Release/2.14.4

[mehmet-yoti]

Update protobuf to 4.21.12+ and modernize Python support

📋 Summary

This PR updates the protobuf library from 3.20.3 to >=4.21.12 and modernizes Python version support to align with current security standards and ecosystem best practices.

🔄 Changes Made

Core Dependencies

• Protobuf: Updated from 3.20.3 → >=4.21.12
  • Allows automatic updates within 4.x for security patches
  • Provides future compatibility while maintaining minimum version requirement
• Python Requirements: Updated to python_requires=">=3.9"

Python Version Support

• ✅ Supports: Python 3.9, 3.10, 3.11, 3.12

Files Modified

• setup.py: Updated protobuf version and Python classifiers
• requirements.in: Updated protobuf dependency
• requirements.txt: Regenerated with new protobuf version
• .github/workflows/sonar.yaml: Added protobuf compatibility environment variable
• .github/workflows/tests.yaml: Added protobuf compatibility environment variable

🚨 Breaking Changes

⚠️ This is a breaking change release

1 Protobuf Major Version: Upgraded from 3.x to 4.x

• Generally backward compatible for most use cases
• Performance improvements and enhanced security

🔍 Technical Details

Protobuf 4.21.12+ Benefits

• Security: Latest security patches and vulnerability fixes
• Performance: Improved memory usage and processing speed
• Compatibility: Better integration with modern Python versions
• Future-proof: Ongoing support and maintenance from Google

Python 3.9+ Modernization

• Security: Access to latest Python security updates
• Features: Enables use of modern Python language features
• Ecosystem: Aligns with current Python support lifecycle
• Performance: Better performance with newer Python versions

⚠️ Important Notes

Generated Protobuf Files

The existing protobuf generated files (*_pb2.py) in yoti_python_sdk/protobuf/ were created with an older protobuf compiler. While they continue to work with the environment variable workaround, they should ideally be regenerated with protoc >= 3.19.0 for optimal performance.

Recommended Testing Steps

1. Install with new protobuf version:

   pip install -e .[dev]

[saurabh-yoti]

Please update the version number to 2.14.4 here - #version.py

[saurabh-yoti]

Seems the SDK Is broken after the Protobuf upgrade. Tested with Digital ID example app (flask) and got an error. Part of the error:

File "/Users/bansalsa/Documents/Yoti-GitHub-Examples/yoti-python-sdk-release-2.14.4/examples/yoti_example_flask/.venv/lib/python3.12/site-packages/google/protobuf/descriptor.py", line 933, in __new__
    _message.Message._CheckCalledFromGeneratedFile()
TypeError: Descriptors cannot be created directly.
If this call came from a _pb2.py file, your generated code is out of date and must be regenerated with protoc >= 3.19.0.
If you cannot immediately regenerate your protos, some other possible workarounds are:
 1. Downgrade the protobuf package to 3.20.x or lower.
 2. Set PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python (but this will use pure-Python parsing and will be much slower).

[saurabh-yoti]

Looks good to me! Some tests are failing, so might need to update them before merging.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud