fix(deps): update dependency google-auth to v2

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
google-auth	==1.6.3 -> ==2.36.0

---

Release Notes

googleapis/google-auth-library-python (google-auth)

v2.36.0

Compare Source

Features

• IAM signblob retries (#​1600) (484c8db)
• Making iam endpoint universe-aware (#​1604) (16c728d)
• Support External Account Authorized User as a Source Credential for impersonated credentials in ADC (#​1608) (875796c)

Bug Fixes

• Adding default parameters to updated interfaces (#​1622) (8cf1cb1)
• Change universe_domain to universe-domain (#​1613) (168fcc6)
• Remove base class to avoid type conflict (#​1619) (9e2789a)
• Revert templates for iam endpoints (#​1614) (0a4363a)
• Update secret (#​1611) (f070de0)
• Update secret (#​1617) (10f42a7)
• Update secret (#​1621) (6be19fb)

v2.35.0

Compare Source

Features

• Add cred info to ADC creds (#​1587) (6f75dd5)
• Add support for asynchronous AuthorizedSession api (#​1577) (2910b6b)

Bug Fixes

• Remove token_info call from token refresh path (#​1595) (afb9e5a)

v2.34.0

Compare Source

Features

• auth: Update get_client_ssl_credentials to support X.509 workload certs (#​1558) (18c2ec1)

Bug Fixes

• Retry token request on retryable status code (#​1563) (f858a15)

v2.33.0

Compare Source

Features

• Implement async StaticCredentials using access tokens (#​1559) (dc17dfc)
• Implement base classes for credentials and request sessions (#​1551) (036dac4)

Bug Fixes

• metadata: Enhance retry logic for metadata server access in _metadata.py (#​1545) (61c2432)

Documentation

• Update argument for Credentials initialization (#​1557) (40b9ed9)

v2.32.0

Compare Source

Features

• Adds support for X509 workload credential type (#​1541) (1270217)

v2.31.0

Compare Source

Features

• Adds X509 workload cert logic (#​1527) (05220e0)

Bug Fixes

• Added py.typed to MANIFEST.in (#​1526) (1829a3b)
• Pass trust_env kwarg to ClientSession (#​1533) (6c15c9a), closes #​1530

v2.30.0

Compare Source

Features

• Add WebAuthn plugin component to handle WebAuthn get assertion request (#​1464) (e25f336)
• ECP Provider drop cryptography requirement (#​1524) (a821d71)
• Enable webauthn plugin for security keys (#​1528) (e2d5e63)

Bug Fixes

• Fix id_token iam endpoint for non-gdu service credentials (#​1506) (93d681e)
• Makes default token_url universe aware (#​1514) (045776e)

v2.29.0

Compare Source

Features

• Adds support for custom suppliers in AWS and Identity Pool credentials (#​1496) (3af1768)

Bug Fixes

• Refactor tech debt in aws and identity pool credentials (#​1501) (ce435b0)

v2.28.2

Compare Source

Bug Fixes

• Remove gce log for expected 404 (#​1491) (cb04e49)

v2.28.1

Compare Source

Bug Fixes

• Typo when setting the state for the pickle deserializer. (#​1479) (08b5cc3)

v2.28.0

Compare Source

Features

• Adding universe domain support for downscroped credentials (#​1463) (fa8b7b2)

Bug Fixes

• Change log level to debug for return_none_for_not_found_error (#​1473) (a036b47)
• Make requests import conditional for gce universe domain (#​1476) (9bb64c8)

v2.27.0

Compare Source

Features

• Add optional account association for Authorized User credentials. (#​1458) (988153d)

