python >= 3.10)
• add Python 3.14 classifier
• migrate from hatchling to setuptools 77 with setuptools_scm
• adopt PEP 639 license specifiers and PEP 740 build attestations
• migrate from black + pyupgrade to ruff
• migrate CI to uv and unified test workflow
• automate GitHub releases and PyPI publishing via Trusted Publishing
• include tests in sdist
• modernize code for Python 3.10+ (remove future annotations, TYPE_CHECKING guards)
• rename _ParsedLine to ParsedLine

pypa/packaging (packaging)

v26.0

Compare Source

Read about the performance improvements here: https://iscinumpy.dev/post/packaging-faster.

What's Changed

Features:

• PEP 751: support pylock by @​sbidoul in #​900
• PEP 794: import name metadata by @​brettcannon in #​948
• Support writing metadata by @​henryiii in #​846
• Support __replace__ for Version by @​henryiii in #​1003
• Support positional pattern matching for Version and Specifier by @​henryiii in #​1004

Behavior adaptations:

• PEP 440 handling of prereleases for Specifier.contains, SpecifierSet.contains, and SpecifierSet.filter by @​notatallshaw in #​897
• Handle PEP 440 edge case in SpecifierSet.filter by @​notatallshaw in #​942
• Adjust arbitrary equality intersection preservation in SpecifierSet by @​notatallshaw in #​951
• Return False instead of raising for .contains with invalid version by @​Liam-DeVoe in #​932
• Support arbitrary equality on arbitrary strings for Specifier and SpecifierSet's filter and contains method. by @​notatallshaw in #​954
• Only try to parse as Version on certain marker keys, return False on unequal ordered comparsions by @​JP-Ellis in #​939

Fixes:

• Update _hash when unpickling Tag() by @​dholth in #​860
• Correct comment and simplify implicit prerelease handling in Specifier.prereleases by @​notatallshaw in #​896
• Use explicit _GLibCVersion NamedTuple in _manylinux by @​cthoyt in #​868
• Detect invalid license expressions containing () by @​bwoodsend in #​879
• Correct regex for metadata 'name' format by @​di in #​925
• Improve the message around expecting a semicolon by @​pradyunsg in #​833
• Support nested parens in license expressions by @​Liam-DeVoe in #​931
• Add space before at symbol in Requirements string by @​henryiii in #​953
• A root logger use found by ruff LOG, use packaging logger instead by @​henryiii in #​965
• Better support for subclassing Marker and Requirement by @​henryiii in #​1022
• Normalize all extras, not just if it comes first by @​henryiii in #​1024
• Don't produce a broken repr if Marker fails to construct by @​henryiii in #​1033

Performance:

• Avoid recompiling regexes in the tokenizer for a 3x speedup by @​hauntsaninja in #​1019
• Improve performance in _manylinux.py by @​cthoyt in #​869
• Minor cleanups to Version by @​bearomorphism in #​913
• Skip redundant creation of Versions in specifier comparison by @​notatallshaw in #​986
• Cache Specifier's Version by @​notatallshaw in #​985
• Make Version a little faster by @​henryiii in #​987
• Minor Version regex cleanup by @​henryiii in #​990
• Faster regex on Python 3.11.5+ by @​henryiii in #​988 and #​1055
• Lazily calculate _key in Version by @​notatallshaw in #​989 and regression for packaging_legacy fixed by @​henryiii in #​1048
• Faster canonicalize_version by @​henryiii in #​993
• Use fullmatch in a couple more places by @​henryiii in #​992
• Use fullmatch for markers too by @​henryiii in #​1029
• Use map instead of generator by @​henryiii in #​996
• Deprecate ._version (_Version, a NamedTuple) by @​henryiii in #​995 and #​1062
• Avoid duplicate Version creation in canonicalize_version by @​henryiii in #​994
• Add __slots__ to Version by @​henryiii in #​1001
• Add __slots__ to Specifiers by @​henryiii in #​1002
• Add __slots__ to Nodes by @​henryiii in #​1032
• Use version.__replace__ in specifier comparison by @​notatallshaw in #​999
• Use _get_spec_version in more places in Specifier by @​notatallshaw in #​1005
• Pull set construction out of function by @​henryiii in #​1012
• Letter normalization dict for prereleases and the like by @​henryiii in #​1014
• Avoid normalizing extras again when comparing by @​henryiii in #​1028
• Speed up Version.__str__ by about 10% by @​henryiii in #​997
• Increase the performance of canonicalize_name by avoiding a regex by @​henryiii in #​1030, #​1047, and #​1064
• Faster zero stripping by @​henryiii in #​1058

Type annotations:

• Fix a type annotation by @​brettcannon in #​907
• Fix tags return type in parse_wheel_filename docs by @​ncoghlan in #​973
• Add type hint for _version in .version.Version by @​brettcannon in #​927
• Changed static type annotations in prereleases setter method in `specifie

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a comprehensive update of Python dependencies across development, testing, and application environments. The primary goal is to enhance the project's stability, integrate new features from updated libraries, improve overall performance, and ensure compatibility with the latest Python versions, specifically Python 3.14. This includes critical updates to Google Cloud client libraries and widely used core Python packages.

