Sourced from google-auth's releases.

v2.49.0.dev0

2.49.0-dev0 (2026-01-26)

Bug Fixes

• remove deprecated rsa dependency (e98cf69284d3620619a70b54fb0b9533caf11878)

google-auth 2.48.0

2.48.0 (2026-01-21)

Features

• honor NO_GCE_CHECK environment variable (#1610) (383c9827)

• add configurable GCE Metadata Server retries (#1488) (454b441b)

• add cryptography as required dependency (#1929) (52558ae2)

• Support the mTLS IAM domain for Certificate based Access (#1938) (8dcf91a1)

Bug Fixes

• resolve circular imports (#1942) (25c1b064)

• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a240)

• removes content-header from AWS IMDS get request (#1934) (97bfea9e)

• detect correct auth when ADC env var is set but empty (#1374) (bfc07e10)

• replace deprecated utcfromtimestamp (#1799) (e431f20c)

v2.48.0rc0

2.48.0rc0 (2026-01-20)

Features

• honor NO_GCE_CHECK environment variable (#1610) (383c98)
• add configurable GCE Metadata Server retries (#1488) (454b44)
• support mTLS IAM domain for Certificate based Access (#1938) (8dcf91)
• add cryptography as required dependency (#1929) (52558a)

Bug Fixes

• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a2)
• replace deprecated utcfromtimestamp (#1799) (e431f2)
• detect correct auth when ADC env var is set by empty (#1374) (bfc07e)
• removed content-header from AWS IMDS (#1934) (97bfea)

... (truncated)

Sourced from google-auth's changelog.

Changelog

PyPI History

2.48.0 (2026-01-22)

Features

• add cryptography as required dependency (#1929) (52558ae2881b1e6555f6f5c0d76365c15807ead9)
• Support the mTLS IAM domain for Certificate based Access (#1938) (8dcf91a1b05c85fbbd0bcee78d66e498099102ab)
• add configurable GCE Metadata Server retries (#1488) (454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37)
• honor NO_GCE_CHECK environment variable (#1610) (383c9827536d9376e8248370ce4c2b83e468d027)

Bug Fixes

• resolve circular imports (#1942) (25c1b064545702cbef087cfcd15fbbb6ef1af74f)
• removes content-header from AWS IMDS get request (#1934) (97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc)
• detect correct auth when ADC env var is set but empty (#1374) (bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2)
• replace deprecated utcfromtimestamp (#1799) (e431f20cf73ccac71926a23ec454468cea92e053)
• Use user_verification=preferred for ReAuth WebAuthn challenge (#1798) (3f88a24089c4ee6822d510de0db210b54260d873)

2.47.0 (2026-01-06)

Features

• drop cachetools dependency in favor of simple local implementation (#1590) (5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4)

Bug Fixes

• Python 3.8 support (#1918) (60dc20014a35ec4ba71e8065b9a33ecbdbeca97a)

2.46.0 (2026-01-05)

Documentation

• update urllib3 docstrings for v2 compatibility (#1903) (3f1aeea2d1014ea1d244a4c3470e52d74d55404b)

Features

• Recognize workload certificate config in has_default_client_cert_source for mTLS for Agentic Identities (#1907) (0b9107d573123e358c347ffa067637f992af61b4)

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)