Bug Fixes

• Allow custom universe domain for gce creds (#​1460) (7db5823)
• Conditionally import requests only if no request was passed by the caller. (#​1456) (9cd6742)

v2.26.2

Compare Source

Bug Fixes

• Read universe_domain for external account authorized user (#​1450) (1cc7df3)

v2.26.1

Compare Source

Bug Fixes

• Ensure that refresh worker is pickle-able. (#​1447) (421c184)

v2.26.0

Compare Source

Features

• Add optional non blocking refresh for sync auth code (a6dc2c3)
• Add optional non blocking refresh for sync auth code (#​1368) (a6dc2c3)

Bug Fixes

• External account user cred universe domain support (#​1437) (75068f9)
• Guard delete statements. Add default fallback for _use_non_blocking_refresh. (#​1445) (776d634)

v2.25.2

Compare Source

Bug Fixes

• Fix user cred universe domain issue (#​1436) (ae314a8)

v2.25.1

Compare Source

Bug Fixes

• Fix vm universe_domain bug (#​1433) (8683520)

v2.25.0

Compare Source

Features

• Add custom tls signer for ECP Provider. (39eb287)
• Add custom tls signer for ECP Provider. (#​1402) (39eb287)

Bug Fixes

• Add with_universe_domain (#​1408) (505910c)
• Fixes issue where Python37DeprecationWarning cannot be filtered (#​1428) (f22f767)
• Remove broken link in Python37DeprecationWarning (#​1430) (e2db602)

v2.24.0

Compare Source

Features

• Add support for Python 3.12 (#​1421) (307916c)
• Add universe domain support for VM cred (#​1409) (7ab0fce)
• Modify the token refresh window (#​1419) (c6af1d6)

Bug Fixes

• Add missing before request to async oauth2 credentials. (#​1420) (8eaa878)
• Auto create self signed jwt cred (#​1418) (6c610a5)
• Migrate datetime.utcnow for python 3.12 (#​1413) (e4d9c27)

Documentation

• Update user cred doc (#​1414) (3f426bc)

v2.23.4

Compare Source

Bug Fixes

• Export detect_gce_residency_linux function (#​1403) (809da13)

v2.23.3

Compare Source

Bug Fixes

• Serialize signer keys on getstate for pickling (#​1394) (8b783b9), closes #​1383

v2.23.2

Compare Source

Bug Fixes

• Support urllib3<2.0 versions (#​1390) (07c464a)

v2.23.1

Compare Source

Bug Fixes

• Less restrictive content-type header check for google authentication (ignores charset) (#​1382) (7039beb)
• Trust boundary meta header renaming and using the schema from backend team. (#​1384) (2503d4a)
• Update urllib3 to >= 2.0.5 (#​1389) (a99f3bb)

v2.23.0

Compare Source

Features

• Add get_bq_config_path() to _cloud_sdk.py (9f52f66)
• Add get_bq_config_path() to _cloud_sdk.py (#​1358) (9f52f66)

Bug Fixes

• Expose universe domain in credentials (#​1380) (8b8fce6)
• Make external_account resistant to string type 'expires_in' responses from non-compliant services (#​1379) (01d3770)
• Missing ssj for impersonate cred (#​1377) (7d453dc)
• Skip checking projectid on cred if env var is set (#​1349) (a4135a3)

v2.22.0

Compare Source

Features

• Adding meta header for trust boundary (#​1334) (908c8d1)
• Introduce compatibility with native namespace packages (#​1205) (2f75922)

Bug Fixes

• Deprecate UserAccessTokenCredentials (#​1344) (5f97fe9)

v2.21.0

Compare Source

Features

• Add framework for BYOID metrics headers (#​1332) (1a8f50c)

Bug Fixes

• Pypy unit test build (#​1335) (33e4263)

v2.20.0

Compare Source

Features

• Add public API load_credentials_from_dict (#​1326) (5467ad7)

Bug Fixes

• Expiry in compute_engine.IDTokenCredentials (#​1327) (56a6159), closes #​1323
• Expiry in impersonated_credentials.IDTokenCredentials (#​1330) (d1b887c)
• Invalid dev version identifiers in setup.py (#​1322) (a9b8f12), closes #​1321

v2.19.1

Compare Source

Bug Fixes

• Check id token error response (#​1315) (2a71f7b)
• Fix "AttributeError: 'str' object has no attribute 'get'" (dac7cc3)