Highlights

• Major packaging library update: The packaging library has been updated from version 25.0 to 26.0, bringing significant performance improvements, new PEP 751 and PEP 794 support, and various behavior adaptations and fixes.
• Google Cloud client library enhancements: Numerous Google Cloud client libraries, including google-api-core, google-auth, google-cloud-bigquery, google-cloud-core, google-crc32c, google-resumable-media, and googleapis-common-protos, received updates. These often include support for Python 3.14, mTLS improvements, and various bug fixes.
• Core Python ecosystem updates: Several fundamental Python libraries like alembic, certifi, charset-normalizer, click, geoalchemy2, greenlet, grpcio, idna, iniconfig, proto-plus, pyparsing, and pytz have been updated, incorporating bug fixes, performance enhancements, and improved compatibility.

Changelog

• dev_requirements.txt
  • Updated pytz from 2025.2 to 2026.1.post1.
• samples/snippets/requirements-test.txt
  • Updated click from 8.3.0 to 8.3.1 for Python 3.10+.
  • Updated google-auth from 2.41.1 to 2.48.0.
  • Updated google-cloud-testutils from 1.6.4 to 1.7.0.
  • Updated iniconfig from 2.1.0 to 2.3.0.
  • Updated packaging from 25.0 to 26.0.
  • Updated pyparsing from 3.2.5 to 3.3.2 for Python 3.9+.
• samples/snippets/requirements.txt
  • Updated alembic from 1.16.5 to 1.18.4 for Python 3.9+.
  • Updated certifi from 2025.10.5 to 2026.2.25.
  • Updated charset-normalizer from 3.4.3 to 3.4.5.
  • Updated geoalchemy2 from 0.18.0 to 0.18.4 for Python 3.10+.
  • Updated google-api-core[grpc] from 2.25.2 to 2.30.0.
  • Updated google-auth from 2.41.1 to 2.48.0.
  • Updated google-cloud-bigquery from 3.38.0 to 3.40.1 for Python 3.9+.
  • Updated google-cloud-core from 2.4.3 to 2.5.0.
  • Updated google-crc32c from 1.7.1 to 1.8.0 for Python 3.9+.
  • Updated google-resumable-media from 2.7.2 to 2.8.0.
  • Updated googleapis-common-protos from 1.70.0 to 1.72.0.
  • Updated greenlet from 3.2.4 to 3.3.2 for Python 3.9+.
  • Updated grpcio from 1.75.1 to 1.78.0 for Python 3.9+.
  • Updated grpcio-status from 1.75.1 to 1.78.0 for Python 3.9+.
  • Updated idna from 3.10 to 3.11.
  • Updated packaging from 25.0 to 26.0.
  • Updated proto-plus from 1.26.1 to 1.27.1.
  • Updated pyparsing from 3.2.5 to 3.3.2 for Python 3.9+.
  • Updated pytz from 2025.2 to 2026.1.post1.

Activity

• The pull request was automatically generated by renovate-bot to update all dependencies.
• Automatic merging is disabled, requiring manual review and merge.
• The bot is configured to recreate this PR if it is closed without being merged.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates multiple dependencies to versions that appear to be from the future. For example, certifi is updated to 2026.2.25 and pytz to 2026.1.post1. The release notes in the pull request description also mention future release dates, such as for click 8.3.1 being released on 2025-11-15. This is a critical security concern, as these could be malicious packages from a compromised or misconfigured package index. Even some of the existing versions before this update seem to be from the future (e.g., certifi==2025.10.5). I strongly advise against merging this pull request until the source of these package versions has been thoroughly investigated and the project is pinned to known, safe versions of its dependencies.

_{Note: Security Review has been skipped due to the limited scope of the PR.}

[gemini-code-assist]

The new version 2026.1.post1 for pytz appears to be from the future. The previous version 2025.2 also seems to be a future-dated version. This is a critical security risk, as it could indicate a malicious package or a compromised package source. Please investigate and use an official, verified version of this package.

[gemini-code-assist]

The version 8.3.1 for click appears to be a future version. The PR description mentions a release date in 2025 for this version, while the latest official version is 8.1.7. This is a critical security risk. Please verify the package source.

[gemini-code-assist]

The version 1.18.4 for alembic appears to be a future version. The latest official version is 1.13.1. This is a critical security risk and suggests a problem with the package source being used.

[gemini-code-assist]

The new version 2026.2.25 for certifi appears to be from the future. The previous version 2025.10.5 also seems to be a future-dated version. This is a critical security risk, as it could indicate a malicious package or a compromised package source. Please investigate and use an official, verified version of this package.