Sourced from google-auth's releases.

v2.39.0

2.39.0 (2025-04-14)

Features

• Adds GA support for X.509 workload identity federation (#1695) (7495960)

Bug Fixes

• Add impersonated SA via local ADC support for fetch_id_token (#1740) (f249764)
• Add missing packaging dependency for feature requiring urllib3 (#1732) (221f4a8)
• Add request timeout for MDS requests (#1699) (9f7d3fa)
• Explicitly declare support for Python 3.13 (#1741) (6fd04d5)

v2.38.0

2.38.0 (2025-01-23)

Features

• Adding domain-wide delegation flow in impersonated credential (#1624) (34ee3fe)

Documentation

• Add warnings regarding consuming externally sourced credentials (d049370)

v2.37.0

2.37.0 (2024-12-11)

Features

• Allow users to use jwk keys for verifying ID token (#1641) (98c3ed9)

v2.36.1

2.36.1 (2024-11-08)

Bug Fixes

• Improve user guide for Impersonation and SA (#1627) (656307d)

v2.36.0

2.36.0 (2024-10-30)

Features

... (truncated)

Sourced from google-auth's changelog.

2.39.0 (2025-04-14)

Features

• Adds GA support for X.509 workload identity federation (#1695) (7495960)

Bug Fixes

• Add impersonated SA via local ADC support for fetch_id_token (#1740) (f249764)
• Add missing packaging dependency for feature requiring urllib3 (#1732) (221f4a8)
• Add request timeout for MDS requests (#1699) (9f7d3fa)
• Explicitly declare support for Python 3.13 (#1741) (6fd04d5)

2.38.0 (2025-01-23)

Features

• Adding domain-wide delegation flow in impersonated credential (#1624) (34ee3fe)

Documentation

• Add warnings regarding consuming externally sourced credentials (d049370)

2.37.0 (2024-12-11)

Features

• Allow users to use jwk keys for verifying ID token (#1641) (98c3ed9)

2.36.1 (2024-11-08)

Bug Fixes

• Improve user guide for Impersonation and SA (#1627) (656307d)

2.36.0 (2024-10-30)

Features

• IAM signblob retries (#1600) (484c8db)
• Making iam endpoint universe-aware (#1604) (16c728d)
• Support External Account Authorized User as a Source Credential for impersonated credentials in ADC (#1608) (875796c)

... (truncated)

• ee1c7d3 chore(main): release 2.39.0 (#1705)
• f1ef5d4 chore: update secret for tests (#1749)
• f249764 fix: add impersonated SA via local ADC support for fetch_id_token (#1740)
• 6fd04d5 fix: explicitly declare support for Python 3.13 (#1741)
• 83d2e0f chore: Allow googleapis-auth and aion-sdk to approve samples/ (#1746)
• f89188a chore(python): update templated files (#1709)
• a8f806e chore: add testing requirements extra (#1707)
• 59e0b38 chore: update secret for tests (#1742)
• 221f4a8 fix: add missing packaging dependency for feature requiring urllib3 (#1732)
• 9f7d3fa fix: add request timeout for MDS requests (#1699)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)