Documentation

• Replacing abc.com with example.com (dac7cc3)

v2.19.0

Compare Source

Features

• Add metrics (part 1) (#​1298) (246dd07)
• Add metrics (part 2) (#​1303) (ebd5af7)
• Add metrics (part 3) (#​1305) (c7011b6)
• Expose universe_domain for external account creds (#​1296) (ee07053)
• Remove python 2.7 from setup.py and nox tests (#​1301) (8437490)

v2.18.1

Compare Source

Bug Fixes

• Self signed jwt token should be string type (#​1294) (17356fd)

v2.18.0

Compare Source

Features

• Add smbios check to detect GCE residency (#​1276) (22d241b)
• Universe domain support for service account (#​1286) (821c1b6)

v2.17.3

Compare Source

Bug Fixes

• Add useEmailAzp claim for id token iam flow (#​1270) (7a9c6f2)

v2.17.2

Compare Source

Bug Fixes

• Do not create new JWT credentials if they make the same claims as the existing. (#​1267) (eebb7b6)

v2.17.1

Compare Source

Bug Fixes

• Print out reauth plugin error and raise if challenge output is None (#​1265) (08d22fe)

v2.17.0

Compare Source

Features

• Experimental service account iam endpoint flow for id token (#​1258) (8ff0de5)

Bug Fixes

• Python: Remove aws url validation (#​1254) (20a966b)

v2.16.3

Compare Source

Bug Fixes

• Read both applicationId and relyingPartyId. (#​1246) (e125dfe)

v2.16.2

Compare Source

Bug Fixes

• Call gcloud config get project to get project for user cred (#​1243) (c078a13)
• Do not use hardcoded string 'python', when you mean sys.executable. (#​1233) (91ac8e6)
• Don't retry if error or error_description is not string (#​1241) (e2d263a)
• Improve ADC related errors and warnings (#​1237) (2dfa213)

v2.16.1

Compare Source

Bug Fixes

• Add support for python 3.11 (#​1212) (1fc95e3)
• Remove 3PI config url validation (#​1220) (8b95515)
• Update the docs generator interpreter to unblock documentation build (#​1218) (9d36c2f)

v2.16.0

Compare Source

Features

• AwsCredentials should not call metadata server if security creds and region are retrievable through the environment variables (#​1195) (5e27c8f)
• Wrap all python built-in exceptions into library excpetions (#​1191) (a83af39)

Bug Fixes

• Allow get_project_id to take a request (#​1203) (9a4d23a)
• Make OAUTH2.0 client resistant to string type 'expires_in' responses from non-compliant services (#​1208) (9fc7b1c)

v2.15.0

Compare Source

Features

• Add api_key credentials (#​1184) (370293e)
• Introduce a way to provide scopes granted by user (#​1189) (189f504)

Bug Fixes

• Allow mtls sts endpoint for external account token urls. (#​1185) (c86dd69)
• CI broken by removal of py.path (#​1194) (f719415)
• Ensure JWT segments have the right types (#​1162) (fc843cd)
• Updated the lower bound of interactive timeout and fix the kwarg… (#​1182) (50c0fd2)

v2.14.1

Compare Source

Bug Fixes

• Apply quota project for compute cred in adc (#​1177) (b9aa92a)
• Update minimum required version of cryptography in pyopenssl extra (#​1176) (e9e76d1)
• Validate url domain for aws metadata urls (#​1174) (f9d7d77)

v2.14.0

Compare Source

Features

• Add token_info_url to external account credentials (#​1168) (9adee75)
• Read Quota Project from Environment Variable (#​1163) (57b3e42)

