Lower googleauth gem version requirement

[niciliketo]

Lowering the googleauth gem requirement makes this gem compatible with newer versions of fog-google.

The 1.8 and 1.9 API seem the same https://my.diffend.io/gems/googleauth/1.8.1/1.9.1

However, due to dependencies between various gems, we are unable to use 1.9.1 due to a dependency mismatch.
I would prefer not to fork the gem if possible, and submitting this in the hope it can be considered and may help others

Here is the issue from bundling with the current versions

Could not find compatible versions

Because every version of gemini-ai depends on googleauth >= 1.9.1, < 2.A
  and googleauth >= 1.9.1 depends on google-cloud-env ~> 2.1,
  every version of gemini-ai requires google-cloud-env ~> 2.1.
And because fog-google >= 1.11.0 depends on google-cloud-env ~> 1.2,
  every version of gemini-ai is incompatible with fog-google >= 1.11.0.
So, because Gemfile depends on fog-google ~> 1.22
  and Gemfile depends on gemini-ai >= 0,
  version solving has failed.
```

[gbaptista]

Thanks for your contribution!

I have concerns that outdated authentication gems could pose security risks and prevent the adoption of newer methods. That said, I want to avoid unnecessary incompatibilities. For example, I've set the Ruby version requirement to 3.1.0, the lowest available that's secure and maintained.

I agree with you; there are no API-breaking changes, and I checked the release log—no security issues as well. However, trade-offs exist:

1.9.1 (2023-12-12)
Bug Fixes
update expires_in for cached metadata-retrieved tokens (#464)

1.9.0 (2023-12-07)
Features
Include universe_domain in credentials (#460)
Use google-cloud-env for more robust Metadata Service access (#459)

1.8.1 (2023-09-19)
Documentation
improve ADC related error and warning messages (#452)

Additionally, this also downgrades google-cloud-env to 1.6.0, trading off:

2.0.0 (2023-11-14)
Features
Drop support for Ruby 2.6 (#46)
Provide an access object for environment variables (#49)
Provide an access object for SMBIOS information (#51)
Provide an access object for the file system (#50)
Provide an access object for the metadata server (#53)
Provide ensure_metadata and lookup_metadata_response calls (#48)

2.0.1 (2023-12-01)
Bug Fixes
Bad response status or flavor headers no longer signal positive metadata existence (#61)
Increase token expiry buffer to three and a half minutes (#59)

2.1.0 (2023-12-12)
Features
Provide retrieval_monotonic_time on compute metadata response objects (#62)

Another thing I noticed is that when using googleauth 1.8.0, you may start receiving these warnings:

You are authenticating using user credentials.For production, we recommend using service account credentials.To learn more about service account credentials, seehttp://cloud.google.com/docs/authentication/external/set-up-adc-on-cloud To suppress this message, set the GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS environment variable.

Which doesn't happen in new versions.

However, people not using fog-google will probably have the newer versions.

I will merge it today, as I don't see any risks and it would help with compatibility. However, I would like to ensure that we stay on the highest possible version moving forward. There are no security issues today, but who knows? Version 1.9.2 might have something important. So, if you are willing to, it would be awesome to have a PR at fog-google upgrading to the newest googleauth version, so we can foster our ecosystem by adopting upgrades together.

Thanks again for your contribution.

[gbaptista]

I added this minor tweak: preventing breaking changes in googleauth d563f95

[gbaptista]

Released: Ruby Gemini AI 3.1.1

[gbaptista]

Actually, please prefer the newer Ruby Gemini AI 3.1.2