Bug Fixes

• Adding more properties to external_account_authorized_user (#​1169) (a12b96d)

v2.13.0

Compare Source

Features

• Adds new external account authorized user credentials (#​1160) (523f811)
• Implement pluggable auth interactive mode (#​1131) (44a189f)
• Introduce the functionality to override token_uri in credentials (#​1159) (73bc7e9)

Bug Fixes

• Adding one more pattern to relax the regex check for sts and impersonation url endpoints (#​1158) (75326e3)

v2.12.0

Compare Source

Features

• Retry behavior (#​1113) (78d3790)

Bug Fixes

• Modify RefreshError exception to use gcloud ADC command. (#​1149) (059fd35)
• Revert "Update token refresh threshold from 20 seconds to 5 minutes". (186464b)

v2.11.1

Compare Source

Bug Fixes

• Fix socket leak in impersonated_credentials (#​1123) (b1eb467), closes #​1122
• Make pluggable auth tests work in all environments (#​1114) (bb5c979)
• Skip oauth2client adapter tests if oauth2client is not installed (#​1132) (d15092f)
• Update token refresh threshold from 20 seconds to 5 minutes (#​1146) (261a561)

Documentation

• samples: Add auth samples and tests (#​1102) (ac87520)

v2.11.0

Compare Source

Features

• add integration tests for configurable token lifespan (#​1103) (124bae6)

Bug Fixes

• Async certificate retrieving (#​1101) (05f125d)

v2.10.0

Compare Source

Features

• add integration tests for pluggable auth (#​1073) (f8d776a)
• support for configurable token lifetime (0dc6a9a)
• support for configurable token lifetime (#​1079) (0dc6a9a)

Bug Fixes

• async certificate decoding (#​1085) (741c6c6)
• Async system tests were not unwrapping async_generators (#​1086) (29d248a)
• Fix IDTokenCredentials update bug (#​1072) (b62c25c)
• make expiration_time optional in response schema (#​1091) (032fb8d)
• refactor credential subclass parameters (#​1095) (8d15f69)

v2.9.1

Compare Source

Bug Fixes

• there was a raise missing for throwing exceptions (#​1077) (d1f17b0)

v2.9.0

Compare Source

Features

• pluggable auth support (#​1045) (de14f4e)

v2.8.0

Compare Source

Features

• add experimental GDCH support (#​1044) (94fb5e2)

v2.7.0

Compare Source

Features

• add experimental enterprise cert support (#​1052) (dda7dda)
• add experimental GDCH support (#​1022) (5367aac)
• Pluggable auth support (#​995) (62daa73)

Bug Fixes

• validate urls for external accounts (#​1031) (61b1f15)

Reverts

• pluggable auth support #​995 (#​1039) (513d999)
• revert experimental GDCH support (#​1022) (#​1042) (c720995)

Documentation

• fix changelog header to consistent size (#​1046) (e64d084)

v2.6.6

Compare Source

Bug Fixes

• silence TypeError during tear down stage (#​1027) (952a6aa)

v2.6.5

Compare Source

Bug Fixes

• add additional missing import in _default.py (#​1018) (638331b)

v2.6.4

Compare Source

Bug Fixes

• fix missing import in _default.py (#​1015) (63f4e38)

v2.6.3

Compare Source

Bug Fixes

• change requests lib import place (#​1010) (c753c08)
• clean up HTTP session and pool during tear down phase (#​1007) (d057376)
• pin click version and update sys test creds (#​1008) (ae2804b)

v2.6.2

Compare Source

Bug Fixes

• Rename aws imdsv2 url field and update token lifetime (#​982) (818e6d2)

Miscellaneous Chores

• let release-please finish the release (#​991) (d2bdc9a)

[v2.6.0](https://redirect.github.com/googleapis/google-auth-library-p

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: src/google_sheets/pyproject.toml

Post-upgrade command 'uv sync' has not been added to the allowed list in allowedPostUpgradeCommands